summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBrian Carlstrom <bdc@google.com>2010-11-02 11:38:34 -0700
committerBrian Carlstrom <bdc@google.com>2010-11-02 16:27:54 -0700
commit60f1dce097d78928597a5d057577596162e825fd (patch)
treec75fa2aeb9696053d13d4195f6f8bd17cd8b4dbe
parentcc041ec354960aa3dfcb84950505968be3871b68 (diff)
downloadbouncycastle-60f1dce097d78928597a5d057577596162e825fd.tar.gz
CertPathValidator changes tracking libcore TrustManager improvements
Revert checks for TrustAnchors in the cert chain, which is not part of PKIX behavior. This is now done as part of cleaning in the cert chain in libcore's TrustManagerImpl. patches/README src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java Preserve IndexedPKIXParameters in local to keep our O(1) indexed lookup of TrustAnchors by X500Principal, instead of falling back to O(n) lookup in the common case. src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java Updated patch patches/android.patch Bug: 2530852 Change-Id: Iecb671797496c3bc6a4e1a22c848b28af4bc756e
Diffstat
-rw-r--r--patches/README1
-rw-r--r--patches/android.patch367
-rw-r--r--src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java36
-rw-r--r--src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java50
-rw-r--r--src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java26
5 files changed, 137 insertions, 343 deletions
diff --git a/patches/README b/patches/README
index b6243594..aa63f38c 100644
--- a/patches/README
+++ b/patches/README
@@ -23,7 +23,6 @@ Other performance (both speed and memory) changes:
- PKCS12BagAttributeCarrier also uses OrderedTable to cut down on memory allocation
- X509CertificateObject.getEncoded caches its result
- Added IndexedPKIXParameters for faster cert lookup in CertPathValidatorUtilities.findTrustAnchor
-- CertPathValidatorUtilities.findTrustAnchor fast path compares encoded certs similar to PKIXCertPathValidatorSpi
- Added ASN1Collection for use as new parent for ASN1Collection and ASN1Set to reduce small Vector allocation
- removed references to SecretKeyFactory.PBE/PKCS5 SecretKeyFactory.PBE/PKCS12
- OpenSSLDigest uses NativeCrypto JNI API
diff --git a/patches/android.patch b/patches/android.patch
index 559070b6..63dbb9a8 100644
--- a/patches/android.patch
+++ b/patches/android.patch
@@ -1,6 +1,6 @@
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Collection.java bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Collection.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Collection.java 1970-01-01 00:00:00.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Collection.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Collection.java 2010-11-02 18:37:15.000000000 +0000
@@ -0,0 +1,298 @@
+package org.bouncycastle.asn1;
+
@@ -302,7 +302,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Collection.java bcpro
+}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1InputStream.java bcprov-jdk16-145/org/bouncycastle/asn1/ASN1InputStream.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1InputStream.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1InputStream.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1InputStream.java 2010-11-02 18:37:15.000000000 +0000
@@ -348,7 +348,9 @@
case BMP_STRING:
return new DERBMPString(bytes);
@@ -316,7 +316,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1InputStream.java bcpr
case GENERALIZED_TIME:
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Null.java bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Null.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Null.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Null.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Null.java 2010-11-02 18:37:15.000000000 +0000
@@ -8,9 +8,11 @@
public abstract class ASN1Null
extends ASN1Object
@@ -332,7 +332,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Null.java bcprov-jdk1
{
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Sequence.java bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Sequence.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Sequence.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Sequence.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Sequence.java 2010-11-02 18:37:15.000000000 +0000
@@ -2,12 +2,20 @@
import java.io.IOException;
@@ -496,7 +496,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Sequence.java bcprov-
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Set.java bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Set.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Set.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Set.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/ASN1Set.java 2010-11-02 18:37:15.000000000 +0000
@@ -3,12 +3,20 @@
import java.io.ByteArrayOutputStream;
import java.io.IOException;
@@ -845,7 +845,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/ASN1Set.java bcprov-jdk16
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERBoolean.java bcprov-jdk16-145/org/bouncycastle/asn1/DERBoolean.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERBoolean.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/DERBoolean.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/DERBoolean.java 2010-11-02 18:37:15.000000000 +0000
@@ -5,7 +5,9 @@
public class DERBoolean
extends ASN1Object
@@ -918,7 +918,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERBoolean.java bcprov-jd
{
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERInputStream.java bcprov-jdk16-145/org/bouncycastle/asn1/DERInputStream.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERInputStream.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/DERInputStream.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/DERInputStream.java 2010-11-02 18:37:15.000000000 +0000
@@ -144,7 +144,9 @@
return new DERConstructedSet(v);
}
@@ -943,7 +943,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERInputStream.java bcpro
{
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERNull.java bcprov-jdk16-145/org/bouncycastle/asn1/DERNull.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERNull.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/DERNull.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/DERNull.java 2010-11-02 18:37:15.000000000 +0000
@@ -10,9 +10,13 @@
{
public static final DERNull INSTANCE = new DERNull();
@@ -962,7 +962,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERNull.java bcprov-jdk16
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERObjectIdentifier.java bcprov-jdk16-145/org/bouncycastle/asn1/DERObjectIdentifier.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERObjectIdentifier.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/DERObjectIdentifier.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/DERObjectIdentifier.java 2010-11-02 18:37:15.000000000 +0000
@@ -111,7 +111,13 @@
}
}
@@ -995,7 +995,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERObjectIdentifier.java
