diff options
Diffstat (limited to 'bcpkix/src/main/java/org/bouncycastle/pkcs')
35 files changed, 0 insertions, 3904 deletions
diff --git a/bcpkix/src/main/java/org/bouncycastle/pkcs/MacDataGenerator.java b/bcpkix/src/main/java/org/bouncycastle/pkcs/MacDataGenerator.java deleted file mode 100644 index 7b9daa8..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/pkcs/MacDataGenerator.java +++ /dev/null @@ -1,49 +0,0 @@ -package org.bouncycastle.pkcs; - - -import java.io.IOException; -import java.io.OutputStream; - -import org.bouncycastle.asn1.pkcs.MacData; -import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.DigestInfo; -import org.bouncycastle.operator.MacCalculator; - -class MacDataGenerator -{ - private PKCS12MacCalculatorBuilder builder; - - MacDataGenerator(PKCS12MacCalculatorBuilder builder) - { - this.builder = builder; - } - - public MacData build(char[] password, byte[] data) - throws PKCSException - { - MacCalculator macCalculator; - - try - { - macCalculator = builder.build(password); - - OutputStream out = macCalculator.getOutputStream(); - - out.write(data); - - out.close(); - } - catch (Exception e) - { - throw new PKCSException("unable to process data: " + e.getMessage(), e); - } - - AlgorithmIdentifier algId = macCalculator.getAlgorithmIdentifier(); - - DigestInfo dInfo = new DigestInfo(builder.getDigestAlgorithmIdentifier(), macCalculator.getMac()); - PKCS12PBEParams params = PKCS12PBEParams.getInstance(algId.getParameters()); - - return new MacData(dInfo, params.getIV(), params.getIterations().intValue()); - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/pkcs/PKCS10CertificationRequest.java b/bcpkix/src/main/java/org/bouncycastle/pkcs/PKCS10CertificationRequest.java deleted file mode 100644 index 88e430d..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/pkcs/PKCS10CertificationRequest.java +++ /dev/null @@ -1,236 +0,0 @@ -package org.bouncycastle.pkcs; - -import java.io.IOException; -import java.io.OutputStream; -import java.util.ArrayList; -import java.util.List; - -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.pkcs.Attribute; -import org.bouncycastle.asn1.pkcs.CertificationRequest; -import org.bouncycastle.asn1.pkcs.CertificationRequestInfo; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.operator.ContentVerifier; -import org.bouncycastle.operator.ContentVerifierProvider; - -/** - * Holding class for a PKCS#10 certification request. - */ -public class PKCS10CertificationRequest -{ - private static Attribute[] EMPTY_ARRAY = new Attribute[0]; - - private CertificationRequest certificationRequest; - - private static CertificationRequest parseBytes(byte[] encoding) - throws IOException - { - try - { - return CertificationRequest.getInstance(ASN1Primitive.fromByteArray(encoding)); - } - catch (ClassCastException e) - { - throw new PKCSIOException("malformed data: " + e.getMessage(), e); - } - catch (IllegalArgumentException e) - { - throw new PKCSIOException("malformed data: " + e.getMessage(), e); - } - } - - /** - * Create a PKCS10CertificationRequestHolder from an underlying ASN.1 structure. - * - * @param certificationRequest the underlying ASN.1 structure representing a request. - */ - public PKCS10CertificationRequest(CertificationRequest certificationRequest) - { - this.certificationRequest = certificationRequest; - } - - /** - * Create a PKCS10CertificationRequestHolder from the passed in bytes. - * - * @param encoded BER/DER encoding of the CertificationRequest structure. - * @throws IOException in the event of corrupted data, or an incorrect structure. - */ - public PKCS10CertificationRequest(byte[] encoded) - throws IOException - { - this(parseBytes(encoded)); - } - - /** - * Return the underlying ASN.1 structure for this request. - * - * @return a CertificateRequest object. - */ - public CertificationRequest toASN1Structure() - { - return certificationRequest; - } - - /** - * Return the subject on this request. - * - * @return the X500Name representing the request's subject. - */ - public X500Name getSubject() - { - return X500Name.getInstance(certificationRequest.getCertificationRequestInfo().getSubject()); - } - - /** - * Return the details of the signature algorithm used to create this request. - * - * @return the AlgorithmIdentifier describing the signature algorithm used to create this request. - */ - public AlgorithmIdentifier getSignatureAlgorithm() - { - return certificationRequest.getSignatureAlgorithm(); - } - - /** - * Return the bytes making up the signature associated with this request. - * - * @return the request signature bytes. - */ - public byte[] getSignature() - { - return certificationRequest.getSignature().getBytes(); - } - - /** - * Return the SubjectPublicKeyInfo describing the public key this request is carrying. - * - * @return the public key ASN.1 structure contained in the request. - */ - public SubjectPublicKeyInfo getSubjectPublicKeyInfo() - { - return certificationRequest.getCertificationRequestInfo().getSubjectPublicKeyInfo(); - } - - /** - * Return the attributes, if any associated with this request. - * - * @return an array of Attribute, zero length if none present. - */ - public Attribute[] getAttributes() - { - ASN1Set attrSet = certificationRequest.getCertificationRequestInfo().getAttributes(); - - if (attrSet == null) - { - return EMPTY_ARRAY; - } - - Attribute[] attrs = new Attribute[attrSet.size()]; - - for (int i = 0; i != attrSet.size(); i++) - { - attrs[i] = Attribute.getInstance(attrSet.getObjectAt(i)); - } - - return attrs; - } - - /** - * Return an array of attributes matching the passed in type OID. - * - * @param type the type of the attribute being looked for. - * @return an array of Attribute of the requested type, zero length if none present. - */ - public Attribute[] getAttributes(ASN1ObjectIdentifier type) - { - ASN1Set attrSet = certificationRequest.getCertificationRequestInfo().getAttributes(); - - if (attrSet == null) - { - return EMPTY_ARRAY; - } - - List list = new ArrayList(); - - for (int i = 0; i != attrSet.size(); i++) - { - Attribute attr = Attribute.getInstance(attrSet.getObjectAt(i)); - if (attr.getAttrType().equals(type)) - { - list.add(attr); - } - } - - if (list.size() == 0) - { - return EMPTY_ARRAY; - } - - return (Attribute[])list.toArray(new Attribute[list.size()]); - } - - public byte[] getEncoded() - throws IOException - { - return certificationRequest.getEncoded(); - } - - /** - * Validate the signature on the PKCS10 certification request in this holder. - * - * @param verifierProvider a ContentVerifierProvider that can generate a verifier for the signature. - * @return true if the signature is valid, false otherwise. - * @throws PKCSException if the signature cannot be processed or is inappropriate. - */ - public boolean isSignatureValid(ContentVerifierProvider verifierProvider) - throws PKCSException - { - CertificationRequestInfo requestInfo = certificationRequest.getCertificationRequestInfo(); - - ContentVerifier verifier; - - try - { - verifier = verifierProvider.get(certificationRequest.getSignatureAlgorithm()); - - OutputStream sOut = verifier.getOutputStream(); - - sOut.write(requestInfo.getEncoded(ASN1Encoding.DER)); - - sOut.close(); - } - catch (Exception e) - { - throw new PKCSException("unable to process signature: " + e.getMessage(), e); - } - - return verifier.verify(certificationRequest.getSignature().getBytes()); - } - - public boolean equals(Object o) - { - if (o == this) - { - return true; - } - - if (!(o instanceof PKCS10CertificationRequest)) - { - return false; - } - - PKCS10CertificationRequest other = (PKCS10CertificationRequest)o; - - return this.toASN1Structure().equals(other.toASN1Structure()); - } - - public int hashCode() - { - return this.toASN1Structure().hashCode(); - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/pkcs/PKCS10CertificationRequestBuilder.java b/bcpkix/src/main/java/org/bouncycastle/pkcs/PKCS10CertificationRequestBuilder.java deleted file mode 100644 index 851e697..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/pkcs/PKCS10CertificationRequestBuilder.java +++ /dev/null @@ -1,156 +0,0 @@ -package org.bouncycastle.pkcs; - -import java.io.IOException; -import java.io.OutputStream; -import java.util.ArrayList; -import java.util.Iterator; -import java.util.List; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.pkcs.Attribute; -import org.bouncycastle.asn1.pkcs.CertificationRequest; -import org.bouncycastle.asn1.pkcs.CertificationRequestInfo; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.operator.ContentSigner; - -/** - * A class for creating PKCS#10 Certification requests. - * <pre> - * CertificationRequest ::= SEQUENCE { - * certificationRequestInfo CertificationRequestInfo, - * signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }}, - * signature BIT STRING - * } - * - * CertificationRequestInfo ::= SEQUENCE { - * version INTEGER { v1(0) } (v1,...), - * subject Name, - * subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }}, - * attributes [0] Attributes{{ CRIAttributes }} - * } - * - * Attributes { ATTRIBUTE:IOSet } ::= SET OF Attribute{{ IOSet }} - * - * Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE { - * type ATTRIBUTE.&id({IOSet}), - * values SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{\@type}) - * } - * </pre> - */ -public class PKCS10CertificationRequestBuilder -{ - private SubjectPublicKeyInfo publicKeyInfo; - private X500Name subject; - private List attributes = new ArrayList(); - private boolean leaveOffEmpty = false; - - /** - * Basic constructor. - * - * @param subject the X.500 Name defining the certificate subject this request is for. - * @param publicKeyInfo the info structure for the public key to be associated with this subject. - */ - public PKCS10CertificationRequestBuilder(X500Name subject, SubjectPublicKeyInfo publicKeyInfo) - { - this.subject = subject; - this.publicKeyInfo = publicKeyInfo; - } - - /** - * Add an attribute to the certification request we are building. - * - * @param attrType the OID giving the type of the attribute. - * @param attrValue the ASN.1 structure that forms the value of the attribute. - * @return this builder object. - */ - public PKCS10CertificationRequestBuilder addAttribute(ASN1ObjectIdentifier attrType, ASN1Encodable attrValue) - { - attributes.add(new Attribute(attrType, new DERSet(attrValue))); - - return this; - } - - /** - * Add an attribute with multiple values to the certification request we are building. - * - * @param attrType the OID giving the type of the attribute. - * @param attrValues an array of ASN.1 structures that form the value of the attribute. - * @return this builder object. - */ - public PKCS10CertificationRequestBuilder addAttribute(ASN1ObjectIdentifier attrType, ASN1Encodable[] attrValues) - { - attributes.add(new Attribute(attrType, new DERSet(attrValues))); - - return this; - } - - /** - * The attributes field in PKCS10 should encoded to an empty tagged set if there are - * no attributes. Some CAs will reject requests with the attribute field present. - * - * @param leaveOffEmpty true if empty attributes should be left out of the encoding false otherwise. - * @return this builder object. - */ - public PKCS10CertificationRequestBuilder setLeaveOffEmptyAttributes(boolean leaveOffEmpty) - { - this.leaveOffEmpty = leaveOffEmpty; - - return this; - } - - /** - * Generate an PKCS#10 request based on the past in signer. - * - * @param signer the content signer to be used to generate the signature validating the certificate. - * @return a holder containing the resulting PKCS#10 certification request. - */ - public PKCS10CertificationRequest build( - ContentSigner signer) - { - CertificationRequestInfo info; - - if (attributes.isEmpty()) - { - if (leaveOffEmpty) - { - info = new CertificationRequestInfo(subject, publicKeyInfo, null); - } - else - { - info = new CertificationRequestInfo(subject, publicKeyInfo, new DERSet()); - } - } - else - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - for (Iterator it = attributes.iterator(); it.hasNext();) - { - v.add(Attribute.getInstance(it.next())); - } - - info = new CertificationRequestInfo(subject, publicKeyInfo, new DERSet(v)); - } - - try - { - OutputStream sOut = signer.getOutputStream(); - - sOut.write(info.getEncoded(ASN1Encoding.DER)); - - sOut.close(); - - return new PKCS10CertificationRequest(new CertificationRequest(info, signer.getAlgorithmIdentifier(), new DERBitString(signer.getSignature()))); - } - catch (IOException e) - { - throw new IllegalStateException("cannot produce certification request signature"); - } - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/pkcs/PKCS12MacCalculatorBuilder.java b/bcpkix/src/main/java/org/bouncycastle/pkcs/PKCS12MacCalculatorBuilder.java deleted file mode 100644 index 7f159c6..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/pkcs/PKCS12MacCalculatorBuilder.java +++ /dev/null @@ -1,13 +0,0 @@ -package org.bouncycastle.pkcs; - -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.operator.MacCalculator; -import org.bouncycastle.operator.OperatorCreationException; - -public interface PKCS12MacCalculatorBuilder -{ - MacCalculator build(char[] password) - throws OperatorCreationException; - - AlgorithmIdentifier getDigestAlgorithmIdentifier(); -} diff --git a/bcpkix/src/main/java/org/bouncycastle/pkcs/PKCS12MacCalculatorBuilderProvider.java b/bcpkix/src/main/java/org/bouncycastle/pkcs/PKCS12MacCalculatorBuilderProvider.java deleted file mode 100644 index c262ac1..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/pkcs/PKCS12MacCalculatorBuilderProvider.java +++ /dev/null @@ -1,8 +0,0 @@ -package org.bouncycastle.pkcs; - -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public interface PKCS12MacCalculatorBuilderProvider -{ - PKCS12MacCalculatorBuilder get(AlgorithmIdentifier algorithmIdentifier); -} diff --git a/bcpkix/src/main/java/org/bouncycastle/pkcs/PKCS12PfxPdu.java b/bcpkix/src/main/java/org/bouncycastle/pkcs/PKCS12PfxPdu.java deleted file mode 100644 index e39025b..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/pkcs/PKCS12PfxPdu.java +++ /dev/null @@ -1,161 +0,0 @@ -package org.bouncycastle.pkcs; - -import java.io.IOException; - -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.pkcs.ContentInfo; -import org.bouncycastle.asn1.pkcs.MacData; -import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; -import org.bouncycastle.asn1.pkcs.Pfx; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cert.CertIOException; -import org.bouncycastle.util.Arrays; - -/** - * A holding class for the PKCS12 Pfx structure. - */ -public class PKCS12PfxPdu -{ - private Pfx pfx; - - private static Pfx parseBytes(byte[] pfxEncoding) - throws IOException - { - try - { - return Pfx.getInstance(ASN1Primitive.fromByteArray(pfxEncoding)); - } - catch (ClassCastException e) - { - throw new CertIOException("malformed data: " + e.getMessage(), e); - } - catch (IllegalArgumentException e) - { - throw new CertIOException("malformed data: " + e.getMessage(), e); - } - } - - public PKCS12PfxPdu(Pfx pfx) - { - this.pfx = pfx; - } - - public PKCS12PfxPdu(byte[] pfx) - throws IOException - { - this(parseBytes(pfx)); - } - - /** - * Return the content infos in the AuthenticatedSafe contained in this Pfx. - * - * @return an array of ContentInfo. - */ - public ContentInfo[] getContentInfos() - { - ASN1Sequence seq = ASN1Sequence.getInstance(ASN1OctetString.getInstance(this.pfx.getAuthSafe().getContent()).getOctets()); - ContentInfo[] content = new ContentInfo[seq.size()]; - - for (int i = 0; i != seq.size(); i++) - { - content[i] = ContentInfo.getInstance(seq.getObjectAt(i)); - } - - return content; - } - - /** - * Return whether or not there is MAC attached to this file. - * - * @return true if there is, false otherwise. - */ - public boolean hasMac() - { - return pfx.getMacData() != null; - } - - /** - * Return the algorithm identifier describing the MAC algorithm - * - * @return the AlgorithmIdentifier representing the MAC algorithm, null if none present. - */ - public AlgorithmIdentifier getMacAlgorithmID() - { - MacData md = pfx.getMacData(); - - if (md != null) - { - return md.getMac().getAlgorithmId(); - } - - return null; - } - - /** - * Verify the MacData attached to the PFX is consistent with what is expected. - * - * @param macCalcProviderBuilder provider builder for the calculator for the MAC - * @param password password to use - * @return true if mac data is valid, false otherwise. - * @throws PKCSException if there is a problem evaluating the MAC. - * @throws IllegalStateException if no MAC is actually present - */ - public boolean isMacValid(PKCS12MacCalculatorBuilderProvider macCalcProviderBuilder, char[] password) - throws PKCSException - { - if (hasMac()) - { - MacData pfxmData = pfx.getMacData(); - MacDataGenerator mdGen = new MacDataGenerator(macCalcProviderBuilder.get(new AlgorithmIdentifier(pfxmData.getMac().getAlgorithmId().getAlgorithm(), new PKCS12PBEParams(pfxmData.getSalt(), pfxmData.getIterationCount().intValue())))); - - try - { - MacData mData = mdGen.build( - password, - ASN1OctetString.getInstance(pfx.getAuthSafe().getContent()).getOctets()); - - return Arrays.constantTimeAreEqual(mData.getEncoded(), pfx.getMacData().getEncoded()); - } - catch (IOException e) - { - throw new PKCSException("unable to process AuthSafe: " + e.getMessage()); - } - } - - throw new IllegalStateException("no MAC present on PFX"); - } - - /** - * Return the underlying ASN.1 object. - * - * @return a Pfx object. - */ - public Pfx toASN1Structure() - { - return pfx; - } - - public byte[] getEncoded() - throws IOException - { - return toASN1Structure().getEncoded(); - } - - /** - * Return a Pfx with the outer wrapper encoded as asked for. For example, Pfx is a usually - * a BER encoded object, to get one with DefiniteLength encoding use: - * <pre> - * getEncoded(ASN1Encoding.DL) - * </pre> - * @param encoding encoding style (ASN1Encoding.DER, ASN1Encoding.DL, ASN1Encoding.BER) - * @return a byte array containing the encoded object. - * @throws IOException - */ - public byte[] getEncoded(String encoding) - throws IOException - { - return toASN1Structure().getEncoded(encoding); - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/pkcs/PKCS12PfxPduBuilder.java b/bcpkix/src/main/java/org/bouncycastle/pkcs/PKCS12PfxPduBuilder.java deleted file mode 100644 index 563ca04..