diff options
author | David Hook <dgh@cryptoworkshop.com> | 2014-03-30 04:45:40 +0400 |
---|---|---|
committer | David Hook <dgh@cryptoworkshop.com> | 2014-03-30 04:45:40 +0400 |
commit | 04b286bffca2cb6216e4a4ba68a3484ad1709308 (patch) | |
tree | 9ee230b24a69d46a80beafd82d80cf2e438c71af /prov | |
parent | 747a3c99ecda1a99955c86b8f045b6459793f2a8 (diff) |
deprecated method removal.
added some additional deprecations.
removed core selector dependency on crypto version of SHA-1
Diffstat (limited to 'prov')
18 files changed, 3 insertions, 2601 deletions
diff --git a/prov/src/main/java/org/bouncycastle/ocsp/BasicOCSPResp.java b/prov/src/main/java/org/bouncycastle/ocsp/BasicOCSPResp.java deleted file mode 100644 index dec8312b..00000000 --- a/prov/src/main/java/org/bouncycastle/ocsp/BasicOCSPResp.java +++ /dev/null @@ -1,366 +0,0 @@ -package org.bouncycastle.ocsp; - -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.security.InvalidAlgorithmParameterException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PublicKey; -import java.security.Signature; -import java.security.cert.CertStore; -import java.security.cert.CertStoreParameters; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.security.cert.CollectionCertStoreParameters; -import java.security.cert.X509Certificate; -import java.text.ParseException; -import java.util.ArrayList; -import java.util.Date; -import java.util.Enumeration; -import java.util.HashSet; -import java.util.List; -import java.util.Set; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OutputStream; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ocsp.BasicOCSPResponse; -import org.bouncycastle.asn1.ocsp.ResponseData; -import org.bouncycastle.asn1.ocsp.SingleResponse; -import org.bouncycastle.asn1.x509.X509Extension; -import org.bouncycastle.asn1.x509.X509Extensions; - -/** - * <pre> - * BasicOCSPResponse ::= SEQUENCE { - * tbsResponseData ResponseData, - * signatureAlgorithm AlgorithmIdentifier, - * signature BIT STRING, - * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } - * </pre> - * - * @deprecated use classes in org.bouncycastle.cert.ocsp. - */ -public class BasicOCSPResp - implements java.security.cert.X509Extension -{ - BasicOCSPResponse resp; - ResponseData data; - X509Certificate[] chain = null; - - public BasicOCSPResp( - BasicOCSPResponse resp) - { - this.resp = resp; - this.data = resp.getTbsResponseData(); - } - - /** - * Return the DER encoding of the tbsResponseData field. - * @return DER encoding of tbsResponseData - * @throws OCSPException in the event of an encoding error. - */ - public byte[] getTBSResponseData() - throws OCSPException - { - try - { - return resp.getTbsResponseData().getEncoded(); - } - catch (IOException e) - { - throw new OCSPException("problem encoding tbsResponseData", e); - } - } - - public int getVersion() - { - return data.getVersion().getValue().intValue() + 1; - } - - public RespID getResponderId() - { - return new RespID(data.getResponderID()); - } - - public Date getProducedAt() - { - try - { - return data.getProducedAt().getDate(); - } - catch (ParseException e) - { - throw new IllegalStateException("ParseException:" + e.getMessage()); - } - } - - public SingleResp[] getResponses() - { - ASN1Sequence s = data.getResponses(); - SingleResp[] rs = new SingleResp[s.size()]; - - for (int i = 0; i != rs.length; i++) - { - rs[i] = new SingleResp(SingleResponse.getInstance(s.getObjectAt(i))); - } - - return rs; - } - - public X509Extensions getResponseExtensions() - { - return X509Extensions.getInstance(data.getResponseExtensions()); - } - - /** - * RFC 2650 doesn't specify any critical extensions so we return true - * if any are encountered. - * - * @return true if any critical extensions are present. - */ - public boolean hasUnsupportedCriticalExtension() - { - Set extns = getCriticalExtensionOIDs(); - if (extns != null && !extns.isEmpty()) - { - return true; - } - - return false; - } - - private Set getExtensionOIDs(boolean critical) - { - Set set = new HashSet(); - X509Extensions extensions = this.getResponseExtensions(); - - if (extensions != null) - { - Enumeration e = extensions.oids(); - - while (e.hasMoreElements()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); - X509Extension ext = extensions.getExtension(oid); - - if (critical == ext.isCritical()) - { - set.add(oid.getId()); - } - } - } - - return set; - } - - public Set getCriticalExtensionOIDs() - { - return getExtensionOIDs(true); - } - - public Set getNonCriticalExtensionOIDs() - { - return getExtensionOIDs(false); - } - - public byte[] getExtensionValue(String oid) - { - X509Extensions exts = this.getResponseExtensions(); - - if (exts != null) - { - X509Extension ext = exts.getExtension(new ASN1ObjectIdentifier(oid)); - - if (ext != null) - { - try - { - return ext.getValue().getEncoded(ASN1Encoding.DER); - } - catch (Exception e) - { - throw new RuntimeException("error encoding " + e.toString()); - } - } - } - - return null; - } - - public String getSignatureAlgName() - { - return OCSPUtil.getAlgorithmName(resp.getSignatureAlgorithm().getObjectId()); - } - - public String getSignatureAlgOID() - { - return resp.getSignatureAlgorithm().getObjectId().getId(); - } - - /** - * @deprecated RespData class is no longer required as all functionality is - * available on this class. - * @return the RespData object - */ - public RespData getResponseData() - { - return new RespData(resp.getTbsResponseData()); - } - - public byte[] getSignature() - { - return resp.getSignature().getBytes(); - } - - private List getCertList( - String provider) - throws OCSPException, NoSuchProviderException - { - List certs = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - ASN1OutputStream aOut = new ASN1OutputStream(bOut); - CertificateFactory cf; - - try - { - cf = OCSPUtil.createX509CertificateFactory(provider); - } - catch (CertificateException ex) - { - throw new OCSPException("can't get certificate factory.", ex); - } - - // - // load the certificates and revocation lists if we have any - // - ASN1Sequence s = resp.getCerts(); - - if (s != null) - { - Enumeration e = s.getObjects(); - - while (e.hasMoreElements()) - { - try - { - aOut.writeObject((ASN1Encodable)e.nextElement()); - - certs.add(cf.generateCertificate( - new ByteArrayInputStream(bOut.toByteArray()))); - } - catch (IOException ex) - { - throw new OCSPException( - "can't re-encode certificate!", ex); - } - catch (CertificateException ex) - { - throw new OCSPException( - "can't re-encode certificate!", ex); - } - - bOut.reset(); - } - } - - return certs; - } - - public X509Certificate[] getCerts( - String provider) - throws OCSPException, NoSuchProviderException - { - List certs = getCertList(provider); - - return (X509Certificate[])certs.toArray(new X509Certificate[certs.size()]); - } - - /** - * Return the certificates, if any associated with the response. - * @param type type of CertStore to create - * @param provider provider to use - * @return a CertStore, possibly empty - * @throws NoSuchAlgorithmException - * @throws NoSuchProviderException - * @throws OCSPException - */ - public CertStore getCertificates( - String type, - String provider) - throws NoSuchAlgorithmException, NoSuchProviderException, OCSPException - { - try - { - CertStoreParameters params = new CollectionCertStoreParameters(this.getCertList(provider)); - return OCSPUtil.createCertStoreInstance(type, params, provider); - } - catch (InvalidAlgorithmParameterException e) - { - throw new OCSPException("can't setup the CertStore", e); - } - } - - /** - * verify the signature against the tbsResponseData object we contain. - */ - public boolean verify( - PublicKey key, - String sigProvider) - throws OCSPException, NoSuchProviderException - { - try - { - Signature signature = OCSPUtil.createSignatureInstance(this.getSignatureAlgName(), sigProvider); - - signature.initVerify(key); - - signature.update(resp.getTbsResponseData().getEncoded(ASN1Encoding.DER)); - - return signature.verify(this.getSignature()); - } - catch (NoSuchProviderException e) - { - // TODO Why this special case? - throw e; - } - catch (Exception e) - { - throw new OCSPException("exception processing sig: " + e, e); - } - } - - /** - * return the ASN.1 encoded representation of this object. - */ - public byte[] getEncoded() - throws IOException - { - return resp.getEncoded(); - } - - public boolean equals(Object o) - { - if (o == this) - { - return true; - } - - if (!