public String getId()
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERPrintableString.java bcprov-jdk16-145/org/bouncycastle/asn1/DERPrintableString.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERPrintableString.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/DERPrintableString.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/DERPrintableString.java 2010-11-02 18:37:15.000000000 +0000
@@ -9,7 +9,9 @@
extends ASN1Object
implements DERString
@@ -1031,7 +1031,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/DERPrintableString.java b
public String getString()
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/OrderedTable.java bcprov-jdk16-145/org/bouncycastle/asn1/OrderedTable.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/OrderedTable.java 1970-01-01 00:00:00.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/OrderedTable.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/OrderedTable.java 2010-11-02 18:37:15.000000000 +0000
@@ -0,0 +1,281 @@
+package org.bouncycastle.asn1;
+
@@ -1316,7 +1316,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/OrderedTable.java bcprov-
+}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java 2010-11-02 18:37:15.000000000 +0000
@@ -37,10 +37,13 @@
public static EncryptedPrivateKeyInfo getInstance(
Object obj)
@@ -1334,7 +1334,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyI
return new EncryptedPrivateKeyInfo((ASN1Sequence)obj);
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java 2010-11-02 18:37:15.000000000 +0000
@@ -10,7 +10,10 @@
//
static final String pkcs_1 = "1.2.840.113549.1.1";
@@ -1361,7 +1361,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifier
// md4 OBJECT IDENTIFIER ::=
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java 2010-11-02 18:37:15.000000000 +0000
@@ -19,7 +19,9 @@
private AlgorithmIdentifier maskGenAlgorithm;
private AlgorithmIdentifier pSourceAlgorithm;
@@ -1375,7 +1375,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java 2010-11-02 18:37:15.000000000 +0000
@@ -20,7 +20,9 @@
private DERInteger saltLength;
private DERInteger trailerField;
@@ -1389,7 +1389,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java
public final static DERInteger DEFAULT_TRAILER_FIELD = new DERInteger(1);
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/util/ASN1Dump.java bcprov-jdk16-145/org/bouncycastle/asn1/util/ASN1Dump.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/util/ASN1Dump.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/util/ASN1Dump.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/util/ASN1Dump.java 2010-11-02 18:37:15.000000000 +0000
@@ -90,7 +90,9 @@
{
Object o = e.nextElement();
@@ -1403,7 +1403,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/util/ASN1Dump.java bcprov
buf.append("NULL");
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/AttCertIssuer.java bcprov-jdk16-145/org/bouncycastle/asn1/x509/AttCertIssuer.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/AttCertIssuer.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/AttCertIssuer.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/AttCertIssuer.java 2010-11-02 18:37:15.000000000 +0000
@@ -45,7 +45,7 @@
ASN1TaggedObject obj,
boolean explicit)
@@ -1415,7 +1415,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/AttCertIssuer.java b
/**
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/BasicConstraints.java bcprov-jdk16-145/org/bouncycastle/asn1/x509/BasicConstraints.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/BasicConstraints.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/BasicConstraints.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/BasicConstraints.java 2010-11-02 18:37:15.000000000 +0000
@@ -14,7 +14,9 @@
public class BasicConstraints
extends ASN1Encodable
@@ -1462,7 +1462,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/BasicConstraints.jav
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java bcprov-jdk16-145/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java 2010-11-02 18:37:15.000000000 +0000
@@ -96,11 +96,15 @@
}
if (onlyContainsUserCerts)
@@ -1501,7 +1501,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/IssuingDistributionP
seq = new DERSequence(vec);
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509Extensions.java bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509Extensions.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509Extensions.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509Extensions.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509Extensions.java 2010-11-02 18:37:15.000000000 +0000
@@ -9,6 +9,9 @@
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERObjectIdentifier;
@@ -1690,7 +1690,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509Extensions.java
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509Name.java bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509Name.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509Name.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509Name.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509Name.java 2010-11-02 18:37:15.000000000 +0000
@@ -247,8 +247,10 @@
*/
public static final Hashtable SymbolLookUp = DefaultLookUp;
@@ -2156,7 +2156,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509Name.java bcprov
{
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509NameElementList.java bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509NameElementList.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509NameElementList.java 1970-01-01 00:00:00.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509NameElementList.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509NameElementList.java 2010-11-02 18:37:15.000000000 +0000
@@ -0,0 +1,206 @@
+package org.bouncycastle.asn1.x509;
+
@@ -2366,7 +2366,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509NameElementList.
+}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509NameTokenizer.java
--- bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509NameTokenizer.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/asn1/x509/X509NameTokenizer.java 2010-11-02 18:37:15.000000000 +0000
@@ -58,6 +58,17 @@
}
else
@@ -2394,7 +2394,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.ja
\ No newline at end of file
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/PBEParametersGenerator.java bcprov-jdk16-145/org/bouncycastle/crypto/PBEParametersGenerator.java
--- bcprov-jdk16-145.orig/org/bouncycastle/crypto/PBEParametersGenerator.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/crypto/PBEParametersGenerator.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/crypto/PBEParametersGenerator.java 2010-11-02 18:37:15.000000000 +0000
@@ -136,7 +136,8 @@
public static byte[] PKCS12PasswordToBytes(
char[] password)
@@ -2414,7 +2414,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/PBEParametersGenerator.