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/pkcs/PKCS12PfxPduBuilder.java +++ /dev/null @@ -1,179 +0,0 @@ -package org.bouncycastle.pkcs; - -import java.io.IOException; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DLSequence; -import org.bouncycastle.asn1.pkcs.AuthenticatedSafe; -import org.bouncycastle.asn1.pkcs.ContentInfo; -import org.bouncycastle.asn1.pkcs.MacData; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.Pfx; -import org.bouncycastle.cms.CMSEncryptedDataGenerator; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.cms.CMSProcessableByteArray; -import org.bouncycastle.operator.OutputEncryptor; - -/** - * A builder for the PKCS#12 Pfx key and certificate store. - * <p> - * For example: you can build a basic key store for the user owning privKey as follows: - * </p> - * <pre> - * X509Certificate[] chain = .... - * PublicKey pubKey = .... - * PrivateKey privKey = .... - * JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils(); - * - * PKCS12SafeBagBuilder taCertBagBuilder = new JcaPKCS12SafeBagBuilder(chain[2]); - * - * taCertBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString("Bouncy Primary Certificate")); - * - * PKCS12SafeBagBuilder caCertBagBuilder = new JcaPKCS12SafeBagBuilder(chain[1]); - * - * caCertBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString("Bouncy Intermediate Certificate")); - * - * PKCS12SafeBagBuilder eeCertBagBuilder = new JcaPKCS12SafeBagBuilder(chain[0]); - * - * eeCertBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString("Eric's Key")); - * eeCertBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, extUtils.createSubjectKeyIdentifier(pubKey)); - * - * PKCS12SafeBagBuilder keyBagBuilder = new JcaPKCS12SafeBagBuilder(privKey, new BcPKCS12PBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, new CBCBlockCipher(new DESedeEngine())).build(passwd)); - * - * keyBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString("Eric's Key")); - * keyBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, extUtils.createSubjectKeyIdentifier(pubKey)); - * - * // - * // construct the actual key store - * // - * PKCS12PfxPduBuilder pfxPduBuilder = new PKCS12PfxPduBuilder(); - * - * PKCS12SafeBag[] certs = new PKCS12SafeBag[3]; - * - * certs[0] = eeCertBagBuilder.build(); - * certs[1] = caCertBagBuilder.build(); - * certs[2] = taCertBagBuilder.build(); - * - * pfxPduBuilder.addEncryptedData(new BcPKCS12PBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC2_CBC, new CBCBlockCipher(new RC2Engine())).build(passwd), certs); - * - * pfxPduBuilder.addData(keyBagBuilder.build()); - * - * PKCS12PfxPdu pfx = pfxPduBuilder.build(new BcPKCS12MacCalculatorBuilder(), passwd); - * </pre> - * - */ -public class PKCS12PfxPduBuilder -{ - private ASN1EncodableVector dataVector = new ASN1EncodableVector(); - - /** - * Add a SafeBag that is to be included as is. - * - * @param data the SafeBag to add. - * @return this builder. - * @throws IOException - */ - public PKCS12PfxPduBuilder addData(PKCS12SafeBag data) - throws IOException - { - dataVector.add(new ContentInfo(PKCSObjectIdentifiers.data, new DEROctetString(new DLSequence(data.toASN1Structure()).getEncoded()))); - - return this; - } - - /** - * Add a SafeBag that is to be wrapped in a EncryptedData object. - * - * @param dataEncryptor the encryptor to use for encoding the data. - * @param data the SafeBag to include. - * @return this builder. - * @throws IOException if a issue occurs processing the data. - */ - public PKCS12PfxPduBuilder addEncryptedData(OutputEncryptor dataEncryptor, PKCS12SafeBag data) - throws IOException - { - return addEncryptedData(dataEncryptor, new DERSequence(data.toASN1Structure())); - } - - /** - * Add a set of SafeBags that are to be wrapped in a EncryptedData object. - * - * @param dataEncryptor the encryptor to use for encoding the data. - * @param data the SafeBags to include. - * @return this builder. - * @throws IOException if a issue occurs processing the data. - */ - public PKCS12PfxPduBuilder addEncryptedData(OutputEncryptor dataEncryptor, PKCS12SafeBag[] data) - throws IOException - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - for (int i = 0; i != data.length; i++) - { - v.add(data[i].toASN1Structure()); - } - - return addEncryptedData(dataEncryptor, new DLSequence(v)); - } - - private PKCS12PfxPduBuilder addEncryptedData(OutputEncryptor dataEncryptor, ASN1Sequence data) - throws IOException - { - CMSEncryptedDataGenerator envGen = new CMSEncryptedDataGenerator(); - - try - { - dataVector.add(envGen.generate(new CMSProcessableByteArray(data.getEncoded()), dataEncryptor).toASN1Structure()); - } - catch (CMSException e) - { - throw new PKCSIOException(e.getMessage(), e.getCause()); - } - - return this; - } - - /** - * Build the Pfx structure, protecting it with a MAC calculated against the passed in password. - * - * @param macCalcBuilder a builder for a PKCS12 mac calculator. - * @param password the password to use. - * @return a Pfx object. - * @throws PKCSException on a encoding or processing error. - */ - public PKCS12PfxPdu build(PKCS12MacCalculatorBuilder macCalcBuilder, char[] password) - throws PKCSException - { - AuthenticatedSafe auth = AuthenticatedSafe.getInstance(new DLSequence(dataVector)); - byte[] encAuth; - - try - { - encAuth = auth.getEncoded(); - } - catch (IOException e) - { - throw new PKCSException("unable to encode AuthenticatedSafe: " + e.getMessage(), e); - } - - ContentInfo mainInfo = new ContentInfo(PKCSObjectIdentifiers.data, new DEROctetString(encAuth)); - MacData mData = null; - - if (macCalcBuilder != null) - { - MacDataGenerator mdGen = new MacDataGenerator(macCalcBuilder); - - mData = mdGen.build(password, encAuth); - } - - // - // output the Pfx - // - Pfx pfx = new Pfx(mainInfo, mData); - - return new PKCS12PfxPdu(pfx); - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/pkcs/PKCS12SafeBag.java b/bcpkix/src/main/java/org/bouncycastle/pkcs/PKCS12SafeBag.java deleted file mode 100644 index 6f053ba..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/pkcs/PKCS12SafeBag.java +++ /dev/null @@ -1,93 +0,0 @@ -package org.bouncycastle.pkcs; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.pkcs.Attribute; -import org.bouncycastle.asn1.pkcs.CRLBag; -import org.bouncycastle.asn1.pkcs.CertBag; -import org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.pkcs.SafeBag; -import org.bouncycastle.asn1.x509.Certificate; -import org.bouncycastle.asn1.x509.CertificateList; -import org.bouncycastle.cert.X509CRLHolder; -import org.bouncycastle.cert.X509CertificateHolder; - -public class PKCS12SafeBag -{ - public static final ASN1ObjectIdentifier friendlyNameAttribute = PKCSObjectIdentifiers.pkcs_9_at_friendlyName; - public static final ASN1ObjectIdentifier localKeyIdAttribute = PKCSObjectIdentifiers.pkcs_9_at_localKeyId; - - private SafeBag safeBag; - - public PKCS12SafeBag(SafeBag safeBag) - { - this.safeBag = safeBag; - } - - /** - * Return the underlying ASN.1 structure for this safe bag. - * - * @return a SafeBag - */ - public SafeBag toASN1Structure() - { - return safeBag; - } - - /** - * Return the BagId giving the type of content in the bag. - * - * @return the bagId - */ - public ASN1ObjectIdentifier getType() - { - return safeBag.getBagId(); - } - - public Attribute[] getAttributes() - { - ASN1Set attrs = safeBag.getBagAttributes(); - - if (attrs == null) - { - return null; - } - - Attribute[] attributes = new Attribute[attrs.size()]; - for (int i = 0; i != attrs.size(); i++) - { - attributes[i] = Attribute.getInstance(attrs.getObjectAt(i)); - } - - return attributes; - } - - public Object getBagValue() - { - if (getType().equals(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag)) - { - return new PKCS8EncryptedPrivateKeyInfo(EncryptedPrivateKeyInfo.getInstance(safeBag.getBagValue())); - } - if (getType().equals(PKCSObjectIdentifiers.certBag)) - { - CertBag certBag = CertBag.getInstance(safeBag.getBagValue()); - - return new X509CertificateHolder(Certificate.getInstance(ASN1OctetString.getInstance(certBag.getCertValue()).getOctets())); - } - if (getType().equals(PKCSObjectIdentifiers.keyBag)) - { - return PrivateKeyInfo.getInstance(safeBag.getBagValue()); - } - if (getType().equals(PKCSObjectIdentifiers.crlBag)) - { - CRLBag crlBag = CRLBag.getInstance(safeBag.getBagValue()); - - return new X509CRLHolder(CertificateList.getInstance(ASN1OctetString.getInstance(crlBag.getCRLValue()).getOctets())); - } - - return safeBag.getBagValue(); - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/pkcs/PKCS12SafeBagBuilder.java b/bcpkix/src/main/java/org/bouncycastle/pkcs/PKCS12SafeBagBuilder.java deleted file mode 100644 index 1e3a262..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/pkcs/PKCS12SafeBagBuilder.java +++ /dev/null @@ -1,76 +0,0 @@ -package org.bouncycastle.pkcs; - -import java.io.IOException; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.pkcs.Attribute; -import org.bouncycastle.asn1.pkcs.CertBag; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.pkcs.SafeBag; -import org.bouncycastle.asn1.x509.Certificate; -import org.bouncycastle.asn1.x509.CertificateList; -import org.bouncycastle.cert.X509CRLHolder; -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.operator.OutputEncryptor; - -public class PKCS12SafeBagBuilder -{ - private ASN1ObjectIdentifier bagType; - private ASN1Encodable bagValue; - private ASN1EncodableVector bagAttrs = new ASN1EncodableVector(); - - public PKCS12SafeBagBuilder(PrivateKeyInfo privateKeyInfo, OutputEncryptor encryptor) - { - this.bagType = PKCSObjectIdentifiers.pkcs8ShroudedKeyBag; - this.bagValue = new PKCS8EncryptedPrivateKeyInfoBuilder(privateKeyInfo).build(encryptor).toASN1Structure(); - } - - public PKCS12SafeBagBuilder(PrivateKeyInfo privateKeyInfo) - { - this.bagType = PKCSObjectIdentifiers.keyBag; - this.bagValue = privateKeyInfo; - } - - public PKCS12SafeBagBuilder(X509CertificateHolder certificate) - throws IOException - { - this(certificate.toASN1Structure()); - } - - public PKCS12SafeBagBuilder(X509CRLHolder crl) - throws IOException - { - this(crl.toASN1Structure()); - } - - public PKCS12SafeBagBuilder(Certificate certificate) - throws IOException - { - this.bagType = PKCSObjectIdentifiers.certBag; - this.bagValue = new CertBag(PKCSObjectIdentifiers.x509Certificate, new DEROctetString(certificate.getEncoded())); - } - - public PKCS12SafeBagBuilder(CertificateList crl) - throws IOException - { - this.bagType = PKCSObjectIdentifiers.crlBag; - this.bagValue = new CertBag(PKCSObjectIdentifiers.x509Crl, new DEROctetString(crl.getEncoded())); - } - - public PKCS12SafeBagBuilder addBagAttribute(ASN1ObjectIdentifier attrType, ASN1Encodable attrValue) - { - bagAttrs.add(new Attribute(attrType, new DERSet(attrValue))); - - return this; - } - - public PKCS12SafeBag build() - { - return new PKCS12SafeBag(new SafeBag(bagType, bagValue, new DERSet(bagAttrs))); - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/pkcs/PKCS12SafeBagFactory.java b/bcpkix/src/main/java/org/bouncycastle/pkcs/PKCS12SafeBagFactory.java deleted file mode 100644 index 2773855..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/pkcs/PKCS12SafeBagFactory.java +++ /dev/null @@ -1,58 +0,0 @@ -package org.bouncycastle.pkcs; - -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.pkcs.ContentInfo; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.SafeBag; -import org.bouncycastle.cms.CMSEncryptedData; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.operator.InputDecryptorProvider; - -public class PKCS12SafeBagFactory -{ - private ASN1Sequence safeBagSeq; - - public PKCS12SafeBagFactory(ContentInfo info) - { - if (info.getContentType().equals(PKCSObjectIdentifiers.encryptedData)) - { - throw new IllegalArgumentException("encryptedData requires constructor with decryptor."); - } - - this.safeBagSeq = ASN1Sequence.getInstance(ASN1OctetString.getInstance(info.getContent()).getOctets()); - } - - public PKCS12SafeBagFactory(ContentInfo info, InputDecryptorProvider inputDecryptorProvider) - throws PKCSException - { - if (info.getContentType().equals(PKCSObjectIdentifiers.encryptedData)) - { - CMSEncryptedData encData = new CMSEncryptedData(org.bouncycastle.asn1.cms.ContentInfo.getInstance(info)); - - try - { - this.safeBagSeq = ASN1Sequence.getInstance(encData.getContent(inputDecryptorProvider)); - } - catch (CMSException e) - { - throw new PKCSException("unable to extract data: " + e.getMessage(), e); - } - return; - } - - throw new IllegalArgumentException("encryptedData requires constructor with decryptor."); - } - - public PKCS12SafeBag[] getSafeBags() - { - PKCS12SafeBag[] safeBags = new PKCS12SafeBag[safeBagSeq.size()]; - - for (int i = 0; i != safeBagSeq.size(); i++) - { - safeBags[i] = new PKCS12SafeBag(SafeBag.getInstance(safeBagSeq.getObjectAt(i))); - } - - return safeBags; - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/pkcs/PKCS8EncryptedPrivateKeyInfo.java b/bcpkix/src/main/java/org/bouncycastle/pkcs/PKCS8EncryptedPrivateKeyInfo.java deleted file mode 100644 index 37f1ed8..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/pkcs/PKCS8EncryptedPrivateKeyInfo.java +++ /dev/null @@ -1,76 +0,0 @@ -package org.bouncycastle.pkcs; - -import java.io.ByteArrayInputStream; -import java.io.IOException; - -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.cert.CertIOException; -import org.bouncycastle.operator.InputDecryptor; -import org.bouncycastle.operator.InputDecryptorProvider; -import org.bouncycastle.util.io.Streams; - -/** - * Holding class for a PKCS#8 EncryptedPrivateKeyInfo structure. - */ -public class PKCS8EncryptedPrivateKeyInfo -{ - private EncryptedPrivateKeyInfo encryptedPrivateKeyInfo; - - private static EncryptedPrivateKeyInfo parseBytes(byte[] pkcs8Encoding) - throws IOException - { - try - { - return EncryptedPrivateKeyInfo.getInstance(ASN1Primitive.fromByteArray(pkcs8Encoding)); - } - catch (ClassCastException e) - { - throw new CertIOException("malformed data: " + e.getMessage(), e); - } - catch (IllegalArgumentException e) - { - throw new CertIOException("malformed data: " + e.getMessage(), e); - } - } - - public PKCS8EncryptedPrivateKeyInfo(EncryptedPrivateKeyInfo encryptedPrivateKeyInfo) - { - this.encryptedPrivateKeyInfo = encryptedPrivateKeyInfo; - } - - public PKCS8EncryptedPrivateKeyInfo(byte[] encryptedPrivateKeyInfo) - throws IOException - { - this(parseBytes(encryptedPrivateKeyInfo)); - } - - public EncryptedPrivateKeyInfo toASN1Structure() - { - return encryptedPrivateKeyInfo; - } - - public byte[] getEncoded() - throws IOException - { - return encryptedPrivateKeyInfo.getEncoded(); - } - - public PrivateKeyInfo decryptPrivateKeyInfo(InputDecryptorProvider inputDecryptorProvider) - throws PKCSException - { - try - { - InputDecryptor decrytor = inputDecryptorProvider.get(encryptedPrivateKeyInfo.getEncryptionAlgorithm()); - - ByteArrayInputStream encIn = new ByteArrayInputStream(encryptedPrivateKeyInfo.getEncryptedData()); - - return PrivateKeyInfo.getInstance(Streams.readAll(decrytor.getInputStream(encIn))); - } - catch (Exception e) - { - throw new PKCSException("unable to read encrypted data: " + e.getMessage(), e); - } - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/pkcs/PKCS8EncryptedPrivateKeyInfoBuilder.java b/bcpkix/src/main/java/org/bouncycastle/pkcs/PKCS8EncryptedPrivateKeyInfoBuilder.java deleted file mode 100644 index 653aa57..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/pkcs/PKCS8EncryptedPrivateKeyInfoBuilder.java +++ /dev/null @@ -1,54 +0,0 @@ -package org.bouncycastle.pkcs; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.OutputStream; - -import org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.operator.OutputEncryptor; - -/** - * A class for creating EncryptedPrivateKeyInfo structures. - * <pre> - * EncryptedPrivateKeyInfo ::= SEQUENCE { - * encryptionAlgorithm AlgorithmIdentifier {{KeyEncryptionAlgorithms}}, - * encryptedData EncryptedData - * } - * - * EncryptedData ::= OCTET STRING - * - * KeyEncryptionAlgorithms ALGORITHM-IDENTIFIER ::= { - * ... -- For local profiles - * } - * </pre> - */ -public class PKCS8EncryptedPrivateKeyInfoBuilder -{ - private PrivateKeyInfo privateKeyInfo; - - public PKCS8EncryptedPrivateKeyInfoBuilder(PrivateKeyInfo privateKeyInfo) - { - this.privateKeyInfo = privateKeyInfo; - } - - public PKCS8EncryptedPrivateKeyInfo build( - OutputEncryptor encryptor) - { - try - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - OutputStream cOut = encryptor.getOutputStream(bOut); - - cOut.write(privateKeyInfo.getEncoded()); - - cOut.close(); - - return new PKCS8EncryptedPrivateKeyInfo(new EncryptedPrivateKeyInfo(encryptor.getAlgorithmIdentifier(), bOut.toByteArray())); - } - catch (IOException e) - { - throw new IllegalStateException("cannot encode privateKeyInfo"); - } - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/pkcs/PKCSException.java b/bcpkix/src/main/java/org/bouncycastle/pkcs/PKCSException.java deleted file mode 100644 index 8ee6f6f..