summaryrefslogtreecommitdiff
path: root/bcprov/src/main/java/org/bouncycastle/jce
diff options
context:
space:
mode:
Diffstat (limited to 'bcprov/src/main/java/org/bouncycastle/jce')
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java69
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java103
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java40
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java43
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java215
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCRLUtil.java38
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java16
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java16
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jce/provider/X509SignatureUtil.java59
9 files changed, 297 insertions, 302 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java b/bcprov/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java
index 0c41c882..22373486 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java
@@ -30,18 +30,16 @@ import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERNull;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-// END android-removed
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.CertificationRequest;
import org.bouncycastle.asn1.pkcs.CertificationRequestInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-// END android-removed
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.X509Name;
@@ -85,11 +83,10 @@ public class PKCS10CertificationRequest
static
{
- // BEGIN android-removed
- // Dropping MD2
+ // Android-removed: Unsupported algorithms
// algorithms.put("MD2WITHRSAENCRYPTION", new ASN1ObjectIdentifier("1.2.840.113549.1.1.2"));
// algorithms.put("MD2WITHRSA", new ASN1ObjectIdentifier("1.2.840.113549.1.1.2"));
- // END android-removed
+ // END Android-removed: Unsupported algorithms
algorithms.put("MD5WITHRSAENCRYPTION", new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"));
algorithms.put("MD5WITHRSA", new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"));
algorithms.put("RSAWITHMD5", new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"));
@@ -109,14 +106,14 @@ public class PKCS10CertificationRequest
algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
algorithms.put("RSAWITHSHA1", new ASN1ObjectIdentifier("1.2.840.113549.1.1.5"));
- // BEGIN android-removed
+ // BEGIN Android-removed: Unsupported algorithms
// algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
// algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
// algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
// algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
// algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
// algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
- // END android-removed
+ // END Android-removed: Unsupported algorithms
algorithms.put("SHA1WITHDSA", new ASN1ObjectIdentifier("1.2.840.10040.4.3"));
algorithms.put("DSAWITHSHA1", new ASN1ObjectIdentifier("1.2.840.10040.4.3"));
algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
@@ -129,13 +126,13 @@ public class PKCS10CertificationRequest
algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384);
algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512);
algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1);
- // BEGIN android-removed
+ // BEGIN Android-removed: Unsupported algorithms
// algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
// algorithms.put("GOST3410WITHGOST3411", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
// algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
// algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
// algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
- // END android-removed
+ // END Android-removed: Unsupported algorithms
//
// reverse mappings
@@ -145,15 +142,15 @@ public class PKCS10CertificationRequest
oids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256WITHRSA");
oids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384WITHRSA");
oids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512WITHRSA");
