diff options
46 files changed, 626 insertions, 3891 deletions
diff --git a/core/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java b/core/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java index c91fdc6c..476660ba 100644 --- a/core/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java +++ b/core/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java @@ -101,7 +101,7 @@ public class AuthorityKeyIdentifier * publicKey.getEncoded()).readObject()); * AuthorityKeyIdentifier aki = new AuthorityKeyIdentifier(apki); * </pre> - * + * @deprecated create the extension using org.bouncycastle.cert.X509ExtensionUtils **/ public AuthorityKeyIdentifier( SubjectPublicKeyInfo spki) @@ -118,6 +118,7 @@ public class AuthorityKeyIdentifier /** * create an AuthorityKeyIdentifier with the GeneralNames tag and * the serial number provided as well. + * @deprecated create the extension using org.bouncycastle.cert.X509ExtensionUtils */ public AuthorityKeyIdentifier( SubjectPublicKeyInfo spki, diff --git a/pg/src/main/java/org/bouncycastle/openpgp/PGPEncryptedDataGenerator.java b/pg/src/main/java/org/bouncycastle/openpgp/PGPEncryptedDataGenerator.java index 24d35603..6ae92d13 100644 --- a/pg/src/main/java/org/bouncycastle/openpgp/PGPEncryptedDataGenerator.java +++ b/pg/src/main/java/org/bouncycastle/openpgp/PGPEncryptedDataGenerator.java @@ -2,8 +2,6 @@ package org.bouncycastle.openpgp; import java.io.IOException; import java.io.OutputStream; -import java.security.NoSuchProviderException; -import java.security.Provider; import java.security.SecureRandom; import java.util.ArrayList; import java.util.List; @@ -12,16 +10,11 @@ import org.bouncycastle.bcpg.BCPGOutputStream; import org.bouncycastle.bcpg.HashAlgorithmTags; import org.bouncycastle.bcpg.PacketTags; import org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags; -import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.openpgp.operator.PBEKeyEncryptionMethodGenerator; import org.bouncycastle.openpgp.operator.PGPDataEncryptor; import org.bouncycastle.openpgp.operator.PGPDataEncryptorBuilder; import org.bouncycastle.openpgp.operator.PGPDigestCalculator; import org.bouncycastle.openpgp.operator.PGPKeyEncryptionMethodGenerator; -import org.bouncycastle.openpgp.operator.jcajce.JcaPGPDigestCalculatorProviderBuilder; -import org.bouncycastle.openpgp.operator.jcajce.JcePBEKeyEncryptionMethodGenerator; -import org.bouncycastle.openpgp.operator.jcajce.JcePGPDataEncryptorBuilder; -import org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyKeyEncryptionMethodGenerator; import org.bouncycastle.util.io.TeeOutputStream; /** @@ -66,130 +59,22 @@ public class PGPEncryptedDataGenerator private int defAlgorithm; private SecureRandom rand; - private static Provider defProvider; - - /** - * Base constructor. - * - * @param encAlgorithm the symmetric algorithm to use. - * @param rand source of randomness - * @param provider the provider name to use for encryption algorithms. - * @deprecated use constructor that takes a PGPDataEncryptor - */ - public PGPEncryptedDataGenerator( - int encAlgorithm, - SecureRandom rand, - String provider) - { - this(new JcePGPDataEncryptorBuilder(encAlgorithm).setSecureRandom(rand).setProvider(provider)); - } - - /** - * Base constructor. - * - * @param encAlgorithm the symmetric algorithm to use. - * @param rand source of randomness - * @param provider the provider to use for encryption algorithms. - * @deprecated use constructor that takes a PGPDataEncryptorBuilder - */ - public PGPEncryptedDataGenerator( - int encAlgorithm, - SecureRandom rand, - Provider provider) - { - this(new JcePGPDataEncryptorBuilder(encAlgorithm).setSecureRandom(rand).setProvider(provider)); - } - /** - * Creates a cipher stream which will have an integrity packet - * associated with it. - * - * @param encAlgorithm - * @param withIntegrityPacket - * @param rand - * @param provider - * @deprecated use constructor that takes a PGPDataEncryptorBuilder - */ - public PGPEncryptedDataGenerator( - int encAlgorithm, - boolean withIntegrityPacket, - SecureRandom rand, - String provider) - { - this(new JcePGPDataEncryptorBuilder(encAlgorithm).setWithIntegrityPacket(withIntegrityPacket).setSecureRandom(rand).setProvider(provider)); - } - - /** - * Creates a cipher stream which will have an integrity packet - * associated with it. - * - * @param encAlgorithm - * @param withIntegrityPacket - * @param rand - * @param provider - * @deprecated use constructor that takes a PGPDataEncryptorBuilder - */ - public PGPEncryptedDataGenerator( - int encAlgorithm, - boolean withIntegrityPacket, - SecureRandom rand, - Provider provider) - { - this(new JcePGPDataEncryptorBuilder(encAlgorithm).setWithIntegrityPacket(withIntegrityPacket).setSecureRandom(rand).setProvider(provider)); - } - - /** - * Base constructor. - * - * @param encAlgorithm the symmetric algorithm to use. - * @param rand source of randomness - * @param oldFormat PGP 2.6.x compatibility required. - * @param provider the provider to use for encryption algorithms. - * @deprecated use constructor that takes a PGPDataEncryptorBuilder - */ - public PGPEncryptedDataGenerator( - int encAlgorithm, - SecureRandom rand, - boolean oldFormat, - String provider) - { - this(new JcePGPDataEncryptorBuilder(encAlgorithm).setSecureRandom(rand).setProvider(provider), oldFormat); - } - - /** - * Base constructor. - * - * @param encAlgorithm the symmetric algorithm to use. - * @param rand source of randomness - * @param oldFormat PGP 2.6.x compatibility required. - * @param provider the provider to use for encryption algorithms. - * @deprecated use constructor that takes a PGPDataEncryptorBuilder - */ - public PGPEncryptedDataGenerator( - int encAlgorithm, - SecureRandom rand, - boolean oldFormat, - Provider provider) - { - this(new JcePGPDataEncryptorBuilder(encAlgorithm).setSecureRandom(rand).setProvider(provider), oldFormat); - } - - /** - * Base constructor. - * - * @param encryptorBuilder builder to create actual data encryptor. - */ + * Base constructor. + * + * @param encryptorBuilder builder to create actual data encryptor. + */ public PGPEncryptedDataGenerator(PGPDataEncryptorBuilder encryptorBuilder) { this(encryptorBuilder, false); } - /** - * Base constructor with the option to turn on formatting for PGP 2.6.x compatibility. - * - * @param encryptorBuilder builder to create actual data encryptor. - * @param oldFormat PGP 2.6.x compatibility required. - */ + /** + * Base constructor with the option to turn on formatting for PGP 2.6.x compatibility. + * + * @param encryptorBuilder builder to create actual data encryptor. + * @param oldFormat PGP 2.6.x compatibility required. + */ public PGPEncryptedDataGenerator(PGPDataEncryptorBuilder encryptorBuilder, boolean oldFormat) { this.dataEncryptorBuilder = encryptorBuilder; @@ -200,68 +85,6 @@ public class PGPEncryptedDataGenerator } /** - * Add a PBE encryption method to the encrypted object using the default algorithm (S2K_SHA1). - * - * @param passPhrase - * @throws NoSuchProviderException - * @throws PGPException - * @deprecated use addMethod that takes PGPKeyEncryptionMethodGenerator - */ - public void addMethod( - char[] passPhrase) - throws NoSuchProviderException, PGPException - { - addMethod(passPhrase, HashAlgorithmTags.SHA1); - } - - /** - * Add a PBE encryption method to the encrypted object. - * - * @param passPhrase passphrase to use to generate key. - * @param s2kDigest digest algorithm to use for S2K calculation - * @throws NoSuchProviderException - * @throws PGPException - * @deprecated use addMethod that takes PGPKeyEncryptionMethodGenerator - */ - public void addMethod( - char[] passPhrase, - int s2kDigest) - throws NoSuchProviderException, PGPException - { - if (defProvider == null) - { - defProvider = new BouncyCastleProvider(); - } - - addMethod(new JcePBEKeyEncryptionMethodGenerator(passPhrase, new JcaPGPDigestCalculatorProviderBuilder().setProvider(defProvider).build().get(s2kDigest)).setProvider(defProvider).setSecureRandom(rand)); - } - - /** - * Add a public key encrypted session key to the encrypted object. - * - * @param key - * @throws NoSuchProviderException - * @throws PGPException - * @deprecated use addMethod that takes PGPKeyEncryptionMethodGenerator - */ - public void addMethod( - PGPPublicKey key) - throws NoSuchProviderException, PGPException - { - if (!key.isEncryptionKey()) - { - throw new IllegalArgumentException("passed in key not an encryption key!"); - } - - if (defProvider == null) - { - defProvider = new BouncyCastleProvider(); - } - - addMethod(new JcePublicKeyKeyEncryptionMethodGenerator(key).setProvider(defProvider).setSecureRandom(rand)); - } - - /** * Added a key encryption method to be used to encrypt the session data associated * with this encrypted data. * @@ -308,7 +131,7 @@ public class PGPEncryptedDataGenerator * @param out * @param length * @param buffer - * @return + * @return the generator's output stream. * @throws java.io.IOException * @throws PGPException * @throws IllegalStateException diff --git a/pg/src/main/java/org/bouncycastle/openpgp/PGPPBEEncryptedData.java b/pg/src/main/java/org/bouncycastle/openpgp/PGPPBEEncryptedData.java index c3143395..a24cdc47 100644 --- a/pg/src/main/java/org/bouncycastle/openpgp/PGPPBEEncryptedData.java +++ b/pg/src/main/java/org/bouncycastle/openpgp/PGPPBEEncryptedData.java @@ -2,8 +2,6 @@ package org.bouncycastle.openpgp; import java.io.EOFException; import java.io.InputStream; -import java.security.NoSuchProviderException; -import java.security.Provider; import org.bouncycastle.bcpg.BCPGInputStream; import org.bouncycastle.bcpg.InputStreamPacket; @@ -11,8 +9,6 @@ import org.bouncycastle.bcpg.SymmetricEncIntegrityPacket; import org.bouncycastle.bcpg.SymmetricKeyEncSessionPacket; import org.bouncycastle.openpgp.operator.PBEDataDecryptorFactory; import org.bouncycastle.openpgp.operator.PGPDataDecryptor; -import org.bouncycastle.openpgp.operator.jcajce.JcaPGPDigestCalculatorProviderBuilder; -import org.bouncycastle.openpgp.operator.jcajce.JcePBEDataDecryptorFactoryBuilder; import org.bouncycastle.util.io.TeeInputStream; /** @@ -42,41 +38,6 @@ public class PGPPBEEncryptedData return encData.getInputStream(); } - /** - * Return the decrypted input stream, using the passed in passPhrase. - * - * @param passPhrase - * @param provider - * @return InputStream - * @throws PGPException - * @throws NoSuchProviderException - * @deprecated use PBEDataDecryptorFactory method - */ - public InputStream getDataStream( - char[] passPhrase, - String provider) - throws PGPException, NoSuchProviderException - { - return getDataStream(passPhrase, PGPUtil.getProvider(provider)); - } - - /** - * Return the decrypted input stream, using the passed in passPhrase. - * - * @param passPhrase - * @param provider - * @return InputStream - * @throws PGPException - * @deprecated use PBEDataDecryptorFactory method - */ - public InputStream getDataStream( - char[] passPhrase, - Provider provider) - throws PGPException - { - return getDataStream(new JcePBEDataDecryptorFactoryBuilder(new JcaPGPDigestCalculatorProviderBuilder().setProvider(provider).build()).setProvider(provider).build(passPhrase)); - } - /** * Return the symmetric key algorithm required to decrypt the data protected by this object. * diff --git a/pg/src/main/java/org/bouncycastle/openpgp/PGPPublicKeyEncryptedData.java b/pg/src/main/java/org/bouncycastle/openpgp/PGPPublicKeyEncryptedData.java index 27747c06..8e541fea 100644 --- a/pg/src/main/java/org/bouncycastle/openpgp/PGPPublicKeyEncryptedData.java +++ b/pg/src/main/java/org/bouncycastle/openpgp/PGPPublicKeyEncryptedData.java @@ -57,32 +57,6 @@ public class PGPPublicKeyEncryptedData } /** - * Return the algorithm code for the symmetric algorithm used to encrypt the data. - * - * @return integer algorithm code - * @deprecated use the method taking a PublicKeyDataDecryptorFactory - */ - public int getSymmetricAlgorithm( - PGPPrivateKey privKey, - String provider) - throws PGPException, NoSuchProviderException - { - return getSymmetricAlgorithm(privKey, PGPUtil.getProvider(provider)); - } - - /** - * - * @deprecated use the method taking a PublicKeyDataDecryptorFactory - */ - public int getSymmetricAlgorithm( - PGPPrivateKey privKey, - Provider provider) - throws PGPException, NoSuchProviderException - { - return getSymmetricAlgorithm(new JcePublicKeyDataDecryptorFactoryBuilder().setProvider(provider).setContentProvider(provider).build(privKey)); - } - - /** * Return the symmetric key algorithm required to decrypt the data protected by this object. * * @param dataDecryptorFactory decryptor factory to use to recover the session data. @@ -116,22 +90,6 @@ public class PGPPublicKeyEncryptedData return getDataStream(privKey, provider, provider); } - /** - * - * @param privKey - * @param provider - * @return - * @throws PGPException - * @deprecated use method that takes a PublicKeyDataDecryptorFactory - */ - public InputStream getDataStream( - PGPPrivateKey privKey, - Provider provider) - throws PGPException - { - return getDataStream(privKey, provider, provider); - } - /** * Return the decrypted data stream for the packet. * diff --git a/pg/src/main/jdk1.1/org/bouncycastle/openpgp/test/PGPDSAElGamalTest.java b/pg/src/main/jdk1.1/org/bouncycastle/openpgp/test/PGPDSAElGamalTest.java index 251d4348..11f9670d 100644 --- a/pg/src/main/jdk1.1/org/bouncycastle/openpgp/test/PGPDSAElGamalTest.java +++ b/pg/src/main/jdk1.1/org/bouncycastle/openpgp/test/PGPDSAElGamalTest.java @@ -22,6 +22,7 @@ import org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.jce.spec.ElGamalParameterSpec; import org.bouncycastle.openpgp.PGPCompressedData; +import org.bouncycastle.openpgp.PGPEncryptedData; import org.bouncycastle.openpgp.PGPEncryptedDataGenerator; import org.bouncycastle.openpgp.PGPEncryptedDataList; import org.bouncycastle.openpgp.PGPKeyPair; @@ -294,7 +295,7 @@ public class PGPDSAElGamalTest implements Test PGPPublicKeyEncryptedData encP = (PGPPublicKeyEncryptedData)encList.get(0); - InputStream