diff options
author | Brian Carlstrom <bdc@google.com> | 2010-11-02 11:38:34 -0700 |
---|---|---|
committer | Brian Carlstrom <bdc@google.com> | 2010-11-02 16:27:54 -0700 |
commit | 60f1dce097d78928597a5d057577596162e825fd (patch) | |
tree | c75fa2aeb9696053d13d4195f6f8bd17cd8b4dbe | |
parent | cc041ec354960aa3dfcb84950505968be3871b68 (diff) | |
download | bouncycastle-60f1dce097d78928597a5d057577596162e825fd.tar.gz |
CertPathValidator changes tracking libcore TrustManager improvements
Revert checks for TrustAnchors in the cert chain, which is not part of
PKIX behavior. This is now done as part of cleaning in the cert chain
in libcore's TrustManagerImpl.
patches/README
src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java
src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java
Preserve IndexedPKIXParameters in local to keep our O(1) indexed
lookup of TrustAnchors by X500Principal, instead of falling back to
O(n) lookup in the common case.
src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
Updated patch
patches/android.patch
Bug: 2530852
Change-Id: Iecb671797496c3bc6a4e1a22c848b28af4bc756e
-rw-r--r-- | patches/README | 1 | ||||
-rw-r--r-- | patches/android.patch | 367 | ||||
-rw-r--r-- | src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java | 36 | ||||
-rw-r--r-- | src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java | 50 | ||||
-rw-r--r-- | src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java | 26 |
5 files changed, 137 insertions, 343 deletions
diff --git a/patches/README b/patches/README index b6243594..aa63f38c 100644 --- a/patches/README +++ b/patches/README @@ -23,7 +23,6 @@ Other performance (both speed and memory) changes: - PKCS12BagAttributeCarrier also uses OrderedTable to cut down on memory allocation - X509CertificateObject.getEncoded caches its result - Added IndexedPKIXParameters for faster cert lookup in CertPathValidatorUtilities.findTrustAnchor -- CertPathValidatorUtilities.findTrustAnchor fast path compares encoded certs similar to PKIXCertPathValidatorSpi - Added ASN1Collection for use as new parent for ASN1Collection and ASN1Set to reduce small Vector allocation - removed references to SecretKeyFactory.PBE/PKCS5 SecretKeyFactory.PBE/PKCS12 - OpenSSLDigest uses NativeCrypto JNI API diff --git a/patches/android.patch b/patches/android.patch index 559070b6..63dbb9a8 100644 --- a/patches/android.patch +++ b/patches/android.patch @@ -1,6 +1,6 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Collection.java bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Collection.java --- bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Collection.java 1970-01-01 00:00:00.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Collection.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Collection.java 2010-11-02 18:37:15.000000000 +0000 @@ -0,0 +1,298 @@ +package org.bouncycastle.asn1; + @@ -302,7 +302,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Collection.java bcpro +} diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1InputStream.java bcprov-jdk16-145/org/bouncycastle/asn1/ASN1InputStream.java --- bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1InputStream.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1InputStream.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1InputStream.java 2010-11-02 18:37:15.000000000 +0000 @@ -348,7 +348,9 @@ case BMP_STRING: return new DERBMPString(bytes); @@ -316,7 +316,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1InputStream.java bcpr case GENERALIZED_TIME: diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Null.java bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Null.java --- bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Null.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Null.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Null.java 2010-11-02 18:37:15.000000000 +0000 @@ -8,9 +8,11 @@ public abstract class ASN1Null extends ASN1Object @@ -332,7 +332,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Null.java bcprov-jdk1 { diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Sequence.java bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Sequence.java --- bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Sequence.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Sequence.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Sequence.java 2010-11-02 18:37:15.000000000 +0000 @@ -2,12 +2,20 @@ import java.io.IOException; @@ -496,7 +496,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Sequence.java bcprov- } diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Set.java bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Set.java --- bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Set.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Set.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Set.java 2010-11-02 18:37:15.000000000 +0000 @@ -3,12 +3,20 @@ import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -845,7 +845,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Set.java bcprov-jdk16 } diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERBoolean.java bcprov-jdk16-145/org/bouncycastle/asn1/DERBoolean.java --- bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERBoolean.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/asn1/DERBoolean.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/asn1/DERBoolean.java 2010-11-02 18:37:15.000000000 +0000 @@ -5,7 +5,9 @@ public class DERBoolean extends ASN1Object @@ -918,7 +918,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERBoolean.java bcprov-jd { diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERInputStream.java bcprov-jdk16-145/org/bouncycastle/asn1/DERInputStream.java --- bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERInputStream.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/asn1/DERInputStream.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/asn1/DERInputStream.java 2010-11-02 18:37:15.000000000 +0000 @@ -144,7 +144,9 @@ return new DERConstructedSet(v); } @@ -943,7 +943,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERInputStream.java bcpro { diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERNull.java bcprov-jdk16-145/org/bouncycastle/asn1/DERNull.java --- bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERNull.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/asn1/DERNull.