- // BEGIN android-removed
+ // BEGIN Android-removed: Unsupported algorithms
// oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410");
// oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410");
- // END android-removed
+ // END Android-removed: Unsupported algorithms
oids.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"), "MD5WITHRSA");
- // BEGIN android-removed
+ // BEGIN Android-removed: Unsupported algorithms
// oids.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA");
- // END android-removed
+ // END Android-removed: Unsupported algorithms
oids.put(new ASN1ObjectIdentifier("1.2.840.10040.4.3"), "SHA1WITHDSA");
oids.put(X9ObjectIdentifiers.ecdsa_with_SHA1, "SHA1WITHECDSA");
oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA");
@@ -187,10 +184,10 @@ public class PKCS10CertificationRequest
//
// RFC 4491
//
- // BEGIN android-removed
+ // BEGIN Android-removed: Unsupported algorithms
// noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
// noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
- // END android-removed
+ // END Android-removed: Unsupported algorithms
//
// explicit params
//
@@ -633,24 +630,26 @@ public class PKCS10CertificationRequest
{
return "SHA512";
}
- // BEGIN android-removed
- // else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
- // {
- // return "RIPEMD128";
- // }
- // else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
- // {
- // return "RIPEMD160";
- // }
- // else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
- // {
- // return "RIPEMD256";
- // }
- // else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
- // {
- // return "GOST3411";
- // }
- // END android-removed
+ // BEGIN Android-removed: Unsupported algorithms
+ /*
+ else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
+ {
+ return "RIPEMD128";
+ }
+ else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
+ {
+ return "RIPEMD160";
+ }
+ else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
+ {
+ return "RIPEMD256";
+ }
+ else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
+ {
+ return "GOST3411";
+ }
+ */
+ // END Android-removed: Unsupported algorithms
else
{
return digestAlgOID.getId();
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java
index 5cb5d526..dfc56d7e 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java
@@ -60,29 +60,25 @@ public final class BouncyCastleProvider extends Provider
private static final String[] SYMMETRIC_GENERIC =
{
- // BEGIN android-changed
- // Was: "PBEPBKDF2", "TLSKDF"
+ // Android-changed: Remove unsupported algorithms, add our own version of PBEv2 AlgParams
+ // "PBEPBKDF2", "TLSKDF"
"PBEPBKDF2", "PBEPKCS12", "PBES2AlgorithmParameters"
};
private static final String[] SYMMETRIC_MACS =
{
- // BEGIN android-removed
+ // Android-removed: Unsupported algorithms
// "SipHash", "Poly1305"
- // END android-removed
};
private static final String[] SYMMETRIC_CIPHERS =
{
- // BEGIN android-removed
+ // Android-changed: Unsupported algorithms
// "AES", "ARC4", "ARIA", "Blowfish", "Camellia", "CAST5", "CAST6", "ChaCha", "DES", "DESede",
// "GOST28147", "Grainv1", "Grain128", "HC128", "HC256", "IDEA", "Noekeon", "RC2", "RC5",
// "RC6", "Rijndael", "Salsa20", "SEED", "Serpent", "Shacal2", "Skipjack", "SM4", "TEA", "Twofish", "Threefish",
// "VMPC", "VMPCKSA3", "XTEA", "XSalsa20", "OpenSSLPBKDF"
- // END android-removed
- // BEGIN android-added
"AES", "ARC4", "Blowfish", "DES", "DESede", "RC2", "Twofish",
- // END android-added
};
/*
@@ -94,22 +90,16 @@ public final class BouncyCastleProvider extends Provider
// later ones configure it.
private static final String[] ASYMMETRIC_GENERIC =
{
- // BEGIN android-removed
+ // Android-changed: Unsupported algorithms
// "X509", "IES"
- // END android-removed
- // BEGIN android-added
"X509"
- // END android-added
};
private static final String[] ASYMMETRIC_CIPHERS =
{
- // BEGIN android-removed
+ // Android-changed: Unsupported algorithms
// "DSA", "DH", "EC", "RSA", "GOST", "ECGOST", "ElGamal", "DSTU4145", "GM"
- // END android-removed
- // BEGIN android-added