(o instanceof BasicOCSPResp)) - { - return false; - } - - BasicOCSPResp r = (BasicOCSPResp)o; - - return resp.equals(r.resp); - } - - public int hashCode() - { - return resp.hashCode(); - } -} diff --git a/prov/src/main/java/org/bouncycastle/ocsp/BasicOCSPRespGenerator.java b/prov/src/main/java/org/bouncycastle/ocsp/BasicOCSPRespGenerator.java deleted file mode 100644 index 85a1121b..00000000 --- a/prov/src/main/java/org/bouncycastle/ocsp/BasicOCSPRespGenerator.java +++ /dev/null @@ -1,344 +0,0 @@ -package org.bouncycastle.ocsp; - -import java.io.IOException; -import java.security.GeneralSecurityException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.Signature; -import java.security.cert.CertificateEncodingException; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Date; -import java.util.Iterator; -import java.util.List; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1GeneralizedTime; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.ocsp.BasicOCSPResponse; -import org.bouncycastle.asn1.ocsp.CertStatus; -import org.bouncycastle.asn1.ocsp.ResponseData; -import org.bouncycastle.asn1.ocsp.RevokedInfo; -import org.bouncycastle.asn1.ocsp.SingleResponse; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.CRLReason; -import org.bouncycastle.asn1.x509.X509CertificateStructure; -import org.bouncycastle.asn1.x509.X509Extensions; - -/** - * Generator for basic OCSP response objects. - * - * @deprecated use classes in org.bouncycastle.cert.ocsp. - */ -public class BasicOCSPRespGenerator -{ - private List list = new ArrayList(); - private X509Extensions responseExtensions = null; - private RespID responderID; - - private class ResponseObject - { - CertificateID certId; - CertStatus certStatus; - ASN1GeneralizedTime thisUpdate; - ASN1GeneralizedTime nextUpdate; - X509Extensions extensions; - - public ResponseObject( - CertificateID certId, - CertificateStatus certStatus, - Date thisUpdate, - Date nextUpdate, - X509Extensions extensions) - { - this.certId = certId; - - if (certStatus == null) - { - this.certStatus = new CertStatus(); - } - else if (certStatus instanceof UnknownStatus) - { - this.certStatus = new CertStatus(2, DERNull.INSTANCE); - } - else - { - RevokedStatus rs = (RevokedStatus)certStatus; - - if (rs.hasRevocationReason()) - { - this.certStatus = new CertStatus( - new RevokedInfo(new ASN1GeneralizedTime(rs.getRevocationTime()), CRLReason.lookup(rs.getRevocationReason()))); - } - else - { - this.certStatus = new CertStatus( - new RevokedInfo(new ASN1GeneralizedTime(rs.getRevocationTime()), null)); - } - } - - this.thisUpdate = new DERGeneralizedTime(thisUpdate); - - if (nextUpdate != null) - { - this.nextUpdate = new DERGeneralizedTime(nextUpdate); - } - else - { - this.nextUpdate = null; - } - - this.extensions = extensions; - } - - public SingleResponse toResponse() - throws Exception - { - return new SingleResponse(certId.toASN1Object(), certStatus, thisUpdate, nextUpdate, extensions); - } - } - - /** - * basic constructor - */ - public BasicOCSPRespGenerator( - RespID responderID) - { - this.responderID = responderID; - } - - /** - * construct with the responderID to be the SHA-1 keyHash of the passed in public key. - */ - public BasicOCSPRespGenerator( - PublicKey key) - throws OCSPException - { - this.responderID = new RespID(key); - } - - /** - * Add a response for a particular Certificate ID. - * - * @param certID certificate ID details - * @param certStatus status of the certificate - null if okay - */ - public void addResponse( - CertificateID certID, - CertificateStatus certStatus) - { - list.add(new ResponseObject(certID, certStatus, new Date(), null, null)); - } - - /** - * Add a response for a particular Certificate ID. - * - * @param certID certificate ID details - * @param certStatus status of the certificate - null if okay - * @param singleExtensions optional extensions - */ - public void addResponse( - CertificateID certID, - CertificateStatus certStatus, - X509Extensions singleExtensions) - { - list.add(new ResponseObject(certID, certStatus, new Date(), null, singleExtensions)); - } - - /** - * Add a response for a particular Certificate ID. - * - * @param certID certificate ID details - * @param nextUpdate date when next update should be requested - * @param certStatus status of the certificate - null if okay - * @param singleExtensions optional extensions - */ - public void addResponse( - CertificateID certID, - CertificateStatus certStatus, - Date nextUpdate, - X509Extensions singleExtensions) - { - list.add(new ResponseObject(certID, certStatus, new Date(), nextUpdate, singleExtensions)); - } - - /** - * Add a response for a particular Certificate ID. - * - * @param certID certificate ID details - * @param thisUpdate date this response was valid on - * @param nextUpdate date when next update should be requested - * @param certStatus status of the certificate - null if okay - * @param singleExtensions optional extensions - */ - public void addResponse( - CertificateID certID, - CertificateStatus certStatus, - Date thisUpdate, - Date nextUpdate, - X509Extensions singleExtensions) - { - list.add(new ResponseObject(certID, certStatus, thisUpdate, nextUpdate, singleExtensions)); - } - - /** - * Set the extensions for the response. - * - * @param responseExtensions the extension object to carry. - */ - public void setResponseExtensions( - X509Extensions responseExtensions) - { - this.responseExtensions = responseExtensions; - } - - private BasicOCSPResp generateResponse( - String signatureName, - PrivateKey key, - X509Certificate[] chain, - Date producedAt, - String provider, - SecureRandom random) - throws OCSPException, NoSuchProviderException - { - Iterator it = list.iterator(); - ASN1ObjectIdentifier signingAlgorithm; - - try - { - signingAlgorithm = OCSPUtil.getAlgorithmOID(signatureName); - } - catch (Exception e) - { - throw new IllegalArgumentException("unknown signing algorithm specified"); - } - - ASN1EncodableVector responses = new ASN1EncodableVector(); - - while (it.hasNext()) - { - try - { - responses.add(((ResponseObject)it.next()).toResponse()); - } - catch (Exception e) - { - throw new OCSPException("exception creating Request", e); - } - } - - ResponseData tbsResp = new ResponseData(responderID.toASN1Object(), new DERGeneralizedTime(producedAt), new DERSequence(responses), responseExtensions); - - Signature sig = null; - - try - { - sig = OCSPUtil.createSignatureInstance(signatureName, provider); - if (random != null) - { - sig.initSign(key, random); - } - else - { - sig.initSign(key); - } - } - catch (NoSuchProviderException e) - { - // TODO Why this special case? - throw e; - } - catch (GeneralSecurityException e) - { - throw new OCSPException("exception creating signature: " + e, e); - } - - DERBitString bitSig = null; - - try - { - sig.update(tbsResp.getEncoded(ASN1Encoding.DER)); - - bitSig = new DERBitString(sig.sign()); - } - catch (Exception e) - { - throw new OCSPException("exception processing TBSRequest: " + e, e); - } - - AlgorithmIdentifier sigAlgId = OCSPUtil.getSigAlgID(signingAlgorithm); - - DERSequence chainSeq = null; - if (chain != null && chain.length > 0) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - try - { - for (int i = 0; i != chain.length; i++) - { - v.add(new X509CertificateStructure( - (ASN1Sequence)ASN1Primitive.fromByteArray(chain[i].getEncoded()))); - } - } - catch (IOException e) - { - throw new OCSPException("error processing certs", e); - } - catch (CertificateEncodingException e) - { - throw new OCSPException("error encoding certs", e); - } - - chainSeq = new DERSequence(v); - } - - return new BasicOCSPResp(new BasicOCSPResponse(tbsResp, sigAlgId, bitSig, chainSeq)); - } - - public BasicOCSPResp generate( - String signingAlgorithm, - PrivateKey key, - X509Certificate[] chain, - Date thisUpdate, - String provider) - throws OCSPException, NoSuchProviderException, IllegalArgumentException - { - return generate(signingAlgorithm, key, chain, thisUpdate, provider, null); - } - - public BasicOCSPResp generate( - String signingAlgorithm, - PrivateKey