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/asn1/DERNull.java 2010-11-02 18:37:15.000000000 +0000 @@ -10,9 +10,13 @@ { public static final DERNull INSTANCE = new DERNull(); @@ -962,7 +962,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERNull.java bcprov-jdk16 diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERObjectIdentifier.java bcprov-jdk16-145/org/bouncycastle/asn1/DERObjectIdentifier.java --- bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERObjectIdentifier.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/asn1/DERObjectIdentifier.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/asn1/DERObjectIdentifier.java 2010-11-02 18:37:15.000000000 +0000 @@ -111,7 +111,13 @@ } } @@ -995,7 +995,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERObjectIdentifier.java public String getId() diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERPrintableString.java bcprov-jdk16-145/org/bouncycastle/asn1/DERPrintableString.java --- bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERPrintableString.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/asn1/DERPrintableString.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/asn1/DERPrintableString.java 2010-11-02 18:37:15.000000000 +0000 @@ -9,7 +9,9 @@ extends ASN1Object implements DERString @@ -1031,7 +1031,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERPrintableString.java b public String getString() diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/OrderedTable.java bcprov-jdk16-145/org/bouncycastle/asn1/OrderedTable.java --- bcprov-jdk16-145.orig/org/bouncycastle/asn1/OrderedTable.java 1970-01-01 00:00:00.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/asn1/OrderedTable.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/asn1/OrderedTable.java 2010-11-02 18:37:15.000000000 +0000 @@ -0,0 +1,281 @@ +package org.bouncycastle.asn1; + @@ -1316,7 +1316,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/OrderedTable.java bcprov- +} diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java --- bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java 2010-11-02 18:37:15.000000000 +0000 @@ -37,10 +37,13 @@ public static EncryptedPrivateKeyInfo getInstance( Object obj) @@ -1334,7 +1334,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyI return new EncryptedPrivateKeyInfo((ASN1Sequence)obj); diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java --- bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java 2010-11-02 18:37:15.000000000 +0000 @@ -10,7 +10,10 @@ // static final String pkcs_1 = "1.2.840.113549.1.1"; @@ -1361,7 +1361,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifier // md4 OBJECT IDENTIFIER ::= diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java --- bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java 2010-11-02 18:37:15.000000000 +0000 @@ -19,7 +19,9 @@ private AlgorithmIdentifier maskGenAlgorithm; private AlgorithmIdentifier pSourceAlgorithm; @@ -1375,7 +1375,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java --- bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java 2010-11-02 18:37:15.000000000 +0000 @@ -20,7 +20,9 @@ private DERInteger saltLength; private DERInteger trailerField; @@ -1389,7 +1389,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java public final static DERInteger DEFAULT_TRAILER_FIELD = new DERInteger(1); diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/util/ASN1Dump.java bcprov-jdk16-145/org/bouncycastle/asn1/util/ASN1Dump.java --- bcprov-jdk16-145.orig/org/bouncycastle/asn1/util/ASN1Dump.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/asn1/util/ASN1Dump.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/asn1/util/ASN1Dump.java 2010-11-02 18:37:15.000000000 +0000 @@ -90,7 +90,9 @@ { Object o = e.nextElement(); @@ -1403,7 +1403,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/util/ASN1Dump.java bcprov buf.append("NULL"); diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/AttCertIssuer.java bcprov-jdk16-145/org/bouncycastle/asn1/x509/AttCertIssuer.java --- bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/AttCertIssuer.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/AttCertIssuer.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/AttCertIssuer.java 2010-11-02 18:37:15.000000000 +0000 @@ -45,7 +45,7 @@ ASN1TaggedObject obj, boolean explicit) @@ -1415,7 +1415,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/AttCertIssuer.java b /** diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/BasicConstraints.java bcprov-jdk16-145/org/bouncycastle/asn1/x509/BasicConstraints.java --- bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/BasicConstraints.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/BasicConstraints.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/BasicConstraints.java 2010-11-02 18:37:15.000000000 +0000 @@ -14,7 +14,9 @@ public class BasicConstraints extends ASN1Encodable @@ -1462,7 +1462,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/BasicConstraints.jav diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java bcprov-jdk16-145/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java --- bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java 2010-11-02 18:37:15.000000000 +0000 @@ -96,11 +96,15 @@ } if (onlyContainsUserCerts) @@ -1501,7 +1501,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/IssuingDistributionP seq = new DERSequence(vec); diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509Extensions.java bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509Extensions.java --- bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509Extensions.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509Extensions.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509Extensions.java 2010-11-02 18:37:15.000000000 +0000 @@ -9,6 +9,9 @@ import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERObjectIdentifier; @@ -1690,7 +1690,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509Extensions.java } diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509Name.java bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509Name.java --- bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509Name.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509Name.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509Name.java 2010-11-02 18:37:15.000000000 +0000 @@ -247,8 +247,10 @@ */ public static final Hashtable SymbolLookUp = DefaultLookUp; @@ -2156,7 +2156,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509Name.java bcprov { diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509NameElementList.java bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509NameElementList.java --- bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509NameElementList.java 1970-01-01 00:00:00.