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/pkcs/PKCSException.java +++ /dev/null @@ -1,27 +0,0 @@ -package org.bouncycastle.pkcs; - -/** - * General checked Exception thrown in the cert package and its sub-packages. - */ -public class PKCSException - extends Exception -{ - private Throwable cause; - - public PKCSException(String msg, Throwable cause) - { - super(msg); - - this.cause = cause; - } - - public PKCSException(String msg) - { - super(msg); - } - - public Throwable getCause() - { - return cause; - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/pkcs/PKCSIOException.java b/bcpkix/src/main/java/org/bouncycastle/pkcs/PKCSIOException.java deleted file mode 100644 index c34f739..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/pkcs/PKCSIOException.java +++ /dev/null @@ -1,29 +0,0 @@ -package org.bouncycastle.pkcs; - -import java.io.IOException; - -/** - * General IOException thrown in the cert package and its sub-packages. - */ -public class PKCSIOException - extends IOException -{ - private Throwable cause; - - public PKCSIOException(String msg, Throwable cause) - { - super(msg); - - this.cause = cause; - } - - public PKCSIOException(String msg) - { - super(msg); - } - - public Throwable getCause() - { - return cause; - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/pkcs/bc/BcPKCS10CertificationRequest.java b/bcpkix/src/main/java/org/bouncycastle/pkcs/bc/BcPKCS10CertificationRequest.java deleted file mode 100644 index 99c337c..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/pkcs/bc/BcPKCS10CertificationRequest.java +++ /dev/null @@ -1,42 +0,0 @@ -package org.bouncycastle.pkcs.bc; - -import java.io.IOException; - -import org.bouncycastle.asn1.pkcs.CertificationRequest; -import org.bouncycastle.crypto.params.AsymmetricKeyParameter; -import org.bouncycastle.crypto.util.PublicKeyFactory; -import org.bouncycastle.pkcs.PKCS10CertificationRequest; -import org.bouncycastle.pkcs.PKCSException; - -public class BcPKCS10CertificationRequest - extends PKCS10CertificationRequest -{ - public BcPKCS10CertificationRequest(CertificationRequest certificationRequest) - { - super(certificationRequest); - } - - public BcPKCS10CertificationRequest(byte[] encoding) - throws IOException - { - super(encoding); - } - - public BcPKCS10CertificationRequest(PKCS10CertificationRequest requestHolder) - { - super(requestHolder.toASN1Structure()); - } - - public AsymmetricKeyParameter getPublicKey() - throws PKCSException - { - try - { - return PublicKeyFactory.createKey(this.getSubjectPublicKeyInfo()); - } - catch (IOException e) - { - throw new PKCSException("error extracting key encoding: " + e.getMessage(), e); - } - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/pkcs/bc/BcPKCS10CertificationRequestBuilder.java b/bcpkix/src/main/java/org/bouncycastle/pkcs/bc/BcPKCS10CertificationRequestBuilder.java deleted file mode 100644 index 04b0fc6..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/pkcs/bc/BcPKCS10CertificationRequestBuilder.java +++ /dev/null @@ -1,28 +0,0 @@ -package org.bouncycastle.pkcs.bc; - -import java.io.IOException; - -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.crypto.params.AsymmetricKeyParameter; -import org.bouncycastle.crypto.util.SubjectPublicKeyInfoFactory; -import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder; - -/** - * Extension of the PKCS#10 builder to support AsymmetricKey objects. - */ -public class BcPKCS10CertificationRequestBuilder - extends PKCS10CertificationRequestBuilder -{ - /** - * Create a PKCS#10 builder for the passed in subject and JCA public key. - * - * @param subject an X500Name containing the subject associated with the request we are building. - * @param publicKey a JCA public key that is to be associated with the request we are building. - * @throws IOException if there is a problem encoding the public key. - */ - public BcPKCS10CertificationRequestBuilder(X500Name subject, AsymmetricKeyParameter publicKey) - throws IOException - { - super(subject, SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(publicKey)); - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/pkcs/bc/BcPKCS12MacCalculatorBuilder.java b/bcpkix/src/main/java/org/bouncycastle/pkcs/bc/BcPKCS12MacCalculatorBuilder.java deleted file mode 100644 index b942079..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/pkcs/bc/BcPKCS12MacCalculatorBuilder.java +++ /dev/null @@ -1,61 +0,0 @@ -package org.bouncycastle.pkcs.bc; - -import java.security.SecureRandom; - -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.crypto.ExtendedDigest; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.operator.MacCalculator; -import org.bouncycastle.pkcs.PKCS12MacCalculatorBuilder; - -public class BcPKCS12MacCalculatorBuilder - implements PKCS12MacCalculatorBuilder -{ - private ExtendedDigest digest; - private AlgorithmIdentifier algorithmIdentifier; - - private SecureRandom random; - private int saltLength; - private int iterationCount = 1024; - - public BcPKCS12MacCalculatorBuilder() - { - this(new SHA1Digest(), new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.INSTANCE)); - } - - public BcPKCS12MacCalculatorBuilder(ExtendedDigest digest, AlgorithmIdentifier algorithmIdentifier) - { - this.digest = digest; - this.algorithmIdentifier = algorithmIdentifier; - this.saltLength = digest.getDigestSize(); - } - - public BcPKCS12MacCalculatorBuilder setIterationCount(int iterationCount) - { - this.iterationCount = iterationCount; - - return this; - } - - public AlgorithmIdentifier getDigestAlgorithmIdentifier() - { - return algorithmIdentifier; - } - - public MacCalculator build(final char[] password) - { - if (random == null) - { - random = new SecureRandom(); - } - - byte[] salt = new byte[saltLength]; - - random.nextBytes(salt); - - return PKCS12PBEUtils.createMacCalculator(algorithmIdentifier.getAlgorithm(), digest, new PKCS12PBEParams(salt, iterationCount), password); - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/pkcs/bc/BcPKCS12MacCalculatorBuilderProvider.java b/bcpkix/src/main/java/org/bouncycastle/pkcs/bc/BcPKCS12MacCalculatorBuilderProvider.java deleted file mode 100644 index d6f9230..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/pkcs/bc/BcPKCS12MacCalculatorBuilderProvider.java +++ /dev/null @@ -1,40 +0,0 @@ -package org.bouncycastle.pkcs.bc; - -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.operator.MacCalculator; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.operator.bc.BcDigestProvider; -import org.bouncycastle.pkcs.PKCS12MacCalculatorBuilder; -import org.bouncycastle.pkcs.PKCS12MacCalculatorBuilderProvider; - -public class BcPKCS12MacCalculatorBuilderProvider - implements PKCS12MacCalculatorBuilderProvider -{ - private BcDigestProvider digestProvider; - - public BcPKCS12MacCalculatorBuilderProvider(BcDigestProvider digestProvider) - { - this.digestProvider = digestProvider; - } - - public PKCS12MacCalculatorBuilder get(final AlgorithmIdentifier algorithmIdentifier) - { - return new PKCS12MacCalculatorBuilder() - { - public MacCalculator build(final char[] password) - throws OperatorCreationException - { - PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algorithmIdentifier.getParameters()); - - return PKCS12PBEUtils.createMacCalculator(algorithmIdentifier.getAlgorithm(), digestProvider.get(algorithmIdentifier), pbeParams, password); - } - - public AlgorithmIdentifier getDigestAlgorithmIdentifier() - { - return new AlgorithmIdentifier(algorithmIdentifier.getAlgorithm(), DERNull.INSTANCE); - } - }; - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/pkcs/bc/BcPKCS12PBEInputDecryptorProviderBuilder.java b/bcpkix/src/main/java/org/bouncycastle/pkcs/bc/BcPKCS12PBEInputDecryptorProviderBuilder.java deleted file mode 100644 index e578fd5..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/pkcs/bc/BcPKCS12PBEInputDecryptorProviderBuilder.java +++ /dev/null @@ -1,66 +0,0 @@ -package org.bouncycastle.pkcs.bc; - -import java.io.InputStream; - -import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.ExtendedDigest; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator; -import org.bouncycastle.crypto.io.CipherInputStream; -import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher; -import org.bouncycastle.operator.GenericKey; -import org.bouncycastle.operator.InputDecryptor; -import org.bouncycastle.operator.InputDecryptorProvider; - -public class BcPKCS12PBEInputDecryptorProviderBuilder -{ - private ExtendedDigest digest; - - public BcPKCS12PBEInputDecryptorProviderBuilder() - { - this(new SHA1Digest()); - } - - public BcPKCS12PBEInputDecryptorProviderBuilder(ExtendedDigest digest) - { - this.digest = digest; - } - - public InputDecryptorProvider build(final char[] password) - { - return new InputDecryptorProvider() - { - public InputDecryptor get(final AlgorithmIdentifier algorithmIdentifier) - { - final PaddedBufferedBlockCipher engine = PKCS12PBEUtils.getEngine(algorithmIdentifier.getAlgorithm()); - - PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algorithmIdentifier.getParameters()); - - CipherParameters params = PKCS12PBEUtils.createCipherParameters(algorithmIdentifier.getAlgorithm(), digest, engine.getBlockSize(), pbeParams, password); - - engine.init(false, params); - - return new InputDecryptor() - { - public AlgorithmIdentifier getAlgorithmIdentifier() - { - return algorithmIdentifier; - } - - public InputStream getInputStream(InputStream input) - { - return new CipherInputStream(input, engine); - } - - public GenericKey getKey() - { - return new GenericKey(PKCS12ParametersGenerator.PKCS12PasswordToBytes(password)); - } - }; - } - }; - - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/pkcs/bc/BcPKCS12PBEOutputEncryptorBuilder.java b/bcpkix/src/main/java/org/bouncycastle/pkcs/bc/BcPKCS12PBEOutputEncryptorBuilder.java deleted file mode 100644 index f7f4a7e..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/pkcs/bc/BcPKCS12PBEOutputEncryptorBuilder.java +++ /dev/null @@ -1,83 +0,0 @@ -package org.bouncycastle.pkcs.bc; - -import java.io.OutputStream; -import java.security.SecureRandom; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.BufferedBlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.ExtendedDigest; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator; -import org.bouncycastle.crypto.io.CipherOutputStream; -import org.bouncycastle.crypto.paddings.PKCS7Padding; -import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher; -import org.bouncycastle.operator.GenericKey; -import org.bouncycastle.operator.OutputEncryptor; - -public class BcPKCS12PBEOutputEncryptorBuilder -{ - private ExtendedDigest digest; - - private BufferedBlockCipher engine; - private ASN1ObjectIdentifier algorithm; - private SecureRandom random; - private int iterationCount = 1024; - - public BcPKCS12PBEOutputEncryptorBuilder(ASN1ObjectIdentifier algorithm, BlockCipher engine) - { - this(algorithm, engine, new SHA1Digest()); - } - - public BcPKCS12PBEOutputEncryptorBuilder(ASN1ObjectIdentifier algorithm, BlockCipher engine, ExtendedDigest pbeDigest) - { - this.algorithm = algorithm; - this.engine = new PaddedBufferedBlockCipher(engine, new PKCS7Padding()); - this.digest = pbeDigest; - } - - public BcPKCS12PBEOutputEncryptorBuilder setIterationCount(int iterationCount) - { - this.iterationCount = iterationCount; - return this; - } - - public OutputEncryptor build(final char[] password) - { - if (random == null) - { - random = new SecureRandom(); - } - - final byte[] salt = new byte[20]; - - random.nextBytes(salt); - - final PKCS12PBEParams pbeParams = new PKCS12PBEParams(salt, iterationCount); - - CipherParameters params = PKCS12PBEUtils.createCipherParameters(algorithm, digest, engine.getBlockSize(), pbeParams, password); - - engine.init(true, params); - - return new OutputEncryptor() - { - public AlgorithmIdentifier getAlgorithmIdentifier() - { - return new AlgorithmIdentifier(algorithm, pbeParams); - } - - public OutputStream getOutputStream(OutputStream out) - { - return new CipherOutputStream(out, engine); - } - - public GenericKey getKey() - { - return new GenericKey(new AlgorithmIdentifier(algorithm, pbeParams), PKCS12ParametersGenerator.PKCS12PasswordToBytes(password)); - } - }; - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/pkcs/bc/PKCS12PBEUtils.java b/bcpkix/src/main/java/org/bouncycastle/pkcs/bc/PKCS12PBEUtils.java deleted file mode 100644 index 2edce23..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/pkcs/bc/PKCS12PBEUtils.java +++ /dev/null @@ -1,153 +0,0 @@ -package org.bouncycastle.pkcs.bc; - -import java.io.OutputStream; -import java.util.HashMap; -import java.util.HashSet; -import java.util.Map; -import java.util.Set; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.ExtendedDigest; -import org.bouncycastle.crypto.engines.DESedeEngine; -import org.bouncycastle.crypto.engines.RC2Engine; -import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator; -import org.bouncycastle.crypto.io.MacOutputStream; -import org.bouncycastle.crypto.macs.HMac; -import org.bouncycastle.crypto.modes.CBCBlockCipher; -import org.bouncycastle.crypto.paddings.PKCS7Padding; -import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher; -import org.bouncycastle.crypto.params.DESedeParameters; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; -import org.bouncycastle.operator.GenericKey; -import org.bouncycastle.operator.MacCalculator; -import org.bouncycastle.util.Integers; - -class PKCS12PBEUtils -{ - private static Map keySizes = new HashMap(); - private static Set noIvAlgs = new HashSet(); - private static Set desAlgs = new HashSet(); - - static - { - keySizes.put(PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC4, Integers.valueOf(128)); - keySizes.put(PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC4, Integers.valueOf(40)); - keySizes.put(PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, Integers.valueOf(192)); - keySizes.put(PKCSObjectIdentifiers.pbeWithSHAAnd2_KeyTripleDES_CBC, Integers.valueOf(128)); - keySizes.put(PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC2_CBC, Integers.valueOf(128)); - keySizes.put(PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC2_CBC, Integers.valueOf(40)); - - noIvAlgs.add(PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC4); - noIvAlgs.add(PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC4); - - desAlgs.add(PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC); - desAlgs.add(PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC); - } - - static int getKeySize(ASN1ObjectIdentifier algorithm) - { - return ((Integer)keySizes.get(algorithm)).intValue(); - } - - static boolean hasNoIv(ASN1ObjectIdentifier algorithm) - { - return noIvAlgs.contains(algorithm); - } - - static boolean isDesAlg(ASN1ObjectIdentifier algorithm) - { - return desAlgs.contains(algorithm); - } - - static PaddedBufferedBlockCipher getEngine(ASN1ObjectIdentifier algorithm) - { - BlockCipher engine; - - if (algorithm.equals(PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC) - || algorithm.equals(PKCSObjectIdentifiers.pbeWithSHAAnd2_KeyTripleDES_CBC)) - { - engine = new DESedeEngine(); - } - else if (algorithm.equals(PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC2_CBC) - || algorithm.equals(PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC2_CBC)) - { - engine = new RC2Engine(); - } - else - { - throw new IllegalStateException("unknown algorithm"); - } - - return new PaddedBufferedBlockCipher(new CBCBlockCipher(engine), new PKCS7Padding()); - } - - static MacCalculator createMacCalculator(final ASN1ObjectIdentifier digestAlgorithm, ExtendedDigest digest, final PKCS12PBEParams pbeParams, final char[] password) - { - PKCS12ParametersGenerator pGen = new PKCS12ParametersGenerator(digest); - - pGen.init(PKCS12ParametersGenerator.PKCS12PasswordToBytes(password), pbeParams.getIV(), pbeParams.getIterations().intValue()); - - final KeyParameter keyParam = (KeyParameter)pGen.generateDerivedMacParameters(digest.getDigestSize() * 8); - - final HMac hMac = new HMac(digest); - - hMac.init(keyParam); - - return new MacCalculator() - { - public AlgorithmIdentifier getAlgorithmIdentifier() - { - return new AlgorithmIdentifier(digestAlgorithm, pbeParams); - } - - public OutputStream getOutputStream() - { - return new MacOutputStream(hMac); - } - - public byte[] getMac() - { - byte[] res = new byte[hMac.getMacSize()]; - - hMac.doFinal(res, 0); - - return res; - } - - public GenericKey getKey() - { - return new GenericKey(getAlgorithmIdentifier(), PKCS12ParametersGenerator.PKCS12PasswordToBytes(password)); - } - }; - } - - static CipherParameters createCipherParameters(ASN1ObjectIdentifier algorithm, ExtendedDigest digest, int blockSize, PKCS12PBEParams pbeParams, char[] password) - { - PKCS12ParametersGenerator pGen = new PKCS12ParametersGenerator(digest); - - pGen.init(PKCS12ParametersGenerator.PKCS12PasswordToBytes(password), pbeParams.getIV(), pbeParams.getIterations().intValue()); - - CipherParameters params; - - if (PKCS12PBEUtils.hasNoIv(algorithm)) - { - params = pGen.generateDerivedParameters(PKCS12PBEUtils.getKeySize(algorithm)); - } - else - { - params = pGen.generateDerivedParameters(PKCS12PBEUtils.getKeySize(algorithm), blockSize * 8); - - if (PKCS12PBEUtils.isDesAlg(algorithm)) - { - DESedeParameters.setOddParity(((KeyParameter)((ParametersWithIV)params).getParameters()).getKey()); - } - } - return params; - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/pkcs/jcajce/JcaPKCS10CertificationRequest.java b/bcpkix/src/main/java/org/bouncycastle/pkcs/jcajce/JcaPKCS10CertificationRequest.java deleted file mode 100644 index db57d0f..