diff options
Diffstat (limited to 'bcpkix/src')
10 files changed, 133 insertions, 22 deletions
diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/AttributeCertificateHolder.java b/bcpkix/src/main/java/org/bouncycastle/cert/AttributeCertificateHolder.java index 074d3fc..0fc3433 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cert/AttributeCertificateHolder.java +++ b/bcpkix/src/main/java/org/bouncycastle/cert/AttributeCertificateHolder.java @@ -53,20 +53,36 @@ public class AttributeCertificateHolder holder = Holder.getInstance(seq); } + /** + * Create a holder using the baseCertificateID element. + * + * @param issuerName name of associated certificate's issuer. + * @param serialNumber serial number of associated certificate. + */ public AttributeCertificateHolder(X500Name issuerName, BigInteger serialNumber) { holder = new Holder(new IssuerSerial( - new GeneralNames(new GeneralName(issuerName)), + generateGeneralNames(issuerName), new ASN1Integer(serialNumber))); } + /** + * Create a holder using the baseCertificateID option based on the passed in associated certificate, + * + * @param cert the certificate to be associated with this holder. + */ public AttributeCertificateHolder(X509CertificateHolder cert) { holder = new Holder(new IssuerSerial(generateGeneralNames(cert.getIssuer()), new ASN1Integer(cert.getSerialNumber()))); } + /** + * Create a holder using the entityName option based on the passed in principal. + * + * @param principal the entityName to be associated with the attribute certificate. + */ public AttributeCertificateHolder(X500Name principal) { holder = new Holder(generateGeneralNames(principal)); diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/X509AttributeCertificateHolder.java b/bcpkix/src/main/java/org/bouncycastle/cert/X509AttributeCertificateHolder.java index a34b3b3..c465c83 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cert/X509AttributeCertificateHolder.java +++ b/bcpkix/src/main/java/org/bouncycastle/cert/X509AttributeCertificateHolder.java @@ -21,11 +21,13 @@ import org.bouncycastle.asn1.x509.Extension; import org.bouncycastle.asn1.x509.Extensions; import org.bouncycastle.operator.ContentVerifier; import org.bouncycastle.operator.ContentVerifierProvider; +import org.bouncycastle.util.Encodable; /** * Holding class for an X.509 AttributeCertificate structure. */ public class X509AttributeCertificateHolder + implements Encodable { private static Attribute[] EMPTY_ARRAY = new Attribute[0]; diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/X509CRLHolder.java b/bcpkix/src/main/java/org/bouncycastle/cert/X509CRLHolder.java index b3723f3..29c48fa 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cert/X509CRLHolder.java +++ b/bcpkix/src/main/java/org/bouncycastle/cert/X509CRLHolder.java @@ -24,11 +24,13 @@ import org.bouncycastle.asn1.x509.IssuingDistributionPoint; import org.bouncycastle.asn1.x509.TBSCertList; import org.bouncycastle.operator.ContentVerifier; import org.bouncycastle.operator.ContentVerifierProvider; +import org.bouncycastle.util.Encodable; /** * Holding class for an X.509 CRL structure. */ public class X509CRLHolder + implements Encodable { private CertificateList x509CRL; private boolean isIndirect; diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/X509CertificateHolder.java b/bcpkix/src/main/java/org/bouncycastle/cert/X509CertificateHolder.java index 1081d93..dc61c78 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cert/X509CertificateHolder.java +++ b/bcpkix/src/main/java/org/bouncycastle/cert/X509CertificateHolder.java @@ -19,11 +19,13 @@ import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.asn1.x509.TBSCertificate; import org.bouncycastle.operator.ContentVerifier; import org.bouncycastle.operator.ContentVerifierProvider; +import org.bouncycastle.util.Encodable; /** * Holding class for an X.509 Certificate structure. */ public class X509CertificateHolder + implements Encodable { private Certificate x509Certificate; private Extensions extensions; @@ -214,7 +216,7 @@ public class X509CertificateHolder /** * Return the underlying ASN.1 structure for the certificate in this holder. * - * @return a X509CertificateStructure object. + * @return a Certificate object. */ public Certificate toASN1Structure() { diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java index ec4da91..5ef95ee 