summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorbouncy <bouncy>2012-03-16 07:33:10 +0000
committerbouncy <bouncy>2012-03-16 07:33:10 +0000
commit14d9959004251edde06d2ea2c3ecaf543625e9aa (patch)
treeebad26d3875d34ba21fe7ed386c1f6c76fdffe5b
parentcc618274d3645d3d23107c5957b0b7d53b367a37 (diff)
downloadandroid_external_spongycastle-14d9959004251edde06d2ea2c3ecaf543625e9aa.tar.gz
android_external_spongycastle-14d9959004251edde06d2ea2c3ecaf543625e9aa.tar.bz2
android_external_spongycastle-14d9959004251edde06d2ea2c3ecaf543625e9aa.zip
updates
Diffstat
-rw-r--r--crypto/jdk1.1/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java7
-rw-r--r--crypto/jdk1.1/org/bouncycastle/jce/provider/BouncyCastleProvider.java14
-rw-r--r--crypto/jdk1.1/org/bouncycastle/jce/provider/JDKX509CertificateFactory.java377
-rw-r--r--crypto/jdk1.1/org/bouncycastle/jce/provider/PKIXCertPath.java400
-rw-r--r--crypto/jdk1.1/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java2
-rw-r--r--crypto/jdk1.1/org/bouncycastle/jce/provider/X509CRLObject.java425
-rw-r--r--crypto/jdk1.1/org/bouncycastle/x509/AttributeCertificateHolder.java16
-rw-r--r--crypto/jdk1.1/org/bouncycastle/x509/AttributeCertificateIssuer.java2
-rw-r--r--crypto/jdk1.1/org/bouncycastle/x509/X509Util.java6
-rw-r--r--crypto/jdk1.1/org/bouncycastle/x509/X509V1CertificateGenerator.java46
-rw-r--r--crypto/jdk1.1/org/bouncycastle/x509/X509V2CRLGenerator.java9
-rw-r--r--crypto/jdk1.1/org/bouncycastle/x509/X509V3CertificateGenerator.java14
12 files changed, 364 insertions, 954 deletions
diff --git a/crypto/jdk1.1/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java b/crypto/jdk1.1/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java
index ab9513bd8..1b97e5fd3 100644
--- a/crypto/jdk1.1/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java
+++ b/crypto/jdk1.1/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java
@@ -35,7 +35,8 @@ import org.bouncycastle.asn1.pkcs.ContentInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.SignedData;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.openssl.PEMWriter;
+import org.bouncycastle.util.io.pem.PemObject;
+import org.bouncycastle.util.io.pem.PemWriter;
/**
* CertPath implementation for X.509 certificates.
@@ -307,13 +308,13 @@ public class PKIXCertPath
else if (encoding.equalsIgnoreCase("PEM"))
{
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
- PEMWriter pWrt = new PEMWriter(new OutputStreamWriter(bOut));
+ PemWriter pWrt = new PemWriter(new OutputStreamWriter(bOut));
try
{
for (int i = 0; i != certificates.size(); i++)
{
- pWrt.writeObject(certificates.get(i));
+ pWrt.writeObject(new PemObject("CERTIFICATE", ((X509Certificate)certificates.get(i)).getEncoded()));
}
pWrt.close();
diff --git a/crypto/jdk1.1/org/bouncycastle/jce/provider/BouncyCastleProvider.java b/crypto/jdk1.1/org/bouncycastle/jce/provider/BouncyCastleProvider.java
index 2197b86fb..c1bdf97c6 100644
--- a/crypto/jdk1.1/org/bouncycastle/jce/provider/BouncyCastleProvider.java
+++ b/crypto/jdk1.1/org/bouncycastle/jce/provider/BouncyCastleProvider.java
@@ -44,7 +44,7 @@ import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter;
public final class BouncyCastleProvider extends Provider
implements ConfigurableProvider
{
- private static String info = "BouncyCastle Security Provider v1.47b";
+ private static String info = "BouncyCastle Security Provider v1.47";
public static String PROVIDER_NAME = "BC";
@@ -96,7 +96,7 @@ public final class BouncyCastleProvider extends Provider
*/
public BouncyCastleProvider()
{
- super(PROVIDER_NAME, 1.465, info);
+ super(PROVIDER_NAME, 1.47, info);
setup();
}
@@ -153,12 +153,6 @@ public final class BouncyCastleProvider extends Provider
put("Alg.Alias.KeyStore.bouncycastle", "BouncyCastle");
//
- // algorithm parameter generators
- //
-
-
-
- //
// algorithm parameters
//
put("AlgorithmParameters.IES", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IES");
@@ -239,10 +233,6 @@ public final class BouncyCastleProvider extends Provider
put("Cipher.IES", "org.bouncycastle.jce.provider.JCEIESCipher$IES");
put("Cipher.BrokenIES", "org.bouncycastle.jce.provider.JCEIESCipher$BrokenIES");
- put("Alg.Alias.Cipher.ELGAMAL/ECB/PKCS1PADDING", "ELGAMAL/PKCS1");
- put("Alg.Alias.Cipher.ELGAMAL/NONE/PKCS1PADDING", "ELGAMAL/PKCS1");
- put("Alg.Alias.Cipher.ELGAMAL/NONE/NOPADDING", "ELGAMAL");
-
put("Cipher.PBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithMD5AndDES");
put("Cipher.BROKENPBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithMD5AndDES");
put("Cipher.PBEWITHMD5ANDRC2", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithMD5AndRC2");
diff --git a/crypto/jdk1.1/org/bouncycastle/jce/provider/JDKX509CertificateFactory.java b/crypto/jdk1.1/org/bouncycastle/jce/provider/JDKX509CertificateFactory.java
deleted file mode 100644
index c8fc79024..000000000
--- a/crypto/jdk1.1/org/bouncycastle/jce/provider/JDKX509CertificateFactory.java
+++ /dev/null
@@ -1,377 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.ASN1TaggedObject;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.SignedData;
-import org.bouncycastle.asn1.x509.CertificateList;
-import org.bouncycastle.asn1.x509.X509CertificateStructure;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.PushbackInputStream;
-import java.security.cert.CRL;
-import java.security.cert.CRLException;
-import java.security.cert.CertPath;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactorySpi;
-import java.security.cert.CertificateParsingException;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Iterator;
-import java.util.List;
-
-/**
- * class for dealing with X509 certificates.
- * <p>
- * At the moment this will deal with "-----BEGIN CERTIFICATE-----" to "-----END CERTIFICATE-----"
- * base 64 encoded certs, as well as the BER binaries of certificates and some classes of PKCS#7
- * objects.
