diff options
author | bouncy <bouncy> | 2012-03-16 07:33:10 +0000 |
---|---|---|
committer | bouncy <bouncy> | 2012-03-16 07:33:10 +0000 |
commit | 14d9959004251edde06d2ea2c3ecaf543625e9aa (patch) | |
tree | ebad26d3875d34ba21fe7ed386c1f6c76fdffe5b | |
parent | cc618274d3645d3d23107c5957b0b7d53b367a37 (diff) | |
download | android_external_spongycastle-14d9959004251edde06d2ea2c3ecaf543625e9aa.tar.gz android_external_spongycastle-14d9959004251edde06d2ea2c3ecaf543625e9aa.tar.bz2 android_external_spongycastle-14d9959004251edde06d2ea2c3ecaf543625e9aa.zip |
updates
12 files changed, 364 insertions, 954 deletions
diff --git a/crypto/jdk1.1/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java b/crypto/jdk1.1/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java index ab9513bd8..1b97e5fd3 100644 --- a/crypto/jdk1.1/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java +++ b/crypto/jdk1.1/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java @@ -35,7 +35,8 @@ import org.bouncycastle.asn1.pkcs.ContentInfo; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.pkcs.SignedData; import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.openssl.PEMWriter; +import org.bouncycastle.util.io.pem.PemObject; +import org.bouncycastle.util.io.pem.PemWriter; /** * CertPath implementation for X.509 certificates. @@ -307,13 +308,13 @@ public class PKIXCertPath else if (encoding.equalsIgnoreCase("PEM")) { ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - PEMWriter pWrt = new PEMWriter(new OutputStreamWriter(bOut)); + PemWriter pWrt = new PemWriter(new OutputStreamWriter(bOut)); try { for (int i = 0; i != certificates.size(); i++) { - pWrt.writeObject(certificates.get(i)); + pWrt.writeObject(new PemObject("CERTIFICATE", ((X509Certificate)certificates.get(i)).getEncoded())); } pWrt.close(); diff --git a/crypto/jdk1.1/org/bouncycastle/jce/provider/BouncyCastleProvider.java b/crypto/jdk1.1/org/bouncycastle/jce/provider/BouncyCastleProvider.java index 2197b86fb..c1bdf97c6 100644 --- a/crypto/jdk1.1/org/bouncycastle/jce/provider/BouncyCastleProvider.java +++ b/crypto/jdk1.1/org/bouncycastle/jce/provider/BouncyCastleProvider.java @@ -44,7 +44,7 @@ import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter; public final class BouncyCastleProvider extends Provider implements ConfigurableProvider { - private static String info = "BouncyCastle Security Provider v1.47b"; + private static String info = "BouncyCastle Security Provider v1.47"; public static String PROVIDER_NAME = "BC"; @@ -96,7 +96,7 @@ public final class BouncyCastleProvider extends Provider */ public BouncyCastleProvider() { - super(PROVIDER_NAME, 1.465, info); + super(PROVIDER_NAME, 1.47, info); setup(); } @@ -153,12 +153,6 @@ public final class BouncyCastleProvider extends Provider put("Alg.Alias.KeyStore.bouncycastle", "BouncyCastle"); // - // algorithm parameter generators - // - - - - // // algorithm parameters // put("AlgorithmParameters.IES", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IES"); @@ -239,10 +233,6 @@ public final class BouncyCastleProvider extends Provider put("Cipher.IES", "org.bouncycastle.jce.provider.JCEIESCipher$IES"); put("Cipher.BrokenIES", "org.bouncycastle.jce.provider.JCEIESCipher$BrokenIES"); - put("Alg.Alias.Cipher.ELGAMAL/ECB/PKCS1PADDING", "ELGAMAL/PKCS1"); - put("Alg.Alias.Cipher.ELGAMAL/NONE/PKCS1PADDING", "ELGAMAL/PKCS1"); - put("Alg.Alias.Cipher.ELGAMAL/NONE/NOPADDING", "ELGAMAL"); - put("Cipher.PBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithMD5AndDES"); put("Cipher.BROKENPBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithMD5AndDES"); put("Cipher.PBEWITHMD5ANDRC2", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithMD5AndRC2"); diff --git a/crypto/jdk1.1/org/bouncycastle/jce/provider/JDKX509CertificateFactory.java b/crypto/jdk1.1/org/bouncycastle/jce/provider/JDKX509CertificateFactory.java deleted file mode 100644 index c8fc79024..000000000 --- a/crypto/jdk1.1/org/bouncycastle/jce/provider/JDKX509CertificateFactory.java +++ /dev/null @@ -1,377 +0,0 @@ -package org.bouncycastle.jce.provider; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.SignedData; -import org.bouncycastle.asn1.x509.CertificateList; -import org.bouncycastle.asn1.x509.X509CertificateStructure; - -import java.io.IOException; -import java.io.InputStream; -import java.io.PushbackInputStream; -import java.security.cert.CRL; -import java.security.cert.CRLException; -import java.security.cert.CertPath; -import java.security.cert.Certificate; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactorySpi; -import java.security.cert.CertificateParsingException; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Iterator; -import java.util.List; - -/** - * class for dealing with X509 certificates. - * <p> - * At the moment this will deal with "-----BEGIN CERTIFICATE-----" to "-----END CERTIFICATE-----" - * base 64 encoded certs, as well as the BER binaries of certificates and some classes of PKCS#7 - * objects. - */ -public class JDKX509CertificateFactory - extends CertificateFactorySpi -{ - private static final PEMUtil PEM_CERT_PARSER = new PEMUtil("CERTIFICATE"); - private static final PEMUtil PEM_CRL_PARSER = new PEMUtil("CRL"); - - private ASN1Set sData = null; - private int sDataObjectCount = 0; - private InputStream currentStream = null; - - private ASN1Set sCrlData = null; - private int sCrlDataObjectCount = 0; - private InputStream currentCrlStream = null; - - private Certificate readDERCertificate( - ASN1InputStream dIn) - throws IOException, CertificateParsingException - { - ASN1Sequence seq = (ASN1Sequence)dIn.readObject(); - - if (seq.size() > 1 - && seq.getObjectAt(0) instanceof DERObjectIdentifier) - { - if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData)) - { - sData = new SignedData(ASN1Sequence.getInstance( - (ASN1TaggedObject)seq.getObjectAt(1), true)).getCertificates(); - - return getCertificate(); - } - } - - return new X509CertificateObject( - X509CertificateStructure.getInstance(seq)); - } - - private Certificate getCertificate() - throws CertificateParsingException - { - if (sData != null) - { - while (sDataObjectCount < sData.size()) - { - Object obj = sData.getObjectAt(sDataObjectCount++); - - if (obj instanceof ASN1Sequence) - { - return new X509CertificateObject( - X509CertificateStructure.getInstance(obj)); - } - } - } - - return null; - } - - private Certificate readPEMCertificate( - InputStream in) - throws IOException, CertificateParsingException - { - ASN1Sequence seq = PEM_CERT_PARSER.readPEMObject(in); - - if (seq != null) - { - return new X509CertificateObject( - X509CertificateStructure.getInstance(seq)); - } - - return null; - } - - protected CRL createCRL(CertificateList c) - throws CRLException - { - return new X509CRLObject(c); - } - - private CRL readPEMCRL( - InputStream in) - throws IOException, CRLException - { - ASN1Sequence seq = PEM_CRL_PARSER.readPEMObject(in); - - if (seq != null) - { - return createCRL( - CertificateList.getInstance(seq)); - } - - return null; - } - - private CRL readDERCRL( - ASN1InputStream aIn) - throws IOException, CRLException - { - ASN1Sequence seq = (ASN1Sequence)aIn.readObject(); - - if (seq.size() > 1 - && seq.getObjectAt(0) instanceof DERObjectIdentifier) - { - if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData)) - { - sCrlData = new SignedData(ASN1Sequence.getInstance( - (ASN1TaggedObject)seq.getObjectAt(1), true)).getCRLs(); - - return getCRL(); - } - } - - return createCRL( - CertificateList.getInstance(seq)); - } - - private CRL getCRL() - throws CRLException - { - if (sCrlData == null || sCrlDataObjectCount >= sCrlData.size()) - { - return null; - } - - return createCRL( - CertificateList.getInstance( - sCrlData.getObjectAt(sCrlDataObjectCount++))); - } - - /** - * Generates a certificate object and initializes it with the data - * read from the input stream inStream. - */ - public Certificate engineGenerateCertificate( - InputStream in) - throws CertificateException - { - if (currentStream == null) - { - currentStream = in; - sData = null; - sDataObjectCount = 0; - } - else if (currentStream != in) // reset if input stream has changed - { - currentStream = in; - sData = null; - sDataObjectCount = 0; - } - - try - { - if (sData != null) - { - if (sDataObjectCount != sData.size()) - { - return getCertificate(); - } - else - { - sData = null; - sDataObjectCount = 0; - return null; - } - } - - int limit = ProviderUtil.getReadLimit(in); - - PushbackInputStream pis = new PushbackInputStream(in); - int tag = pis.read(); - - if (tag == -1) - { - return null; - } - - pis.unread(tag); - - if (tag != 0x30) // assume ascii PEM encoded. - { - return readPEMCertificate(pis); - } - else - { - return readDERCertificate(new ASN1InputStream(pis, limit)); - } - } - catch (Exception e) - { - throw new CertificateException(e.toString()); - } - } - - /** - * Returns a (possibly empty) collection view of the certificates - * read from the given input stream inStream. - */ - public Collection engineGenerateCertificates( - InputStream inStream) - throws CertificateException - { - Certificate cert; - List certs = new ArrayList(); - - while ((cert = engineGenerateCertificate(inStream)) != null) - { - certs.add(cert); - } - - return certs; - } - - /** - * Generates a certificate revocation list (CRL) object and initializes - * it with the data read from the input stream inStream. - */ - public CRL engineGenerateCRL( - InputStream inStream) - throws CRLException - { - if (currentCrlStream == null) - { - currentCrlStream = inStream; - sCrlData = null; - sCrlDataObjectCount = 0; - } - else if (currentCrlStream != inStream) // reset if input stream has changed - { - currentCrlStream = inStream; - sCrlData = null; - sCrlDataObjectCount = 0; - } - - try - { - if (sCrlData != null) - { - if (sCrlDataObjectCount != sCrlData.size()) - { - return getCRL(); - } - else - { - sCrlData = null; - sCrlDataObjectCount = 0; - return null; - } - } - - int limit = ProviderUtil.getReadLimit(inStream); - - PushbackInputStream pis = new PushbackInputStream(inStream); - int tag = pis.read(); - - if (tag == -1) - { - return null; - } - - pis.unread(tag); - - if (tag != 0x30) // assume ascii PEM encoded. - { - return readPEMCRL(pis); - } - else - { // lazy evaluate to help processing of large CRLs - return readDERCRL(new ASN1InputStream(pis, limit, true)); - } - } - catch (CRLException e) - { - throw e; - } - catch (Exception e) - { - throw new CRLException(e.toString()); - } - } - - /** - * Returns a (possibly empty) collection view of the CRLs read from - * the given input stream inStream. - * - * The inStream may contain a sequence of DER-encoded CRLs, or - * a PKCS#7 CRL set. This is a PKCS#7 SignedData object, with the - * only signficant field being crls. In particular the signature - * and the contents are ignored. - */ - public Collection engineGenerateCRLs( - InputStream inStream) - throws CRLException - { - CRL crl; - List crls = new ArrayList(); - - while ((crl = engineGenerateCRL(inStream)) != null) - { - crls.add(crl); - } - - return crls; - } - - public Iterator engineGetCertPathEncodings() - { - return PKIXCertPath.certPathEncodings.iterator(); - } - - public CertPath engineGenerateCertPath( - InputStream inStream) - throws CertificateException - { - return engineGenerateCertPath(inStream, "PkiPath"); - } - - public CertPath engineGenerateCertPath( - InputStream inStream, - String encoding) - throws CertificateException - { - return new PKIXCertPath(inStream, encoding); - } - - public CertPath engineGenerateCertPath( - List certificates) - throws CertificateException - { - Iterator iter = certificates.iterator(); - Object obj; - while (iter.hasNext()) - { - obj = iter.next(); - if (obj != null) - { - if (!