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java bcprov-jdk16-145/org/bouncycastle/crypto/digests/OpenSSLDigest.java
--- bcprov-jdk16-145.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java 1970-01-01 00:00:00.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/crypto/digests/OpenSSLDigest.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/crypto/digests/OpenSSLDigest.java 2010-11-02 18:37:15.000000000 +0000
@@ -0,0 +1,122 @@
+/*
+ * Copyright (C) 2008 The Android Open Source Project
@@ -2540,7 +2540,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.j
+}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/engines/RC2Engine.java bcprov-jdk16-145/org/bouncycastle/crypto/engines/RC2Engine.java
--- bcprov-jdk16-145.orig/org/bouncycastle/crypto/engines/RC2Engine.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/crypto/engines/RC2Engine.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/crypto/engines/RC2Engine.java 2010-11-02 18:37:15.000000000 +0000
@@ -313,4 +313,4 @@
out[outOff + 6] = (byte)x76;
out[outOff + 7] = (byte)(x76 >> 8);
@@ -2550,7 +2550,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/engines/RC2Engine.java
\ No newline at end of file
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/macs/HMac.java bcprov-jdk16-145/org/bouncycastle/crypto/macs/HMac.java
--- bcprov-jdk16-145.orig/org/bouncycastle/crypto/macs/HMac.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/crypto/macs/HMac.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/crypto/macs/HMac.java 2010-11-02 18:37:15.000000000 +0000
@@ -32,23 +32,23 @@
{
blockLengths = new Hashtable();
@@ -2592,7 +2592,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/macs/HMac.java bcprov-j
private static int getByteLength(
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java bcprov-jdk16-145/org/bouncycastle/crypto/signers/RSADigestSigner.java
--- bcprov-jdk16-145.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/crypto/signers/RSADigestSigner.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/crypto/signers/RSADigestSigner.java 2010-11-02 18:37:15.000000000 +0000
@@ -46,8 +46,10 @@
oidMap.put("SHA-384", NISTObjectIdentifiers.id_sha384);
oidMap.put("SHA-512", NISTObjectIdentifiers.id_sha512);
@@ -2608,7 +2608,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/signers/RSADigestSigner
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java bcprov-jdk16-145/org/bouncycastle/crypto/util/PrivateKeyFactory.java
--- bcprov-jdk16-145.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/crypto/util/PrivateKeyFactory.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/crypto/util/PrivateKeyFactory.java 2010-11-02 18:37:15.000000000 +0000
@@ -7,31 +7,39 @@
import org.bouncycastle.asn1.DERInteger;
import org.bouncycastle.asn1.DERObject;
@@ -2811,7 +2811,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.
throw new RuntimeException("algorithm identifier in key not recognised");
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java bcprov-jdk16-145/org/bouncycastle/crypto/util/PublicKeyFactory.java
--- bcprov-jdk16-145.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/crypto/util/PublicKeyFactory.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/crypto/util/PublicKeyFactory.java 2010-11-02 18:37:15.000000000 +0000
@@ -10,32 +10,40 @@
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERObjectIdentifier;
@@ -3003,7 +3003,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/crypto/util/PublicKeyFactory.j
throw new RuntimeException("algorithm identifier in key not recognised");
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java bcprov-jdk16-145/org/bouncycastle/jce/PKCS10CertificationRequest.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/PKCS10CertificationRequest.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/PKCS10CertificationRequest.java 2010-11-02 18:37:15.000000000 +0000
@@ -78,8 +78,11 @@
static
@@ -3067,7 +3067,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/PKCS10CertificationRequest
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java bcprov-jdk16-145/org/bouncycastle/jce/provider/BouncyCastleProvider.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2010-11-02 18:37:15.000000000 +0000
@@ -45,7 +45,10 @@
{
private static String info = "BouncyCastle Security Provider v1.45";
@@ -4398,7 +4398,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/BouncyCastleProvi
{
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java bcprov-jdk16-145/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java 2010-11-02 18:37:15.000000000 +0000
@@ -24,6 +24,7 @@
import java.security.spec.DSAPublicKeySpec;
import java.text.ParseException;
@@ -4438,7 +4438,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/CertPathValidator
import org.bouncycastle.x509.X509AttributeCertificate;
import org.bouncycastle.x509.X509CRLStoreSelector;
import org.bouncycastle.x509.X509CertStoreSelector;
-@@ -110,29 +119,32 @@
+@@ -110,38 +119,38 @@
"privilegeWithdrawn",
"aACompromise" };
@@ -4492,9 +4492,10 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/CertPathValidator
+ // BEGIN android-changed
/**
* Search the given Set of TrustAnchor's for one that is the
- * issuer of the given X509 certificate. Uses the specified
-@@ -140,8 +152,7 @@
- * if null.
+- * issuer of the given X509 certificate. Uses the specified
+- * provider for signature verification, or the default provider
+- * if null.
++ * issuer of the given X509 certificate.
*
* @param cert the X509 certificate
- * @param trustAnchors a Set of TrustAnchor's
@@ -4503,7 +4504,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/CertPathValidator
*
* @return the <code>TrustAnchor</code> object if found or
* <code>null</code> if not.
-@@ -152,10 +163,21 @@
+@@ -152,10 +161,21 @@
*/
protected static TrustAnchor findTrustAnchor(
X509Certificate cert,
@@ -4527,7 +4528,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/CertPathValidator
TrustAnchor trust = null;
PublicKey trustPublicKey = null;
Exception invalidKeyEx = null;
-@@ -172,21 +194,49 @@
+@@ -172,7 +192,9 @@
throw new AnnotatedException("Cannot set subject search criteria for trust anchor.", ex);
}
@@ -4535,53 +4536,10 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/CertPathValidator
+ // BEGIN android-changed
+ Iterator iter = params.getTrustAnchors().iterator();
+ // END android-changed
-+ // BEGIN android-added
-+ byte[] certBytes = null;
-+ try {
-+ certBytes = cert.getEncoded();
-+ } catch (Exception e) {
-+ // ignore, just continue
-+ }
-+ // END android-added
while (iter.hasNext() && trust == null)
{
trust = (TrustAnchor) iter.next();
-- if (trust.getTrustedCert() != null)
-+ // BEGIN android-changed
-+ X509Certificate trustCert = trust.getTrustedCert();
-+ // END android-changed
-+ // BEGIN android-added
-+ // If the trust anchor is identical to the certificate we're
-+ // done. Just return the anchor.