"DSA", "DH", "EC", "RSA",
- // END android-added
};
/*
@@ -118,13 +108,10 @@ public final class BouncyCastleProvider extends Provider
private static final String DIGEST_PACKAGE = "org.bouncycastle.jcajce.provider.digest.";
private static final String[] DIGESTS =
{
- // BEGIN android-removed
+ // Android-changed: Unsupported algorithms
// "GOST3411", "Keccak", "MD2", "MD4", "MD5", "SHA1", "RIPEMD128", "RIPEMD160", "RIPEMD256", "RIPEMD320", "SHA224",
// "SHA256", "SHA384", "SHA512", "SHA3", "Skein", "SM3", "Tiger", "Whirlpool", "Blake2b"
- // END android-removed
- // BEGIN android-added
"MD5", "SHA1", "SHA224", "SHA256", "SHA384", "SHA512",
- // END android-added
};
/*
@@ -136,7 +123,7 @@ public final class BouncyCastleProvider extends Provider
"BC", "BCFKS", "PKCS12"
};
- // BEGIN android-removed
+ // Android-removed: Unsupported algorithms
// /*
// * Configurable secure random
// */
@@ -181,54 +168,56 @@ public final class BouncyCastleProvider extends Provider
loadAlgorithms(KEYSTORE_PACKAGE, KEYSTORES);
- // BEGIN android-removed
- // loadAlgorithms(SECURE_RANDOM_PACKAGE, SECURE_RANDOMS);
- //
- // //
- // // X509Store
- // //
- // put("X509Store.CERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertCollection");
- // put("X509Store.ATTRIBUTECERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreAttrCertCollection");
- // put("X509Store.CRL/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCRLCollection");
- // put("X509Store.CERTIFICATEPAIR/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertPairCollection");
- //
- // put("X509Store.CERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCerts");
- // put("X509Store.CRL/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCRLs");
- // put("X509Store.ATTRIBUTECERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPAttrCerts");
- // put("X509Store.CERTIFICATEPAIR/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCertPairs");
+ // Android-removed: Unsupported algorithms
+ /*
+ loadAlgorithms(SECURE_RANDOM_PACKAGE, SECURE_RANDOMS);
+
//
- // //
- // // X509StreamParser
- // //
- // put("X509StreamParser.CERTIFICATE", "org.bouncycastle.jce.provider.X509CertParser");
- // put("X509StreamParser.ATTRIBUTECERTIFICATE", "org.bouncycastle.jce.provider.X509AttrCertParser");
- // put("X509StreamParser.CRL", "org.bouncycastle.jce.provider.X509CRLParser");
- // put("X509StreamParser.CERTIFICATEPAIR", "org.bouncycastle.jce.provider.X509CertPairParser");
+ // X509Store
//
- // //
- // // cipher engines
- // //
- // put("Cipher.BROKENPBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithMD5AndDES");
+ put("X509Store.CERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertCollection");
+ put("X509Store.ATTRIBUTECERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreAttrCertCollection");
+ put("X509Store.CRL/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCRLCollection");
+ put("X509Store.CERTIFICATEPAIR/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertPairCollection");
+
+ put("X509Store.CERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCerts");
+ put("X509Store.CRL/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCRLs");
+ put("X509Store.ATTRIBUTECERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPAttrCerts");
+ put("X509Store.CERTIFICATEPAIR/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCertPairs");
+
//
- // put("Cipher.BROKENPBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES");
+ // X509StreamParser
//
+ put("X509StreamParser.CERTIFICATE", "org.bouncycastle.jce.provider.X509CertParser");
+ put("X509StreamParser.ATTRIBUTECERTIFICATE", "org.bouncycastle.jce.provider.X509AttrCertParser");
+ put("X509StreamParser.CRL", "org.bouncycastle.jce.provider.X509CRLParser");
+ put("X509StreamParser.CERTIFICATEPAIR", "org.bouncycastle.jce.provider.X509CertPairParser");
+
//
- // put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish");
+ // cipher engines
//
- // // Certification Path API
- // put("CertPathValidator.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathValidatorSpi");