clear = encP.getDataStream(pgpPrivKey, "BC"); + InputStream clear = encP.getDataStream(new JcePublicKeyDataDecryptorFactoryBuilder().setProvider("BC").build(pgpPrivKey)); pgpFact = new PGPObjectFactory(clear); @@ -332,7 +333,7 @@ public class PGPDSAElGamalTest implements Test encP = (PGPPublicKeyEncryptedData)encList.get(0); - clear = encP.getDataStream(pgpPrivKey, "BC"); + clear = encP.getDataStream(new JcePublicKeyDataDecryptorFactoryBuilder().setProvider("BC").build(pgpPrivKey)); pgpFact = new PGPObjectFactory(clear); @@ -382,10 +383,10 @@ public class PGPDSAElGamalTest implements Test // encrypt // ByteArrayOutputStream cbOut = new ByteArrayOutputStream(); - PGPEncryptedDataGenerator cPk = new PGPEncryptedDataGenerator(SymmetricKeyAlgorithmTags.TRIPLE_DES, new SecureRandom(), "BC"); + PGPEncryptedDataGenerator cPk = new PGPEncryptedDataGenerator(new JcePGPDataEncryptorBuilder(PGPEncryptedData.TRIPLE_DES).setSecureRandom(new SecureRandom()).setProvider("BC")); PGPPublicKey puK = sKey.getSecretKey(pgpKeyID).getPublicKey(); - cPk.addMethod(puK); + cPk.addMethod(new JcePublicKeyKeyEncryptionMethodGenerator(puK).setProvider("BC")); OutputStream cOut = cPk.open(cbOut, bOut.toByteArray().length); @@ -401,7 +402,7 @@ public class PGPDSAElGamalTest implements Test pgpPrivKey = sKey.getSecretKey(pgpKeyID).extractPrivateKey(pass, "BC"); - clear = encP.getDataStream(pgpPrivKey, "BC"); + clear = encP.getDataStream(new JcePublicKeyDataDecryptorFactoryBuilder().setProvider("BC").build(pgpPrivKey)); bOut.reset(); diff --git a/pg/src/test/java/org/bouncycastle/openpgp/test/PGPDSAElGamalTest.java b/pg/src/test/java/org/bouncycastle/openpgp/test/PGPDSAElGamalTest.java index 76ff2708..04474cff 100644 --- a/pg/src/test/java/org/bouncycastle/openpgp/test/PGPDSAElGamalTest.java +++ b/pg/src/test/java/org/bouncycastle/openpgp/test/PGPDSAElGamalTest.java @@ -43,6 +43,9 @@ import org.bouncycastle.openpgp.PGPSignature; import org.bouncycastle.openpgp.PGPSignatureGenerator; import org.bouncycastle.openpgp.PGPSignatureList; import org.bouncycastle.openpgp.PGPUtil; +import org.bouncycastle.openpgp.operator.jcajce.JcePGPDataEncryptorBuilder; +import org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyDataDecryptorFactoryBuilder; +import org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyKeyEncryptionMethodGenerator; import org.bouncycastle.util.encoders.Base64; import org.bouncycastle.util.test.SimpleTest; import org.bouncycastle.util.test.UncloseableOutputStream; @@ -294,7 +297,7 @@ public class PGPDSAElGamalTest PGPPublicKeyEncryptedData encP = (PGPPublicKeyEncryptedData)encList.get(0); - InputStream clear = encP.getDataStream(pgpPrivKey, "BC"); + InputStream clear = encP.getDataStream(new JcePublicKeyDataDecryptorFactoryBuilder().setProvider("BC").build(pgpPrivKey)); pgpFact = new PGPObjectFactory(clear); @@ -332,7 +335,7 @@ public class PGPDSAElGamalTest encP = (PGPPublicKeyEncryptedData)encList.get(0); - clear = encP.getDataStream(pgpPrivKey, "BC"); + clear = encP.getDataStream(new JcePublicKeyDataDecryptorFactoryBuilder().setProvider("BC").build(pgpPrivKey)); pgpFact = new PGPObjectFactory(clear); @@ -382,10 +385,10 @@ public class PGPDSAElGamalTest // encrypt // ByteArrayOutputStream cbOut = new ByteArrayOutputStream(); - PGPEncryptedDataGenerator cPk = new PGPEncryptedDataGenerator(SymmetricKeyAlgorithmTags.TRIPLE_DES, new SecureRandom(), "BC"); + PGPEncryptedDataGenerator cPk = new PGPEncryptedDataGenerator(new JcePGPDataEncryptorBuilder(SymmetricKeyAlgorithmTags.TRIPLE_DES).setSecureRandom(new SecureRandom()).setProvider("BC")); PGPPublicKey puK = sKey.getSecretKey(pgpKeyID).getPublicKey(); - cPk.addMethod(puK); + cPk.addMethod(new JcePublicKeyKeyEncryptionMethodGenerator(puK).setProvider("BC")); OutputStream cOut = cPk.open(new UncloseableOutputStream(cbOut), bOut.toByteArray().length); @@ -401,7 +404,7 @@ public class PGPDSAElGamalTest pgpPrivKey = sKey.getSecretKey(pgpKeyID).extractPrivateKey(pass, "BC"); - clear = encP.getDataStream(pgpPrivKey, "BC"); + clear = encP.getDataStream(new JcePublicKeyDataDecryptorFactoryBuilder().setProvider("BC").build(pgpPrivKey)); bOut.reset(); @@ -460,11 +463,11 @@ public class PGPDSAElGamalTest PGPKeyPair elGamalKeyPair = new PGPKeyPair( PublicKeyAlgorithmTags.ELGAMAL_GENERAL, kp, new Date()); - cPk = new PGPEncryptedDataGenerator(SymmetricKeyAlgorithmTags.CAST5, random, "BC"); + cPk = new PGPEncryptedDataGenerator(new JcePGPDataEncryptorBuilder(SymmetricKeyAlgorithmTags.CAST5).setSecureRandom(new SecureRandom()).setProvider("BC")); puK = elGamalKeyPair.getPublicKey(); - cPk.addMethod(puK); + cPk.addMethod(new JcePublicKeyKeyEncryptionMethodGenerator(puK).setProvider("BC")); cbOut = new ByteArrayOutputStream(); @@ -483,7 +486,7 @@ public class PGPDSAElGamalTest pgpPrivKey = elGamalKeyPair.getPrivateKey(); // Note: This is where an exception would be expected if the P size causes problems - clear = encP.getDataStream(pgpPrivKey, "BC"); + clear = encP.getDataStream(new JcePublicKeyDataDecryptorFactoryBuilder().setProvider("BC").build(pgpPrivKey)); ByteArrayOutputStream dec = new ByteArrayOutputStream(); diff --git a/pg/src/test/java/org/bouncycastle/openpgp/test/PGPPBETest.java b/pg/src/test/java/org/bouncycastle/openpgp/test/PGPPBETest.java index 0aa6570f..f65be934 100644 --- a/pg/src/test/java/org/bouncycastle/openpgp/test/PGPPBETest.java +++ b/pg/src/test/java/org/bouncycastle/openpgp/test/PGPPBETest.java @@ -1,5 +1,12 @@ package org.bouncycastle.openpgp.test; +import java.io.ByteArrayOutputStream; +import java.io.InputStream; +import java.io.OutputStream; +import java.security.SecureRandom; +import java.security.Security; +import java.util.Date; + import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.openpgp.PGPCompressedData; import org.bouncycastle.openpgp.PGPCompressedDataGenerator; @@ -10,18 +17,15 @@ import org.bouncycastle.openpgp.PGPLiteralData; import org.bouncycastle.openpgp.PGPLiteralDataGenerator; import org.bouncycastle.openpgp.PGPObjectFactory; import org.bouncycastle.openpgp.PGPPBEEncryptedData; +import org.bouncycastle.openpgp.operator.jcajce.JcaPGPDigestCalculatorProviderBuilder; +import org.bouncycastle.openpgp.operator.jcajce.JcePBEDataDecryptorFactoryBuilder; +import org.bouncycastle.openpgp.operator.jcajce.JcePBEKeyEncryptionMethodGenerator; +import org.bouncycastle.openpgp.operator.jcajce.JcePGPDataEncryptorBuilder; import org.bouncycastle.util.encoders.Base64; import org.bouncycastle.util.encoders.Hex; import org.bouncycastle.util.test.SimpleTest; import org.bouncycastle.util.test.UncloseableOutputStream; -import java.io.ByteArrayOutputStream; -import java.io.InputStream; -import java.io.OutputStream; -import java.security.SecureRandom; -import java.security.Security; -import java.util.Date; - public class PGPPBETest extends SimpleTest { @@ -66,7 +70,7 @@ public class PGPPBETest PGPEncryptedDataList enc = (PGPEncryptedDataList)pgpF.nextObject(); PGPPBEEncryptedData pbe = (PGPPBEEncryptedData)enc.get(0); - InputStream clear = pbe.getDataStream(pass, "BC"); + InputStream clear = pbe.getDataStream(new JcePBEDataDecryptorFactoryBuilder(new JcaPGPDigestCalculatorProviderBuilder().setProvider("BC").build()).setProvider("BC").build(pass)); PGPObjectFactory pgpFact = new PGPObjectFactory(clear); PGPCompressedData cData = (PGPCompressedData)pgpFact.nextObject(); @@ -111,7 +115,7 @@ public class PGPPBETest PGPEncryptedDataList enc = (PGPEncryptedDataList)pgpF.nextObject(); PGPPBEEncryptedData pbe = (PGPPBEEncryptedData)enc.get(0); - InputStream clear = pbe.getDataStream(pass, "BC"); + InputStream clear = pbe.getDataStream(new JcePBEDataDecryptorFactoryBuilder(new JcaPGPDigestCalculatorProviderBuilder().setProvider("BC").build()).setProvider("BC").build(pass)); PGPObjectFactory pgpFact = new PGPObjectFactory(clear); PGPCompressedData cData = (PGPCompressedData)pgpFact.nextObject(); @@ -191,9 +195,9 @@ public class PGPPBETest // encrypt - with stream close // ByteArrayOutputStream cbOut = new ByteArrayOutputStream(); - PGPEncryptedDataGenerator cPk = new PGPEncryptedDataGenerator(PGPEncryptedData.CAST5, new SecureRandom(), "BC"); + PGPEncryptedDataGenerator cPk = new PGPEncryptedDataGenerator(new JcePGPDataEncryptorBuilder(PGPEncryptedData.CAST5).setSecureRandom(new SecureRandom()).setProvider("BC")); - cPk.addMethod(pass); + cPk.addMethod(new JcePBEKeyEncryptionMethodGenerator(pass).setProvider("BC")); OutputStream cOut = cPk.open(new UncloseableOutputStream(cbOut), bOut.toByteArray().length); @@ -212,9 +216,9 @@ public class PGPPBETest // encrypt - with generator close // cbOut = new ByteArrayOutputStream(); - cPk = new PGPEncryptedDataGenerator(PGPEncryptedData.CAST5, new SecureRandom(), "BC"); + cPk = new PGPEncryptedDataGenerator(new JcePGPDataEncryptorBuilder(PGPEncryptedData.CAST5).setSecureRandom(new SecureRandom()).setProvider("BC")); - cPk.addMethod(pass); + cPk.addMethod(new JcePBEKeyEncryptionMethodGenerator(pass).setProvider("BC")); cOut = cPk.open(new UncloseableOutputStream(cbOut), bOut.toByteArray().length); @@ -256,9 +260,9 @@ public class PGPPBETest comOut.close(); cbOut = new ByteArrayOutputStream(); - cPk = new PGPEncryptedDataGenerator(PGPEncryptedData.CAST5, rand, "BC"); + cPk = new PGPEncryptedDataGenerator(new JcePGPDataEncryptorBuilder(PGPEncryptedData.CAST5).setSecureRandom(rand).setProvider("BC")); - cPk.addMethod(pass); + cPk.addMethod(new JcePBEKeyEncryptionMethodGenerator(pass).setProvider("BC")); cOut = cPk.open(new UncloseableOutputStream(cbOut), new byte[16]); @@ -276,9 +280,9 @@ public class PGPPBETest // with integrity packet // cbOut = new ByteArrayOutputStream(); - cPk = new PGPEncryptedDataGenerator(PGPEncryptedData.CAST5, true, rand, "BC"); + cPk = new PGPEncryptedDataGenerator(new JcePGPDataEncryptorBuilder(PGPEncryptedData.CAST5).setWithIntegrityPacket(true).setSecureRandom(rand).setProvider("BC")); - cPk.addMethod(pass); + cPk.addMethod(new JcePBEKeyEncryptionMethodGenerator(pass).setProvider("BC")); cOut = cPk.open(new UncloseableOutputStream(cbOut), new byte[16]); @@ -310,7 +314,7 @@ public class PGPPBETest PGPPBEEncryptedData pbe = (PGPPBEEncryptedData)enc.get(1); - InputStream clear = pbe.getDataStream("password".toCharArray(), "BC"); + InputStream clear = pbe.getDataStream(new JcePBEDataDecryptorFactoryBuilder(new JcaPGPDigestCalculatorProviderBuilder().setProvider("BC").build()).setProvider("BC").build("password".toCharArray())); pgpFact = new PGPObjectFactory(clear); @@ -355,9 +359,9 @@ public class PGPPBETest comOut.close(); cbOut = new ByteArrayOutputStream(); - cPk = new PGPEncryptedDataGenerator(PGPEncryptedData.CAST5, true, rand, "BC"); + cPk = new PGPEncryptedDataGenerator(new JcePGPDataEncryptorBuilder(PGPEncryptedData.CAST5).setWithIntegrityPacket(true).setSecureRandom(rand).setProvider("BC")); - cPk.addMethod(pass); + cPk.addMethod(new JcePBEKeyEncryptionMethodGenerator(pass).setProvider("BC")); cOut = cPk.open(new UncloseableOutputStream(cbOut), new byte[16]); diff --git a/pg/src/test/java/org/bouncycastle/openpgp/test/PGPRSATest.java b/pg/src/test/java/org/bouncycastle/openpgp/test/PGPRSATest.java index 41fa6c10..485a344a 100644 --- a/pg/src/test/java/org/bouncycastle/openpgp/test/PGPRSATest.java +++ b/pg/src/test/java/org/bouncycastle/openpgp/test/PGPRSATest.java @@ -53,11 +53,17 @@ import org.bouncycastle.openpgp.PGPUserAttributeSubpacketVectorGenerator; import org.bouncycastle.openpgp.PGPUtil; import org.bouncycastle.openpgp.PGPV3SignatureGenerator; import org.bouncycastle.openpgp.operator.PGPDigestCalculator; +import org.bouncycastle.openpgp.operator.PublicKeyDataDecryptorFactory; import org.bouncycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator; import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentSignerBuilder; import org.bouncycastle.openpgp.operator.jcajce.JcaPGPDigestCalculatorProviderBuilder; import org.bouncycastle.openpgp.operator.jcajce.JcaPGPKeyPair; +import org.bouncycastle.openpgp.operator.jcajce.JcePBEDataDecryptorFactoryBuilder; +import org.bouncycastle.openpgp.operator.jcajce.JcePBEKeyEncryptionMethodGenerator; import org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyEncryptorBuilder; +import org.bouncycastle.openpgp.operator.jcajce.JcePGPDataEncryptorBuilder; +import org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyDataDecryptorFactoryBuilder; +import org.bouncycastle.openpgp.operator.jcajce.JcePublicKeyKeyEncryptionMethodGenerator; import org.bouncycastle.util.Arrays; import org.bouncycastle.util.encoders.Base64; import org.bouncycastle.util.encoders.Hex; @@ -436,11 +442,11 @@ public class PGPRSATest ByteArrayOutputStream bcOut = new ByteArrayOutputStream(); - PGPEncryptedDataGenerator encGen = new PGPEncryptedDataGenerator(SymmetricKeyAlgorithmTags.AES_128, true, new SecureRandom(), "BC"); + PGPEncryptedDataGenerator encGen = new PGPEncryptedDataGenerator(new JcePGPDataEncryptorBuilder(SymmetricKeyAlgorithmTags.AES_128).setWithIntegrityPacket(true).setSecureRandom(new SecureRandom()).setProvider("BC")); - encGen.addMethod(pgpPubKey); + encGen.addMethod(new JcePublicKeyKeyEncryptionMethodGenerator(pgpPubKey).setProvider("BC")); - encGen.addMethod("password".toCharArray()); + encGen.addMethod(new JcePBEKeyEncryptionMethodGenerator("password".toCharArray()).setProvider("BC")); OutputStream cOut = encGen.open(bcOut, bytes.length); @@ -459,7 +465,7 @@ public class PGPRSATest PGPPublicKeyEncryptedData encP = (PGPPublicKeyEncryptedData)encList.get(0); - InputStream clear = encP.getDataStream(pgpPrivKey, "BC"); + InputStream clear = encP.getDataStream(new JcePublicKeyDataDecryptorFactoryBuilder().setProvider("BC").build(pgpPrivKey)); PGPObjectFactory pgpFact = new PGPObjectFactory(clear); @@ -474,7 +480,7 @@ public class PGPRSATest PGPPBEEncryptedData encPbe = (PGPPBEEncryptedData)encList.get(1); - clear = encPbe.getDataStream("password".toCharArray(), "BC"); + clear = encPbe.getDataStream(new JcePBEDataDecryptorFactoryBuilder(new