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509NameElementList.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509NameElementList.java 2010-11-02 18:37:15.000000000 +0000 @@ -0,0 +1,206 @@ +package org.bouncycastle.asn1.x509; + @@ -2366,7 +2366,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509NameElementList. +} diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509NameTokenizer.java --- bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509NameTokenizer.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509NameTokenizer.java 2010-11-02 18:37:15.000000000 +0000 @@ -58,6 +58,17 @@ } else @@ -2394,7 +2394,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.ja \ No newline at end of file diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/PBEParametersGenerator.java bcprov-jdk16-145/org/bouncycastle/crypto/PBEParametersGenerator.java --- bcprov-jdk16-145.orig/org/bouncycastle/crypto/PBEParametersGenerator.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/crypto/PBEParametersGenerator.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/crypto/PBEParametersGenerator.java 2010-11-02 18:37:15.000000000 +0000 @@ -136,7 +136,8 @@ public static byte[] PKCS12PasswordToBytes( char[] password) @@ -2414,7 +2414,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/PBEParametersGenerator. } diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java bcprov-jdk16-145/org/bouncycastle/crypto/digests/OpenSSLDigest.java --- bcprov-jdk16-145.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java 1970-01-01 00:00:00.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/crypto/digests/OpenSSLDigest.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/crypto/digests/OpenSSLDigest.java 2010-11-02 18:37:15.000000000 +0000 @@ -0,0 +1,122 @@ +/* + * Copyright (C) 2008 The Android Open Source Project @@ -2540,7 +2540,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.j +} diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/engines/RC2Engine.java bcprov-jdk16-145/org/bouncycastle/crypto/engines/RC2Engine.java --- bcprov-jdk16-145.orig/org/bouncycastle/crypto/engines/RC2Engine.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/crypto/engines/RC2Engine.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/crypto/engines/RC2Engine.java 2010-11-02 18:37:15.000000000 +0000 @@ -313,4 +313,4 @@ out[outOff + 6] = (byte)x76; out[outOff + 7] = (byte)(x76 >> 8); @@ -2550,7 +2550,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/engines/RC2Engine.java \ No newline at end of file diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/macs/HMac.java bcprov-jdk16-145/org/bouncycastle/crypto/macs/HMac.java --- bcprov-jdk16-145.orig/org/bouncycastle/crypto/macs/HMac.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/crypto/macs/HMac.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/crypto/macs/HMac.java 2010-11-02 18:37:15.000000000 +0000 @@ -32,23 +32,23 @@ { blockLengths = new Hashtable(); @@ -2592,7 +2592,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/macs/HMac.java bcprov-j private static int getByteLength( diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java bcprov-jdk16-145/org/bouncycastle/crypto/signers/RSADigestSigner.java --- bcprov-jdk16-145.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/crypto/signers/RSADigestSigner.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/crypto/signers/RSADigestSigner.java 2010-11-02 18:37:15.000000000 +0000 @@ -46,8 +46,10 @@ oidMap.put("SHA-384", NISTObjectIdentifiers.id_sha384); oidMap.put("SHA-512", NISTObjectIdentifiers.id_sha512); @@ -2608,7 +2608,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/signers/RSADigestSigner diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java bcprov-jdk16-145/org/bouncycastle/crypto/util/PrivateKeyFactory.java --- bcprov-jdk16-145.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/crypto/util/PrivateKeyFactory.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/crypto/util/PrivateKeyFactory.java 2010-11-02 18:37:15.000000000 +0000 @@ -7,31 +7,39 @@ import org.bouncycastle.asn1.DERInteger; import org.bouncycastle.asn1.DERObject; @@ -2811,7 +2811,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/util/PrivateKeyFactory. throw new RuntimeException("algorithm identifier in key not recognised"); diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java bcprov-jdk16-145/org/bouncycastle/crypto/util/PublicKeyFactory.java --- bcprov-jdk16-145.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/crypto/util/PublicKeyFactory.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/crypto/util/PublicKeyFactory.java 2010-11-02 18:37:15.000000000 +0000 @@ -10,32 +10,40 @@ import org.bouncycastle.asn1.DERObject; import org.bouncycastle.asn1.DERObjectIdentifier; @@ -3003,7 +3003,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/util/PublicKeyFactory.j throw new RuntimeException("algorithm identifier in key not recognised"); diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java bcprov-jdk16-145/org/bouncycastle/jce/PKCS10CertificationRequest.java --- bcprov-jdk16-145.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/jce/PKCS10CertificationRequest.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/jce/PKCS10CertificationRequest.java 2010-11-02 18:37:15.000000000 +0000 @@ -78,8 +78,11 @@ static @@ -3067,7 +3067,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/PKCS10CertificationRequest diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java bcprov-jdk16-145/org/bouncycastle/jce/provider/BouncyCastleProvider.java --- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2010-11-02 18:37:15.000000000 +0000 @@ -45,7 +45,10 @@ { private static String info = "BouncyCastle Security Provider v1.45"; @@ -4398,7 +4398,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/BouncyCastleProvi { diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java bcprov-jdk16-145/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java --- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java 2010-11-02 18:37:15.000000000 +0000 @@ -24,6 +24,7 @@ import java.security.spec.DSAPublicKeySpec; import java.text.ParseException; @@ -4438,7 +4438,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/CertPathValidator import org.bouncycastle.x509.X509AttributeCertificate; import org.bouncycastle.x509.X509CRLStoreSelector; import org.bouncycastle.x509.X509CertStoreSelector; -@@ -110,29 +119,32 @@ +@@ -110,38 +119,38 @@ "privilegeWithdrawn", "aACompromise" }; @@ -4492,9 +4492,10 