diff options
author | David Hook <dgh@cryptoworkshop.com> | 2014-03-30 04:45:40 +0400 |
---|---|---|
committer | David Hook <dgh@cryptoworkshop.com> | 2014-03-30 04:45:40 +0400 |
commit | 04b286bffca2cb6216e4a4ba68a3484ad1709308 (patch) | |
tree | 9ee230b24a69d46a80beafd82d80cf2e438c71af /pkix | |
parent | 747a3c99ecda1a99955c86b8f045b6459793f2a8 (diff) |
deprecated method removal.
added some additional deprecations.
removed core selector dependency on crypto version of SHA-1
Diffstat (limited to 'pkix')
19 files changed, 543 insertions, 969 deletions
diff --git a/pkix/src/main/java/org/bouncycastle/cert/crmf/FixedLengthMGF1Padder.java b/pkix/src/main/java/org/bouncycastle/cert/crmf/bc/BcFixedLengthMGF1Padder.java index 9939a303..9fa53d62 100644 --- a/pkix/src/main/java/org/bouncycastle/cert/crmf/FixedLengthMGF1Padder.java +++ b/pkix/src/main/java/org/bouncycastle/cert/crmf/bc/BcFixedLengthMGF1Padder.java @@ -1,7 +1,8 @@ -package org.bouncycastle.cert.crmf; +package org.bouncycastle.cert.crmf.bc; import java.security.SecureRandom; +import org.bouncycastle.cert.crmf.EncryptedValuePadder; import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.digests.SHA1Digest; import org.bouncycastle.crypto.generators.MGF1BytesGenerator; @@ -10,7 +11,7 @@ import org.bouncycastle.crypto.params.MGFParameters; /** * An encrypted value padder that uses MGF1 as the basis of the padding. */ -public class FixedLengthMGF1Padder +public class BcFixedLengthMGF1Padder implements EncryptedValuePadder { private int length; @@ -23,7 +24,7 @@ public class FixedLengthMGF1Padder * * @param length fixed length for padded output. */ - public FixedLengthMGF1Padder(int length) + public BcFixedLengthMGF1Padder(int length) { this(length, null); } @@ -36,7 +37,7 @@ public class FixedLengthMGF1Padder * @param length fixed length for padded output. * @param random a source of randomness. */ - public FixedLengthMGF1Padder(int length, SecureRandom random) + public BcFixedLengthMGF1Padder(int length, SecureRandom random) { this.length = length; this.random = random; diff --git a/pkix/src/main/java/org/bouncycastle/cert/selector/MSOutlookKeyIdCalculator.java b/pkix/src/main/java/org/bouncycastle/cert/selector/MSOutlookKeyIdCalculator.java index 3f4e22cc..8f6d119c 100644 --- a/pkix/src/main/java/org/bouncycastle/cert/selector/MSOutlookKeyIdCalculator.java +++ b/pkix/src/main/java/org/bouncycastle/cert/selector/MSOutlookKeyIdCalculator.java @@ -4,14 +4,16 @@ import java.io.IOException; import org.bouncycastle.asn1.ASN1Encoding; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; +import org.bouncycastle.util.Pack; class MSOutlookKeyIdCalculator { + // This is less than ideal, but it seems to be the best way of supporting this without exposing SHA-1 + // as the class is only used to workout the MSOutlook Key ID, you can think of the fact it's SHA-1 as + // a coincidence... static byte[] calculateKeyId(SubjectPublicKeyInfo info) { - Digest dig = new SHA1Digest(); // TODO: include definition of SHA-1 here + SHA1Digest dig = new SHA1Digest(); byte[] hash = new byte[dig.getDigestSize()]; byte[] spkiEnc = new byte[0]; try @@ -30,4 +32,391 @@ class MSOutlookKeyIdCalculator return hash; } + + private static abstract class GeneralDigest + { + private static final int BYTE_LENGTH = 64; + private byte[] xBuf; + private int xBufOff; + + private long byteCount; + + /** + * Standard constructor + */ + protected GeneralDigest() + { + xBuf = new byte[4]; + xBufOff = 0; + } + + /** + * Copy constructor. We are using copy constructors in place + * of the Object.clone() interface as this interface is not + * supported by J2ME. + */ + protected GeneralDigest(GeneralDigest t) + { + xBuf = new byte[t.xBuf.length]; + + copyIn(t); + } + + protected void copyIn(GeneralDigest t) + { + System.arraycopy(t.xBuf, 0, xBuf, 0, t.xBuf.length); + + xBufOff = t.xBufOff; + byteCount = t.byteCount; + } + + public void update( + byte in) + { + xBuf[xBufOff++] = in; + + if (xBufOff == xBuf.length) + { + processWord(xBuf, 0); + xBufOff = 0; + } + + byteCount++; + } + + public void update( + byte[] in, + int inOff, + int len) + { + // + // fill the current word + // + while ((xBufOff != 0) && (len > 0)) + { + update(in[inOff]); + + inOff++; + len--; + } + + // + // process whole words. + // + while (len > xBuf.length) + { + processWord(in, inOff); + + inOff += xBuf.length; + len -= xBuf.length; + byteCount += xBuf.length; + } + + // + // load in the remainder. + // + while (len > 0) + { + update(in[inOff]); + + inOff++; + len--; + } + } + + public void finish() + { + long bitLength = (byteCount << 3); + + // + // add the pad bytes. + // + update((byte)128); + + while (xBufOff != 0) + { + update((byte)0); + } + + processLength(bitLength); + + processBlock(); + } + + public void reset() + { + byteCount = 0; + + xBufOff = 0; + for (int i = 0; i < xBuf.length; i++) + { + xBuf[i] = 0; + } + } + + protected abstract void processWord(byte[] in, int inOff); + + protected abstract void processLength(long bitLength); + + protected abstract void processBlock(); + } + + private static class SHA1Digest + extends GeneralDigest + { + private static final int DIGEST_LENGTH = 20; + + private int H1, H2, H3, H4, H5; + + private int[] X = new int[80]; + private int xOff; + + /** + * Standard constructor + */ + public SHA1Digest() + { + reset(); + } + + public String getAlgorithmName() + { + return "SHA-1"; + } + + public int getDigestSize() + { + return DIGEST_LENGTH; + } + + protected void processWord( + byte[] in, + int inOff) + { + // Note: Inlined for performance + // X[xOff] = Pack.bigEndianToInt(in, inOff); + int n = in[ inOff] << 24; + n |= (in[++inOff] & 0xff) << 16; + n |= (in[++inOff] & 0xff) << 8; + n |= (in[++inOff] & 0xff); + X[xOff] = n; + + if (++xOff == 16) + { + processBlock(); + } + } + + protected void processLength( + long bitLength) + { + if (xOff > 14) + { + processBlock(); + } + + X[14] = (int)(bitLength >>> 32); + X[15] = (int)(bitLength & 0xffffffff); + } + + public int doFinal( + byte[] out, + int outOff) + { + finish(); + + Pack.intToBigEndian(H1, out, outOff); + Pack.intToBigEndian(H2, out, outOff + 4); + Pack.intToBigEndian(H3, out, outOff + 8); + Pack.intToBigEndian(H4, out, outOff + 12); + Pack.intToBigEndian(H5, out, outOff + 16); + + reset(); + + return DIGEST_LENGTH; + } + + /** + * reset the chaining variables + */ + public void reset() + { + super.reset(); + + H1 = 0x67452301; + H2 = 0xefcdab89; + H3 = 0x98badcfe; + H4 = 0x10325476; + H5 = 0xc3d2e1f0; + + xOff = 0; + for (int i = 0; i != X.length; i++) + { + X[i] = 0; + } + } + + // + // Additive constants + // + private static final int Y1 = 0x5a827999; + private static final int Y2 = 0x6ed9eba1; + private static final int Y3 = 0x8f1bbcdc; + private static final int Y4 = 0xca62c1d6; + + private int f( + int u, + int v, + int w) + { + return ((u & v) | ((~u) & w)); + } + + private int h( + int u, + int v, + int w) + { + return (u ^ v ^ w); + } + + private int g( + int u, + int v, + int w) + { + return ((u & v) | (u & w) | (v & w)); + } + + protected void processBlock() + { + // + // expand 16 word block into 80 word block. + // + for (int i = 16; i < 80; i++) + { + int t = X[i - 3] ^ X[i - 8] ^ X[i - 14] ^ X[i - 16]; + X[i] = t << 1 | t >>> 31; + } + + // + // set up working variables. + // + int A = H1; + int B = H2; + int C = H3; + int D = H4; + int E = H5; + + // + // round 1 + // + int idx = 0; + + for (int j = 0; j < 4; j++) + { + // E = rotateLeft(A, 5) + f(B, C, D) + E + X[idx++] + Y1 + // B = rotateLeft(B, 30) + E += (A << 5 | A >>> 27) + f(B, C, D) + X[idx++] + Y1; + B = B << 30 | B >>> 2; + + D += (E << 5 | E >>> 27) + f(A, B, C) + X[idx++] + Y1; + A = A << 30 | A >>> 2; + + C += (D << 5 | D >>> 27) + f(E, A, B) + X[idx++] + Y1; + E = E << 30 | E >>> 2; + + B += (C << 5 | C >>> 27) + f(D, E, A) + X[idx++] + Y1; + D = D << 30 | D >>> 2; + + A += (B << 5 | B >>> 27) + f(C, D, E) + X[idx++] + Y1; + C = C << 30 | C >>> 2; + } + + // + // round 2 + // + for (int j = 0; j < 4; j++) + { + // E = rotateLeft(A, 5) + h(B, C, D) + E + X[idx++] + Y2 + // B = rotateLeft(B, 30) + E += (A << 5 | A >>> 27) + h(B, C, D) + X[idx++] + Y2; + B = B << 30 | B >>> 2; + + D += (E << 5 | E >>> 27) + h(A, B, C) + X[idx++] + Y2; + A = A << 30 | A >>> 2; + + C += (D << 5 | D >>> 27) + h(E, A, B) + X[idx++] + Y2; + E = E << 30 | E >>> 2; + + B += (C << 5 | C >>> 27) + h(D, E, A) + X[idx++] + Y2; + D = D << 30 | D >>> 2; + + A += (B << 5 | B >>> 27) + h(C, D, E) + X[idx++] + Y2; + C = C << 30 | C >>> 2; + } + + // + // round 3 + // + for (int j = 0; j < 4; j++) + { + // E = rotateLeft(A, 5) + g(B, C, D) + E + X[idx++] + Y3 + // B = rotateLeft(B, 30) + E += (A << 5 | A >>> 27) + g(B, C, D) + X[idx++] + Y3; + B = B << 30 | B >>> 2; + + D += (E << 5 | E >>> 27) + g(A, B, C) + X[idx++] + Y3; + A = A << 30 | A >>> 2; + + C += (D << 5 | D >>> 27) + g(E, A, B) + X[idx++] + Y3; + E = E << 30 | E >>> 2; + + B += (C << 5 | C >>> 27) + g(D, E, A) + X[idx++] + Y3; + D = D << 30 | D >>> 2; + + A += (B << 5 | B >>> 27) + g(C, D, E) + X[idx++] + Y3; + C = C << 30 | C >>> 2; + } + + // + // round 4 + // + for (int j = 0; j <= 3; j++) + { + // E = rotateLeft(A, 5) + h(B, C, D) + E + X[idx++] + Y4 + // B = rotateLeft(B, 30) + E += (A << 5 | A >>> 27) + h(B, C, D) + X[idx++] + Y4; + B = B << 30 | B >>> 2; + + D += (E << 5 | E >>> 27) + h(A, B, C) + X[idx++] + Y4; + A = A << 30 | A >>> 2; + + C += (D << 5 | D >>> 27) + h(E, A, B) + X[idx++] + Y4; + E = E << 30 | E >>> 2; + + B += (C << 5 | C >>> 27) + h(D, E, A) + X[idx++] + Y4; + D = D << 30 | D >>> 2; + + A += (B << 5 | B >>> 27) + h(C, D, E) + X[idx++] + Y4; + C = C << 30 | C >>> 2; + } + + + H1 += A; + H2 += B; + H3 += C; + H4 += D; + H5 += E; + + // + // reset start of the buffer. + // + xOff = 0; + for (int i = 0; i < 16; i++) + { + X[i] = 0; + } + } + } } diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSUtils.java b/pkix/src/main/java/org/bouncycastle/cms/CMSUtils.java index dc9c2eeb..a2914281 100644 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSUtils.java +++ b/pkix/src/main/java/org/bouncycastle/cms/CMSUtils.java @@ -27,6 +27,7 @@ import org.bouncycastle.cert.X509CRLHolder; import org.bouncycastle.cert.X509CertificateHolder; import org.bouncycastle.operator.DigestCalculator; import org.bouncycastle.util.Store; +import org.bouncycastle.util.Strings; import org.bouncycastle.util.io.Streams; import org.bouncycastle.util.io.TeeInputStream; import org.bouncycastle.util.io.TeeOutputStream; @@ -198,7 +199,64 @@ class CMSUtils throw new CMSException("Malformed content.", e); } } - + + static byte[] getPasswordBytes(int scheme, char[] password) + { + if (scheme == PasswordRecipient.PKCS5_SCHEME2) + { + return PKCS5PasswordToBytes(password); + } + + return PKCS5PasswordToUTF8Bytes(password); + } + + /** + * converts a password to a byte array according to the scheme in + * PKCS5 (ascii, no padding) + * + * @param password a character array representing the password. + * @return a byte array representing the password. + */ + private static byte[] PKCS5PasswordToBytes( + char[] password) + { + if (password != null) + { + byte[] bytes = new byte[password.length]; + + for (int i = 0; i != bytes.length; i++) + { + bytes[i] = (byte)password[i]; + } + + return bytes; + } + else + { + return new byte[0]; + } + } + + /** + * converts a password to a byte array according to the scheme in + * PKCS5 (UTF-8, no padding) + * + * @param password a character array representing the password. + * @return a byte array representing the password. + */ + private static byte[] PKCS5PasswordToUTF8Bytes( + char[] password) + { + if (password != null) + { + return Strings.toUTF8ByteArray(password); + } + else + { + return new byte[0]; + } + } + public static byte[] streamToByteArray( InputStream in) throws IOException diff --git a/pkix/src/main/java/org/bouncycastle/cms/PasswordRecipient.java b/pkix/src/main/java/org/bouncycastle/cms/PasswordRecipient.java index a7702a67..c81c3028 100644 --- a/pkix/src/main/java/org/bouncycastle/cms/PasswordRecipient.java +++ b/pkix/src/main/java/org/bouncycastle/cms/PasswordRecipient.java @@ -8,6 +8,9 @@ public interface PasswordRecipient public static final int PKCS5_SCHEME2 = 0; public static final int PKCS5_SCHEME2_UTF8 = 1; + byte[] calculateDerivedKey(byte[] encodedPassword, AlgorithmIdentifier derivationAlgorithm, int keySize) + throws CMSException; + RecipientOperator getRecipientOperator(AlgorithmIdentifier keyEncryptionAlgorithm, AlgorithmIdentifier contentEncryptionAlgorithm, byte[] derivedKey, byte[] encryptedEncryptedContentKey) throws CMSException; diff --git a/pkix/src/main/java/org/bouncycastle/cms/PasswordRecipientInfoGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/PasswordRecipientInfoGenerator.java index 7f0afccf..b570c3cf 100644 --- a/pkix/src/main/java/org/bouncycastle/cms/PasswordRecipientInfoGenerator.java +++ b/pkix/src/main/java/org/bouncycastle/cms/PasswordRecipientInfoGenerator.java @@ -12,9 +12,6 @@ import org.bouncycastle.asn1.cms.RecipientInfo; import org.bouncycastle.asn1.pkcs.PBKDF2Params; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.crypto.PBEParametersGenerator; -import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator; -import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.operator.GenericKey; public abstract class PasswordRecipientInfoGenerator @@ -96,25 +93,9 @@ public abstract class PasswordRecipientInfoGenerator keyDerivationAlgorithm = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_PBKDF2, new PBKDF2Params(salt, 1024)); } - PBKDF2Params params = PBKDF2Params.getInstance(keyDerivationAlgorithm.getParameters()); - byte[] derivedKey; + byte[] encodedPassword = CMSUtils.getPasswordBytes(schemeID, password); - if (schemeID == PasswordRecipient.PKCS5_SCHEME2) - { - PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(); - - gen.init(PBEParametersGenerator.PKCS5PasswordToBytes(password), params.getSalt(), params.getIterationCount().intValue()); - - derivedKey = ((KeyParameter)gen.generateDerivedParameters(keySize)).getKey(); - } - else - { - PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(); - - gen.init(PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(password), params.getSalt(), params.getIterationCount().intValue()); - - derivedKey = ((KeyParameter)gen.generateDerivedParameters(keySize)).getKey(); - } + byte[] derivedKey = calculateDerivedKey(encodedPassword, keyDerivationAlgorithm, keySize); AlgorithmIdentifier kekAlgorithmId = new AlgorithmIdentifier(kekAlgorithm, new DEROctetString(iv)); @@ -133,6 +114,9 @@ public abstract class PasswordRecipientInfoGenerator keyEncryptionAlgorithm, encryptedKey)); } + protected abstract byte[] calculateDerivedKey(byte[] encodedPassword, AlgorithmIdentifier derivationAlgorithm, int keySize) + throws CMSException; + protected abstract byte[] generateEncryptedBytes(AlgorithmIdentifier algorithm, byte[] derivedKey, GenericKey contentEncryptionKey) throws CMSException; }