JcaPGPDigestCalculatorProviderBuilder().setProvider("BC").build()).setProvider("BC").build("password".toCharArray())); pgpF = new PGPObjectFactory(clear); @@ -994,7 +1000,7 @@ public class PGPRSATest pgpPrivKey = pgpPriv.getSecretKey(encP.getKeyID()).extractPrivateKey(pass, "BC"); - InputStream clear = encP.getDataStream(pgpPrivKey, "BC"); + InputStream clear = encP.getDataStream(new JcePublicKeyDataDecryptorFactoryBuilder().setProvider("BC").build(pgpPrivKey)); pgpFact = new PGPObjectFactory(clear); @@ -1029,10 +1035,10 @@ public class PGPRSATest byte[] shortText = { (byte)'h', (byte)'e', (byte)'l', (byte)'l', (byte)'o' }; ByteArrayOutputStream cbOut = new ByteArrayOutputStream(); - PGPEncryptedDataGenerator cPk = new PGPEncryptedDataGenerator(SymmetricKeyAlgorithmTags.CAST5, new SecureRandom(), "BC"); + PGPEncryptedDataGenerator cPk = new PGPEncryptedDataGenerator(new JcePGPDataEncryptorBuilder(SymmetricKeyAlgorithmTags.CAST5).setSecureRandom(new SecureRandom()).setProvider("BC")); PGPPublicKey puK = pgpPriv.getSecretKey(encP.getKeyID()).getPublicKey(); - cPk.addMethod(puK); + cPk.addMethod(new JcePublicKeyKeyEncryptionMethodGenerator(puK).setProvider("BC")); OutputStream cOut = cPk.open(new UncloseableOutputStream(cbOut), shortText.length); @@ -1048,12 +1054,13 @@ public class PGPRSATest pgpPrivKey = pgpPriv.getSecretKey(encP.getKeyID()).extractPrivateKey(pass, "BC"); - if (encP.getSymmetricAlgorithm(pgpPrivKey, "BC") != SymmetricKeyAlgorithmTags.CAST5) + PublicKeyDataDecryptorFactory dataDecryptorFactory = new JcePublicKeyDataDecryptorFactoryBuilder().setProvider("BC").build(pgpPrivKey); + if (encP.getSymmetricAlgorithm(dataDecryptorFactory) != SymmetricKeyAlgorithmTags.CAST5) { fail("symmetric algorithm mismatch"); } - clear = encP.getDataStream(pgpPrivKey, "BC"); + clear = encP.getDataStream(dataDecryptorFactory); bOut.reset(); @@ -1073,10 +1080,10 @@ public class PGPRSATest // encrypt // cbOut = new ByteArrayOutputStream(); - cPk = new PGPEncryptedDataGenerator(SymmetricKeyAlgorithmTags.CAST5, new SecureRandom(), "BC"); + cPk = new PGPEncryptedDataGenerator(new JcePGPDataEncryptorBuilder(SymmetricKeyAlgorithmTags.CAST5).setSecureRandom(new SecureRandom()).setProvider("BC")); puK = pgpPriv.getSecretKey(encP.getKeyID()).getPublicKey(); - cPk.addMethod(puK); + cPk.addMethod(new JcePublicKeyKeyEncryptionMethodGenerator(puK).setProvider("BC")); cOut = cPk.open(new UncloseableOutputStream(cbOut), text.length); @@ -1092,7 +1099,7 @@ public class PGPRSATest pgpPrivKey = pgpPriv.getSecretKey(encP.getKeyID()).extractPrivateKey(pass, "BC"); - clear = encP.getDataStream(pgpPrivKey, "BC"); + clear = encP.getDataStream(new JcePublicKeyDataDecryptorFactoryBuilder().setProvider("BC").build(pgpPrivKey)); bOut.reset(); diff --git a/pg/src/test/jdk1.1/org/bouncycastle/openpgp/test/PGPDSAElGamalTest.java b/pg/src/test/jdk1.1/org/bouncycastle/openpgp/test/PGPDSAElGamalTest.java index 251d4348..11f9670d 100644 --- a/pg/src/test/jdk1.1/org/bouncycastle/openpgp/test/PGPDSAElGamalTest.java +++ b/pg/src/test/jdk1.1/org/bouncycastle/openpgp/test/PGPDSAElGamalTest.java @@ -22,6 +22,7 @@ import org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.jce.spec.ElGamalParameterSpec; import org.bouncycastle.openpgp.PGPCompressedData; +import org.bouncycastle.openpgp.PGPEncryptedData; import org.bouncycastle.openpgp.PGPEncryptedDataGenerator; import org.bouncycastle.openpgp.PGPEncryptedDataList; import org.bouncycastle.openpgp.PGPKeyPair; @@ -294,7 +295,7 @@ public class PGPDSAElGamalTest implements Test PGPPublicKeyEncryptedData encP = (PGPPublicKeyEncryptedData)encList.get(0); - InputStream clear = encP.getDataStream(pgpPrivKey, "BC"); + InputStream clear = encP.getDataStream(new JcePublicKeyDataDecryptorFactoryBuilder().setProvider("BC").build(pgpPrivKey)); pgpFact = new PGPObjectFactory(clear); @@ -332,7 +333,7 @@ public class PGPDSAElGamalTest implements Test encP = (PGPPublicKeyEncryptedData)encList.get(0); - clear = encP.getDataStream(pgpPrivKey, "BC"); + clear = encP.getDataStream(new JcePublicKeyDataDecryptorFactoryBuilder().setProvider("BC").build(pgpPrivKey)); pgpFact = new PGPObjectFactory(clear); @@ -382,10 +383,10 @@ public class PGPDSAElGamalTest implements Test // encrypt // ByteArrayOutputStream cbOut = new ByteArrayOutputStream(); - PGPEncryptedDataGenerator cPk = new PGPEncryptedDataGenerator(SymmetricKeyAlgorithmTags.TRIPLE_DES, new SecureRandom(), "BC"); + PGPEncryptedDataGenerator cPk = new PGPEncryptedDataGenerator(new JcePGPDataEncryptorBuilder(PGPEncryptedData.TRIPLE_DES).setSecureRandom(new SecureRandom()).setProvider("BC")); PGPPublicKey puK = sKey.getSecretKey(pgpKeyID).getPublicKey(); - cPk.addMethod(puK); + cPk.addMethod(new JcePublicKeyKeyEncryptionMethodGenerator(puK).setProvider("BC")); OutputStream cOut = cPk.open(cbOut, bOut.toByteArray().length); @@ -401,7 +402,7 @@ public class PGPDSAElGamalTest implements Test pgpPrivKey = sKey.getSecretKey(pgpKeyID).extractPrivateKey(pass, "BC"); - clear = encP.getDataStream(pgpPrivKey, "BC"); + clear = encP.getDataStream(new JcePublicKeyDataDecryptorFactoryBuilder().setProvider("BC").build(pgpPrivKey)); bOut.reset(); diff --git a/pkix/src/main/java/org/bouncycastle/cert/crmf/FixedLengthMGF1Padder.java b/pkix/src/main/java/org/bouncycastle/cert/crmf/bc/BcFixedLengthMGF1Padder.java index 9939a303..9fa53d62 100644 --- a/pkix/src/main/java/org/bouncycastle/cert/crmf/FixedLengthMGF1Padder.java +++ b/pkix/src/main/java/org/bouncycastle/cert/crmf/bc/BcFixedLengthMGF1Padder.java @@ -1,7 +1,8 @@ -package org.bouncycastle.cert.crmf; +package org.bouncycastle.cert.crmf.bc; import java.security.SecureRandom; +import org.bouncycastle.cert.crmf.EncryptedValuePadder; import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.digests.SHA1Digest; import org.bouncycastle.crypto.generators.MGF1BytesGenerator; @@ -10,7 +11,7 @@ import org.bouncycastle.crypto.params.MGFParameters; /** * An encrypted value padder that uses MGF1 as the basis of the padding. */ -public class FixedLengthMGF1Padder +public class BcFixedLengthMGF1Padder implements EncryptedValuePadder { private int length; @@ -23,7 +24,7 @@ public class FixedLengthMGF1Padder * * @param length fixed length for padded output. */ - public FixedLengthMGF1Padder(int length) + public BcFixedLengthMGF1Padder(int length) { this(length, null); } @@ -36,7 +37,7 @@ public class FixedLengthMGF1Padder * @param length fixed length for padded output. * @param random a source of randomness. */ - public FixedLengthMGF1Padder(int length, SecureRandom random) + public BcFixedLengthMGF1Padder(int length, SecureRandom random) { this.length = length; this.random = random; diff --git a/pkix/src/main/java/org/bouncycastle/cert/selector/MSOutlookKeyIdCalculator.java b/pkix/src/main/java/org/bouncycastle/cert/selector/MSOutlookKeyIdCalculator.java index 3f4e22cc..8f6d119c 100644 --- a/pkix/src/main/java/org/bouncycastle/cert/selector/MSOutlookKeyIdCalculator.java +++ b/pkix/src/main/java/org/bouncycastle/cert/selector/MSOutlookKeyIdCalculator.java @@ -4,14 +4,16 @@ import java.io.IOException; import org.bouncycastle.asn1.ASN1Encoding; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; +import org.bouncycastle.util.Pack; class MSOutlookKeyIdCalculator { + // This is less than ideal, but it seems to be the best way of supporting this without exposing SHA-1 + // as the class is only used to workout the MSOutlook Key ID, you can think of the fact it's SHA-1 as + // a coincidence... static byte[] calculateKeyId(SubjectPublicKeyInfo info) { - Digest dig = new SHA1Digest(); // TODO: include definition of SHA-1 here + SHA1Digest dig = new SHA1Digest(); byte[] hash = new byte[dig.getDigestSize()]; byte[] spkiEnc = new byte[0]; try @@ -30,4 +32,391 @@ class MSOutlookKeyIdCalculator return hash; } + + private static abstract class GeneralDigest + { + private static final int BYTE_LENGTH = 64; + private byte[] xBuf; + private int xBufOff; + + private long byteCount; + + /** + * Standard constructor + */ + protected GeneralDigest() + { + xBuf = new byte[4]; + xBufOff = 0; + } + + /** + * Copy constructor. We are using copy constructors in place + * of the Object.clone() interface as this interface is not + * supported by J2ME. + */ + protected GeneralDigest(GeneralDigest t) + { + xBuf = new byte[t.xBuf.length]; + + copyIn(t); + } + + protected void copyIn(GeneralDigest t) + { + System.arraycopy(t.xBuf, 0, xBuf, 0, t.xBuf.length); + + xBufOff = t.xBufOff; + byteCount = t.byteCount; + } + + public void update( + byte in) + { + xBuf[xBufOff++] = in; + + if (xBufOff == xBuf.length) + { + processWord(xBuf, 0); + xBufOff = 0; + } + + byteCount++; + } + + public void update( + byte[] in, + int inOff, + int len) + { + // + // fill the current word + // + while ((xBufOff != 0) && (len > 0)) + { + update(in[inOff]); + + inOff++; + len--; + } + + // + // process whole words. + // + while (len > xBuf.length) + { + processWord(in, inOff); + + inOff += xBuf.length; + len -= xBuf.length; + byteCount += xBuf.length; + } + + // + // load in the remainder. + // + while (len > 0) + { + update(in[inOff]); + + inOff++; + len--; + } + } + + public void finish() + { + long bitLength = (byteCount << 3); + + // + // add the pad bytes. + // + update((byte)128); + + while (xBufOff != 0) + { + update((byte)0); + } + + processLength(bitLength); + + processBlock(); + } + + public void reset() + { + byteCount = 0; + + xBufOff = 0; + for (int i = 0; i < xBuf.length; i++) + { + xBuf[i] = 0; + } + } + + protected abstract void processWord(byte[] in, int inOff); + + protected abstract void processLength(long bitLength); + + protected abstract void processBlock(); + } + + private static class SHA1Digest + extends GeneralDigest + { + private static final int DIGEST_LENGTH = 20; + + private int H1, H2, H3, H4, H5; + + private int[] X = new int[80]; + private int xOff; + + /** + * Standard constructor + */ + public SHA1Digest() + { + reset(); + } + + public String getAlgorithmName() + { + return "SHA-1"; + } + + public int getDigestSize() + { + return DIGEST_LENGTH; + } + + protected void processWord( + byte[] in, + int inOff) + { + // Note: Inlined for performance + // X[xOff] = Pack.bigEndianToInt(in, inOff); + int n = in[ inOff] << 24; + n |= (in[++inOff] & 0xff) << 16; + n |= (in[++inOff] & 0xff) << 8; + n |= (in[++inOff] & 0xff); + X[xOff] = n; + + if (++xOff == 16) + { + processBlock(); + } + } + + protected void processLength( + long bitLength) + { + if (xOff > 14) + { + processBlock(); + } + + X[14] = (int)(bitLength >>> 32); + X[15] = (int)(bitLength & 0xffffffff); + } + + public int doFinal( + byte[] out, + int outOff) + { + finish(); + + Pack.intToBigEndian(H1, out, outOff); + Pack.intToBigEndian(H2, out, outOff + 4); + Pack.intToBigEndian(H3, out, outOff + 8); + Pack.intToBigEndian(H4, out, outOff + 12); + Pack.intToBigEndian(H5, out, outOff + 16); + + reset(); + + return DIGEST_LENGTH; + } + + /** + * reset the chaining variables + */ + public void reset() + { + super.reset(); + + H1 = 0x67452301; + H2 = 0xefcdab89; + H3 = 0x98badcfe; + H4 = 0x10325476; + H5 = 0xc3d2e1f0; + + xOff = 0; + for (int i = 0; i != X.length; i++) + { + X[i] = 0; + } + } + + // + // Additive constants + // + private static final int Y1 = 0x5a827999; + private static final int Y2 = 0x6ed9eba1; + private static final int Y3 = 0x8f1bbcdc; + private static final int Y4 = 0xca62c1d6; + + private int f( + int u, + int v, + int w) + { + return ((u & v) | ((~u) & w)); + } + + private int h( + int u, + int v, + int w) + { + return (u ^ v ^ w); + } + + private int g( + int u, + int v, + int w) + { + return ((u & v) | (u & w) | (v & w)); + } + + protected void processBlock() + { + // + // expand 16 word block into 80 word block. + // + for (int i = 16; i < 80; i++) + { + int t = X[i - 3] ^ X[i - 8] ^ X[i - 14] ^ X[i - 16]; + X[i] = t << 1 | t >>> 31; + } + + // + // set up working variables. + // + int A = H1; + int B = H2; + int C = H3; + int D = H4; + int E = H5; + + // + // round 1 + // + int idx = 0; + + for (int j = 0; j < 4; j++) + { + // E = rotateLeft(A, 5) + f(B, C, D) + E + X[idx++] + Y1 + // B = rotateLeft(B, 30) + E += (A << 5 | A >>> 27) + f(B, C, D) + X[idx++] + Y1; + B = B << 30 | B >>> 2; + + D += (E << 5 | E >>> 27) + f(A, B, C) + X[idx++] + Y1; + A = A << 30 | A >>> 2; + + C += (D << 5 | D >>> 27) + f(E, A, B) + X[idx++] + Y1; + E = E << 30 | E >>> 2; + + B += (C << 5 | C >>> 27) + f(D, E, A) + X[idx++] + Y1; + D = D << 30 | D >>> 2; + + A += (B << 5 | B >>> 27) + f(C, D, E) + X[idx++] + Y1; + C = C << 30 | C >>> 2; + } + + // + // round 2 + // + for (int j = 0; j < 4; j++) + { + // E = rotateLeft(A, 5) + h(B, C, D) + E + X[idx++] + Y2 + // B = rotateLeft(B, 30) + E += (A << 5 | A >>> 27) + h(B, C, D) + X[idx++] + Y2; + B = B << 30 | B >>> 2; + + D += (E << 5 | E >>> 27) + h(A, B, C) + X[idx++] + Y2; + A = A << 30 | A >>> 2; + + C += (D << 5 | D >>> 27) + h(E, A, B) + X[idx++] + Y2; + E = E << 30 | E >>> 2; + + B += (C << 5 | C >>> 27) + h(D, E, A) + X[idx++] + Y2; + D = D << 30 | D >>> 2; + + A += (B << 5 | B >>> 27) + h(C, D, E) + X[idx++] + Y2; + C = C << 30 | C >>> 2; + } + + // + // round 3 + // + for (int j = 0; j < 4; j++) + { + // E = rotateLeft(A, 5) + g(B, C, D) + E + X[idx++] + Y3 + // B = rotateLeft(B, 30) + E += (A << 5 | A >>> 27) + g(B, C, D) + X[idx++] + Y3; + B = B << 30 | B >>> 2; + + D += (E << 5 | E >>> 27) + g(A, B, C) + X[idx++] + Y3; + A = A << 30 | A >>> 2; + + C += (D << 5 | D >>> 27) + g(E, A, B) + X[idx++] + Y3; + E = E << 30 | E >>> 2; + + B += (C << 5 | C >>> 27) + g(D, E, A) + X[idx++] + Y3; + D = D << 30 | D >>> 2; + + A += (B << 5 | B >>> 27) + g(C, D, E) + X[idx++] + Y3; + C = C << 30 | C >>> 2; + } + + // + // round 4 + // + for (int j = 0; j <= 3; j++) + { + // E = rotateLeft(A, 5) + h(B, C, D) + E + X[idx++] + Y4 + // B = rotateLeft(B, 30) + E += (A << 5 | A >>> 27) + h(B, C, D) + X[idx++] + Y4; + B = B << 30 | B >>> 2; + + D += (E << 5 | E >>> 27) + h(A, B, C) + X[idx++] + Y4; + A = A << 30 | A >>> 2; + + C += (D << 5 | D >>> 