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/pkcs/jcajce/JcaPKCS10CertificationRequest.java +++ /dev/null @@ -1,115 +0,0 @@ -package org.bouncycastle.pkcs.jcajce; - -import java.io.IOException; -import java.security.InvalidKeyException; -import java.security.KeyFactory; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.Provider; -import java.security.PublicKey; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.X509EncodedKeySpec; -import java.util.Hashtable; - -import org.bouncycastle.asn1.pkcs.CertificationRequest; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.jcajce.util.DefaultJcaJceHelper; -import org.bouncycastle.jcajce.util.JcaJceHelper; -import org.bouncycastle.jcajce.util.NamedJcaJceHelper; -import org.bouncycastle.jcajce.util.ProviderJcaJceHelper; -import org.bouncycastle.pkcs.PKCS10CertificationRequest; - -public class JcaPKCS10CertificationRequest - extends PKCS10CertificationRequest -{ - private static Hashtable keyAlgorithms = new Hashtable(); - - static - { - // - // key types - // - keyAlgorithms.put(PKCSObjectIdentifiers.rsaEncryption, "RSA"); - keyAlgorithms.put(X9ObjectIdentifiers.id_dsa, "DSA"); - } - - private JcaJceHelper helper = new DefaultJcaJceHelper(); - - public JcaPKCS10CertificationRequest(CertificationRequest certificationRequest) - { - super(certificationRequest); - } - - public JcaPKCS10CertificationRequest(byte[] encoding) - throws IOException - { - super(encoding); - } - - public JcaPKCS10CertificationRequest(PKCS10CertificationRequest requestHolder) - { - super(requestHolder.toASN1Structure()); - } - - public JcaPKCS10CertificationRequest setProvider(String providerName) - { - helper = new NamedJcaJceHelper(providerName); - - return this; - } - - public JcaPKCS10CertificationRequest setProvider(Provider provider) - { - helper = new ProviderJcaJceHelper(provider); - - return this; - } - - public PublicKey getPublicKey() - throws InvalidKeyException, NoSuchAlgorithmException - { - try - { - SubjectPublicKeyInfo keyInfo = this.getSubjectPublicKeyInfo(); - X509EncodedKeySpec xspec = new X509EncodedKeySpec(keyInfo.getEncoded()); - KeyFactory kFact; - - try - { - kFact = helper.createKeyFactory(keyInfo.getAlgorithm().getAlgorithm().getId()); - } - catch (NoSuchAlgorithmException e) - { - // - // try an alternate - // - if (keyAlgorithms.get(keyInfo.getAlgorithm().getAlgorithm()) != null) - { - String keyAlgorithm = (String)keyAlgorithms.get(keyInfo.getAlgorithm().getAlgorithm()); - - kFact = helper.createKeyFactory(keyAlgorithm); - } - else - { - throw e; - } - } - - return kFact.generatePublic(xspec); - } - catch (InvalidKeySpecException e) - { - throw new InvalidKeyException("error decoding public key"); - } - catch (IOException e) - { - throw new InvalidKeyException("error extracting key encoding"); - } - catch (NoSuchProviderException e) - { - throw new NoSuchAlgorithmException("cannot find provider: " + e.getMessage()); - } - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/pkcs/jcajce/JcaPKCS10CertificationRequestBuilder.java b/bcpkix/src/main/java/org/bouncycastle/pkcs/jcajce/JcaPKCS10CertificationRequestBuilder.java deleted file mode 100644 index 5466e5f..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/pkcs/jcajce/JcaPKCS10CertificationRequestBuilder.java +++ /dev/null @@ -1,38 +0,0 @@ -package org.bouncycastle.pkcs.jcajce; - -import java.security.PublicKey; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder; - -/** - * Extension of the PKCS#10 builder to support PublicKey and X500Principal objects. - */ -public class JcaPKCS10CertificationRequestBuilder - extends PKCS10CertificationRequestBuilder -{ - /** - * Create a PKCS#10 builder for the passed in subject and JCA public key. - * - * @param subject an X500Name containing the subject associated with the request we are building. - * @param publicKey a JCA public key that is to be associated with the request we are building. - */ - public JcaPKCS10CertificationRequestBuilder(X500Name subject, PublicKey publicKey) - { - super(subject, SubjectPublicKeyInfo.getInstance(publicKey.getEncoded())); - } - - /** - * Create a PKCS#10 builder for the passed in subject and JCA public key. - * - * @param subject an X500Principal containing the subject associated with the request we are building. - * @param publicKey a JCA public key that is to be associated with the request we are building. - */ - public JcaPKCS10CertificationRequestBuilder(X500Principal subject, PublicKey publicKey) - { - super(X500Name.getInstance(subject.getEncoded()), SubjectPublicKeyInfo.getInstance(publicKey.getEncoded())); - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/pkcs/jcajce/JcaPKCS12SafeBagBuilder.java b/bcpkix/src/main/java/org/bouncycastle/pkcs/jcajce/JcaPKCS12SafeBagBuilder.java deleted file mode 100644 index 0af510c..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/pkcs/jcajce/JcaPKCS12SafeBagBuilder.java +++ /dev/null @@ -1,45 +0,0 @@ -package org.bouncycastle.pkcs.jcajce; - -import java.io.IOException; -import java.security.PrivateKey; -import java.security.cert.CertificateEncodingException; -import java.security.cert.X509Certificate; - -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x509.Certificate; -import org.bouncycastle.operator.OutputEncryptor; -import org.bouncycastle.pkcs.PKCS12SafeBagBuilder; -import org.bouncycastle.pkcs.PKCSIOException; - -public class JcaPKCS12SafeBagBuilder - extends PKCS12SafeBagBuilder -{ - public JcaPKCS12SafeBagBuilder(X509Certificate certificate) - throws IOException - { - super(convertCert(certificate)); - } - - private static Certificate convertCert(X509Certificate certificate) - throws IOException - { - try - { - return Certificate.getInstance(certificate.getEncoded()); - } - catch (CertificateEncodingException e) - { - throw new PKCSIOException("cannot encode certificate: " + e.getMessage(), e); - } - } - - public JcaPKCS12SafeBagBuilder(PrivateKey privateKey, OutputEncryptor encryptor) - { - super(PrivateKeyInfo.getInstance(privateKey.getEncoded()), encryptor); - } - - public JcaPKCS12SafeBagBuilder(PrivateKey privateKey) - { - super(PrivateKeyInfo.getInstance(privateKey.getEncoded())); - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/pkcs/jcajce/JcaPKCS8EncryptedPrivateKeyInfoBuilder.java b/bcpkix/src/main/java/org/bouncycastle/pkcs/jcajce/JcaPKCS8EncryptedPrivateKeyInfoBuilder.java deleted file mode 100644 index 691288d..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/pkcs/jcajce/JcaPKCS8EncryptedPrivateKeyInfoBuilder.java +++ /dev/null @@ -1,15 +0,0 @@ -package org.bouncycastle.pkcs.jcajce; - -import java.security.PrivateKey; - -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfoBuilder; - -public class JcaPKCS8EncryptedPrivateKeyInfoBuilder - extends PKCS8EncryptedPrivateKeyInfoBuilder -{ - public JcaPKCS8EncryptedPrivateKeyInfoBuilder(PrivateKey privateKey) - { - super(PrivateKeyInfo.getInstance(privateKey.getEncoded())); - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/pkcs/jcajce/JcePKCS12MacCalculatorBuilder.java b/bcpkix/src/main/java/org/bouncycastle/pkcs/jcajce/JcePKCS12MacCalculatorBuilder.java deleted file mode 100644 index f04dc85..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/pkcs/jcajce/JcePKCS12MacCalculatorBuilder.java +++ /dev/null @@ -1,129 +0,0 @@ -package org.bouncycastle.pkcs.jcajce; - -import java.io.OutputStream; -import java.security.Provider; -import java.security.SecureRandom; - -import javax.crypto.Mac; -import javax.crypto.SecretKey; -import javax.crypto.SecretKeyFactory; -import javax.crypto.spec.PBEKeySpec; -import javax.crypto.spec.PBEParameterSpec; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.crypto.ExtendedDigest; -import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator; -import org.bouncycastle.jcajce.io.MacOutputStream; -import org.bouncycastle.jcajce.util.DefaultJcaJceHelper; -import org.bouncycastle.jcajce.util.JcaJceHelper; -import org.bouncycastle.jcajce.util.NamedJcaJceHelper; -import org.bouncycastle.jcajce.util.ProviderJcaJceHelper; -import org.bouncycastle.operator.GenericKey; -import org.bouncycastle.operator.MacCalculator; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.pkcs.PKCS12MacCalculatorBuilder; - -public class JcePKCS12MacCalculatorBuilder - implements PKCS12MacCalculatorBuilder -{ - private JcaJceHelper helper = new DefaultJcaJceHelper(); - private ExtendedDigest digest; - private ASN1ObjectIdentifier algorithm; - - private SecureRandom random; - private int saltLength; - private int iterationCount = 1024; - - public JcePKCS12MacCalculatorBuilder() - { - this(OIWObjectIdentifiers.idSHA1); - } - - public JcePKCS12MacCalculatorBuilder(ASN1ObjectIdentifier hashAlgorithm) - { - this.algorithm = hashAlgorithm; - } - - public JcePKCS12MacCalculatorBuilder setProvider(Provider provider) - { - this.helper = new ProviderJcaJceHelper(provider); - - return this; - } - - public JcePKCS12MacCalculatorBuilder setProvider(String providerName) - { - this.helper = new NamedJcaJceHelper(providerName); - - return this; - } - - public JcePKCS12MacCalculatorBuilder setIterationCount(int iterationCount) - { - this.iterationCount = iterationCount; - - return this; - } - - public AlgorithmIdentifier getDigestAlgorithmIdentifier() - { - return new AlgorithmIdentifier(algorithm, DERNull.INSTANCE); - } - - public MacCalculator build(final char[] password) - throws OperatorCreationException - { - if (random == null) - { - random = new SecureRandom(); - } - - try - { - final Mac mac = helper.createMac(algorithm.getId()); - - saltLength = mac.getMacLength(); - final byte[] salt = new byte[saltLength]; - - random.nextBytes(salt); - - SecretKeyFactory keyFact = helper.createSecretKeyFactory(algorithm.getId()); - PBEParameterSpec defParams = new PBEParameterSpec(salt, iterationCount); - PBEKeySpec pbeSpec = new PBEKeySpec(password); - SecretKey key = keyFact.generateSecret(pbeSpec); - - mac.init(key, defParams); - - return new MacCalculator() - { - public AlgorithmIdentifier getAlgorithmIdentifier() - { - return new AlgorithmIdentifier(algorithm, new PKCS12PBEParams(salt, iterationCount)); - } - - public OutputStream getOutputStream() - { - return new MacOutputStream(mac); - } - - public byte[] getMac() - { - return mac.doFinal(); - } - - public GenericKey getKey() - { - return new GenericKey(getAlgorithmIdentifier(), PKCS12ParametersGenerator.PKCS12PasswordToBytes(password)); - } - }; - } - catch (Exception e) - { - throw new OperatorCreationException("unable to create MAC calculator: " + e.getMessage(), e); - } - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/pkcs/jcajce/JcePKCS12MacCalculatorBuilderProvider.java b/bcpkix/src/main/java/org/bouncycastle/pkcs/jcajce/JcePKCS12MacCalculatorBuilderProvider.java deleted file mode 100644 index ca666d1..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/pkcs/jcajce/JcePKCS12MacCalculatorBuilderProvider.java +++ /dev/null @@ -1,108 +0,0 @@ -package org.bouncycastle.pkcs.jcajce; - -import java.io.OutputStream; -import java.security.Provider; - -import javax.crypto.Mac; -import javax.crypto.SecretKey; -import javax.crypto.SecretKeyFactory; -import javax.crypto.spec.PBEKeySpec; -import javax.crypto.spec.PBEParameterSpec; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator; -import org.bouncycastle.jcajce.io.MacOutputStream; -import org.bouncycastle.jcajce.util.DefaultJcaJceHelper; -import org.bouncycastle.jcajce.util.JcaJceHelper; -import org.bouncycastle.jcajce.util.NamedJcaJceHelper; -import org.bouncycastle.jcajce.util.ProviderJcaJceHelper; -import org.bouncycastle.operator.GenericKey; -import org.bouncycastle.operator.MacCalculator; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.pkcs.PKCS12MacCalculatorBuilder; -import org.bouncycastle.pkcs.PKCS12MacCalculatorBuilderProvider; - -public class JcePKCS12MacCalculatorBuilderProvider - implements PKCS12MacCalculatorBuilderProvider -{ - private JcaJceHelper helper = new DefaultJcaJceHelper(); - - public JcePKCS12MacCalculatorBuilderProvider() - { - } - - public JcePKCS12MacCalculatorBuilderProvider setProvider(Provider provider) - { - this.helper = new ProviderJcaJceHelper(provider); - - return this; - } - - public JcePKCS12MacCalculatorBuilderProvider setProvider(String providerName) - { - this.helper = new NamedJcaJceHelper(providerName); - - return this; - } - - public PKCS12MacCalculatorBuilder get(final AlgorithmIdentifier algorithmIdentifier) - { - return new PKCS12MacCalculatorBuilder() - { - public MacCalculator build(final char[] password) - throws OperatorCreationException - { - final PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algorithmIdentifier.getParameters()); - - try - { - final ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm(); - - final Mac mac = helper.createMac(algorithm.getId()); - - SecretKeyFactory keyFact = helper.createSecretKeyFactory(algorithm.getId()); - PBEParameterSpec defParams = new PBEParameterSpec(pbeParams.getIV(), pbeParams.getIterations().intValue()); - PBEKeySpec pbeSpec = new PBEKeySpec(password); - SecretKey key = keyFact.generateSecret(pbeSpec); - - mac.init(key, defParams); - - return new MacCalculator() - { - public AlgorithmIdentifier getAlgorithmIdentifier() - { - return new AlgorithmIdentifier(algorithm, pbeParams); - } - - public OutputStream getOutputStream() - { - return new MacOutputStream(mac); - } - - public byte[] getMac() - { - return mac.doFinal(); - } - - public GenericKey getKey() - { - return new GenericKey(getAlgorithmIdentifier(), PKCS12ParametersGenerator.PKCS12PasswordToBytes(password)); - } - }; - } - catch (Exception e) - { - throw new OperatorCreationException("unable to create MAC calculator: " + e.getMessage(), e); - } - } - - public AlgorithmIdentifier getDigestAlgorithmIdentifier() - { - return new AlgorithmIdentifier(algorithmIdentifier.getAlgorithm(), DERNull.INSTANCE); - } - }; - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/pkcs/jcajce/JcePKCSPBEInputDecryptorProviderBuilder.java b/bcpkix/src/main/java/org/bouncycastle/pkcs/jcajce/JcePKCSPBEInputDecryptorProviderBuilder.java deleted file mode 100644 index 1b6d066..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/pkcs/jcajce/JcePKCSPBEInputDecryptorProviderBuilder.java +++ /dev/null @@ -1,177 +0,0 @@ -package org.bouncycastle.pkcs.jcajce; - -import java.io.InputStream; -import java.security.Provider; - -import javax.crypto.Cipher; -import javax.crypto.CipherInputStream; -import javax.crypto.SecretKey; -import javax.crypto.SecretKeyFactory; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.PBEKeySpec; -import javax.crypto.spec.PBEParameterSpec; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.cryptopro.GOST28147Parameters; -import org.bouncycastle.asn1.pkcs.PBES2Parameters; -import org.bouncycastle.asn1.pkcs.PBKDF2Params; -import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey; -import org.bouncycastle.jcajce.spec.GOST28147ParameterSpec; -import org.bouncycastle.jcajce.spec.PBKDF2KeySpec; -import org.bouncycastle.jcajce.util.DefaultJcaJceHelper; -import org.bouncycastle.jcajce.util.JcaJceHelper; -import org.bouncycastle.jcajce.util.NamedJcaJceHelper; -import org.bouncycastle.jcajce.util.ProviderJcaJceHelper; -import org.bouncycastle.operator.DefaultSecretKeySizeProvider; -import org.bouncycastle.operator.InputDecryptor; -import org.bouncycastle.operator.InputDecryptorProvider; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.operator.SecretKeySizeProvider; - -public class JcePKCSPBEInputDecryptorProviderBuilder -{ - private JcaJceHelper helper = new DefaultJcaJceHelper(); - private boolean wrongPKCS12Zero = false; - private SecretKeySizeProvider keySizeProvider = DefaultSecretKeySizeProvider.INSTANCE; - - public JcePKCSPBEInputDecryptorProviderBuilder() - { - } - - public JcePKCSPBEInputDecryptorProviderBuilder setProvider(Provider provider) - { - this.helper = new ProviderJcaJceHelper(provider); - - return this; - } - - public JcePKCSPBEInputDecryptorProviderBuilder setProvider(String providerName) - { - this.helper = new NamedJcaJceHelper(providerName); - - return this; - } - - public JcePKCSPBEInputDecryptorProviderBuilder setTryWrongPKCS12Zero(boolean tryWrong) - { - this.wrongPKCS12Zero = tryWrong; - - return this; - } - - /** - * Set the lookup provider of AlgorithmIdentifier returning key_size_in_bits used to - * handle PKCS5 decryption. - * - * @param keySizeProvider a provider of integer secret key sizes. - * - * @return the current builder. - */ - public JcePKCSPBEInputDecryptorProviderBuilder setKeySizeProvider(SecretKeySizeProvider keySizeProvider) - { - this.keySizeProvider = keySizeProvider; - - return this; - } - - public InputDecryptorProvider build(final char[] password) - { - return new InputDecryptorProvider() - { - private Cipher cipher; - private SecretKey key; - private AlgorithmIdentifier encryptionAlg; - - public InputDecryptor get(final AlgorithmIdentifier algorithmIdentifier) - throws OperatorCreationException - { - ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm(); - - try - { - if (algorithm.on(PKCSObjectIdentifiers.pkcs_12PbeIds)) - { - PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algorithmIdentifier.getParameters()); - - PBEKeySpec pbeSpec = new PBEKeySpec(password); - - SecretKeyFactory keyFact = helper.createSecretKeyFactory(algorithm.getId()); - - PBEParameterSpec defParams = new PBEParameterSpec( - pbeParams.getIV(), - pbeParams.getIterations().intValue()); - - key = keyFact.generateSecret(pbeSpec); - - if (key instanceof BCPBEKey) - { - ((BCPBEKey)key).setTryWrongPKCS12Zero(wrongPKCS12Zero); - } - - cipher = helper.createCipher(algorithm.getId()); - - cipher.init(Cipher.DECRYPT_MODE, key, defParams); - - encryptionAlg = algorithmIdentifier; - } - else if (algorithm.equals(PKCSObjectIdentifiers.id_PBES2)) - { - PBES2Parameters alg = PBES2Parameters.getInstance(algorithmIdentifier.getParameters()); - PBKDF2Params func = PBKDF2Params.getInstance(alg.getKeyDerivationFunc().getParameters()); - AlgorithmIdentifier encScheme = AlgorithmIdentifier.getInstance(alg.getEncryptionScheme()); - - SecretKeyFactory keyFact = helper.createSecretKeyFactory(alg.getKeyDerivationFunc().getAlgorithm().getId()); - - if (func.isDefaultPrf()) - { - key = keyFact.generateSecret(new PBEKeySpec(password, func.getSalt(), func.getIterationCount().intValue(), keySizeProvider.getKeySize(encScheme))); - } - else - { - key = keyFact.generateSecret(new PBKDF2KeySpec(password, func.getSalt(), func.getIterationCount().intValue(), keySizeProvider.getKeySize(encScheme), func.getPrf())); - } - - cipher = helper.createCipher(alg.getEncryptionScheme().getAlgorithm().getId()); - - encryptionAlg = AlgorithmIdentifier.getInstance(alg.getEncryptionScheme()); - - ASN1Encodable encParams = alg.getEncryptionScheme().getParameters(); - if (encParams instanceof ASN1OctetString) - { - cipher.