- */
-public class JDKX509CertificateFactory
- extends CertificateFactorySpi
-{
- private static final PEMUtil PEM_CERT_PARSER = new PEMUtil("CERTIFICATE");
- private static final PEMUtil PEM_CRL_PARSER = new PEMUtil("CRL");
-
- private ASN1Set sData = null;
- private int sDataObjectCount = 0;
- private InputStream currentStream = null;
-
- private ASN1Set sCrlData = null;
- private int sCrlDataObjectCount = 0;
- private InputStream currentCrlStream = null;
-
- private Certificate readDERCertificate(
- ASN1InputStream dIn)
- throws IOException, CertificateParsingException
- {
- ASN1Sequence seq = (ASN1Sequence)dIn.readObject();
-
- if (seq.size() > 1
- && seq.getObjectAt(0) instanceof DERObjectIdentifier)
- {
- if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData))
- {
- sData = new SignedData(ASN1Sequence.getInstance(
- (ASN1TaggedObject)seq.getObjectAt(1), true)).getCertificates();
-
- return getCertificate();
- }
- }
-
- return new X509CertificateObject(
- X509CertificateStructure.getInstance(seq));
- }
-
- private Certificate getCertificate()
- throws CertificateParsingException
- {
- if (sData != null)
- {
- while (sDataObjectCount < sData.size())
- {
- Object obj = sData.getObjectAt(sDataObjectCount++);
-
- if (obj instanceof ASN1Sequence)
- {
- return new X509CertificateObject(
- X509CertificateStructure.getInstance(obj));
- }
- }
- }
-
- return null;
- }
-
- private Certificate readPEMCertificate(
- InputStream in)
- throws IOException, CertificateParsingException
- {
- ASN1Sequence seq = PEM_CERT_PARSER.readPEMObject(in);
-
- if (seq != null)
- {
- return new X509CertificateObject(
- X509CertificateStructure.getInstance(seq));
- }
-
- return null;
- }
-
- protected CRL createCRL(CertificateList c)
- throws CRLException
- {
- return new X509CRLObject(c);
- }
-
- private CRL readPEMCRL(
- InputStream in)
- throws IOException, CRLException
- {
- ASN1Sequence seq = PEM_CRL_PARSER.readPEMObject(in);
-
- if (seq != null)
- {
- return createCRL(
- CertificateList.getInstance(seq));
- }
-
- return null;
- }
-
- private CRL readDERCRL(
- ASN1InputStream aIn)
- throws IOException, CRLException
- {
- ASN1Sequence seq = (ASN1Sequence)aIn.readObject();
-
- if (seq.size() > 1
- && seq.getObjectAt(0) instanceof DERObjectIdentifier)
- {
- if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData))
- {
- sCrlData = new SignedData(ASN1Sequence.getInstance(
- (ASN1TaggedObject)seq.getObjectAt(1), true)).getCRLs();
-
- return getCRL();
- }
- }
-
- return createCRL(
- CertificateList.getInstance(seq));
- }
-
- private CRL getCRL()
- throws CRLException
- {
- if (sCrlData == null || sCrlDataObjectCount >= sCrlData.size())
- {
- return null;
- }
-
- return createCRL(
- CertificateList.getInstance(
- sCrlData.getObjectAt(sCrlDataObjectCount++)));
- }
-
- /**
- * Generates a certificate object and initializes it with the data
- * read from the input stream inStream.
- */
- public Certificate engineGenerateCertificate(
- InputStream in)
- throws CertificateException
- {
- if (currentStream == null)
- {
- currentStream = in;
- sData = null;
- sDataObjectCount = 0;
- }
- else if (currentStream != in) // reset if input stream has changed
- {
- currentStream = in;
- sData = null;
- sDataObjectCount = 0;
- }
-
- try
- {
- if (sData != null)
- {
- if (sDataObjectCount != sData.size())
- {
- return getCertificate();
- }
- else
- {
- sData = null;
- sDataObjectCount = 0;
- return null;
- }
- }
-
- int limit = ProviderUtil.getReadLimit(in);
-
- PushbackInputStream pis = new PushbackInputStream(in);
- int tag = pis.read();
-
- if (tag == -1)
- {
- return null;
- }
-
- pis.unread(tag);
-
- if (tag != 0x30) // assume ascii PEM encoded.
- {
- return readPEMCertificate(pis);
- }
- else
- {
- return readDERCertificate(new ASN1InputStream(pis, limit));
- }
- }
- catch (Exception e)
- {
- throw new CertificateException(e.toString());
- }
- }
-
- /**
- * Returns a (possibly empty) collection view of the certificates
- * read from the given input stream inStream.
- */
- public Collection engineGenerateCertificates(
- InputStream inStream)
- throws CertificateException
- {
- Certificate cert;
- List certs = new ArrayList();
-
- while ((cert = engineGenerateCertificate(inStream)) != null)
- {
- certs.add(cert);
- }
-
- return certs;
- }
-
- /**
- * Generates a certificate revocation list (CRL) object and initializes
- * it with the data read from the input stream inStream.
- */
- public CRL engineGenerateCRL(
- InputStream inStream)
- throws CRLException
- {
- if (currentCrlStream == null)
- {
- currentCrlStream = inStream;
- sCrlData = null;
- sCrlDataObjectCount = 0;
- }
- else if (currentCrlStream != inStream) // reset if input stream has changed
- {
- currentCrlStream = inStream;
- sCrlData = null;
- sCrlDataObjectCount = 0;
- }
-
- try
- {
- if (sCrlData != null)
- {
- if (sCrlDataObjectCount != sCrlData.size())
- {
- return getCRL();
- }
- else
- {
- sCrlData = null;
- sCrlDataObjectCount = 0;
- return null;
- }
- }
-
- int limit = ProviderUtil.getReadLimit(inStream);
-
- PushbackInputStream pis = new PushbackInputStream(inStream);
- int tag = pis.read();
-
- if (tag == -1)
- {
- return null;
- }
-
- pis.unread(tag);
-
- if (tag != 0x30) // assume ascii PEM encoded.
- {
- return readPEMCRL(pis);
- }
- else
- { // lazy evaluate to help processing of large CRLs
- return readDERCRL(new ASN1InputStream(pis, limit, true));
- }
- }
- catch (CRLException e)
- {
- throw e;
- }
- catch (Exception e)
- {
- throw new CRLException(e.toString());
- }
- }
-
- /**
- * Returns a (possibly empty) collection view of the CRLs read from
- * the given input stream inStream.
- *
- * The inStream may contain a sequence of DER-encoded CRLs, or
- * a PKCS#7 CRL set. This is a PKCS#7 SignedData object, with the
- * only signficant field being crls. In particular the signature
- * and the contents are ignored.
