diff options
author | Daulet Zhanguzin <dauletz@google.com> | 2020-05-04 16:23:57 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2020-05-04 16:23:57 +0000 |
commit | 8974255bb101d5170d60cfe5f4ed4bb5b100337d (patch) | |
tree | a7fd6495f196c3270e1ce45dc382695f64a38414 /bcprov/src/main/java/org | |
parent | 17c02a42fc43fdc4b688e440b954d537ebd6ccbd (diff) | |
parent | 6bfb3fc9615696ab0cfc6ab0b479454d804a0bda (diff) | |
download | bouncycastle-8974255bb101d5170d60cfe5f4ed4bb5b100337d.tar.gz |
Merge "Load default KeyFactory instead of BC's implementation"
Diffstat (limited to 'bcprov/src/main/java/org')
3 files changed, 44 insertions, 6 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DESede.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DESede.java index e0e5d021..6a52aef2 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DESede.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DESede.java @@ -406,7 +406,8 @@ public final class DESede */ // END Android-removed: Unsupported algorithms - if (provider.hasAlgorithm("MessageDigest", "SHA-1")) + // Android-removed Bouncy Castle's SHA-1 implementation is removed but we still need PBEWithSHAAnd3-KeyTripleDES-CBC + // if (provider.hasAlgorithm("MessageDigest", "SHA-1")) { provider.addAlgorithm("Cipher.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES3Key"); // BEGIN Android-removed: Unsupported algorithms diff --git a/bcprov/src/main/java/org/bouncycastle/jce/netscape/NetscapeCertRequest.java b/bcprov/src/main/java/org/bouncycastle/jce/netscape/NetscapeCertRequest.java index 159224f2..0c9de937 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/netscape/NetscapeCertRequest.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/netscape/NetscapeCertRequest.java @@ -115,7 +115,7 @@ public class NetscapeCertRequest pubkeyinfo).getBytes()); keyAlg = pubkeyinfo.getAlgorithm(); - pubkey = KeyFactory.getInstance(keyAlg.getAlgorithm().getId(), "BC") + pubkey = KeyFactory.getInstance(keyAlg.getAlgorithm().getId()) .generatePublic(xspec); } @@ -203,8 +203,7 @@ public class NetscapeCertRequest // Verify the signature .. shows the response was generated // by someone who knew the associated private key // - Signature sig = Signature.getInstance(sigAlg.getAlgorithm().getId(), - "BC"); + Signature sig = Signature.getInstance(sigAlg.getAlgorithm().getId()); sig.initVerify(pubkey); sig.update(content.getBytes()); @@ -223,8 +222,7 @@ public class NetscapeCertRequest SignatureException, NoSuchProviderException, InvalidKeySpecException { - Signature sig = Signature.getInstance(sigAlg.getAlgorithm().getId(), - "BC"); + Signature sig = Signature.getInstance(sigAlg.getAlgorithm().getId()); if (rand != null) { diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java index 4458fc14..57bfc47e 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java @@ -2,10 +2,15 @@ package org.bouncycastle.jce.provider; import java.io.IOException; import java.security.AccessController; +// Android-added: need to get non-BC implementations +import java.security.KeyFactory; import java.security.PrivateKey; import java.security.PrivilegedAction; import java.security.Provider; import java.security.PublicKey; +// Android-added: need to convert Asn1Objects into standard specs +import java.security.spec.PKCS8EncodedKeySpec; +import java.security.spec.X509EncodedKeySpec; import java.util.HashMap; import java.util.Iterator; import java.util.Map; @@ -336,6 +341,22 @@ public final class BouncyCastleProvider extends Provider public static PublicKey getPublicKey(SubjectPublicKeyInfo publicKeyInfo) throws IOException { + // Android-added: BC KeyFactories have been removed, so load them the standard way + try { + return KeyFactory + .getInstance( + publicKeyInfo.getAlgorithmId().getAlgorithm().getId()) + .generatePublic( + new X509EncodedKeySpec(publicKeyInfo.getEncoded())); + } catch (java.security.NoSuchAlgorithmException ex) { + // Maintaining compatibility with upstream logic: if appropriate algorithm not found + // ("converter" in Android-removed section) return null instead of throwing. + return null; + } catch (java.security.spec.InvalidKeySpecException ex) { + throw new IOException(ex); + } + // Android-removed: see above + /* AsymmetricKeyInfoConverter converter = getAsymmetricKeyInfoConverter(publicKeyInfo.getAlgorithm().getAlgorithm()); if (converter == null) @@ -344,11 +365,28 @@ public final class BouncyCastleProvider extends Provider } return converter.generatePublic(publicKeyInfo); + */ } public static PrivateKey getPrivateKey(PrivateKeyInfo privateKeyInfo) throws IOException { + // Android-added: BC KeyFactories have been removed, so load them the standard way + try { + return KeyFactory + .getInstance( + privateKeyInfo.getPrivateKeyAlgorithm().getAlgorithm().getId()) + .generatePrivate( + new PKCS8EncodedKeySpec(privateKeyInfo.getEncoded())); + } catch (java.security.NoSuchAlgorithmException ex) { + // Maintaining compatibility with upstream logic: if appropriate algorithm not found + // ("converter" in Android-removed section) return null instead of throwing. + return null; + } catch (java.security.spec.InvalidKeySpecException ex) { + throw new IOException(ex); + } + // Android-removed: see above + /* AsymmetricKeyInfoConverter converter = getAsymmetricKeyInfoConverter(privateKeyInfo.getPrivateKeyAlgorithm().getAlgorithm()); if (converter == null) @@ -357,5 +395,6 @@ public final class BouncyCastleProvider extends Provider } return converter.generatePrivate(privateKeyInfo); + */ } } |