- // put("CertPathBuilder.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathBuilderSpi");
- // put("CertPathValidator.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi");
- // put("CertPathBuilder.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi");
- // END android-removed
+ put("Cipher.BROKENPBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithMD5AndDES");
+
+ put("Cipher.BROKENPBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES");
+
+
+ put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish");
+
+ // Certification Path API
+ put("CertPathValidator.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathValidatorSpi");
+ put("CertPathBuilder.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathBuilderSpi");
+ put("CertPathValidator.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi");
+ put("CertPathBuilder.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi");
+ */
+ // END Android-removed: Unsupported algorithms
put("CertPathValidator.PKIX", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi");
put("CertPathBuilder.PKIX", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi");
put("CertStore.Collection", "org.bouncycastle.jce.provider.CertStoreCollectionSpi");
- // BEGIN android-removed
+ // BEGIN Android-removed: Unsupported algorithms
// put("CertStore.LDAP", "org.bouncycastle.jce.provider.X509LDAPCertStoreSpi");
// put("CertStore.Multi", "org.bouncycastle.jce.provider.MultiCertStoreSpi");
// put("Alg.Alias.CertStore.X509LDAP", "LDAP");
- // END android-removed
+ // END Android-removed: Unsupported algorithms
}
private void loadAlgorithms(String packageName, String[] names)
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java
index b6a9d6a5..b72a6f44 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java
@@ -75,9 +75,7 @@ import org.bouncycastle.util.Selector;
import org.bouncycastle.util.Store;
import org.bouncycastle.util.StoreException;
import org.bouncycastle.x509.X509AttributeCertificate;
-// BEGIN android-removed
-// import org.bouncycastle.x509.extension.X509ExtensionUtil;
-// END android-removed
+import org.bouncycastle.x509.extension.X509ExtensionUtil;
class CertPathValidatorUtilities
{
@@ -657,22 +655,24 @@ class CertPathValidatorUtilities
{
Object obj = iter.next();
- // BEGIN android-removed
- // if (obj instanceof X509Store)
- // {
- // X509Store certStore = (X509Store)obj;
- // try
- // {
- // certs.addAll(certStore.getMatches(certSelect));
- // }
- // catch (StoreException e)
- // {
- // throw new AnnotatedException(
- // "Problem while picking certificates from X.509 store.", e);
- // }
- // }
- // else
- // END android-removed
+ // BEGIN Android-removed: Unknown reason
+ /*
+ if (obj instanceof Store)
+ {
+ Store certStore = (Store)obj;
+ try
+ {
+ certs.addAll(certStore.getMatches(certSelect));
+ }
+ catch (StoreException e)
+ {
+ throw new AnnotatedException(
+ "Problem while picking certificates from X.509 store.", e);
+ }
+ }
+ else
+ */
+ // END Android-removed: Unknown reason
{
CertStore certStore = (CertStore)obj;
@@ -894,7 +894,9 @@ class CertPathValidatorUtilities
{
return;
}
+
X500Principal certificateIssuer = crl_entry.getCertificateIssuer();
+
X500Name certIssuer;
if (certificateIssuer == null)
{
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java
index 20ca6f27..7d6a50cf 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java
@@ -19,10 +19,9 @@ import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERNull;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
-// END android-removed
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.sec.ECPrivateKeyStructure;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
@@ -205,23 +204,25 @@ public class JCEECPrivateKey
ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(params.getParameters());
X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid);
- // BEGIN android-removed
- // if (ecP == null) // GOST Curve
- // {
- // ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid);
- // EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed());
- //
- // ecSpec = new ECNamedCurveSpec(
