diff options
Diffstat (limited to 'bcprov/src/main/java/org/bouncycastle/asn1')
43 files changed, 478 insertions, 146 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ApplicationSpecific.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ApplicationSpecific.java index fca4e01a..c67e42f3 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ApplicationSpecific.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ApplicationSpecific.java @@ -21,7 +21,7 @@ public abstract class ASN1ApplicationSpecific { this.isConstructed = isConstructed; this.tag = tag; - this.octets = octets; + this.octets = Arrays.clone(octets); } /** @@ -93,7 +93,7 @@ public abstract class ASN1ApplicationSpecific */ public byte[] getContents() { - return octets; + return Arrays.clone(octets); } /** @@ -115,7 +115,7 @@ public abstract class ASN1ApplicationSpecific public ASN1Primitive getObject() throws IOException { - return new ASN1InputStream(getContents()).readObject(); + return ASN1Primitive.fromByteArray(getContents()); } /** @@ -141,7 +141,7 @@ public abstract class ASN1ApplicationSpecific tmp[0] |= BERTags.CONSTRUCTED; } - return new ASN1InputStream(tmp).readObject(); + return ASN1Primitive.fromByteArray(tmp); } int encodedLength() diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Enumerated.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Enumerated.java index 195b924f..ca192f31 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Enumerated.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Enumerated.java @@ -99,7 +99,18 @@ public class ASN1Enumerated public ASN1Enumerated( byte[] bytes) { - this.bytes = bytes; + if (bytes.length > 1) + { + if (bytes[0] == 0 && (bytes[1] & 0x80) == 0) + { + throw new IllegalArgumentException("malformed enumerated"); + } + if (bytes[0] == (byte)0xff && (bytes[1] & 0x80) != 0) + { + throw new IllegalArgumentException("malformed enumerated"); + } + } + this.bytes = Arrays.clone(bytes); } public BigInteger getValue() @@ -148,7 +159,7 @@ public class ASN1Enumerated { if (enc.length > 1) { - return new ASN1Enumerated(Arrays.clone(enc)); + return new ASN1Enumerated(enc); } if (enc.length == 0) diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Exception.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Exception.java index dc0ee203..2696add7 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Exception.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Exception.java @@ -2,22 +2,41 @@ package org.bouncycastle.asn1; import java.io.IOException; +/** + * Exception thrown in cases of corrupted or unexpected data in a stream. + */ public class ASN1Exception extends IOException { private Throwable cause; + /** + * Base constructor + * + * @param message a message concerning the exception. + */ ASN1Exception(String message) { super(message); } + /** + * Constructor when this exception is due to another one. + * + * @param message a message concerning the exception. + * @param cause the exception that caused this exception to be thrown. + */ ASN1Exception(String message, Throwable cause) { super(message); this.cause = cause; } + /** + * Return the underlying cause of this exception, if any. + * + * @return the exception causing this one, null if there isn't one. + */ public Throwable getCause() { return cause; diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Generator.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Generator.java index 50cb7054..3817d82c 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Generator.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Generator.java @@ -2,14 +2,27 @@ package org.bouncycastle.asn1; import java.io.OutputStream; +/** + * Basic class for streaming generators. + */ public abstract class ASN1Generator { protected OutputStream _out; - + + /** + * Base constructor. + * + * @param out the end output stream that object encodings are written to. + */ public ASN1Generator(OutputStream out) { _out = out; } - + + /** + * Return the actual stream object encodings are written to. + * + * @return the stream that is directly encoded to. + */ public abstract OutputStream getRawOutputStream(); } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Integer.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Integer.java index c3c3f9cf..ab6d2020 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Integer.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Integer.java @@ -89,6 +89,17 @@ public class ASN1Integer ASN1Integer(byte[] bytes, boolean clone) { + if (bytes.length > 1) + { + if (bytes[0] == 0 && (bytes[1] & 0x80) == 0) + { + throw new IllegalArgumentException("malformed integer"); + } + if (bytes[0] == (byte)0xff && (bytes[1] & 0x80) != 0) + { + throw new IllegalArgumentException("malformed integer"); + } + } this.bytes = (clone) ? Arrays.clone(bytes) : bytes; } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java index ac65d96f..50b8a491 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java @@ -3,8 +3,8 @@ package org.bouncycastle.asn1; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.math.BigInteger; -import java.util.HashMap; -import java.util.Map; +import java.util.concurrent.ConcurrentHashMap; +import java.util.concurrent.ConcurrentMap; import org.bouncycastle.util.Arrays; @@ -20,9 +20,10 @@ public class ASN1ObjectIdentifier /** * return an OID from the passed in object + * * @param obj an ASN1ObjectIdentifier or an object that can be converted into one. - * @throws IllegalArgumentException if the object cannot be converted. * @return an ASN1ObjectIdentifier instance, or null. + * @throws IllegalArgumentException if the object cannot be converted. */ public static ASN1ObjectIdentifier getInstance( Object obj) @@ -59,9 +60,9 @@ public class ASN1ObjectIdentifier * @param obj the tagged object holding the object we want * @param explicit true if the object is meant to be explicitly * tagged false otherwise. + * @return an ASN1ObjectIdentifier instance, or null. * @throws IllegalArgumentException if the tagged object cannot * be converted. - * @return an ASN1ObjectIdentifier instance, or null. */ public static ASN1ObjectIdentifier getInstance( ASN1TaggedObject obj, @@ -190,12 +191,12 @@ public class ASN1ObjectIdentifier // END android-changed } - /** - * Create an OID that creates a branch under the current one. - * - * @param branchID node numbers for the new branch. - * @return the OID for the new created branch. - */ + /** + * Create an OID that creates a branch under the current one. + * + * @param branchID node numbers for the new branch. + * @return the OID for the new created branch. + */ ASN1ObjectIdentifier(ASN1ObjectIdentifier oid, String branchID) { if (!isValidBranchID(branchID, 0)) @@ -428,32 +429,29 @@ public class ASN1ObjectIdentifier * The pool is also used by the ASN.1 parsers to limit the number of duplicated OID * objects in circulation. * </p> + * * @return a reference to the identifier in the pool. */ public ASN1ObjectIdentifier intern() { - synchronized (pool) + final OidHandle hdl = new OidHandle(getBody()); + ASN1ObjectIdentifier oid = pool.get(hdl); + if (oid == null) { - OidHandle hdl = new OidHandle(getBody()); - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)pool.get(hdl); - - if (oid != null) - { - return oid; - } - else + oid = pool.putIfAbsent(hdl, this); + if (oid == null) { - pool.put(hdl, this); - return this; + oid = this; } } + return oid; } - private static final Map pool = new HashMap(); + private static final ConcurrentMap<OidHandle, ASN1ObjectIdentifier> pool = new ConcurrentHashMap<OidHandle, ASN1ObjectIdentifier>(); private static class OidHandle { - private int key; + private final int key; private final byte[] enc; OidHandle(byte[] enc) @@ -480,17 +478,12 @@ public class ASN1ObjectIdentifier static ASN1ObjectIdentifier fromOctetString(byte[] enc) { - OidHandle hdl = new OidHandle(enc); - - synchronized (pool) + final OidHandle hdl = new OidHandle(enc); + ASN1ObjectIdentifier oid = pool.get(hdl); + if (oid == null) { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)pool.get(hdl); - if (oid != null) - { - return oid; - } + return new ASN1ObjectIdentifier(enc); } - - return new ASN1ObjectIdentifier(enc); + return oid; } } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1OctetString.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1OctetString.java index a3fa4a41..07811d71 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1OctetString.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1OctetString.java @@ -5,6 +5,7 @@ import java.io.IOException; import java.io.InputStream; import org.bouncycastle.util.Arrays; +import org.bouncycastle.util.Strings; import org.bouncycastle.util.encoders.Hex; /** @@ -248,6 +249,6 @@ public abstract class ASN1OctetString public String toString() { - return "#"+new String(Hex.encode(string)); + return "#"+ Strings.fromByteArray(Hex.encode(string)); } } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ParsingException.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ParsingException.java index 995b5e93..509c213c 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ParsingException.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ParsingException.java @@ -1,21 +1,40 @@ package org.bouncycastle.asn1; +/** + * Exception thrown when correctly encoded, but unexpected data is found in a stream while building an object. + */ public class ASN1ParsingException extends IllegalStateException { private Throwable cause; + /** + * Base constructor + * + * @param message a message concerning the exception. + */ public ASN1ParsingException(String message) { super(message); } + /** + * Constructor when this exception is due to another one. + * + * @param message a message concerning the exception. + * @param cause the exception that caused this exception to be thrown. + */ public ASN1ParsingException(String message, Throwable cause) { super(message); this.cause = cause; } + /** + * Return the underlying cause of this exception, if any. + * + * @return the exception causing this one, null if there isn't one. + */ public Throwable getCause() { return cause; diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1TaggedObject.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1TaggedObject.java index 778bea74..808f478e 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1TaggedObject.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1TaggedObject.java @@ -143,6 +143,11 @@ public abstract class ASN1TaggedObject return code; } + /** + * Return the tag number associated with this object. + * + * @return the tag number. + */ public int getTagNo() { return tagNo; diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/BEROctetStringGenerator.java b/bcprov/src/main/java/org/bouncycastle/asn1/BEROctetStringGenerator.java index b8df94af..55e695c7 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/BEROctetStringGenerator.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/BEROctetStringGenerator.java @@ -3,9 +3,19 @@ package org.bouncycastle.asn1; import java.io.IOException; import java.io.OutputStream; +/** + * A generator for indefinite-length OCTET STRINGs + */ public class BEROctetStringGenerator extends BERGenerator { + /** + * Use the passed in stream as the target for the generator, writing out the header tag + * for a constructed OCTET STRING. + * + * @param out target stream + * @throws IOException if the target stream cannot be written to. + */ public BEROctetStringGenerator(OutputStream out) throws IOException { @@ -14,6 +24,15 @@ public class BEROctetStringGenerator writeBERHeader(BERTags.CONSTRUCTED | BERTags.OCTET_STRING); } + /** + * Use the passed in stream as the target for the generator, writing out the header tag + * for a tagged constructed OCTET STRING (possibly implicit). + * + * @param out target stream + * @param tagNo the tag number to introduce + * @param isExplicit true if this is an explicitly tagged object, false otherwise. + * @throws IOException if the target stream cannot be written to. + */ public BEROctetStringGenerator( OutputStream out, int tagNo, @@ -24,12 +43,23 @@ public class BEROctetStringGenerator writeBERHeader(BERTags.CONSTRUCTED | BERTags.OCTET_STRING); } - + + /** + * Return a stream representing the content target for this OCTET STRING + * + * @return an OutputStream which chunks data in blocks of 1000 (CER limit). + */ public OutputStream getOctetOutputStream() { return getOctetOutputStream(new byte[1000]); // limit for CER encoding. } + /** + * Return a stream representing the content target for this OCTET STRING + * + * @param buf the buffer to use for chunking the data. + * @return an OutputStream which chunks data in blocks of buf length. + */ public OutputStream getOctetOutputStream( byte[] buf) { diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/BEROctetStringParser.java b/bcprov/src/main/java/org/bouncycastle/asn1/BEROctetStringParser.java index 1c7132e5..77a3049d 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/BEROctetStringParser.