key, - X509Certificate[] chain, - Date producedAt, - String provider, - SecureRandom random) - throws OCSPException, NoSuchProviderException, IllegalArgumentException - { - if (signingAlgorithm == null) - { - throw new IllegalArgumentException("no signing algorithm specified"); - } - - return generateResponse(signingAlgorithm, key, chain, producedAt, provider, random); - } - - /** - * Return an iterator of the signature names supported by the generator. - * - * @return an iterator containing recognised names. - */ - public Iterator getSignatureAlgNames() - { - return OCSPUtil.getAlgNames(); - } -} diff --git a/prov/src/main/java/org/bouncycastle/ocsp/CertificateID.java b/prov/src/main/java/org/bouncycastle/ocsp/CertificateID.java deleted file mode 100644 index 87bb461c..00000000 --- a/prov/src/main/java/org/bouncycastle/ocsp/CertificateID.java +++ /dev/null @@ -1,170 +0,0 @@ -package org.bouncycastle.ocsp; - -import java.math.BigInteger; -import java.security.MessageDigest; -import java.security.PublicKey; -import java.security.cert.X509Certificate; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.ocsp.CertID; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.jce.PrincipalUtil; -import org.bouncycastle.jce.X509Principal; - -public class CertificateID -{ - public static final String HASH_SHA1 = "1.3.14.3.2.26"; - - private final CertID id; - - public CertificateID( - CertID id) - { - if (id == null) - { - throw new IllegalArgumentException("'id' cannot be null"); - } - this.id = id; - } - - /** - * create from an issuer certificate and the serial number of the - * certificate it signed. - * - * @param hashAlgorithm hash algorithm to use - * @param issuerCert issuing certificate - * @param number serial number - * @param provider provider to use for hashAlgorithm, null if the default one should be used. - * - * @exception OCSPException if any problems occur creating the id fields. - */ - public CertificateID( - String hashAlgorithm, - X509Certificate issuerCert, - BigInteger number, - String provider) - throws OCSPException - { - AlgorithmIdentifier hashAlg = new AlgorithmIdentifier( - new ASN1ObjectIdentifier(hashAlgorithm), DERNull.INSTANCE); - - this.id = createCertID(hashAlg, issuerCert, new ASN1Integer(number), provider); - } - - /** - * create using the BC provider - */ - public CertificateID( - String hashAlgorithm, - X509Certificate issuerCert, - BigInteger number) - throws OCSPException - { - this(hashAlgorithm, issuerCert, number, "BC"); - } - - public String getHashAlgOID() - { - return id.getHashAlgorithm().getObjectId().getId(); - } - - public byte[] getIssuerNameHash() - { - return id.getIssuerNameHash().getOctets(); - } - - public byte[] getIssuerKeyHash() - { - return id.getIssuerKeyHash().getOctets(); - } - - /** - * return the serial number for the certificate associated - * with this request. - */ - public BigInteger getSerialNumber() - { - return id.getSerialNumber().getValue(); - } - - public boolean matchesIssuer(X509Certificate issuerCert, String provider) - throws OCSPException - { - return createCertID(id.getHashAlgorithm(), issuerCert, id.getSerialNumber(), provider) - .equals(id); - } - - public CertID toASN1Object() - { - return id; - } - - public boolean equals( - Object o) - { - if (!(o instanceof CertificateID)) - { - return false; - } - - CertificateID obj = (CertificateID)o; - - return id.toASN1Primitive().equals(obj.id.toASN1Primitive()); - } - - public int hashCode() - { - return id.toASN1Primitive().hashCode(); - } - - /** - * Create a new CertificateID for a new serial number derived from a previous one - * calculated for the same CA certificate. - * - * @param original the previously calculated CertificateID for the CA. - * @param newSerialNumber the serial number for the new certificate of interest. - * - * @return a new CertificateID for newSerialNumber - */ - public static CertificateID deriveCertificateID(CertificateID original, BigInteger newSerialNumber) - { - return new CertificateID(new CertID(original.id.getHashAlgorithm(), original.id.getIssuerNameHash(), original.id.getIssuerKeyHash(), new ASN1Integer(newSerialNumber))); - } - - private static CertID createCertID(AlgorithmIdentifier hashAlg, X509Certificate issuerCert, - ASN1Integer serialNumber, String provider) - throws OCSPException - { - try - { - MessageDigest digest = OCSPUtil.createDigestInstance(hashAlg.getAlgorithm() .getId(), - provider); - - X509Principal issuerName = PrincipalUtil.getSubjectX509Principal(issuerCert); - - digest.update(issuerName.getEncoded()); - - ASN1OctetString issuerNameHash = new DEROctetString(digest.digest()); - PublicKey issuerKey = issuerCert.getPublicKey(); - - ASN1InputStream aIn = new ASN1InputStream(issuerKey.getEncoded()); - SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(aIn.readObject()); - - digest.update(info.getPublicKeyData().getBytes()); - - ASN1OctetString issuerKeyHash = new DEROctetString(digest.digest()); - - return new CertID(hashAlg, issuerNameHash, issuerKeyHash, serialNumber); - } - catch (Exception e) - { - throw new OCSPException("problem creating ID: " + e, e); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/ocsp/CertificateStatus.java b/prov/src/main/java/org/bouncycastle/ocsp/CertificateStatus.java deleted file mode 100644 index 992ca55f..00000000 --- a/prov/src/main/java/org/bouncycastle/ocsp/CertificateStatus.java +++ /dev/null @@ -1,6 +0,0 @@ -package org.bouncycastle.ocsp; - -public interface CertificateStatus -{ - public static final CertificateStatus GOOD = null; -} diff --git a/prov/src/main/java/org/bouncycastle/ocsp/OCSPException.java b/prov/src/main/java/org/bouncycastle/ocsp/OCSPException.java deleted file mode 100644 index d354a310..00000000 --- a/prov/src/main/java/org/bouncycastle/ocsp/OCSPException.java +++ /dev/null @@ -1,32 +0,0 @@ -package org.bouncycastle.ocsp; - -public class OCSPException - extends Exception -{ - Exception e; - - public OCSPException( - String name) - { - super(name); - } - - public OCSPException( - String name, - Exception e) - { - super(name); - - this.e = e; - } - - public Exception getUnderlyingException() - { - return e; - } - - public Throwable getCause() - { - return e; - } -} diff --git a/prov/src/main/java/org/bouncycastle/ocsp/OCSPReq.java b/prov/src/main/java/org/bouncycastle/ocsp/OCSPReq.java deleted file mode 100644 index 7e50621a..00000000 --- a/prov/src/main/java/org/bouncycastle/ocsp/OCSPReq.java +++ /dev/null @@ -1,417 +0,0 @@ -package org.bouncycastle.ocsp; - -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.security.InvalidAlgorithmParameterException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PublicKey; -import java.security.Signature; -import java.security.cert.CertStore; -import java.security.cert.CertStoreParameters; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.security.cert.CollectionCertStoreParameters; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Enumeration; -import java.util.HashSet; -import java.util.List; -import java.util.Set; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OutputStream; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ocsp.OCSPRequest; -import org.bouncycastle.asn1.ocsp.Request; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.X509Extension; -import org.bouncycastle.asn1.x509.X509Extensions; - -/** - * <pre> - * OCSPRequest ::= SEQUENCE { - * tbsRequest TBSRequest, - * optionalSignature [0] EXPLICIT Signature OPTIONAL } - * - * TBSRequest ::= SEQUENCE { - * version [0] EXPLICIT Version DEFAULT v1, - * requestorName [1] EXPLICIT GeneralName OPTIONAL, - * requestList SEQUENCE OF Request, - * requestExtensions [2] EXPLICIT Extensions OPTIONAL } - * - * Signature ::= SEQUENCE { - * signatureAlgorithm AlgorithmIdentifier, - * signature BIT STRING, - * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL} - * - * Version ::= INTEGER { v1(0) } - * - * Request ::= SEQUENCE { - * reqCert CertID, - * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } - * - * CertID ::= SEQUENCE { - * hashAlgorithm AlgorithmIdentifier, - * issuerNameHash OCTET STRING, -- Hash of Issuer's DN - * issuerKeyHash OCTET STRING, -- Hash of Issuers public key - * serialNumber CertificateSerialNumber } - * </pre> - * - * @deprecated use classes in