diff options
author | Sergio Giro <sgiro@google.com> | 2017-01-04 18:16:22 +0000 |
---|---|---|
committer | Sergio Giro <sgiro@google.com> | 2017-01-19 19:49:45 +0000 |
commit | 7dad97b63c47edea4e3afb374dcd00c7b7a1bdd4 (patch) | |
tree | 8ebc72ead6f9a80938fdba92e217da96ee451037 /bcprov/src/main/java/org/bouncycastle/jce | |
parent | fba1a1dba277746d3be0667de9eb4b98494a1963 (diff) | |
parent | eaf604a467ff401cd0e0f74051ff5afa9e07359d (diff) | |
download | bouncycastle-7dad97b63c47edea4e3afb374dcd00c7b7a1bdd4.tar.gz |
bouncycastle: upgrade to version 1.56
Merge remote-tracking branch 'aosp/upstream-master' into merge-to-156
Test: ran the following cts modules: CtsLibcoreFileIOTestCases CtsLibcoreJavaUtilCollectionsTestCases CtsLibcoreJsr166TestCases CtsLibcoreLegacy22TestCases CtsLibcoreOjTestCases CtsLibcoreOkHttpTestCases CtsLibcoreTestCases
Bug: 31076342
Change-Id: Iceb926dc5a312b2047bf19d1c82fb16e42bc1461
Diffstat (limited to 'bcprov/src/main/java/org/bouncycastle/jce')
4 files changed, 74 insertions, 8 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java index e5463aa0..6a7c9e62 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java @@ -44,7 +44,7 @@ import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter; public final class BouncyCastleProvider extends Provider implements ConfigurableProvider { - private static String info = "BouncyCastle Security Provider v1.54"; + private static String info = "BouncyCastle Security Provider v1.56"; public static final String PROVIDER_NAME = "BC"; @@ -60,14 +60,14 @@ public final class BouncyCastleProvider extends Provider private static final String[] SYMMETRIC_GENERIC = { // BEGIN android-changed - // Was: "PBEPBKDF2", "PBEPKCS12" + // Was: "PBEPBKDF2", "TLSKDF" "PBEPBKDF2", "PBEPKCS12", "PBES2AlgorithmParameters" }; private static final String[] SYMMETRIC_MACS = { // BEGIN android-removed - // "SipHash" + // "SipHash", "Poly1305" // END android-removed }; @@ -132,9 +132,19 @@ public final class BouncyCastleProvider extends Provider private static final String KEYSTORE_PACKAGE = "org.bouncycastle.jcajce.provider.keystore."; private static final String[] KEYSTORES = { - "BC", "PKCS12" + "BC", "BCFKS", "PKCS12" }; + // BEGIN android-removed + // /* + // * Configurable secure random + // */ + // private static final String SECURE_RANDOM_PACKAGE = "org.bouncycastle.jcajce.provider.drbg."; + // private static final String[] SECURE_RANDOMS = + // { + // "DRBG" + // }; + /** * Construct a new provider. This should only be required when * using runtime registration of the provider using the @@ -142,7 +152,7 @@ public final class BouncyCastleProvider extends Provider */ public BouncyCastleProvider() { - super(PROVIDER_NAME, 1.54, info); + super(PROVIDER_NAME, 1.56, info); AccessController.doPrivileged(new PrivilegedAction() { @@ -171,6 +181,8 @@ public final class BouncyCastleProvider extends Provider loadAlgorithms(KEYSTORE_PACKAGE, KEYSTORES); // BEGIN android-removed + // loadAlgorithms(SECURE_RANDOM_PACKAGE, SECURE_RANDOMS); + // // // // // X509Store // // @@ -287,13 +299,24 @@ public final class BouncyCastleProvider extends Provider public void addKeyInfoConverter(ASN1ObjectIdentifier oid, AsymmetricKeyInfoConverter keyInfoConverter) { - keyInfoConverters.put(oid, keyInfoConverter); + synchronized (keyInfoConverters) + { + keyInfoConverters.put(oid, keyInfoConverter); + } + } + + private static AsymmetricKeyInfoConverter getAsymmetricKeyInfoConverter(ASN1ObjectIdentifier algorithm) + { + synchronized (keyInfoConverters) + { + return (AsymmetricKeyInfoConverter)keyInfoConverters.get(algorithm); + } } public static PublicKey getPublicKey(SubjectPublicKeyInfo publicKeyInfo) throws IOException { - AsymmetricKeyInfoConverter converter = (AsymmetricKeyInfoConverter)keyInfoConverters.get(publicKeyInfo.getAlgorithm().getAlgorithm()); + AsymmetricKeyInfoConverter converter = getAsymmetricKeyInfoConverter(publicKeyInfo.getAlgorithm().getAlgorithm()); if (converter == null) { @@ -306,7 +329,7 @@ public final class BouncyCastleProvider extends Provider public static PrivateKey getPrivateKey(PrivateKeyInfo privateKeyInfo) throws IOException { - AsymmetricKeyInfoConverter converter = (AsymmetricKeyInfoConverter)keyInfoConverters.get(privateKeyInfo.getPrivateKeyAlgorithm().getAlgorithm()); + AsymmetricKeyInfoConverter converter = getAsymmetricKeyInfoConverter(privateKeyInfo.getPrivateKeyAlgorithm().getAlgorithm()); if (converter == null) { diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProviderConfiguration.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProviderConfiguration.java index cda05e83..f89b9fd7 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProviderConfiguration.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProviderConfiguration.java @@ -1,6 +1,11 @@ package org.bouncycastle.jce.provider; import java.security.Permission; +import java.util.Collections; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Map; +import java.util.Set; import javax.crypto.spec.DHParameterSpec; @@ -21,12 +26,18 @@ class BouncyCastleProviderConfiguration BouncyCastleProvider.PROVIDER_NAME, ConfigurableProvider.THREAD_LOCAL_DH_DEFAULT_PARAMS); private static Permission BC_DH_PERMISSION = new ProviderConfigurationPermission( BouncyCastleProvider.PROVIDER_NAME, ConfigurableProvider.DH_DEFAULT_PARAMS); + private static Permission BC_EC_CURVE_PERMISSION = new ProviderConfigurationPermission( + BouncyCastleProvider.PROVIDER_NAME, ConfigurableProvider.ACCEPTABLE_EC_CURVES); + private static Permission BC_ADDITIONAL_EC_CURVE_PERMISSION = new ProviderConfigurationPermission( + BouncyCastleProvider.PROVIDER_NAME, ConfigurableProvider.ADDITIONAL_EC_PARAMETERS); private ThreadLocal ecThreadSpec = new ThreadLocal(); private ThreadLocal dhThreadSpec = new ThreadLocal(); private volatile ECParameterSpec ecImplicitCaParams; private volatile Object dhDefaultParams; + private volatile Set acceptableNamedCurves = new HashSet(); + private volatile Map additionalECParameters = new HashMap(); void setParameter(String parameterName, Object parameter) { @@ -118,6 +129,24 @@ class BouncyCastleProviderConfiguration throw new IllegalArgumentException("not a valid DHParameterSpec or DHParameterSpec[]"); } } + else if (parameterName.equals(ConfigurableProvider.ACCEPTABLE_EC_CURVES)) + { + if (securityManager != null) + { + securityManager.checkPermission(BC_EC_CURVE_PERMISSION); + } + + this.acceptableNamedCurves = (Set)parameter; + } + else if (parameterName.equals(ConfigurableProvider.ADDITIONAL_EC_PARAMETERS)) + { + if (securityManager != null) + { + securityManager.checkPermission(BC_ADDITIONAL_EC_CURVE_PERMISSION); + } + + this.additionalECParameters = (Map)parameter; + } } public ECParameterSpec getEcImplicitlyCa() @@ -164,4 +193,14 @@ class BouncyCastleProviderConfiguration return null; } + + public Set getAcceptableNamedCurves() + { + return Collections.unmodifiableSet(acceptableNamedCurves); + } + + public Map getAdditionalECParameters() + { + return Collections.unmodifiableMap(additionalECParameters); + } } diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CRLObject.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CRLObject.java index b6885ace..b8308207 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CRLObject.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CRLObject.java @@ -53,6 +53,7 @@ import org.bouncycastle.util.encoders.Hex; * CRL Number * Delta CRL Indicator (critical) * Issuing Distribution Point (critical) + * @deprecated Do not use this class directly - either use org.bouncycastle.cert (bcpkix) or CertificateFactory. */ public class X509CRLObject extends X509CRL diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java index 09703f4c..4a0166b2 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java @@ -69,6 +69,9 @@ import org.bouncycastle.util.Integers; import org.bouncycastle.util.Strings; import org.bouncycastle.util.encoders.Hex; +/** + * @deprecated Do not use this class directly - either use org.bouncycastle.cert (bcpkix) or CertificateFactory. + */ public class X509CertificateObject extends X509Certificate implements PKCS12BagAttributeCarrier |