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java @@ -23,6 +23,7 @@ import org.bouncycastle.asn1.cms.SignerInfo; import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder; import org.bouncycastle.operator.OperatorCreationException; import org.bouncycastle.operator.SignatureAlgorithmIdentifierFinder; +import org.bouncycastle.util.Encodable; import org.bouncycastle.util.Store; /** @@ -54,6 +55,7 @@ import org.bouncycastle.util.Store; * </pre> */ public class CMSSignedData + implements Encodable { private static final CMSSignedHelper HELPER = CMSSignedHelper.INSTANCE; @@ -347,7 +349,7 @@ public class CMSSignedData // { // return verifySignatures(verifierProvider, false); // } - // + // // /** // * Verify all the SignerInformation objects and optionally their associated counter signatures attached // * to this CMS SignedData object. @@ -361,30 +363,27 @@ public class CMSSignedData // throws CMSException // { // Collection signers = this.getSignerInfos().getSigners(); - // + // // for (Iterator it = signers.iterator(); it.hasNext();) // { // SignerInformation signer = (SignerInformation)it.next(); - // + // // try // { // SignerInformationVerifier verifier = verifierProvider.get(signer.getSID()); - // + // // if (!signer.verify(verifier)) // { // return false; // } - // + // // if (!ignoreCounterSignatures) // { // Collection counterSigners = signer.getCounterSignatures().getSigners(); - // + // // for (Iterator cIt = counterSigners.iterator(); cIt.hasNext();) // { - // SignerInformation counterSigner = (SignerInformation)cIt.next(); - // SignerInformationVerifier counterVerifier = verifierProvider.get(signer.getSID()); - // - // if (!counterSigner.verify(counterVerifier)) + // if (!verifyCounterSignature((SignerInformation)cIt.next(), verifierProvider)) // { // return false; // } @@ -396,7 +395,29 @@ public class CMSSignedData // throw new CMSException("failure in verifier provider: " + e.getMessage(), e); // } // } - // + // + // return true; + // } + // + // private boolean verifyCounterSignature(SignerInformation counterSigner, SignerInformationVerifierProvider verifierProvider) + // throws OperatorCreationException, CMSException + // { + // SignerInformationVerifier counterVerifier = verifierProvider.get(counterSigner.getSID()); + // + // if (!counterSigner.verify(counterVerifier)) + // { + // return false; + // } + // + // Collection counterSigners = counterSigner.getCounterSignatures().getSigners(); + // for (Iterator cIt = counterSigners.iterator(); cIt.hasNext();) + // { + // if (!verifyCounterSignature((SignerInformation)cIt.next(), verifierProvider)) + // { + // return false; + // } + // } + // // return true; // } // END android-removed diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java index f69772d..d454fa6 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java @@ -52,6 +52,11 @@ public class DefaultCMSSignatureAlgorithmNameGenerator addEntries(PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256", "RSA"); addEntries(PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384", "RSA"); addEntries(PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512", "RSA"); + + addEntries(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128, "RIPEMD128", "RSA"); + addEntries(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160, "RIPEMD160", "RSA"); + addEntries(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256, "RIPEMD256", "RSA"); + addEntries(X9ObjectIdentifiers.ecdsa_with_SHA1, "SHA1", "ECDSA"); addEntries(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224", "ECDSA"); addEntries(X9ObjectIdentifiers.ecdsa_with_SHA256, "SHA256", "ECDSA"); diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/SignerInformation.java b/bcpkix/src/main/java/org/bouncycastle/cms/SignerInformation.java index 7e178d6..081d121 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/SignerInformation.