org.bouncycastle.cert.ocsp. - */ -public class OCSPReq - implements java.security.cert.X509Extension -{ - private OCSPRequest req; - - public OCSPReq( - OCSPRequest req) - { - this.req = req; - } - - public OCSPReq( - byte[] req) - throws IOException - { - this(new ASN1InputStream(req)); - } - - public OCSPReq( - InputStream in) - throws IOException - { - this(new ASN1InputStream(in)); - } - - private OCSPReq( - ASN1InputStream aIn) - throws IOException - { - try - { - this.req = OCSPRequest.getInstance(aIn.readObject()); - } - catch (IllegalArgumentException e) - { - throw new IOException("malformed request: " + e.getMessage()); - } - catch (ClassCastException e) - { - throw new IOException("malformed request: " + e.getMessage()); - } - } - - /** - * Return the DER encoding of the tbsRequest field. - * @return DER encoding of tbsRequest - * @throws OCSPException in the event of an encoding error. - */ - public byte[] getTBSRequest() - throws OCSPException - { - try - { - return req.getTbsRequest().getEncoded(); - } - catch (IOException e) - { - throw new OCSPException("problem encoding tbsRequest", e); - } - } - - public int getVersion() - { - return req.getTbsRequest().getVersion().getValue().intValue() + 1; - } - - public GeneralName getRequestorName() - { - return GeneralName.getInstance(req.getTbsRequest().getRequestorName()); - } - - public Req[] getRequestList() - { - ASN1Sequence seq = req.getTbsRequest().getRequestList(); - Req[] requests = new Req[seq.size()]; - - for (int i = 0; i != requests.length; i++) - { - requests[i] = new Req(Request.getInstance(seq.getObjectAt(i))); - } - - return requests; - } - - public X509Extensions getRequestExtensions() - { - return X509Extensions.getInstance(req.getTbsRequest().getRequestExtensions()); - } - - /** - * return the object identifier representing the signature algorithm - */ - public String getSignatureAlgOID() - { - if (!this.isSigned()) - { - return null; - } - - return req.getOptionalSignature().getSignatureAlgorithm().getObjectId().getId(); - } - - public byte[] getSignature() - { - if (!this.isSigned()) - { - return null; - } - - return req.getOptionalSignature().getSignature().getBytes(); - } - - private List getCertList( - String provider) - throws OCSPException, NoSuchProviderException - { - List certs = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - ASN1OutputStream aOut = new ASN1OutputStream(bOut); - CertificateFactory cf; - - try - { - cf = OCSPUtil.createX509CertificateFactory(provider); - } - catch (CertificateException ex) - { - throw new OCSPException("can't get certificate factory.", ex); - } - - // - // load the certificates if we have any - // - ASN1Sequence s = req.getOptionalSignature().getCerts(); - - if (s != null) - { - Enumeration e = s.getObjects(); - - while (e.hasMoreElements()) - { - try - { - aOut.writeObject((ASN1Encodable)e.nextElement()); - - certs.add(cf.generateCertificate( - new ByteArrayInputStream(bOut.toByteArray()))); - } - catch (IOException ex) - { - throw new OCSPException( - "can't re-encode certificate!", ex); - } - catch (CertificateException ex) - { - throw new OCSPException( - "can't re-encode certificate!", ex); - } - - bOut.reset(); - } - } - - return certs; - } - - public X509Certificate[] getCerts( - String provider) - throws OCSPException, NoSuchProviderException - { - if (!this.isSigned()) - { - return null; - } - - List certs = this.getCertList(provider); - - return (X509Certificate[])certs.toArray(new X509Certificate[certs.size()]); - } - - /** - * If the request is signed return a possibly empty CertStore containing the certificates in the - * request. If the request is not signed the method returns null. - * - * @param type type of CertStore to return - * @param provider provider to use - * @return null if not signed, a CertStore otherwise - * @throws NoSuchAlgorithmException - * @throws NoSuchProviderException - * @throws OCSPException - */ - public CertStore getCertificates( - String type, - String provider) - throws NoSuchAlgorithmException, NoSuchProviderException, OCSPException - { - if (!this.isSigned()) - { - return null; - } - - try - { - CertStoreParameters params = new CollectionCertStoreParameters(this.getCertList(provider)); - return OCSPUtil.createCertStoreInstance(type, params, provider); - } - catch (InvalidAlgorithmParameterException e) - { - throw new OCSPException("can't setup the CertStore", e); - } - } - - /** - * Return whether or not this request is signed. - * - * @return true if signed false otherwise. - */ - public boolean isSigned() - { - return req.getOptionalSignature() != null; - } - - /** - * verify the signature against the TBSRequest object we contain. - */ - public boolean verify( - PublicKey key, - String sigProvider) - throws OCSPException, NoSuchProviderException - { - if (!this.isSigned()) - { - throw new OCSPException("attempt to verify signature on unsigned object"); - } - - try - { - Signature signature = OCSPUtil.createSignatureInstance(this.getSignatureAlgOID(), sigProvider); - - signature.initVerify(key); - - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - ASN1OutputStream aOut = new ASN1OutputStream(bOut); - - aOut.writeObject(req.getTbsRequest()); - - signature.update(bOut.toByteArray()); - - return signature.verify(this.getSignature()); - } - catch (NoSuchProviderException e) - { - // TODO Why this special case? - throw e; - } - catch (Exception e) - { - throw new OCSPException("exception processing sig: " + e, e); - } - } - - /** - * return the ASN.1 encoded representation of this object. - */ - public byte[] getEncoded() - throws IOException - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - ASN1OutputStream aOut = new ASN1OutputStream(bOut); - - aOut.writeObject(req); - - return bOut.toByteArray(); - } - - /** - * RFC 2650 doesn't specify any critical extensions so we return true - * if any are encountered. - * - * @return true if any critical extensions are present. - */ - public boolean hasUnsupportedCriticalExtension() - { - Set extns = getCriticalExtensionOIDs(); - if (extns != null && !extns.isEmpty()) - { - return true; - } - - return false; - } - - private Set getExtensionOIDs(boolean critical) - { - Set set = new HashSet(); - X509Extensions extensions = this.getRequestExtensions(); - - if (extensions != null) - { - Enumeration e = extensions.oids(); - - while (e.hasMoreElements()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); - X509Extension ext = extensions.getExtension(oid); - - if (critical == ext.isCritical()) - { - set.add(oid.getId()); - } - } - } - - return set; - } - - public Set getCriticalExtensionOIDs() - { - return getExtensionOIDs(true); - } - - public Set getNonCriticalExtensionOIDs() - { - return getExtensionOIDs(false); - } - - public byte[] getExtensionValue(String oid) - { - X509Extensions exts = this.getRequestExtensions(); - - if (exts != null) - { - X509Extension ext = exts.getExtension(new ASN1ObjectIdentifier(oid)); - - if (ext != null) - { - try - { - return ext.getValue().getEncoded(ASN1Encoding.DER); - } - catch (Exception e) - { - throw new RuntimeException("error encoding " + e.toString()); - } - } - } - - return null; - } -} diff --git a/prov/src/main/java/org/bouncycastle/ocsp/OCSPReqGenerator.java b/prov/src/main/java/org/bouncycastle/ocsp/OCSPReqGenerator.java deleted file mode 100644 index 0e01e8ec..00000000 --- a/prov/src/main/java/org/bouncycastle/ocsp/OCSPReqGenerator.java +++ /dev/null @@ -1,294 +0,0 @@ -package org.bouncycastle.ocsp; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.security.GeneralSecurityException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.SecureRandom; -import java.security.cert.CertificateEncodingException; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Iterator; -import java.util.List; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OutputStream; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.ocsp.OCSPRequest; -import org.bouncycastle.asn1.ocsp.Request; -import org.bouncycastle.asn1.ocsp.Signature; -import org.bouncycastle.asn1.ocsp.TBSRequest; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.Extensions; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.X509CertificateStructure; -import org.bouncycastle.asn1.x509.X509Extensions; -import