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(ASN1OctetString.getInstance(encParams).getOctets())); - } - else - { - // TODO: at the moment it's just GOST, but... - GOST28147Parameters gParams = GOST28147Parameters.getInstance(encParams); - - cipher.init(Cipher.DECRYPT_MODE, key, new GOST28147ParameterSpec(gParams.getEncryptionParamSet(), gParams.getIV())); - } - } - } - catch (Exception e) - { - throw new OperatorCreationException("unable to create InputDecryptor: " + e.getMessage(), e); - } - - return new InputDecryptor() - { - public AlgorithmIdentifier getAlgorithmIdentifier() - { - return encryptionAlg; - } - - public InputStream getInputStream(InputStream input) - { - return new CipherInputStream(input, cipher); - } - }; - } - }; - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/pkcs/jcajce/JcePKCSPBEOutputEncryptorBuilder.java b/bcpkix/src/main/java/org/bouncycastle/pkcs/jcajce/JcePKCSPBEOutputEncryptorBuilder.java deleted file mode 100644 index 34a8883..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/pkcs/jcajce/JcePKCSPBEOutputEncryptorBuilder.java +++ /dev/null @@ -1,192 +0,0 @@ -package org.bouncycastle.pkcs.jcajce; - -import java.io.OutputStream; -import java.security.Provider; -import java.security.SecureRandom; - -import javax.crypto.Cipher; -import javax.crypto.CipherOutputStream; -import javax.crypto.SecretKey; -import javax.crypto.SecretKeyFactory; -import javax.crypto.spec.PBEKeySpec; -import javax.crypto.spec.PBEParameterSpec; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.bc.BCObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.EncryptionScheme; -import org.bouncycastle.asn1.pkcs.KeyDerivationFunc; -import org.bouncycastle.asn1.pkcs.PBES2Parameters; -import org.bouncycastle.asn1.pkcs.PBKDF2Params; -import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.crypto.PBEParametersGenerator; -import org.bouncycastle.jcajce.util.DefaultJcaJceHelper; -import org.bouncycastle.jcajce.util.JcaJceHelper; -import org.bouncycastle.jcajce.util.NamedJcaJceHelper; -import org.bouncycastle.jcajce.util.ProviderJcaJceHelper; -import org.bouncycastle.operator.DefaultSecretKeySizeProvider; -import org.bouncycastle.operator.GenericKey; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.operator.OutputEncryptor; -import org.bouncycastle.operator.SecretKeySizeProvider; - -public class JcePKCSPBEOutputEncryptorBuilder -{ - private JcaJceHelper helper = new DefaultJcaJceHelper(); - private ASN1ObjectIdentifier algorithm; - private ASN1ObjectIdentifier keyEncAlgorithm; - private SecureRandom random; - private SecretKeySizeProvider keySizeProvider = DefaultSecretKeySizeProvider.INSTANCE; - private int iterationCount = 1024; - - public JcePKCSPBEOutputEncryptorBuilder(ASN1ObjectIdentifier algorithm) - { - if (isPKCS12(algorithm)) - { - this.algorithm = algorithm; - this.keyEncAlgorithm = algorithm; - } - else - { - this.algorithm = PKCSObjectIdentifiers.id_PBES2; - this.keyEncAlgorithm = algorithm; - } - } - - public JcePKCSPBEOutputEncryptorBuilder setProvider(Provider provider) - { - this.helper = new ProviderJcaJceHelper(provider); - - return this; - } - - public JcePKCSPBEOutputEncryptorBuilder setProvider(String providerName) - { - this.helper = new NamedJcaJceHelper(providerName); - - return this; - } - - /** - * Set the lookup provider of AlgorithmIdentifier returning key_size_in_bits used to - * handle PKCS5 decryption. - * - * @param keySizeProvider a provider of integer secret key sizes. - * - * @return the current builder. - */ - public JcePKCSPBEOutputEncryptorBuilder setKeySizeProvider(SecretKeySizeProvider keySizeProvider) - { - this.keySizeProvider = keySizeProvider; - - return this; - } - - /** - * Set the iteration count for the PBE calculation. - * - * @param iterationCount the iteration count to apply to the key creation. - * @return the current builder. - */ - public JcePKCSPBEOutputEncryptorBuilder setIterationCount(int iterationCount) - { - this.iterationCount = iterationCount; - - return this; - } - - public OutputEncryptor build(final char[] password) - throws OperatorCreationException - { - final Cipher cipher; - SecretKey key; - - if (random == null) - { - random = new SecureRandom(); - } - - final AlgorithmIdentifier encryptionAlg; - final byte[] salt = new byte[20]; - - random.nextBytes(salt); - - try - { - if (algorithm.on(PKCSObjectIdentifiers.pkcs_12PbeIds)) - { - PBEKeySpec pbeSpec = new PBEKeySpec(password); - - SecretKeyFactory keyFact = helper.createSecretKeyFactory(algorithm.getId()); - - PBEParameterSpec defParams = new PBEParameterSpec(salt, iterationCount); - - key = keyFact.generateSecret(pbeSpec); - - cipher = helper.createCipher(algorithm.getId()); - - cipher.init(Cipher.ENCRYPT_MODE, key, defParams); - - encryptionAlg = new AlgorithmIdentifier(algorithm, new PKCS12PBEParams(salt, iterationCount)); - } - else if (algorithm.equals(PKCSObjectIdentifiers.id_PBES2)) - { - SecretKeyFactory keyFact = helper.createSecretKeyFactory(PKCSObjectIdentifiers.id_PBKDF2.getId()); - - key = keyFact.generateSecret(new PBEKeySpec(password, salt, iterationCount, keySizeProvider.getKeySize(new AlgorithmIdentifier(keyEncAlgorithm)))); - - cipher = helper.createCipher(keyEncAlgorithm.getId()); - - cipher.init(Cipher.ENCRYPT_MODE, key, random); - - PBES2Parameters algParams = new PBES2Parameters( - new KeyDerivationFunc(PKCSObjectIdentifiers.id_PBKDF2, new PBKDF2Params(salt, iterationCount)), - new EncryptionScheme(keyEncAlgorithm, ASN1Primitive.fromByteArray(cipher.getParameters().getEncoded()))); - - encryptionAlg = new AlgorithmIdentifier(algorithm, algParams); - } - else - { - throw new OperatorCreationException("unrecognised algorithm"); - } - - return new OutputEncryptor() - { - public AlgorithmIdentifier getAlgorithmIdentifier() - { - return encryptionAlg; - } - - public OutputStream getOutputStream(OutputStream out) - { - return new CipherOutputStream(out, cipher); - } - - public GenericKey getKey() - { - if (isPKCS12(encryptionAlg.getAlgorithm())) - { - return new GenericKey(encryptionAlg, PBEParametersGenerator.PKCS5PasswordToBytes(password)); - } - else - { - return new GenericKey(encryptionAlg, PBEParametersGenerator.PKCS12PasswordToBytes(password)); - } - } - }; - } - catch (Exception e) - { - throw new OperatorCreationException("unable to create OutputEncryptor: " + e.getMessage(), e); - } - } - - private boolean isPKCS12(ASN1ObjectIdentifier algorithm) - { - return algorithm.on(PKCSObjectIdentifiers.pkcs_12PbeIds) - || algorithm.on(BCObjectIdentifiers.bc_pbe_sha1_pkcs12) - || algorithm.on(BCObjectIdentifiers.bc_pbe_sha256_pkcs12); - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/pkcs/jcajce/package.html b/bcpkix/src/main/java/org/bouncycastle/pkcs/jcajce/package.html deleted file mode 100644 index 9b10dc4..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/pkcs/jcajce/package.html +++ /dev/null @@ -1,7 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" - "http://www.w3.org/TR/html4/loose.dtd"> -<html> -<body bgcolor="#ffffff"> -JCA extensions to the PKCS#10 certification request package. -</body> -</html>
\ No newline at end of file diff --git a/bcpkix/src/main/java/org/bouncycastle/pkcs/package.html b/bcpkix/src/main/java/org/bouncycastle/pkcs/package.html deleted file mode 100644 index c83de7c..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/pkcs/package.html +++ /dev/null @@ -1,7 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" - "http://www.w3.org/TR/html4/loose.dtd"> -<html> -<body bgcolor="#ffffff"> -Basic support package for handling and creating PKCS#10 certification requests, PKCS#8 encrypted keys and PKCS#12 keys stores. -</body> -</html>
\ No newline at end of file diff --git a/bcpkix/src/main/java/org/bouncycastle/pkcs/test/AllTests.java b/bcpkix/src/main/java/org/bouncycastle/pkcs/test/AllTests.java deleted file mode 100644 index 809c5c5..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/pkcs/test/AllTests.java +++ /dev/null @@ -1,24 +0,0 @@ -package org.bouncycastle.pkcs.test; - -import junit.framework.Test; -import junit.framework.TestCase; -import junit.framework.TestSuite; - -public class AllTests - extends TestCase -{ - public static void main (String[] args) - { - junit.textui.TestRunner.run(suite()); - } - - public static Test suite() - { - TestSuite suite = new TestSuite("PKCS Tests"); - - suite.addTestSuite(PfxPduTest.class); - suite.addTestSuite(PKCS10Test.class); - - return new BCTestSetup(suite); - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/pkcs/test/BCTestSetup.java b/bcpkix/src/main/java/org/bouncycastle/pkcs/test/BCTestSetup.java deleted file mode 100644 index 7a13561..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/pkcs/test/BCTestSetup.java +++ /dev/null @@ -1,26 +0,0 @@ -// Copyright (c) 2005 The Legion Of The Bouncy Castle (http://www.bouncycastle.org) -package org.bouncycastle.pkcs.test; - -import java.security.Security; - -import junit.extensions.TestSetup; -import junit.framework.Test; - -class BCTestSetup - extends TestSetup -{ - public BCTestSetup(Test test) - { - super(test); - } - - protected void setUp() - { - Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); - } - - protected void tearDown() - { - Security.removeProvider("BC"); - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/pkcs/test/PKCS10Test.java b/bcpkix/src/main/java/org/bouncycastle/pkcs/test/PKCS10Test.java deleted file mode 100644 index a0c13d2..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/pkcs/test/PKCS10Test.java +++ /dev/null @@ -1,78 +0,0 @@ -package org.bouncycastle.pkcs.test; - -import java.math.BigInteger; -import java.security.KeyFactory; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.spec.RSAPrivateCrtKeySpec; -import java.security.spec.RSAPublicKeySpec; - -import junit.framework.Test; -import junit.framework.TestCase; -import junit.framework.TestSuite; -import org.bouncycastle.asn1.pkcs.CertificationRequest; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; -import org.bouncycastle.pkcs.PKCS10CertificationRequest; -import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder; -import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder; - -public class PKCS10Test - extends TestCase -{ - // - // personal keys - // - private static final RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec( - new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16), - new BigInteger("11", 16)); - - private static final RSAPrivateCrtKeySpec privKeySpec = new RSAPrivateCrtKeySpec( - new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16), - new BigInteger("11", 16), - new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16), - new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16), - new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16), - new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16), - new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16), - new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16)); - - public void testLeaveOffEmpty() - throws Exception - { - KeyFactory keyFact = KeyFactory.getInstance("RSA", "BC"); - PublicKey pubKey = keyFact.generatePublic(pubKeySpec); - PrivateKey privKey = keyFact.generatePrivate(privKeySpec); - - PKCS10CertificationRequestBuilder pkcs10Builder = new JcaPKCS10CertificationRequestBuilder(new X500Name("CN=Test"), pubKey); - - PKCS10CertificationRequest request = pkcs10Builder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privKey)); - - assertEquals(0, request.getAttributes().length); - assertNotNull(CertificationRequest.getInstance(request.getEncoded()).getCertificationRequestInfo().getAttributes()); - - pkcs10Builder.setLeaveOffEmptyAttributes(true); - - request = pkcs10Builder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privKey)); - - assertEquals(0, request.getAttributes().length); - assertNull(CertificationRequest.getInstance(request.getEncoded()).getCertificationRequestInfo().getAttributes()); - - pkcs10Builder.setLeaveOffEmptyAttributes(false); - - request = pkcs10Builder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(privKey)); - - assertEquals(0, request.getAttributes().length); - assertNotNull(CertificationRequest.getInstance(request.getEncoded()).getCertificationRequestInfo().getAttributes()); - } - - public static void main(String args[]) - { - junit.textui.TestRunner.run(suite()); - } - - public static Test suite() - { - return new BCTestSetup(new TestSuite(PKCS10Test.class)); - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/pkcs/test/PfxPduTest.java b/bcpkix/src/main/java/org/bouncycastle/pkcs/test/PfxPduTest.java deleted file mode 100644 index 931ed12..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/pkcs/test/PfxPduTest.java +++ /dev/null @@ -1,1255 +0,0 @@ -package org.bouncycastle.pkcs.test; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.math.BigInteger; -import java.security.*; -import java.security.cert.Certificate; -import java.security.cert.X509Certificate; -import java.security.spec.RSAPrivateCrtKeySpec; -import java.security.spec.RSAPublicKeySpec; -import java.util.Date; - -import junit.framework.TestCase; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.DERBMPString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.Attribute; -import org.bouncycastle.asn1.pkcs.ContentInfo; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x500.X500NameBuilder; -import org.bouncycastle.asn1.x500.style.BCStyle; -import org.bouncycastle.asn1.x509.BasicConstraints; -import org.bouncycastle.asn1.x509.Extension; -import org.bouncycastle.asn1.x509.SubjectKeyIdentifier; -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.cert.X509v1CertificateBuilder; -import org.bouncycastle.cert.X509v3CertificateBuilder; -import org.bouncycastle.cert.jcajce.JcaX500NameUtil; -import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; -import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils; -import org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder; -import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; -import org.bouncycastle.crypto.engines.DESedeEngine; -import org.bouncycastle.crypto.engines.RC2Engine; -import org.bouncycastle.crypto.modes.CBCBlockCipher; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.operator.InputDecryptorProvider; -import org.bouncycastle.operator.OutputEncryptor; -import org.bouncycastle.operator.bc.BcDefaultDigestProvider; -import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; -import org.bouncycastle.pkcs.PKCS12PfxPdu; -import org.bouncycastle.pkcs.PKCS12PfxPduBuilder; -import org.bouncycastle.pkcs.PKCS12SafeBag; -import org.bouncycastle.pkcs.PKCS12SafeBagBuilder; -import org.bouncycastle.pkcs.PKCS12SafeBagFactory; -import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo; -import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfoBuilder; -import org.bouncycastle.pkcs.PKCSException; -import org.bouncycastle.pkcs.bc.BcPKCS12MacCalculatorBuilder; -import org.bouncycastle.pkcs.bc.BcPKCS12MacCalculatorBuilderProvider; -import org.bouncycastle.pkcs.bc.BcPKCS12PBEInputDecryptorProviderBuilder; -import org.bouncycastle.pkcs.bc.BcPKCS12PBEOutputEncryptorBuilder; -import org.bouncycastle.pkcs.jcajce.JcaPKCS12SafeBagBuilder; -import org.bouncycastle.pkcs.jcajce.JcaPKCS8EncryptedPrivateKeyInfoBuilder; -import org.bouncycastle.pkcs.jcajce.JcePKCS12MacCalculatorBuilder; -import org.bouncycastle.pkcs.jcajce.JcePKCS12MacCalculatorBuilderProvider; -import org.bouncycastle.pkcs.jcajce.JcePKCSPBEInputDecryptorProviderBuilder; -import org.bouncycastle.pkcs.jcajce.JcePKCSPBEOutputEncryptorBuilder; -import org.bouncycastle.util.Arrays; -import org.bouncycastle.util.encoders.Base64; - -public class PfxPduTest - extends TestCase -{ - private static final String BC = BouncyCastleProvider.PROVIDER_NAME; - private static final char[] passwd = {'h', 'e', 'l', 'l', 'o', ' ', 'w', 'o', 'r', 'l', 'd'}; - - // - // personal keys - // - private static final RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec( - new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16), - new BigInteger("11", 16)); - - private static final RSAPrivateCrtKeySpec privKeySpec = new RSAPrivateCrtKeySpec( - new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16), - new BigInteger("11", 16), - new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16), - new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16), - new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16), - new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16), - new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16), - new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16)); - - // - // intermediate keys. - // - private static final RSAPublicKeySpec intPubKeySpec = new RSAPublicKeySpec( - new BigInteger("8de0d113c5e736969c8d2b047a243f8fe18edad64cde9e842d3669230ca486f7cfdde1f8eec54d1905fff04acc85e61093e180cadc6cea407f193d44bb0e9449b8dbb49784cd9e36260c39e06a947299978c6ed8300724e887198cfede20f3fbde658fa2bd078be946a392bd349f2b49c486e20c405588e306706c9017308e69", 