diff options
author | Sergio Giro <sgiro@google.com> | 2016-02-04 23:52:52 +0000 |
---|---|---|
committer | Sergio Giro <sgiro@google.com> | 2016-02-09 20:06:00 +0000 |
commit | 4a2d5c40ffefaaa02c656a091f33fecdf8592607 (patch) | |
tree | 405e4e418a20cdda3f4129ef8f99df8b2ed05ac4 /bcprov/src/main/java/org/bouncycastle/jce | |
parent | 3e75bd6b407dd472c834a50f16aae54cca67ea9c (diff) | |
parent | 11975162f2da08e65157d37cd272721485f2b34b (diff) | |
download | bouncycastle-4a2d5c40ffefaaa02c656a091f33fecdf8592607.tar.gz |
bouncycastle: upgrade to version 1.54
Merge remote-tracking branch 'aosp/upstream-master'
Change-Id: I013a531855191a4fb041f7def092704d48188bc4
Diffstat (limited to 'bcprov/src/main/java/org/bouncycastle/jce')
15 files changed, 168 insertions, 114 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java b/bcprov/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java index 36706950..0c41c882 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java @@ -363,7 +363,7 @@ public class PKCS10CertificationRequest try { ASN1Sequence seq = (ASN1Sequence)ASN1Primitive.fromByteArray(key.getEncoded()); - this.reqInfo = new CertificationRequestInfo(subject, new SubjectPublicKeyInfo(seq), attributes); + this.reqInfo = new CertificationRequestInfo(subject, SubjectPublicKeyInfo.getInstance(seq), attributes); } catch (IOException e) { @@ -414,7 +414,7 @@ public class PKCS10CertificationRequest try { - X509EncodedKeySpec xspec = new X509EncodedKeySpec(new DERBitString(subjectPKInfo).getBytes()); + X509EncodedKeySpec xspec = new X509EncodedKeySpec(new DERBitString(subjectPKInfo).getOctets()); AlgorithmIdentifier keyAlg = subjectPKInfo.getAlgorithm(); try { @@ -432,9 +432,9 @@ public class PKCS10CertificationRequest // // try an alternate // - if (keyAlgorithms.get(keyAlg.getObjectId()) != null) + if (keyAlgorithms.get(keyAlg.getAlgorithm()) != null) { - String keyAlgorithm = (String)keyAlgorithms.get(keyAlg.getObjectId()); + String keyAlgorithm = (String)keyAlgorithms.get(keyAlg.getAlgorithm()); if (provider == null) { @@ -507,9 +507,9 @@ public class PKCS10CertificationRequest // // try an alternate // - if (oids.get(sigAlgId.getObjectId()) != null) + if (oids.get(sigAlgId.getAlgorithm()) != null) { - String signatureAlgorithm = (String)oids.get(sigAlgId.getObjectId()); + String signatureAlgorithm = (String)oids.get(sigAlgId.getAlgorithm()); if (provider == null) { @@ -539,7 +539,7 @@ public class PKCS10CertificationRequest throw new SignatureException("exception encoding TBS cert request - " + e); } - return sig.verify(sigBits.getBytes()); + return sig.verify(sigBits.getOctets()); } /** @@ -596,14 +596,14 @@ public class PKCS10CertificationRequest if (params != null && !DERNull.INSTANCE.equals(params)) { - if (sigAlgId.getObjectId().equals(PKCSObjectIdentifiers.id_RSASSA_PSS)) + if (sigAlgId.getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS)) { RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params); - return getDigestAlgName(rsaParams.getHashAlgorithm().getObjectId()) + "withRSAandMGF1"; + return getDigestAlgName(rsaParams.getHashAlgorithm().getAlgorithm()) + "withRSAandMGF1"; } } - return sigAlgId.getObjectId().getId(); + return sigAlgId.getAlgorithm().getId(); } private static String getDigestAlgName( diff --git a/bcprov/src/main/java/org/bouncycastle/jce/netscape/NetscapeCertRequest.java b/bcprov/src/main/java/org/bouncycastle/jce/netscape/NetscapeCertRequest.java index 39dd35ad..f8a1a6fd 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/netscape/NetscapeCertRequest.