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/BEROctetStringParser.java @@ -5,6 +5,9 @@ import java.io.InputStream; import org.bouncycastle.util.io.Streams; +/** + * A parser for indefinite-length OCTET STRINGs. + */ public class BEROctetStringParser implements ASN1OctetStringParser { @@ -16,17 +19,33 @@ public class BEROctetStringParser _parser = parser; } + /** + * Return an InputStream representing the contents of the OCTET STRING. + * + * @return an InputStream with its source as the OCTET STRING content. + */ public InputStream getOctetStream() { return new ConstructedOctetStream(_parser); } + /** + * Return an in-memory, encodable, representation of the OCTET STRING. + * + * @return a BEROctetString. + * @throws IOException if there is an issue loading the data. + */ public ASN1Primitive getLoadedObject() throws IOException { return new BEROctetString(Streams.readAll(getOctetStream())); } + /** + * Return an BEROctetString representing this parser and its contents. + * + * @return an BEROctetString + */ public ASN1Primitive toASN1Primitive() { try diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/BEROutputStream.java b/bcprov/src/main/java/org/bouncycastle/asn1/BEROutputStream.java index 7117d4fb..f6459b2e 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/BEROutputStream.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/BEROutputStream.java @@ -3,15 +3,29 @@ package org.bouncycastle.asn1; import java.io.IOException; import java.io.OutputStream; +/** + * A class which writes indefinite and definite length objects, + */ public class BEROutputStream extends DEROutputStream { + /** + * Base constructor. + * + * @param os target output stream. + */ public BEROutputStream( OutputStream os) { super(os); } + /** + * Write out an ASN.1 object. + * + * @param obj the object to be encoded. + * @throws IOException if there is an issue on encoding or output of the object. + */ public void writeObject( Object obj) throws IOException diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/BERTaggedObject.java b/bcprov/src/main/java/org/bouncycastle/asn1/BERTaggedObject.java index 1af0a433..37599fbe 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/BERTaggedObject.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/BERTaggedObject.java @@ -127,7 +127,7 @@ public class BERTaggedObject } else { - throw new RuntimeException("not implemented: " + obj.getClass().getName()); + throw new ASN1Exception("not implemented: " + obj.getClass().getName()); } while (e.hasMoreElements()) diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/DERBitString.java b/bcprov/src/main/java/org/bouncycastle/asn1/DERBitString.java index d74bc00e..c789d7cd 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/DERBitString.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/DERBitString.java @@ -26,6 +26,17 @@ public class DERBitString { return new DERBitString(((DLBitString)obj).data, ((DLBitString)obj).padBits); } + if (obj instanceof byte[]) + { + try + { + return (DERBitString)fromByteArray((byte[])obj); + } + catch (Exception e) + { + throw new IllegalArgumentException("encoding error in getInstance: " + e.toString()); + } + } throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/DERSequenceParser.java b/bcprov/src/main/java/org/bouncycastle/asn1/DERSequenceParser.java index 376c1fd8..5503feb8 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/DERSequenceParser.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/DERSequenceParser.java @@ -2,6 +2,9 @@ package org.bouncycastle.asn1; import java.io.IOException; +/** + * Parser class for DER SEQUENCEs. + */ public class DERSequenceParser implements ASN1SequenceParser { @@ -12,18 +15,35 @@ public class DERSequenceParser this._parser = parser; } + /** + * Return the next object in the SEQUENCE. + * + * @return next object in SEQUENCE. + * @throws IOException if there is an issue loading the object. + */ public ASN1Encodable readObject() throws IOException { return _parser.readObject(); } + /** + * Return an in memory, encodable, representation of the SEQUENCE. + * + * @return a DERSequence. + * @throws IOException if there is an issue loading the data. + */ public ASN1Primitive getLoadedObject() throws IOException { return new DERSequence(_parser.readVector()); } + /** + * Return a DERSequence representing this parser and its contents. + * + * @return a DERSequence. + */ public ASN1Primitive toASN1Primitive() { try diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/DERSet.java b/bcprov/src/main/java/org/bouncycastle/asn1/DERSet.java index ac58eacf..1a72a0b1 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/DERSet.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/DERSet.java @@ -4,7 +4,7 @@ import java.io.IOException; import java.util.Enumeration; /** - * A DER encoded set object + * A DER encoded SET object */ public class DERSet extends ASN1Set diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/DERSetParser.java b/bcprov/src/main/java/org/bouncycastle/asn1/DERSetParser.java index 17702fa4..d16cb157 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/DERSetParser.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/DERSetParser.java @@ -2,6 +2,9 @@ package org.bouncycastle.asn1; import java.io.IOException; +/** + * Parser class for DER SETs. + */ public class DERSetParser implements ASN1SetParser { @@ -12,18 +15,35 @@ public class DERSetParser this._parser = parser; } + /** + * Return the next object in the SET. + * + * @return next object in SET. + * @throws IOException if there is an issue loading the object. + */ public ASN1Encodable readObject() throws IOException { return _parser.readObject(); } + /** + * Return an in memory, encodable, representation of the SET. + * + * @return a DERSet. + * @throws IOException if there is an issue loading the data. + */ public ASN1Primitive getLoadedObject() throws IOException { return new DERSet(_parser.readVector(), false); } + /** + * Return a DERSet representing this parser and its contents. + * + * @return a DERSet + */ public ASN1Primitive toASN1Primitive() { try diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/DERT61String.java b/bcprov/src/main/java/org/bouncycastle/asn1/DERT61String.java index 30744c69..c5c29137 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/DERT61String.