16), - new BigInteger("ffff", 16)); - - - private static final RSAPrivateCrtKeySpec intPrivKeySpec = new RSAPrivateCrtKeySpec( - new BigInteger("8de0d113c5e736969c8d2b047a243f8fe18edad64cde9e842d3669230ca486f7cfdde1f8eec54d1905fff04acc85e61093e180cadc6cea407f193d44bb0e9449b8dbb49784cd9e36260c39e06a947299978c6ed8300724e887198cfede20f3fbde658fa2bd078be946a392bd349f2b49c486e20c405588e306706c9017308e69", 16), - new BigInteger("ffff", 16), - new BigInteger("7deb1b194a85bcfd29cf871411468adbc987650903e3bacc8338c449ca7b32efd39ffc33bc84412fcd7df18d23ce9d7c25ea910b1ae9985373e0273b4dca7f2e0db3b7314056ac67fd277f8f89cf2fd73c34c6ca69f9ba477143d2b0e2445548aa0b4a8473095182631da46844c356f5e5c7522eb54b5a33f11d730ead9c0cff", 16), - new BigInteger("ef4cede573cea47f83699b814de4302edb60eefe426c52e17bd7870ec7c6b7a24fe55282ebb73775f369157726fcfb988def2b40350bdca9e5b418340288f649", 16), - new BigInteger("97c7737d1b9a0088c3c7b528539247fd2a1593e7e01cef18848755be82f4a45aa093276cb0cbf118cb41117540a78f3fc471ba5d69f0042274defc9161265721", 16), - new BigInteger("6c641094e24d172728b8da3c2777e69adfd0839085be7e38c7c4a2dd00b1ae969f2ec9d23e7e37090fcd449a40af0ed463fe1c612d6810d6b4f58b7bfa31eb5f", 16), - new BigInteger("70b7123e8e69dfa76feb1236d0a686144b00e9232ed52b73847e74ef3af71fb45ccb24261f40d27f98101e230cf27b977a5d5f1f15f6cf48d5cb1da2a3a3b87f", 16), - new BigInteger("e38f5750d97e270996a286df2e653fd26c242106436f5bab0f4c7a9e654ce02665d5a281f2c412456f2d1fa26586ef04a9adac9004ca7f913162cb28e13bf40d", 16)); - - // - // ca keys - // - private static final RSAPublicKeySpec caPubKeySpec = new RSAPublicKeySpec( - new BigInteger("b259d2d6e627a768c94be36164c2d9fc79d97aab9253140e5bf17751197731d6f7540d2509e7b9ffee0a70a6e26d56e92d2edd7f85aba85600b69089f35f6bdbf3c298e05842535d9f064e6b0391cb7d306e0a2d20c4dfb4e7b49a9640bdea26c10ad69c3f05007ce2513cee44cfe01998e62b6c3637d3fc0391079b26ee36d5", 16), - new BigInteger("11", 16)); - - private static final RSAPrivateCrtKeySpec caPrivKeySpec = new RSAPrivateCrtKeySpec( - new BigInteger("b259d2d6e627a768c94be36164c2d9fc79d97aab9253140e5bf17751197731d6f7540d2509e7b9ffee0a70a6e26d56e92d2edd7f85aba85600b69089f35f6bdbf3c298e05842535d9f064e6b0391cb7d306e0a2d20c4dfb4e7b49a9640bdea26c10ad69c3f05007ce2513cee44cfe01998e62b6c3637d3fc0391079b26ee36d5", 16), - new BigInteger("11", 16), - new BigInteger("92e08f83cc9920746989ca5034dcb384a094fb9c5a6288fcc4304424ab8f56388f72652d8fafc65a4b9020896f2cde297080f2a540e7b7ce5af0b3446e1258d1dd7f245cf54124b4c6e17da21b90a0ebd22605e6f45c9f136d7a13eaac1c0f7487de8bd6d924972408ebb58af71e76fd7b012a8d0e165f3ae2e5077a8648e619", 16), - new BigInteger("f75e80839b9b9379f1cf1128f321639757dba514642c206bbbd99f9a4846208b3e93fbbe5e0527cc59b1d4b929d9555853004c7c8b30ee6a213c3d1bb7415d03", 16), - new BigInteger("b892d9ebdbfc37e397256dd8a5d3123534d1f03726284743ddc6be3a709edb696fc40c7d902ed804c6eee730eee3d5b20bf6bd8d87a296813c87d3b3cc9d7947", 16), - new BigInteger("1d1a2d3ca8e52068b3094d501c9a842fec37f54db16e9a67070a8b3f53cc03d4257ad252a1a640eadd603724d7bf3737914b544ae332eedf4f34436cac25ceb5", 16), - new BigInteger("6c929e4e81672fef49d9c825163fec97c4b7ba7acb26c0824638ac22605d7201c94625770984f78a56e6e25904fe7db407099cad9b14588841b94f5ab498dded", 16), - new BigInteger("dae7651ee69ad1d081ec5e7188ae126f6004ff39556bde90e0b870962fa7b926d070686d8244fe5a9aa709a95686a104614834b0ada4b10f53197a5cb4c97339", 16)); - - // - // pkcs-12 pfx-pdu - // - private String pkcs12Pass = "hello world"; - - private byte[] pkcs12 = Base64.decode( - "MIACAQMwgAYJKoZIhvcNAQcBoIAkgAQBMAQBgAQBMAQBgAQBBgQBCQQJKoZI" - + "hvcNAQcBBAGgBAGABAEkBAGABAEEBAEBBAEwBAEEBAEDBAOCAzQEAQQEAQEE" - + "ATAEAQQEAQMEA4IDMAQBBAQBAQQBBgQBBAQBAQQBCwQBBAQBCwQLKoZIhvcN" - + "AQwKAQIEAQQEAQEEAaAEAQQEAQMEA4ICpQQBBAQBAQQBMAQBBAQBAwQDggKh" - + "BAEEBAEBBAEwBAEEBAEBBAEbBAEEBAEBBAEGBAEEBAEBBAEKBAEEBAEKBAoq" - + "hkiG9w0BDAEDBAEEBAEPBA8wDQQIoagiwNZPJR4CAQEEAQQEAQEEAQQEAQQE" - + "AQMEA4ICgAQBBAQDggKABIICgEPG0XlhMFyrs4ZWDrvEzl51ICfXd6K2ql2l" - + "nnxhszUbigtSj6x49VEx4PfOB9fQFeidc5L5An+nKp646NBMIY0UwXGs8BLQ" - + "au59jtOs987+l7QYIvl6fdGUIuLPhVSnZZDyqD+HQjU/0/ccKFHRif4tlEQq" - + "aErvZbFeH0pg4ijf1HfgX6gBJGRKdO+msa4qKGnZdHCSLZehyyxvxAmURetg" - + "yhtEl7RmedTB+4TDs7atekqxkNlD9tfwDUX6sb0IH6qbEA6P/DlVMdaD54Cl" - + "QDxRzOfIIjklZhv5OMFWtPK0aYPcqyxzLpw1qRAyoTVXpidkj/hpIpgCVBP/" - + "k5s2+WdGbLgA/4/zSrF6feRCE5llzM2IGxiHVq4oPzzngl3R+Fi5VCPDMcuW" - + "NRuIOzJA+RNV2NPOE/P3knThDnwiImq+rfxmvZ1u6T06s20RmWK6cxp7fTEw" - + "lQ9BOsv+mmyV8dr6cYJq4IlRzHdFOyEUBDwfHThyribNKKobO50xh2f93xYj" - + "Rn5UMOQBJIe3b7OKZt5HOIMrJSZO02IZgvImi9yQWi96PnWa419D1cAsLWvM" - + "xiN0HqZMbDFfxVM2BZmsxiexLhkHWKwLqfQDzRjJfmVww8fnXpWZhFXKyut9" - + "gMGEyCNoba4RU3QI/wHKWYaK74qtJpsucuLWBH6UcsHsCry6VZkwRxWwC0lb" - + "/F3Bm5UKHax5n9JHJ2amQm9zW3WJ0S5stpPObfmg5ArhbPY+pVOsTqBRlop1" - + "bYJLD/X8Qbs468Bwzej0FhoEU59ZxFrbjLSBsMUYrVrwD83JE9kEazMLVchc" - + "uCB9WT1g0hxYb7VA0BhOrWhL8F5ZH72RMCYLPI0EAQQEAQEEATEEAQQEAQEE" - + "AXgEAQQEAQEEATAEAQQEAQEEAVEEAQQEAQEEAQYEAQQEAQEEAQkEAQQEAQkE" - + "CSqGSIb3DQEJFAQBBAQBAQQBMQQBBAQBAQQBRAQBBAQBAQQBHgQBBAQBAQQB" - + "QgQBBAQBQgRCAEQAYQB2AGkAZAAgAEcALgAgAEgAbwBvAGsAJwBzACAAVgBl" - + "AHIAaQBTAGkAZwBuACwAIABJAG4AYwAuACAASQBEBAEEBAEBBAEwBAEEBAEB" - + "BAEjBAEEBAEBBAEGBAEEBAEBBAEJBAEEBAEJBAkqhkiG9w0BCRUEAQQEAQEE" - + "ATEEAQQEAQEEARYEAQQEAQEEAQQEAQQEAQEEARQEAQQEARQEFKEcMJ798oZL" - + "FkH0OnpbUBnrTLgWBAIAAAQCAAAEAgAABAEwBAGABAEGBAEJBAkqhkiG9w0B" - + "BwYEAaAEAYAEATAEAYAEAQIEAQEEAQAEATAEAYAEAQYEAQkECSqGSIb3DQEH" - + "AQQBMAQBGwQBBgQBCgQKKoZIhvcNAQwBBgQPMA0ECEE7euvmxxwYAgEBBAGg" - + "BAGABAEEBAEIBAgQIWDGlBWxnwQBBAQBCAQI2WsMhavhSCcEAQQEAQgECPol" - + "uHJy9bm/BAEEBAEQBBCiRxtllKXkJS2anKD2q3FHBAEEBAEIBAjKy6BRFysf" - + "7gQBBAQDggMwBIIDMJWRGu2ZLZild3oz7UBdpBDUVMOA6eSoWiRIfVTo4++l" - + "RUBm8TpmmGrVkV32PEoLkoV+reqlyWCvqqSjRzi3epQiVwPQ6PV+ccLqxDhV" - + "pGWDRQ5UttDBC2+u4fUQVZi2Z1i1g2tsk6SzB3MKUCrjoWKvaDUUwXo5k9Vz" - + "qSLWCLTZCjs3RaY+jg3NbLZYtfMDdYovhCU2jMYV9adJ8MxxmJRz+zPWAJph" - + "LH8hhfkKG+wJOSszqk9BqGZUa/mnZyzeQSMTEFga1ZB/kt2e8SZFWrTZEBgJ" - + "oszsL5MObbwMDowNurnZsnS+Mf7xi01LeG0VT1fjd6rn9BzVwuMwhoqyoCNo" - + "ziUqSUyLEwnGTYYpvXLxzhNiYzW8546KdoEKDkEjhfYsc4XqSjm9NYy/BW/M" - + "qR+aL92j8hqnkrWkrWyvocUe3mWaiqt7/oOzNZiMTcV2dgjjh9HfnjSHjFGe" - + "CVhnEWzV7dQIVyc/qvNzOuND8X5IyJ28xb6a/i1vScwGuo/UDgPAaMjGw28f" - + "siOZBShzde0Kj82y8NilfYLHHeIGRW+N/grUFWhW25mAcBReXDd5JwOqM/eF" - + "y+4+zBzlO84ws88T1pkSifwtMldglN0APwr4hvUH0swfiqQOWtwyeM4t+bHd" - + "5buAlXOkSeF5rrLzZ2/Lx+JJmI2pJ/CQx3ej3bxPlx/BmarUGAxaI4le5go4" - + "KNfs4GV8U+dbEHQz+yDYL+ksYNs1eb+DjI2khbl28jhoeAFKBtu2gGOL5M9M" - + "CIP/JDOCHimu1YZRuOTAf6WISnG/0Ri3pYZsgQ0i4cXj+WfYwYVjhKX5AcDj" - + "UKnc4/Cxp+TbbgZqEKRcYVb2q0kOAxkeaNo3WCm+qvUYrwAmKp4nVB+/24rK" - + "khHiyYJQsETxtOEyvJkVxAS01djY4amuJ4jL0sYnXIhW3Ag93eavbzksGT7W" - + "Fg1ywpr1x1xpXWIIuVt1k4e+g9fy7Yx7rx0IK1qCSjNwU3QPWbaef1rp0Q/X" - + "P9IVXYkqo1g/T3SyXqrbZLO+sDjiG4IT3z3fJJqt81sRSVT0QN1ND8l93BG4" - + "QKzghYw8sZ4FwKPtLky1dDcVTgQBBAQBCAQIK/85VMKWDWYEAQQEAQgECGsO" - + "Q85CcFwPBAEEBAEIBAhaup6ot9XnQAQBBAQCgaAEgaCeCMadSm5fkLfhErYQ" - + "DgePZl/rrjP9FQ3VJZ13XrjTSjTRknAbXi0DEu2tvAbmCf0sdoVNuZIZ92W0" - + "iyaa2/A3RHA2RLPNQz5meTi1RE2N361yR0q181dC3ztkkJ8PLyd74nCtgPUX" - + "0JlsvLRrdSjPBpBQ14GiM8VjqeIY7EVFy3vte6IbPzodxaviuSc70iXM4Yko" - + "fQq6oaSjNBFRqkHrBAEEBAEIBAjlIvOf8SnfugQBBAQBCAQIutCF3Jovvl0E" - + "AQQEAQgECO7jxbucdp/3BAEEBAEIBAidxK3XDLj+BwQBBAQBCAQI3m/HMbd3" - + "TwwEAQQEA4ICOASCAjgtoCiMfTkjpCRuMhF5gNLRBiNv+xjg6GvZftR12qiJ" - + "dLeCERI5bvXbh9GD6U+DjTUfhEab/37TbiI7VOFzsI/R137sYy9Tbnu7qkSx" - + "u0bTvyXSSmio6sMRiWIcakmDbv+TDWR/xgtj7+7C6p+1jfUGXn/RjB3vlyjL" - + "Q9lFe5F84qkZjnADo66p9gor2a48fgGm/nkABIUeyzFWCiTp9v6FEzuBfeuP" - + "T9qoKSnCitaXRCru5qekF6L5LJHLNXLtIMSrbO0bS3hZK58FZAUVMaqawesJ" - + "e/sVfQip9x/aFQ6U3KlSpJkmZK4TAqp9jIfxBC8CclbuwmoXPMomiCH57ykr" - + "vkFHOGcxRcCxax5HySCwSyPDr8I4+6Kocty61i/1Xr4xJjb+3oyFStIpB24x" - + "+ALb0Mz6mUa1ls76o+iQv0VM2YFwnx+TC8KC1+O4cNOE/gKeh0ircenVX83h" - + "GNez8C5Ltg81g6p9HqZPc2pkwsneX2sJ4jMsjDhewV7TyyS3x3Uy3vTpZPek" - + "VdjYeVIcgAz8VLJOpsIjyHMB57AyT7Yj87hVVy//VODnE1T88tRXZb+D+fCg" - + "lj2weQ/bZtFzDX0ReiEQP6+yklGah59omeklIy9wctGV1o9GNZnGBSLvQ5NI" - + "61e9zmQTJD2iDjihvQA/6+edKswCjGRX6rMjRWXT5Jv436l75DVoUj09tgR9" - + "ytXSathCjQUL9MNXzUMtr7mgEUPETjM/kYBR7CNrsc+gWTWHYaSWuqKVBAEE" - + "BAEIBAh6slfZ6iqkqwQBBAQBCAQI9McJKl5a+UwEAQQEATgEOBelrmiYMay3" - + "q0OW2x2a8QQodYqdUs1TCUU4JhfFGFRy+g3yU1cP/9ZSI8gcI4skdPc31cFG" - + "grP7BAEEBAEIBAhzv/wSV+RBJQQBBAQBCAQI837ImVqqlr4EAQQEAQgECGeU" - + "gjULLnylBAEEBAEIBAjD3P4hlSBCvQQBBAQBCAQISP/qivIzf50EAQQEAQgE" - + "CKIDMX9PKxICBAEEBAOCBOgEggTocP5VVT1vWvpAV6koZupKN1btJ3C01dR6" - + "16g1zJ5FK5xL1PTdA0r6iAwVtgYdxQYnU8tht3bkNXdPJC1BdsC9oTkBg9Nr" - + "dqlF5cCzXWIezcR3ObjGLpXu49SAHvChH4emT5rytv81MYxZ7bGmlQfp8BNa" - + "0cMZz05A56LXw//WWDEzZcbKSk4tCsfMXBdGk/ngs7aILZ4FGM620PBPtD92" - + "pz2Ui/tUZqtQ0WKdLzwga1E/rl02a/x78/OdlVRNeaIYWJWLmLavX98w0PhY" - + "ha3Tbj/fqq+H3ua6Vv2Ff4VeXazkXpp4tTiqUxhc6aAGiRYckwZaP7OPSbos" - + "RKFlRLVofSGu1IVSKO+7faxV4IrVaAAzqRwLGkpJZLV7NkzkU1BwgvsAZAI4" - + "WClPDF228ygbhLwrSN2NK0s+5bKhTCNAR/LCUf3k7uip3ZSe18IwEkUMWiaZ" - + "ayktcTYn2ZjmfIfV7wIxHgWPkP1DeB+RMS7VZe9zEgJKOA16L+9SNBwJSSs9" - + "5Sb1+nmhquZmnAltsXMgwOrR12JLIgdfyyqGcNq997U0/KuHybqBVDVu0Fyr" - + "6O+q5oRmQZq6rju7h+Hb/ZUqRxRoTTSPjGD4Cu9vUqkoNVgwYOT+88FIMYun" - + "g9eChhio2kwPYwU/9BNGGzh+hAvAKcUpO016mGLImYin+FpQxodJXfpNCFpG" - + "4v4HhIwKh71OOfL6ocM/518dYwuU4Ds2/JrDhYYFsn+KprLftjrnTBnSsfYS" - + "t68b+Xr16qv9r6sseEkXbsaNbrGiZAhfHEVBOxQ4lchHrMp4zpduxG4crmpc" - + "+Jy4SadvS0uaJvADgI03DpsDYffUdriECUqAfOg/Hr7HHyr6Q9XMo1GfIarz" - + "eUHBgi1Ny0nDTWkdb7I3bIajG+Unr3KfK6dZz5Lb3g5NeclU5zintB1045Jr" - + "j9fvGGk0/2lG0n17QViBiOzGs2poTlhn7YxmiskwlkRKVafxPZNPxKILpN9s" - + "YaWGz93qER/pGMJarGJxu8sFi3+yt6FZ4pVPkvKE8JZMEPBBrmH41batS3sw" - + "sfnJ5CicAkwd8bluQpoc6qQd81HdNpS6u7djaRSDwPtYnZWu/8Hhj4DXisje" - + "FJBAjQdn2nK4MV7WKVwr+mNcVgOdc5IuOZbRLOfc3Sff6kYVuQFfcCGgAFpd" - + "nbprF/FnYXR/rghWE7fT1gfzSMNv+z5UjZ5Rtg1S/IQfUM/P7t0UqQ01/w58" - + "bTlMGihTxHiJ4Qf3o5GUzNmAyryLvID+nOFqxpr5es6kqSN4GPRHsmUIpB9t" - + "f9Nw952vhsXI9uVkhQap3JvmdAKJaIyDz6Qi7JBZvhxpghVIDh73BQTaAFP9" - + "5GUcPbYOYJzKaU5MeYEsorGoanSqPDeKDeZxjxJD4xFsqJCoutyssqIxnXUN" - + "Y3Uojbz26IJOhqIBLaUn6QVFX79buWYjJ5ZkDS7D8kq6DZeqZclt5711AO5U" - + "uz/eDSrx3d4iVHR+kSeopxFKsrK+KCH3CbBUMIFGX/GE9WPhDWCtjjNKEe8W" - + "PinQtxvv8MlqGXtv3v7ObJ2BmfIfLD0rh3EB5WuRNKL7Ssxaq14KZGEBvc7G" - + "Fx7jXLOW6ZV3SH+C3deJGlKM2kVhDdIVjjODvQzD8qw8a/ZKqDO5hGGKUTGD" - + "Psdd7O/k/Wfn+XdE+YuKIhcEAQQEAQgECJJCZNJdIshRBAEEBAEIBAiGGrlG" - + "HlKwrAQBBAQBCAQIkdvKinJYjJcEAQQEAUAEQBGiIgN/s1bvPQr+p1aQNh/X" - + "UQFmay6Vm5HIvPhoNrX86gmMjr6/sg28/WCRtSfyuYjwQkK91n7MwFLOBaU3" - + "RrsEAQQEAQgECLRqESFR50+zBAEEBAEIBAguqbAEWMTiPwQBBAQBGAQYKzUv" - + "EetQEAe3cXEGlSsY4a/MNTbzu1WbBAEEBAEIBAiVpOv1dOWZ1AQCAAAEAgAA" - + "BAIAAAQCAAAEAgAABAIAAAAAAAAAADA1MCEwCQYFKw4DAhoFAAQUvMkeVqe6" - + "D4UmMHGEQwcb8O7ZwhgEEGiX9DeqtRwQnVi+iY/6Re8AAA=="); - - private String sha256Pass = "D317F8D5191F2602C527F8E6E0E8855C4517EC9512F7A06A7A588ACF0B3A6325"; - - private byte[] sha256Pfx = Base64.decode( - "MIIFvwIBAzCCBXEGCSqGSIb3DQEHAaCCBWIEggVeMIIFWjCCBVYGCSqGSIb3" - + "DQEHAaCCBUcEggVDMIIFPzCCBTsGCyqGSIb3DQEMCgECoIIFKjCCBSYwUAYJ" - + "KoZIhvcNAQUNMEMwIgYJKoZIhvcNAQUMMBUEEFEZik5RaSrwXtrWCnaLzAQC" - + "AQEwHQYJYIZIAWUDBAEqBBBTqY5oFOjZxnBBtWchzf0TBIIE0Pcvwtwthm8d" - + "yR16f5yqtofxGzJ0aAbCF7JJ+XsL9QhNuqndTtnXits+E2WgNwwm24XyRhPA" - + "obAwqz+DvH+gdUbKoN/gCEp+/6xhlwMQZyjyqi5ePznwLQ/bJueqmXZDT+pO" - + "zTIeMXMF0YaSjcZZ4FJnZtBX7XQDEAPmialrknhcSZI5RoLjOzFv51FgYd9+" - + "nWdtWlRINS9LrGCVL+y8wwHp55tWEoCR2/o9YWFMYNrUkVUUzImHCN1fkbIH" - + "XQxPp5fUqP00kwYY4288JZrzHGWGmSVYm54ok5YRLpCs0yhB0ve//iH/fNNO" - + "esShfBTUcRCc086skxgoCVWBZERyVJHWkKl/Q4RVzYt70k2/Qfq/xBNwVCrw" - + "YiOB0TwSQJKpvRbtufPx2vODfAmhIKes08ZLJHsMJ+O3p99O2rWZslNY7nfx" - + "1vWXYLVkHg0q79ThgbP4p0qQQziIVZoF9ViisJTJWzZbfJLdaKPeHcduvXsR" - + "lRvfEpR6/lifcxvkloxjpYtM6JEjtvT1x442VRKJWZofkjCohpLSmEDt77FM" - + "ENvra7B9ojlY+0DkwNV34FlSRrwi/nVl2XhebI11DfQFEUN+krNoZ3U4n5Sb" - + "g0Heibg5mILPwVS5Zh2vEybXzFY6b1XPA7TlGQATm6xBaU+BNFiACp+7+6CZ" - + "PxofFKKlWq0+Apx43JDATerwlPBKxLqxxgo0xTJUtL8OKnt6oSFX4P6O6AgX" - + "D9Pz3dzdWW9ga65N2qEmqpeIsd6SB4eGRJ1Vf1ePDgdVBUD9DG/eWfpn8l1T" - + "neg7wsQOGDrX00uDfio/WrjRBOw37IfToqJ/j6y/Ybggg5tldvCNoxq/42rC" - + "RvP0GJH+LJAHgB9sOWbksR7tKizWeFEyHwrAQfYc8aIZocApObtsZp8O5nuI" - + "MNcSCc77WZfVacrJzssKki1YHPoZeTYb9q4DRm0F6Rk+bqyvd7vs2DyLN7jT" - + "bkWoSoyCw8PAOuc8Q/+X3jhs18RQGzsEpeTOHoYJWeTUxgPrPqDFNKNLhD+L" - + "7mvDM7EvB08tVfLTSMeVBY+RUW6eFCbdlHfqszvp9pFZPNxQHtgbAYplwK6J" - + "i24gCH2UMF+BNzdcN2Fw9vP3nao+mzjtY1HuYebDDNNxgBAEoUFS4jr1YLoa" - + "+li3A9T/NqSf+J5OwASsSsp0YttAJQ+VU19amwJ141U+04kVc2bUIvSxEyxu" - + "UzWfFs26J1FhKzacirtpNv21iH78NHWOgS3jlEZMirpCHtHDbwF0z3V0upJ7" - + "cZzMwHJPQIGP4Nk8ei20dEogc/D2ijXHGRKdRjstzi89YXs4iLWjy2lEqhlK" - + "IvmlbF/snra1He2En/TFYv7m1zMuEPtS/+DTcwzqoe10Lko+2bNlOikW58u/" - + "OdAlteo1IissecMjL6743ttt8SAwx9gpAn6XHaIfFL1jiGKUQPJ5Mx9RUzfB" - + "lsKzHLNWmrDCZtR4BC4A21aRUueDGgRbtiOCYLbVtoiTc2XWM5juahaWCNKm" - + "4+ENQNOPrB4rJUeWJquNOj9+Brhe6pWWfi4EYVBuWlbTQB7u3uP9lnYvQHSo" - + "nOjkhjwEhPZneaKctEqXx2LoYc8arY1LSSpaXORcOJc/LkgVCq3bBEDNCJrZ" - + "DBOUpcPXDj43MEUwMTANBglghkgBZQMEAgEFAAQgdWQUVEirOjgax8qJhjqC" - + "bArDHuZQQvCmtrjqyhWbI4MEENBoJ4T1+xY5fmdiwmoXPPM="); - - private String pkcs5Pass = "hello"; - - private byte[] pkcs5Aes128Pfx = Base64.decode( - "MIIFsQIBAzCCBXcGCSqGSIb3DQEHAaCCBWgEggVkMIIFYDCCAxcGCSqGSIb3" - + "DQEHBqCCAwgwggMEAgEAMIIC/QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYw" - + "DgQIBumPBl/jV0kCAggAgIIC0Dd2zn5WPPxgqdZg0a4zB10ErQnNlRUd1EOw" - + "kodoXH7Vt3/zVgssPDmuUJo6OlneBaYXjjjrqaDbmuc+1JTpB3GPsCAdDvAd" - + "m3IQR9oJJOqX0RYFKw4rFQ2xmzkybHiXWvt24lKr1A7MSfSWc+xO3xupNzQt" - + "z8dLGx0VJejJe8KSM+ST6JTXaHWcijPo/pADjyTWp2xwZaEfBDUOLgCPTlHY" - + "95cfqB0FlwfT+jGqrQjVXex9hL1MmANFwZ0bqxx+9yfdcDY8K/87NYZ4LJdA" - + "L7qAJg5Ziduhe+NMugzOMQijUGHX9g21kMmU96CUbUNyc0JWXyDJqwh0aAvV" - + "QVbLW9F+qzWPCMlV/5u30WNZ0gdVulCdQ9wIO1vt3oa3wUUdO1LCaEGyqO+h" - + "x5iPGH3f5WTeJK2BoOKtUXhZtfp7GvYYFcI8BeoTo5poT/uqLdZmaPgBXc5O" - + "kyRQCpvQJipNcwD+R8FPbTExUxTWnbxbx3f7n0v8vMFPqb26BrFzCN+JTFRw" - + "bN0dRaysOGgzMeBjk0TGpHHj5/g5DUvIxVjN6wY7HO+849g64a+Z/wHWB1vp" - + "fALen3hGVdYIgWXGWn3bBMXT5peWc1omPXJdoltpiFRGku3JFCBJEQ6LzqZD" - + "ApVqVgE6WbfTQXgsEE9+J5zJJx/yTGvFjxXNNUMSdo2zQtHJVj0karXHVLxu" - + "phGb8Eg23obEOZj6Y6cZviWeiEeBjinGh4M1RD4HuYnczDF3FWZbi9aRku9r" - + "a1VgUbftiXeqmRpIWtZhfB40IELadTbEMTOi4pQ2cPcjZRAKAZwnijTfXEA5" - + "XwBQYdPvORlP6PJJv2Ai6Zc2XrevvOYLnSXSU+2ZpVuTTaX7xcQFi4APexyc" - + "Csfhpcpmb2K8jek3XN0jnOti9rU6Rlab9U5bPMLuOqoISsQ/x2ho3M0uYZIh" - + "9nGPixL1lxKgNDXfh0sZ7u7/AzCCAkEGCSqGSIb3DQEHAaCCAjIEggIuMIIC" - + "KjCCAiYGCyqGSIb3DQEMCgECoIIBszCCAa8wSQYJKoZIhvcNAQUNMDwwGwYJ" - + "KoZIhvcNAQUMMA4ECDD2zGfoVExtAgIIADAdBglghkgBZQMEAQIEEFER8VTx" - + "Owq7+dXKJn8zEMwEggFgpsQbBZJ1/NCAv5G05MsoujT6jNmhUI5RyHlKVqBD" - + "odvw/wS13qmWqUA3gL0/sJz/uf9/DJ7ur5XbkW56Y5qlqXBc8xvZ22Mabfy4" - + "hBzBuL+A6gfEQZNuZPiev0w02fEuVAtceDgsnJfMaawK06PUjxTUP3n/Bczc" - + "rhYYaGHwTtX+N6C3Q0Zn/W3zoIsoSruN6jc9x2DCAc3cdv5zaXxvZv6GhQou" - + "kcibQhRnTqQVRRWsF2zX3ZgPLJrQcB4NPGoEecHceD8jB6JnKqgGUpWybrjK" - + "7Mwwl2wB8Ffd2XpTTw2beiNSZXhCp+IxqgggwK3L1RGWhRoQE3esAVlCDhkz" - + "sk/ngnpqaauE9NVcrZEY0x6++/MOJssQZZ8X+Ci/zJuyH1dpUQii3kuw4F/O" - + "8nHiHClR0IA/xrVM+h0NC1/o2jCjeKXPf67j2Wp95o40apldtqlHyTm3TM2O" - + "uXrT5ExzcjFgMCMGCSqGSIb3DQEJFTEWBBSpuRoBZ82LWCyE2mXmT5Gmk1xv" - + "+DA5BgkqhkiG9w0BCRQxLB4qAHQAZQBzAHQAQABiAG8AdQBuAGMAeQBjAGEA" - + "cwB0AGwAZQAuAG8AcgBnMDEwITAJBgUrDgMCGgUABBQRvdgo1LVPm68qJcVT" - + "gw8dRrSS4gQISYYYgNAwxl0CAggA"); - - private byte[] pkcs5Aes192Pfx = Base64.decode( - "MIIFsQIBAzCCBXcGCSqGSIb3DQEHAaCCBWgEggVkMIIFYDCCAxcGCSqGSIb3" - + "DQEHBqCCAwgwggMEAgEAMIIC/QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYw" - + "DgQImAP7SD16WkACAggAgIIC0MCS81oGaIY1yHwP6faAhe3eseR6gGMlezbx" - + "r/7jmVQ8xe2jsZwqRVp/WCx716/9RHab17UFy+e3efbCrCGUJGUU5OrADf0l" - + "6/S7v/C5hR5XeE12zukSe/c5mkGhPuM+for0daQpLP6zDQMNLENyp+mPVBsI" - + "7IqFihwWUow7lvZEwaUOmsu+m978BOqhMRykZ7MbEjq4lMumZNvp37WqPRrh" - + "eQ4tz7q47C+k5NkTjMz2s/2a9SZViW+FZWOvV0DXJj/BCpAARR0bQDpjqlQ8" - + "HoSjoVgP+p5Y1pnLBvI/pFecS4ZwM1TyAdFZbjFpkNe8DREO/Py+89kOJpZa" - + "aZoFKjxY5m7Z9ftJx615vih5d8D4t685tBJNAEiah9RFppNA41GpJc1winx1" - + "CuqQQqStOmmMD/uk1BEgaQ4R4lR88Bms69shK8Nk2U4egVYKdbrruulKY5M0" - + "dj5j2JChqYjE5dPxPyd1s0qYW9ABMeDT8l7gtiDTOfS4qZjVPWRW2vGbj80g" - + "HnBnd6SAC2DdWkY1QuDRVRABQO5NJPPqGhL2LclX1dE1FS0puXpl/oyxbAMU" - + "pCt+pnZZLPrMSZgZ6I3VWt+Dbg6jHtM4a+y3gsswL+uzdb4AnHqCcuFbnZDh" - + "2hz6IFsyw4LgUeIBJNBAqgag3VeJLL7bpKm58XSd/6hC369HXn91F1NAkBOO" - + "IZFZQPVgEufdryZck1/u0+zmyelAWG7Jq4SQF07C4v/dpgVH8U1OwR34+D0f" - + "0fPA3qdBLGL5cKNBxnKCx5+Gu/+dDR33aY176qaDZu7OmZkCJ3qkhOif7/Qi" - + "0s4NpG6ATLGD6TzSnmje3GwJze5KwOvMgAewWGScdqOE9KOh7iPC1kIDgwhE" - + "eBM+yciGGfinStyeSik6fLRi2JPnVNIALIh74DIfK3QJVVRNi9vuQ0j0Dm8C" - + "JSD/heWsebKIFrQSoeEAZCYPhzCCAkEGCSqGSIb3DQEHAaCCAjIEggIuMIIC" - + "KjCCAiYGCyqGSIb3DQEMCgECoIIBszCCAa8wSQYJKoZIhvcNAQUNMDwwGwYJ" - + "KoZIhvcNAQUMMA4ECBGQFSR+KZ2AAgIIADAdBglghkgBZQMEARYEEABRcxC7" - + "xWHsYaX2UsUZ5JoEggFgyrYAZowHdclsxaAeoY/Ch1F+NBb64bXdDOp56OWh" - + "HHu79vhLsjAOmbTYoMsmRZw8REen7ztBUv9h/f7WbfKs84FDI6LbM9EIaeun" - + "jrqaUdmSADQhakd7hJQhWAw4h/Df5KNhwsVJ1+i9RCtMzY1nFk1Pjg6yL/5E" - + "rWVvNRkconjrDbUwLPA+TfDlhOMapttER4k8kOY0WMc7iWHmowkh1JHUNbvC" - + "gEQvGwysXiFqoEcy/UbY7Wgke3h7HwoColAYorHhkV4/NBENmQbsiUdkxD/Z" - + "6KrgOuAvvluGUY79M6SusH11PfVBwyJX7Wt1HmllrykrsmJuF6UuN1BavUrR" - + "rr0Utm9T28iiqO6ky74V4XesmFdr7oObT2kLcGiFbWzXyVrWL3GM9N03CWXx" - + "b1M5hXACRlwKVp79qxeyw5k+ccixnjCumsSX8MMttKYwRJ1ML2YL0v8XdE0i" - + "LSkXsEoG5zFgMCMGCSqGSIb3DQEJFTEWBBSpuRoBZ82LWCyE2mXmT5Gmk1xv" - + "+DA5BgkqhkiG9w0BCRQxLB4qAHQAZQBzAHQAQABiAG8AdQBuAGMAeQBjAGEA" - + "cwB0AGwAZQAuAG8AcgBnMDEwITAJBgUrDgMCGgUABBQz1gLRjMDYVLIPGdsd" - + "4EPgRMGPtQQItR+KgKM/oRMCAggA"); - - private