\ No newline at end of file diff --git a/pkix/src/main/java/org/bouncycastle/cms/PasswordRecipientInformation.java b/pkix/src/main/java/org/bouncycastle/cms/PasswordRecipientInformation.java index d7639e9f..2eef186a 100644 --- a/pkix/src/main/java/org/bouncycastle/cms/PasswordRecipientInformation.java +++ b/pkix/src/main/java/org/bouncycastle/cms/PasswordRecipientInformation.java @@ -6,11 +6,7 @@ import java.util.Map; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.cms.PasswordRecipientInfo; -import org.bouncycastle.asn1.pkcs.PBKDF2Params; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.crypto.PBEParametersGenerator; -import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator; -import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.util.Integers; /** @@ -109,27 +105,12 @@ public class PasswordRecipientInformation AlgorithmIdentifier kekAlg = AlgorithmIdentifier.getInstance(info.getKeyEncryptionAlgorithm()); AlgorithmIdentifier kekAlgParams = AlgorithmIdentifier.getInstance(kekAlg.getParameters()); - byte[] passwordBytes = getPasswordBytes(pbeRecipient.getPasswordConversionScheme(), - pbeRecipient.getPassword()); - PBKDF2Params params = PBKDF2Params.getInstance(info.getKeyDerivationAlgorithm().getParameters()); - - PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(); - gen.init(passwordBytes, params.getSalt(), params.getIterationCount().intValue()); + byte[] passwordBytes = CMSUtils.getPasswordBytes(pbeRecipient.getPasswordConversionScheme(), pbeRecipient.getPassword()); int keySize = ((Integer)KEYSIZES.get(kekAlgParams.getAlgorithm())).intValue(); - byte[] derivedKey = ((KeyParameter)gen.generateDerivedParameters(keySize)).getKey(); + byte[] derivedKey = pbeRecipient.calculateDerivedKey(passwordBytes, this.getKeyDerivationAlgorithm(), keySize); return pbeRecipient.getRecipientOperator(kekAlgParams, messageAlgorithm, derivedKey, info.getEncryptedKey().getOctets()); } - - protected byte[] getPasswordBytes(int scheme, char[] password) - { - if (scheme == PasswordRecipient.PKCS5_SCHEME2) - { - return PBEParametersGenerator.PKCS5PasswordToBytes(password); - } - - return PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(password); - } } diff --git a/pkix/src/main/java/org/bouncycastle/cms/bc/BcPasswordRecipient.java b/pkix/src/main/java/org/bouncycastle/cms/bc/BcPasswordRecipient.java index 778e1db7..50f9c6c0 100644 --- a/pkix/src/main/java/org/bouncycastle/cms/bc/BcPasswordRecipient.java +++ b/pkix/src/main/java/org/bouncycastle/cms/bc/BcPasswordRecipient.java @@ -1,11 +1,13 @@ package org.bouncycastle.cms.bc; import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.pkcs.PBKDF2Params; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.cms.CMSException; import org.bouncycastle.cms.PasswordRecipient; import org.bouncycastle.crypto.InvalidCipherTextException; import org.bouncycastle.crypto.Wrapper; +import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator; import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.crypto.params.ParametersWithIV; @@ -49,6 +51,18 @@ public abstract class BcPasswordRecipient } } + public byte[] calculateDerivedKey(byte[] encodedPassword, AlgorithmIdentifier derivationAlgorithm, int keySize) + throws CMSException + { + PBKDF2Params params = PBKDF2Params.getInstance(derivationAlgorithm.getParameters()); + + PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(); + + gen.init(encodedPassword, params.getSalt(), params.getIterationCount().intValue()); + + return ((KeyParameter)gen.generateDerivedParameters(keySize)).getKey(); + } + public int getPasswordConversionScheme() { return schemeID; diff --git a/pkix/src/main/java/org/bouncycastle/cms/bc/BcPasswordRecipientInfoGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/bc/BcPasswordRecipientInfoGenerator.java index 34cf9483..6e1bfdb7 100644 --- a/pkix/src/main/java/org/bouncycastle/cms/bc/BcPasswordRecipientInfoGenerator.java +++ b/pkix/src/main/java/org/bouncycastle/cms/bc/BcPasswordRecipientInfoGenerator.java @@ -2,10 +2,12 @@ package org.bouncycastle.cms.bc; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.pkcs.PBKDF2Params; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.cms.CMSException; import org.bouncycastle.cms.PasswordRecipientInfoGenerator; import org.bouncycastle.crypto.Wrapper; +import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator; import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.crypto.params.ParametersWithIV; import org.bouncycastle.operator.GenericKey; @@ -18,6 +20,18 @@ public class BcPasswordRecipientInfoGenerator super(kekAlgorithm, password); } + protected byte[] calculateDerivedKey(byte[] encodedPassword, AlgorithmIdentifier derivationAlgorithm, int keySize) + throws CMSException + { + PBKDF2Params params = PBKDF2Params.getInstance(derivationAlgorithm.getParameters()); + + PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(); + + gen.init(encodedPassword, params.getSalt(), params.getIterationCount().intValue()); + + return ((KeyParameter)gen.generateDerivedParameters(keySize)).getKey(); + } + public byte[] generateEncryptedBytes(AlgorithmIdentifier keyEncryptionAlgorithm, byte[] derivedKey, GenericKey contentEncryptionKey) throws CMSException { diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordRecipient.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordRecipient.java index 432e2cd2..3c00b5ef 100644 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordRecipient.java +++ b/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordRecipient.java @@ -9,9 +9,12 @@ import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.pkcs.PBKDF2Params; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.cms.CMSException; import org.bouncycastle.cms.PasswordRecipient; +import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator; +import org.bouncycastle.crypto.params.KeyParameter; /** * the RecipientInfo class for a recipient who has been sent a message @@ -70,6 +73,18 @@ public abstract class JcePasswordRecipient } } + public byte[] calculateDerivedKey(byte[] encodedPassword, AlgorithmIdentifier derivationAlgorithm, int keySize) + throws CMSException + { + PBKDF2Params params = PBKDF2Params.getInstance(derivationAlgorithm.getParameters()); + + PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(); + + gen.init(encodedPassword, params.getSalt(), params.getIterationCount().intValue()); + + return ((KeyParameter)gen.generateDerivedParameters(keySize)).getKey(); + } + public int getPasswordConversionScheme() { return schemeID; diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordRecipientInfoGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordRecipientInfoGenerator.java index 501da7a8..fefe016e 100644 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordRecipientInfoGenerator.java +++ b/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordRecipientInfoGenerator.java @@ -10,9 +10,12 @@ import javax.crypto.spec.SecretKeySpec; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.pkcs.PBKDF2Params; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.cms.CMSException; import org.bouncycastle.cms.PasswordRecipientInfoGenerator; +import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator; +import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.operator.GenericKey; public class JcePasswordRecipientInfoGenerator @@ -39,6 +42,18 @@ public class JcePasswordRecipientInfoGenerator return this; } + protected byte[] calculateDerivedKey(byte[] encodedPassword, AlgorithmIdentifier derivationAlgorithm, int keySize) + throws CMSException + { + PBKDF2Params params = PBKDF2Params.getInstance(derivationAlgorithm.getParameters()); + + PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(); + + gen.init(encodedPassword, params.getSalt(), params.getIterationCount().intValue()); + + return ((KeyParameter)gen.generateDerivedParameters(keySize)).getKey(); + } + public