- // ECGOST3410NamedCurves.getName(oid),
- // ellipticCurve,
- // new ECPoint(
- // gParam.getG().getAffineXCoord().toBigInteger(),
- // gParam.getG().getAffineYCoord().toBigInteger()),
- // gParam.getN(),
- // gParam.getH());
- // }
- // else
- // END android-removed
+ // BEGIN Android-removed: Unsupported algorithms
+ /*
+ if (ecP == null) // GOST Curve
+ {
+ ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid);
+ EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed());
+
+ ecSpec = new ECNamedCurveSpec(
+ ECGOST3410NamedCurves.getName(oid),
+ ellipticCurve,
+ new ECPoint(
+ gParam.getG().getAffineXCoord().toBigInteger(),
+ gParam.getG().getAffineYCoord().toBigInteger()),
+ gParam.getN(),
+ gParam.getH());
+ }
+ else
+ */
+ // END Android-removed: Unsupported algorithms
{
EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed());
@@ -335,13 +336,13 @@ public class JCEECPrivateKey
try
{
- // BEGIN android-removed
+ // BEGIN Android-removed: Unsupported algorithms
// if (algorithm.equals("ECGOST3410"))
// {
// info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.toASN1Primitive()), keyStructure.toASN1Primitive());
// }
// else
- // END android-removed
+ // END Android-removed: Unsupported algorithms
{
info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.toASN1Primitive()), keyStructure.toASN1Primitive());
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java
index 94fb7289..654b5e1d 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java
@@ -18,11 +18,10 @@ import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DEROctetString;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
// import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters;
-// END android-removed
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x9.X962Parameters;
@@ -35,13 +34,11 @@ import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util;
import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil;
import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
// import org.bouncycastle.jce.ECGOST3410NamedCurveTable;
-// END android-removed
import org.bouncycastle.jce.interfaces.ECPointEncoder;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
// import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
-// END android-removed
import org.bouncycastle.jce.spec.ECNamedCurveSpec;
import org.bouncycastle.math.ec.ECCurve;
import org.bouncycastle.math.ec.custom.sec.SecP256K1Point;
@@ -55,9 +52,8 @@ public class JCEECPublicKey
private org.bouncycastle.math.ec.ECPoint q;
private ECParameterSpec ecSpec;
private boolean withCompression;
- // BEGIN android-removed
+ // Android-removed: Unsupported algorithms
// private GOST3410PublicKeyAlgParameters gostParams;
- // END android-removed
public JCEECPublicKey(
String algorithm,
@@ -67,9 +63,8 @@ public class JCEECPublicKey
this.q = key.q;
this.ecSpec = key.ecSpec;
this.withCompression = key.withCompression;
- // BEGIN android-removed
+ // Android-removed: Unsupported algorithms
// this.gostParams = key.gostParams;
- // END android-removed
}
public JCEECPublicKey(
@@ -192,56 +187,58 @@ public class JCEECPublicKey
private void populateFromPubKeyInfo(SubjectPublicKeyInfo info)
{
- // BEGIN android-removed
- // if (info.getAlgorithmId().getAlgorithm().equals(CryptoProObjectIdentifiers.gostR3410_2001))
- // {
- // DERBitString bits = info.getPublicKeyData();
- // ASN1OctetString key;
- // this.algorithm = "ECGOST3410";
- //
- // try
- // {
- // key = (ASN1OctetString) ASN1Primitive.fromByteArray(bits.getBytes());
- // }
- // catch (IOException ex)
- // {
- // throw new IllegalArgumentException("error recovering public key");
- // }
- //
- // byte[] keyEnc = key.getOctets();
- // byte[] x = new byte[32];
- // byte[] y = new byte[32];
- //
- // for (int i = 0; i != x.length; i++)
- // {
- // x[i] = keyEnc[32 - 1 - i];
- // }
- //
- // for (int i = 0; i != y.length; i++)
- // {
- // y[i] = keyEnc[64 - 1 - i];
- // }
- //
- // gostParams = new GOST3410PublicKeyAlgParameters((ASN1Sequence)info.getAlgorithmId().getParameters());
- //