(obj instanceof X509Certificate)) - { - throw new CertificateException("list contains non X509Certificate object while creating CertPath\n" + obj.toString()); - } - } - } - return new PKIXCertPath(certificates); - } -} diff --git a/crypto/jdk1.1/org/bouncycastle/jce/provider/PKIXCertPath.java b/crypto/jdk1.1/org/bouncycastle/jce/provider/PKIXCertPath.java deleted file mode 100644 index 1d645b420..000000000 --- a/crypto/jdk1.1/org/bouncycastle/jce/provider/PKIXCertPath.java +++ /dev/null @@ -1,400 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.BufferedInputStream; -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStreamWriter; -import java.security.NoSuchProviderException; -import java.security.cert.CertPath; -import java.security.cert.Certificate; -import java.security.cert.CertificateEncodingException; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Collections; -import java.util.Enumeration; -import java.util.Iterator; -import java.util.List; -import java.util.ListIterator; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.DEROutputStream; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.pkcs.ContentInfo; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.SignedData; -import org.bouncycastle.jce.PrincipalUtil; -import org.bouncycastle.jce.X509Principal; -import org.bouncycastle.openssl.PEMWriter; - -/** - * CertPath implementation for X.509 certificates. - * <br /> - **/ -public class PKIXCertPath - extends CertPath -{ - static final List certPathEncodings; - - static - { - List encodings = new ArrayList(); - encodings.add("PkiPath"); - encodings.add("PEM"); - encodings.add("PKCS7"); - certPathEncodings = Collections.unmodifiableList( encodings ); - } - - private List certificates; - - /** - * @param certs - */ - private List sortCerts( - List certs) - { - if (certs.size() < 2) - { - return certs; - } - - try - { - X509Principal issuer = PrincipalUtil.getIssuerX509Principal(((X509Certificate)certs.get(0))); - boolean okay = true; - - for (int i = 1; i != certs.size(); i++) - { - X509Certificate cert = (X509Certificate)certs.get(i); - - if (issuer.equals(PrincipalUtil.getSubjectX509Principal(cert))) - { - issuer = PrincipalUtil.getIssuerX509Principal(((X509Certificate)certs.get(i))); - } - else - { - okay = false; - break; - } - } - - if (okay) - { - return certs; - } - - // find end-entity cert - ArrayList retList = new ArrayList(certs.size()); - - for (int i = 0; i < certs.size(); i++) - { - X509Certificate cert = (X509Certificate)certs.get(i); - boolean found = false; - - X509Principal subject = PrincipalUtil.getSubjectX509Principal(cert); - - for (int j = 0; j != certs.size(); j++) - { - X509Certificate c = (X509Certificate)certs.get(j); - if (PrincipalUtil.getIssuerX509Principal(c).equals(subject)) - { - found = true; - break; - } - } - - if (!found) - { - retList.add(cert); - certs.remove(i); - } - } - - // can only have one end entity cert - something's wrong, give up. - if (retList.size() > 1) - { - for (int i = 0; i != certs.size(); i++) - { - retList.add(certs.get(i)); - } - - return retList; - } - - for (int i = 0; i != retList.size(); i++) - { - issuer = PrincipalUtil.getIssuerX509Principal((X509Certificate)retList.get(i)); - - for (int j = 0; j < certs.size(); j++) - { - X509Certificate c = (X509Certificate)certs.get(j); - if (issuer.equals(PrincipalUtil.getSubjectX509Principal(c))) - { - retList.add(c); - certs.remove(j); - break; - } - } - } - - // make sure all certificates are accounted for. - for (int i = 0; i != certs.size(); i++) - { - retList.add(certs.get(i)); - } - - return retList; - } - catch (Exception e) - { - return certs; - } - } - - /** - * Creates a CertPath of the specified type. - * This constructor is protected because most users should use - * a CertificateFactory to create CertPaths. - * @param type the standard name of the type of Certificatesin this path - **/ - PKIXCertPath( List certificates ) - { - super("X.509"); - this.certificates = sortCerts(new ArrayList(certificates)); - } - - /** - * Creates a CertPath of the specified type. - * This constructor is protected because most users should use - * a CertificateFactory to create CertPaths. - * - * @param type the standard name of the type of Certificatesin this path - **/ - PKIXCertPath( - InputStream inStream, - String encoding) - throws CertificateException - { - super("X.509"); - try { - if (encoding.equalsIgnoreCase( "PkiPath" )) - { - ASN1InputStream derInStream = new ASN1InputStream(inStream); - ASN1Primitive derObject = derInStream.readObject(); - if (!(derObject instanceof ASN1Sequence)) - { - throw new CertificateException("input stream does not contain a ASN1 SEQUENCE while reading PkiPath encoded data to load CertPath" ); - } - Enumeration e = ((ASN1Sequence)derObject).getObjects(); - InputStream certInStream; - ByteArrayOutputStream outStream; - DEROutputStream derOutStream; - certificates = new ArrayList(); - CertificateFactory certFactory= CertificateFactory.getInstance( "X.509", "BC" ); - while ( e.hasMoreElements() ) { - outStream = new ByteArrayOutputStream(); - derOutStream = new DEROutputStream(outStream); - - derOutStream.writeObject((ASN1Encodable)e.nextElement()); - derOutStream.close(); - - certInStream = new ByteArrayInputStream(outStream.toByteArray()); - certificates.add(0,certFactory.generateCertificate(certInStream)); - } - } - else if (encoding.equalsIgnoreCase("PKCS7") || encoding.equalsIgnoreCase("PEM")) - { - inStream = new BufferedInputStream(inStream); - certificates = new ArrayList(); - CertificateFactory certFactory= CertificateFactory.getInstance( "X.509", "BC" ); - Certificate cert = null; - while ((cert = certFactory.generateCertificate(inStream)) != null) - { - certificates.add(cert); - } - } - else - { - throw new CertificateException( "unsupported encoding: " + encoding); - } - } - catch (IOException ex) - { - throw new CertificateException( "IOException throw while decoding CertPath:\n" + ex.toString() ); - } - catch (NoSuchProviderException ex ) - { - throw new CertificateException( "BouncyCastle provider not found while trying to get a CertificateFactory:\n" + ex.toString() ); - } - - this.certificates = sortCerts(certificates); - } - - /** - * Returns an iteration of the encodings supported by this - * certification path, with the default encoding - * first. Attempts to modify the returned Iterator via its - * remove method result in an UnsupportedOperationException. - * - * @return an Iterator over the names of the supported encodings (as Strings) - **/ - public Iterator getEncodings() - { - return certPathEncodings.iterator(); - } - - /** - * Returns the encoded form of this certification path, using - * the default encoding. - * - * @return the encoded bytes - * @exception CertificateEncodingException