org.bouncycastle.jce.X509Principal; - -/** - * @deprecated use classes in org.bouncycastle.cert.ocsp. - */ -public class OCSPReqGenerator -{ - private List list = new ArrayList(); - private GeneralName requestorName = null; - private X509Extensions requestExtensions = null; - - private class RequestObject - { - CertificateID certId; - X509Extensions extensions; - - public RequestObject( - CertificateID certId, - X509Extensions extensions) - { - this.certId = certId; - this.extensions = extensions; - } - - public Request toRequest() - throws Exception - { - return new Request(certId.toASN1Object(), Extensions.getInstance(extensions)); - } - } - - /** - * Add a request for the given CertificateID. - * - * @param certId certificate ID of interest - */ - public void addRequest( - CertificateID certId) - { - list.add(new RequestObject(certId, null)); - } - - /** - * Add a request with extensions - * - * @param certId certificate ID of interest - * @param singleRequestExtensions the extensions to attach to the request - */ - public void addRequest( - CertificateID certId, - X509Extensions singleRequestExtensions) - { - list.add(new RequestObject(certId, singleRequestExtensions)); - } - - /** - * Set the requestor name to the passed in X500Principal - * - * @param requestorName a X500Principal representing the requestor name. - */ - public void setRequestorName( - X500Principal requestorName) - { - try - { - this.requestorName = new GeneralName(GeneralName.directoryName, new X509Principal(requestorName.getEncoded())); - } - catch (IOException e) - { - throw new IllegalArgumentException("cannot encode principal: " + e); - } - } - - public void setRequestorName( - GeneralName requestorName) - { - this.requestorName = requestorName; - } - - public void setRequestExtensions( - X509Extensions requestExtensions) - { - this.requestExtensions = requestExtensions; - } - - private OCSPReq generateRequest( - ASN1ObjectIdentifier signingAlgorithm, - PrivateKey key, - X509Certificate[] chain, - String provider, - SecureRandom random) - throws OCSPException, NoSuchProviderException - { - Iterator it = list.iterator(); - - ASN1EncodableVector requests = new ASN1EncodableVector(); - - while (it.hasNext()) - { - try - { - requests.add(((RequestObject)it.next()).toRequest()); - } - catch (Exception e) - { - throw new OCSPException("exception creating Request", e); - } - } - - TBSRequest tbsReq = new TBSRequest(requestorName, new DERSequence(requests), requestExtensions); - - java.security.Signature sig = null; - Signature signature = null; - - if (signingAlgorithm != null) - { - if (requestorName == null) - { - throw new OCSPException("requestorName must be specified if request is signed."); - } - - try - { - sig = OCSPUtil.createSignatureInstance(signingAlgorithm.getId(), provider); - if (random != null) - { - sig.initSign(key, random); - } - else - { - sig.initSign(key); - } - } - catch (NoSuchProviderException e) - { - // TODO Why this special case? - throw e; - } - catch (GeneralSecurityException e) - { - throw new OCSPException("exception creating signature: " + e, e); - } - - DERBitString bitSig = null; - - try - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - ASN1OutputStream aOut = new ASN1OutputStream(bOut); - - aOut.writeObject(tbsReq); - - sig.update(bOut.toByteArray()); - - bitSig = new DERBitString(sig.sign()); - } - catch (Exception e) - { - throw new OCSPException("exception processing TBSRequest: " + e, e); - } - - AlgorithmIdentifier sigAlgId = new AlgorithmIdentifier(signingAlgorithm, DERNull.INSTANCE); - - if (chain != null && chain.length > 0) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - try - { - for (int i = 0; i != chain.length; i++) - { - v.add(new X509CertificateStructure( - (ASN1Sequence)ASN1Primitive.fromByteArray(chain[i].getEncoded()))); - } - } - catch (IOException e) - { - throw new OCSPException("error processing certs", e); - } - catch (CertificateEncodingException e) - { - throw new OCSPException("error encoding certs", e); - } - - signature = new Signature(sigAlgId, bitSig, new DERSequence(v)); - } - else - { - signature = new Signature(sigAlgId, bitSig); - } - } - - return new OCSPReq(new OCSPRequest(tbsReq, signature)); - } - - /** - * Generate an unsigned request - * - * @return the OCSPReq - * @throws OCSPException - */ - public OCSPReq generate() - throws OCSPException - { - try - { - return generateRequest(null, null, null, null, null); - } - catch (NoSuchProviderException e) - { - // - // this shouldn't happen but... - // - throw new OCSPException("no provider! - " + e, e); - } - } - - public OCSPReq generate( - String signingAlgorithm, - PrivateKey key, - X509Certificate[] chain, - String provider) - throws OCSPException, NoSuchProviderException, IllegalArgumentException - { - return generate(signingAlgorithm, key, chain, provider, null); - } - - public OCSPReq generate( - String signingAlgorithm, - PrivateKey key, - X509Certificate[] chain, - String provider, - SecureRandom random) - throws OCSPException, NoSuchProviderException, IllegalArgumentException - { - if (signingAlgorithm == null) - { - throw new IllegalArgumentException("no signing algorithm specified"); - } - - try - { - ASN1ObjectIdentifier oid = OCSPUtil.getAlgorithmOID(signingAlgorithm); - - return generateRequest(oid, key, chain, provider, random); - } - catch (IllegalArgumentException e) - { - throw new IllegalArgumentException("unknown signing algorithm specified: " + signingAlgorithm); - } - } - - /** - * Return an iterator of the signature names supported by the generator. - * - * @return an iterator containing recognised names. - */ - public Iterator getSignatureAlgNames() - { - return OCSPUtil.getAlgNames(); - } -} diff --git a/prov/src/main/java/org/bouncycastle/ocsp/OCSPResp.java b/prov/src/main/java/org/bouncycastle/ocsp/OCSPResp.java deleted file mode 100644 index 3ec61cde..00000000 --- a/prov/src/main/java/org/bouncycastle/ocsp/OCSPResp.java +++ /dev/null @@ -1,128 +0,0 @@ -package org.bouncycastle.ocsp; - -import java.io.IOException; -import java.io.InputStream; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ocsp.BasicOCSPResponse; -import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers; -import org.bouncycastle.asn1.ocsp.OCSPResponse; -import org.bouncycastle.asn1.ocsp.ResponseBytes; - -/** - * @deprecated use classes in org.bouncycastle.cert.ocsp. - */ -public class OCSPResp -{ - private OCSPResponse resp; - - /** - * @deprecated use classes in org.bouncycastle.cert.ocsp. - */ - public OCSPResp( - OCSPResponse resp) - { - this.resp = resp; - } - - /** - * @deprecated use classes in org.bouncycastle.cert.ocsp. - */ - public OCSPResp( - byte[] resp) - throws IOException - { - this(new ASN1InputStream(resp)); - } - - /** - * @deprecated use classes in org.bouncycastle.cert.ocsp. - */ - public OCSPResp( - InputStream in) - throws IOException - { - this(new ASN1InputStream(in)); - } - - private OCSPResp( - ASN1InputStream aIn) - throws IOException - { - try - { - this.resp = OCSPResponse.getInstance(aIn.readObject()); - } - catch (IllegalArgumentException e) - { - throw new IOException("malformed response: " + e.getMessage()); - } - catch (ClassCastException e) - { - throw new IOException("malformed response: " + e.getMessage()); - } - } - - public int getStatus() - { - return this.resp.getResponseStatus().getValue().intValue(); - } - - public Object getResponseObject() - throws OCSPException - { - ResponseBytes rb = this.resp.getResponseBytes(); - - if (rb == null) - { - return null; - } - - if (rb.getResponseType().equals(OCSPObjectIdentifiers.id_pkix_ocsp_basic)) - { - try - { - ASN1Primitive obj = ASN1Primitive.fromByteArray(rb.getResponse().getOctets()); - return new BasicOCSPResp(BasicOCSPResponse.getInstance(obj)); - } - catch (Exception e) - { - throw new OCSPException("problem decoding object: " + e, e); - } - } - - return rb.getResponse(); - } - - /** - * return the ASN.1 encoded representation of this object. - */ - public byte[] getEncoded() - throws IOException - { - return resp.getEncoded(); - } - - public boolean equals(Object o) - { - if (o == this) - { - return true; - } - - if (!