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/CertPathValidator + // BEGIN android-changed /** * Search the given Set of TrustAnchor's for one that is the - * issuer of the given X509 certificate. Uses the specified -@@ -140,8 +152,7 @@ - * if null. +- * issuer of the given X509 certificate. Uses the specified +- * provider for signature verification, or the default provider +- * if null. ++ * issuer of the given X509 certificate. * * @param cert the X509 certificate - * @param trustAnchors a Set of TrustAnchor's @@ -4503,7 +4504,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/CertPathValidator * * @return the <code>TrustAnchor</code> object if found or * <code>null</code> if not. -@@ -152,10 +163,21 @@ +@@ -152,10 +161,21 @@ */ protected static TrustAnchor findTrustAnchor( X509Certificate cert, @@ -4527,7 +4528,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/CertPathValidator TrustAnchor trust = null; PublicKey trustPublicKey = null; Exception invalidKeyEx = null; -@@ -172,21 +194,49 @@ +@@ -172,7 +192,9 @@ throw new AnnotatedException("Cannot set subject search criteria for trust anchor.", ex); } @@ -4535,53 +4536,10 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/CertPathValidator + // BEGIN android-changed + Iterator iter = params.getTrustAnchors().iterator(); + // END android-changed -+ // BEGIN android-added -+ byte[] certBytes = null; -+ try { -+ certBytes = cert.getEncoded(); -+ } catch (Exception e) { -+ // ignore, just continue -+ } -+ // END android-added while (iter.hasNext() && trust == null) { trust = (TrustAnchor) iter.next(); -- if (trust.getTrustedCert() != null) -+ // BEGIN android-changed -+ X509Certificate trustCert = trust.getTrustedCert(); -+ // END android-changed -+ // BEGIN android-added -+ // If the trust anchor is identical to the certificate we're -+ // done. Just return the anchor. -+ // There is similar code in PKIXCertPathValidatorSpi. -+ try { -+ byte[] trustBytes = trustCert.getEncoded(); -+ if (certBytes != null && Arrays.equals(trustBytes, certBytes)) { -+ return trust; -+ } -+ } catch (Exception e) { -+ // ignore, continue and verify the certificate -+ } -+ // END android-added -+ // BEGIN android-changed -+ if (trustCert != null) - { -- if (certSelectX509.match(trust.getTrustedCert())) -+ if (certSelectX509.match(trustCert)) - { -- trustPublicKey = trust.getTrustedCert().getPublicKey(); -+ trustPublicKey = trustCert.getPublicKey(); - } - else - { - trust = null; - } - } -+ // END android-changed - else if (trust.getCAName() != null - && trust.getCAPublicKey() != null) - { -@@ -216,7 +266,9 @@ +@@ -216,7 +238,9 @@ { try { @@ -4592,7 +4550,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/CertPathValidator } catch (Exception ex) { -@@ -248,7 +300,9 @@ +@@ -248,7 +272,9 @@ { // look for URI List list = (List) it.next(); @@ -4603,7 +4561,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/CertPathValidator { // found String temp = (String) list.get(1); -@@ -721,38 +775,40 @@ +@@ -721,38 +747,40 @@ { try { @@ -4676,7 +4634,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/CertPathValidator } catch (Exception e) { -@@ -819,35 +875,37 @@ +@@ -819,35 +847,37 @@ return certs; } @@ -4745,7 +4703,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/CertPathValidator CRLDistPoint crldp, ExtendedPKIXParameters pkixParams) diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEBlockCipher.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEBlockCipher.java --- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEBlockCipher.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEBlockCipher.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEBlockCipher.java 2010-11-02 18:37:15.000000000 +0000 @@ -7,22 +7,31 @@ import org.bouncycastle.crypto.InvalidCipherTextException; import org.bouncycastle.crypto.engines.AESFastEngine; @@ -5694,7 +5652,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEBlockCipher.ja */ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java --- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java 2010-11-02 18:37:15.000000000 +0000 @@ -37,9 +37,11 @@ static @@ -5712,7 +5670,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEDHKeyAgreement algorithms.put("DESEDE", i192); diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEDigestUtil.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEDigestUtil.java --- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEDigestUtil.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEDigestUtil.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEDigestUtil.java 2010-11-02 18:37:15.000000000 +0000 @@ -12,7 +12,9 @@ import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.digests.MD5Digest; @@ -5795,7 +5753,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEDigestUtil.jav || (sha512.contains(digest1) && sha512.contains(digest2)) diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEKeyGenerator.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEKeyGenerator.java --- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEKeyGenerator.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEKeyGenerator.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEKeyGenerator.java 2010-11-02 18:37:15.000000000 +0000 @@ -145,30 +145,32 @@ } } @@ -6427,7 +6385,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEKeyGenerator.j } diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEMac.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEMac.java --- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEMac.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEMac.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEMac.java 2010-11-02 18:37:15.000000000 +0000 @@ -2,29 +2,43 @@ import org.bouncycastle.crypto.CipherParameters; @@ -7180,7 +7138,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEMac.java bcpro } diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSACipher.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSACipher.java --- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSACipher.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSACipher.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSACipher.java 2010-11-02 18:37:15.000000000 +0000 @@ -534,48 +534,50 @@ } } @@ -7278,7 +7236,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSACipher.java } diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java --- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java 2010-11-02 18:37:15.000000000 +0000 @@ -125,7 +125,9 @@ */ public byte[] getEncoded() @@ -7292,7 +7250,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSAPrivateCrtK } diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSAPrivateKey.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSAPrivateKey.java --- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSAPrivateKey.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSAPrivateKey.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSAPrivateKey.java 2010-11-02 18:37:15.000000000 +0000 @@ -77,7 +77,9 @@ public byte[] getEncoded() @@ -7306,7 +7264,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSAPrivateKey. } diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSAPublicKey.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSAPublicKey.java --- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSAPublicKey.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSAPublicKey.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSAPublicKey.java 2010-11-02 18:37:15.000000000 +0000 @@ -90,7 +90,9 @@ public byte[] getEncoded() @@ -7320,7 +7278,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSAPublicKey.j } diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCESecretKeyFactory.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCESecretKeyFactory.java --- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCESecretKeyFactory.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCESecretKeyFactory.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCESecretKeyFactory.java 2010-11-02 18:37:15.000000000 +0000 @@ -321,29 +321,31 @@ } } @@ -7497,7 +7455,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCESecretKeyFacto } diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEStreamCipher.java --- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEStreamCipher.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEStreamCipher.java 2010-11-02 18:37:15.000000000 +0000 @@ -5,17 +5,21 @@ import org.bouncycastle.crypto.DataLengthException; import org.bouncycastle.crypto.StreamBlockCipher; @@ -7941,7 +7899,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEStreamCipher.j } diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java --- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java 2010-11-02 18:37:15.000000000 +0000 @@ -2,19 +2,25 @@ import org.bouncycastle.crypto.generators.DHParametersGenerator; @@ -8368,7 +8326,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKAlgorithmParam } diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java --- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java 2010-11-02 18:37:15.000000000 +0000 @@ -10,21 +10,27 @@ import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.DEROctetString; @@ -9868,7 +9826,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKAlgorithmParam } diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKDSASigner.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKDSASigner.java --- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKDSASigner.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKDSASigner.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKDSASigner.java 2010-11-02 18:37:15.000000000 +0000 @@ -22,13 +22,17 @@ import org.bouncycastle.crypto.DSA; import org.bouncycastle.crypto.Digest; @@ -10019,7 +9977,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKDSASigner.java extends JDKDSASigner diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKDigestSignature.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKDigestSignature.java --- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKDigestSignature.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKDigestSignature.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKDigestSignature.java 2010-11-02 18:37:15.000000000 +0000 @@ -23,14 +23,20 @@ import org.bouncycastle.crypto.AsymmetricBlockCipher; import org.bouncycastle.crypto.CipherParameters; @@ -10220,7 +10178,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKDigestSignatur } diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKKeyFactory.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKKeyFactory.java --- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKKeyFactory.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKKeyFactory.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKKeyFactory.java 2010-11-02 18:37:15.000000000 +0000 @@ -36,17 +36,21 @@ import org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; @@ -10598,7 +10556,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKKeyFactory.jav } diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java --- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java 2010-11-02 18:37:15.000000000 +0000 @@ -6,9 +6,11 @@ import org.bouncycastle.crypto.generators.DHParametersGenerator; import org.bouncycastle.crypto.generators.DSAKeyPairGenerator; @@ -10942,7 +10900,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKKeyPairGenerat } diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKKeyStore.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKKeyStore.java --- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKKeyStore.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKKeyStore.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKKeyStore.java 2010-11-02 18:37:15.000000000 +0000 @@ -39,7 +39,12 @@ import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.Digest; @@ -11045,7 +11003,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKKeyStore.java } diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKMessageDigest.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKMessageDigest.java --- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKMessageDigest.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKMessageDigest.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKMessageDigest.java 2010-11-02 18:37:15.000000000 +0000 @@ -57,36 +57,38 @@ { super(new SHA1Digest()); @@ -11492,7 +11450,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKMessageDigest. } diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java --- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java 2010-11-02 18:37:15.000000000 +0000 @@ -255,10 +255,13 @@ } } @@ -11662,7 +11620,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore return null; diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PBE.java bcprov-jdk16-145/org/bouncycastle/jce/provider/PBE.java --- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PBE.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PBE.