-+ // There is similar code in PKIXCertPathValidatorSpi.
-+ try {
-+ byte[] trustBytes = trustCert.getEncoded();
-+ if (certBytes != null && Arrays.equals(trustBytes, certBytes)) {
-+ return trust;
-+ }
-+ } catch (Exception e) {
-+ // ignore, continue and verify the certificate
-+ }
-+ // END android-added
-+ // BEGIN android-changed
-+ if (trustCert != null)
- {
-- if (certSelectX509.match(trust.getTrustedCert()))
-+ if (certSelectX509.match(trustCert))
- {
-- trustPublicKey = trust.getTrustedCert().getPublicKey();
-+ trustPublicKey = trustCert.getPublicKey();
- }
- else
- {
- trust = null;
- }
- }
-+ // END android-changed
- else if (trust.getCAName() != null
- && trust.getCAPublicKey() != null)
- {
-@@ -216,7 +266,9 @@
+@@ -216,7 +238,9 @@
{
try
{
@@ -4592,7 +4550,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/CertPathValidator
}
catch (Exception ex)
{
-@@ -248,7 +300,9 @@
+@@ -248,7 +272,9 @@
{
// look for URI
List list = (List) it.next();
@@ -4603,7 +4561,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/CertPathValidator
{
// found
String temp = (String) list.get(1);
-@@ -721,38 +775,40 @@
+@@ -721,38 +747,40 @@
{
try
{
@@ -4676,7 +4634,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/CertPathValidator
}
catch (Exception e)
{
-@@ -819,35 +875,37 @@
+@@ -819,35 +847,37 @@
return certs;
}
@@ -4745,7 +4703,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/CertPathValidator
CRLDistPoint crldp, ExtendedPKIXParameters pkixParams)
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEBlockCipher.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEBlockCipher.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEBlockCipher.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEBlockCipher.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEBlockCipher.java 2010-11-02 18:37:15.000000000 +0000
@@ -7,22 +7,31 @@
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.engines.AESFastEngine;
@@ -5694,7 +5652,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEBlockCipher.ja
*/
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java 2010-11-02 18:37:15.000000000 +0000
@@ -37,9 +37,11 @@
static
@@ -5712,7 +5670,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEDHKeyAgreement
algorithms.put("DESEDE", i192);
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEDigestUtil.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEDigestUtil.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEDigestUtil.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEDigestUtil.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEDigestUtil.java 2010-11-02 18:37:15.000000000 +0000
@@ -12,7 +12,9 @@
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.digests.MD5Digest;
@@ -5795,7 +5753,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEDigestUtil.jav
|| (sha512.contains(digest1) && sha512.contains(digest2))
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEKeyGenerator.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEKeyGenerator.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEKeyGenerator.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEKeyGenerator.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEKeyGenerator.java 2010-11-02 18:37:15.000000000 +0000
@@ -145,30 +145,32 @@
}
}
@@ -6427,7 +6385,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEKeyGenerator.j
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEMac.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEMac.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEMac.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEMac.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEMac.java 2010-11-02 18:37:15.000000000 +0000
@@ -2,29 +2,43 @@
import org.bouncycastle.crypto.CipherParameters;
@@ -7180,7 +7138,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEMac.java bcpro
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSACipher.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSACipher.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSACipher.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSACipher.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSACipher.java 2010-11-02 18:37:15.000000000 +0000
@@ -534,48 +534,50 @@
}
}
@@ -7278,7 +7236,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSACipher.java
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java 2010-11-02 18:37:15.000000000 +0000
@@ -125,7 +125,9 @@
*/
public byte[] getEncoded()
@@ -7292,7 +7250,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSAPrivateCrtK
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSAPrivateKey.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSAPrivateKey.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSAPrivateKey.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSAPrivateKey.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSAPrivateKey.java 2010-11-02 18:37:15.000000000 +0000
@@ -77,7 +77,9 @@
public byte[] getEncoded()
@@ -7306,7 +7264,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSAPrivateKey.