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/netscape/NetscapeCertRequest.java @@ -86,9 +86,8 @@ public class NetscapeCertRequest + spkac.size()); } - sigAlg = new AlgorithmIdentifier((ASN1Sequence)spkac - .getObjectAt(1)); - sigBits = ((DERBitString)spkac.getObjectAt(2)).getBytes(); + sigAlg = AlgorithmIdentifier.getInstance(spkac.getObjectAt(1)); + sigBits = ((DERBitString)spkac.getObjectAt(2)).getOctets(); // // PublicKeyAndChallenge ::= SEQUENCE { @@ -110,14 +109,13 @@ public class NetscapeCertRequest //could potentially alter the bytes content = new DERBitString(pkac); - SubjectPublicKeyInfo pubkeyinfo = new SubjectPublicKeyInfo( - (ASN1Sequence)pkac.getObjectAt(0)); + SubjectPublicKeyInfo pubkeyinfo = SubjectPublicKeyInfo.getInstance(pkac.getObjectAt(0)); X509EncodedKeySpec xspec = new X509EncodedKeySpec(new DERBitString( pubkeyinfo).getBytes()); - keyAlg = pubkeyinfo.getAlgorithmId(); - pubkey = KeyFactory.getInstance(keyAlg.getObjectId().getId(), "BC") + keyAlg = pubkeyinfo.getAlgorithm(); + pubkey = KeyFactory.getInstance(keyAlg.getAlgorithm().getId(), "BC") .generatePublic(xspec); } @@ -205,7 +203,7 @@ public class NetscapeCertRequest // Verify the signature .. shows the response was generated // by someone who knew the associated private key // - Signature sig = Signature.getInstance(sigAlg.getObjectId().getId(), + Signature sig = Signature.getInstance(sigAlg.getAlgorithm().getId(), "BC"); sig.initVerify(pubkey); sig.update(content.getBytes()); diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java index 82c6a5a8..00f23e8d 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java @@ -44,7 +44,7 @@ import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter; public final class BouncyCastleProvider extends Provider implements ConfigurableProvider { - private static String info = "BouncyCastle Security Provider v1.52"; + private static String info = "BouncyCastle Security Provider v1.54"; public static final String PROVIDER_NAME = "BC"; @@ -74,8 +74,8 @@ public final class BouncyCastleProvider extends Provider // BEGIN android-removed // "AES", "ARC4", "Blowfish", "Camellia", "CAST5", "CAST6", "ChaCha", "DES", "DESede", // "GOST28147", "Grainv1", "Grain128", "HC128", "HC256", "IDEA", "Noekeon", "RC2", "RC5", - // "RC6", "Rijndael", "Salsa20", "SEED", "Serpent", "Shacal2", "Skipjack", "TEA", "Twofish", "Threefish", - // "VMPC", "VMPCKSA3", "XTEA", "XSalsa20" + // "RC6", "Rijndael", "Salsa20", "SEED", "Serpent", "Shacal2", "Skipjack", "SM4", "TEA", "Twofish", "Threefish", + // "VMPC", "VMPCKSA3", "XTEA", "XSalsa20", "OpenSSLPBKDF" // END android-removed // BEGIN android-added "AES", "ARC4", "Blowfish", "DES", "DESede", "RC2", "Twofish", @@ -116,7 +116,8 @@ public final class BouncyCastleProvider extends Provider private static final String[] DIGESTS = { // BEGIN android-removed - // "GOST3411", "MD2", "MD4", "MD5", "SHA1", "RIPEMD128", "RIPEMD160", "RIPEMD256", "RIPEMD320", "SHA224", "SHA256", "SHA384", "SHA512", "SHA3", "Skein", "SM3", "Tiger", "Whirlpool" + // "GOST3411", "Keccak", "MD2", "MD4", "MD5", "SHA1", "RIPEMD128", "RIPEMD160", "RIPEMD256", "RIPEMD320", "SHA224", + // "SHA256", "SHA384", "SHA512", "SHA3", "Skein", "SM3", "Tiger", "Whirlpool", "Blake2b" // END android-removed // BEGIN android-added "MD5", "SHA1", "SHA224", "SHA256", "SHA384", "SHA512", @@ -139,7 +140,7 @@ public final class BouncyCastleProvider extends Provider */ public BouncyCastleProvider() { - super(PROVIDER_NAME, 1.52, info); + super(PROVIDER_NAME, 1.54, info); AccessController.doPrivileged(new PrivilegedAction() { @@ -276,6 +277,12 @@ public final class BouncyCastleProvider extends Provider put(key, value); } + public void addAlgorithm(String type, ASN1ObjectIdentifier oid, String className) + { + addAlgorithm(type + "." + oid, className); + addAlgorithm(type + ".OID." + oid, className); + } + public void addKeyInfoConverter(ASN1ObjectIdentifier oid, AsymmetricKeyInfoConverter keyInfoConverter) { keyInfoConverters.put(oid, keyInfoConverter); diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java index f53f3ac7..b6a9d6a5 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java @@ -35,6 +35,7 @@ import java.util.LinkedHashSet; import java.util.List; import java.util.Map; import java.util.Set; + import javax.security.auth.x500.X500Principal; import org.bouncycastle.asn1.ASN1Encodable; @@ -720,14 +721,7 @@ class CertPathValidatorUtilities for (int j = 0; j < genNames.length; j++) { - // BEGIN android-removed - // PKIXCRLStore store = namedCRLStoreMap.get(genNames[i]); - // END android-removed - // BEGIN android-added - // Seems like a bug, unless there should be a guarantee that j < i, - // However, it's breaking the tests. PKIXCRLStore store = namedCRLStoreMap.get(genNames[j]); - // END android-added if (store != null) { stores.add(store); @@ -900,25 +894,16 @@ class CertPathValidatorUtilities { return; } - // BEGIN android-removed - // X500Name certIssuer = X500Name.getInstance(crl_entry.getCertificateIssuer().getEncoded()); - // END android-removed - // BEGIN android-added - // The original code throws null pointer exception for OpenSSLX509CRL, - // which uses the implementation for getCertificateIssuer() in X509CRL, method - // whose reference implementation has the following JavaDoc: "If the certificate - // issuer is also the CRL issuer, this method returns null." - X500Name certIssuer = null; - X500Principal certificateIssuerPrincipal = crl_entry.getCertificateIssuer(); - if (certificateIssuerPrincipal != null) { - certIssuer = X500Name.getInstance(certificateIssuerPrincipal.getEncoded()); - } - // END android-added - - if (certIssuer == null) + X500Principal certificateIssuer = crl_entry.getCertificateIssuer(); + X500Name certIssuer; + if (certificateIssuer == null) { certIssuer = PrincipalUtils.getIssuerPrincipal(crl); } + else + { + certIssuer = X500Name.getInstance(certificateIssuer.getEncoded()); + } if (! PrincipalUtils.getEncodedIssuerPrincipal(cert).equals(certIssuer)) { diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java index f5af73a8..20ca6f27 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java @@ -39,6 +39,7 @@ import org.bouncycastle.jce.interfaces.ECPointEncoder; import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; import org.bouncycastle.jce.spec.ECNamedCurveSpec; import org.bouncycastle.math.ec.ECCurve; +import org.bouncycastle.util.Strings; public class JCEECPrivateKey implements ECPrivateKey, org.bouncycastle.jce.interfaces.ECPrivateKey, PKCS12BagAttributeCarrier, ECPointEncoder @@ -432,7 +433,7 @@ public class JCEECPrivateKey public String toString() { StringBuffer buf = new StringBuffer(); - String nl = System.getProperty("line.separator"); + String nl = Strings.lineSeparator(); buf.append("EC Private Key").append(nl); buf.append(" S: ").append(this.d.toString(16)).append(nl); diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java index 10dfb48e..94fb7289 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java @@ -46,6 +46,7 @@ import org.bouncycastle.jce.spec.ECNamedCurveSpec; import org.bouncycastle.math.ec.ECCurve; import org.bouncycastle.math.ec.custom.sec.SecP256K1Point; import org.bouncycastle.math.ec.custom.sec.SecP256R1Point; +import org.bouncycastle.util.Strings; public class JCEECPublicKey implements ECPublicKey, org.bouncycastle.jce.interfaces.ECPublicKey, ECPointEncoder @@ -191,7 +192,8 @@ public class JCEECPublicKey private void populateFromPubKeyInfo(SubjectPublicKeyInfo info) { - // if (info.getAlgorithmId().getObjectId().equals(CryptoProObjectIdentifiers.gostR3410_2001)) + // BEGIN android-removed + // if (info.getAlgorithmId().getAlgorithm().equals(CryptoProObjectIdentifiers.gostR3410_2001)) // { // DERBitString bits = info.getPublicKeyData(); // ASN1OctetString key; @@ -478,7 +480,7 @@ public class JCEECPublicKey public String toString() { StringBuffer buf = new StringBuffer(); - String nl = System.getProperty("line.separator"); + String nl = Strings.lineSeparator(); buf.append("EC Public Key").append(nl); buf.append(" X: ").append(this.q.getAffineXCoord().toBigInteger().toString(16)).append(nl); diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java index f9bb5dd3..40f007f3 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java @@ -12,6 +12,7 @@ import