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PBE.java 2010-11-02 18:37:15.000000000 +0000 @@ -7,12 +7,18 @@ import org.bouncycastle.crypto.CipherParameters; @@ -11737,7 +11695,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PBE.java bcprov-j break; diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKCS12BagAttributeCarrierImpl.java bcprov-jdk16-145/org/bouncycastle/jce/provider/PKCS12BagAttributeCarrierImpl.java --- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKCS12BagAttributeCarrierImpl.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKCS12BagAttributeCarrierImpl.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKCS12BagAttributeCarrierImpl.java 2010-11-02 18:37:15.000000000 +0000 @@ -1,6 +1,9 @@ package org.bouncycastle.jce.provider; @@ -11880,7 +11838,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKCS12BagAttribut { diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXCertPath.java bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXCertPath.java --- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXCertPath.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXCertPath.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXCertPath.java 2010-11-02 18:37:15.000000000 +0000 @@ -33,7 +33,9 @@ import org.bouncycastle.asn1.pkcs.ContentInfo; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; @@ -11945,7 +11903,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXCertPath.java throw new CertificateEncodingException("unsupported encoding: " + encoding); diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java --- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java 2010-11-02 18:37:15.000000000 +0000 @@ -172,8 +172,9 @@ try { @@ -11960,7 +11918,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXCertPathBuild // chains diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java --- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java 2010-11-02 18:37:15.000000000 +0000 @@ -13,6 +13,7 @@ import java.security.cert.TrustAnchor; import java.security.cert.X509Certificate; @@ -11969,94 +11927,51 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXCertPathValid import java.util.HashSet; import java.util.Iterator; import java.util.List; -@@ -90,10 +91,14 @@ - // (d) - // - TrustAnchor trust; +@@ -20,6 +21,10 @@ + + import javax.security.auth.x500.X500Principal; + ++// BEGIN android-added ++import org.apache.harmony.xnet.provider.jsse.IndexedPKIXParameters; ++ ++// END android-added + import org.bouncycastle.asn1.DEREncodable; + import org.bouncycastle.asn1.DERObjectIdentifier; + import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +@@ -46,6 +51,18 @@ + + " instance."); + } + + // BEGIN android-added -+ X509Certificate lastCert = (X509Certificate) certs.get(certs.size() - 1); ++ IndexedPKIXParameters indexedParams; ++ if (params instanceof IndexedPKIXParameters) ++ { ++ indexedParams = (IndexedPKIXParameters)params; ++ } ++ else ++ { ++ indexedParams = null; ++ } ++ + // END android-added + ExtendedPKIXParameters paramsPKIX; + if (params instanceof ExtendedPKIXParameters) + { +@@ -92,8 +109,10 @@ + TrustAnchor trust; try { -- trust = CertPathValidatorUtilities.findTrustAnchor((X509Certificate) certs.get(certs.size() - 1), -- paramsPKIX.getTrustAnchors(), paramsPKIX.getSigProvider()); + // BEGIN android-changed -+ trust = CertPathValidatorUtilities.findTrustAnchor(lastCert, paramsPKIX); + trust = CertPathValidatorUtilities.findTrustAnchor((X509Certificate) certs.get(certs.size() - 1), +- paramsPKIX.getTrustAnchors(), paramsPKIX.getSigProvider()); ++ indexedParams != null ? indexedParams : paramsPKIX); + // END android-changed } catch (AnnotatedException e) { -@@ -189,12 +194,25 @@ - X500Principal workingIssuerName; - - X509Certificate sign = trust.getTrustedCert(); -+ // BEGIN android-added -+ boolean trustAnchorInChain = false; -+ // END android-added - try - { - if (sign != null) - { - workingIssuerName = CertPathValidatorUtilities.getSubjectPrincipal(sign); - workingPublicKey = sign.getPublicKey(); -+ // BEGIN android-added -+ // There is similar code in CertPathValidatorUtilities. -+ try { -+ byte[] trustBytes = sign.getEncoded(); -+ byte[] certBytes = lastCert.getEncoded(); -+ trustAnchorInChain = Arrays.equals(trustBytes, certBytes); -+ } catch(Exception e) { -+ // ignore, continue with trustAnchorInChain being false -+ } -+ // END android-added - } - else - { -@@ -271,8 +289,10 @@ - // 6.1.3 - // - -+ // BEGIN android-changed - RFC3280CertPathUtilities.processCertA(certPath, paramsPKIX, index, workingPublicKey, -- verificationAlreadyPerformed, workingIssuerName, sign); -+ verificationAlreadyPerformed, workingIssuerName, sign, i, trustAnchorInChain); -+ // END android-changed - - RFC3280CertPathUtilities.processCertBC(certPath, index, nameConstraintValidator); - -@@ -289,11 +309,18 @@ - - if (i != n) - { -+ // BEGIN android-added -+ if (!(i == 1 && trustAnchorInChain)) // if not at the root certificate -+ { -+ // END android-added - if (cert != null && cert.getVersion() == 1) - { - throw new CertPathValidatorException("Version 1 certificates can't be used as CA ones.", null, - certPath, index); - } -+ // BEGIN android-added -+ } -+ // END android-added - - RFC3280CertPathUtilities.prepareNextCertA(certPath, index); - -@@ -317,7 +344,9 @@ - inhibitAnyPolicy = RFC3280CertPathUtilities.prepareNextCertJ(certPath, index, inhibitAnyPolicy); - - // (k) -- RFC3280CertPathUtilities.prepareNextCertK(certPath, index); -+ // BEGIN android-changed -+ RFC3280CertPathUtilities.prepareNextCertK(certPath, index, i, trustAnchorInChain); -+ // END android-changed - - // (l) - maxPathLength = RFC3280CertPathUtilities.prepareNextCertL(certPath, index, maxPathLength); diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java --- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java 2010-11-02 18:37:15.000000000 +0000 @@ -1533,7 +1533,9 @@ for (Enumeration e = permitted.getObjects(); e.hasMoreElements();) { @@ -12070,7 +11985,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXNameConstrain subtreesMap.put(tagNo, new HashSet()); diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/ProviderUtil.java bcprov-jdk16-145/org/bouncycastle/jce/provider/ProviderUtil.java --- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/ProviderUtil.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/ProviderUtil.