(o instanceof OCSPResp)) - { - return false; - } - - OCSPResp r = (OCSPResp)o; - - return resp.equals(r.resp); - } - - public int hashCode() - { - return resp.hashCode(); - } -} diff --git a/prov/src/main/java/org/bouncycastle/ocsp/OCSPRespGenerator.java b/prov/src/main/java/org/bouncycastle/ocsp/OCSPRespGenerator.java deleted file mode 100644 index 1437ea87..00000000 --- a/prov/src/main/java/org/bouncycastle/ocsp/OCSPRespGenerator.java +++ /dev/null @@ -1,60 +0,0 @@ -package org.bouncycastle.ocsp; - -import java.io.IOException; - -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers; -import org.bouncycastle.asn1.ocsp.OCSPResponse; -import org.bouncycastle.asn1.ocsp.OCSPResponseStatus; -import org.bouncycastle.asn1.ocsp.ResponseBytes; - -/** - * base generator for an OCSP response - at the moment this only supports the - * generation of responses containing BasicOCSP responses. - * - * @deprecated use classes in org.bouncycastle.cert.ocsp. - */ -public class OCSPRespGenerator -{ - public static final int SUCCESSFUL = 0; // Response has valid confirmations - public static final int MALFORMED_REQUEST = 1; // Illegal confirmation request - public static final int INTERNAL_ERROR = 2; // Internal error in issuer - public static final int TRY_LATER = 3; // Try again later - // (4) is not used - public static final int SIG_REQUIRED = 5; // Must sign the request - public static final int UNAUTHORIZED = 6; // Request unauthorized - - public OCSPResp generate( - int status, - Object response) - throws OCSPException - { - if (response == null) - { - return new OCSPResp(new OCSPResponse(new OCSPResponseStatus(status),null)); - } - if (response instanceof BasicOCSPResp) - { - BasicOCSPResp r = (BasicOCSPResp)response; - ASN1OctetString octs; - - try - { - octs = new DEROctetString(r.getEncoded()); - } - catch (IOException e) - { - throw new OCSPException("can't encode object.", e); - } - - ResponseBytes rb = new ResponseBytes( - OCSPObjectIdentifiers.id_pkix_ocsp_basic, octs); - - return new OCSPResp(new OCSPResponse( - new OCSPResponseStatus(status), rb)); - } - - throw new OCSPException("unknown response object"); - } -} diff --git a/prov/src/main/java/org/bouncycastle/ocsp/OCSPRespStatus.java b/prov/src/main/java/org/bouncycastle/ocsp/OCSPRespStatus.java deleted file mode 100644 index f58000d9..00000000 --- a/prov/src/main/java/org/bouncycastle/ocsp/OCSPRespStatus.java +++ /dev/null @@ -1,14 +0,0 @@ -package org.bouncycastle.ocsp; - -public interface OCSPRespStatus -{ - /** - * note 4 is not used. - */ - public static final int SUCCESSFUL = 0; // --Response has valid confirmations - public static final int MALFORMED_REQUEST = 1; // --Illegal confirmation request - public static final int INTERNAL_ERROR = 2; // --Internal error in issuer - public static final int TRY_LATER = 3; // --Try again later - public static final int SIGREQUIRED = 5; // --Must sign the request - public static final int UNAUTHORIZED = 6; // --Request unauthorized -} diff --git a/prov/src/main/java/org/bouncycastle/ocsp/OCSPUtil.java b/prov/src/main/java/org/bouncycastle/ocsp/OCSPUtil.java deleted file mode 100644 index 4f0c5efc..00000000 --- a/prov/src/main/java/org/bouncycastle/ocsp/OCSPUtil.java +++ /dev/null @@ -1,198 +0,0 @@ -package org.bouncycastle.ocsp; - -import java.security.InvalidAlgorithmParameterException; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.Signature; -import java.security.cert.CertStore; -import java.security.cert.CertStoreParameters; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.util.ArrayList; -import java.util.Enumeration; -import java.util.HashSet; -import java.util.Hashtable; -import java.util.Iterator; -import java.util.List; -import java.util.Set; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.util.Strings; - -class OCSPUtil -{ - private static Hashtable algorithms = new Hashtable(); - private static Hashtable oids = new Hashtable(); - private static Set noParams = new HashSet(); - - static - { - algorithms.put("MD2WITHRSAENCRYPTION", PKCSObjectIdentifiers.md2WithRSAEncryption); - algorithms.put("MD2WITHRSA", PKCSObjectIdentifiers.md2WithRSAEncryption); - algorithms.put("MD5WITHRSAENCRYPTION", PKCSObjectIdentifiers.md5WithRSAEncryption); - algorithms.put("MD5WITHRSA", PKCSObjectIdentifiers.md5WithRSAEncryption); - algorithms.put("SHA1WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha1WithRSAEncryption); - algorithms.put("SHA1WITHRSA", PKCSObjectIdentifiers.sha1WithRSAEncryption); - algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption); - algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption); - algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption); - algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption); - algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption); - algorithms.put("SHA384WITHRSA", PKCSObjectIdentifiers.sha384WithRSAEncryption); - algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption); - algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption); - algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); - algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); - algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); - algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); - algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); - algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); - algorithms.put("SHA1WITHDSA", X9ObjectIdentifiers.id_dsa_with_sha1); - algorithms.put("DSAWITHSHA1", X9ObjectIdentifiers.id_dsa_with_sha1); - algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224); - algorithms.put("SHA256WITHDSA", NISTObjectIdentifiers.dsa_with_sha256); - algorithms.put("SHA1WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1); - algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1); - algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224); - algorithms.put("SHA256WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256); - algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384); - algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512); - algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); - algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); - - oids.put(PKCSObjectIdentifiers.md2WithRSAEncryption, "MD2WITHRSA"); - oids.put(PKCSObjectIdentifiers.md5WithRSAEncryption, "MD5WITHRSA"); - oids.put(PKCSObjectIdentifiers.sha1WithRSAEncryption, "SHA1WITHRSA"); - oids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224WITHRSA"); - oids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256WITHRSA"); - oids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384WITHRSA"); - oids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512WITHRSA"); - oids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160, "RIPEMD160WITHRSA"); - oids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128, "RIPEMD128WITHRSA"); - oids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256, "RIPEMD256WITHRSA"); - oids.put(X9ObjectIdentifiers.id_dsa_with_sha1, "SHA1WITHDSA"); - oids.put(NISTObjectIdentifiers.dsa_with_sha224, "SHA224WITHDSA"); - oids.put(NISTObjectIdentifiers.dsa_with_sha256, "SHA256WITHDSA"); - oids.put(X9ObjectIdentifiers.ecdsa_with_SHA1, "SHA1WITHECDSA"); - oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA"); - oids.put(X9ObjectIdentifiers.ecdsa_with_SHA256, "SHA256WITHECDSA"); - oids.put(X9ObjectIdentifiers.ecdsa_with_SHA384, "SHA384WITHECDSA"); - oids.put(X9ObjectIdentifiers.ecdsa_with_SHA512, "SHA512WITHECDSA"); - oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410"); - - // - // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field. - // The parameters field SHALL be NULL for RSA based signature algorithms. - // - noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA1); - noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224); - noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA256); - noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA384); - noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA512); - noParams.add(X9ObjectIdentifiers.id_dsa_with_sha1); - noParams.add(NISTObjectIdentifiers.dsa_with_sha224); - noParams.add(NISTObjectIdentifiers.dsa_with_sha256); - } - - static ASN1ObjectIdentifier getAlgorithmOID( - String algorithmName) - { - algorithmName = Strings.toUpperCase(algorithmName); - - if (algorithms.containsKey(algorithmName)) - { - return (ASN1ObjectIdentifier)algorithms.get(algorithmName); - } - - return new ASN1ObjectIdentifier(algorithmName); - } - - static String getAlgorithmName( - ASN1ObjectIdentifier oid) - { - if (oids.containsKey(oid)) - { - return (String)oids.get(oid); - } - - return oid.getId(); - } - - static AlgorithmIdentifier getSigAlgID( - ASN1ObjectIdentifier sigOid) - { - if (noParams.contains(sigOid)) - { - return new AlgorithmIdentifier(sigOid); - } - else - { - return new AlgorithmIdentifier(sigOid, DERNull.INSTANCE); - } - } - - static Iterator getAlgNames() - { - Enumeration e = algorithms.keys(); - List l = new ArrayList(); - - while (e.hasMoreElements()) - { - l.add(e.nextElement()); - } - - return l.iterator(); - } - - static CertStore createCertStoreInstance(String type, CertStoreParameters params, String provider) - throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException - { - if (provider == null) - { - return CertStore.getInstance(type, params); - } - - return CertStore.getInstance(type, params, provider); - } - - static MessageDigest createDigestInstance(String digestName, String provider) - throws NoSuchAlgorithmException, NoSuchProviderException - { - if (provider == null) - { - return MessageDigest.getInstance(digestName); - } - - return MessageDigest.getInstance(digestName, provider); - } - - static Signature createSignatureInstance(String sigName, String provider) - throws NoSuchAlgorithmException, NoSuchProviderException - { - if (provider == null) - { - return Signature.getInstance(sigName); - } - - return Signature.getInstance(sigName, provider); - } - - static CertificateFactory createX509CertificateFactory(String provider) - throws CertificateException, NoSuchProviderException - { - if (provider == null) - { - return CertificateFactory.getInstance("X.509"); - } - - return CertificateFactory.getInstance("X.509", provider); - } -} diff --git a/prov/src/main/java/org/bouncycastle/ocsp/Req.java b/prov/src/main/java/org/bouncycastle/ocsp/Req.java deleted file mode 100644 index c5f472a5..00000000 --- a/prov/src/main/java/org/bouncycastle/ocsp/Req.java +++ /dev/null @@ -1,108 +0,0 @@ -package org.bouncycastle.ocsp; - -import java.util.Enumeration; -import java.util.HashSet; -import java.util.Set; - -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ocsp.Request; -import org.bouncycastle.asn1.x509.X509Extension; -import org.bouncycastle.asn1.x509.X509Extensions; - -public class Req - implements java.security.cert.X509Extension -{ - private Request req; - - public Req( - Request req) - { - this.req = req; - } - - public CertificateID getCertID() - { - return new CertificateID(req.getReqCert()); - } - - public X509Extensions getSingleRequestExtensions() - { - return X509Extensions.getInstance(req.getSingleRequestExtensions()); - } - - /** - * RFC 2650 doesn't specify any critical extensions so we return true - * if any are encountered. - * - * @return true if any critical extensions are present. - */ - public boolean hasUnsupportedCriticalExtension() - { - Set extns = getCriticalExtensionOIDs(); - if (extns != null && !extns.isEmpty()) - { - return true; - } - - return false; - } - - private Set getExtensionOIDs(boolean critical) - { - Set set = new HashSet(); - X509Extensions extensions = this.getSingleRequestExtensions(); - - if (extensions != null) - { - Enumeration e = extensions.oids(); - - while (e.hasMoreElements()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); - X509Extension ext = extensions.getExtension(oid); - - if (critical == ext.isCritical()) - { - set.add(oid.getId()); - } - } - } - - return set; - } - - public Set getCriticalExtensionOIDs() - { - return getExtensionOIDs(true); - } - - public Set getNonCriticalExtensionOIDs() - { - return getExtensionOIDs(false); - } - - public byte[] getExtensionValue(String oid) - { - X509Extensions exts = this.getSingleRequestExtensions(); - - if (exts != null) - { - X509Extension ext = exts.getExtension(new ASN1ObjectIdentifier(oid)); - - if (ext != null) - { - try - { - return ext.getValue().getEncoded(ASN1Encoding.DER); - } - catch (Exception e) - { - throw new RuntimeException("error encoding " + e.toString()); - } - } - } - - return null; - } -} diff --git a/prov/src/main/java/org/bouncycastle/ocsp/RespData.java b/prov/src/main/java/org/bouncycastle/ocsp/RespData.java deleted file mode 100644 index 4b973bbd..00000000 --- a/prov/src/main/java/org/bouncycastle/ocsp/RespData.java +++ /dev/null @@ -1,142 +0,0 @@ -package org.bouncycastle.ocsp; - -import java.text.ParseException; -import java.util.Date; -import java.util.Enumeration; -import java.util.HashSet; -import java.util.Set; - -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ocsp.ResponseData; -import org.bouncycastle.asn1.ocsp.SingleResponse; -import org.bouncycastle.asn1.x509.X509Extension; -import org.bouncycastle.asn1.x509.X509Extensions; - -public class RespData - implements java.security.cert.X509Extension -{ - ResponseData data; - - public RespData( - ResponseData data) - { - this.data = data; - } - - public int getVersion() - { - return data.getVersion().getValue().intValue() + 1; - } - - public RespID getResponderId() - { - return new RespID(data.getResponderID()); - } - - public Date getProducedAt() - { - try - { - return data.getProducedAt().getDate(); - } - catch (ParseException e) - { - throw new IllegalStateException("ParseException:" + e.getMessage()); - } - } - - public SingleResp[] getResponses() - { - ASN1Sequence s = data.getResponses(); - SingleResp[] rs = new SingleResp[s.size()]; - - for (int i = 0; i != rs.length; i++) - { - rs[i] = new SingleResp(SingleResponse.getInstance(s.getObjectAt(i))); - } - - return rs; - } - - public X509Extensions getResponseExtensions() - { - return X509Extensions.getInstance(data.getResponseExtensions()); - } - - /** - * RFC 2650 doesn't specify any critical extensions so we return true - * if any are encountered. - * - * @return true if any critical extensions are present. - */ - public boolean hasUnsupportedCriticalExtension() - { - Set extns = getCriticalExtensionOIDs(); - if (extns != null && !extns.isEmpty()) - { - return true; - } - - return false; - } - - private Set getExtensionOIDs(boolean critical) - { - Set set = new HashSet(); - X509Extensions extensions = this.getResponseExtensions(); - - if (extensions != null) - { - Enumeration e = extensions.oids(); - - while (e.hasMoreElements()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); - X509Extension ext = extensions.getExtension(oid); - - if (critical == ext.isCritical()) - { - set.add(oid.getId()); - } - } - } - - return set; - } - - public Set getCriticalExtensionOIDs() - { - return getExtensionOIDs(true); - } - - public Set getNonCriticalExtensionOIDs() - { - return getExtensionOIDs(false); - } - - public byte[] getExtensionValue(String oid) - { - X509Extensions exts = this.getResponseExtensions(); - - if (exts != null) - { - X509Extension ext = exts.getExtension(new ASN1ObjectIdentifier(oid)); - - if (ext != null) - { - try - { - return ext.getValue().getEncoded(ASN1Encoding.DER); - } - catch (Exception e) - { - throw new RuntimeException("error encoding " + e.toString()); - } - } - } - - return null; - } -} diff --git a/prov/src/main/java/org/bouncycastle/ocsp/RespID.java b/prov/src/main/java/org/bouncycastle/ocsp/RespID.java deleted file mode 100644 index 631086c6..00000000 --- a/prov/src/main/java/org/bouncycastle/ocsp/RespID.java +++ /dev/null @@ -1,80 +0,0 @@ -package org.bouncycastle.ocsp; - -import java.security.MessageDigest; -import java.security.PublicKey; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.ocsp.ResponderID; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; - -/** - * Carrier for a ResponderID. - */ -public class RespID -{ - ResponderID id; - - public RespID( - ResponderID id) - { - this.id = id; - } - - public RespID( - X500Principal name) - { - this.id = new ResponderID(X500Name.getInstance(name.getEncoded())); - } - - public RespID( - PublicKey key) - throws OCSPException - { - try - { - // TODO Allow specification of a particular provider - MessageDigest digest = OCSPUtil.createDigestInstance("SHA1", null); - - ASN1InputStream aIn = new ASN1InputStream(key.getEncoded()); - SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(aIn.readObject()); - - digest.update(info.getPublicKeyData().getBytes()); - - ASN1OctetString keyHash = new DEROctetString(digest.digest()); - - this.id = new ResponderID(keyHash); - } - catch (Exception e) - { - throw new OCSPException("problem creating ID: " + e, e); - } - } - - public ResponderID toASN1Object() - { - return id; - } - - public boolean equals( - Object o) - { - if (!