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSAPublicKey.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSAPublicKey.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSAPublicKey.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSAPublicKey.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCERSAPublicKey.java 2010-11-02 18:37:15.000000000 +0000
@@ -90,7 +90,9 @@
public byte[] getEncoded()
@@ -7320,7 +7278,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCERSAPublicKey.j
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCESecretKeyFactory.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCESecretKeyFactory.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCESecretKeyFactory.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCESecretKeyFactory.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCESecretKeyFactory.java 2010-11-02 18:37:15.000000000 +0000
@@ -321,29 +321,31 @@
}
}
@@ -7497,7 +7455,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCESecretKeyFacto
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEStreamCipher.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEStreamCipher.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JCEStreamCipher.java 2010-11-02 18:37:15.000000000 +0000
@@ -5,17 +5,21 @@
import org.bouncycastle.crypto.DataLengthException;
import org.bouncycastle.crypto.StreamBlockCipher;
@@ -7941,7 +7899,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JCEStreamCipher.j
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java 2010-11-02 18:37:15.000000000 +0000
@@ -2,19 +2,25 @@
import org.bouncycastle.crypto.generators.DHParametersGenerator;
@@ -8368,7 +8326,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKAlgorithmParam
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java 2010-11-02 18:37:15.000000000 +0000
@@ -10,21 +10,27 @@
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
@@ -9868,7 +9826,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKAlgorithmParam
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKDSASigner.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKDSASigner.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKDSASigner.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKDSASigner.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKDSASigner.java 2010-11-02 18:37:15.000000000 +0000
@@ -22,13 +22,17 @@
import org.bouncycastle.crypto.DSA;
import org.bouncycastle.crypto.Digest;
@@ -10019,7 +9977,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKDSASigner.java
extends JDKDSASigner
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKDigestSignature.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKDigestSignature.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKDigestSignature.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKDigestSignature.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKDigestSignature.java 2010-11-02 18:37:15.000000000 +0000
@@ -23,14 +23,20 @@
import org.bouncycastle.crypto.AsymmetricBlockCipher;
import org.bouncycastle.crypto.CipherParameters;
@@ -10220,7 +10178,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKDigestSignatur
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKKeyFactory.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKKeyFactory.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKKeyFactory.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKKeyFactory.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKKeyFactory.java 2010-11-02 18:37:15.000000000 +0000
@@ -36,17 +36,21 @@
import org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
@@ -10598,7 +10556,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKKeyFactory.jav
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java 2010-11-02 18:37:15.000000000 +0000
@@ -6,9 +6,11 @@
import org.bouncycastle.crypto.generators.DHParametersGenerator;
import org.bouncycastle.crypto.generators.DSAKeyPairGenerator;
@@ -10942,7 +10900,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKKeyPairGenerat
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKKeyStore.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKKeyStore.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKKeyStore.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKKeyStore.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKKeyStore.java 2010-11-02 18:37:15.000000000 +0000
@@ -39,7 +39,12 @@
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.Digest;
@@ -11045,7 +11003,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKKeyStore.java
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKMessageDigest.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKMessageDigest.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKMessageDigest.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKMessageDigest.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKMessageDigest.java 2010-11-02 18:37:15.000000000 +0000
@@ -57,36 +57,38 @@
{
super(new SHA1Digest());
@@ -11492,7 +11450,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKMessageDigest.
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java 2010-11-02 18:37:15.000000000 +0000
@@ -255,10 +255,13 @@
}
}
@@ -11662,7 +11620,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore
return null;
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PBE.java bcprov-jdk16-145/org/bouncycastle/jce/provider/PBE.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PBE.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PBE.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PBE.java 2010-11-02 18:37:15.000000000 +0000
@@ -7,12 +7,18 @@
import org.bouncycastle.crypto.CipherParameters;
@@ -11737,7 +11695,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PBE.java bcprov-j
break;
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKCS12BagAttributeCarrierImpl.java bcprov-jdk16-145/org/bouncycastle/jce/provider/PKCS12BagAttributeCarrierImpl.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKCS12BagAttributeCarrierImpl.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKCS12BagAttributeCarrierImpl.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKCS12BagAttributeCarrierImpl.java 2010-11-02 18:37:15.000000000 +0000
@@ -1,6 +1,9 @@
package org.bouncycastle.jce.provider;
@@ -11880,7 +11838,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKCS12BagAttribut
{
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXCertPath.java bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXCertPath.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXCertPath.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXCertPath.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXCertPath.java 2010-11-02 18:37:15.000000000 +0000
@@ -33,7 +33,9 @@
import org.bouncycastle.asn1.pkcs.ContentInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
@@ -11945,7 +11903,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXCertPath.java
throw new CertificateEncodingException("unsupported encoding: " + encoding);
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java 2010-11-02 18:37:15.000000000 +0000
@@ -172,8 +172,9 @@
try
{
@@ -11960,7 +11918,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXCertPathBuild
// chains
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java 2010-11-02 18:37:15.000000000 +0000
@@ -13,6 +13,7 @@
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
@@ -11969,94 +11927,51 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXCertPathValid
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
-@@ -90,10 +91,14 @@
- // (d)
- //
- TrustAnchor trust;
+@@ -20,6 +21,10 @@
+
+ import javax.security.auth.x500.X500Principal;
+
++// BEGIN android-added
++import org.apache.harmony.xnet.provider.jsse.IndexedPKIXParameters;
++
++// END android-added
+ import org.bouncycastle.asn1.DEREncodable;
+ import org.bouncycastle.asn1.DERObjectIdentifier;
+ import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+@@ -46,6 +51,18 @@
+ + " instance.");
+ }
+
+ // BEGIN android-added
-+ X509Certificate lastCert = (X509Certificate) certs.get(certs.size() - 1);
++ IndexedPKIXParameters indexedParams;
++ if (params instanceof IndexedPKIXParameters)
++ {
++ indexedParams = (IndexedPKIXParameters)params;
++ }
++ else
++ {
++ indexedParams = null;
++ }
++
+ // END android-added
+ ExtendedPKIXParameters paramsPKIX;
+ if (params instanceof ExtendedPKIXParameters)
+ {
+@@ -92,8 +109,10 @@
+ TrustAnchor trust;
try
{
-- trust = CertPathValidatorUtilities.findTrustAnchor((X509Certificate) certs.get(certs.size() - 1),
-- paramsPKIX.getTrustAnchors(), paramsPKIX.getSigProvider());
+ // BEGIN android-changed
-+ trust = CertPathValidatorUtilities.findTrustAnchor(lastCert, paramsPKIX);
+ trust = CertPathValidatorUtilities.findTrustAnchor((X509Certificate) certs.get(certs.size() - 1),
+- paramsPKIX.getTrustAnchors(), paramsPKIX.getSigProvider());
++ indexedParams != null ? indexedParams : paramsPKIX);
+ // END android-changed
}
catch (AnnotatedException e)
{
-@@ -189,12 +194,25 @@
- X500Principal workingIssuerName;
-
- X509Certificate sign = trust.getTrustedCert();
-+ // BEGIN android-added
-+ boolean trustAnchorInChain = false;
-+ // END android-added
- try
- {
- if (sign != null)
- {
- workingIssuerName = CertPathValidatorUtilities.getSubjectPrincipal(sign);
- workingPublicKey = sign.getPublicKey();
-+ // BEGIN android-added
-+ // There is similar code in CertPathValidatorUtilities.