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/ProviderUtil.java 2010-11-02 18:37:15.000000000 +0000 @@ -1,9 +1,13 @@ package org.bouncycastle.jce.provider; @@ -12217,69 +12132,9 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/ProviderUtil.java static int getReadLimit(InputStream in) throws IOException -diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java bcprov-jdk16-145/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java ---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java 2010-10-05 22:48:58.000000000 +0000 -@@ -1471,7 +1471,11 @@ - PublicKey workingPublicKey, - boolean verificationAlreadyPerformed, - X500Principal workingIssuerName, -- X509Certificate sign) -+ X509Certificate sign, -+ // BEGIN android-added -+ int i, -+ boolean trustAnchorInChain) -+ // END android-added - throws ExtCertPathValidatorException - { - List certs = certPath.getCertificates(); -@@ -1485,8 +1489,15 @@ - { - // (a) (1) - // -+ // BEGIN android-added -+ if (!(i == 1 && trustAnchorInChain)) // if not at the root certificate -+ { -+ // END android-added - CertPathValidatorUtilities.verifyX509Certificate(cert, workingPublicKey, - paramsPKIX.getSigProvider()); -+ // BEGIN android-added -+ } -+ // END android-added - } - catch (GeneralSecurityException e) - { -@@ -2077,7 +2088,11 @@ - - protected static void prepareNextCertK( - CertPath certPath, -- int index) -+ int index, -+ // BEGIN android-added -+ int i, -+ boolean trustAnchorInChain) -+ // END android-added - throws CertPathValidatorException - { - List certs = certPath.getCertificates(); -@@ -2105,7 +2120,14 @@ - } - else - { -+ // BEGIN android-added -+ if (!(i == 1 && trustAnchorInChain)) // if not at the root certificate -+ { -+ // END android-added - throw new CertPathValidatorException("Intermediate certificate lacks BasicConstraints"); -+ // BEGIN android-added -+ } -+ // END android-added - } - } - diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/WrapCipherSpi.java bcprov-jdk16-145/org/bouncycastle/jce/provider/WrapCipherSpi.java --- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/WrapCipherSpi.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/WrapCipherSpi.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/WrapCipherSpi.java 2010-11-02 18:37:15.000000000 +0000 @@ -12,8 +12,10 @@ import org.bouncycastle.crypto.Wrapper; import org.bouncycastle.crypto.engines.DESedeEngine; @@ -12444,7 +12299,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/WrapCipherSpi.jav } diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/X509CertificateObject.java bcprov-jdk16-145/org/bouncycastle/jce/provider/X509CertificateObject.java --- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/X509CertificateObject.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/X509CertificateObject.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/X509CertificateObject.java 2010-11-02 18:37:15.000000000 +0000 @@ -518,12 +518,20 @@ return JDKKeyFactory.createPublicKeyFromPublicKeyInfo(c.getSubjectPublicKeyInfo()); } @@ -12478,7 +12333,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/X509CertificateOb signature = Signature.getInstance(sigName, "BC"); diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java bcprov-jdk16-145/org/bouncycastle/jce/provider/X509SignatureUtil.java --- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/X509SignatureUtil.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/X509SignatureUtil.java 2010-11-02 18:37:15.000000000 +0000 @@ -25,7 +25,9 @@ class X509SignatureUtil @@ -12571,7 +12426,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/X509SignatureUtil return digestAlgOID.getId(); diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/symmetric/AES.java bcprov-jdk16-145/org/bouncycastle/jce/provider/symmetric/AES.java --- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/symmetric/AES.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/symmetric/AES.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/symmetric/AES.java 2010-11-02 18:37:15.000000000 +0000 @@ -5,7 +5,9 @@ import org.bouncycastle.crypto.engines.AESEngine; import org.bouncycastle.crypto.engines.AESFastEngine; @@ -12808,7 +12663,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/symmetric/AES.jav extends JDKAlgorithmParameters.IVAlgorithmParameters diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/symmetric/AESMappings.java bcprov-jdk16-145/org/bouncycastle/jce/provider/symmetric/AESMappings.java --- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/symmetric/AESMappings.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/symmetric/AESMappings.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/symmetric/AESMappings.java 2010-11-02 18:37:15.000000000 +0000 @@ -26,55 +26,63 @@ put("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes192_CBC, "AES"); put("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes256_CBC, "AES"); @@ -12914,7 +12769,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/symmetric/AESMapp } diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/x509/X509Util.java bcprov-jdk16-145/org/bouncycastle/x509/X509Util.java --- bcprov-jdk16-145.orig/org/bouncycastle/x509/X509Util.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/x509/X509Util.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/x509/X509Util.java 2010-11-02 18:37:15.000000000 +0000 @@ -43,8 +43,10 @@ static @@ -12976,7 +12831,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/x509/X509Util.java bcprov-jdk1 diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/x509/extension/X509ExtensionUtil.java bcprov-jdk16-145/org/bouncycastle/x509/extension/X509ExtensionUtil.java --- bcprov-jdk16-145.orig/org/bouncycastle/x509/extension/X509ExtensionUtil.java 2010-01-11 21:46:14.000000000 +0000 -+++ bcprov-jdk16-145/org/bouncycastle/x509/extension/X509ExtensionUtil.java 2010-10-05 22:48:58.000000000 +0000 ++++ bcprov-jdk16-145/org/bouncycastle/x509/extension/X509ExtensionUtil.java 2010-11-02 18:37:15.000000000 +0000 @@ -62,7 +62,9 @@ { GeneralName genName = GeneralName.getInstance(it.nextElement()); diff --git a/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java b/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java index d675024b..338680a0 100644 --- a/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java +++ b/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java @@ -147,9 +147,7 @@ public class CertPathValidatorUtilities // BEGIN android-changed /** * Search the given Set of TrustAnchor's for one that is the - * issuer of the given X509 certificate. Uses the specified - * provider for signature verification, or the default provider - * if null. + * issuer of the given X509 certificate. * * @param cert the X509 certificate * @param params used to find the trust anchors and signature provider @@ -197,46 +195,20 @@ public class CertPathValidatorUtilities // BEGIN android-changed Iterator iter = params.getTrustAnchors().iterator(); // END