- */
- public Collection engineGenerateCRLs(
- InputStream inStream)
- throws CRLException
- {
- CRL crl;
- List crls = new ArrayList();
-
- while ((crl = engineGenerateCRL(inStream)) != null)
- {
- crls.add(crl);
- }
-
- return crls;
- }
-
- public Iterator engineGetCertPathEncodings()
- {
- return PKIXCertPath.certPathEncodings.iterator();
- }
-
- public CertPath engineGenerateCertPath(
- InputStream inStream)
- throws CertificateException
- {
- return engineGenerateCertPath(inStream, "PkiPath");
- }
-
- public CertPath engineGenerateCertPath(
- InputStream inStream,
- String encoding)
- throws CertificateException
- {
- return new PKIXCertPath(inStream, encoding);
- }
-
- public CertPath engineGenerateCertPath(
- List certificates)
- throws CertificateException
- {
- Iterator iter = certificates.iterator();
- Object obj;
- while (iter.hasNext())
- {
- obj = iter.next();
- if (obj != null)
- {
- if (!(obj instanceof X509Certificate))
- {
- throw new CertificateException("list contains non X509Certificate object while creating CertPath\n" + obj.toString());
- }
- }
- }
- return new PKIXCertPath(certificates);
- }
-}
diff --git a/crypto/jdk1.1/org/bouncycastle/jce/provider/PKIXCertPath.java b/crypto/jdk1.1/org/bouncycastle/jce/provider/PKIXCertPath.java
deleted file mode 100644
index 1d645b420..000000000
--- a/crypto/jdk1.1/org/bouncycastle/jce/provider/PKIXCertPath.java
+++ /dev/null
@@ -1,400 +0,0 @@
-package org.bouncycastle.jce.provider;
-
-import java.io.BufferedInputStream;
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStreamWriter;
-import java.security.NoSuchProviderException;
-import java.security.cert.CertPath;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.Enumeration;
-import java.util.Iterator;
-import java.util.List;
-import java.util.ListIterator;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.ASN1Primitive;
-import org.bouncycastle.asn1.DEROutputStream;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.DERSet;
-import org.bouncycastle.asn1.pkcs.ContentInfo;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.SignedData;
-import org.bouncycastle.jce.PrincipalUtil;
-import org.bouncycastle.jce.X509Principal;
-import org.bouncycastle.openssl.PEMWriter;
-
-/**
- * CertPath implementation for X.509 certificates.
- * <br />
- **/
-public class PKIXCertPath
- extends CertPath
-{
- static final List certPathEncodings;
-
- static
- {
- List encodings = new ArrayList();
- encodings.add("PkiPath");
- encodings.add("PEM");
- encodings.add("PKCS7");
- certPathEncodings = Collections.unmodifiableList( encodings );
- }
-
- private List certificates;
-
- /**
- * @param certs
- */
- private List sortCerts(
- List certs)
- {
- if (certs.size() < 2)
- {
- return certs;
- }
-
- try
- {
- X509Principal issuer = PrincipalUtil.getIssuerX509Principal(((X509Certificate)certs.get(0)));
- boolean okay = true;
-
- for (int i = 1; i != certs.size(); i++)
- {
- X509Certificate cert = (X509Certificate)certs.get(i);
-
- if (issuer.equals(PrincipalUtil.getSubjectX509Principal(cert)))
- {
- issuer = PrincipalUtil.getIssuerX509Principal(((X509Certificate)certs.get(i)));
- }
- else
- {
- okay = false;
- break;
- }
- }
-
- if (okay)
- {
- return certs;
- }
-
- // find end-entity cert
- ArrayList retList = new ArrayList(certs.size());
-
- for (int i = 0; i < certs.size(); i++)
- {
- X509Certificate cert = (X509Certificate)certs.get(i);
- boolean found = false;
-
- X509Principal subject = PrincipalUtil.getSubjectX509Principal(cert);
-
- for (int j = 0; j != certs.size(); j++)
- {
- X509Certificate c = (X509Certificate)certs.get(j);
- if (PrincipalUtil.getIssuerX509Principal(c).equals(subject))
- {
- found = true;
- break;
- }
- }
-
- if (!found)
- {
- retList.add(cert);
- certs.remove(i);
- }
- }
-
- // can only have one end entity cert - something's wrong, give up.
- if (retList.size() > 1)
- {
- for (int i = 0; i != certs.size(); i++)
- {
- retList.add(certs.get(i));
- }
-
- return retList;
- }
-
- for (int i = 0; i != retList.size(); i++)
- {
- issuer = PrincipalUtil.getIssuerX509Principal((X509Certificate)retList.get(i));
-
- for (int j = 0; j < certs.size(); j++)
- {
- X509Certificate c = (X509Certificate)certs.get(j);
- if (issuer.equals(PrincipalUtil.getSubjectX509Principal(c)))
- {
- retList.add(c);
- certs.remove(j);
- break;
- }
- }
- }
-
- // make sure all certificates are accounted for.
- for (int i = 0; i != certs.size(); i++)
- {
- retList.add(certs.get(i));
- }
-
- return retList;
- }
- catch (Exception e)
- {
- return certs;
- }
- }
-
- /**
- * Creates a CertPath of the specified type.
- * This constructor is protected because most users should use
- * a CertificateFactory to create CertPaths.
- * @param type the standard name of the type of Certificatesin this path
- **/
- PKIXCertPath( List certificates )
- {
- super("X.509");
- this.certificates = sortCerts(new ArrayList(certificates));
- }
-
- /**
- * Creates a CertPath of the specified type.
- * This constructor is protected because most users should use
- * a CertificateFactory to create CertPaths.
- *
- * @param type the standard name of the type of Certificatesin this path
- **/
- PKIXCertPath(
- InputStream inStream,
- String encoding)
- throws CertificateException
- {
- super("X.509");
- try {
- if (encoding.equalsIgnoreCase( "PkiPath" ))
- {
- ASN1InputStream derInStream = new ASN1InputStream(inStream);
- ASN1Primitive derObject = derInStream.readObject();
- if (!(derObject instanceof ASN1Sequence))
- {
- throw new CertificateException("input stream does not contain a ASN1 SEQUENCE while reading PkiPath encoded data to load CertPath" );
- }
- Enumeration e = ((ASN1Sequence)derObject).getObjects();
- InputStream certInStream;
- ByteArrayOutputStream outStream;
- DEROutputStream derOutStream;
- certificates = new ArrayList();
- CertificateFactory certFactory= CertificateFactory.getInstance( "X.509", "BC" );
- while ( e.hasMoreElements() ) {
- outStream = new ByteArrayOutputStream();
- derOutStream = new DEROutputStream(outStream);
-
- derOutStream.writeObject((ASN1Encodable)e.nextElement());
- derOutStream.close();
-
- certInStream = new ByteArrayInputStream(outStream.toByteArray());
- certificates.add(0,certFactory.generateCertificate(certInStream));
- }
- }
- else if (encoding.equalsIgnoreCase("PKCS7") || encoding.equalsIgnoreCase("PEM"))
- {
- inStream = new BufferedInputStream(inStream);
- certificates = new ArrayList();
- CertificateFactory certFactory= CertificateFactory.getInstance( "X.509", "BC" );
- Certificate cert = null;
- while ((cert = certFactory.generateCertificate(inStream)) != null)
- {
- certificates.add(cert);
- }
- }
- else
- {
- throw new CertificateException( "unsupported encoding: " + encoding);
- }
- }
- catch (IOException ex)
- {
- throw new CertificateException( "IOException throw while decoding CertPath:\n" + ex.toString() );
- }
- catch (NoSuchProviderException ex )
- {
- throw new CertificateException( "BouncyCastle provider not found while trying to get a CertificateFactory:\n" + ex.toString() );
- }
-
- this.certificates = sortCerts(certificates);
- }
-
- /**
- * Returns an iteration of the encodings supported by this
- * certification path, with the default encoding
- * first. Attempts to modify the returned Iterator via its
- * remove method result in an UnsupportedOperationException.