org.bouncycastle.asn1.pkcs.RSAPrivateKey; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters; import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; +import org.bouncycastle.util.Strings; /** * A provider representation for a RSA private key, with CRT factors included. @@ -224,7 +225,7 @@ public class JCERSAPrivateCrtKey public String toString() { StringBuffer buf = new StringBuffer(); - String nl = System.getProperty("line.separator"); + String nl = Strings.lineSeparator(); buf.append("RSA Private CRT Key").append(nl); buf.append(" modulus: ").append(this.getModulus().toString(16)).append(nl); diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCERSAPublicKey.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCERSAPublicKey.java index a09295d5..adf0e3e8 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCERSAPublicKey.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCERSAPublicKey.java @@ -5,14 +5,13 @@ import java.math.BigInteger; import java.security.interfaces.RSAPublicKey; import java.security.spec.RSAPublicKeySpec; -import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DERNull; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.RSAPublicKeyStructure; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.crypto.params.RSAKeyParameters; import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; +import org.bouncycastle.util.Strings; public class JCERSAPublicKey implements RSAPublicKey @@ -48,7 +47,7 @@ public class JCERSAPublicKey { try { - RSAPublicKeyStructure pubKey = new RSAPublicKeyStructure((ASN1Sequence)info.parsePublicKey()); + org.bouncycastle.asn1.pkcs.RSAPublicKey pubKey = org.bouncycastle.asn1.pkcs.RSAPublicKey.getInstance(info.parsePublicKey()); this.modulus = pubKey.getModulus(); this.publicExponent = pubKey.getPublicExponent(); @@ -91,7 +90,7 @@ public class JCERSAPublicKey public byte[] getEncoded() { - return KeyUtil.getEncodedSubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new RSAPublicKeyStructure(getModulus(), getPublicExponent())); + return KeyUtil.getEncodedSubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new org.bouncycastle.asn1.pkcs.RSAPublicKey(getModulus(), getPublicExponent())); } public int hashCode() @@ -120,7 +119,7 @@ public class JCERSAPublicKey public String toString() { StringBuffer buf = new StringBuffer(); - String nl = System.getProperty("line.separator"); + String nl = Strings.lineSeparator(); buf.append("RSA Public Key").append(nl); buf.append(" modulus: ").append(this.getModulus().toString(16)).append(nl); diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKDSAPublicKey.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKDSAPublicKey.java index 80bbf3c5..95a1ad74 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKDSAPublicKey.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/JDKDSAPublicKey.java @@ -18,6 +18,7 @@ import org.bouncycastle.asn1.x509.DSAParameter; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.crypto.params.DSAPublicKeyParameters; +import org.bouncycastle.util.Strings; public class JDKDSAPublicKey implements DSAPublicKey @@ -126,7 +127,7 @@ public class JDKDSAPublicKey public String toString() { StringBuffer buf = new StringBuffer(); - String nl = System.getProperty("line.separator"); + String nl = Strings.lineSeparator(); buf.append("DSA Public Key").append(nl); buf.append(" y: ").append(this.getY().toString(16)).append(nl); diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java index b7133951..dfe9cef5 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java @@ -44,16 +44,6 @@ public class PKIXCertPathBuilderSpi public CertPathBuilderResult engineBuild(CertPathParameters params) throws CertPathBuilderException, InvalidAlgorithmParameterException { - if (!(params instanceof PKIXBuilderParameters) - && !(params instanceof ExtendedPKIXBuilderParameters) - && !