android-changed - // BEGIN android-added - byte[] certBytes = null; - try { - certBytes = cert.getEncoded(); - } catch (Exception e) { - // ignore, just continue - } - // END android-added while (iter.hasNext() && trust == null) { trust = (TrustAnchor) iter.next(); - // BEGIN android-changed - X509Certificate trustCert = trust.getTrustedCert(); - // END android-changed - // BEGIN android-added - // If the trust anchor is identical to the certificate we're - // done. Just return the anchor. - // There is similar code in PKIXCertPathValidatorSpi. - try { - byte[] trustBytes = trustCert.getEncoded(); - if (certBytes != null && Arrays.equals(trustBytes, certBytes)) { - return trust; - } - } catch (Exception e) { - // ignore, continue and verify the certificate - } - // END android-added - // BEGIN android-changed - if (trustCert != null) + if (trust.getTrustedCert() != null) { - if (certSelectX509.match(trustCert)) + if (certSelectX509.match(trust.getTrustedCert())) { - trustPublicKey = trustCert.getPublicKey(); + trustPublicKey = trust.getTrustedCert().getPublicKey(); } else { trust = null; } } - // END android-changed else if (trust.getCAName() != null && trust.getCAPublicKey() != null) { diff --git a/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java b/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java index 54b0d202..2f6c1c9a 100644 --- a/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java +++ b/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java @@ -21,6 +21,10 @@ import java.util.Set; import javax.security.auth.x500.X500Principal; +// BEGIN android-added +import org.apache.harmony.xnet.provider.jsse.IndexedPKIXParameters; + +// END android-added import org.bouncycastle.asn1.DEREncodable; import org.bouncycastle.asn1.DERObjectIdentifier; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; @@ -47,6 +51,18 @@ public class PKIXCertPathValidatorSpi + " instance."); } + // BEGIN android-added + IndexedPKIXParameters indexedParams; + if (params instanceof IndexedPKIXParameters) + { + indexedParams = (IndexedPKIXParameters)params; + } + else + { + indexedParams = null; + } + + // END android-added ExtendedPKIXParameters paramsPKIX; if (params instanceof ExtendedPKIXParameters) { @@ -91,13 +107,11 @@ public class PKIXCertPathValidatorSpi // (d) // TrustAnchor trust; - // BEGIN android-added - X509Certificate lastCert = (X509Certificate) certs.get(certs.size() - 1); - // END android-added try { // BEGIN android-changed - trust = CertPathValidatorUtilities.findTrustAnchor(lastCert, paramsPKIX); + trust = CertPathValidatorUtilities.findTrustAnchor((X509Certificate) certs.get(certs.size() - 1), + indexedParams != null ? indexedParams : paramsPKIX); // END android-changed } catch (AnnotatedException e) @@ -194,25 +208,12 @@ public class PKIXCertPathValidatorSpi X500Principal workingIssuerName; X509Certificate sign = trust.getTrustedCert(); - // BEGIN android-added - boolean trustAnchorInChain = false; - // END android-added try { if (sign != null) { workingIssuerName = CertPathValidatorUtilities.getSubjectPrincipal(sign); workingPublicKey = sign.getPublicKey(); - // BEGIN android-added - // There is similar code in CertPathValidatorUtilities. - try { - byte[] trustBytes = sign.getEncoded(); - byte[] certBytes = lastCert.getEncoded(); - trustAnchorInChain = Arrays.equals(trustBytes, certBytes); - } catch(Exception e) { - // ignore, continue with trustAnchorInChain being false - } - // END android-added } else { @@ -289,10 +290,8 @@ public class PKIXCertPathValidatorSpi // 6.1.3 // - // BEGIN android-changed RFC3280CertPathUtilities.processCertA(certPath, paramsPKIX, index, workingPublicKey, - verificationAlreadyPerformed, workingIssuerName, sign, i, trustAnchorInChain); - // END android-changed + verificationAlreadyPerformed, workingIssuerName, sign); RFC3280CertPathUtilities.processCertBC(certPath, index, nameConstraintValidator); @@ -309,18 +308,11 @@ public class PKIXCertPathValidatorSpi if (i != n) { - // BEGIN android-added - if (!(i == 1 && trustAnchorInChain)) // if not at the root certificate - { - // END android-added if (cert != null && cert.getVersion() == 1) { throw new CertPathValidatorException("Version 1 certificates can't be used as CA ones.", null, certPath, index); } - // BEGIN android-added - } - // END android-added RFC3280CertPathUtilities.prepareNextCertA(certPath, index); @@ -344,9 +336,7 @@ public class PKIXCertPathValidatorSpi inhibitAnyPolicy = RFC3280CertPathUtilities.prepareNextCertJ(certPath, index, inhibitAnyPolicy); // (k) - // BEGIN android-changed - RFC3280CertPathUtilities.prepareNextCertK(certPath, index, i, trustAnchorInChain); - // END android-changed + RFC3280CertPathUtilities.prepareNextCertK(certPath, index); // (l) maxPathLength = RFC3280CertPathUtilities.prepareNextCertL(certPath, index, maxPathLength); diff --git a/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java b/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java index 921ed3be..269f2952 100644 --- a/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java +++ b/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java @@ -1471,11 +1471,7 @@ public class RFC3280CertPathUtilities PublicKey workingPublicKey, boolean verificationAlreadyPerformed, X500Principal workingIssuerName, - X509Certificate sign, - // BEGIN android-added - int i, - boolean trustAnchorInChain) - // END android-added + X509Certificate sign) throws ExtCertPathValidatorException { List certs = certPath.getCertificates(); @@ -1489,15 +1485,8 @@ public class RFC3280CertPathUtilities { // (a) (1) // - // BEGIN android-added - if (!(i == 1 && trustAnchorInChain)) // if not at the root certificate - { - // END android-added CertPathValidatorUtilities.verifyX509Certificate(cert, workingPublicKey, paramsPKIX.getSigProvider()); - // BEGIN android-added - } - // END android-added } catch (GeneralSecurityException e) { @@ -2088,11 +2077,7 @@ public class RFC3280CertPathUtilities protected static void prepareNextCertK( CertPath certPath, - int index, - // BEGIN android-added - int i, - boolean trustAnchorInChain) - // END android-added + int index) throws CertPathValidatorException { List certs = certPath.getCertificates(); @@ -2120,14 +2105,7 @@ public class RFC3280CertPathUtilities } else { - // BEGIN android-added - if (!(i == 1 && trustAnchorInChain)) // if not at the root certificate - { - // END android-added throw new CertPathValidatorException("Intermediate certificate lacks BasicConstraints"); - // BEGIN android-added - } - // END android-added } } |