byte[] generateEncryptedBytes(AlgorithmIdentifier keyEncryptionAlgorithm, byte[] derivedKey, GenericKey contentEncryptionKey) throws CMSException { diff --git a/pkix/src/main/java/org/bouncycastle/openssl/PEMWriter.java b/pkix/src/main/java/org/bouncycastle/openssl/PEMWriter.java index e46c836f..44cc1361 100644 --- a/pkix/src/main/java/org/bouncycastle/openssl/PEMWriter.java +++ b/pkix/src/main/java/org/bouncycastle/openssl/PEMWriter.java @@ -24,6 +24,10 @@ public class PEMWriter super(out); } + /** + * @deprecated use writeObject(new JcaMiscPEMGenerator(obj)); + * @throws IOException + */ public void writeObject( Object obj) throws IOException @@ -31,6 +35,12 @@ public class PEMWriter writeObject(obj, null); } + /** + * @deprecated use writeObject(new JcaMiscPEMGenerator(obj, encryptor)); + * @param obj + * @param encryptor + * @throws IOException + */ public void writeObject( Object obj, PEMEncryptor encryptor) diff --git a/pkix/src/test/java/org/bouncycastle/cert/crmf/test/AllTests.java b/pkix/src/test/java/org/bouncycastle/cert/crmf/test/AllTests.java index 45c5ef00..712210e4 100644 --- a/pkix/src/test/java/org/bouncycastle/cert/crmf/test/AllTests.java +++ b/pkix/src/test/java/org/bouncycastle/cert/crmf/test/AllTests.java @@ -29,10 +29,10 @@ import org.bouncycastle.cert.X509v1CertificateBuilder; import org.bouncycastle.cert.crmf.EncryptedValueBuilder; import org.bouncycastle.cert.crmf.EncryptedValuePadder; import org.bouncycastle.cert.crmf.EncryptedValueParser; -import org.bouncycastle.cert.crmf.FixedLengthMGF1Padder; import org.bouncycastle.cert.crmf.PKIArchiveControl; import org.bouncycastle.cert.crmf.PKMACBuilder; import org.bouncycastle.cert.crmf.ValueDecryptorGenerator; +import org.bouncycastle.cert.crmf.bc.BcFixedLengthMGF1Padder; import org.bouncycastle.cert.crmf.jcajce.JcaCertificateRequestMessage; import org.bouncycastle.cert.crmf.jcajce.JcaCertificateRequestMessageBuilder; import org.bouncycastle.cert.crmf.jcajce.JcaEncryptedValueBuilder; @@ -313,7 +313,7 @@ public class AllTests KeyPair kp = kGen.generateKeyPair(); X509Certificate cert = makeV1Certificate(kp, "CN=Test", kp, "CN=Test"); - FixedLengthMGF1Padder mgf1Padder = new FixedLengthMGF1Padder(200, new SecureRandom()); + BcFixedLengthMGF1Padder mgf1Padder = new BcFixedLengthMGF1Padder(200, new SecureRandom()); EncryptedValueBuilder build = new EncryptedValueBuilder(new JceAsymmetricKeyWrapper(cert.getPublicKey()).setProvider(BC), new JceCRMFEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build(), mgf1Padder); EncryptedValue value = build.build(passphrase); ValueDecryptorGenerator decGen = new JceAsymmetricValueDecryptorGenerator(kp.getPrivate()).setProvider(BC); diff --git a/pkix/src/test/java/org/bouncycastle/cert/ocsp/test/OCSPTest.java b/pkix/src/test/java/org/bouncycastle/cert/ocsp/test/OCSPTest.java index 5df298ae..5c57c7f6 100644 --- a/pkix/src/test/java/org/bouncycastle/cert/ocsp/test/OCSPTest.java +++ b/pkix/src/test/java/org/bouncycastle/cert/ocsp/test/OCSPTest.java @@ -35,7 +35,6 @@ import org.bouncycastle.cert.ocsp.SingleResp; import org.bouncycastle.cert.ocsp.jcajce.JcaBasicOCSPRespBuilder; import org.bouncycastle.jce.X509Principal; import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.ocsp.test.OCSPTestUtil; import org.bouncycastle.operator.DigestCalculatorProvider; import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder; diff --git a/pkix/src/test/java/org/bouncycastle/ocsp/test/OCSPTestUtil.java b/pkix/src/test/java/org/bouncycastle/cert/ocsp/test/OCSPTestUtil.java index 94cd57c3..cab31e76 100644 --- a/pkix/src/test/java/org/bouncycastle/ocsp/test/OCSPTestUtil.java +++ b/pkix/src/test/java/org/bouncycastle/cert/ocsp/test/OCSPTestUtil.java @@ -1,4 +1,4 @@ -package org.bouncycastle.ocsp.test; +package org.bouncycastle.cert.ocsp.test; import java.io.ByteArrayInputStream; import java.io.IOException; diff --git a/pkix/src/test/java/org/bouncycastle/ocsp/test/AllTests.java b/pkix/src/test/java/org/bouncycastle/ocsp/test/AllTests.java deleted file mode 100644 index 024fe757..00000000 --- a/pkix/src/test/java/org/bouncycastle/ocsp/test/AllTests.java +++ /dev/null @@ -1,45 +0,0 @@ -package org.bouncycastle.ocsp.test; - -import java.security.Security; - -import junit.framework.Test; -import junit.framework.TestCase; -import junit.framework.TestSuite; - -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.util.test.SimpleTestResult; - -public class AllTests - extends TestCase -{ - public void testOCSP() - { - Security.addProvider(new BouncyCastleProvider()); - - org.bouncycastle.util.test.Test[] tests = new org.bouncycastle.util.test.Test[] { new OCSPTest() }; - - for (int i = 0; i != tests.length; i++) - { - SimpleTestResult result = (SimpleTestResult)tests[i].perform(); - - if (!result.isSuccessful()) - { - fail(result.toString()); - } - } - } - - public static void main (String[] args) - { - junit.textui.TestRunner.run(suite()); - } - - public static Test suite() - { - TestSuite suite = new TestSuite("OCSP Tests"); - - suite.addTestSuite(AllTests.class); - - return suite; - } -} diff --git a/pkix/src/test/java/org/bouncycastle/ocsp/test/OCSPTest.java b/pkix/src/test/java/org/bouncycastle/ocsp/test/OCSPTest.java deleted file mode 100644 index 62a1f5e5..00000000 --- a/pkix/src/test/java/org/bouncycastle/ocsp/test/OCSPTest.java +++ /dev/null @@ -1,865 +0,0 @@ -package org.bouncycastle.ocsp.test; - -import java.io.ByteArrayInputStream; -import java.math.BigInteger; -import java.security.KeyPair; -import java.security.Security; -import java.security.cert.X509Certificate; -import java.util.Date; -import java.util.Random; -import java.util.Set; -import java.util.Vector; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.X509Extension; -import org.bouncycastle.asn1.x509.X509Extensions; -import org.bouncycastle.asn1.x509.X509Name; -import org.bouncycastle.jce.X509Principal; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.ocsp.BasicOCSPResp; -import org.bouncycastle.ocsp.BasicOCSPRespGenerator; -import org.bouncycastle.ocsp.CertificateID; -import org.bouncycastle.ocsp.CertificateStatus; -import org.bouncycastle.ocsp.OCSPReq; -import org.bouncycastle.ocsp.OCSPReqGenerator; -import org.bouncycastle.ocsp.OCSPResp; -import org.bouncycastle.ocsp.OCSPRespGenerator; -import org.bouncycastle.ocsp.Req; -import org.bouncycastle.ocsp.SingleResp; -import org.bouncycastle.util.encoders.Base64; -import org.bouncycastle.util.test.SimpleTest; -import org.bouncycastle.x509.extension.X509ExtensionUtil; - -public class OCSPTest - extends SimpleTest -{ - byte[] testResp1 = Base64.decode( - "MIIFnAoBAKCCBZUwggWRBgkrBgEFBQcwAQEEggWCMIIFfjCCARehgZ8wgZwx" - + "CzAJBgNVBAYTAklOMRcwFQYDVQQIEw5BbmRocmEgcHJhZGVzaDESMBAGA1UE" - + "BxMJSHlkZXJhYmFkMQwwCgYDVQQKEwNUQ1MxDDAKBgNVBAsTA0FUQzEeMBwG" - + "A1UEAxMVVENTLUNBIE9DU1AgUmVzcG9uZGVyMSQwIgYJKoZIhvcNAQkBFhVv" - + "Y3NwQHRjcy1jYS50Y3MuY28uaW4YDzIwMDMwNDAyMTIzNDU4WjBiMGAwOjAJ" - + "BgUrDgMCGgUABBRs07IuoCWNmcEl1oHwIak1BPnX8QQUtGyl/iL9WJ1VxjxF" - + "j0hAwJ/s1AcCAQKhERgPMjAwMjA4MjkwNzA5MjZaGA8yMDAzMDQwMjEyMzQ1" - + "OFowDQYJKoZIhvcNAQEFBQADgYEAfbN0TCRFKdhsmvOdUoiJ+qvygGBzDxD/" - + "VWhXYA+16AphHLIWNABR3CgHB3zWtdy2j7DJmQ/R7qKj7dUhWLSqclAiPgFt" - + "QQ1YvSJAYfEIdyHkxv4NP0LSogxrumANcDyC9yt/W9yHjD2ICPBIqCsZLuLk" - + "OHYi5DlwWe9Zm9VFwCGgggPMMIIDyDCCA8QwggKsoAMCAQICAQYwDQYJKoZI" - + "hvcNAQEFBQAwgZQxFDASBgNVBAMTC1RDUy1DQSBPQ1NQMSYwJAYJKoZIhvcN" - + "AQkBFhd0Y3MtY2FAdGNzLWNhLnRjcy5jby5pbjEMMAoGA1UEChMDVENTMQww" - + "CgYDVQQLEwNBVEMxEjAQBgNVBAcTCUh5ZGVyYWJhZDEXMBUGA1UECBMOQW5k" - + "aHJhIHByYWRlc2gxCzAJBgNVBAYTAklOMB4XDTAyMDgyOTA3MTE0M1oXDTAz" - + "MDgyOTA3MTE0M1owgZwxCzAJBgNVBAYTAklOMRcwFQYDVQQIEw5BbmRocmEg" - + "cHJhZGVzaDESMBAGA1UEBxMJSHlkZXJhYmFkMQwwCgYDVQQKEwNUQ1MxDDAK" - + "BgNVBAsTA0FUQzEeMBwGA1UEAxMVVENTLUNBIE9DU1AgUmVzcG9uZGVyMSQw" - + "IgYJKoZIhvcNAQkBFhVvY3NwQHRjcy1jYS50Y3MuY28uaW4wgZ8wDQYJKoZI" - + "hvcNAQEBBQADgY0AMIGJAoGBAM+XWW4caMRv46D7L6Bv8iwtKgmQu0SAybmF" - + "RJiz12qXzdvTLt8C75OdgmUomxp0+gW/4XlTPUqOMQWv463aZRv9Ust4f8MH" - + "EJh4ekP/NS9+d8vEO3P40ntQkmSMcFmtA9E1koUtQ3MSJlcs441JjbgUaVnm" - + "jDmmniQnZY4bU3tVAgMBAAGjgZowgZcwDAYDVR0TAQH/BAIwADALBgNVHQ8E" - + "BAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwNgYIKwYBBQUHAQEEKjAoMCYG" - + "CCsGAQUFBzABhhpodHRwOi8vMTcyLjE5LjQwLjExMDo3NzAwLzAtBgNVHR8E" - + "JjAkMCKgIKAehhxodHRwOi8vMTcyLjE5LjQwLjExMC9jcmwuY3JsMA0GCSqG" - + "SIb3DQEBBQUAA4IBAQB6FovM3B4VDDZ15o12gnADZsIk9fTAczLlcrmXLNN4" - + "PgmqgnwF0Ymj3bD5SavDOXxbA65AZJ7rBNAguLUo+xVkgxmoBH7R2sBxjTCc" - + "r07NEadxM3HQkt0aX5XYEl8eRoifwqYAI9h0ziZfTNes8elNfb3DoPPjqq6V" - + "mMg0f0iMS4W8LjNPorjRB+kIosa1deAGPhq0eJ8yr0/s2QR2/WFD5P4aXc8I" - + "KWleklnIImS3zqiPrq6tl2Bm8DZj7vXlTOwmraSQxUwzCKwYob1yGvNOUQTq" - + "pG6jxn7jgDawHU1+WjWQe4Q34/pWeGLysxTraMa+Ug9kPe+jy/qRX2xwvKBZ"); - - byte[] testResp2 = Base64.decode( - "MIII1QoBAKCCCM4wggjKBgkrBgEFBQcwAQEEggi7MIIItzCBjqADAgEAoSMw" - + "ITEfMB0GA1UEAxMWT0NTUCBjZXJ0LVFBLUNMSUVOVC04NxgPMjAwMzA1MTky" - + "MDI2MzBaMFEwTzA6MAkGBSsOAwIaBQAEFJniwiUuyrhKIEF2TjVdVdCAOw0z" - + "BBR2olPKrPOJUVyGZ7BXOC4L2BmAqgIBL4AAGA8yMDAzMDUxOTIwMjYzMFow" - + "DQYJKoZIhvcNAQEEBQADggEBALImFU3kUtpNVf4tIFKg/1sDHvGpk5Pk0uhH" - + "TiNp6vdPfWjOgPkVXskx9nOTabVOBE8RusgwEcK1xeBXSHODb6mnjt9pkfv3" - + "ZdbFLFvH/PYjOb6zQOgdIOXhquCs5XbcaSFCX63hqnSaEqvc9w9ctmQwds5X" - + "tCuyCB1fWu/ie8xfuXR5XZKTBf5c6dO82qFE65gTYbGOxJBYiRieIPW1XutZ" - + "A76qla4m+WdxubV6SPG8PVbzmAseqjsJRn4jkSKOGenqSOqbPbZn9oBsU0Ku" - + "hul3pwsNJvcBvw2qxnWybqSzV+n4OvYXk+xFmtTjw8H9ChV3FYYDs8NuUAKf" - + "jw1IjWegggcOMIIHCjCCAzMwggIboAMCAQICAQIwDQYJKoZIhvcNAQEEBQAw" - + "bzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1BMRAwDgYDVQQHEwdXYWx0aGFt" - + "MRYwFAYDVQQKEw1Gb3J1bSBTeXN0ZW1zMQswCQYDVQQLEwJRQTEcMBoGA1UE" - + "AxMTQ2VydGlmaWNhdGUgTWFuYWdlcjAeFw0wMzAzMjEwNTAwMDBaFw0yNTAz" - + "MjEwNTAwMDBaMCExHzAdBgNVBAMTFk9DU1AgY2VydC1RQS1DTElFTlQtODcw" - + "ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVuxRCZgJAYAftYuRy" - + "9axdtsHrkIJyVVRorLCTWOoLmx2tlrGqKbHOGKmvqEPEpeCDYQk+0WIlWMuM" - + "2pgiYAolwqSFBwCjkjQN3fCIHXiby0JBgCCLoe7wa0pZffE+8XZH0JdSjoT3" - + "2OYD19wWZeY2VB0JWJFWYAnIL+R5Eg7LwJ5QZSdvghnOWKTv60m/O1rC0see" - + "9lbPO+3jRuaDyCUKYy/YIKBYC9rtC4hS47jg70dTfmE2nccjn7rFCPBrVr4M" - + "5szqdRzwu3riL9W+IE99LTKXOH/24JX0S4woeGXMS6me7SyZE6x7P2tYkNXM" - + "OfXk28b3SJF75K7vX6T6ecWjAgMBAAGjKDAmMBMGA1UdJQQMMAoGCCsGAQUF" - + "BwMJMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEEBQADggEBAKNSn7pp" - + "UEC1VTN/Iqk8Sc2cAYM7KSmeB++tuyes1iXY4xSQaEgOxRa5AvPAKnXKSzfY" - + "vqi9WLdzdkpTo4AzlHl5nqU/NCUv3yOKI9lECVMgMxLAvZgMALS5YXNZsqrs" - + "hP3ASPQU99+5CiBGGYa0PzWLstXLa6SvQYoHG2M8Bb2lHwgYKsyrUawcfc/s" - + "jE3jFJeyCyNwzH0eDJUVvW1/I3AhLNWcPaT9/VfyIWu5qqZU+ukV/yQXrKiB" - + "glY8v4QDRD4aWQlOuiV2r9sDRldOPJe2QSFDBe4NtBbynQ+MRvF2oQs/ocu+" - + "OAHX7uiskg9GU+9cdCWPwJf9cP/Zem6MemgwggPPMIICt6ADAgECAgEBMA0G" - + "CSqGSIb3DQEBBQUAMG8xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJNQTEQMA4G" - + "A1UEBxMHV2FsdGhhbTEWMBQGA1UEChMNRm9ydW0gU3lzdGVtczELMAkGA1UE" - + "CxMCUUExHDAaBgNVBAMTE0NlcnRpZmljYXRlIE1hbmFnZXIwHhcNMDMwMzIx" - + "MDUwMDAwWhcNMjUwMzIxMDUwMDAwWjBvMQswCQYDVQQGEwJVUzELMAkGA1UE" - + "CBMCTUExEDAOBgNVBAcTB1dhbHRoYW0xFjAUBgNVBAoTDUZvcnVtIFN5c3Rl" - + "bXMxCzAJBgNVBAsTAlFBMRwwGgYDVQQDExNDZXJ0aWZpY2F0ZSBNYW5hZ2Vy" - + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4VeU+48VBjI0mGRt" - + "9qlD+WAhx3vv4KCOD5f3HWLj8D2DcoszVTVDqtRK+HS1eSpO/xWumyXhjV55" - + "FhG2eYi4e0clv0WyswWkGLqo7IxYn3ZhVmw04ohdTjdhVv8oS+96MUqPmvVW" - + "+MkVRyqm75HdgWhKRr/lEpDNm+RJe85xMCipkyesJG58p5tRmAZAAyRs3jYw" - + "5YIFwDOnt6PCme7ui4xdas2zolqOlynMuq0ctDrUPKGLlR4mVBzgAVPeatcu" - + "ivEQdB3rR6UN4+nv2jx9kmQNNb95R1M3J9xHfOWX176UWFOZHJwVq8eBGF9N" - + "pav4ZGBAyqagW7HMlo7Hw0FzUwIDAQABo3YwdDARBglghkgBhvhCAQEEBAMC" - + "AJcwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU64zBxl1yKES8tjU3/rBA" - + "NaeBpjkwHwYDVR0jBBgwFoAU64zBxl1yKES8tjU3/rBANaeBpjkwDgYDVR0P" - + "AQH/BAQDAgGGMA0GCSqGSIb3DQEBBQUAA4IBAQAzHnf+Z+UgxDVOpCu0DHF+" - + "qYZf8IaUQxLhUD7wjwnt3lJ0QV1z4oyc6Vs9J5xa8Mvf7u1WMmOxvN8r8Kb0" - + "k8DlFszLd0Qwr+NVu5NQO4Vn01UAzCtH4oX2bgrVzotqDnzZ4TcIr11EX3Nb" - + "tO8yWWl+xWIuxKoAO8a0Rh97TyYfAj4++GIm43b2zIvRXEWAytjz7rXUMwRC" - + "1ipRQwSA9gyw2y0s8emV/VwJQXsTe9xtDqlEC67b90V/BgL/jxck5E8yrY9Z" - + "gNxlOgcqscObisAkB5I6GV+dfa+BmZrhSJ/bvFMUrnFzjLFvZp/9qiK11r5K" - + "A5oyOoNv0w+8bbtMNEc1"); - - /** - * extra version number encoding. - */ - private static byte[] irregReq = Base64.decode( - "MIIQpTBUoAMCAQAwTTBLMEkwCQYFKw4DAhoFAAQUIcFvFFVjPem15pKox4cfcnzF" - + "Kf4EFJf8OQzmVmyJ/hc4EhitQbXcqAzDAhB9ePsP19SuP6CsAgFwQuEAoIIQSzCC" - + "EEcwDQYJKoZIhvcNAQEFBQADgYEAlq/Tjl8OtFM8Tib1JYTiaPy9vFDr8UZhqXJI" - + "FyrdgtUyyDt0EcrgnBGacAeRZzF5sokIC6DjXweU7EItGqrpw/RaCUPUWFpPxR6y" - + "HjuzrLmICocTI9MH7dRUXm0qpxoY987sx1PtWB4pSR99ixBtq3OPNdsI0uJ+Qkei" - + "LbEZyvWggg+wMIIPrDCCA5owggKCoAMCAQICEEAxXx/eFe7gm/NX7AkcS68wDQYJ" - + "KoZIhvcNAQEFBQAwgZoxCzAJBgNVBAYTAlNFMTMwMQYDVQQKDCpMw6Ruc2bDtnJz" - + "w6RrcmluZ2FyIEJhbmsgQWt0aWVib2xhZyAocHVibCkxFTATBgNVBAUTDDExMTEx" - + "MTExMTExMTE/MD0GA1UEAww2TMOkbnNmw7Zyc8Oka3JpbmdhciBCYW5rIFB1cmNo" - + "YXNlciBDQTEgZm9yIEJhbmtJRCBURVNUMB4XDTA4MTAwNjIyMDAwMFoXDTEwMTAx" - + "MDIxNTk1OVowgZExCzAJBgNVBAYTAlNFMTMwMQYDVQQKDCpMw6Ruc2bDtnJzw6Rr" - + "cmluZ2FyIEJhbmsgQWt0aWVib2xhZyAocHVibCkxFTATBgNVBAUTDDExMTExMTEx" - + "MTExMTE2MDQGA1UEAwwtTMOkbnNmw7Zyc8Oka3JpbmdhciBCYW5rIE9DU1AgZm9y" - + "IEJhbmtJRCBURVNUMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5e/h6aL2m" - + "DVpWeu5e5p1Ps9kbvuuGeAp9zJDYLbZz7uzT67X+s59HaViroD2+2my/gg7rX7tK" - + "H9VXpJad1W9O19SjfNyxgeAMwVMkrbb4IlrQwu0v/Ub8JPxSWwZZXYiODq5abeXA" - + "abMYIHxSaSkhrsUj1dpSAohHLJRlq707swIDAQABo2cwZTAfBgNVHSMEGDAWgBTR" - + "vcp2QyNdNGZ+q7TjKSrrHZqxmDATBgNVHSAEDDAKMAgGBiqFcDwBBjAOBgNVHQ8B" - + "Af8EBAMCBkAwHQYDVR0OBBYEFF/3557FEvkA8iiPv2XcBclxKnTdMA0GCSqGSIb3" - + "DQEBBQUAA4IBAQAOxRvHO89XJ0v83BZdPFzEBA4B2Tqc1oABUn13S6fAkcGWvOmG" - + "eY61MK16aMnLPNDadZrAqJc6PEtVY57uaywE9acwv9XpHO0bcS94tLwvZZJ2KBt0" - + "Oq96gaI6gnJViUjyWjm+qBZvod0QPOLGv6wUPoiNcCpSid/COTjKpLYpCJj3ZWUV" - + "nsTRWSRVXsdY/xI0gs/A8/c5P1PuTxoi99RTmcruoFxvV4MmhWyX7IGqG4OAtLdo" - + "yefz/90FPGOrmqY9OgEb+gNuTM26YDvSs1dfarPl89d8jjwxHgNbZjh2VHFqKolJ" - + "8TB8ZS5aNvhHPumOOE47y95rTBxrxSmGvKb8MIIENDCCAxygAwIBAgIRAJAFaeOw" - + "7XbxH/DN/Vvhjx8wDQYJKoZIhvcNAQEFBQAwgZUxCzAJBgNVBAYTAlNFMTMwMQYD" - + "VQQKDCpMw6Ruc2bDtnJzw6RrcmluZ2FyIEJhbmsgQWt0aWVib2xhZyAocHVibCkx" - + "FTATBgNVBAUTDDExMTExMTExMTExMTE6MDgGA1UEAwwxTMOkbnNmw7Zyc8Oka3Jp" - + "bmdhciBCYW5rIFJvb3QgQ0ExIGZvciBCYW5rSUQgVEVTVDAeFw0wNzEwMDExMjAw" - + "MzdaFw0yOTA3MDExMjAwMzdaMIGaMQswCQYDVQQGEwJTRTEzMDEGA1UECgwqTMOk" - + "bnNmw7Zyc8Oka3JpbmdhciBCYW5rIEFrdGllYm9sYWcgKHB1YmwpMRUwEwYDVQQF" - + "EwwxMTExMTExMTExMTExPzA9BgNVBAMMNkzDpG5zZsO2cnPDpGtyaW5nYXIgQmFu" - + "ayBQdXJjaGFzZXIgQ0ExIGZvciBCYW5rSUQgVEVTVDCCASIwDQYJKoZIhvcNAQEB" - + "BQADggEPADCCAQoCggEBAMK5WbYojYRX1ZKrbxJBgbd4x503LfMWgr67sVD5L0NY" - + "1RPhZVFJRKJWvawE5/eXJ4oNQwc831h2jiOgINXuKyGXqdAVGBcpFwIxTfzxwT4l" - + "fvztr8pE6wk7mLLwKUvIjbM3EF1IL3zUI3UU/U5ioyGmcb/o4GGN71kMmvV/vrkU" - + "02/s7xicXNxYej4ExLiCkS5+j/+3sR47Uq5cL9e8Yg7t5/6FyLGQjKoS8HU/abYN" - + "4kpx/oyrxzrXMhnMVDiI8QX9NYGJwI8KZ/LU6GDq/NnZ3gG5v4l4UU1GhgUbrk4I" - + "AZPDu99zvwCtkdj9lJN0eDv8jdyEPZ6g1qPBE0pCNqcCAwEAAaN4MHYwDwYDVR0T" - + "AQH/BAUwAwEB/zATBgNVHSAEDDAKMAgGBiqFcDwBBjAOBgNVHQ8BAf8EBAMCAQYw" - + "HwYDVR0jBBgwFoAUnkjp1bkQUOrkRiLgxpxwAe2GQFYwHQYDVR0OBBYEFNG9ynZD" - + "I