(params instanceof PKIXExtendedBuilderParameters)) - { - throw new InvalidAlgorithmParameterException( - "Parameters must be an instance of " - + PKIXBuilderParameters.class.getName() + " or " - + PKIXExtendedBuilderParameters.class.getName() + "."); - } - PKIXExtendedBuilderParameters paramsPKIX; if (params instanceof PKIXBuilderParameters) { @@ -81,10 +71,17 @@ public class PKIXCertPathBuilderSpi paramsPKIX = paramsBldrPKIXBldr.build(); } - else + else if (params instanceof PKIXExtendedBuilderParameters) { paramsPKIX = (PKIXExtendedBuilderParameters)params; } + else + { + throw new InvalidAlgorithmParameterException( + "Parameters must be an instance of " + + PKIXBuilderParameters.class.getName() + " or " + + PKIXExtendedBuilderParameters.class.getName() + "."); + } Collection targets; Iterator targetIter; diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java index 3fdedad0..5d49d889 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java @@ -25,6 +25,7 @@ import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.asn1.x509.Extension; import org.bouncycastle.jcajce.PKIXExtendedBuilderParameters; import org.bouncycastle.jcajce.PKIXExtendedParameters; import org.bouncycastle.jcajce.util.BCJcaJceHelper; @@ -56,12 +57,6 @@ public class PKIXCertPathValidatorSpi throws CertPathValidatorException, InvalidAlgorithmParameterException { - if (!(params instanceof CertPathParameters)) - { - throw new InvalidAlgorithmParameterException("Parameters must be a " + PKIXParameters.class.getName() - + " instance."); - } - PKIXExtendedParameters paramsPKIX; if (params instanceof PKIXParameters) { @@ -81,18 +76,14 @@ public class PKIXCertPathValidatorSpi { paramsPKIX = ((PKIXExtendedBuilderParameters)params).getBaseParameters(); } - // BEGIN android-changed - // else else if (params instanceof PKIXExtendedParameters) - // END android-changed { paramsPKIX = (PKIXExtendedParameters)params; } - // BEGIN android-added - else { - throw new InvalidAlgorithmParameterException("Expecting PKIX algorithm parameters"); + else + { + throw new InvalidAlgorithmParameterException("Parameters must be a " + PKIXParameters.class.getName() + " instance."); } - // END android-added if (paramsPKIX.getTrustAnchors() == null) { @@ -112,7 +103,7 @@ public class PKIXCertPathValidatorSpi if (certs.isEmpty()) { - throw new CertPathValidatorException("Certification path is empty.", null, certPath, 0); + throw new CertPathValidatorException("Certification path is empty.", null, certPath, -1); } // BEGIN android-added { @@ -476,6 +467,7 @@ public class PKIXCertPathValidatorSpi criticalExtensions.remove(RFC3280CertPathUtilities.SUBJECT_ALTERNATIVE_NAME); criticalExtensions.remove(RFC3280CertPathUtilities.NAME_CONSTRAINTS); criticalExtensions.remove(RFC3280CertPathUtilities.CRL_DISTRIBUTION_POINTS); + criticalExtensions.remove(Extension.extendedKeyUsage.getId()); } else { diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CRLEntryObject.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CRLEntryObject.java index 7e76a897..d5e23382 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CRLEntryObject.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CRLEntryObject.java @@ -24,6 +24,7 @@ import org.bouncycastle.asn1.x509.GeneralName; import org.bouncycastle.asn1.x509.GeneralNames; import org.bouncycastle.asn1.x509.TBSCertList; import org.bouncycastle.asn1.x509.X509Extension; +import org.bouncycastle.util.Strings; /** * The following extensions are listed in RFC 2459 as relevant to CRL Entries @@ -259,7 +260,7 @@ public class X509CRLEntryObject extends X509CRLEntry public String toString() { StringBuffer buf = new StringBuffer(); - String nl = System.getProperty("line.separator"); + String nl = Strings.lineSeparator(); buf.append(" userCertificate: ").append(this.getSerialNumber()).append(nl); buf.append(" revocationDate: ").append(this.getRevocationDate()).append(nl); diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CRLObject.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CRLObject.java index c9ee77c8..b6885ace 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CRLObject.