-+ try {
-+ byte[] trustBytes = sign.getEncoded();
-+ byte[] certBytes = lastCert.getEncoded();
-+ trustAnchorInChain = Arrays.equals(trustBytes, certBytes);
-+ } catch(Exception e) {
-+ // ignore, continue with trustAnchorInChain being false
-+ }
-+ // END android-added
- }
- else
- {
-@@ -271,8 +289,10 @@
- // 6.1.3
- //
-
-+ // BEGIN android-changed
- RFC3280CertPathUtilities.processCertA(certPath, paramsPKIX, index, workingPublicKey,
-- verificationAlreadyPerformed, workingIssuerName, sign);
-+ verificationAlreadyPerformed, workingIssuerName, sign, i, trustAnchorInChain);
-+ // END android-changed
-
- RFC3280CertPathUtilities.processCertBC(certPath, index, nameConstraintValidator);
-
-@@ -289,11 +309,18 @@
-
- if (i != n)
- {
-+ // BEGIN android-added
-+ if (!(i == 1 && trustAnchorInChain)) // if not at the root certificate
-+ {
-+ // END android-added
- if (cert != null && cert.getVersion() == 1)
- {
- throw new CertPathValidatorException("Version 1 certificates can't be used as CA ones.", null,
- certPath, index);
- }
-+ // BEGIN android-added
-+ }
-+ // END android-added
-
- RFC3280CertPathUtilities.prepareNextCertA(certPath, index);
-
-@@ -317,7 +344,9 @@
- inhibitAnyPolicy = RFC3280CertPathUtilities.prepareNextCertJ(certPath, index, inhibitAnyPolicy);
-
- // (k)
-- RFC3280CertPathUtilities.prepareNextCertK(certPath, index);
-+ // BEGIN android-changed
-+ RFC3280CertPathUtilities.prepareNextCertK(certPath, index, i, trustAnchorInChain);
-+ // END android-changed
-
- // (l)
- maxPathLength = RFC3280CertPathUtilities.prepareNextCertL(certPath, index, maxPathLength);
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java 2010-11-02 18:37:15.000000000 +0000
@@ -1533,7 +1533,9 @@
for (Enumeration e = permitted.getObjects(); e.hasMoreElements();)
{
@@ -12070,7 +11985,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/PKIXNameConstrain
subtreesMap.put(tagNo, new HashSet());
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/ProviderUtil.java bcprov-jdk16-145/org/bouncycastle/jce/provider/ProviderUtil.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/ProviderUtil.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/ProviderUtil.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/ProviderUtil.java 2010-11-02 18:37:15.000000000 +0000
@@ -1,9 +1,13 @@
package org.bouncycastle.jce.provider;
@@ -12217,69 +12132,9 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/ProviderUtil.java
static int getReadLimit(InputStream in)
throws IOException
-diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java bcprov-jdk16-145/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java
---- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java 2010-10-05 22:48:58.000000000 +0000
-@@ -1471,7 +1471,11 @@
- PublicKey workingPublicKey,
- boolean verificationAlreadyPerformed,
- X500Principal workingIssuerName,
-- X509Certificate sign)
-+ X509Certificate sign,
-+ // BEGIN android-added
-+ int i,
-+ boolean trustAnchorInChain)
-+ // END android-added
- throws ExtCertPathValidatorException
- {
- List certs = certPath.getCertificates();
-@@ -1485,8 +1489,15 @@
- {
- // (a) (1)
- //
-+ // BEGIN android-added
-+ if (!(i == 1 && trustAnchorInChain)) // if not at the root certificate
-+ {
-+ // END android-added
- CertPathValidatorUtilities.verifyX509Certificate(cert, workingPublicKey,
- paramsPKIX.getSigProvider());
-+ // BEGIN android-added
-+ }
-+ // END android-added
- }
- catch (GeneralSecurityException e)
- {
-@@ -2077,7 +2088,11 @@
-
- protected static void prepareNextCertK(
- CertPath certPath,
-- int index)
-+ int index,
-+ // BEGIN android-added
-+ int i,
-+ boolean trustAnchorInChain)
-+ // END android-added
- throws CertPathValidatorException
- {
- List certs = certPath.getCertificates();
-@@ -2105,7 +2120,14 @@
- }
- else
- {
-+ // BEGIN android-added
-+ if (!(i == 1 && trustAnchorInChain)) // if not at the root certificate
-+ {
-+ // END android-added
- throw new CertPathValidatorException("Intermediate certificate lacks BasicConstraints");
-+ // BEGIN android-added
-+ }
-+ // END android-added
- }
- }
-
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/WrapCipherSpi.java bcprov-jdk16-145/org/bouncycastle/jce/provider/WrapCipherSpi.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/WrapCipherSpi.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/WrapCipherSpi.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/WrapCipherSpi.java 2010-11-02 18:37:15.000000000 +0000
@@ -12,8 +12,10 @@
import org.bouncycastle.crypto.Wrapper;
import org.bouncycastle.crypto.engines.DESedeEngine;
@@ -12444,7 +12299,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/WrapCipherSpi.jav