100Zn6rtOMpKusdmrGYMA0GCSqGSIb3DQEBBQUAA4IBAQAPVSC4HEd+yCtSgL0j" - + "NI19U2hJeP28lAD7OA37bcLP7eNrvfU/2tuqY7rEn1m44fUbifewdgR8x2DzhM0m" - + "fJcA5Z12PYUb85L9z8ewGQdyHLNlMpKSTP+0lebSc/obFbteC4jjuvux60y5KVOp" - + "osXbGw2qyrS6uhZJrTDP1B+bYg/XBttG+i7Qzx0S5Tq//VU9OfAQZWpvejadKAk9" - + "WCcXq6zALiJcxsUwOHZRvvHDxkHuf5eZpPvm1gaqa+G9CtV+oysZMU1eTRasBHsB" - + "NRWYfOSXggsyqRHfIAVieB4VSsB8WhZYm8UgYoLhAQfSJ5Xq5cwBOHkVj33MxAyP" - + "c7Y5MIID/zCCAuegAwIBAgIRAOXEoBcV4gV3Z92gk5AuRgwwDQYJKoZIhvcNAQEF" - + "BQAwZjEkMCIGA1UECgwbRmluYW5zaWVsbCBJRC1UZWtuaWsgQklEIEFCMR8wHQYD" - + "VQQLDBZCYW5rSUQgTWVtYmVyIEJhbmtzIENBMR0wGwYDVQQDDBRCYW5rSUQgUm9v" - + "dCBDQSBURVNUMjAeFw0wNzEwMDExMTQ1NDlaFw0yOTA4MDExMTU4MjVaMIGVMQsw" - + "CQYDVQQGEwJTRTEzMDEGA1UECgwqTMOkbnNmw7Zyc8Oka3JpbmdhciBCYW5rIEFr" - + "dGllYm9sYWcgKHB1YmwpMRUwEwYDVQQFEwwxMTExMTExMTExMTExOjA4BgNVBAMM" - + "MUzDpG5zZsO2cnPDpGtyaW5nYXIgQmFuayBSb290IENBMSBmb3IgQmFua0lEIFRF" - + "U1QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBzn7IXIpyOGCCTuzL" - + "DKE/T+pFRTgFh3QgKtifZ4zxdvB2Sd5+90vUEGcGExUhzpgb9gOUrT1eE0XhdiUR" - + "YuYYpJI/nzPQWTsRtEaql7NHBPKnEauoA9oAhCT4pE5gLlqpTfkB8nAsRTI2XqpI" - + "hQ7vTvnTRx20xog21NIbz1GztV8H1kBH2eDvRX7cXGiugp6CXV/le9cB+/4TBNUN" - + "Xqupt79dM49KCoDuYr72W7Hv4BSWw3IInEN2m8T2X6UBpBGkCiGwLQy/+KOmYRK7" - + "1PSFC0rXDwOJ0HJ/8fHwx6vLMxHAQ6s/9vOW10MjgjSQlbVqH/4Pa+TlpWumSV4E" - + "l0z9AgMBAAGjeDB2MA8GA1UdEwEB/wQFMAMBAf8wEwYDVR0gBAwwCjAIBgYqhXA8" - + "AQYwDgYDVR0PAQH/BAQDAgEGMB8GA1UdIwQYMBaAFJuTMPljHcYdrRO9sEi1amb4" - + "tE3VMB0GA1UdDgQWBBSeSOnVuRBQ6uRGIuDGnHAB7YZAVjANBgkqhkiG9w0BAQUF" - + "AAOCAQEArnW/9n+G+84JOgv1Wn4tsBBS7QgJp1rdCoiNrZPx2du/7Wz3wQVNKBjL" - + "eMCyLjg0OVHuq4hpCv9MZpUqdcUW8gpp4dLDAAd1uE7xqVuG8g4Ir5qocxbZHQew" - + "fnqSJJDlEZgDeZIzod92OO+htv0MWqKWbr3Mo2Hqhn+t0+UVWsW4k44e7rUw3xQq" - + "r2VdMJv/C68BXUgqh3pplUDjWyXfreiACTT0q3HT6v6WaihKCa2WY9Kd1IkDcLHb" - + "TZk8FqMmGn72SgJw3H5Dvu7AiZijjNAUulMnMpxBEKyFTU2xRBlZZVcp50VJ2F7+" - + "siisxbcYOAX4GztLMlcyq921Ov/ipDCCA88wggK3oAMCAQICEQCmaX+5+m5bF5us" - + "CtyMq41SMA0GCSqGSIb3DQEBBQUAMGYxJDAiBgNVBAoMG0ZpbmFuc2llbGwgSUQt" - + "VGVrbmlrIEJJRCBBQjEfMB0GA1UECwwWQmFua0lEIE1lbWJlciBCYW5rcyBDQTEd" - + "MBsGA1UEAwwUQmFua0lEIFJvb3QgQ0EgVEVTVDIwHhcNMDQwODEzMDcyMDEwWhcN" - + "MjkwODEyMTIwMjQ2WjBmMSQwIgYDVQQKDBtGaW5hbnNpZWxsIElELVRla25payBC" - + "SUQgQUIxHzAdBgNVBAsMFkJhbmtJRCBNZW1iZXIgQmFua3MgQ0ExHTAbBgNVBAMM" - + "FEJhbmtJRCBSb290IENBIFRFU1QyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB" - + "CgKCAQEA25D0f1gipbACk4Bg3t6ODUlCWOU0TWeTkzAHR7IRB5T++yvsVosedMMW" - + "6KYYTbPONeJSt5kydX+wZi9nVNdlhkNULLbDKWfRY7x+B9MR1Q0Kq/e4VR0uRsak" - + "Bv5iwEYZ7cSR63HfBaPTqQsGobq+wtGH5JeTBrmCt4A3kN1UWgX32Dv/I3m7v8bK" - + "iwh4cnvAD9PIOtq6pOmAkSvLvp8jCy3qFLe9KAxm8M/ZAmnxYaRV8DVEg57FGoG6" - + "oiG3Ixx8PSVVdzpFY4kuUFLi4ueMPwjnXFiBhhWJJeOtFG3Lc2aW3zvcDbD/MsDm" - + "rSZNTmtbOOou8xuMKjlNY9PU5MHIaQIDAQABo3gwdjAPBgNVHRMBAf8EBTADAQH/" - + "MBMGA1UdIAQMMAowCAYGKoVwPAEGMA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAW" - + "gBSbkzD5Yx3GHa0TvbBItWpm+LRN1TAdBgNVHQ4EFgQUm5Mw+WMdxh2tE72wSLVq" - + "Zvi0TdUwDQYJKoZIhvcNAQEFBQADggEBAIQ4ZBHWssA38pfNzH5A+H3SXpAlI8Jc" - + "LuoMVOIwwbfd1Up0xopCs+Ay41v8FZtcTMFqCVTih2nzVusTgnFBPMPJ2cnTlRue" - + "kAtVRNsiWn2/Ool/OXoYf5YnpgYu8t9jLCBCoDS5YJg714r9V9hCwfey8TCWBU80" - + "vL7EIfjK13nUxf8d49GzZlFMNqGDMjfMp1FYrHBGLZBr8br/G/7em1Cprw7iR8cw" - + "pddz+QXXFIrIz5Y9D/x1RrwoLibPw0kMrSwI2G4aCvoBySfbD6cpnJf6YHRctdSb" - + "755zhdBW7XWTl6ReUVuEt0hTFms4F60kFAi5hIbDRSN1Slv5yP2b0EA="); - public String getName() - { - return "OCSP"; - } - - private void testECDSA() - throws Exception - { - String signDN = "O=Bouncy Castle, C=AU"; - KeyPair signKP = OCSPTestUtil.makeECKeyPair(); - X509Certificate testCert = OCSPTestUtil.makeECDSACertificate(signKP, signDN, signKP, signDN); - - String origDN = "CN=Eric H. Echidna, E=eric@bouncycastle.org, O=Bouncy Castle, C=AU"; - GeneralName origName = new GeneralName(new X509Name(origDN)); - - // - // general id value for our test issuer cert and a serial number. - // - CertificateID id = new CertificateID(CertificateID.HASH_SHA1, testCert, BigInteger.valueOf(1)); - - // - // basic request generation - // - OCSPReqGenerator gen = new OCSPReqGenerator(); - gen.addRequest(id); - - OCSPReq req = gen.generate(); - - if (req.isSigned()) - { - fail("signed but shouldn't be"); - } - - X509Certificate[] certs = req.getCerts("BC"); - - if (certs != null) - { - fail("null certs expected, but not found"); - } - - Req[] requests = req.getRequestList(); - - if (!requests[0].getCertID().equals(id)) - { - fail("Failed isFor test"); - } - - // - // request generation with signing - // - X509Certificate[] chain = new X509Certificate[1]; - - gen = new OCSPReqGenerator(); - - gen.setRequestorName(new GeneralName(GeneralName.directoryName, new X509Principal("CN=fred"))); - - gen.addRequest( - new CertificateID(CertificateID.HASH_SHA1, testCert, BigInteger.valueOf(1))); - - chain[0] = testCert; - - req = gen.generate("SHA1withECDSA", signKP.getPrivate(), chain, "BC"); - - if (!req.isSigned()) - { - fail("not signed but should be"); - } - - if (!req.verify(signKP.getPublic(), "BC")) - { - fail("signature failed to verify"); - } - - requests = req.getRequestList(); - - if (!requests[0].getCertID().equals(id)) - { - fail("Failed isFor test"); - } - - certs = req.getCerts("BC"); - - if (certs == null) - { - fail("null certs found"); - } - - if (certs.length != 1 || !certs[0].equals(testCert)) - { - fail("incorrect certs found in request"); - } - - // - // encoding test - // - byte[] reqEnc = req.getEncoded(); - - OCSPReq newReq = new OCSPReq(reqEnc); - - if (!newReq.verify(signKP.getPublic(), "BC")) - { - fail("newReq signature failed to verify"); - } - - // - // request generation with signing and nonce - // - chain = new X509Certificate[1]; - - gen = new OCSPReqGenerator(); - - Vector oids = new Vector(); - Vector values = new Vector(); - byte[] sampleNonce = new byte[16]; - Random rand = new Random(); - - rand.nextBytes(sampleNonce); - - gen.setRequestorName(new GeneralName(GeneralName.directoryName, new X509Principal("CN=fred"))); - - oids.addElement(OCSPObjectIdentifiers.id_pkix_ocsp_nonce); - values.addElement(new X509Extension(false, new DEROctetString(new DEROctetString(sampleNonce)))); - - gen.setRequestExtensions(new X509Extensions(oids, values)); - - gen.addRequest( - new CertificateID(CertificateID.HASH_SHA1, testCert, BigInteger.valueOf(1))); - - chain[0] = testCert; - - req = gen.generate("SHA1withECDSA", signKP.getPrivate(), chain, "BC"); - - if (!req.isSigned()) - { - fail("not signed but should be"); - } - - if (!req.verify(signKP.getPublic(), "BC")) - { - fail("signature failed to verify"); - } - - // - // extension check. - // - Set extOids = req.getCriticalExtensionOIDs(); - - if (extOids.size() != 0) - { - fail("wrong number of critical extensions in OCSP request."); - } - - extOids = req.getNonCriticalExtensionOIDs(); - - if (extOids.size() != 1) - { - fail("wrong number of non-critical extensions in OCSP request."); - } - - byte[] extValue = req.getExtensionValue(OCSPObjectIdentifiers.id_pkix_ocsp_nonce.getId()); - - ASN1Encodable extObj = X509ExtensionUtil.fromExtensionValue(extValue); - - if (!