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/SignerInformation.java @@ -302,7 +302,7 @@ public class SignerInformation { if (signedAttributeSet != null) { - return signedAttributeSet.getEncoded(); + return signedAttributeSet.getEncoded(ASN1Encoding.DER); } return null; diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/SignerInformationStore.java b/bcpkix/src/main/java/org/bouncycastle/cms/SignerInformationStore.java index b65ab5e..79ec0a0 100644 --- a/bcpkix/src/main/java/org/bouncycastle/cms/SignerInformationStore.java +++ b/bcpkix/src/main/java/org/bouncycastle/cms/SignerInformationStore.java @@ -7,13 +7,37 @@ import java.util.Iterator; import java.util.List; import java.util.Map; +import org.bouncycastle.util.Iterable; + public class SignerInformationStore + implements Iterable<SignerInformation> { private List all = new ArrayList(); private Map table = new HashMap(); + /** + * Create a store containing a single SignerInformation object. + * + * @param signerInfo the signer information to contain. + */ + public SignerInformationStore( + SignerInformation signerInfo) + { + this.all = new ArrayList(1); + this.all.add(signerInfo); + + SignerId sid = signerInfo.getSID(); + + table.put(sid, all); + } + + /** + * Create a store containing a collection of SignerInformation objects. + * + * @param signerInfos a collection signer information objects to contain. + */ public SignerInformationStore( - Collection signerInfos) + Collection<SignerInformation> signerInfos) { Iterator it = signerInfos.iterator(); @@ -65,7 +89,7 @@ public class SignerInformationStore * * @return a collection of signers. */ - public Collection getSigners() + public Collection<SignerInformation> getSigners() { return new ArrayList(all); } @@ -76,7 +100,7 @@ public class SignerInformationStore * @param selector a signer id to select against. * @return a collection of SignerInformation objects. */ - public Collection getSigners( + public Collection<SignerInformation> getSigners( SignerId selector) { if (selector.getIssuer() != null && selector.getSubjectKeyIdentifier() != null) @@ -106,4 +130,12 @@ public class SignerInformationStore return list == null ? new ArrayList() : new ArrayList(list); } } + + /** + * Support method for Iterable where available. + */ + public Iterator<SignerInformation> iterator() + { + return getSigners().iterator(); + } } diff --git a/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/JcaContentVerifierProviderBuilder.java b/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/JcaContentVerifierProviderBuilder.java index 14ab78d..5f82d40 100644 --- a/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/JcaContentVerifierProviderBuilder.java +++ b/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/JcaContentVerifierProviderBuilder.java @@ -190,9 +190,10 @@ public class JcaContentVerifierProviderBuilder private class SigVerifier implements ContentVerifier { - private SignatureOutputStream stream; private AlgorithmIdentifier algorithm; + protected SignatureOutputStream stream; + SigVerifier(AlgorithmIdentifier algorithm, SignatureOutputStream stream) { this.algorithm = algorithm; @@ -239,6 +240,27 @@ public class JcaContentVerifierProviderBuilder this.rawSignature = rawSignature; } + public boolean verify(byte[] expected) + { + try + { + return super.verify(expected); + } + finally + { + // we need to do this as in some PKCS11 implementations the session associated with the init of the + // raw signature will not be freed if verify is not called on it. + try + { + rawSignature.verify(expected); + } + catch (Exception e) + { + // ignore + } + } + } + public boolean verify(byte[] digest, byte[] expected) { try @@ -251,6 +273,19 @@ public class JcaContentVerifierProviderBuilder { throw new RuntimeOperatorException("exception obtaining raw signature: " + e.getMessage(), e); } + finally + { + // we need to do this as in some PKCS11 implementations the session associated with the init of the + // standard signature will not be freed if verify is not called on it. + try + { + stream.verify(expected); + } + catch (Exception e) + { + // ignore + } + } } } diff --git a/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/OperatorHelper.java b/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/OperatorHelper.java index 927b4d7..a0847fb 100644 --- a/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/OperatorHelper.java +++ b/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/OperatorHelper.java @@ -368,10 +368,6 @@ class OperatorHelper { throw new OpCertificateException("cannot get encoded form of certificate: " + e.getMessage(), e); } - catch (NoSuchAlgorithmException e) - { - throw new OpCertificateException("cannot create certificate factory: " + e.getMessage(), e); - } catch (NoSuchProviderException e) { throw new OpCertificateException("cannot find factory provider: " + e.getMessage(), e); |