byte[] pkcs5Camellia128Pfx = Base64.decode( - "MIIFswIBAzCCBXkGCSqGSIb3DQEHAaCCBWoEggVmMIIFYjCCAxcGCSqGSIb3" - + "DQEHBqCCAwgwggMEAgEAMIIC/QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYw" - + "DgQIq+wFOOOtSokCAggAgIIC0IWDRpk4L/tSSMfwWx0mN3ecbaL+m2XZWvN9" - + "hK1K5PghAYquCs36l603cYSV9pypOkGC5rn1d2fyZCFhUMOObSC7V/mpkitr" - + "OfOYpaW7tU1JJecpONgIHlbd8N4fbBtH73E7vdmi6X/tg4Tl7yJf40fruYVq" - + "yzqfJCO2aGJIFv6JWsFivjCwehBa+6ppCHBnNcj4SsVlozj1y2B0Wl2TVi3r" - + "joBIsK2RQ+RMjM55k3pS57mV+jXtd29wb2q9utDKogvpBCboTk8dPMFcFGWz" - + "2D41onJoEJKizAEIgXiS7UvqHddhIL9O/rSZ68j2d2GcFi1Oxer1PyZoCI61" - + "CpZdk2QeNeVaVFTPJ26We6J34w2ivZwHOhn+iUZ7q0Sm9gcYa1QRG79LA/AC" - + "nE3Xxzl4nEjRRi5AKb6IOnMKBbr0povesS8tL323x91uPZc0jMctC6Q+vegX" - + "tIZ7dZPuNxhqRHqb62LSm11cpYQWibj16rRQ0ulOFSQGIr514PvfbIig6oo8" - + "niwHuefp/ey/Zvl/dAl+um2UkVdR9Mwn8vTM8oMF+ptJfpWyZEIrP785Rpu3" - + "oyBMyEYA2djX7JsFvoCxKxGCC5VK3C/9EFv9xUGmiV0zrTPcHb1P4sK1AJyI" - + "vhSY+Tgv+Fjq5KoPCa4ZXP+Y+vSzkttcP8u7x0wt9cblvgzdBy9Ee1xqCdJd" - + "F67U6vbQ6ErDrdVAwtRqc0TsPKG1XH5NFtxTwILyCeh8XzdYMIaHkEnTuITQ" - + "eeICaUJ2YPZrADLxXTNHI9e6dVcDvhjf/JfBXZfiiqFH8XmbCIMqyGSGTmQr" - + "8uwb8cquLMS78RbXSHLNcv+f/DmPOClNjmWgVAYxaDuw5lZBaU+YDyZaKEy2" - + "Mdjd+lR/g2LZhvAEfcM3V4bzr17s0GOSwJ5/5yzczPKZZ8auMwML+Bcmoggt" - + "EJgubVFHg/3l11xVe2djfg78CTCCAkMGCSqGSIb3DQEHAaCCAjQEggIwMIIC" - + "LDCCAigGCyqGSIb3DQEMCgECoIIBtTCCAbEwSwYJKoZIhvcNAQUNMD4wGwYJ" - + "KoZIhvcNAQUMMA4ECInc03N3q5vSAgIIADAfBgsqgwiMmks9AQEBAgQQR+Uo" - + "WVvmSL5AcwwRq6vtOQSCAWD0Ms1i2wHGaFi6qUWLqA5EnmYFwqwQQlfz5To+" - + "FwVEpHQHrqd0pehOt1J9vyDVYwfjU8DUOJDovCiBIzRsopyf0Qp5hcZnaTDw" - + "YJSNd3pIAYiEUAzfdtC7tQw2v0aLt5X/7zthEcoRtTe061dK8DhbV4fALWa9" - + "VF2E91L35+wq52DblvpJHBw28PHTbuhfJZsNshXKO7qU7uk+UR6V/Pwc7rsp" - + "x/TQ35fVfm7v53rapdHlMVyY4Bx/4fdEWV9aK1cV3qOfiBMByxt8WD0xBLoc" - + "Yy3qo3+k/N7q6t4hqjus3LPVrmCbpgAe5S5EkDgnjy7Mpz19tf7hhzL957p2" - + "ecWregvR9rQHoWZNOaxS2e2hdOiZUPSxIJ46nOJyCnoZQHG0CFVEwwJkGcWf" - + "Thjz38U203IRzuCPgsO1f8wjSXXMp4xJQtJW2TqMm+5/aaDtuXAsUGqQzGiH" - + "DQfUs4z/PCKyMWAwIwYJKoZIhvcNAQkVMRYEFKm5GgFnzYtYLITaZeZPkaaT" - + "XG/4MDkGCSqGSIb3DQEJFDEsHioAdABlAHMAdABAAGIAbwB1AG4AYwB5AGMA" - + "YQBzAHQAbABlAC4AbwByAGcwMTAhMAkGBSsOAwIaBQAEFHIzAiyzoVOmPvLE" - + "XCD2HHG5MC23BAhhHlFnklHZYgICCAA="); - - private byte[] pkcs5Camellia256Pfx = Base64.decode( - "MIIFswIBAzCCBXkGCSqGSIb3DQEHAaCCBWoEggVmMIIFYjCCAxcGCSqGSIb3" - + "DQEHBqCCAwgwggMEAgEAMIIC/QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYw" - + "DgQIq+wFOOOtSokCAggAgIIC0IWDRpk4L/tSSMfwWx0mN3ecbaL+m2XZWvN9" - + "hK1K5PghAYquCs36l603cYSV9pypOkGC5rn1d2fyZCFhUMOObSC7V/mpkitr" - + "OfOYpaW7tU1JJecpONgIHlbd8N4fbBtH73E7vdmi6X/tg4Tl7yJf40fruYVq" - + "yzqfJCO2aGJIFv6JWsFivjCwehBa+6ppCHBnNcj4SsVlozj1y2B0Wl2TVi3r" - + "joBIsK2RQ+RMjM55k3pS57mV+jXtd29wb2q9utDKogvpBCboTk8dPMFcFGWz" - + "2D41onJoEJKizAEIgXiS7UvqHddhIL9O/rSZ68j2d2GcFi1Oxer1PyZoCI61" - + "CpZdk2QeNeVaVFTPJ26We6J34w2ivZwHOhn+iUZ7q0Sm9gcYa1QRG79LA/AC" - + "nE3Xxzl4nEjRRi5AKb6IOnMKBbr0povesS8tL323x91uPZc0jMctC6Q+vegX" - + "tIZ7dZPuNxhqRHqb62LSm11cpYQWibj16rRQ0ulOFSQGIr514PvfbIig6oo8" - + "niwHuefp/ey/Zvl/dAl+um2UkVdR9Mwn8vTM8oMF+ptJfpWyZEIrP785Rpu3" - + "oyBMyEYA2djX7JsFvoCxKxGCC5VK3C/9EFv9xUGmiV0zrTPcHb1P4sK1AJyI" - + "vhSY+Tgv+Fjq5KoPCa4ZXP+Y+vSzkttcP8u7x0wt9cblvgzdBy9Ee1xqCdJd" - + "F67U6vbQ6ErDrdVAwtRqc0TsPKG1XH5NFtxTwILyCeh8XzdYMIaHkEnTuITQ" - + "eeICaUJ2YPZrADLxXTNHI9e6dVcDvhjf/JfBXZfiiqFH8XmbCIMqyGSGTmQr" - + "8uwb8cquLMS78RbXSHLNcv+f/DmPOClNjmWgVAYxaDuw5lZBaU+YDyZaKEy2" - + "Mdjd+lR/g2LZhvAEfcM3V4bzr17s0GOSwJ5/5yzczPKZZ8auMwML+Bcmoggt" - + "EJgubVFHg/3l11xVe2djfg78CTCCAkMGCSqGSIb3DQEHAaCCAjQEggIwMIIC" - + "LDCCAigGCyqGSIb3DQEMCgECoIIBtTCCAbEwSwYJKoZIhvcNAQUNMD4wGwYJ" - + "KoZIhvcNAQUMMA4ECInc03N3q5vSAgIIADAfBgsqgwiMmks9AQEBAgQQR+Uo" - + "WVvmSL5AcwwRq6vtOQSCAWD0Ms1i2wHGaFi6qUWLqA5EnmYFwqwQQlfz5To+" - + "FwVEpHQHrqd0pehOt1J9vyDVYwfjU8DUOJDovCiBIzRsopyf0Qp5hcZnaTDw" - + "YJSNd3pIAYiEUAzfdtC7tQw2v0aLt5X/7zthEcoRtTe061dK8DhbV4fALWa9" - + "VF2E91L35+wq52DblvpJHBw28PHTbuhfJZsNshXKO7qU7uk+UR6V/Pwc7rsp" - + "x/TQ35fVfm7v53rapdHlMVyY4Bx/4fdEWV9aK1cV3qOfiBMByxt8WD0xBLoc" - + "Yy3qo3+k/N7q6t4hqjus3LPVrmCbpgAe5S5EkDgnjy7Mpz19tf7hhzL957p2" - + "ecWregvR9rQHoWZNOaxS2e2hdOiZUPSxIJ46nOJyCnoZQHG0CFVEwwJkGcWf" - + "Thjz38U203IRzuCPgsO1f8wjSXXMp4xJQtJW2TqMm+5/aaDtuXAsUGqQzGiH" - + "DQfUs4z/PCKyMWAwIwYJKoZIhvcNAQkVMRYEFKm5GgFnzYtYLITaZeZPkaaT" - + "XG/4MDkGCSqGSIb3DQEJFDEsHioAdABlAHMAdABAAGIAbwB1AG4AYwB5AGMA" - + "YQBzAHQAbABlAC4AbwByAGcwMTAhMAkGBSsOAwIaBQAEFHIzAiyzoVOmPvLE" - + "XCD2HHG5MC23BAhhHlFnklHZYgICCAA="); - - private byte[] pkcs5Cast5Pfx = Base64.decode( - "MIIFqQIBAzCCBW8GCSqGSIb3DQEHAaCCBWAEggVcMIIFWDCCAxcGCSqGSIb3" - + "DQEHBqCCAwgwggMEAgEAMIIC/QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYw" - + "DgQIkiiANhrORysCAggAgIIC0GDKlVmlIcRXqb1XoCIhnHcKRm1Sa/bCJc7j" - + "ylp5Y8l2/ugimFeeM1yjZRke+KxTPXL0TO859j45NGUArL6hZipx8v6RzvH7" - + "WqyJx5wuDwufItgoJT2DE4UFGZEi/pP/RWALxNEZysVB5zod56vw3dZu/+rR" - + "gPIO7mOnWgqC2P1Pw4YLXOk4qNxaCCwIIp9aJlAdvCRfLBqPr8QjJFMGw5NQ" - + "gcHLG3QRW846wUtOxZj2+/Qy9GNAvo+PV6qIR/IS/A+QUwQ3+7SRojUWMUhV" - + "6N/L/+l2UyU551pA5oX8anPbKCU5bRa/MRIpfPvm+XJpEpbwhS164X7wBFIR" - + "RSdoj83wEWcR0WFTCXijCRdJcniO+h13kiaR3ltBD0dETjM7xu1XvkbAb3EV" - + "71PeRQC8kY6DPsJCI9DWDBCnJpVzO4q2atzYej4IAZNgF9PBAwA5isAzurVz" - + "xxxS4SF930CnrFLb/CxF/IBuz6RBh0lreRMfCP5g5sZUp686kShMSeAKNb7s" - + "xU2YshusTTShhK+2tK8Lf7z9O/P59P0yZOiFDStrDRUPo7IAfUD29+1EdWVQ" - + "3LGBtN/t/YOedKGVxd+YXZ4YKFRoNBR9GHsL31wrOm14mmWNib6nbd5+6Zcj" - + "j3xXLLXG7MT40KlmsmKDYCVeGhc7AfGU3b/HceX5u30RUWbgaC0ATiM/vJKX" - + "djvCpEiB5pPy2YtpSNAc0bV9GsHorL85WjJDWnMlm3yoy+Bfiu/doNzMEytL" - + "ycXq4LtaRl6EV8G4ak59lNJ7HdsABcsSa2fxEa595hbWYeYB1xgt0mHl+btx" - + "E5hrfyZmjN74YDbkPSIWsAFktcCHF2eGrwK/2NTewKHdsE6FSzc1pAYDgnxT" - + "aNnhxw/Nfb1XmwH0C3soolJuoTRKyMJxvMDVuCSB2WyoyEjq+BNQzUTkYYR6" - + "Hijzd9ljvX84XUlicSucbTHHVDCCAjkGCSqGSIb3DQEHAaCCAioEggImMIIC" - + "IjCCAh4GCyqGSIb3DQEMCgECoIIBqzCCAacwQQYJKoZIhvcNAQUNMDQwGwYJ" - + "KoZIhvcNAQUMMA4ECCDJh37hrS+SAgIIADAVBgkqhkiG9n0HQgoECOXn7rhs" - + "5ectBIIBYLiRI2Yb955K6WAeTBXOnb58hJxgsir3zsGCoIRWlGNhr5Ur0ebX" - + "AnXyD5ER8HTaArSO2EtZlVI8Ff6OIcYg5sKliYJEgbI7TPKcaImD92Um4Qim" - + "/8h4xkM3K4VQmT0H8zFM3Mm/86mnON+2UjVcFBrCxek9m06gMlkIrxbiSh8X" - + "YAYfHGTKTTX4HtvkZsQTKkcxSVzavyfVZFw1QtRXShvvJDY6TUGplyycWvu/" - + "+braWfuH1u2AGh30g1+SOx7vnJM78a0rZIwd3TP9rKczzqexDF/GwuGuZF+1" - + "bMe8xxC1ZdMZ1Mnh27TNoGMuU5VVsqhs5NP0XehuuV8rHdzDDxdx/2buiA4+" - + "8SrzW5LQAs6Z+U3pna3UsuH24tIPMm3OfDH7WSBU6+nvXub7d5XxA31OYHEk" - + "nAsuo6p6iuosnedTObA9bX+mTU4nR3oaa87ZDIPxbQVTHKberFlYhDzmmwAx" - + "YDAjBgkqhkiG9w0BCRUxFgQUqbkaAWfNi1gshNpl5k+RppNcb/gwOQYJKoZI" - + "hvcNAQkUMSweKgB0AGUAcwB0AEAAYgBvAHUAbgBjAHkAYwBhAHMAdABsAGUA" - + "LgBvAHIAZzAxMCEwCQYFKw4DAhoFAAQUc8hyg5aq/58lH3whwo66zJkWY28E" - + "CKHZUIQsQX9hAgIIAA=="); - - private byte[] gostPfx = Base64.decode( - "MIIHEgIBAzCCBssGCSqGSIb3DQEHAaCCBrwEgga4MIIGtDCCBYEGCSqGSIb3" - + "DQEHBqCCBXIwggVuAgEAMIIFZwYJKoZIhvcNAQcBMFUGCSqGSIb3DQEFDTBI" - + "MCcGCSqGSIb3DQEFDDAaBAi114+lRrpkXAICCAAwCgYGKoUDAgIKBQAwHQYG" - + "KoUDAgIVMBMECLEIQPMsz/ZZBgcqhQMCAh8BgIIFAbu13yJiW/BnSKYKbtv9" - + "tDJoTv6l9BVpCCI4tvpzJnMeLBJyVZU4JevcJNii+R1LilVuuB+xc8e7/P4G" - + "6TILWmnnispr9KPRAbYRfoCJOa59+TYJMur58wwDuYgMapQAFzsvpzyUWi62" - + "o3uQbbLKO9hQCeJW2L+K9cbg8k33MjXMLpnblKpqmZbHTmBJDFR3xGw7IEjD" - + "UNqruu7DlHY6jctiVJSii9UNEVetSo9AAzfROxRjROg38VsWxLyO9wEMBv/8" - + "H8ur+zOtmQPGqirNXmN+pa08OvZin9kh7CgswW03xIbfsdGGGLRAWtvCnEwJ" - + "mS2tEfH1SZcuVLpMomhq3FU/jsc12k+vq/jw4I2cmfDL41ieK72bwNj8xUXu" - + "JHeoFSPGX4z+nsJUrFbFG4VBuDs2Y0SCWLyYZvdjvJwYjfqtyi/RoFSZjGHF" - + "crstf9YNQ0vW0efCJ7pUBH44OrbnCx5ng2U5jFm1b3HBIKA2RX+Tlhv14MgT" - + "KSftPZ67eSmgdsyPuQAdMu6fEdBMpVKMNZNRV565690sqi+1jOmH94TUX8XU" - + "2pRQj6eGGLq6lgGnnDabcePUEPXW8zW2KYrDKYJ/1QZmVGldvlqnjZMNhIO+" - + "Afsqax/P8RBjMduGqdilGdRzbN8PdhVaN0Ys+WzFxiS9gtaA2yPzcQuedWDN" - + "T7sIrfIapgFYmmHRQ7ht4AKj+lmOyNadONYw+ww+8RzHB1d2Kk+iXeZCtvH0" - + "XFWJZtuoGKSt/gkI0E2vpDfMbLaczaRC7ityO0iJs25ozP4JhZRBVvOmpxc9" - + "YuIetbTnTf1TLJKXDgt1IwPZeugbofSeiNv117lx8VgtvMYFD4W+WQlB8HnO" - + "C8NOYjkMPElc6PCMB9gGm0cIu1fKLvY8ycLav93JJjdDuC0kgKLb2+8mC5+2" - + "DdMkcfgW6hy4c98xnJs8enCww3A4xkRbMU13zMq70liqmKHV2SSurg5hwUHM" - + "ZthT8p988ZBrnqW24lXfMBqTK4YtIBMeMnvKocYBXr96ig3GfahI1Aj2Bw2e" - + "bpZTVeayYUd+2xX8JJMdqna6Q61AL8/eUhJUETz5+fgQJtPjcKmdJfVHO6nB" - + "vOk1t/rjK17eiXLxHCyvfP+Tw8lSFOhcvr4eIeG8WfsWNRu2eKKosOU7uash" - + "QpnvQieqDeijuRxf+tbbJ5D86inwbJqdxra7wNuZXmiaB9gFDzNbNjhtL+6i" - + "gUyX/iQHKi9bNK+PH6pdH/gkwnG/juhdgqoNY6GRty/LUOPgXD+r5e/ST16R" - + "vnlwrlKp5FzRWBEkem+dhelj3rb+cxKEyvPe3TvIUFcmIlV1VCRQ1fBHtX18" - + "eC3a3GprH8c40z3S/kdyk7GlFQ27DRLka+iDN05b+MP5jlgvfqYBKxwLfeNu" - + "MpxWoCUvYWiQdMih86/l0H+0o5UB8SqRbpuvr6fY910JCk0hDaO1pgB3HlRz" - + "k1vb46pg25heXQm3JmO+ghxjOGliYBWjl8p7AfRS9cjS8ca+X02Mv9Viv7Ce" - + "3+Gz0MVwfK98viJ3CFxkaEBlM2LM0IeUQbkHG+YwYaTSfl4GYyrug4F0ZdrA" - + "KeY9/kIxa/OJxjcIMs2H+2mSpxmrb7ylmHZ2RB8ITiduRVtO091hn/J7N+eT" - + "h6BvLBKIFU+UFUdgjxoDNDk7ao++Mu9T3dQfceFBOYzW9vMQgX30yaPLSdan" - + "ZMAP0VtiNjCCASsGCSqGSIb3DQEHAaCCARwEggEYMIIBFDCCARAGCyqGSIb3" - + "DQEMCgECoIGyMIGvMFUGCSqGSIb3DQEFDTBIMCcGCSqGSIb3DQEFDDAaBAiQ" - + "Owewo16xzQICCAAwCgYGKoUDAgIKBQAwHQYGKoUDAgIVMBMECHSCNJJcQ2VI" - + "BgcqhQMCAh8BBFYCyRRpFtZgnsxeK7ZHT+aOyoVmzhtnLrqoBHgV4nJJW2/e" - + "UcJjc2Rlbzfd+3L/GWcRGF8Bgn+MjiaAqE64Rzaao9t2hc3myw1WrCfPnoEx" - + "VI7OPBM5FzFMMCMGCSqGSIb3DQEJFTEWBBTV7LvI27QWRmHD45X2WKXYs3ct" - + "AzAlBgkqhkiG9w0BCRQxGB4WAGMAcABfAGUAeABwAG8AcgB0AGUAZDA+MC4w" - + "CgYGKoUDAgIJBQAEIJbGZorQsNM63+xozwEI561cTFVCbyHAEEpkvF3eijT8" - + "BAgY5sDtkrVeBQICCAA="); - - private byte[] gostPfxFoo123 = Base64.decode( - "MIID6gIBAzCCA6MGCSqGSIb3DQEHAaCCA5QEggOQMIIDjDCCApQGCSqGSIb3" - + "DQEHBqCCAoUwggKBAgEAMIICegYJKoZIhvcNAQcBMFUGCSqGSIb3DQEFDTBI" - + "MCcGCSqGSIb3DQEFDDAaBAhIVrbUVNoQ2wICCAAwCgYGKoUDAgIKBQAwHQYG" - + "KoUDAgIVMBMECBLmAh+XCCYhBgcqhQMCAh8BgIICFP9hQLgDq5SORy2npOdo" - + "1bvoGl9Qdga1kV9s2c1/Y1kTGpuiYKfm5Il+PurzYdE5t/Wi2+SxoePm/AKA" - + "x1Ep5btK/002wnyRbUKdjgF1r7fMXRrd5Ioy8lYxB1v6qhHmzE5fz7FxY+iV" - + "Z70dSRS0JkTasI8MRsFLkJJfDb9twgoch8lYGFfYirHLcVy4xxA3JO9VSHm2" - + "8nuSWSnsmGN0ufPX14UpV2RFe3Rt0gZ0Jc8u2h2Mo0sIoVU6HVwdXzoe6LN7" - + "1NPZdRuhVtjxEvjDAvNJ8WHXQnBQMai2nVAj87uNr6OHLRs+foEccEY9WpPQ" - + "GPt4XbPt4MtmVctT2+Gsvf6Ws2UCx6hD4k8i28a6xS8lhTVam2g/2Z5cxtUV" - + "HxYt7j13HjuQVsuSNdgtrUnw3l43LnBxRZhlFz0r2zrvTB04ynenS+lGdVuG" - + "0TauIH+rdP1ubujw6lFdG9RNgUxWvS5IdwbFGX73a+ZrWiYJeERX11N/6r3g" - + "0EqVFNH9t/ROsdAtCCe2FycQoOSb+VxPU6I+SHjwe7Oa7R8Xxazh/eWTsV59" - + "QzPuLriUMbyYdQIf4xdclgcJoxFElopgl4orRfzH3XQsVbtTxN33lwjkE0j/" - + "686VtcO+b+dU7+BEB7O5yDcx1tupgre0ha/0KOlYfPvmbogGdDf0r6MOwrS7" - + "QFXxKlHfp8vn4mNwoy7pjrzjmjclkbkwgfEGCSqGSIb3DQEHAaCB4wSB4DCB" - + "3TCB2gYLKoZIhvcNAQwKAQKggaMwgaAwVQYJKoZIhvcNAQUNMEgwJwYJKoZI" - + "hvcNAQUMMBoECLD6Ld7TqurqAgIIADAKBgYqhQMCAgoFADAdBgYqhQMCAhUw" - + "EwQIoYXV7LETOEAGByqFAwICHwEERyBQK9LuYnOO0ELrge+a6JFeAVwPL85V" - + "ip2Kj/GfD3nzZR4tPzCwAt79RriKQklNqa3uCc9o0C9Zk5Qcj36SqiXxD1tz" - + "Ea63MSUwIwYJKoZIhvcNAQkVMRYEFKjg5gKM+i+vFhSwaga8YGaZ5thVMD4w" - + "LjAKBgYqhQMCAgkFAAQgIwD0CRCwva2Bjdlv5g970H2bCB1aafBNr/hxJLZE" - + "Ey4ECAW3VYXJzJpYAgIIAA=="); - - /** - * we generate the CA's certificate - */ - public static X509Certificate createMasterCert( - PublicKey pubKey, - PrivateKey privKey) - throws Exception - { - // - // signers name - // - String issuer = "C=AU, O=The Legion of the Bouncy Castle, OU=Bouncy Primary Certificate"; - - // - // subjects name - the same as we are self signed. - // - String subject = "C=AU, O=The Legion of the Bouncy Castle, OU=Bouncy Primary Certificate"; - - // - // create the certificate - version 1 - // - X509v1CertificateBuilder v1CertBuilder = new JcaX509v1CertificateBuilder( - new X500Name(issuer), - BigInteger.valueOf(1), - new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30), - new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)), - new X500Name(subject), - pubKey); - - X509CertificateHolder cert = v1CertBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(privKey)); - - return new JcaX509CertificateConverter().setProvider(BC).getCertificate(cert); - } - - /** - * we generate an intermediate certificate signed by our CA - */ - public static X509Certificate createIntermediateCert( - PublicKey pubKey, - PrivateKey caPrivKey, - X509Certificate caCert) - throws Exception - { - // - // subject name builder. - // - X500NameBuilder subjectBuilder = new X500NameBuilder(BCStyle.INSTANCE); - - subjectBuilder.addRDN(BCStyle.C, "AU"); - subjectBuilder.addRDN(BCStyle.O, "The Legion of the Bouncy Castle"); - subjectBuilder.addRDN(BCStyle.OU, "Bouncy Intermediate Certificate"); - subjectBuilder.addRDN(BCStyle.EmailAddress, "feedback-crypto@bouncycastle.org"); - - // - // create the certificate - version 3 - // - X509v3CertificateBuilder v3CertBuilder = new JcaX509v3CertificateBuilder( - JcaX500NameUtil.getIssuer(caCert), - BigInteger.valueOf(2), - new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30), - new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)), - subjectBuilder.build(), - pubKey); - - - // - // extensions - // - JcaX509ExtensionUtils utils = new JcaX509ExtensionUtils(); - - v3CertBuilder.addExtension( - Extension.subjectKeyIdentifier, - false, - utils.createSubjectKeyIdentifier(pubKey)); - - v3CertBuilder.addExtension( - Extension.authorityKeyIdentifier, - false, - utils.createAuthorityKeyIdentifier(caCert)); - - v3CertBuilder.addExtension( - Extension.basicConstraints, - true, - new BasicConstraints(0)); - - X509CertificateHolder cert = v3CertBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(caPrivKey)); - - return new JcaX509CertificateConverter().setProvider(BC).getCertificate(cert); - } - - /** - * we generate a certificate signed by our CA's intermediate certficate - */ - public static X509Certificate createCert( - PublicKey pubKey, - PrivateKey caPrivKey, - PublicKey caPubKey) - throws Exception - { - // - // signer name builder. - // - X500NameBuilder issuerBuilder = new X500NameBuilder(BCStyle.INSTANCE); - - issuerBuilder.addRDN(BCStyle.C, "AU"); - issuerBuilder.addRDN(BCStyle.O, "The Legion of the Bouncy Castle"); - issuerBuilder.addRDN(BCStyle.OU, "Bouncy Intermediate Certificate"); - issuerBuilder.addRDN(BCStyle.EmailAddress, "feedback-crypto@bouncycastle.org"); - - // - // subject name builder - // - X500NameBuilder subjectBuilder = new X500NameBuilder(BCStyle.INSTANCE); - - subjectBuilder.addRDN(BCStyle.C, "AU"); - subjectBuilder.addRDN(BCStyle.O, "The Legion of the Bouncy Castle"); - subjectBuilder.addRDN(BCStyle.L, "Melbourne"); - subjectBuilder.addRDN(BCStyle.CN, "Eric H. Echidna"); - subjectBuilder.addRDN(BCStyle.EmailAddress, "feedback-crypto@bouncycastle.org"); - - // - // create the certificate - version 3 - // - // - // create the certificate - version 3 - // - X509v3CertificateBuilder v3CertBuilder = new JcaX509v3CertificateBuilder( - issuerBuilder.build(), - BigInteger.valueOf(3), - new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30), - new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)), - subjectBuilder.build(), - pubKey); - - - // - // add the extensions - // - JcaX509ExtensionUtils utils = new JcaX509ExtensionUtils(); - - v3CertBuilder.addExtension( - Extension.subjectKeyIdentifier, - false, - utils.createSubjectKeyIdentifier(pubKey)); - - v3CertBuilder.addExtension( - Extension.authorityKeyIdentifier, - false, - utils.createAuthorityKeyIdentifier(caPubKey)); - - X509CertificateHolder cert = v3CertBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(caPrivKey)); - - return new JcaX509CertificateConverter().setProvider(BC).getCertificate(cert); - } - - public void setUp() - { - Security.addProvider(new BouncyCastleProvider()); - } - - public void testPfxPdu() - throws Exception - { - // - // set up the keys - // - KeyFactory fact = KeyFactory.getInstance("RSA", BC); - PrivateKey privKey = fact.generatePrivate(privKeySpec); - PublicKey pubKey = fact.generatePublic(pubKeySpec); - - X509Certificate[] chain = createCertChain(fact, pubKey); - - PKCS12PfxPdu pfx = createPfx(privKey, pubKey, chain); - - // - // now try reading our object - // - KeyStore store = KeyStore.getInstance("PKCS12", "BC"); - - store.load(new ByteArrayInputStream(pfx.toASN1Structure().getEncoded()), passwd); - - PrivateKey recPrivKey = (PrivateKey)store.getKey("Eric's Key", passwd); - - if (!privKey.equals(recPrivKey)) - { - fail("private key extraction failed"); - } - - Certificate[] certChain = store.getCertificateChain("Eric's Key"); - - for (int i = 0; i != certChain.length; i++) - { - if (!certChain[i].equals(chain[i])) - { - fail("certificate recovery failed"); - } - } - } - - public void testPfxPduMac() - throws Exception - { - // - // set up the keys - // - KeyFactory fact = KeyFactory.getInstance("RSA", BC); - PrivateKey privKey = fact.generatePrivate(privKeySpec); - PublicKey pubKey = fact.generatePublic(pubKeySpec); - - X509Certificate[] chain = createCertChain(fact, pubKey); - - PKCS12PfxPdu pfx = createPfx(privKey, pubKey, chain); - - assertTrue(pfx.hasMac()); - assertTrue(pfx.isMacValid(new BcPKCS12MacCalculatorBuilderProvider(BcDefaultDigestProvider.INSTANCE), passwd)); - assertFalse(pfx.isMacValid(new BcPKCS12MacCalculatorBuilderProvider(BcDefaultDigestProvider.INSTANCE), "not right".toCharArray())); - } - - public void testBcEncryptedPrivateKeyInfo() - throws Exception - { - KeyFactory fact = KeyFactory.getInstance("RSA", BC); - PrivateKey privKey = fact.generatePrivate(privKeySpec); - - PKCS8EncryptedPrivateKeyInfoBuilder builder = new JcaPKCS8EncryptedPrivateKeyInfoBuilder(privKey); - - PKCS8EncryptedPrivateKeyInfo priv = builder.build(new BcPKCS12PBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, new CBCBlockCipher(new DESedeEngine())).build(passwd)); - - PrivateKeyInfo info = priv.decryptPrivateKeyInfo(new