- *
- * @return an Iterator over the names of the supported encodings (as Strings)
- **/
- public Iterator getEncodings()
- {
- return certPathEncodings.iterator();
- }
-
- /**
- * Returns the encoded form of this certification path, using
- * the default encoding.
- *
- * @return the encoded bytes
- * @exception CertificateEncodingException if an encoding error occurs
- **/
- public byte[] getEncoded()
- throws CertificateEncodingException
- {
- Iterator iter = getEncodings();
- if ( iter.hasNext() )
- {
- Object enc = iter.next();
- if ( enc instanceof String )
- {
- return getEncoded((String)enc);
- }
- }
- return null;
- }
-
- /**
- * Returns the encoded form of this certification path, using
- * the specified encoding.
- *
- * @param encoding the name of the encoding to use
- * @return the encoded bytes
- * @exception CertificateEncodingException if an encoding error
- * occurs or the encoding requested is not supported
- *
- **/
- public byte[] getEncoded(String encoding)
- throws CertificateEncodingException
- {
- if (encoding.equalsIgnoreCase("PkiPath"))
- {
- ASN1EncodableVector v = new ASN1EncodableVector();
-
- ListIterator iter = certificates.listIterator(certificates.size());
- while ( iter.hasPrevious() )
- {
- v.add(toASN1Object((X509Certificate)iter.previous()));
- }
-
- return toDEREncoded(new DERSequence(v));
- }
- else if (encoding.equalsIgnoreCase("PKCS7"))
- {
- ContentInfo encInfo = new ContentInfo(PKCSObjectIdentifiers.data, null);
-
- ASN1EncodableVector v = new ASN1EncodableVector();
- for (int i = 0; i != certificates.size(); i++)
- {
- v.add(toASN1Object((X509Certificate)certificates.get(i)));
- }
-
- SignedData sd = new SignedData(
- new DERInteger(1),
- new DERSet(),
- encInfo,
- new DERSet(v),
- null,
- new DERSet());
-
- return toDEREncoded(new ContentInfo(
- PKCSObjectIdentifiers.signedData, sd));
- }
- else if (encoding.equalsIgnoreCase("PEM"))
- {
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
- PEMWriter pWrt = new PEMWriter(new OutputStreamWriter(bOut));
-
- try
- {
- for (int i = 0; i != certificates.size(); i++)
- {
- pWrt.writeObject(certificates.get(i));
- }
-
- pWrt.close();
- }
- catch (Exception e)
- {
- throw new CertificateEncodingException("can't encode certificate for PEM encoded path");
- }
-
- return bOut.toByteArray();
- }
- else
- {
- throw new CertificateEncodingException("unsupported encoding: " + encoding);
- }
- }
-
- /**
- * Returns the list of certificates in this certification
- * path. The List returned must be immutable and thread-safe.
- *
- * @return an immutable List of Certificates (may be empty, but not null)
- **/
- public List getCertificates()
- {
- return Collections.unmodifiableList(new ArrayList(certificates));
- }
-
- /**
- * Return a ASN1Primitive containing the encoded certificate.
- *
- * @param cert the X509Certificate object to be encoded
- *
- * @return the ASN1Primitive
- **/
- private ASN1Primitive toASN1Object(
- X509Certificate cert )
- throws CertificateEncodingException
- {
- try
- {
- return new ASN1InputStream(cert.getEncoded()).readObject();
- }
- catch (Exception e)
- {
- throw new CertificateEncodingException("Exception while encoding certificate: " + e.toString());
- }
- }
-
- private byte[] toDEREncoded(ASN1Encodable obj)
- throws CertificateEncodingException
- {
- try
- {
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
- DEROutputStream dOut = new DEROutputStream(bOut);
-
- dOut.writeObject(obj);
- dOut.close();
-
- return bOut.toByteArray();
- }
- catch (IOException e)
- {
- throw new CertificateEncodingException("Exeption thrown: " + e);
- }
- }
-}
diff --git a/crypto/jdk1.1/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java b/crypto/jdk1.1/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
index af1eac408..cee23322b 100644
--- a/crypto/jdk1.1/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
+++ b/crypto/jdk1.1/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
@@ -1316,7 +1316,7 @@ public class PKIXCertPathValidatorSpi extends CertPathValidatorSpi
ASN1Sequence ncSeq = (ASN1Sequence)getExtensionValue(cert, NAME_CONSTRAINTS);
if (ncSeq != null)
{
- NameConstraints nc = new NameConstraints(ncSeq);
+ NameConstraints nc = NameConstraints.getInstance(ncSeq);
//
// (g) (1) permitted subtrees
diff --git a/crypto/jdk1.1/org/bouncycastle/jce/provider/X509CRLObject.java b/crypto/jdk1.1/org/bouncycastle/jce/provider/X509CRLObject.java
index 9decde93b..c71128680 100644
--- a/crypto/jdk1.1/org/bouncycastle/jce/provider/X509CRLObject.java
+++ b/crypto/jdk1.1/org/bouncycastle/jce/provider/X509CRLObject.java
@@ -1,34 +1,45 @@
package org.bouncycastle.jce.provider;
-import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
-import java.security.Provider;
import java.security.PublicKey;
-import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
+import java.security.cert.CertificateEncodingException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
+import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
+import java.util.Iterator;
import java.util.Set;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DEROutputStream;
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1Encoding;
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.util.ASN1Dump;
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x509.CRLDistPoint;
+import org.bouncycastle.asn1.x509.CRLNumber;
import org.bouncycastle.asn1.x509.CertificateList;
+import org.bouncycastle.asn1.x509.Extension;
+import org.bouncycastle.asn1.x509.Extensions;
+import org.bouncycastle.asn1.x509.GeneralNames;
+import org.bouncycastle.asn1.x509.IssuingDistributionPoint;
import org.bouncycastle.asn1.x509.TBSCertList;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.jce.X509Principal;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.x509.extension.X509ExtensionUtil;
/**
* The following extensions are listed in RFC 2459 as relevant to CRLs
@@ -43,11 +54,51 @@ public class X509CRLObject
extends X509CRL
{
private CertificateList c;
+ private String sigAlgName;
+ private byte[] sigAlgParams;
+ private boolean isIndirect;
+