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CRLObject.java @@ -6,6 +6,7 @@ import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.Principal; +import java.security.Provider; import java.security.PublicKey; import java.security.Signature; import java.security.SignatureException; @@ -41,6 +42,7 @@ import org.bouncycastle.asn1.x509.GeneralNames; import org.bouncycastle.asn1.x509.IssuingDistributionPoint; import org.bouncycastle.asn1.x509.TBSCertList; import org.bouncycastle.jce.X509Principal; +import org.bouncycastle.util.Strings; import org.bouncycastle.util.encoders.Hex; /** @@ -201,21 +203,45 @@ public class X509CRLObject } public void verify(PublicKey key) - throws CRLException, NoSuchAlgorithmException, - InvalidKeyException, NoSuchProviderException, SignatureException + throws CRLException, NoSuchAlgorithmException, + InvalidKeyException, NoSuchProviderException, SignatureException { - verify(key, BouncyCastleProvider.PROVIDER_NAME); + Signature sig; + + try + { + sig = Signature.getInstance(getSigAlgName(), BouncyCastleProvider.PROVIDER_NAME); + } + catch (Exception e) + { + sig = Signature.getInstance(getSigAlgName()); + } + + doVerify(key, sig); } public void verify(PublicKey key, String sigProvider) throws CRLException, NoSuchAlgorithmException, - InvalidKeyException, NoSuchProviderException, SignatureException + InvalidKeyException, NoSuchProviderException, SignatureException { - if (!c.getSignatureAlgorithm().equals(c.getTBSCertList().getSignature())) + Signature sig; + + if (sigProvider != null) { - throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList."); + sig = Signature.getInstance(getSigAlgName(), sigProvider); + } + else + { + sig = Signature.getInstance(getSigAlgName()); } + doVerify(key, sig); + } + + public void verify(PublicKey key, Provider sigProvider) + throws CRLException, NoSuchAlgorithmException, + InvalidKeyException, SignatureException + { Signature sig; if (sigProvider != null) @@ -227,6 +253,18 @@ public class X509CRLObject sig = Signature.getInstance(getSigAlgName()); } + doVerify(key, sig); + } + + private void doVerify(PublicKey key, Signature sig) + throws CRLException, NoSuchAlgorithmException, + InvalidKeyException, SignatureException + { + if (!c.getSignatureAlgorithm().equals(c.getTBSCertList().getSignature())) + { + throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList."); + } + sig.initVerify(key); sig.update(this.getTBSCertList()); @@ -353,7 +391,7 @@ public class X509CRLObject public byte[] getSignature() { - return c.getSignature().getBytes(); + return c.getSignature().getOctets(); } public String getSigAlgName() @@ -388,7 +426,7 @@ public class X509CRLObject public String toString() { StringBuffer buf = new StringBuffer(); - String nl = System.getProperty("line.separator"); + String nl = Strings.lineSeparator(); buf.append(" Version: ").append(this.getVersion()).append( nl); diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java index 0ae61d23..09703f4c 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java @@ -32,6 +32,7 @@ import java.util.Set; import javax.security.auth.x500.X500Principal; +import org.bouncycastle.asn1.ASN1BitString; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1Encoding; import org.bouncycastle.asn1.ASN1InputStream; @@ -65,6 +66,7 @@ import org.bouncycastle.jce.X509Principal; import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; import org.bouncycastle.util.Arrays; import org.bouncycastle.util.Integers; +import org.bouncycastle.util.Strings; import org.bouncycastle.util.encoders.Hex; public class X509CertificateObject @@ -104,7 +106,7 @@ public class X509CertificateObject byte[] bytes = this.getExtensionBytes("2.5.29.15"); if (bytes != null) { - DERBitString bits = DERBitString.getInstance(ASN1Primitive.fromByteArray(bytes)); + ASN1BitString bits = DERBitString.getInstance(ASN1Primitive.fromByteArray(bytes)); bytes = bits.getBytes(); int length = (bytes.length * 8) - bits.getPadBits(); @@ -234,7 +236,7 @@ public class