if an encoding error occurs - **/ - public byte[] getEncoded() - throws CertificateEncodingException - { - Iterator iter = getEncodings(); - if ( iter.hasNext() ) - { - Object enc = iter.next(); - if ( enc instanceof String ) - { - return getEncoded((String)enc); - } - } - return null; - } - - /** - * Returns the encoded form of this certification path, using - * the specified encoding. - * - * @param encoding the name of the encoding to use - * @return the encoded bytes - * @exception CertificateEncodingException if an encoding error - * occurs or the encoding requested is not supported - * - **/ - public byte[] getEncoded(String encoding) - throws CertificateEncodingException - { - if (encoding.equalsIgnoreCase("PkiPath")) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - ListIterator iter = certificates.listIterator(certificates.size()); - while ( iter.hasPrevious() ) - { - v.add(toASN1Object((X509Certificate)iter.previous())); - } - - return toDEREncoded(new DERSequence(v)); - } - else if (encoding.equalsIgnoreCase("PKCS7")) - { - ContentInfo encInfo = new ContentInfo(PKCSObjectIdentifiers.data, null); - - ASN1EncodableVector v = new ASN1EncodableVector(); - for (int i = 0; i != certificates.size(); i++) - { - v.add(toASN1Object((X509Certificate)certificates.get(i))); - } - - SignedData sd = new SignedData( - new DERInteger(1), - new DERSet(), - encInfo, - new DERSet(v), - null, - new DERSet()); - - return toDEREncoded(new ContentInfo( - PKCSObjectIdentifiers.signedData, sd)); - } - else if (encoding.equalsIgnoreCase("PEM")) - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - PEMWriter pWrt = new PEMWriter(new OutputStreamWriter(bOut)); - - try - { - for (int i = 0; i != certificates.size(); i++) - { - pWrt.writeObject(certificates.get(i)); - } - - pWrt.close(); - } - catch (Exception e) - { - throw new CertificateEncodingException("can't encode certificate for PEM encoded path"); - } - - return bOut.toByteArray(); - } - else - { - throw new CertificateEncodingException("unsupported encoding: " + encoding); - } - } - - /** - * Returns the list of certificates in this certification - * path. The List returned must be immutable and thread-safe. - * - * @return an immutable List of Certificates (may be empty, but not null) - **/ - public List getCertificates() - { - return Collections.unmodifiableList(new ArrayList(certificates)); - } - - /** - * Return a ASN1Primitive containing the encoded certificate. - * - * @param cert the X509Certificate object to be encoded - * - * @return the ASN1Primitive - **/ - private ASN1Primitive toASN1Object( - X509Certificate cert ) - throws CertificateEncodingException - { - try - { - return new ASN1InputStream(cert.getEncoded()).readObject(); - } - catch (Exception e) - { - throw new CertificateEncodingException("Exception while encoding certificate: " + e.toString()); - } - } - - private byte[] toDEREncoded(ASN1Encodable obj) - throws CertificateEncodingException - { - try - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - - dOut.writeObject(obj); - dOut.close(); - - return bOut.toByteArray(); - } - catch (IOException e) - { - throw new CertificateEncodingException("Exeption thrown: " + e); - } - } -} diff --git a/crypto/jdk1.1/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java b/crypto/jdk1.1/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java index af1eac408..cee23322b 100644 --- a/crypto/jdk1.1/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java +++ b/crypto/jdk1.1/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java @@ -1316,7 +1316,7 @@ public class PKIXCertPathValidatorSpi extends CertPathValidatorSpi ASN1Sequence ncSeq = (ASN1Sequence)getExtensionValue(cert, NAME_CONSTRAINTS); if (ncSeq != null) { - NameConstraints nc = new NameConstraints(ncSeq); + NameConstraints nc = NameConstraints.getInstance(ncSeq); // // (g) (1) permitted subtrees diff --git a/crypto/jdk1.1/org/bouncycastle/jce/provider/X509CRLObject.java b/crypto/jdk1.1/org/bouncycastle/jce/provider/X509CRLObject.java index 9decde93b..c71128680 100644 --- a/crypto/jdk1.1/org/bouncycastle/jce/provider/X509CRLObject.java +++ b/crypto/jdk1.1/org/bouncycastle/jce/provider/X509CRLObject.java @@ -1,34 +1,45 @@ package org.bouncycastle.jce.provider; -import java.io.ByteArrayOutputStream; import java.io.IOException; import java.math.BigInteger; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.Principal; -import java.security.Provider; import java.security.PublicKey; -import java.security.Security; import java.security.Signature; import java.security.SignatureException; import java.security.cert.CRLException; import java.security.cert.Certificate; +import java.security.cert.CertificateEncodingException; import java.security.cert.X509CRL; import java.security.cert.X509CRLEntry; import java.security.cert.X509Certificate; +import java.util.Collections; import java.util.Date; import java.util.Enumeration; import java.util.HashSet; +import java.util.Iterator; import java.util.Set; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DEROutputStream; +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.DERInteger; +import org.bouncycastle.asn1.util.ASN1Dump; +import org.bouncycastle.asn1.x500.X500Name; +import org.bouncycastle.asn1.x509.CRLDistPoint; +import org.bouncycastle.asn1.x509.CRLNumber; import org.bouncycastle.asn1.x509.CertificateList; +import org.bouncycastle.asn1.x509.Extension; +import org.bouncycastle.asn1.x509.Extensions; +import org.bouncycastle.asn1.x509.GeneralNames; +import org.bouncycastle.asn1.x509.IssuingDistributionPoint; import org.bouncycastle.asn1.x509.TBSCertList; -import org.bouncycastle.asn1.x509.X509Extension; -import org.bouncycastle.asn1.x509.X509Extensions; import org.bouncycastle.jce.X509Principal; +import org.bouncycastle.util.encoders.Hex; +import org.bouncycastle.x509.extension.X509ExtensionUtil; /** * The following extensions are listed in RFC 2459 as relevant to CRLs @@ -43,11 +54,51 @@ public class X509CRLObject extends X509CRL { private CertificateList c; + private String sigAlgName; + private byte[] sigAlgParams; + private boolean isIndirect; + + static boolean isIndirectCRL(X509CRL crl) + throws