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/DERT61String.java @@ -13,7 +13,7 @@ public class DERT61String extends ASN1Primitive implements ASN1String { - private final byte[] string; + private byte[] string; /** * return a T61 string from the passed in object. @@ -79,7 +79,7 @@ public class DERT61String public DERT61String( byte[] string) { - this.string = string; + this.string = Arrays.clone(string); } /** @@ -90,7 +90,7 @@ public class DERT61String public DERT61String( String string) { - this(Strings.toByteArray(string)); + this.string = Strings.toByteArray(string); } /** diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/DERUniversalString.java b/bcprov/src/main/java/org/bouncycastle/asn1/DERUniversalString.java index 85390990..6b70faab 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/DERUniversalString.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/DERUniversalString.java @@ -79,7 +79,7 @@ public class DERUniversalString public DERUniversalString( byte[] string) { - this.string = string; + this.string = Arrays.clone(string); } public String getString() @@ -94,7 +94,7 @@ public class DERUniversalString } catch (IOException e) { - throw new RuntimeException("internal error encoding BitString"); + throw new ASN1ParsingException("internal error encoding BitString"); } byte[] string = bOut.toByteArray(); @@ -115,7 +115,7 @@ public class DERUniversalString public byte[] getOctets() { - return string; + return Arrays.clone(string); } boolean isConstructed() diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/DLBitString.java b/bcprov/src/main/java/org/bouncycastle/asn1/DLBitString.java index c81f0ab9..f6cb49bd 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/DLBitString.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/DLBitString.java @@ -26,6 +26,17 @@ public class DLBitString { return (DERBitString)obj; } + if (obj instanceof byte[]) + { + try + { + return (ASN1BitString)fromByteArray((byte[])obj); + } + catch (Exception e) + { + throw new IllegalArgumentException("encoding error in getInstance: " + e.toString()); + } + } throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/bc/BCObjectIdentifiers.java b/bcprov/src/main/java/org/bouncycastle/asn1/bc/BCObjectIdentifiers.java index 5b95b79e..a4f3f3b2 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/bc/BCObjectIdentifiers.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/bc/BCObjectIdentifiers.java @@ -66,4 +66,29 @@ public interface BCObjectIdentifiers public static final ASN1ObjectIdentifier bc_pbe_sha256_pkcs12_aes192_cbc = bc_pbe_sha256_pkcs12.branch("1.22"); /** 1.3.6.1.4.1.22554.1.1.2.2.42 */ public static final ASN1ObjectIdentifier bc_pbe_sha256_pkcs12_aes256_cbc = bc_pbe_sha256_pkcs12.branch("1.42"); + + /** + * signature(2) algorithms + */ + public static final ASN1ObjectIdentifier bc_sig = bc.branch("2"); + + // BEGIN android-removed + // /** + // * Sphincs-256 + // */ + // public static final ASN1ObjectIdentifier sphincs256 = bc_sig.branch("1"); + // public static final ASN1ObjectIdentifier sphincs256_with_BLAKE512 = sphincs256.branch("1"); + // public static final ASN1ObjectIdentifier sphincs256_with_SHA512 = sphincs256.branch("2"); + // public static final ASN1ObjectIdentifier sphincs256_with_SHA3_512 = sphincs256.branch("3"); + + // /** + // * key_exchange(3) algorithms + // */ + // public static final ASN1ObjectIdentifier bc_exch = bc.branch("3"); + + // /** + // * NewHope + // */ + // public static final ASN1ObjectIdentifier newHope = bc_exch.branch("1"); + // END android-removed } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/nist/NISTNamedCurves.java b/bcprov/src/main/java/org/bouncycastle/asn1/nist/NISTNamedCurves.java index 19077e4c..ba7e5187 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/nist/NISTNamedCurves.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/nist/NISTNamedCurves.java @@ -17,38 +17,42 @@ public class NISTNamedCurves static final Hashtable objIds = new Hashtable(); static final Hashtable names = new Hashtable(); - static void defineCurveAlias(String name, ASN1ObjectIdentifier oid) + static void defineCurve(String name, ASN1ObjectIdentifier oid) { - objIds.put(name.toUpperCase(), oid); + objIds.put(name, oid); names.put(oid, name); } static { - defineCurveAlias("B-163", SECObjectIdentifiers.sect163r2); - defineCurveAlias("B-233", SECObjectIdentifiers.sect233r1); - defineCurveAlias("B-283", SECObjectIdentifiers.sect283r1); - defineCurveAlias("B-409", SECObjectIdentifiers.sect409r1); - defineCurveAlias("B-571", SECObjectIdentifiers.sect571r1); - - defineCurveAlias("K-163", SECObjectIdentifiers.sect163k1); - defineCurveAlias("K-233", SECObjectIdentifiers.sect233k1); - defineCurveAlias("K-283", SECObjectIdentifiers.sect283k1); - defineCurveAlias("K-409", SECObjectIdentifiers.sect409k1); - defineCurveAlias("K-571", SECObjectIdentifiers.sect571k1); - - defineCurveAlias("P-192", SECObjectIdentifiers.secp192r1); - defineCurveAlias("P-224", SECObjectIdentifiers.secp224r1); - defineCurveAlias("P-256", SECObjectIdentifiers.secp256r1); - defineCurveAlias("P-384", SECObjectIdentifiers.secp384r1); - defineCurveAlias("P-521", SECObjectIdentifiers.secp521r1); + defineCurve("B-571", SECObjectIdentifiers.sect571r1); + defineCurve("B-409", SECObjectIdentifiers.sect409r1); + defineCurve("B-283", SECObjectIdentifiers.sect283r1); + defineCurve("B-233", SECObjectIdentifiers.sect233r1); + defineCurve("B-163", SECObjectIdentifiers.sect163r2); + defineCurve("K-571", SECObjectIdentifiers.sect571k1); + defineCurve("K-409", SECObjectIdentifiers.sect409k1); + defineCurve("K-283", SECObjectIdentifiers.sect283k1); + defineCurve("K-233", SECObjectIdentifiers.sect233k1); + defineCurve("K-163", SECObjectIdentifiers.sect163k1); + defineCurve("P-521", SECObjectIdentifiers.secp521r1); + defineCurve("P-384", SECObjectIdentifiers.secp384r1); + defineCurve("P-256", SECObjectIdentifiers.secp256r1); + defineCurve("P-224", SECObjectIdentifiers.secp224r1); + defineCurve("P-192", SECObjectIdentifiers.secp192r1); } public static X9ECParameters getByName( String name) { - ASN1ObjectIdentifier oid = getOID(name); - return oid == null ? null : getByOID(oid); + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)objIds.get(Strings.toUpperCase(name)); + + if (oid != null) + { + return getByOID(oid); + } + + return null; } /** @@ -90,6 +94,6 @@ public class NISTNamedCurves */ public static Enumeration getNames() { - return names.elements(); + return objIds.keys(); } } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/nist/NISTObjectIdentifiers.java b/bcprov/src/main/java/org/bouncycastle/asn1/nist/NISTObjectIdentifiers.java index 0de40f20..49c0e6d7 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/nist/NISTObjectIdentifiers.