- // ECNamedCurveParameterSpec spec = ECGOST3410NamedCurveTable.getParameterSpec(ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()));
- //
- // ECCurve curve = spec.getCurve();
- // EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getSeed());
- //
- // this.q = curve.createPoint(new BigInteger(1, x), new BigInteger(1, y), false);
- //
- // ecSpec = new ECNamedCurveSpec(
- // ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()),
- // ellipticCurve,
- // new ECPoint(
- // spec.getG().getAffineXCoord().toBigInteger(),
- // spec.getG().getAffineYCoord().toBigInteger()),
- // spec.getN(), spec.getH());
- //
- // }
- // else
- // END android-removed
+ // BEGIN Android-removed: Unsupported algorithms
+ /*
+ if (info.getAlgorithmId().getAlgorithm().equals(CryptoProObjectIdentifiers.gostR3410_2001))
+ {
+ DERBitString bits = info.getPublicKeyData();
+ ASN1OctetString key;
+ this.algorithm = "ECGOST3410";
+
+ try
+ {
+ key = (ASN1OctetString) ASN1Primitive.fromByteArray(bits.getBytes());
+ }
+ catch (IOException ex)
+ {
+ throw new IllegalArgumentException("error recovering public key");
+ }
+
+ byte[] keyEnc = key.getOctets();
+ byte[] x = new byte[32];
+ byte[] y = new byte[32];
+
+ for (int i = 0; i != x.length; i++)
+ {
+ x[i] = keyEnc[32 - 1 - i];
+ }
+
+ for (int i = 0; i != y.length; i++)
+ {
+ y[i] = keyEnc[64 - 1 - i];
+ }
+
+ gostParams = new GOST3410PublicKeyAlgParameters((ASN1Sequence)info.getAlgorithmId().getParameters());
+
+ ECNamedCurveParameterSpec spec = ECGOST3410NamedCurveTable.getParameterSpec(ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()));
+
+ ECCurve curve = spec.getCurve();
+ EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getSeed());
+
+ this.q = curve.createPoint(new BigInteger(1, x), new BigInteger(1, y), false);
+
+ ecSpec = new ECNamedCurveSpec(
+ ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()),
+ ellipticCurve,
+ new ECPoint(
+ spec.getG().getAffineXCoord().toBigInteger(),
+ spec.getG().getAffineYCoord().toBigInteger()),
+ spec.getN(), spec.getH());
+
+ }
+ else
+ */
+ // END Android-removed: Unsupported algorithms
{
X962Parameters params = new X962Parameters((ASN1Primitive)info.getAlgorithmId().getParameters());
ECCurve curve;
@@ -330,54 +327,56 @@ public class JCEECPublicKey
ASN1Encodable params;
SubjectPublicKeyInfo info;
- // BEGIN android-removed
- // if (algorithm.equals("ECGOST3410"))
- // {
- // if (gostParams != null)
- // {
- // params = gostParams;
- // }
- // else
- // {
- // if (ecSpec instanceof ECNamedCurveSpec)
- // {
- // params = new GOST3410PublicKeyAlgParameters(
- // ECGOST3410NamedCurves.getOID(((ECNamedCurveSpec)ecSpec).getName()),
- // CryptoProObjectIdentifiers.gostR3411_94_CryptoProParamSet);
- // }
- // else
- // { // strictly speaking this may not be applicable...
- // ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve());
- //
- // X9ECParameters ecP = new X9ECParameters(
- // curve,
- // EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression),
- // ecSpec.getOrder(),
- // BigInteger.valueOf(ecSpec.getCofactor()),
- // ecSpec.getCurve().getSeed());
- //
- // params = new X962Parameters(ecP);
- // }
- // }
- //
- // BigInteger bX = this.q.getAffineXCoord().toBigInteger();
- // BigInteger bY = this.q.getAffineYCoord().toBigInteger();
- // byte[] encKey = new byte[64];
- //
- // extractBytes(encKey, 0, bX);
- // extractBytes(encKey, 32, bY);
- //
- // try
- // {
- // info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params), new DEROctetString(encKey));
- // }
- // catch (IOException e)
- // {
- // return null;
- // }
- // }
- // else
- // END android-removed
+ // BEGIN Android-removed: Unsupported algorithms
+ /*
+ if (algorithm.equals("ECGOST3410"))
+ {
+ if (gostParams != null)
+ {
+ params = gostParams;
+ }
+ else
+ {
+ if (ecSpec instanceof ECNamedCurveSpec)
+ {
+ params = new GOST3410PublicKeyAlgParameters(
+ ECGOST3410NamedCurves.getOID(((ECNamedCurveSpec)ecSpec).getName()),
+ CryptoProObjectIdentifiers.gostR3411_94_CryptoProParamSet);
+ }
+ else
+ { // strictly speaking this may not be applicable...
+ ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve());
+
+ X9ECParameters ecP = new X9ECParameters(
+ curve,
+ EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression),
+ ecSpec.getOrder(),
+ BigInteger.valueOf(ecSpec.getCofactor()),
+ ecSpec.getCurve().getSeed());
+
+ params = new X962Parameters(ecP);
+ }
+ }
+
+ BigInteger bX = this.q.getAffineXCoord().toBigInteger();
+ BigInteger bY = this.q.getAffineYCoord().toBigInteger();
+ byte[] encKey = new byte[64];
+
+ extractBytes(encKey, 0, bX);
+ extractBytes(encKey, 32, bY);
+
+ try
+ {
+ info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params), new DEROctetString(encKey));
+ }
+ catch (IOException e)
+ {
+ return null;
+ }
+ }
+ else
+ */
+ // END Android-removed: Unsupported algorithms
{
if (ecSpec instanceof ECNamedCurveSpec)
{
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCRLUtil.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCRLUtil.java
index b53b7aa2..97a38aca 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCRLUtil.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCRLUtil.java
@@ -88,24 +88,26 @@ class PKIXCRLUtil
{
Object obj = iter.next();
- // BEGIN android-removed
- // if (obj instanceof Store)
- // {
- // Store store = (Store)obj;
-
- // try
- // {
- // crls.addAll(store.getMatches(crlSelect));
- // foundValidStore = true;
- // }
- // catch (StoreException e)
- // {
- // lastException = new AnnotatedException(
- // "Exception searching in X.509 CRL store.", e);
- // }
- // }
- // else
- // END android-removed
+ // BEGIN Android-removed: Unknown reason
+ /*
+ if (obj instanceof Store)
+ {
+ Store store = (Store)obj;
+
+ try
+ {
+ crls.addAll(store.getMatches(crlSelect));
+ foundValidStore = true;
+ }
+ catch (StoreException e)
+ {
+ lastException = new AnnotatedException(
+ "Exception searching in X.509 CRL store.", e);
+ }
+ }
+ else
+ */
+ // END Android-removed: Unknown reason
{
CertStore store = (CertStore)obj;
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
index 5d49d889..bd2331ab 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
@@ -1,8 +1,8 @@
package org.bouncycastle.jce.provider;
-// BEGIN android-added
+// BEGIN Android-added: Blacklist support
import java.math.BigInteger;
-// END android-added
+// END Android-added: Blacklist support
import java.security.InvalidAlgorithmParameterException;
import java.security.PublicKey;
import java.security.cert.CertPath;
@@ -45,11 +45,11 @@ public class PKIXCertPathValidatorSpi
public PKIXCertPathValidatorSpi()
{
}
- // BEGIN android-added
+ // BEGIN Android-added: Avoid loading blacklist during class init
private static class NoPreloadHolder {
private final static CertBlacklist blacklist = new CertBlacklist();
}
- // END android-added
+ // END Android-added: Avoid loading blacklist during class init
public CertPathValidatorResult engineValidate(
CertPath certPath,
@@ -105,7 +105,7 @@ public class PKIXCertPathValidatorSpi
{
throw new CertPathValidatorException("Certification path is empty.", null, certPath, -1);
}
- // BEGIN android-added
+ // BEGIN Android-added: Support blacklisting known-bad certs
{
X509Certificate cert = (X509Certificate) certs.get(0);
@@ -120,7 +120,7 @@ public class PKIXCertPathValidatorSpi
}
}
}
- // END android-added
+ // END Android-added: Support blacklisting known-bad certs
//
// (b)
@@ -300,7 +300,7 @@ public class PKIXCertPathValidatorSpi
for (index = certs.size() - 1; index >= 0; index--)
{
- // BEGIN android-added
+ // BEGIN Android-added: Support blacklisting known-bad certs
if (NoPreloadHolder.blacklist.isPublicKeyBlackListed(workingPublicKey)) {
// emulate CRL exception message in RFC3280CertPathUtilities.checkCRLs
String message = "Certificate revocation of public key " + workingPublicKey;
@@ -308,7 +308,7 @@ public class PKIXCertPathValidatorSpi
AnnotatedException e = new AnnotatedException(message);
throw new CertPathValidatorException(e.getMessage(), e, certPath, index);
}
- // END android-added
+ // END Android-added: Support blacklisting known-bad certs