+ static boolean isIndirectCRL(X509CRL crl)
+ throws CRLException
+ {
+ try
+ {
+ byte[] idp = crl.getExtensionValue(Extension.issuingDistributionPoint.getId());
+ return idp != null
+ && IssuingDistributionPoint.getInstance(X509ExtensionUtil.fromExtensionValue(idp)).isIndirectCRL();
+ }
+ catch (Exception e)
+ {
+ throw new ExtCRLException(
+ "Exception reading IssuingDistributionPoint", e);
+ }
+ }
public X509CRLObject(
CertificateList c)
+ throws CRLException
{
this.c = c;
+
+ try
+ {
+ this.sigAlgName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm());
+
+ if (c.getSignatureAlgorithm().getParameters() != null)
+ {
+ this.sigAlgParams = ((ASN1Encodable)c.getSignatureAlgorithm().getParameters()).toASN1Primitive().getEncoded(ASN1Encoding.DER);
+ }
+ else
+ {
+ this.sigAlgParams = null;
+ }
+
+ this.isIndirect = isIndirectCRL(this);
+ }
+ catch (Exception e)
+ {
+ throw new CRLException("CRL contents invalid: " + e);
+ }
}
/**
@@ -57,34 +108,42 @@ public class X509CRLObject
public boolean hasUnsupportedCriticalExtension()
{
Set extns = getCriticalExtensionOIDs();
- if ( extns != null && !extns.isEmpty() )
+
+ if (extns == null)
{
- return true;
+ return false;
}
- return false;
+ extns.remove(RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT);
+ extns.remove(RFC3280CertPathUtilities.DELTA_CRL_INDICATOR);
+
+ return !extns.isEmpty();
}
private Set getExtensionOIDs(boolean critical)
{
if (this.getVersion() == 2)
{
- HashSet set = new HashSet();
- X509Extensions extensions = c.getTBSCertList().getExtensions();
- Enumeration e = extensions.oids();
+ Extensions extensions = c.getTBSCertList().getExtensions();
- while (e.hasMoreElements())
+ if (extensions != null)
{
- DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement();
- X509Extension ext = extensions.getExtension(oid);
+ Set set = new HashSet();
+ Enumeration e = extensions.oids();
- if (critical == ext.isCritical())
+ while (e.hasMoreElements())
{
- set.add(oid.getId());
+ ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement();
+ Extension ext = extensions.getExtension(oid);
+
+ if (critical == ext.isCritical())
+ {
+ set.add(oid.getId());
+ }
}
- }
- return set;
+ return set;
+ }
}
return null;
@@ -102,26 +161,21 @@ public class X509CRLObject
public byte[] getExtensionValue(String oid)
{
- X509Extensions exts = c.getTBSCertList().getExtensions();
+ Extensions exts = c.getTBSCertList().getExtensions();
if (exts != null)
{
- X509Extension ext = exts.getExtension(new DERObjectIdentifier(oid));
+ Extension ext = exts.getExtension(new ASN1ObjectIdentifier(oid));
if (ext != null)
{
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
- DEROutputStream dOut = new DEROutputStream(bOut);
-
try
{
- dOut.writeObject(ext.getValue());
-
- return bOut.toByteArray();
+ return ext.getExtnValue().getEncoded();
}
catch (Exception e)
{
- throw new RuntimeException("error encoding " + e.toString());
+ throw new IllegalStateException("error parsing " + e.toString());
}
}
}
@@ -132,14 +186,9 @@ public class X509CRLObject
public byte[] getEncoded()
throws CRLException
{
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
- DEROutputStream dOut = new DEROutputStream(bOut);
-
try
{
- dOut.writeObject(c);
-
- return bOut.toByteArray();
+ return c.getEncoded(ASN1Encoding.DER);
}
catch (IOException e)
{
@@ -149,27 +198,35 @@ public class X509CRLObject
public void verify(PublicKey key)
throws CRLException, NoSuchAlgorithmException,
- InvalidKeyException, NoSuchProviderException,
- SignatureException
+ InvalidKeyException, NoSuchProviderException, SignatureException
{
- verify(key, "BC");
+ verify(key, BouncyCastleProvider.PROVIDER_NAME);
}
public void verify(PublicKey key, String sigProvider)
throws CRLException, NoSuchAlgorithmException,
- InvalidKeyException, NoSuchProviderException,
- SignatureException
+ InvalidKeyException, NoSuchProviderException, SignatureException
{
- if ( !c.getSignatureAlgorithm().equals(c.getTBSCertList().getSignature()) )
+ if (!c.getSignatureAlgorithm().equals(c.getTBSCertList().getSignature()))
{
- throw new CRLException("Signature algorithm on CertifcateList does not match TBSCertList.");
+ throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList.");
}
- Signature sig = Signature.getInstance(getSigAlgName(), sigProvider);
+ Signature sig;
+
+ if (sigProvider != null)
+ {
+ sig = Signature.getInstance(getSigAlgName(), sigProvider);
+ }
+ else
+ {
+ sig = Signature.getInstance(getSigAlgName());
+ }
sig.initVerify(key);
sig.update(this.getTBSCertList());
- if ( !sig.verify(this.getSignature()) )
+
+ if (!sig.verify(this.getSignature()))
{
throw new SignatureException("CRL does not verify with supplied public key.");
}
@@ -177,12 +234,12 @@ public class X509CRLObject
public int getVersion()
{
- return c.getVersion();
+ return c.getVersionNumber();
}
public Principal getIssuerDN()
{
- return new X509Principal(c.getIssuer());
+ return new X509Principal(X500Name.getInstance(c.getIssuer().toASN1Primitive()));
}
public Date getThisUpdate()
@@ -199,54 +256,78 @@ public class X509CRLObject
return null;
}
-
- public X509CRLEntry getRevokedCertificate(BigInteger serialNumber)
+
+ private Set loadCRLEntries()
{
- TBSCertList.CRLEntry[] certs = c.getRevokedCertificates();
+ Set entrySet = new HashSet();
+ Enumeration certs = c.getRevokedCertificateEnumeration();
- if ( certs != null )
+ X500Name previousCertificateIssuer = c.getIssuer();
+ while (certs.hasMoreElements())
{
- for ( int i = 0; i < certs.length; i++ )
+ TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry)certs.nextElement();
+ X509CRLEntryObject crlEntry = new X509CRLEntryObject(entry, isIndirect, previousCertificateIssuer);
+ entrySet.add(crlEntry);
+ if (isIndirect && entry.hasExtensions())
{
- if ( certs[i].getUserCertificate().getValue().equals(serialNumber) ) {
- return new X509CRLEntryObject(certs[i]);
+ Extension currentCaName = entry.getExtensions().getExtension(Extension.certificateIssuer);
+
+ if (currentCaName != null)
+ {
+ previousCertificateIssuer = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName());
}
}
}
- return null;
+ return entrySet;
}