BcPKCS12PBEInputDecryptorProviderBuilder().build(passwd)); - - assertTrue(Arrays.areEqual(info.getEncoded(), privKey.getEncoded())); - } - - public void testEncryptedPrivateKeyInfo() - throws Exception - { - KeyFactory fact = KeyFactory.getInstance("RSA", BC); - PrivateKey privKey = fact.generatePrivate(privKeySpec); - - PKCS8EncryptedPrivateKeyInfoBuilder builder = new JcaPKCS8EncryptedPrivateKeyInfoBuilder(privKey); - - PKCS8EncryptedPrivateKeyInfo priv = builder.build(new JcePKCSPBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC).build(passwd)); - - PrivateKeyInfo info = priv.decryptPrivateKeyInfo(new JcePKCSPBEInputDecryptorProviderBuilder().build(passwd)); - - assertTrue(Arrays.areEqual(info.getEncoded(), privKey.getEncoded())); - } - - public void testEncryptedPrivateKeyInfoPKCS5() - throws Exception - { - KeyFactory fact = KeyFactory.getInstance("RSA", BC); - PrivateKey privKey = fact.generatePrivate(privKeySpec); - - PKCS8EncryptedPrivateKeyInfoBuilder builder = new JcaPKCS8EncryptedPrivateKeyInfoBuilder(privKey); - - PKCS8EncryptedPrivateKeyInfo priv = builder.build(new JcePKCSPBEOutputEncryptorBuilder(NISTObjectIdentifiers.id_aes256_CBC).build(passwd)); - - PrivateKeyInfo info = priv.decryptPrivateKeyInfo(new JcePKCSPBEInputDecryptorProviderBuilder().build(passwd)); - - assertTrue(Arrays.areEqual(info.getEncoded(), privKey.getEncoded())); - } - - public void testKeyBag() - throws Exception - { - OutputEncryptor encOut = new BcPKCS12PBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, new CBCBlockCipher(new DESedeEngine())).build(passwd); - InputDecryptorProvider inputDecryptorProvider = new BcPKCS12PBEInputDecryptorProviderBuilder().build(passwd); - KeyFactory fact = KeyFactory.getInstance("RSA", BC); - PrivateKey privKey = fact.generatePrivate(privKeySpec); - PKCS12SafeBagBuilder keyBagBuilder = new JcaPKCS12SafeBagBuilder(privKey); - - keyBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString("Eric's Key")); - - PKCS12PfxPduBuilder builder = new PKCS12PfxPduBuilder(); - - builder.addEncryptedData(encOut, keyBagBuilder.build()); - - PKCS12PfxPdu pfx = builder.build(new BcPKCS12MacCalculatorBuilder(), passwd); - assertTrue(pfx.hasMac()); - assertTrue(pfx.isMacValid(new BcPKCS12MacCalculatorBuilderProvider(BcDefaultDigestProvider.INSTANCE), passwd)); - - ContentInfo[] infos = pfx.getContentInfos(); - - for (int i = 0; i != infos.length; i++) - { - if (infos[i].getContentType().equals(PKCSObjectIdentifiers.encryptedData)) - { - PKCS12SafeBagFactory dataFact = new PKCS12SafeBagFactory(infos[i], inputDecryptorProvider); - - PKCS12SafeBag[] bags = dataFact.getSafeBags(); - - assertEquals(1, bags.length); - assertEquals(PKCSObjectIdentifiers.keyBag, bags[0].getType()); - - assertTrue(Arrays.areEqual(privKey.getEncoded(), ((PrivateKeyInfo)bags[0].getBagValue()).getEncoded())); - - Attribute[] attributes = bags[0].getAttributes(); - - assertEquals(1, attributes.length); - - assertEquals(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, attributes[0].getAttrType()); - - ASN1Encodable[] attrValues = attributes[0].getAttributeValues(); - - assertEquals(1, attrValues.length); - assertEquals(new DERBMPString("Eric's Key"), attrValues[0]); - } - else - { - fail("unknown bag encountered"); - } - } - } - - public void testSafeBagRecovery() - throws Exception - { - InputDecryptorProvider inputDecryptorProvider = new BcPKCS12PBEInputDecryptorProviderBuilder().build(passwd); - KeyFactory fact = KeyFactory.getInstance("RSA", BC); - PrivateKey privKey = fact.generatePrivate(privKeySpec); - PublicKey pubKey = fact.generatePublic(pubKeySpec); - - X509Certificate[] chain = createCertChain(fact, pubKey); - - PKCS12PfxPdu pfx = createPfx(privKey, pubKey, chain); - - ContentInfo[] infos = pfx.getContentInfos(); - - for (int i = 0; i != infos.length; i++) - { - if (infos[i].getContentType().equals(PKCSObjectIdentifiers.encryptedData)) - { - PKCS12SafeBagFactory dataFact = new PKCS12SafeBagFactory(infos[i], inputDecryptorProvider); - - PKCS12SafeBag[] bags = dataFact.getSafeBags(); - - assertEquals(3, bags.length); - assertEquals(PKCSObjectIdentifiers.certBag, bags[0].getType()); - - for (int j = 0; j != bags.length; j++) - { - assertTrue(Arrays.areEqual(chain[j].getEncoded(), ((X509CertificateHolder)bags[j].getBagValue()).getEncoded())); - } - } - else - { - PKCS12SafeBagFactory dataFact = new PKCS12SafeBagFactory(infos[i]); - - PKCS12SafeBag[] bags = dataFact.getSafeBags(); - - assertEquals(1, bags.length); - assertEquals(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag, bags[0].getType()); - - PKCS8EncryptedPrivateKeyInfo encInfo = (PKCS8EncryptedPrivateKeyInfo)bags[0].getBagValue(); - PrivateKeyInfo info = encInfo.decryptPrivateKeyInfo(inputDecryptorProvider); - - assertTrue(Arrays.areEqual(info.getEncoded(), privKey.getEncoded())); - } - } - } - - public void testExceptions() - throws Exception - { - PKCS12SafeBagFactory dataFact; - - try - { - dataFact = new PKCS12SafeBagFactory(new ContentInfo(PKCSObjectIdentifiers.data, new DERSequence()), null); - } - catch (IllegalArgumentException e) - { - - } - - try - { - dataFact = new PKCS12SafeBagFactory(new ContentInfo(PKCSObjectIdentifiers.encryptedData, new DERSequence())); - } - catch (IllegalArgumentException e) - { - - } - } - - public void testBasicPKCS12() - throws Exception - { - InputDecryptorProvider inputDecryptorProvider = new JcePKCSPBEInputDecryptorProviderBuilder() - .setProvider("BC").build(pkcs12Pass.toCharArray()); - PKCS12PfxPdu pfx = new PKCS12PfxPdu(pkcs12); - - ContentInfo[] infos = pfx.getContentInfos(); - - for (int i = 0; i != infos.length; i++) - { - if (infos[i].getContentType().equals(PKCSObjectIdentifiers.encryptedData)) - { - PKCS12SafeBagFactory dataFact = new PKCS12SafeBagFactory(infos[i], inputDecryptorProvider); - - PKCS12SafeBag[] bags = dataFact.getSafeBags(); - - // TODO: finish! -// assertEquals(3, bags.length); -// assertEquals(PKCSObjectIdentifiers.certBag, bags[0].getType()); - } - else - { - PKCS12SafeBagFactory dataFact = new PKCS12SafeBagFactory(infos[i]); - - PKCS12SafeBag[] bags = dataFact.getSafeBags(); - - assertEquals(1, bags.length); - assertEquals(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag, bags[0].getType()); - - PKCS8EncryptedPrivateKeyInfo encInfo = (PKCS8EncryptedPrivateKeyInfo)bags[0].getBagValue(); - PrivateKeyInfo info = encInfo.decryptPrivateKeyInfo(inputDecryptorProvider); - } - } - } - - public void testSHA256withPKCS5() - throws Exception - { - InputDecryptorProvider inputDecryptorProvider = new JcePKCSPBEInputDecryptorProviderBuilder() - .setProvider("BC").build(sha256Pass.toCharArray()); - PKCS12PfxPdu pfx = new PKCS12PfxPdu(sha256Pfx); - - ContentInfo[] infos = pfx.getContentInfos(); - - for (int i = 0; i != infos.length; i++) - { - if (infos[i].getContentType().equals(PKCSObjectIdentifiers.encryptedData)) - { - PKCS12SafeBagFactory dataFact = new PKCS12SafeBagFactory(infos[i], inputDecryptorProvider); - - PKCS12SafeBag[] bags = dataFact.getSafeBags(); - - // TODO: finish! -// assertEquals(3, bags.length); -// assertEquals(PKCSObjectIdentifiers.certBag, bags[0].getType()); - } - else - { - PKCS12SafeBagFactory dataFact = new PKCS12SafeBagFactory(infos[i]); - - PKCS12SafeBag[] bags = dataFact.getSafeBags(); - - assertEquals(1, bags.length); - assertEquals(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag, bags[0].getType()); - - PKCS8EncryptedPrivateKeyInfo encInfo = (PKCS8EncryptedPrivateKeyInfo)bags[0].getBagValue(); - PrivateKeyInfo info = encInfo.decryptPrivateKeyInfo(inputDecryptorProvider); - } - } - } - - public void testCreateAES256andSHA256() - throws Exception - { - OutputEncryptor encOut = new JcePKCSPBEOutputEncryptorBuilder(NISTObjectIdentifiers.id_aes256_CBC).setProvider("BC").build(passwd); - - KeyFactory fact = KeyFactory.getInstance("RSA", BC); - PrivateKey privKey = fact.generatePrivate(privKeySpec); - PublicKey pubKey = fact.generatePublic(pubKeySpec); - - X509Certificate[] chain = createCertChain(fact, pubKey); - - PKCS12SafeBagBuilder taCertBagBuilder = new JcaPKCS12SafeBagBuilder(chain[2]); - - taCertBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString("Bouncy Primary Certificate")); - - PKCS12SafeBagBuilder caCertBagBuilder = new JcaPKCS12SafeBagBuilder(chain[1]); - - caCertBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString("Bouncy Intermediate Certificate")); - - JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils(); - PKCS12SafeBagBuilder eeCertBagBuilder = new JcaPKCS12SafeBagBuilder(chain[0]); - - eeCertBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString("Eric's Key")); - SubjectKeyIdentifier pubKeyId = extUtils.createSubjectKeyIdentifier(chain[0].getPublicKey()); - eeCertBagBuilder.addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, pubKeyId); - - PKCS12SafeBagBuilder keyBagBuilder = new JcaPKCS12SafeBagBuilder(privKey, encOut); - - keyBagBuilder.addBagAttribute(PKCS12SafeBag.friendlyNameAttribute, new DERBMPString("Eric's Key")); - keyBagBuilder.addBagAttribute(PKCS12SafeBag.localKeyIdAttribute, pubKeyId); - - PKCS12PfxPduBuilder builder = new PKCS12PfxPduBuilder(); - - builder.addData(keyBagBuilder.build()); - - builder.addEncryptedData(new JcePKCSPBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC2_CBC).setProvider("BC").build(passwd), new PKCS12SafeBag[] { eeCertBagBuilder.build(), caCertBagBuilder.build(), taCertBagBuilder.build() }); - - PKCS12PfxPdu pfx = builder.build(new JcePKCS12MacCalculatorBuilder(NISTObjectIdentifiers.id_sha256), passwd); - - assertTrue(pfx.hasMac()); - assertTrue(pfx.isMacValid(new JcePKCS12MacCalculatorBuilderProvider().setProvider("BC"), passwd)); - - InputDecryptorProvider inputDecryptorProvider = new JcePKCSPBEInputDecryptorProviderBuilder() - .setProvider("BC").build(passwd); - - pfx = new PKCS12PfxPdu(pfx.toASN1Structure().getEncoded()); - - ContentInfo[] infos = pfx.getContentInfos(); - boolean encDataFound = false; - boolean pkcs8Found = false; - - for (int i = 0; i != infos.length; i++) - { - if (infos[i].getContentType().equals(PKCSObjectIdentifiers.encryptedData)) - { - encDataFound = true; - PKCS12SafeBagFactory dataFact = new PKCS12SafeBagFactory(infos[i], inputDecryptorProvider); - - PKCS12SafeBag[] bags = dataFact.getSafeBags(); - - assertEquals(3, bags.length); - assertEquals(PKCSObjectIdentifiers.certBag, bags[0].getType()); - } - else - { - pkcs8Found = true; - PKCS12SafeBagFactory dataFact = new PKCS12SafeBagFactory(infos[i]); - - PKCS12SafeBag[] bags = dataFact.getSafeBags(); - - assertEquals(1, bags.length); - assertEquals(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag, bags[0].getType()); - - PKCS8EncryptedPrivateKeyInfo encInfo = (PKCS8EncryptedPrivateKeyInfo)bags[0].getBagValue(); - PrivateKeyInfo info = encInfo.decryptPrivateKeyInfo(inputDecryptorProvider); - } - } - - assertTrue(encDataFound); - assertTrue(pkcs8Found); - - KeyStore ks = KeyStore.getInstance("PKCS12", "BC"); - - ks.load(new ByteArrayInputStream(pfx.getEncoded(ASN1Encoding.DL)), passwd); - - assertTrue(ks.containsAlias("Eric's Key")); - } - - public void testPKCS5() - throws Exception - { - doPKCS5Test(pkcs5Aes128Pfx); - doPKCS5Test(pkcs5Aes192Pfx); - doPKCS5Test(pkcs5Camellia128Pfx); - doPKCS5Test(pkcs5Camellia256Pfx); - doPKCS5Test(pkcs5Cast5Pfx); - } - - private void doPKCS5Test(byte[] keyStore) - throws Exception - { - InputDecryptorProvider inputDecryptorProvider = new JcePKCSPBEInputDecryptorProviderBuilder() - .setProvider("BC").build(pkcs5Pass.toCharArray()); - PKCS12PfxPdu pfx = new PKCS12PfxPdu(keyStore); - - ContentInfo[] infos = pfx.getContentInfos(); - - for (int i = 0; i != infos.length; i++) - { - if (infos[i].getContentType().equals(PKCSObjectIdentifiers.encryptedData)) - { - PKCS12SafeBagFactory dataFact = new PKCS12SafeBagFactory(infos[i], inputDecryptorProvider); - - PKCS12SafeBag[] bags = dataFact.getSafeBags(); - - // TODO: finish! -// assertEquals(3, bags.length); -// assertEquals(PKCSObjectIdentifiers.certBag, bags[0].getType()); - } - else - { - PKCS12SafeBagFactory dataFact = new PKCS12SafeBagFactory(infos[i]); - - PKCS12SafeBag[] bags = dataFact.getSafeBags(); - - assertEquals(1, bags.length); - assertEquals(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag, bags[0].getType()); - - PKCS8EncryptedPrivateKeyInfo encInfo = (PKCS8EncryptedPrivateKeyInfo)bags[0].getBagValue(); - PrivateKeyInfo info = encInfo.decryptPrivateKeyInfo(inputDecryptorProvider); - } - } - } - - public void testGOST1() - throws Exception - { - char[] password = "1".toCharArray(); - - InputDecryptorProvider inputDecryptorProvider = new JcePKCSPBEInputDecryptorProviderBuilder() - .setProvider("BC").build(password); - PKCS12PfxPdu pfx = new PKCS12PfxPdu(gostPfx); - - assertTrue(pfx.hasMac()); - assertTrue(pfx.isMacValid(new JcePKCS12MacCalculatorBuilderProvider().setProvider("BC"), password)); - - ContentInfo[] infos = pfx.getContentInfos(); - - for (int i = 0; i != infos.length; i++) - { - if (infos[i].getContentType().equals(PKCSObjectIdentifiers.encryptedData)) - { - PKCS12SafeBagFactory dataFact = new PKCS12SafeBagFactory(infos[i], inputDecryptorProvider); - - PKCS12SafeBag[] bags = dataFact.getSafeBags(); - - // TODO: finish! -// assertEquals(3, bags.length); -// assertEquals(PKCSObjectIdentifiers.certBag, bags[0].getType()); - } - else - { - PKCS12SafeBagFactory dataFact = new PKCS12SafeBagFactory(infos[i]); - - PKCS12SafeBag[] bags = dataFact.getSafeBags(); - - assertEquals(1, bags.length); - assertEquals(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag, bags[0].getType()); - - PKCS8EncryptedPrivateKeyInfo encInfo = (PKCS8EncryptedPrivateKeyInfo)bags[0].getBagValue(); - PrivateKeyInfo info = encInfo.decryptPrivateKeyInfo(inputDecryptorProvider); - assertEquals(CryptoProObjectIdentifiers.gostR3410_2001, info.getPrivateKeyAlgorithm().getAlgorithm()); - } - } - } - - public void testGOST2() - throws Exception - { - char[] password = "foo123".toCharArray(); - - InputDecryptorProvider inputDecryptorProvider = new JcePKCSPBEInputDecryptorProviderBuilder() - .setProvider("BC").build(password); - PKCS12PfxPdu pfx = new PKCS12PfxPdu(gostPfxFoo123); - - assertTrue(pfx.hasMac()); - assertTrue(pfx.isMacValid(new JcePKCS12MacCalculatorBuilderProvider().setProvider("BC"), password)); - - ContentInfo[] infos = pfx.getContentInfos(); - - for (int i = 0; i != infos.length; i++) - { - if (infos[i].getContentType().equals(PKCSObjectIdentifiers.encryptedData)) - { - PKCS12SafeBagFactory dataFact = new PKCS12SafeBagFactory(infos[i], inputDecryptorProvider); - - PKCS12SafeBag[] bags = dataFact.getSafeBags(); - - // TODO: finish! -// assertEquals(3, bags.length); -// assertEquals(PKCSObjectIdentifiers.certBag, bags[0].getType()); - } - else - { - PKCS12SafeBagFactory dataFact = new PKCS12SafeBagFactory(infos[i]); - - PKCS12SafeBag[] bags = dataFact.getSafeBags(); - - assertEquals(1, bags.length); - assertEquals(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag, bags[0].getType()); - - PKCS8EncryptedPrivateKeyInfo encInfo = (PKCS8EncryptedPrivateKeyInfo)bags[0].getBagValue(); - PrivateKeyInfo info = encInfo.decryptPrivateKeyInfo(inputDecryptorProvider); - assertEquals(CryptoProObjectIdentifiers.gostR3410_2001, info.getPrivateKeyAlgorithm().getAlgorithm()); - } - } - } - - private X509Certificate[] createCertChain(KeyFactory fact, PublicKey pubKey) - throws Exception - { - PrivateKey caPrivKey = fact.generatePrivate(caPrivKeySpec); - PublicKey caPubKey = fact.generatePublic(caPubKeySpec); - PrivateKey intPrivKey = fact.generatePrivate(intPrivKeySpec); - PublicKey intPubKey = fact.generatePublic(intPubKeySpec); - - X509Certificate[] chain = new X509Certificate[3]; - - chain[2] = createMasterCert(caPubKey, caPrivKey); - chain[1] = createIntermediateCert(intPubKey, caPrivKey, chain[2]); - chain[0] = createCert(pubKey, intPrivKey, intPubKey); - return chain; - } - - private PKCS12PfxPdu createPfx(PrivateKey privKey, PublicKey pubKey, X509Certificate[] chain) - throws NoSuchAlgorithmException, IOException, PKCSException - { - JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils(); - - PKCS12SafeBagBuilder taCertBagBuilder = new JcaPKCS12SafeBagBuilder(chain[2]); - - taCertBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString("Bouncy Primary Certificate")); - - PKCS12SafeBagBuilder caCertBagBuilder = new JcaPKCS12SafeBagBuilder(chain[1]); - - caCertBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString("Bouncy Intermediate Certificate")); - - PKCS12SafeBagBuilder eeCertBagBuilder = new JcaPKCS12SafeBagBuilder(chain[0]); - - eeCertBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString("Eric's Key")); - eeCertBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, extUtils.createSubjectKeyIdentifier(pubKey)); - - PKCS12SafeBagBuilder keyBagBuilder = new JcaPKCS12SafeBagBuilder(privKey, new BcPKCS12PBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, new CBCBlockCipher(new DESedeEngine())).build(passwd)); - - keyBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString("Eric's Key")); - keyBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, extUtils.createSubjectKeyIdentifier(pubKey)); - - // - // construct the actual key store - // - PKCS12PfxPduBuilder pfxPduBuilder = new PKCS12PfxPduBuilder(); - - PKCS12SafeBag[] certs = new PKCS12SafeBag[3]; - - certs[0] = eeCertBagBuilder.build(); - certs[1] = caCertBagBuilder.build(); - certs[2] = taCertBagBuilder.build(); - - pfxPduBuilder.addEncryptedData(new BcPKCS12PBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC2_CBC, new CBCBlockCipher(new RC2Engine())).build(passwd), certs); - - pfxPduBuilder.addData(keyBagBuilder.build()); - - return pfxPduBuilder.build(new BcPKCS12MacCalculatorBuilder(), passwd); - } -} |