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/nist/NISTObjectIdentifiers.java @@ -40,9 +40,17 @@ public interface NISTObjectIdentifiers /** 2.16.840.1.101.3.4.2.10 */ static final ASN1ObjectIdentifier id_sha3_512 = hashAlgs.branch("10"); /** 2.16.840.1.101.3.4.2.11 */ - static final ASN1ObjectIdentifier id_shake128 = hashAlgs.branch("11"); + static final ASN1ObjectIdentifier id_shake128 = hashAlgs.branch("11"); /** 2.16.840.1.101.3.4.2.12 */ - static final ASN1ObjectIdentifier id_shake256 = hashAlgs.branch("12"); + static final ASN1ObjectIdentifier id_shake256 = hashAlgs.branch("12"); + /** 2.16.840.1.101.3.4.2.13 */ + static final ASN1ObjectIdentifier id_hmacWithSHA3_224 = hashAlgs.branch("13"); + /** 2.16.840.1.101.3.4.2.14 */ + static final ASN1ObjectIdentifier id_hmacWithSHA3_256 = hashAlgs.branch("14"); + /** 2.16.840.1.101.3.4.2.15 */ + static final ASN1ObjectIdentifier id_hmacWithSHA3_384 = hashAlgs.branch("15"); + /** 2.16.840.1.101.3.4.2.16 */ + static final ASN1ObjectIdentifier id_hmacWithSHA3_512 = hashAlgs.branch("16"); /** 2.16.840.1.101.3.4.1 */ static final ASN1ObjectIdentifier aes = nistAlgorithm.branch("1"); @@ -61,7 +69,9 @@ public interface NISTObjectIdentifiers static final ASN1ObjectIdentifier id_aes128_GCM = aes.branch("6"); /** 2.16.840.1.101.3.4.1.7 */ static final ASN1ObjectIdentifier id_aes128_CCM = aes.branch("7"); - + /** 2.16.840.1.101.3.4.1.28 */ + static final ASN1ObjectIdentifier id_aes128_wrap_pad = aes.branch("8"); + /** 2.16.840.1.101.3.4.1.21 */ static final ASN1ObjectIdentifier id_aes192_ECB = aes.branch("21"); /** 2.16.840.1.101.3.4.1.22 */ @@ -76,7 +86,9 @@ public interface NISTObjectIdentifiers static final ASN1ObjectIdentifier id_aes192_GCM = aes.branch("26"); /** 2.16.840.1.101.3.4.1.27 */ static final ASN1ObjectIdentifier id_aes192_CCM = aes.branch("27"); - + /** 2.16.840.1.101.3.4.1.28 */ + static final ASN1ObjectIdentifier id_aes192_wrap_pad = aes.branch("28"); + /** 2.16.840.1.101.3.4.1.41 */ static final ASN1ObjectIdentifier id_aes256_ECB = aes.branch("41"); /** 2.16.840.1.101.3.4.1.42 */ @@ -91,19 +103,51 @@ public interface NISTObjectIdentifiers static final ASN1ObjectIdentifier id_aes256_GCM = aes.branch("46"); /** 2.16.840.1.101.3.4.1.47 */ static final ASN1ObjectIdentifier id_aes256_CCM = aes.branch("47"); + /** 2.16.840.1.101.3.4.1.48 */ + static final ASN1ObjectIdentifier id_aes256_wrap_pad = aes.branch("48"); // // signatures // /** 2.16.840.1.101.3.4.3 */ - static final ASN1ObjectIdentifier id_dsa_with_sha2 = nistAlgorithm.branch("3"); + static final ASN1ObjectIdentifier sigAlgs = nistAlgorithm.branch("3"); + + static final ASN1ObjectIdentifier id_dsa_with_sha2 = sigAlgs; /** 2.16.840.1.101.3.4.3.1 */ - static final ASN1ObjectIdentifier dsa_with_sha224 = id_dsa_with_sha2.branch("1"); + static final ASN1ObjectIdentifier dsa_with_sha224 = sigAlgs.branch("1"); /** 2.16.840.1.101.3.4.3.2 */ - static final ASN1ObjectIdentifier dsa_with_sha256 = id_dsa_with_sha2.branch("2"); + static final ASN1ObjectIdentifier dsa_with_sha256 = sigAlgs.branch("2"); /** 2.16.840.1.101.3.4.3.3 */ - static final ASN1ObjectIdentifier dsa_with_sha384 = id_dsa_with_sha2.branch("3"); + static final ASN1ObjectIdentifier dsa_with_sha384 = sigAlgs.branch("3"); /** 2.16.840.1.101.3.4.3.4 */ - static final ASN1ObjectIdentifier dsa_with_sha512 = id_dsa_with_sha2.branch("4"); + static final ASN1ObjectIdentifier dsa_with_sha512 = sigAlgs.branch("4"); + /** 2.16.840.1.101.3.4.3.5 */ + static final ASN1ObjectIdentifier id_dsa_with_sha3_224 = sigAlgs.branch("5"); + /** 2.16.840.1.101.3.4.3.6 */ + static final ASN1ObjectIdentifier id_dsa_with_sha3_256 = sigAlgs.branch("6"); + /** 2.16.840.1.101.3.4.3.7 */ + static final ASN1ObjectIdentifier id_dsa_with_sha3_384 = sigAlgs.branch("7"); + /** 2.16.840.1.101.3.4.3.8 */ + static final ASN1ObjectIdentifier id_dsa_with_sha3_512 = sigAlgs.branch("8"); + + // ECDSA with SHA-3 + /** 2.16.840.1.101.3.4.3.9 */ + static final ASN1ObjectIdentifier id_ecdsa_with_sha3_224 = sigAlgs.branch("9"); + /** 2.16.840.1.101.3.4.3.10 */ + static final ASN1ObjectIdentifier id_ecdsa_with_sha3_256 = sigAlgs.branch("10"); + /** 2.16.840.1.101.3.4.3.11 */ + static final ASN1ObjectIdentifier id_ecdsa_with_sha3_384 = sigAlgs.branch("11"); + /** 2.16.840.1.101.3.4.3.12 */ + static final ASN1ObjectIdentifier id_ecdsa_with_sha3_512 = sigAlgs.branch("12"); + + // RSA PKCS #1 v1.5 Signature with SHA-3 family. + /** 2.16.840.1.101.3.4.3.9 */ + static final ASN1ObjectIdentifier id_rsassa_pkcs1_v1_5_with_sha3_224 = sigAlgs.branch("13"); + /** 2.16.840.1.101.3.4.3.10 */ + static final ASN1ObjectIdentifier id_rsassa_pkcs1_v1_5_with_sha3_256 = sigAlgs.branch("14"); + /** 2.16.840.1.101.3.4.3.11 */ + static final ASN1ObjectIdentifier id_rsassa_pkcs1_v1_5_with_sha3_384 = sigAlgs.branch("15"); + /** 2.16.840.1.101.3.4.3.12 */ + static final ASN1ObjectIdentifier id_rsassa_pkcs1_v1_5_with_sha3_512 = sigAlgs.branch("16"); } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ocsp/CertStatus.java b/bcprov/src/main/java/org/bouncycastle/asn1/ocsp/CertStatus.java index af530ae5..0b1db325 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/ocsp/CertStatus.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/ocsp/CertStatus.java @@ -13,7 +13,7 @@ public class CertStatus implements ASN1Choice { private int tagNo; - private ASN1Encodable value; + private ASN1Encodable value; /** * create a CertStatus object with a tag of zero. @@ -39,7 +39,7 @@ public class CertStatus this.value = value; } - public CertStatus( + private CertStatus( ASN1TaggedObject choice) { this.tagNo = choice.getTagNo(); @@ -54,6 +54,9 @@ public class CertStatus break; case 2: value = DERNull.INSTANCE; + break; + default: + throw new IllegalArgumentException("Unknown tag encountered: " + choice.getTagNo()); } } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/CRLBag.java b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/CRLBag.java index 747277c3..49b2652c 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/CRLBag.