-
- public Set getRevokedCertificates()
+
+ public X509CRLEntry getRevokedCertificate(BigInteger serialNumber)
{
- TBSCertList.CRLEntry[] certs = c.getRevokedCertificates();
+ Enumeration certs = c.getRevokedCertificateEnumeration();
- if ( certs != null )
+ X500Name previousCertificateIssuer = c.getIssuer();
+ while (certs.hasMoreElements())
{
- HashSet set = new HashSet();
- for ( int i = 0; i < certs.length; i++ )
+ TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry)certs.nextElement();
+
+ if (serialNumber.equals(entry.getUserCertificate().getValue()))
+ {
+ return new X509CRLEntryObject(entry, isIndirect, previousCertificateIssuer);
+ }
+
+ if (isIndirect && entry.hasExtensions())
{
- set.add(new X509CRLEntryObject(certs[i]));
+ Extension currentCaName = entry.getExtensions().getExtension(Extension.certificateIssuer);
+ if (currentCaName != null)
+ {
+ previousCertificateIssuer = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName());
+ }
}
+ }
- return set;
+ return null;
+ }
+
+ public Set getRevokedCertificates()
+ {
+ Set entrySet = loadCRLEntries();
+
+ if (!entrySet.isEmpty())
+ {
+ return Collections.unmodifiableSet(entrySet);
}
return null;
}
-
+
public byte[] getTBSCertList()
throws CRLException
{
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
- DEROutputStream dOut = new DEROutputStream(bOut);
-
try
{
- dOut.writeObject(c.getTBSCertList());
-
- return bOut.toByteArray();
+ return c.getTBSCertList().getEncoded("DER");
}
catch (IOException e)
{
@@ -261,56 +342,25 @@ public class X509CRLObject
public String getSigAlgName()
{
- Provider prov = Security.getProvider("BC");
- String algName = prov.getProperty("Alg.Alias.Signature." + this.getSigAlgOID());
-
- if ( algName != null )
- {
- return algName;
- }
-
- Provider[] provs = Security.getProviders();
-
- //
- // search every provider looking for a real algorithm
- //
- for (int i = 0; i != provs.length; i++)
- {
- algName = provs[i].getProperty("Alg.Alias.Signature." + this.getSigAlgOID());
- if ( algName != null )
- {
- return algName;
- }
- }
-
- return this.getSigAlgOID();
+ return sigAlgName;
}
public String getSigAlgOID()
{
- return c.getSignatureAlgorithm().getObjectId().getId();
+ return c.getSignatureAlgorithm().getAlgorithm().getId();
}
public byte[] getSigAlgParams()
{
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
- if ( c.getSignatureAlgorithm().getParameters() != null )
+ if (sigAlgParams != null)
{
- try
- {
- DEROutputStream dOut = new DEROutputStream(bOut);
-
- dOut.writeObject(c.getSignatureAlgorithm().getParameters());
- }
- catch (Exception e)
- {
- throw new RuntimeException("exception getting sig parameters " + e);
- }
-
- return bOut.toByteArray();
+ byte[] tmp = new byte[sigAlgParams.length];
+
+ System.arraycopy(sigAlgParams, 0, tmp, 0, tmp.length);
+
+ return tmp;
}
-
+
return null;
}
@@ -321,7 +371,125 @@ public class X509CRLObject
*/
public String toString()
{
- return "X.509 CRL";
+ StringBuffer buf = new StringBuffer();
+ String nl = System.getProperty("line.separator");
+
+ buf.append(" Version: ").append(this.getVersion()).append(
+ nl);
+ buf.append(" IssuerDN: ").append(this.getIssuerDN())
+ .append(nl);
+ buf.append(" This update: ").append(this.getThisUpdate())
+ .append(nl);
+ buf.append(" Next update: ").append(this.getNextUpdate())
+ .append(nl);
+ buf.append(" Signature Algorithm: ").append(this.getSigAlgName())
+ .append(nl);
+
+ byte[] sig = this.getSignature();
+
+ buf.append(" Signature: ").append(
+ new String(Hex.encode(sig, 0, 20))).append(nl);
+ for (int i = 20; i < sig.length; i += 20)
+ {
+ if (i < sig.length - 20)
+ {
+ buf.append(" ").append(
+ new String(Hex.encode(sig, i, 20))).append(nl);
+ }
+ else
+ {
+ buf.append(" ").append(
+ new String(Hex.encode(sig, i, sig.length - i))).append(nl);
+ }
+ }
+
+ Extensions extensions = c.getTBSCertList().getExtensions();
+
+ if (extensions != null)
+ {
+ Enumeration e = extensions.oids();
+
+ if (e.hasMoreElements())
+ {
+ buf.append(" Extensions: ").append(nl);
+ }
+
+ while (e.hasMoreElements())
+ {
+ ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement();
+ Extension ext = extensions.getExtension(oid);
+
+ if (ext.getExtnValue() != null)
+ {
+ byte[] octs = ext.getExtnValue().getOctets();
+ ASN1InputStream dIn = new ASN1InputStream(octs);
+ buf.append(" critical(").append(
+ ext.isCritical()).append(") ");
+ try
+ {
+ if (oid.equals(Extension.cRLNumber))
+ {
+ buf.append(
+ new CRLNumber(DERInteger.getInstance(
+ dIn.readObject()).getPositiveValue()))
+ .append(nl);
+ }
+ else if (oid.equals(Extension.deltaCRLIndicator))
+ {
+ buf.append(
+ "Base CRL: "
+ + new CRLNumber(DERInteger.getInstance(
+ dIn.readObject()).getPositiveValue()))
+ .append(nl);
+ }
+ else if (oid
+ .equals(Extension.issuingDistributionPoint))
+ {
+ buf.append(
+ IssuingDistributionPoint.getInstance(dIn.readObject())).append(nl);
+ }
+ else if (oid
+ .equals(Extension.cRLDistributionPoints))
+ {
+ buf.append(
+ CRLDistPoint.getInstance(dIn.readObject())).append(nl);
+ }
+ else if (oid.equals(Extension.freshestCRL))
+ {
+ buf.append(
+ CRLDistPoint.getInstance(dIn.readObject())).append(nl);
+ }
+ else
+ {
+ buf.append(oid.getId());
+ buf.append(" value = ").append(
+ ASN1Dump.dumpAsString(dIn.readObject()))
+ .append(nl);
+ }
+ }
+ catch (Exception ex)
+ {
+ buf.append(oid.getId());
+ buf.append(" value = ").append("*****").append(nl);
+ }
+ }
+ else
+ {
+ buf.append(nl);
+ }
+ }
+ }
+ Set set = getRevokedCertificates();
+ if (set != null)
+ {
+ Iterator it = set.iterator();
+ while (it.hasNext())
+ {
+ buf.append(it.next());
+ buf.append(nl);
+ }
+ }
+ return buf.toString();
}
/**
@@ -333,21 +501,49 @@ public class X509CRLObject
*/
public boolean isRevoked(Certificate cert)
{
- if ( !cert.getType().equals("X.509") )
+ if (!cert.getType().equals("X.509"))
{
throw new RuntimeException("X.509 CRL used with non X.509 Cert");
}
TBSCertList.CRLEntry[] certs = c.getRevokedCertificates();
- if ( certs != null )
+ X500Name caName = c.getIssuer();
+
+ if (certs != null)
{
BigInteger serial = ((X509Certificate)cert).getSerialNumber();