(extObj instanceof ASN1OctetString)) - { - fail("wrong extension type found."); - } - - if (!areEqual(((ASN1OctetString)extObj).getOctets(), sampleNonce)) - { - fail("wrong extension value found."); - } - - // - // request list check - // - requests = req.getRequestList(); - - if (!requests[0].getCertID().equals(id)) - { - fail("Failed isFor test"); - } - - // - // response generation - // - BasicOCSPRespGenerator respGen = new BasicOCSPRespGenerator(signKP.getPublic()); - - respGen.addResponse(id, CertificateStatus.GOOD); - - BasicOCSPResp resp = respGen.generate("SHA1withECDSA", signKP.getPrivate(), chain, new Date(), "BC"); - } - - private void testRSA() - throws Exception - { - String signDN = "O=Bouncy Castle, C=AU"; - KeyPair signKP = OCSPTestUtil.makeKeyPair(); - X509Certificate testCert = OCSPTestUtil.makeCertificate(signKP, signDN, signKP, signDN); - - String origDN = "CN=Eric H. Echidna, E=eric@bouncycastle.org, O=Bouncy Castle, C=AU"; - GeneralName origName = new GeneralName(new X509Name(origDN)); - - // - // general id value for our test issuer cert and a serial number. - // - CertificateID id = new CertificateID(CertificateID.HASH_SHA1, testCert, BigInteger.valueOf(1)); - - // - // basic request generation - // - OCSPReqGenerator gen = new OCSPReqGenerator(); - - gen.addRequest( - new CertificateID(CertificateID.HASH_SHA1, testCert, BigInteger.valueOf(1))); - - OCSPReq req = gen.generate(); - - if (req.isSigned()) - { - fail("signed but shouldn't be"); - } - - X509Certificate[] certs = req.getCerts("BC"); - - if (certs != null) - { - fail("null certs expected, but not found"); - } - - Req[] requests = req.getRequestList(); - - if (!requests[0].getCertID().equals(id)) - { - fail("Failed isFor test"); - } - - // - // request generation with signing - // - X509Certificate[] chain = new X509Certificate[1]; - - gen = new OCSPReqGenerator(); - - gen.setRequestorName(new GeneralName(GeneralName.directoryName, new X509Principal("CN=fred"))); - - gen.addRequest( - new CertificateID(CertificateID.HASH_SHA1, testCert, BigInteger.valueOf(1))); - - chain[0] = testCert; - - req = gen.generate("SHA1withRSA", signKP.getPrivate(), chain, "BC"); - - if (!req.isSigned()) - { - fail("not signed but should be"); - } - - if (!req.verify(signKP.getPublic(), "BC")) - { - fail("signature failed to verify"); - } - - requests = req.getRequestList(); - - if (!requests[0].getCertID().equals(id)) - { - fail("Failed isFor test"); - } - - certs = req.getCerts("BC"); - - if (certs == null) - { - fail("null certs found"); - } - - if (certs.length != 1 || !certs[0].equals(testCert)) - { - fail("incorrect certs found in request"); - } - - // - // encoding test - // - byte[] reqEnc = req.getEncoded(); - - OCSPReq newReq = new OCSPReq(reqEnc); - - if (!newReq.verify(signKP.getPublic(), "BC")) - { - fail("newReq signature failed to verify"); - } - - // - // request generation with signing and nonce - // - chain = new X509Certificate[1]; - - gen = new OCSPReqGenerator(); - - Vector oids = new Vector(); - Vector values = new Vector(); - byte[] sampleNonce = new byte[16]; - Random rand = new Random(); - - rand.nextBytes(sampleNonce); - - gen.setRequestorName(new GeneralName(GeneralName.directoryName, new X509Principal("CN=fred"))); - - oids.addElement(OCSPObjectIdentifiers.id_pkix_ocsp_nonce); - values.addElement(new X509Extension(false, new DEROctetString(new DEROctetString(sampleNonce)))); - - gen.setRequestExtensions(new X509Extensions(oids, values)); - - gen.addRequest( - new CertificateID(CertificateID.HASH_SHA1, testCert, BigInteger.valueOf(1))); - - chain[0] = testCert; - - req = gen.generate("SHA1withRSA", signKP.getPrivate(), chain, "BC"); - - if (!req.isSigned()) - { - fail("not signed but should be"); - } - - if (!req.verify(signKP.getPublic(), "BC")) - { - fail("signature failed to verify"); - } - - // - // extension check. - // - Set extOids = req.getCriticalExtensionOIDs(); - - if (extOids.size() != 0) - { - fail("wrong number of critical extensions in OCSP request."); - } - - extOids = req.getNonCriticalExtensionOIDs(); - - if (extOids.size() != 1) - { - fail("wrong number of non-critical extensions in OCSP request."); - } - - byte[] extValue = req.getExtensionValue(OCSPObjectIdentifiers.id_pkix_ocsp_nonce.getId()); - - ASN1Encodable extObj = X509ExtensionUtil.fromExtensionValue(extValue); - - if (!(extObj instanceof ASN1OctetString)) - { - fail("wrong extension type found."); - } - - if (!areEqual(((ASN1OctetString)extObj).getOctets(), sampleNonce)) - { - fail("wrong extension value found."); - } - - // - // request list check - // - requests = req.getRequestList(); - - if (!requests[0].getCertID().equals(id)) - { - fail("Failed isFor test"); - } - - // - // response generation - // - BasicOCSPRespGenerator respGen = new BasicOCSPRespGenerator(signKP.getPublic()); - - respGen.addResponse(id, CertificateStatus.GOOD); - - BasicOCSPResp resp = respGen.generate("SHA1withRSA", signKP.getPrivate(), chain, new Date(), "BC"); - OCSPRespGenerator rGen = new OCSPRespGenerator(); - - byte[] enc = rGen.generate(OCSPRespGenerator.SUCCESSFUL, resp).getEncoded(); - } - - private void testIrregularVersionReq() - throws Exception - { - OCSPReq ocspRequest = new OCSPReq(irregReq); - X509Certificate cert = ocspRequest.getCerts("BC")[0]; - if (!ocspRequest.verify(cert.getPublicKey(), "BC")) - { - fail("extra version encoding test failed"); - } - } - - public void performTest() - throws Exception - { - String signDN = "O=Bouncy Castle, C=AU"; - KeyPair signKP = OCSPTestUtil.makeKeyPair(); - X509Certificate testCert = OCSPTestUtil.makeCertificate(signKP, signDN, signKP, signDN); - - String origDN = "CN=Eric H. Echidna, E=eric@bouncycastle.org, O=Bouncy Castle, C=AU"; - GeneralName origName = new GeneralName(new X509Name(origDN)); - - // - // general id value for our test issuer cert and a serial number. - // - CertificateID id = new CertificateID(CertificateID.HASH_SHA1, testCert, BigInteger.valueOf(1)); - - // - // general id value for our test issuer cert and a serial number and the default provider - // - id = new CertificateID(CertificateID.HASH_SHA1, testCert, BigInteger.valueOf(1), null); - - // - // basic request generation - // - OCSPReqGenerator gen = new OCSPReqGenerator(); - - gen.addRequest( - new CertificateID(CertificateID.HASH_SHA1, testCert, BigInteger.valueOf(1))); - - OCSPReq req = gen.generate(); - - if (req.isSigned()) - { - fail("signed but shouldn't be"); - } - - X509Certificate[] certs = req.getCerts("BC"); - - if (certs != null) - { - fail("null certs expected, but not found"); - } - - Req[] requests = req.getRequestList(); - - if (!requests[0].getCertID().equals(id)) - { - fail("Failed isFor test"); - } - - // - // request generation with signing - // - X509Certificate[] chain = new X509Certificate[1]; - - gen = new OCSPReqGenerator(); - - gen.setRequestorName(new GeneralName(GeneralName.directoryName, new X509Principal("CN=fred"))); - - gen.addRequest( - new CertificateID(CertificateID.HASH_SHA1, testCert, BigInteger.valueOf(1))); - - chain[0] = testCert; - - req = gen.generate("SHA1withRSA", signKP.getPrivate(), chain, "BC"); - - if (!req.isSigned()) - { - fail("not signed but should be"); - } - - if (!req.verify(signKP.getPublic(), "BC")) - { - fail("signature failed to verify"); - } - - requests = req.getRequestList(); - - if (!requests[0].getCertID().equals(id)) - { - fail("Failed isFor test"); - } - - certs = req.getCerts("BC"); - - if (certs == null) - { - fail("null certs found"); - } - - if (certs.length != 1 || !certs[0].equals(testCert)) - { - fail("incorrect certs found in request"); - } - - // - // encoding test - // - byte[] reqEnc = req.getEncoded(); - - OCSPReq newReq = new OCSPReq(reqEnc); - - if (!newReq.verify(signKP.getPublic(), "BC")) - { - fail("newReq signature failed to verify"); - } - - // - // request generation with signing and nonce - // - chain = new X509Certificate[1]; - - gen = new OCSPReqGenerator(); - - Vector oids = new Vector(); - Vector values = new Vector(); - byte[] sampleNonce = new byte[16]; - Random rand = new