(o instanceof RespID)) - { - return false; - } - - RespID obj = (RespID)o; - - return id.equals(obj.id); - } - - public int hashCode() - { - return id.hashCode(); - } -} diff --git a/prov/src/main/java/org/bouncycastle/ocsp/RevokedStatus.java b/prov/src/main/java/org/bouncycastle/ocsp/RevokedStatus.java deleted file mode 100644 index 004cade1..00000000 --- a/prov/src/main/java/org/bouncycastle/ocsp/RevokedStatus.java +++ /dev/null @@ -1,63 +0,0 @@ -package org.bouncycastle.ocsp; - -import java.text.ParseException; -import java.util.Date; - -import org.bouncycastle.asn1.ASN1GeneralizedTime; -import org.bouncycastle.asn1.ocsp.RevokedInfo; -import org.bouncycastle.asn1.x509.CRLReason; - -/** - * wrapper for the RevokedInfo object - */ -public class RevokedStatus - implements CertificateStatus -{ - RevokedInfo info; - - public RevokedStatus( - RevokedInfo info) - { - this.info = info; - } - - public RevokedStatus( - Date revocationDate, - int reason) - { - this.info = new RevokedInfo(new ASN1GeneralizedTime(revocationDate), CRLReason.lookup(reason)); - } - - public Date getRevocationTime() - { - try - { - return info.getRevocationTime().getDate(); - } - catch (ParseException e) - { - throw new IllegalStateException("ParseException:" + e.getMessage()); - } - } - - public boolean hasRevocationReason() - { - return (info.getRevocationReason() != null); - } - - /** - * return the revocation reason. Note: this field is optional, test for it - * with hasRevocationReason() first. - * @return the revocation reason value. - * @exception IllegalStateException if a reason is asked for and none is avaliable - */ - public int getRevocationReason() - { - if (info.getRevocationReason() == null) - { - throw new IllegalStateException("attempt to get a reason where none is available"); - } - - return info.getRevocationReason().getValue().intValue(); - } -} diff --git a/prov/src/main/java/org/bouncycastle/ocsp/SingleResp.java b/prov/src/main/java/org/bouncycastle/ocsp/SingleResp.java deleted file mode 100644 index da640923..00000000 --- a/prov/src/main/java/org/bouncycastle/ocsp/SingleResp.java +++ /dev/null @@ -1,164 +0,0 @@ -package org.bouncycastle.ocsp; - -import java.text.ParseException; -import java.util.Date; -import java.util.Enumeration; -import java.util.HashSet; -import java.util.Set; - -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ocsp.CertStatus; -import org.bouncycastle.asn1.ocsp.RevokedInfo; -import org.bouncycastle.asn1.ocsp.SingleResponse; -import org.bouncycastle.asn1.x509.X509Extension; -import org.bouncycastle.asn1.x509.X509Extensions; - -public class SingleResp - implements java.security.cert.X509Extension -{ - SingleResponse resp; - - public SingleResp( - SingleResponse resp) - { - this.resp = resp; - } - - public CertificateID getCertID() - { - return new CertificateID(resp.getCertID()); - } - - /** - * Return the status object for the response - null indicates good. - * - * @return the status object for the response, null if it is good. - */ - public Object getCertStatus() - { - CertStatus s = resp.getCertStatus(); - - if (s.getTagNo() == 0) - { - return null; // good - } - else if (s.getTagNo() == 1) - { - return new RevokedStatus(RevokedInfo.getInstance(s.getStatus())); - } - - return new UnknownStatus(); - } - - public Date getThisUpdate() - { - try - { - return resp.getThisUpdate().getDate(); - } - catch (ParseException e) - { - throw new IllegalStateException("ParseException: " + e.getMessage()); - } - } - - /** - * return the NextUpdate value - note: this is an optional field so may - * be returned as null. - * - * @return nextUpdate, or null if not present. - */ - public Date getNextUpdate() - { - if (resp.getNextUpdate() == null) - { - return null; - } - - try - { - return resp.getNextUpdate().getDate(); - } - catch (ParseException e) - { - throw new IllegalStateException("ParseException: " + e.getMessage()); - } - } - - public X509Extensions getSingleExtensions() - { - return X509Extensions.getInstance(resp.getSingleExtensions()); - } - - /** - * RFC 2650 doesn't specify any critical extensions so we return true - * if any are encountered. - * - * @return true if any critical extensions are present. - */ - public boolean hasUnsupportedCriticalExtension() - { - Set extns = getCriticalExtensionOIDs(); - - return extns != null && !extns.isEmpty(); - } - - private Set getExtensionOIDs(boolean critical) - { - Set set = new HashSet(); - X509Extensions extensions = this.getSingleExtensions(); - - if (extensions != null) - { - Enumeration e = extensions.oids(); - - while (e.hasMoreElements()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); - X509Extension ext = extensions.getExtension(oid); - - if (critical == ext.isCritical()) - { - set.add(oid.getId()); - } - } - } - - return set; - } - - public Set getCriticalExtensionOIDs() - { - return getExtensionOIDs(true); - } - - public Set getNonCriticalExtensionOIDs() - { - return getExtensionOIDs(false); - } - - public byte[] getExtensionValue(String oid) - { - X509Extensions exts = this.getSingleExtensions(); - - if (exts != null) - { - X509Extension ext = exts.getExtension(new ASN1ObjectIdentifier(oid)); - - if (ext != null) - { - try - { - return ext.getValue().getEncoded(ASN1Encoding.DER); - } - catch (Exception e) - { - throw new RuntimeException("error encoding " + e.toString()); - } - } - } - - return null; - } -} diff --git a/prov/src/main/java/org/bouncycastle/ocsp/UnknownStatus.java b/prov/src/main/java/org/bouncycastle/ocsp/UnknownStatus.java deleted file mode 100644 index cd041476..00000000 --- a/prov/src/main/java/org/bouncycastle/ocsp/UnknownStatus.java +++ /dev/null @@ -1,12 +0,0 @@ -package org.bouncycastle.ocsp; - -/** - * wrapper for the UnknownInfo object - */ -public class UnknownStatus - implements CertificateStatus -{ - public UnknownStatus() - { - } -} diff --git a/prov/src/test/java/org/bouncycastle/jce/provider/test/TestUtils.java b/prov/src/test/java/org/bouncycastle/jce/provider/test/TestUtils.java index bd4cfa64..4d57efe0 100644 --- a/prov/src/test/java/org/bouncycastle/jce/provider/test/TestUtils.java +++ b/prov/src/test/java/org/bouncycastle/jce/provider/test/TestUtils.java @@ -24,6 +24,7 @@ import org.bouncycastle.asn1.x509.BasicConstraints; import org.bouncycastle.asn1.x509.CRLNumber; import org.bouncycastle.asn1.x509.CRLReason; import org.bouncycastle.asn1.x509.KeyUsage; +import org.bouncycastle.asn1.x509.SubjectKeyIdentifier; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.asn1.x509.X509Extensions; import org.bouncycastle.crypto.Digest; @@ -34,7 +35,6 @@ import org.bouncycastle.x509.X509V1CertificateGenerator; import org.bouncycastle.x509.X509V2CRLGenerator; import org.bouncycastle.x509.X509V3CertificateGenerator; import org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure; -import org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure; /** * Test Utils @@ -84,7 +84,7 @@ class TestUtils certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert)); - certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(getDigest(SubjectPublicKeyInfo.getInstance(intKey.getEncoded())))); + certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(getDigest(SubjectPublicKeyInfo.getInstance(intKey.getEncoded())))); certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(0)); certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign)); @@ -105,7 +105,7 @@ class TestUtils certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert)); - certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(getDigest(SubjectPublicKeyInfo.getInstance(entityKey.getEncoded())))); + certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(getDigest(SubjectPublicKeyInfo.getInstance(entityKey.getEncoded())))); certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false)); certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); |