CRLException + { + try + { + byte[] idp = crl.getExtensionValue(Extension.issuingDistributionPoint.getId()); + return idp != null + && IssuingDistributionPoint.getInstance(X509ExtensionUtil.fromExtensionValue(idp)).isIndirectCRL(); + } + catch (Exception e) + { + throw new ExtCRLException( + "Exception reading IssuingDistributionPoint", e); + } + } public X509CRLObject( CertificateList c) + throws CRLException { this.c = c; + + try + { + this.sigAlgName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm()); + + if (c.getSignatureAlgorithm().getParameters() != null) + { + this.sigAlgParams = ((ASN1Encodable)c.getSignatureAlgorithm().getParameters()).toASN1Primitive().getEncoded(ASN1Encoding.DER); + } + else + { + this.sigAlgParams = null; + } + + this.isIndirect = isIndirectCRL(this); + } + catch (Exception e) + { + throw new CRLException("CRL contents invalid: " + e); + } } /** @@ -57,34 +108,42 @@ public class X509CRLObject public boolean hasUnsupportedCriticalExtension() { Set extns = getCriticalExtensionOIDs(); - if ( extns != null && !extns.isEmpty() ) + + if (extns == null) { - return true; + return false; } - return false; + extns.remove(RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT); + extns.remove(RFC3280CertPathUtilities.DELTA_CRL_INDICATOR); + + return !extns.isEmpty(); } private Set getExtensionOIDs(boolean critical) { if (this.getVersion() == 2) { - HashSet set = new HashSet(); - X509Extensions extensions = c.getTBSCertList().getExtensions(); - Enumeration e = extensions.oids(); + Extensions extensions = c.getTBSCertList().getExtensions(); - while (e.hasMoreElements()) + if (extensions != null) { - DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); - X509Extension ext = extensions.getExtension(oid); + Set set = new HashSet(); + Enumeration e = extensions.oids(); - if (critical == ext.isCritical()) + while (e.hasMoreElements()) { - set.add(oid.getId()); + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); + Extension ext = extensions.getExtension(oid); + + if (critical == ext.isCritical()) + { + set.add(oid.getId()); + } } - } - return set; + return set; + } } return null; @@ -102,26 +161,21 @@ public class X509CRLObject public byte[] getExtensionValue(String oid) { - X509Extensions exts = c.getTBSCertList().getExtensions(); + Extensions exts = c.getTBSCertList().getExtensions(); if (exts != null) { - X509Extension ext = exts.getExtension(new DERObjectIdentifier(oid)); + Extension ext = exts.getExtension(new ASN1ObjectIdentifier(oid)); if (ext != null) { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - try { - dOut.writeObject(ext.getValue()); - - return bOut.toByteArray(); + return ext.getExtnValue().getEncoded(); } catch (Exception e) { - throw new RuntimeException("error encoding " + e.toString()); + throw new IllegalStateException("error parsing " + e.toString()); } } } @@ -132,14 +186,9 @@ public class X509CRLObject public byte[] getEncoded() throws CRLException { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - try { - dOut.writeObject(c); - - return bOut.toByteArray(); + return c.getEncoded(ASN1Encoding.DER); } catch (IOException e) { @@ -149,27 +198,35 @@ public class X509CRLObject public void verify(PublicKey key) throws CRLException, NoSuchAlgorithmException, - InvalidKeyException, NoSuchProviderException, - SignatureException + InvalidKeyException, NoSuchProviderException, SignatureException { - verify(key, "BC"); + verify(key, BouncyCastleProvider.PROVIDER_NAME); } public void verify(PublicKey key, String sigProvider) throws CRLException, NoSuchAlgorithmException, - InvalidKeyException, NoSuchProviderException, - SignatureException + InvalidKeyException, NoSuchProviderException, SignatureException { - if ( !c.getSignatureAlgorithm().equals(c.getTBSCertList().getSignature()) ) + if (!c.getSignatureAlgorithm().equals(c.getTBSCertList().getSignature())) { - throw new CRLException("Signature algorithm on CertifcateList does not match TBSCertList."); + throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList."); } - Signature sig = Signature.getInstance(getSigAlgName(), sigProvider); + Signature sig; + + if (sigProvider != null) + { + sig = Signature.getInstance(getSigAlgName(), sigProvider); + } + else + { + sig = Signature.getInstance(getSigAlgName()); + } sig.initVerify(key); sig.update(this.getTBSCertList()); - if ( !sig.verify(this.getSignature()) ) + + if (!sig.verify(this.getSignature())) { throw new SignatureException("CRL does not verify with supplied public key."); } @@ -177,12 +234,12 @@ public class X509CRLObject public int getVersion() { - return c.getVersion(); + return c.getVersionNumber(); } public Principal getIssuerDN() { - return new X509Principal(c.getIssuer()); + return new X509Principal(X500Name.getInstance(c.getIssuer().toASN1Primitive())); } public Date getThisUpdate() @@ -199,54 +256,78 @@ public class X509CRLObject return null; } - - public X509CRLEntry getRevokedCertificate(BigInteger serialNumber) + + private Set loadCRLEntries() { - TBSCertList.CRLEntry[] certs = c.getRevokedCertificates(); + Set entrySet = new HashSet(); + Enumeration certs = c.getRevokedCertificateEnumeration(); - if ( certs != null ) + X500Name previousCertificateIssuer = c.getIssuer(); + while (certs.hasMoreElements()) { - for ( int i = 0; i < certs.length; i++ ) + TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry)certs.nextElement(); + X509CRLEntryObject crlEntry = new X509CRLEntryObject(entry, isIndirect, previousCertificateIssuer); + entrySet.add(crlEntry); + if (isIndirect && entry.hasExtensions()) { - if ( certs[i].getUserCertificate().getValue().equals(serialNumber) ) { - return new X509CRLEntryObject(certs[i]); + Extension currentCaName = entry.getExtensions().getExtension(Extension.certificateIssuer); + + if (currentCaName != null) + { + previousCertificateIssuer = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName()); } } } - return null; + return entrySet; } - - public Set getRevokedCertificates() + + public X509CRLEntry getRevokedCertificate(BigInteger serialNumber) { - TBSCertList.CRLEntry[] certs = c.getRevokedCertificates(); + Enumeration certs = c.getRevokedCertificateEnumeration(); - if ( certs != null ) + X500Name previousCertificateIssuer = c.getIssuer(); + while (certs.hasMoreElements()) { - HashSet set = new HashSet(); - for ( int i = 0; i < certs.length; i++ ) + TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry)certs.nextElement(); + + if (serialNumber.equals(entry.getUserCertificate().getValue())) + { + return new X509CRLEntryObject(entry, isIndirect, previousCertificateIssuer); + } + + if (isIndirect && entry.hasExtensions()) { - set.add(new X509CRLEntryObject(certs[i])); + Extension currentCaName = entry.getExtensions().getExtension(Extension.certificateIssuer); + if (currentCaName != null) + { + previousCertificateIssuer = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName()); + } } + } - return set; + return null; + } + + public Set getRevokedCertificates() + { + Set entrySet = loadCRLEntries(); + + if (!entrySet.isEmpty()) + { + return Collections.unmodifiableSet(entrySet); } return null; } - + public byte[] getTBSCertList() throws CRLException { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - try { - dOut.writeObject(c.getTBSCertList()); - - return bOut.toByteArray(); + return c.getTBSCertList().getEncoded("DER"); } catch (IOException e) { @@ -261,56 +342,25 @@ public class X509CRLObject public String getSigAlgName() { - Provider prov = Security.getProvider("BC"); - String algName = prov.getProperty("Alg.Alias.Signature." + this.getSigAlgOID()); - - if ( algName != null ) - { - return algName; - } - - Provider[] provs = Security.getProviders(); - - // - // search every provider looking for a real algorithm - // - for (int i = 0; i != provs.length; i++) - { - algName = provs[i].getProperty("Alg.Alias.Signature." + this.getSigAlgOID()); - if ( algName != null ) - { - return algName; - } - } - - return this.getSigAlgOID(); + return sigAlgName; } public String getSigAlgOID() { - return c.getSignatureAlgorithm().getObjectId().getId(); + return c.getSignatureAlgorithm().getAlgorithm().getId(); } public byte[] getSigAlgParams() { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - if ( c.getSignatureAlgorithm().getParameters() != null ) + if (sigAlgParams != null) { - try - { - DEROutputStream dOut = new DEROutputStream(bOut); - - dOut.writeObject(c.getSignatureAlgorithm().getParameters()); - } - catch (Exception e) - { - throw new RuntimeException("exception getting sig parameters " + e); - } - - return bOut.toByteArray(); + byte[] tmp = new byte[sigAlgParams.length]; + + System.arraycopy(sigAlgParams, 0, tmp, 0, tmp.length); + + return tmp; } - + return null; } @@ -321,7 +371,125 @@ public class X509CRLObject */ public String toString() { - return "X.509 CRL"; + StringBuffer buf = new StringBuffer(); + String nl = System.getProperty("line.separator"); + + buf.append(" Version: ").append(this.getVersion()).append( + nl); + buf.append(" IssuerDN: ").append(this.getIssuerDN()) + .append(nl); + buf.append(" This update: ").append(this.getThisUpdate()) + .append(nl); + buf.append(" Next update: ").append(this.getNextUpdate()) + .append(nl); + buf.append(" Signature Algorithm: ").append(this.getSigAlgName()) + .append(nl); + + byte[] sig = this.getSignature(); + + buf.append(" Signature: ").append( + new String(Hex.encode(sig, 0, 20))).append(nl); + for (int i = 20; i < sig.length; i += 20) + { + if (i < sig.length - 20) + { + buf.append(" ").append( + new String(Hex.encode(sig, i, 20))).append(nl); + } + else + { + buf.append(" ").append( + new String(Hex.encode(sig, i, sig.length - i))).append(nl); + } + } + + Extensions extensions = c.getTBSCertList().getExtensions(); + + if (extensions != null) + { + Enumeration e = extensions.oids(); + + if (e.hasMoreElements()) + { + buf.append(" Extensions: ").append(nl); + } + + while (e.hasMoreElements()) + { + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement(); + Extension ext = extensions.getExtension(oid); + + if (ext.getExtnValue() != null) + { + byte[] octs = ext.getExtnValue().getOctets(); + ASN1InputStream dIn = new ASN1InputStream(octs); + buf.append(" critical(").append( + ext.isCritical()).append(") "); + try + { + if (oid.equals(Extension.cRLNumber)) + { + buf.append( + new CRLNumber(DERInteger.getInstance( + dIn.readObject()).getPositiveValue())) + .append(nl); + } + else if (oid.equals(Extension.deltaCRLIndicator)) + { + buf.append( + "Base CRL: " + + new CRLNumber(DERInteger.getInstance( + dIn.readObject()).getPositiveValue())) + .append(nl); + } + else if (oid + .equals(Extension.issuingDistributionPoint)) + { + buf.append( + IssuingDistributionPoint.getInstance(dIn.readObject())).append(nl); + } + else if (oid + .equals(Extension.cRLDistributionPoints)) + { + buf.append( + CRLDistPoint.getInstance(dIn.readObject())).append(nl); + } + else if (oid.equals(Extension.freshestCRL)) + { + buf.append( + CRLDistPoint.getInstance(dIn.readObject())).append(nl); + } + else + { + buf.append(oid.getId()); + buf.append(" value = ").append( + ASN1Dump.dumpAsString(dIn.readObject())) + .append(nl); + } + } + catch (Exception ex) + { + buf.append(oid.getId()); + buf.append(" value = ").append("*****").append(nl); + } + } + else + { + buf.append(nl); + } + } + } + Set set = getRevokedCertificates(); + if (set != null) + { + Iterator it = set.iterator(); + while (it.hasNext()) + { + buf.append(it.next()); + buf.append(nl); + } + } + return buf.toString(); } /** @@ -333,21 +501,49 @@ public class X509CRLObject */ public boolean isRevoked(Certificate cert) { - if ( !cert.getType().equals("X.509") ) + if (!cert.getType().equals("X.509")) { throw new RuntimeException("X.509 CRL used with non X.509 Cert"); } TBSCertList.CRLEntry[] certs = c.getRevokedCertificates(); - if ( certs != null ) + X500Name caName = c.getIssuer(); + + if (certs != null) { BigInteger serial = ((X509Certificate)cert).getSerialNumber(); - for ( int i = 0; i < certs.length; i++ ) + for (int i = 0; i < certs.length; i++) { - if ( certs[i].getUserCertificate().getValue().equals(serial) ) + if (isIndirect && certs[i].hasExtensions()) { + Extension currentCaName = certs[i].getExtensions().getExtension(Extension.certificateIssuer); + + if (currentCaName != null) + { + caName = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName()); + } + } + + if (certs[i].getUserCertificate().getValue().equals(serial)) + { + X500Name issuer; + + try + { + issuer = org.bouncycastle.asn1.x509.Certificate.getInstance(cert.getEncoded()).getIssuer(); + } + catch (CertificateEncodingException e) + { + throw new RuntimeException("Cannot process certificate"); + } + + if (!caName.equals(issuer)) + { + return false; + } + return true; } } @@ -356,4 +552,3 @@ public class X509CRLObject return false; } } - diff --git a/crypto/jdk1.1/org/bouncycastle/x509/AttributeCertificateHolder.java b/crypto/jdk1.1/org/bouncycastle/x509/AttributeCertificateHolder.java index e14c2e079..ee24f8c84 100644 --- a/crypto/jdk1.1/org/bouncycastle/x509/AttributeCertificateHolder.java +++ b/crypto/jdk1.1/org/bouncycastle/x509/AttributeCertificateHolder.java @@ -4,7 +4,6 @@ import java.io.IOException; import java.math.BigInteger; import java.security.MessageDigest; import java.security.Principal; -import java.security.cert.CertSelector; import java.security.cert.Certificate; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateParsingException; @@ -13,9 +12,9 @@ import java.util.ArrayList; import java.util.List; import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1Integer; import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERSequence; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.GeneralName; import org.bouncycastle.asn1.x509.GeneralNames; @@ -24,6 +23,7 @@ import org.bouncycastle.asn1.x509.IssuerSerial; import org.bouncycastle.asn1.x509.ObjectDigestInfo; import org.bouncycastle.jce.PrincipalUtil; import org.bouncycastle.jce.X509Principal; +import java.security.cert.CertSelector; import org.bouncycastle.util.Arrays; import org.bouncycastle.util.Selector; @@ -58,8 +58,8 @@ public class AttributeCertificateHolder BigInteger serialNumber) { holder = new org.bouncycastle.asn1.x509.Holder(new IssuerSerial( - new GeneralNames(new DERSequence(new GeneralName(issuerName))), - new DERInteger(serialNumber))); + new GeneralNames(new GeneralName(issuerName)), + new ASN1Integer(serialNumber))); } public AttributeCertificateHolder(X509Certificate cert) @@ -77,7 +77,7 @@ public class AttributeCertificateHolder } holder = new Holder(new IssuerSerial(generateGeneralNames(name), - new DERInteger(cert.getSerialNumber()))); + new ASN1Integer(cert.getSerialNumber()))); } public AttributeCertificateHolder(X509Principal principal) @@ -112,7 +112,7 @@ public class AttributeCertificateHolder String digestAlgorithm, String otherObjectTypeID, byte[] objectDigest) { holder = new Holder(new ObjectDigestInfo(digestedObjectType, - otherObjectTypeID, new AlgorithmIdentifier(digestAlgorithm), Arrays + new ASN1ObjectIdentifier(otherObjectTypeID), new AlgorithmIdentifier(digestAlgorithm), Arrays .clone(objectDigest))); } @@ -187,7 +187,7 @@ public class AttributeCertificateHolder private GeneralNames generateGeneralNames(X509Principal principal) { - return new GeneralNames(new DERSequence(new GeneralName(principal))); + return new GeneralNames(new GeneralName(principal)); } private boolean matchesDN(X509Principal subject, GeneralNames targets) diff --git a/crypto/jdk1.1/org/bouncycastle/x509/AttributeCertificateIssuer.java b/crypto/jdk1.1/org/bouncycastle/x509/AttributeCertificateIssuer.java index c21355e14..7e2672dc3 100644 --- a/crypto/jdk1.1/org/bouncycastle/x509/AttributeCertificateIssuer.java +++ b/crypto/jdk1.1/org/bouncycastle/x509/AttributeCertificateIssuer.java @@ -39,7 +39,7 @@ public class AttributeCertificateIssuer public AttributeCertificateIssuer( X509Principal principal) { - form = new V2Form(new GeneralNames(new DERSequence(new GeneralName(principal)))); + form = new V2Form(new GeneralNames(new GeneralName(principal))); } private Object[] getNames() diff --git a/crypto/jdk1.1/org/bouncycastle/x509/X509Util.java b/crypto/jdk1.1/org/bouncycastle/x509/X509Util.java index 704659e88..56739eb4e 100644 --- a/crypto/jdk1.1/org/bouncycastle/x509/X509Util.java +++ b/crypto/jdk1.1/org/bouncycastle/x509/X509Util.java @@ -20,7 +20,7 @@ import java.util.Set; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.DERInteger; +import org.bouncycastle.asn1.ASN1Integer; import org.bouncycastle.asn1.DERNull; import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; @@ -130,8 +130,8 @@ class X509Util return new RSASSAPSSparams( hashAlgId, new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, hashAlgId), - new DERInteger(saltSize), - new DERInteger(1)); + new ASN1Integer(saltSize), + new ASN1Integer(1)); } static DERObjectIdentifier getAlgorithmOID( diff --git a/crypto/jdk1.1/org/bouncycastle/x509/X509V1CertificateGenerator.java b/crypto/jdk1.1/org/bouncycastle/x509/X509V1CertificateGenerator.java index f50b22b02..4d759fecc 100644 --- a/crypto/jdk1.1/org/bouncycastle/x509/X509V1CertificateGenerator.java +++ b/crypto/jdk1.1/org/bouncycastle/x509/X509V1CertificateGenerator.java @@ -1,22 +1,5 @@ package org.bouncycastle.x509; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x509.TBSCertificateStructure; -import org.bouncycastle.asn1.x509.Time; -import org.bouncycastle.asn1.x509.V1TBSCertificateGenerator; -import org.bouncycastle.asn1.x509.X509CertificateStructure; -import org.bouncycastle.asn1.x509.X509Name; -import org.bouncycastle.jce.X509Principal; -import org.bouncycastle.jce.provider.X509CertificateObject; - import java.io.ByteArrayInputStream; import java.io.IOException; import java.math.BigInteger; @@ -34,8 +17,25 @@ import java.security.cert.X509Certificate; import java.util.Date; import java.util.Iterator; +import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.DERBitString; +import org.bouncycastle.asn1.DERObjectIdentifier; +import org.bouncycastle.asn1.DERSequence; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +import org.bouncycastle.asn1.x509.TBSCertificate; +import org.bouncycastle.asn1.x509.Time; +import org.bouncycastle.asn1.x509.V1TBSCertificateGenerator; +import org.bouncycastle.asn1.x509.X509CertificateStructure; +import org.bouncycastle.asn1.x509.X509Name; +import org.bouncycastle.jce.provider.X509CertificateObject; + /** * class to produce an X.509 Version 1 certificate. + * @deprecated use