X509CertificateObject public byte[] getSignature() { - return c.getSignature().getBytes(); + return c.getSignature().getOctets(); } /** @@ -664,7 +666,7 @@ public class X509CertificateObject public String toString() { StringBuffer buf = new StringBuffer(); - String nl = System.getProperty("line.separator"); + String nl = Strings.lineSeparator(); buf.append(" [0] Version: ").append(this.getVersion()).append(nl); buf.append(" SerialNumber: ").append(this.getSerialNumber()).append(nl); @@ -783,12 +785,42 @@ public class X509CertificateObject throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException { - String sigName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm()); - Signature signature = Signature.getInstance(sigName, sigProvider); + String sigName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm()); + Signature signature; + + if (sigProvider != null) + { + signature = Signature.getInstance(sigName, sigProvider); + } + else + { + signature = Signature.getInstance(sigName); + } checkSignature(key, signature); } + public final void verify( + PublicKey key, + Provider sigProvider) + throws CertificateException, NoSuchAlgorithmException, + InvalidKeyException, SignatureException + { + String sigName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm()); + Signature signature; + + if (sigProvider != null) + { + signature = Signature.getInstance(sigName, sigProvider); + } + else + { + signature = Signature.getInstance(sigName); + } + + checkSignature(key, signature); + } + private void checkSignature( PublicKey key, Signature signature) diff --git a/bcprov/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveSpec.java b/bcprov/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveSpec.java index c1b5ccc6..36aa595e 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveSpec.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveSpec.java @@ -1,6 +1,7 @@ package org.bouncycastle.jce.spec; import java.math.BigInteger; +import java.security.spec.ECField; import java.security.spec.ECFieldF2m; import java.security.spec.ECFieldFp; import java.security.spec.ECPoint; @@ -8,6 +9,10 @@ import java.security.spec.EllipticCurve; import org.bouncycastle.math.ec.ECAlgorithms; import org.bouncycastle.math.ec.ECCurve; +import org.bouncycastle.math.field.FiniteField; +import org.bouncycastle.math.field.Polynomial; +import org.bouncycastle.math.field.PolynomialExtensionField; +import org.bouncycastle.util.Arrays; /** * specification signifying that the curve parameters can also be @@ -22,29 +27,24 @@ public class ECNamedCurveSpec ECCurve curve, byte[] seed) { - if (ECAlgorithms.isFpCurve(curve)) + ECField field = convertField(curve.getField()); + BigInteger a = curve.getA().toBigInteger(), b = curve.getB().toBigInteger(); + return new EllipticCurve(field, a, b, seed); + } + + private static ECField convertField(FiniteField field) + { + if (ECAlgorithms.isFpField(field)) { - return new EllipticCurve(new ECFieldFp(curve.getField().getCharacteristic()), curve.getA().toBigInteger(), curve.getB().toBigInteger(), seed); + return new ECFieldFp(field.getCharacteristic()); } - else + else //if (ECAlgorithms.isF2mField(curveField)) { - ECCurve.F2m curveF2m = (ECCurve.F2m)curve; - int ks[]; - - if (curveF2m.isTrinomial()) - { - ks = new int[] { curveF2m.getK1() }; - - return new EllipticCurve(new ECFieldF2m(curveF2m.getM(), ks), curve.getA().toBigInteger(), curve.getB().toBigInteger(), seed); - } - else - { - ks = new int[] { curveF2m.getK3(), curveF2m.getK2(), curveF2m.getK1() }; - - return new EllipticCurve(new ECFieldF2m(curveF2m.getM(), ks), curve.getA().toBigInteger(), curve.getB().toBigInteger(), seed); - } + Polynomial poly = ((PolynomialExtensionField)field).getMinimalPolynomial(); + int[] exponents = poly.getExponentsPresent(); + int[] ks = Arrays.reverse(Arrays.copyOfRange(exponents, 1, exponents.length - 1)); + return new ECFieldF2m(poly.getDegree(), ks); } - } private static ECPoint convertPoint( |