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/X509CertificateObject.java bcprov-jdk16-145/org/bouncycastle/jce/provider/X509CertificateObject.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/X509CertificateObject.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/X509CertificateObject.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/X509CertificateObject.java 2010-11-02 18:37:15.000000000 +0000
@@ -518,12 +518,20 @@
return JDKKeyFactory.createPublicKeyFromPublicKeyInfo(c.getSubjectPublicKeyInfo());
}
@@ -12478,7 +12333,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/X509CertificateOb
signature = Signature.getInstance(sigName, "BC");
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java bcprov-jdk16-145/org/bouncycastle/jce/provider/X509SignatureUtil.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/X509SignatureUtil.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/X509SignatureUtil.java 2010-11-02 18:37:15.000000000 +0000
@@ -25,7 +25,9 @@
class X509SignatureUtil
@@ -12571,7 +12426,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/X509SignatureUtil
return digestAlgOID.getId();
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/symmetric/AES.java bcprov-jdk16-145/org/bouncycastle/jce/provider/symmetric/AES.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/symmetric/AES.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/symmetric/AES.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/symmetric/AES.java 2010-11-02 18:37:15.000000000 +0000
@@ -5,7 +5,9 @@
import org.bouncycastle.crypto.engines.AESEngine;
import org.bouncycastle.crypto.engines.AESFastEngine;
@@ -12808,7 +12663,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/symmetric/AES.jav
extends JDKAlgorithmParameters.IVAlgorithmParameters
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/symmetric/AESMappings.java bcprov-jdk16-145/org/bouncycastle/jce/provider/symmetric/AESMappings.java
--- bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/symmetric/AESMappings.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/jce/provider/symmetric/AESMappings.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/jce/provider/symmetric/AESMappings.java 2010-11-02 18:37:15.000000000 +0000
@@ -26,55 +26,63 @@
put("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
put("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
@@ -12914,7 +12769,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/jce/provider/symmetric/AESMapp
}
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/x509/X509Util.java bcprov-jdk16-145/org/bouncycastle/x509/X509Util.java
--- bcprov-jdk16-145.orig/org/bouncycastle/x509/X509Util.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/x509/X509Util.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/x509/X509Util.java 2010-11-02 18:37:15.000000000 +0000
@@ -43,8 +43,10 @@
static
@@ -12976,7 +12831,7 @@ diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/x509/X509Util.java bcprov-jdk1
diff -Naur bcprov-jdk16-145.orig/org/bouncycastle/x509/extension/X509ExtensionUtil.java bcprov-jdk16-145/org/bouncycastle/x509/extension/X509ExtensionUtil.java
--- bcprov-jdk16-145.orig/org/bouncycastle/x509/extension/X509ExtensionUtil.java 2010-01-11 21:46:14.000000000 +0000
-+++ bcprov-jdk16-145/org/bouncycastle/x509/extension/X509ExtensionUtil.java 2010-10-05 22:48:58.000000000 +0000
++++ bcprov-jdk16-145/org/bouncycastle/x509/extension/X509ExtensionUtil.java 2010-11-02 18:37:15.000000000 +0000
@@ -62,7 +62,9 @@
{
GeneralName genName = GeneralName.getInstance(it.nextElement());
diff --git a/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java b/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java
index d675024b..338680a0 100644
--- a/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java
+++ b/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java
@@ -147,9 +147,7 @@ public class CertPathValidatorUtilities
// BEGIN android-changed
/**
* Search the given Set of TrustAnchor's for one that is the
- * issuer of the given X509 certificate. Uses the specified
- * provider for signature verification, or the default provider
- * if null.
+ * issuer of the given X509 certificate.
*
* @param cert the X509 certificate
* @param params used to find the trust anchors and signature provider
@@ -197,46 +195,20 @@ public class CertPathValidatorUtilities
// BEGIN android-changed
Iterator iter = params.getTrustAnchors().iterator();
// END android-changed
- // BEGIN android-added
- byte[] certBytes = null;
- try {
- certBytes = cert.getEncoded();
- } catch (Exception e) {
- // ignore, just continue
- }
- // END android-added
while (iter.hasNext() && trust == null)
{
trust = (TrustAnchor) iter.next();
- // BEGIN android-changed
- X509Certificate trustCert = trust.getTrustedCert();
- // END android-changed
- // BEGIN android-added
- // If the trust anchor is identical to the certificate we're
- // done. Just return the anchor.
- // There is similar code in PKIXCertPathValidatorSpi.