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/CRLBag.java @@ -6,6 +6,7 @@ import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERTaggedObject; @@ -22,7 +23,7 @@ public class CRLBag ASN1Sequence seq) { this.crlId = (ASN1ObjectIdentifier)seq.getObjectAt(0); - this.crlValue = ((DERTaggedObject)seq.getObjectAt(1)).getObject(); + this.crlValue = ((ASN1TaggedObject)seq.getObjectAt(1)).getObject(); } public static CRLBag getInstance(Object o) diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java index fb418aeb..dca0719c 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java @@ -6,6 +6,7 @@ import org.bouncycastle.asn1.ASN1Object; import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.ASN1Set; +import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.x500.X500Name; @@ -116,7 +117,7 @@ public class CertificationRequestInfo // if (seq.size() > 3) { - DERTaggedObject tagobj = (DERTaggedObject)seq.getObjectAt(3); + ASN1TaggedObject tagobj = (ASN1TaggedObject)seq.getObjectAt(3); attributes = ASN1Set.getInstance(tagobj, false); } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/MacData.java b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/MacData.java index 1d8f582c..63fa2e4e 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/MacData.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/MacData.java @@ -11,6 +11,7 @@ import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.x509.DigestInfo; +import org.bouncycastle.util.Arrays; public class MacData extends ASN1Object @@ -41,7 +42,7 @@ public class MacData { this.digInfo = DigestInfo.getInstance(seq.getObjectAt(0)); - this.salt = ((ASN1OctetString)seq.getObjectAt(1)).getOctets(); + this.salt = Arrays.clone(((ASN1OctetString)seq.getObjectAt(1)).getOctets()); if (seq.size() == 3) { @@ -59,7 +60,7 @@ public class MacData int iterationCount) { this.digInfo = digInfo; - this.salt = salt; + this.salt = Arrays.clone(salt); this.iterationCount = BigInteger.valueOf(iterationCount); } @@ -70,7 +71,7 @@ public class MacData public byte[] getSalt() { - return salt; + return Arrays.clone(salt); } public BigInteger getIterationCount() diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java index 5dbddc3c..6e50f552 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java @@ -41,6 +41,10 @@ public interface PKCSObjectIdentifiers static final ASN1ObjectIdentifier sha512WithRSAEncryption = pkcs_1.branch("13"); /** PKCS#1: 1.2.840.113549.1.1.14 */ static final ASN1ObjectIdentifier sha224WithRSAEncryption = pkcs_1.branch("14"); + /** PKCS#1: 1.2.840.113549.1.1.15 */ + ASN1ObjectIdentifier sha512_224WithRSAEncryption = pkcs_1.branch("15"); + /** PKCS#1: 1.2.840.113549.1.1.16 */ + ASN1ObjectIdentifier sha512_256WithRSAEncryption = pkcs_1.branch("16"); // // pkcs-3 OBJECT IDENTIFIER ::= { diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/sec/SECNamedCurves.java b/bcprov/src/main/java/org/bouncycastle/asn1/sec/SECNamedCurves.java index 1cdaf129..1d2c78cb 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/sec/SECNamedCurves.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/sec/SECNamedCurves.java @@ -987,7 +987,7 @@ public class SECNamedCurves static void defineCurve(String name, ASN1ObjectIdentifier oid, X9ECParametersHolder holder) { - objIds.put(name.toLowerCase(), oid); + objIds.put(name, oid); names.put(oid, name); curves.put(oid, holder); } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/teletrust/TeleTrusTObjectIdentifiers.java b/bcprov/src/main/java/org/bouncycastle/asn1/teletrust/TeleTrusTObjectIdentifiers.java index 2be7efec..c38eac74 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/teletrust/TeleTrusTObjectIdentifiers.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/teletrust/TeleTrusTObjectIdentifiers.java @@ -3,9 +3,11 @@ package org.bouncycastle.asn1.teletrust; import org.bouncycastle.asn1.ASN1ObjectIdentifier; /** + * Object identifiers based on the TeleTrust branch. + * <pre> * TeleTrusT: * { iso(1) identifier-organization(3) teleTrust(36) algorithm(3) - * + * </pre> */ public interface TeleTrusTObjectIdentifiers { diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java b/bcprov/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java index 1330d256..59c961f2 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java @@ -38,6 +38,9 @@ import org.bouncycastle.asn1.DERVisibleString; import org.bouncycastle.util.Strings; import org.bouncycastle.util.encoders.Hex; +/** + * Utility class for dumping ASN.1 objects as (hopefully) human friendly strings. + */ public class ASN1Dump { private static final String TAB = " "; @@ -319,7 +322,7 @@ public class ASN1Dump return buf.toString(); } - return indent + type + " ApplicationSpecific[" + app.getApplicationTag() + "] (" + new String(Hex.encode(app.getContents())) + ")" + nl; + return indent + type + " ApplicationSpecific[" + app.getApplicationTag() + "] (" + Strings.fromByteArray(Hex.encode(app.getContents())) + ")" + nl; } /** @@ -376,7 +379,7 @@ public class ASN1Dump if (bytes.length - i > SAMPLE_SIZE) { buf.append(indent); - buf.append(new String(Hex.encode(bytes, i, SAMPLE_SIZE))); + buf.append(Strings.fromByteArray(Hex.encode(bytes, i, SAMPLE_SIZE))); buf.append(TAB); buf.append(calculateAscString(bytes, i, SAMPLE_SIZE)); buf.append(nl); @@ -384,7 +387,7 @@ public class ASN1Dump else { buf.append(indent); - buf.append(new String(Hex.encode(bytes, i, bytes.length - i))); + buf.append(Strings.fromByteArray(Hex.encode(bytes, i, bytes.length - i))); for (int j = bytes.length - i; j != SAMPLE_SIZE; j++) { buf.append(" "); diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/BCStyle.java b/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/BCStyle.java index 34b43856..2ef24d36 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/BCStyle.