org.bouncycastle.cert.X509v1CertificateBuilder. */ public class X509V1CertificateGenerator { @@ -68,7 +68,7 @@ public class X509V1CertificateGenerator throw new IllegalArgumentException("serial number must be a positive integer"); } - tbsGen.setSerialNumber(new DERInteger(serialNumber)); + tbsGen.setSerialNumber(new ASN1Integer(serialNumber)); } /** @@ -92,7 +92,7 @@ public class X509V1CertificateGenerator { tbsGen.setEndDate(new Time(date)); } - + /** * Set the subject distinguished name. The subject describes the entity associated with the public key. */ @@ -260,7 +260,7 @@ public class X509V1CertificateGenerator SecureRandom random) throws CertificateEncodingException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException { - TBSCertificateStructure tbsCert = tbsGen.generateTBSCertificate(); + TBSCertificate tbsCert = tbsGen.generateTBSCertificate(); byte[] signature; try @@ -299,7 +299,7 @@ public class X509V1CertificateGenerator SecureRandom random) throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException { - TBSCertificateStructure tbsCert = tbsGen.generateTBSCertificate(); + TBSCertificate tbsCert = tbsGen.generateTBSCertificate(); byte[] signature; try @@ -314,7 +314,7 @@ public class X509V1CertificateGenerator return generateJcaObject(tbsCert, signature); } - private X509Certificate generateJcaObject(TBSCertificateStructure tbsCert, byte[] signature) + private X509Certificate generateJcaObject(TBSCertificate tbsCert, byte[] signature) throws CertificateEncodingException { ASN1EncodableVector v = new ASN1EncodableVector(); @@ -327,7 +327,7 @@ public class X509V1CertificateGenerator { return new X509CertificateObject(new X509CertificateStructure(new DERSequence(v))); } - catch (Exception e) + catch (CertificateParsingException e) { throw new ExtCertificateEncodingException("exception producing certificate object", e); } diff --git a/crypto/jdk1.1/org/bouncycastle/x509/X509V2CRLGenerator.java b/crypto/jdk1.1/org/bouncycastle/x509/X509V2CRLGenerator.java index 608c4cfa9..beb9eda5c 100644 --- a/crypto/jdk1.1/org/bouncycastle/x509/X509V2CRLGenerator.java +++ b/crypto/jdk1.1/org/bouncycastle/x509/X509V2CRLGenerator.java @@ -23,7 +23,7 @@ import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DERBitString; import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERInteger; +import org.bouncycastle.asn1.ASN1Integer; import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; @@ -32,6 +32,7 @@ import org.bouncycastle.asn1.x509.TBSCertList; import org.bouncycastle.asn1.x509.Time; import org.bouncycastle.asn1.x509.V2TBSCertListGenerator; import org.bouncycastle.asn1.x509.X509Extensions; +import org.bouncycastle.asn1.x509.Extensions; import org.bouncycastle.asn1.x509.X509ExtensionsGenerator; import org.bouncycastle.asn1.x509.X509Name; import org.bouncycastle.jce.provider.X509CRLObject; @@ -91,7 +92,7 @@ public class X509V2CRLGenerator **/ public void addCRLEntry(BigInteger userCertificate, Date revocationDate, int reason) { - tbsGen.addCRLEntry(new DERInteger(userCertificate), new Time(revocationDate), reason); + tbsGen.addCRLEntry(new ASN1Integer(userCertificate), new Time(revocationDate), reason); } /** @@ -101,7 +102,7 @@ public class X509V2CRLGenerator **/ public void addCRLEntry(BigInteger userCertificate, Date revocationDate, int reason, Date invalidityDate) { - tbsGen.addCRLEntry(new DERInteger(userCertificate), new Time(revocationDate), reason, new DERGeneralizedTime(invalidityDate)); + tbsGen.addCRLEntry(new ASN1Integer(userCertificate), new Time(revocationDate), reason, new DERGeneralizedTime(invalidityDate)); } /** @@ -109,7 +110,7 @@ public class X509V2CRLGenerator **/ public void addCRLEntry(BigInteger userCertificate, Date revocationDate, X509Extensions extensions) { - tbsGen.addCRLEntry(new DERInteger(userCertificate), new Time(revocationDate), extensions); + tbsGen.addCRLEntry(new ASN1Integer(userCertificate), new Time(revocationDate), Extensions.getInstance(extensions)); } /** diff --git a/crypto/jdk1.1/org/bouncycastle/x509/X509V3CertificateGenerator.java b/crypto/jdk1.1/org/bouncycastle/x509/X509V3CertificateGenerator.java index 9ac2bd780..6c6f6595d 100644 --- a/crypto/jdk1.1/org/bouncycastle/x509/X509V3CertificateGenerator.java +++ b/crypto/jdk1.1/org/bouncycastle/x509/X509V3CertificateGenerator.java @@ -19,14 +19,14 @@ import java.util.Iterator; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1EncodableVector; import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.ASN1Integer; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x509.TBSCertificateStructure; +import org.bouncycastle.asn1.x509.TBSCertificate; import org.bouncycastle.asn1.x509.Time; import org.bouncycastle.asn1.x509.V3TBSCertificateGenerator; import org.bouncycastle.asn1.x509.X509CertificateStructure; @@ -73,7 +73,7 @@ public class X509V3CertificateGenerator throw new IllegalArgumentException("serial number must be a positive integer"); } - tbsGen.setSerialNumber(new DERInteger(serialNumber)); + tbsGen.setSerialNumber(new ASN1Integer(serialNumber)); } /** @@ -394,7 +394,7 @@ public class X509V3CertificateGenerator SecureRandom random) throws CertificateEncodingException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException { - TBSCertificateStructure tbsCert = generateTbsCert(); + TBSCertificate tbsCert = generateTbsCert(); byte[] signature; try @@ -439,7 +439,7 @@ public class X509V3CertificateGenerator SecureRandom random) throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException { - TBSCertificateStructure tbsCert = generateTbsCert(); + TBSCertificate tbsCert = generateTbsCert(); byte[] signature; try @@ -461,7 +461,7 @@ public class X509V3CertificateGenerator } } - private TBSCertificateStructure generateTbsCert() + private TBSCertificate generateTbsCert() { if (!extGenerator.isEmpty()) { @@ -471,7 +471,7 @@ public class X509V3CertificateGenerator return tbsGen.generateTBSCertificate(); } - private X509Certificate generateJcaObject(TBSCertificateStructure tbsCert, byte[] signature) + private X509Certificate generateJcaObject(TBSCertificate tbsCert, byte[] signature) throws CertificateParsingException { ASN1EncodableVector v = new ASN1EncodableVector(); |