- try {
- byte[] trustBytes = trustCert.getEncoded();
- if (certBytes != null && Arrays.equals(trustBytes, certBytes)) {
- return trust;
- }
- } catch (Exception e) {
- // ignore, continue and verify the certificate
- }
- // END android-added
- // BEGIN android-changed
- if (trustCert != null)
+ if (trust.getTrustedCert() != null)
{
- if (certSelectX509.match(trustCert))
+ if (certSelectX509.match(trust.getTrustedCert()))
{
- trustPublicKey = trustCert.getPublicKey();
+ trustPublicKey = trust.getTrustedCert().getPublicKey();
}
else
{
trust = null;
}
}
- // END android-changed
else if (trust.getCAName() != null
&& trust.getCAPublicKey() != null)
{
diff --git a/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java b/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
index 54b0d202..2f6c1c9a 100644
--- a/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
+++ b/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
@@ -21,6 +21,10 @@ import java.util.Set;
import javax.security.auth.x500.X500Principal;
+// BEGIN android-added
+import org.apache.harmony.xnet.provider.jsse.IndexedPKIXParameters;
+
+// END android-added
import org.bouncycastle.asn1.DEREncodable;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
@@ -47,6 +51,18 @@ public class PKIXCertPathValidatorSpi
+ " instance.");
}
+ // BEGIN android-added
+ IndexedPKIXParameters indexedParams;
+ if (params instanceof IndexedPKIXParameters)
+ {
+ indexedParams = (IndexedPKIXParameters)params;
+ }
+ else
+ {
+ indexedParams = null;
+ }
+
+ // END android-added
ExtendedPKIXParameters paramsPKIX;
if (params instanceof ExtendedPKIXParameters)
{
@@ -91,13 +107,11 @@ public class PKIXCertPathValidatorSpi
// (d)
//
TrustAnchor trust;
- // BEGIN android-added
- X509Certificate lastCert = (X509Certificate) certs.get(certs.size() - 1);
- // END android-added
try
{
// BEGIN android-changed
- trust = CertPathValidatorUtilities.findTrustAnchor(lastCert, paramsPKIX);
+ trust = CertPathValidatorUtilities.findTrustAnchor((X509Certificate) certs.get(certs.size() - 1),
+ indexedParams != null ? indexedParams : paramsPKIX);
// END android-changed
}
catch (AnnotatedException e)
@@ -194,25 +208,12 @@ public class PKIXCertPathValidatorSpi
X500Principal workingIssuerName;
X509Certificate sign = trust.getTrustedCert();
- // BEGIN android-added
- boolean trustAnchorInChain = false;
- // END android-added
try
{
if (sign != null)
{
workingIssuerName = CertPathValidatorUtilities.getSubjectPrincipal(sign);
workingPublicKey = sign.getPublicKey();
- // BEGIN android-added
- // There is similar code in CertPathValidatorUtilities.
- try {
- byte[] trustBytes = sign.getEncoded();
- byte[] certBytes = lastCert.getEncoded();
- trustAnchorInChain = Arrays.equals(trustBytes, certBytes);
- } catch(Exception e) {
- // ignore, continue with trustAnchorInChain being false
- }
- // END android-added
}
else
{
@@ -289,10 +290,8 @@ public class PKIXCertPathValidatorSpi
// 6.1.3
//
- // BEGIN android-changed
RFC3280CertPathUtilities.processCertA(certPath, paramsPKIX, index, workingPublicKey,
- verificationAlreadyPerformed, workingIssuerName, sign, i, trustAnchorInChain);
- // END android-changed
+ verificationAlreadyPerformed, workingIssuerName, sign);
RFC3280CertPathUtilities.processCertBC(certPath, index, nameConstraintValidator);
@@ -309,18 +308,11 @@ public class PKIXCertPathValidatorSpi
if (i != n)
{
- // BEGIN android-added
- if (!(i == 1 && trustAnchorInChain)) // if not at the root certificate
- {
- // END android-added
if (cert != null && cert.getVersion() == 1)
{
throw new CertPathValidatorException("Version 1 certificates can't be used as CA ones.", null,
certPath, index);
}
- // BEGIN android-added
- }
- // END android-added
RFC3280CertPathUtilities.prepareNextCertA(certPath, index);
@@ -344,9 +336,7 @@ public class PKIXCertPathValidatorSpi
inhibitAnyPolicy = RFC3280CertPathUtilities.prepareNextCertJ(certPath, index, inhibitAnyPolicy);
// (k)
- // BEGIN android-changed
- RFC3280CertPathUtilities.prepareNextCertK(certPath, index, i, trustAnchorInChain);
- // END android-changed
+ RFC3280CertPathUtilities.prepareNextCertK(certPath, index);
// (l)
maxPathLength = RFC3280CertPathUtilities.prepareNextCertL(certPath, index, maxPathLength);
diff --git a/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java b/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java
index 921ed3be..269f2952 100644
--- a/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java
+++ b/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java
@@ -1471,11 +1471,7 @@ public class RFC3280CertPathUtilities
PublicKey workingPublicKey,
boolean verificationAlreadyPerformed,
X500Principal workingIssuerName,
- X509Certificate sign,
- // BEGIN android-added
- int i,
- boolean trustAnchorInChain)
- // END android-added
+ X509Certificate sign)
throws ExtCertPathValidatorException
{
List certs = certPath.getCertificates();
@@ -1489,15 +1485,8 @@ public class RFC3280CertPathUtilities
{
// (a) (1)
//
- // BEGIN android-added
- if (!(i == 1 && trustAnchorInChain)) // if not at the root certificate
- {
- // END android-added
CertPathValidatorUtilities.verifyX509Certificate(cert, workingPublicKey,
paramsPKIX.getSigProvider());
- // BEGIN android-added
- }
- // END android-added
}
catch (GeneralSecurityException e)
{
@@ -2088,11 +2077,7 @@ public class RFC3280CertPathUtilities
protected static void prepareNextCertK(
CertPath certPath,
- int index,
- // BEGIN android-added
- int i,
- boolean trustAnchorInChain)
- // END android-added
+ int index)
throws CertPathValidatorException
{
List certs = certPath.getCertificates();
@@ -2120,14 +2105,7 @@ public class RFC3280CertPathUtilities
}
else
{
- // BEGIN android-added
- if (!(i == 1 && trustAnchorInChain)) // if not at the root certificate
- {
- // END android-added
throw new CertPathValidatorException("Intermediate certificate lacks BasicConstraints");
- // BEGIN android-added
- }
- // END android-added
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-18 05:32:36 +0000