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x500/style/BCStyle.java @@ -78,59 +78,50 @@ public class BCStyle /** * businessCategory - DirectoryString(SIZE(1..128) */ - public static final ASN1ObjectIdentifier BUSINESS_CATEGORY = new ASN1ObjectIdentifier( - "2.5.4.15").intern(); + public static final ASN1ObjectIdentifier BUSINESS_CATEGORY = new ASN1ObjectIdentifier("2.5.4.15").intern(); /** * postalCode - DirectoryString(SIZE(1..40) */ - public static final ASN1ObjectIdentifier POSTAL_CODE = new ASN1ObjectIdentifier( - "2.5.4.17").intern(); + public static final ASN1ObjectIdentifier POSTAL_CODE = new ASN1ObjectIdentifier("2.5.4.17").intern(); /** * dnQualifier - DirectoryString(SIZE(1..64) */ - public static final ASN1ObjectIdentifier DN_QUALIFIER = new ASN1ObjectIdentifier( - "2.5.4.46").intern(); + public static final ASN1ObjectIdentifier DN_QUALIFIER = new ASN1ObjectIdentifier("2.5.4.46").intern(); /** * RFC 3039 Pseudonym - DirectoryString(SIZE(1..64) */ - public static final ASN1ObjectIdentifier PSEUDONYM = new ASN1ObjectIdentifier( - "2.5.4.65").intern(); + public static final ASN1ObjectIdentifier PSEUDONYM = new ASN1ObjectIdentifier("2.5.4.65").intern(); /** * RFC 3039 DateOfBirth - GeneralizedTime - YYYYMMDD000000Z */ - public static final ASN1ObjectIdentifier DATE_OF_BIRTH = new ASN1ObjectIdentifier( - "1.3.6.1.5.5.7.9.1").intern(); + public static final ASN1ObjectIdentifier DATE_OF_BIRTH = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.9.1").intern(); /** * RFC 3039 PlaceOfBirth - DirectoryString(SIZE(1..128) */ - public static final ASN1ObjectIdentifier PLACE_OF_BIRTH = new ASN1ObjectIdentifier( - "1.3.6.1.5.5.7.9.2").intern(); + public static final ASN1ObjectIdentifier PLACE_OF_BIRTH = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.9.2").intern(); /** * RFC 3039 Gender - PrintableString (SIZE(1)) -- "M", "F", "m" or "f" */ - public static final ASN1ObjectIdentifier GENDER = new ASN1ObjectIdentifier( - "1.3.6.1.5.5.7.9.3").intern(); + public static final ASN1ObjectIdentifier GENDER = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.9.3").intern(); /** * RFC 3039 CountryOfCitizenship - PrintableString (SIZE (2)) -- ISO 3166 * codes only */ - public static final ASN1ObjectIdentifier COUNTRY_OF_CITIZENSHIP = new ASN1ObjectIdentifier( - "1.3.6.1.5.5.7.9.4").intern(); + public static final ASN1ObjectIdentifier COUNTRY_OF_CITIZENSHIP = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.9.4").intern(); /** * RFC 3039 CountryOfResidence - PrintableString (SIZE (2)) -- ISO 3166 * codes only */ - public static final ASN1ObjectIdentifier COUNTRY_OF_RESIDENCE = new ASN1ObjectIdentifier( - "1.3.6.1.5.5.7.9.5").intern(); + public static final ASN1ObjectIdentifier COUNTRY_OF_RESIDENCE = new ASN1ObjectIdentifier("1.3.6.1.5.5.7.9.5").intern(); /** diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/DistributionPoint.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/DistributionPoint.java index 48e5640d..1a4c8dd2 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/DistributionPoint.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/DistributionPoint.java @@ -66,6 +66,9 @@ public class DistributionPoint break; case 2: cRLIssuer = GeneralNames.getInstance(t, false); + break; + default: + throw new IllegalArgumentException("Unknown tag encountered in structure: " + t.getTagNo()); } } } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/Extension.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/Extension.java index 456e3d32..b8c0473a 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/Extension.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/Extension.java @@ -174,6 +174,11 @@ public class Extension */ public static final ASN1ObjectIdentifier targetInformation = new ASN1ObjectIdentifier("2.5.29.55").intern(); + /** + * Expired Certificates on CRL extension + */ + public static final ASN1ObjectIdentifier expiredCertsOnCRL = new ASN1ObjectIdentifier("2.5.29.60").intern(); + private ASN1ObjectIdentifier extnId; private boolean critical; private ASN1OctetString value; diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/NameConstraints.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/NameConstraints.java index 0a923a85..88cfe3a9 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/NameConstraints.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/NameConstraints.java @@ -37,12 +37,14 @@ public class NameConstraints ASN1TaggedObject o = ASN1TaggedObject.getInstance(e.nextElement()); switch (o.getTagNo()) { - case 0: - permitted = createArray(ASN1Sequence.getInstance(o, false)); - break; - case 1: - excluded = createArray(ASN1Sequence.getInstance(o, false)); - break; + case 0: + permitted = createArray(ASN1Sequence.getInstance(o, false)); + break; + case 1: + excluded = createArray(ASN1Sequence.getInstance(o, false)); + break; + default: + throw new IllegalArgumentException("Unknown tag encountered: " + o.getTagNo()); } } } @@ -62,15 +64,8 @@ public class NameConstraints GeneralSubtree[] permitted, GeneralSubtree[] excluded) { - if (permitted != null) - { - this.permitted = permitted; - } - - if (excluded != null) - { - this.excluded = excluded; - } + this.permitted = cloneSubtree(permitted); + this.excluded = cloneSubtree(excluded); } private GeneralSubtree[] createArray(ASN1Sequence subtree) @@ -87,12 +82,12 @@ public class NameConstraints public GeneralSubtree[] getPermittedSubtrees() { - return permitted; + return cloneSubtree(permitted); } public GeneralSubtree[] getExcludedSubtrees() { - return excluded; + return cloneSubtree(excluded); } /* @@ -115,4 +110,18 @@ public class NameConstraints return new DERSequence(v); } + + private static GeneralSubtree[] cloneSubtree(GeneralSubtree[] subtrees) + { + if (subtrees != null) + { + GeneralSubtree[] rv = new GeneralSubtree[subtrees.length]; + + System.arraycopy(subtrees, 0, rv, 0, rv.length); + + return rv; + } + + return null; + } } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java index 5f0cd079..52e35a15 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java @@ -5,6 +5,7 @@ import org.bouncycastle.asn1.ASN1OctetString; import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1TaggedObject; import org.bouncycastle.asn1.DEROctetString; +import org.bouncycastle.util.Arrays; /** * The SubjectKeyIdentifier object. @@ -47,22 +48,22 @@ public class SubjectKeyIdentifier public SubjectKeyIdentifier( byte[] keyid) { - this.keyidentifier = keyid; + this.keyidentifier = Arrays.clone(keyid); } protected SubjectKeyIdentifier( ASN1OctetString keyid) { - this.keyidentifier = keyid.getOctets(); + this(keyid.getOctets()); } public byte[] getKeyIdentifier() { - return keyidentifier; + return Arrays.clone(keyidentifier); } public ASN1Primitive toASN1Primitive() { - return new DEROctetString(keyidentifier); + return new DEROctetString(getKeyIdentifier()); } } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/TBSCertList.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/TBSCertList.java index 23f99d0a..c7682f1a 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/TBSCertList.