// try
// {
//
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java
index 4a0166b2..a35fa650 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java
@@ -58,9 +58,9 @@ import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.KeyUsage;
-// BEGIN android-added
+// BEGIN Android-added: Unknown reason
import org.bouncycastle.asn1.x509.X509Name;
-// END android-added
+// END Android-added: Unknown reason
import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
@@ -570,20 +570,20 @@ public class X509CertificateObject
}
}
- // BEGIN android-changed
+ // BEGIN Android-added: Cache encoded certificates
private byte[] encoded;
- // END android-changed
+ // END Android-added: Cache encoded certificates
public byte[] getEncoded()
throws CertificateEncodingException
{
try
{
- // BEGIN android-changed
+ // BEGIN Android-changed: Cache encoded certificates
if (encoded == null) {
encoded = c.getEncoded(ASN1Encoding.DER);
}
return encoded;
- // END android-changed
+ // END Android-changed: Cache encoded certificates
}
catch (IOException e)
{
@@ -904,9 +904,9 @@ public class X509CertificateObject
list.add(genName.getEncoded());
break;
case GeneralName.directoryName:
- // BEGIN android-changed
+ // BEGIN Android-changed: Unknown reason
list.add(X509Name.getInstance(genName.getName()).toString(true, X509Name.DefaultSymbols));
- // END android-changed
+ // END Android-changed: Unknown reason
break;
case GeneralName.dNSName:
case GeneralName.rfc822Name:
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509SignatureUtil.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509SignatureUtil.java
index b12b1df7..a2ac86f8 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509SignatureUtil.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509SignatureUtil.java
@@ -14,9 +14,8 @@ import org.bouncycastle.asn1.ASN1Null;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERNull;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-// END android-removed
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
@@ -68,14 +67,16 @@ class X509SignatureUtil
if (params != null && !derNull.equals(params))
{
- // BEGIN android-removed
- // if (sigAlgId.getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS))
- // {
- // RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params);
- //
- // return getDigestAlgName(rsaParams.getHashAlgorithm().getAlgorithm()) + "withRSAandMGF1";
- // }
- // END android-removed
+ // BEGIN Android-removed: Unsupported algorithms
+ /*
+ if (sigAlgId.getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS))
+ {
+ RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params);
+
+ return getDigestAlgName(rsaParams.getHashAlgorithm().getAlgorithm()) + "withRSAandMGF1";
+ }
+ */
+ // END Android-removed: Unsupported algorithms
if (sigAlgId.getAlgorithm().equals(X9ObjectIdentifiers.ecdsa_with_SHA2))
{
ASN1Sequence ecDsaParams = ASN1Sequence.getInstance(params);
@@ -118,24 +119,26 @@ class X509SignatureUtil
{
return "SHA512";
}
- // BEGIN android-removed
- // else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
- // {
- // return "RIPEMD128";
- // }
- // else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
- // {
- // return "RIPEMD160";
- // }
- // else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
- // {
- // return "RIPEMD256";
- // }
- // else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
- // {
- // return "GOST3411";
- // }
- // END android-removed
+ // BEGIN Android-removed: Unsupported algorithms
+ /*
+ else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
+ {
+ return "RIPEMD128";
+ }
+ else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
+ {
+ return "RIPEMD160";
+ }
+ else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
+ {
+ return "RIPEMD256";
+ }
+ else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
+ {
+ return "GOST3411";
+ }
+ */
+ // END Android-removed: Unsupported algorithms
else
{
return digestAlgOID.getId();
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-15 18:17:58 +0000