Random(); - - rand.nextBytes(sampleNonce); - - gen.setRequestorName(new GeneralName(GeneralName.directoryName, new X509Principal("CN=fred"))); - - oids.addElement(OCSPObjectIdentifiers.id_pkix_ocsp_nonce); - values.addElement(new X509Extension(false, new DEROctetString(new DEROctetString(sampleNonce)))); - - gen.setRequestExtensions(new X509Extensions(oids, values)); - - gen.addRequest( - new CertificateID(CertificateID.HASH_SHA1, testCert, BigInteger.valueOf(1))); - - chain[0] = testCert; - - req = gen.generate("SHA1withRSA", signKP.getPrivate(), chain, "BC"); - - if (!req.isSigned()) - { - fail("not signed but should be"); - } - - if (!req.verify(signKP.getPublic(), "BC")) - { - fail("signature failed to verify"); - } - - // - // extension check. - // - Set extOids = req.getCriticalExtensionOIDs(); - - if (extOids.size() != 0) - { - fail("wrong number of critical extensions in OCSP request."); - } - - extOids = req.getNonCriticalExtensionOIDs(); - - if (extOids.size() != 1) - { - fail("wrong number of non-critical extensions in OCSP request."); - } - - byte[] extValue = req.getExtensionValue(OCSPObjectIdentifiers.id_pkix_ocsp_nonce.getId()); - - ASN1Encodable extObj = X509ExtensionUtil.fromExtensionValue(extValue); - - if (!(extObj instanceof ASN1OctetString)) - { - fail("wrong extension type found."); - } - - if (!areEqual(((ASN1OctetString)extObj).getOctets(), sampleNonce)) - { - fail("wrong extension value found."); - } - - // - // request list check - // - requests = req.getRequestList(); - - if (!requests[0].getCertID().equals(id)) - { - fail("Failed isFor test"); - } - - // - // response parsing - test 1 - // - OCSPResp response = new OCSPResp(new ByteArrayInputStream(testResp1)); - - if (response.getStatus() != 0) - { - fail("response status not zero."); - } - - BasicOCSPResp brep = (BasicOCSPResp)response.getResponseObject(); - chain = brep.getCerts("BC"); - - if (!brep.verify(chain[0].getPublicKey(), "BC")) - { - fail("response 1 failed to verify."); - } - - // - // test 2 - // - SingleResp[] singleResp = brep.getResponses(); - - response = new OCSPResp(new ByteArrayInputStream(testResp2)); - - if (response.getStatus() != 0) - { - fail("response status not zero."); - } - - brep = (BasicOCSPResp)response.getResponseObject(); - chain = brep.getCerts("BC"); - - if (!brep.verify(chain[0].getPublicKey(), "BC")) - { - fail("response 2 failed to verify."); - } - - singleResp = brep.getResponses(); - - // - // simple response generation - // - OCSPRespGenerator respGen = new OCSPRespGenerator(); - OCSPResp resp = respGen.generate(OCSPRespGenerator.SUCCESSFUL, response.getResponseObject()); - - if (!resp.getResponseObject().equals(response.getResponseObject())) - { - fail("response fails to match"); - } - - testECDSA(); - testRSA(); - testIrregularVersionReq(); - } - - public static void main( - String[] args) - { - Security.addProvider(new BouncyCastleProvider()); - - runTest(new OCSPTest()); - } -} diff --git a/pkix/src/test/jdk1.1/org/bouncycastle/cert/test/PKCS10Test.java b/pkix/src/test/jdk1.1/org/bouncycastle/cert/test/PKCS10Test.java index 48787e0d..ddd2cb66 100644 --- a/pkix/src/test/jdk1.1/org/bouncycastle/cert/test/PKCS10Test.java +++ b/pkix/src/test/jdk1.1/org/bouncycastle/cert/test/PKCS10Test.java @@ -24,9 +24,11 @@ import org.bouncycastle.asn1.x500.style.BCStyle; import org.bouncycastle.asn1.x509.BasicConstraints; import org.bouncycastle.asn1.x509.KeyUsage; import org.bouncycastle.asn1.x509.SubjectKeyIdentifier; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.asn1.x509.X509Extension; import org.bouncycastle.asn1.x509.X509Extensions; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; +import org.bouncycastle.cert.bc.BcX509ExtensionUtils; import org.bouncycastle.jce.ECGOST3410NamedCurveTable; import org.bouncycastle.jce.ECNamedCurveTable; import org.bouncycastle.jce.interfaces.ECPointEncoder; @@ -296,7 +298,7 @@ public class PKCS10Test oids.addElement(X509Extension.keyUsage); values.addElement(new X509Extension(true, new DEROctetString( new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign)))); - SubjectKeyIdentifier subjectKeyIdentifier = new SubjectKeyIdentifierStructure(pair.getPublic()); + SubjectKeyIdentifier subjectKeyIdentifier = new BcX509ExtensionUtils().createSubjectKeyIdentifier(SubjectPublicKeyInfo.getInstance(pair.getPublic().getEncoded())); X509Extension ski = new X509Extension(false, new DEROctetString(subjectKeyIdentifier)); oids.addElement(X509Extension.subjectKeyIdentifier); values.addElement(ski); diff --git a/pkix/src/test/jdk1.3/org/bouncycastle/cert/crmf/test/AllTests.java b/pkix/src/test/jdk1.3/org/bouncycastle/cert/crmf/test/AllTests.java index d450e929..c73fc1b8 100644 --- a/pkix/src/test/jdk1.3/org/bouncycastle/cert/crmf/test/AllTests.java +++ b/pkix/src/test/jdk1.3/org/bouncycastle/cert/crmf/test/AllTests.java @@ -24,10 +24,10 @@ import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.asn1.x509.GeneralName; import org.bouncycastle.cert.X509CertificateHolder; import org.bouncycastle.cert.X509v1CertificateBuilder; +import org.bouncycastle.cert.crmf.bc.BcFixedLengthMGF1Padder; import org.bouncycastle.cert.crmf.EncryptedValueBuilder; import org.bouncycastle.cert.crmf.EncryptedValuePadder; import org.bouncycastle.cert.crmf.EncryptedValueParser; -import org.bouncycastle.cert.crmf.FixedLengthMGF1Padder; import org.bouncycastle.cert.crmf.PKIArchiveControl; import org.bouncycastle.cert.crmf.PKMACBuilder; import org.bouncycastle.cert.crmf.ValueDecryptorGenerator; @@ -40,7 +40,6 @@ import org.bouncycastle.cert.crmf.jcajce.JceCRMFEncryptorBuilder; import org.bouncycastle.cert.crmf.jcajce.JcePKMACValuesCalculator; import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; import org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder; -import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder; import org.bouncycastle.cms.CMSAlgorithm; import org.bouncycastle.cms.CMSEnvelopedDataGenerator; import org.bouncycastle.cms.RecipientId; @@ -284,7 +283,7 @@ public class AllTests KeyPair kp = kGen.generateKeyPair(); X509Certificate cert = makeV1Certificate(kp, "CN=Test", kp, "CN=Test"); - FixedLengthMGF1Padder mgf1Padder = new FixedLengthMGF1Padder(200, new SecureRandom()); + BcFixedLengthMGF1Padder mgf1Padder = new BcFixedLengthMGF1Padder(200, new SecureRandom()); EncryptedValueBuilder build = new EncryptedValueBuilder(new JceAsymmetricKeyWrapper(cert.getPublicKey()).setProvider(BC), new JceCRMFEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build(), mgf1Padder); EncryptedValue value = build.build(passphrase); ValueDecryptorGenerator decGen = new JceAsymmetricValueDecryptorGenerator(kp.getPrivate()).setProvider(BC); diff --git a/pkix/src/test/jdk1.3/org/bouncycastle/cert/test/PKCS10Test.java b/pkix/src/test/jdk1.3/org/bouncycastle/cert/test/PKCS10Test.java index 58838811..6a3397c4 100644 --- a/pkix/src/test/jdk1.3/org/bouncycastle/cert/test/PKCS10Test.java +++ b/pkix/src/test/jdk1.3/org/bouncycastle/cert/test/PKCS10Test.java @@ -427,7 +427,7 @@ public class PKCS10Test oids.addElement(X509Extension.keyUsage); values.addElement(new X509Extension(true, new DEROctetString( new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign)))); - SubjectKeyIdentifier subjectKeyIdentifier = new SubjectKeyIdentifierStructure(pair.getPublic()); + SubjectKeyIdentifier subjectKeyIdentifier = new BcX509ExtensionUtils().createSubjectKeyIdentifier(SubjectPublicKeyInfo.getInstance(pair.getPublic().getEncoded())); X509Extension ski = new X509Extension(false, new DEROctetString(subjectKeyIdentifier)); oids.addElement(X509Extension.subjectKeyIdentifier); values.addElement(ski); |