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/TBSCertList.java @@ -199,13 +199,13 @@ public class TBSCertList } if (seqPos < seq.size() - && !(seq.getObjectAt(seqPos) instanceof DERTaggedObject)) + && !(seq.getObjectAt(seqPos) instanceof ASN1TaggedObject)) { revokedCertificates = ASN1Sequence.getInstance(seq.getObjectAt(seqPos++)); } if (seqPos < seq.size() - && seq.getObjectAt(seqPos) instanceof DERTaggedObject) + && seq.getObjectAt(seqPos) instanceof ASN1TaggedObject) { crlExtensions = Extensions.getInstance(ASN1Sequence.getInstance((ASN1TaggedObject)seq.getObjectAt(seqPos), true)); } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/TBSCertificate.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/TBSCertificate.java index dc419649..f7f60050 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/TBSCertificate.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/TBSCertificate.java @@ -77,7 +77,7 @@ public class TBSCertificate // // some certficates don't include a version number - we assume v1 // - if (seq.getObjectAt(0) instanceof DERTaggedObject) + if (seq.getObjectAt(0) instanceof ASN1TaggedObject) { version = ASN1Integer.getInstance((ASN1TaggedObject)seq.getObjectAt(0), true); } @@ -109,7 +109,7 @@ public class TBSCertificate for (int extras = seq.size() - (seqStart + 6) - 1; extras > 0; extras--) { - DERTaggedObject extra = (DERTaggedObject)seq.getObjectAt(seqStart + 6 + extras); + ASN1TaggedObject extra = (ASN1TaggedObject)seq.getObjectAt(seqStart + 6 + extras); switch (extra.getTagNo()) { diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x9/ValidationParams.java b/bcprov/src/main/java/org/bouncycastle/asn1/x9/ValidationParams.java index 34ad746a..855974d2 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x9/ValidationParams.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x9/ValidationParams.java @@ -12,10 +12,13 @@ import org.bouncycastle.asn1.DERBitString; import org.bouncycastle.asn1.DERSequence; /** + * Diffie-Hellman domain validation parameters. + * <pre> * ValidationParams ::= SEQUENCE { * seed BIT STRING, * pgenCounter INTEGER * } + * </pre> */ public class ValidationParams extends ASN1Object diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x9/X962NamedCurves.java b/bcprov/src/main/java/org/bouncycastle/asn1/x9/X962NamedCurves.java index 84574a3a..022c0183 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x9/X962NamedCurves.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x9/X962NamedCurves.java @@ -11,7 +11,7 @@ import org.bouncycastle.util.encoders.Hex; /** - * table of the current named curves defined in X.962 EC-DSA. + * Table of the current named curves defined in X.962 EC-DSA. */ public class X962NamedCurves { @@ -546,7 +546,7 @@ public class X962NamedCurves static void defineCurve(String name, ASN1ObjectIdentifier oid, X9ECParametersHolder holder) { - objIds.put(name.toLowerCase(), oid); + objIds.put(name, oid); names.put(oid, name); curves.put(oid, holder); } @@ -581,8 +581,14 @@ public class X962NamedCurves public static X9ECParameters getByName( String name) { - ASN1ObjectIdentifier oid = getOID(name); - return oid == null ? null : getByOID(oid); + ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)objIds.get(Strings.toLowerCase(name)); + + if (oid != null) + { + return getByOID(oid); + } + + return null; } /** @@ -595,7 +601,13 @@ public class X962NamedCurves ASN1ObjectIdentifier oid) { X9ECParametersHolder holder = (X9ECParametersHolder)curves.get(oid); - return holder == null ? null : holder.getParameters(); + + if (holder != null) + { + return holder.getParameters(); + } + + return null; } /** @@ -625,6 +637,6 @@ public class X962NamedCurves */ public static Enumeration getNames() { - return names.elements(); + return objIds.keys(); } } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x9/X962Parameters.java b/bcprov/src/main/java/org/bouncycastle/asn1/x9/X962Parameters.java index a06aa85f..2f26c66d 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x9/X962Parameters.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x9/X962Parameters.java @@ -37,7 +37,7 @@ public class X962Parameters { return new X962Parameters(ASN1Primitive.fromByteArray((byte[])obj)); } - catch (IOException e) + catch (Exception e) { throw new IllegalArgumentException("unable to parse encoded data: " + e.getMessage()); } @@ -107,6 +107,6 @@ public class X962Parameters */ public ASN1Primitive toASN1Primitive() { - return (ASN1Primitive)params; + return params; } } diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9ECPoint.java b/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9ECPoint.java index 57b0fda4..95fdc672 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9ECPoint.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9ECPoint.java @@ -53,7 +53,7 @@ public class X9ECPoint return Arrays.clone(encoding.getOctets()); } - public ECPoint getPoint() + public synchronized ECPoint getPoint() { if (p == null) { diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9IntegerConverter.java b/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9IntegerConverter.java index 16a803cc..2851bcae 100644 --- a/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9IntegerConverter.java +++ b/bcprov/src/main/java/org/bouncycastle/asn1/x9/X9IntegerConverter.java @@ -5,20 +5,43 @@ import java.math.BigInteger; import org.bouncycastle.math.ec.ECCurve; import org.bouncycastle.math.ec.ECFieldElement; +/** + * A class which converts integers to byte arrays, allowing padding and calculations + * to be done according the the filed size of the curve or field element involved. + */ public class X9IntegerConverter { + /** + * Return the curve's field size in bytes. + * + * @param c the curve of interest. + * @return the field size in bytes (rounded up). + */ public int getByteLength( ECCurve c) { return (c.getFieldSize() + 7) / 8; } + /** + * Return the field element's field size in bytes. + * + * @param fe the field element of interest. + * @return the field size in bytes (rounded up). + */ public int getByteLength( ECFieldElement fe) { return (fe.getFieldSize() + 7) / 8; } + /** + * Convert an integer to a byte array, ensuring it is exactly qLength long. + * + * @param s the integer to be converted. + * @param qLength the length + * @return the resulting byte array. + */ public byte[] integerToBytes( BigInteger s, int qLength) |