- for ( int i = 0; i < certs.length; i++ )
+ for (int i = 0; i < certs.length; i++)
{
- if ( certs[i].getUserCertificate().getValue().equals(serial) )
+ if (isIndirect && certs[i].hasExtensions())
{
+ Extension currentCaName = certs[i].getExtensions().getExtension(Extension.certificateIssuer);
+
+ if (currentCaName != null)
+ {
+ caName = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName());
+ }
+ }
+
+ if (certs[i].getUserCertificate().getValue().equals(serial))
+ {
+ X500Name issuer;
+
+ try
+ {
+ issuer = org.bouncycastle.asn1.x509.Certificate.getInstance(cert.getEncoded()).getIssuer();
+ }
+ catch (CertificateEncodingException e)
+ {
+ throw new RuntimeException("Cannot process certificate");
+ }
+
+ if (!caName.equals(issuer))
+ {
+ return false;
+ }
+
return true;
}
}
@@ -356,4 +552,3 @@ public class X509CRLObject
return false;
}
}
-
diff --git a/crypto/jdk1.1/org/bouncycastle/x509/AttributeCertificateHolder.java b/crypto/jdk1.1/org/bouncycastle/x509/AttributeCertificateHolder.java
index e14c2e079..ee24f8c84 100644
--- a/crypto/jdk1.1/org/bouncycastle/x509/AttributeCertificateHolder.java
+++ b/crypto/jdk1.1/org/bouncycastle/x509/AttributeCertificateHolder.java
@@ -4,7 +4,6 @@ import java.io.IOException;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.Principal;
-import java.security.cert.CertSelector;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateParsingException;
@@ -13,9 +12,9 @@ import java.util.ArrayList;
import java.util.List;
import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
@@ -24,6 +23,7 @@ import org.bouncycastle.asn1.x509.IssuerSerial;
import org.bouncycastle.asn1.x509.ObjectDigestInfo;
import org.bouncycastle.jce.PrincipalUtil;
import org.bouncycastle.jce.X509Principal;
+import java.security.cert.CertSelector;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Selector;
@@ -58,8 +58,8 @@ public class AttributeCertificateHolder
BigInteger serialNumber)
{
holder = new org.bouncycastle.asn1.x509.Holder(new IssuerSerial(
- new GeneralNames(new DERSequence(new GeneralName(issuerName))),
- new DERInteger(serialNumber)));
+ new GeneralNames(new GeneralName(issuerName)),
+ new ASN1Integer(serialNumber)));
}
public AttributeCertificateHolder(X509Certificate cert)
@@ -77,7 +77,7 @@ public class AttributeCertificateHolder
}
holder = new Holder(new IssuerSerial(generateGeneralNames(name),
- new DERInteger(cert.getSerialNumber())));
+ new ASN1Integer(cert.getSerialNumber())));
}
public AttributeCertificateHolder(X509Principal principal)
@@ -112,7 +112,7 @@ public class AttributeCertificateHolder
String digestAlgorithm, String otherObjectTypeID, byte[] objectDigest)
{
holder = new Holder(new ObjectDigestInfo(digestedObjectType,
- otherObjectTypeID, new AlgorithmIdentifier(digestAlgorithm), Arrays
+ new ASN1ObjectIdentifier(otherObjectTypeID), new AlgorithmIdentifier(digestAlgorithm), Arrays
.clone(objectDigest)));
}
@@ -187,7 +187,7 @@ public class AttributeCertificateHolder
private GeneralNames generateGeneralNames(X509Principal principal)
{
- return new GeneralNames(new DERSequence(new GeneralName(principal)));
+ return new GeneralNames(new GeneralName(principal));
}
private boolean matchesDN(X509Principal subject, GeneralNames targets)
diff --git a/crypto/jdk1.1/org/bouncycastle/x509/AttributeCertificateIssuer.java b/crypto/jdk1.1/org/bouncycastle/x509/AttributeCertificateIssuer.java
index c21355e14..7e2672dc3 100644
--- a/crypto/jdk1.1/org/bouncycastle/x509/AttributeCertificateIssuer.java
+++ b/crypto/jdk1.1/org/bouncycastle/x509/AttributeCertificateIssuer.java
@@ -39,7 +39,7 @@ public class AttributeCertificateIssuer
public AttributeCertificateIssuer(
X509Principal principal)
{
- form = new V2Form(new GeneralNames(new DERSequence(new GeneralName(principal))));
+ form = new V2Form(new GeneralNames(new GeneralName(principal)));
}
private Object[] getNames()
diff --git a/crypto/jdk1.1/org/bouncycastle/x509/X509Util.java b/crypto/jdk1.1/org/bouncycastle/x509/X509Util.java
index 704659e88..56739eb4e 100644
--- a/crypto/jdk1.1/org/bouncycastle/x509/X509Util.java
+++ b/crypto/jdk1.1/org/bouncycastle/x509/X509Util.java
@@ -20,7 +20,7 @@ import java.util.Set;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Encoding;
-import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
@@ -130,8 +130,8 @@ class X509Util
return new RSASSAPSSparams(
hashAlgId,
new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, hashAlgId),
- new DERInteger(saltSize),
- new DERInteger(1));
+ new ASN1Integer(saltSize),
+ new ASN1Integer(1));
}
static DERObjectIdentifier getAlgorithmOID(
diff --git a/crypto/jdk1.1/org/bouncycastle/x509/X509V1CertificateGenerator.java b/crypto/jdk1.1/org/bouncycastle/x509/X509V1CertificateGenerator.java
index f50b22b02..4d759fecc 100644
--- a/crypto/jdk1.1/org/bouncycastle/x509/X509V1CertificateGenerator.java
+++ b/crypto/jdk1.1/org/bouncycastle/x509/X509V1CertificateGenerator.java
@@ -1,22 +1,5 @@
package org.bouncycastle.x509;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x509.TBSCertificateStructure;
-import org.bouncycastle.asn1.x509.Time;
-import org.bouncycastle.asn1.x509.V1TBSCertificateGenerator;
-import org.bouncycastle.asn1.x509.X509CertificateStructure;
-import org.bouncycastle.asn1.x509.X509Name;
-import org.bouncycastle.jce.X509Principal;
-import org.bouncycastle.jce.provider.X509CertificateObject;
-
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
@@ -34,8 +17,25 @@ import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Iterator;
+import org.bouncycastle.asn1.ASN1EncodableVector;
+import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Integer;
+import org.bouncycastle.asn1.ASN1Sequence;
+import org.bouncycastle.asn1.DERBitString;
+import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.asn1.x509.TBSCertificate;
+import org.bouncycastle.asn1.x509.Time;
+import org.bouncycastle.asn1.x509.V1TBSCertificateGenerator;
+import org.bouncycastle.asn1.x509.X509CertificateStructure;
+import org.bouncycastle.asn1.x509.X509Name;
+import org.bouncycastle.jce.provider.X509CertificateObject;
+
/**
* class to produce an X.509 Version 1 certificate.
+ * @deprecated use org.bouncycastle.cert.X509v1CertificateBuilder.
*/
public class X509V1CertificateGenerator
{
@@ -68,7 +68,7 @@ public class X509V1CertificateGenerator
throw new IllegalArgumentException("serial number must be a positive integer");
}
- tbsGen.setSerialNumber(new DERInteger(serialNumber));
+ tbsGen.setSerialNumber(new ASN1Integer(serialNumber));
}
/**
@@ -92,7 +92,7 @@ public class X509V1CertificateGenerator
{
tbsGen.setEndDate(new Time(date));
}
-
+
/**
* Set the subject distinguished name. The subject describes the entity associated with the public key.
*/
@@ -260,7 +260,7 @@ public class X509V1CertificateGenerator
SecureRandom random)
throws CertificateEncodingException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
{
- TBSCertificateStructure tbsCert = tbsGen.generateTBSCertificate();
+ TBSCertificate tbsCert = tbsGen.generateTBSCertificate();
byte[] signature;
try
@@ -299,7 +299,7 @@ public class X509V1CertificateGenerator
SecureRandom random)
throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
{
- TBSCertificateStructure tbsCert = tbsGen.generateTBSCertificate();
+ TBSCertificate tbsCert = tbsGen.generateTBSCertificate();
byte[] signature;
try
@@ -314,7 +314,7 @@ public class X509V1CertificateGenerator
return generateJcaObject(tbsCert, signature);
}
- private X509Certificate generateJcaObject(TBSCertificateStructure tbsCert, byte[] signature)
+ private X509Certificate generateJcaObject(TBSCertificate tbsCert, byte[] signature)
throws CertificateEncodingException
{
ASN1EncodableVector v = new ASN1EncodableVector();
@@ -327,7 +327,7 @@ public class X509V1CertificateGenerator
{
return new X509CertificateObject(new X509CertificateStructure(new DERSequence(v)));
}
- catch (Exception e)
+ catch (CertificateParsingException e)
{
throw new ExtCertificateEncodingException("exception producing certificate object", e);
}
diff --git a/crypto/jdk1.1/org/bouncycastle/x509/X509V2CRLGenerator.java b/crypto/jdk1.1/org/bouncycastle/x509/X509V2CRLGenerator.java
index 608c4cfa9..beb9eda5c 100644
--- a/crypto/jdk1.1/org/bouncycastle/x509/X509V2CRLGenerator.java
+++ b/crypto/jdk1.1/org/bouncycastle/x509/X509V2CRLGenerator.java
@@ -23,7 +23,7 @@ import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERGeneralizedTime;
-import org.bouncycastle.asn1.DERInteger;
+import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
@@ -32,6 +32,7 @@ import org.bouncycastle.asn1.x509.TBSCertList;
import org.bouncycastle.asn1.x509.Time;
import org.bouncycastle.asn1.x509.V2TBSCertListGenerator;
import org.bouncycastle.asn1.x509.X509Extensions;
+import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.X509ExtensionsGenerator;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.jce.provider.X509CRLObject;
@@ -91,7 +92,7 @@ public class X509V2CRLGenerator
**/
public void addCRLEntry(BigInteger userCertificate, Date revocationDate, int reason)
{
- tbsGen.addCRLEntry(new DERInteger(userCertificate), new Time(revocationDate), reason);
+ tbsGen.addCRLEntry(new ASN1Integer(userCertificate), new Time(revocationDate), reason);
}
/**
@@ -101,7 +102,7 @@ public class X509V2CRLGenerator
**/
public void addCRLEntry(BigInteger userCertificate, Date revocationDate, int reason, Date invalidityDate)
{
- tbsGen.addCRLEntry(new DERInteger(userCertificate), new Time(revocationDate), reason, new DERGeneralizedTime(invalidityDate));
+ tbsGen.addCRLEntry(new ASN1Integer(userCertificate), new Time(revocationDate), reason, new DERGeneralizedTime(invalidityDate));
}
/**
@@ -109,7 +110,7 @@ public class X509V2CRLGenerator
**/
public void addCRLEntry(BigInteger userCertificate, Date revocationDate, X509Extensions extensions)
{
- tbsGen.addCRLEntry(new DERInteger(userCertificate), new Time(revocationDate), extensions);
+ tbsGen.addCRLEntry(new ASN1Integer(userCertificate), new Time(revocationDate), Extensions.getInstance(extensions));
}
/**
diff --git a/crypto/jdk1.1/org/bouncycastle/x509/X509V3CertificateGenerator.java b/crypto/jdk1.1/org/bouncycastle/x509/X509V3CertificateGenerator.java
index 9ac2bd780..6c6f6595d 100644
--- a/crypto/jdk1.1/org/bouncycastle/x509/X509V3CertificateGenerator.java
+++ b/crypto/jdk1.1/org/bouncycastle/x509/X509V3CertificateGenerator.java
@@ -19,14 +19,14 @@ import java.util.Iterator;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
+import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DERInteger;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x509.TBSCertificateStructure;
+import org.bouncycastle.asn1.x509.TBSCertificate;
import org.bouncycastle.asn1.x509.Time;
import org.bouncycastle.asn1.x509.V3TBSCertificateGenerator;
import org.bouncycastle.asn1.x509.X509CertificateStructure;
@@ -73,7 +73,7 @@ public class X509V3CertificateGenerator
throw new IllegalArgumentException("serial number must be a positive integer");
}
- tbsGen.setSerialNumber(new DERInteger(serialNumber));
+ tbsGen.setSerialNumber(new ASN1Integer(serialNumber));
}
/**
@@ -394,7 +394,7 @@ public class X509V3CertificateGenerator
SecureRandom random)
throws CertificateEncodingException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
{
- TBSCertificateStructure tbsCert = generateTbsCert();
+ TBSCertificate tbsCert = generateTbsCert();
byte[] signature;
try
@@ -439,7 +439,7 @@ public class X509V3CertificateGenerator
SecureRandom random)
throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
{
- TBSCertificateStructure tbsCert = generateTbsCert();
+ TBSCertificate tbsCert = generateTbsCert();
byte[] signature;
try
@@ -461,7 +461,7 @@ public class X509V3CertificateGenerator
}
}
- private TBSCertificateStructure generateTbsCert()
+ private TBSCertificate generateTbsCert()
{
if (!extGenerator.isEmpty())
{
@@ -471,7 +471,7 @@ public class X509V3CertificateGenerator
return tbsGen.generateTBSCertificate();
}
- private X509Certificate generateJcaObject(TBSCertificateStructure tbsCert, byte[] signature)
+ private X509Certificate generateJcaObject(TBSCertificate tbsCert, byte[] signature)
throws CertificateParsingException
{
ASN1EncodableVector v = new ASN1EncodableVector();
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-21 06:08:57 +0000