27) + h(E, A, B) + X[idx++] + Y4; + E = E << 30 | E >>> 2; + + B += (C << 5 | C >>> 27) + h(D, E, A) + X[idx++] + Y4; + D = D << 30 | D >>> 2; + + A += (B << 5 | B >>> 27) + h(C, D, E) + X[idx++] + Y4; + C = C << 30 | C >>> 2; + } + + + H1 += A; + H2 += B; + H3 += C; + H4 += D; + H5 += E; + + // + // reset start of the buffer. + // + xOff = 0; + for (int i = 0; i < 16; i++) + { + X[i] = 0; + } + } + } } diff --git a/pkix/src/main/java/org/bouncycastle/cms/CMSUtils.java b/pkix/src/main/java/org/bouncycastle/cms/CMSUtils.java index dc9c2eeb..a2914281 100644 --- a/pkix/src/main/java/org/bouncycastle/cms/CMSUtils.java +++ b/pkix/src/main/java/org/bouncycastle/cms/CMSUtils.java @@ -27,6 +27,7 @@ import org.bouncycastle.cert.X509CRLHolder; import org.bouncycastle.cert.X509CertificateHolder; import org.bouncycastle.operator.DigestCalculator; import org.bouncycastle.util.Store; +import org.bouncycastle.util.Strings; import org.bouncycastle.util.io.Streams; import org.bouncycastle.util.io.TeeInputStream; import org.bouncycastle.util.io.TeeOutputStream; @@ -198,7 +199,64 @@ class CMSUtils throw new CMSException("Malformed content.", e); } } - + + static byte[] getPasswordBytes(int scheme, char[] password) + { + if (scheme == PasswordRecipient.PKCS5_SCHEME2) + { + return PKCS5PasswordToBytes(password); + } + + return PKCS5PasswordToUTF8Bytes(password); + } + + /** + * converts a password to a byte array according to the scheme in + * PKCS5 (ascii, no padding) + * + * @param password a character array representing the password. + * @return a byte array representing the password. + */ + private static byte[] PKCS5PasswordToBytes( + char[] password) + { + if (password != null) + { + byte[] bytes = new byte[password.length]; + + for (int i = 0; i != bytes.length; i++) + { + bytes[i] = (byte)password[i]; + } + + return bytes; + } + else + { + return new byte[0]; + } + } + + /** + * converts a password to a byte array according to the scheme in + * PKCS5 (UTF-8, no padding) + * + * @param password a character array representing the password. + * @return a byte array representing the password. + */ + private static byte[] PKCS5PasswordToUTF8Bytes( + char[] password) + { + if (password != null) + { + return Strings.toUTF8ByteArray(password); + } + else + { + return new byte[0]; + } + } + public static byte[] streamToByteArray( InputStream in) throws IOException diff --git a/pkix/src/main/java/org/bouncycastle/cms/PasswordRecipient.java b/pkix/src/main/java/org/bouncycastle/cms/PasswordRecipient.java index a7702a67..c81c3028 100644 --- a/pkix/src/main/java/org/bouncycastle/cms/PasswordRecipient.java +++ b/pkix/src/main/java/org/bouncycastle/cms/PasswordRecipient.java @@ -8,6 +8,9 @@ public interface PasswordRecipient public static final int PKCS5_SCHEME2 = 0; public static final int PKCS5_SCHEME2_UTF8 = 1; + byte[] calculateDerivedKey(byte[] encodedPassword, AlgorithmIdentifier derivationAlgorithm, int keySize) + throws CMSException; + RecipientOperator getRecipientOperator(AlgorithmIdentifier keyEncryptionAlgorithm, AlgorithmIdentifier contentEncryptionAlgorithm, byte[] derivedKey, byte[] encryptedEncryptedContentKey) throws CMSException; diff --git a/pkix/src/main/java/org/bouncycastle/cms/PasswordRecipientInfoGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/PasswordRecipientInfoGenerator.java index 7f0afccf..b570c3cf 100644 --- a/pkix/src/main/java/org/bouncycastle/cms/PasswordRecipientInfoGenerator.java +++ b/pkix/src/main/java/org/bouncycastle/cms/PasswordRecipientInfoGenerator.java @@ -12,9 +12,6 @@ import org.bouncycastle.asn1.cms.RecipientInfo; import org.bouncycastle.asn1.pkcs.PBKDF2Params; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.crypto.PBEParametersGenerator; -import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator; -import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.operator.GenericKey; public abstract class PasswordRecipientInfoGenerator @@ -96,25 +93,9 @@ public abstract class PasswordRecipientInfoGenerator keyDerivationAlgorithm = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_PBKDF2, new PBKDF2Params(salt, 1024)); } - PBKDF2Params params = PBKDF2Params.getInstance(keyDerivationAlgorithm.getParameters()); - byte[] derivedKey; + byte[] encodedPassword = CMSUtils.getPasswordBytes(schemeID, password); - if (schemeID == PasswordRecipient.PKCS5_SCHEME2) - { - PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(); - - gen.init(PBEParametersGenerator.PKCS5PasswordToBytes(password), params.getSalt(), params.getIterationCount().intValue()); - - derivedKey = ((KeyParameter)gen.generateDerivedParameters(keySize)).getKey(); - } - else - { - PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(); - - gen.init(PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(password), params.getSalt(), params.getIterationCount().intValue()); - - derivedKey = ((KeyParameter)gen.generateDerivedParameters(keySize)).getKey(); - } + byte[] derivedKey = calculateDerivedKey(encodedPassword, keyDerivationAlgorithm, keySize); AlgorithmIdentifier kekAlgorithmId = new AlgorithmIdentifier(kekAlgorithm, new DEROctetString(iv)); @@ -133,6 +114,9 @@ public abstract class PasswordRecipientInfoGenerator keyEncryptionAlgorithm, encryptedKey)); } + protected abstract byte[] calculateDerivedKey(byte[] encodedPassword, AlgorithmIdentifier derivationAlgorithm, int keySize) + throws CMSException; + protected abstract byte[] generateEncryptedBytes(AlgorithmIdentifier algorithm, byte[] derivedKey, GenericKey contentEncryptionKey) throws CMSException; }
\ No newline at end of file diff --git a/pkix/src/main/java/org/bouncycastle/cms/PasswordRecipientInformation.java b/pkix/src/main/java/org/bouncycastle/cms/PasswordRecipientInformation.java index d7639e9f..2eef186a 100644 --- a/pkix/src/main/java/org/bouncycastle/cms/PasswordRecipientInformation.java +++ b/pkix/src/main/java/org/bouncycastle/cms/PasswordRecipientInformation.java @@ -6,11 +6,7 @@ import java.util.Map; import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.cms.PasswordRecipientInfo; -import org.bouncycastle.asn1.pkcs.PBKDF2Params; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.crypto.PBEParametersGenerator; -import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator; -import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.util.Integers; /** @@ -109,27 +105,12 @@ public class PasswordRecipientInformation AlgorithmIdentifier kekAlg = AlgorithmIdentifier.getInstance(info.getKeyEncryptionAlgorithm()); AlgorithmIdentifier kekAlgParams = AlgorithmIdentifier.getInstance(kekAlg.getParameters()); - byte[] passwordBytes = getPasswordBytes(pbeRecipient.getPasswordConversionScheme(), - pbeRecipient.getPassword()); - PBKDF2Params params = PBKDF2Params.getInstance(info.getKeyDerivationAlgorithm().getParameters()); - - PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(); - gen.init(passwordBytes, params.getSalt(), params.getIterationCount().intValue()); + byte[] passwordBytes = CMSUtils.getPasswordBytes(pbeRecipient.getPasswordConversionScheme(), pbeRecipient.getPassword()); int keySize = ((Integer)KEYSIZES.get(kekAlgParams.getAlgorithm())).intValue(); - byte[] derivedKey = ((KeyParameter)gen.generateDerivedParameters(keySize)).getKey(); + byte[] derivedKey = pbeRecipient.calculateDerivedKey(passwordBytes, this.getKeyDerivationAlgorithm(), keySize); return pbeRecipient.getRecipientOperator(kekAlgParams, messageAlgorithm, derivedKey, info.getEncryptedKey().getOctets()); } - - protected byte[] getPasswordBytes(int scheme, char[] password) - { - if (scheme == PasswordRecipient.PKCS5_SCHEME2) - { - return PBEParametersGenerator.PKCS5PasswordToBytes(password); - } - - return PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(password); - } } diff --git a/pkix/src/main/java/org/bouncycastle/cms/bc/BcPasswordRecipient.java b/pkix/src/main/java/org/bouncycastle/cms/bc/BcPasswordRecipient.java index 778e1db7..50f9c6c0 100644 --- a/pkix/src/main/java/org/bouncycastle/cms/bc/BcPasswordRecipient.java +++ b/pkix/src/main/java/org/bouncycastle/cms/bc/BcPasswordRecipient.java @@ -1,11 +1,13 @@ package org.bouncycastle.cms.bc; import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.pkcs.PBKDF2Params; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.cms.CMSException; import org.bouncycastle.cms.PasswordRecipient; import org.bouncycastle.crypto.InvalidCipherTextException; import org.bouncycastle.crypto.Wrapper; +import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator; import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.crypto.params.ParametersWithIV; @@ -49,6 +51,18 @@ public abstract class BcPasswordRecipient } } + public byte[] calculateDerivedKey(byte[] encodedPassword, AlgorithmIdentifier derivationAlgorithm, int keySize) + throws CMSException + { + PBKDF2Params params = PBKDF2Params.getInstance(derivationAlgorithm.getParameters()); + + PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(); + + gen.init(encodedPassword, params.getSalt(), params.getIterationCount().intValue()); + + return ((KeyParameter)gen.generateDerivedParameters(keySize)).getKey(); + } + public int getPasswordConversionScheme() { return schemeID; diff --git a/pkix/src/main/java/org/bouncycastle/cms/bc/BcPasswordRecipientInfoGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/bc/BcPasswordRecipientInfoGenerator.java index 34cf9483..6e1bfdb7 100644 --- a/pkix/src/main/java/org/bouncycastle/cms/bc/BcPasswordRecipientInfoGenerator.java +++ b/pkix/src/main/java/org/bouncycastle/cms/bc/BcPasswordRecipientInfoGenerator.java @@ -2,10 +2,12 @@ package org.bouncycastle.cms.bc; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.pkcs.PBKDF2Params; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.cms.CMSException; import org.bouncycastle.cms.PasswordRecipientInfoGenerator; import org.bouncycastle.crypto.Wrapper; +import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator; import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.crypto.params.ParametersWithIV; import org.bouncycastle.operator.GenericKey; @@ -18,6 +20,18 @@ public class BcPasswordRecipientInfoGenerator super(kekAlgorithm, password); } + protected byte[] calculateDerivedKey(byte[] encodedPassword, AlgorithmIdentifier derivationAlgorithm, int keySize) + throws CMSException + { + PBKDF2Params params = PBKDF2Params.getInstance(derivationAlgorithm.getParameters()); + + PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(); + + gen.init(encodedPassword, params.getSalt(), params.getIterationCount().intValue()); + + return ((KeyParameter)gen.generateDerivedParameters(keySize)).getKey(); + } + public byte[] generateEncryptedBytes(AlgorithmIdentifier keyEncryptionAlgorithm, byte[] derivedKey, GenericKey contentEncryptionKey) throws CMSException { diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordRecipient.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordRecipient.java index 432e2cd2..3c00b5ef 100644 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordRecipient.java +++ b/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordRecipient.java @@ -9,9 +9,12 @@ import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.pkcs.PBKDF2Params; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.cms.CMSException; import org.bouncycastle.cms.PasswordRecipient; +import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator; +import org.bouncycastle.crypto.params.KeyParameter; /** * the RecipientInfo class for a recipient who has been sent a message @@ -70,6 +73,18 @@ public abstract class JcePasswordRecipient } } + public byte[] calculateDerivedKey(byte[] encodedPassword, AlgorithmIdentifier derivationAlgorithm, int keySize) + throws CMSException + { + PBKDF2Params params = PBKDF2Params.getInstance(derivationAlgorithm.getParameters()); + + PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(); + + gen.init(encodedPassword, params.getSalt(), params.getIterationCount().intValue()); + + return ((KeyParameter)gen.generateDerivedParameters(keySize)).getKey(); + } + public int getPasswordConversionScheme() { return schemeID; diff --git a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordRecipientInfoGenerator.java b/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordRecipientInfoGenerator.java index 501da7a8..fefe016e 100644 --- a/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordRecipientInfoGenerator.java +++ b/pkix/src/main/java/org/bouncycastle/cms/jcajce/JcePasswordRecipientInfoGenerator.java @@ -10,9 +10,12 @@ import javax.crypto.spec.SecretKeySpec; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.pkcs.PBKDF2Params; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.cms.CMSException; import org.bouncycastle.cms.PasswordRecipientInfoGenerator; +import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator; +import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.operator.GenericKey; public class JcePasswordRecipientInfoGenerator @@ -39,6 +42,18 @@ public class JcePasswordRecipientInfoGenerator return this; } + protected byte[] calculateDerivedKey(byte[] encodedPassword, AlgorithmIdentifier derivationAlgorithm, int keySize) + throws CMSException + { + PBKDF2Params params = PBKDF2Params.getInstance(derivationAlgorithm.getParameters()); + + PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(); + + gen.init(encodedPassword, params.getSalt(), params.getIterationCount().intValue()); + + return ((KeyParameter)gen.generateDerivedParameters(keySize)).getKey(); + } + public byte[] generateEncryptedBytes(AlgorithmIdentifier keyEncryptionAlgorithm, byte[] derivedKey, GenericKey contentEncryptionKey) throws CMSException { diff --git a/pkix/src/main/java/org/bouncycastle/openssl/PEMWriter.java b/pkix/src/main/java/org/bouncycastle/openssl/PEMWriter.java index e46c836f..44cc1361 100644 --- a/pkix/src/main/java/org/bouncycastle/openssl/PEMWriter.java +++ b/pkix/src/main/java/org/bouncycastle/openssl/PEMWriter.java @@ -24,6 +24,10 @@ public class PEMWriter super(out); } + /** + * @deprecated use writeObject(new JcaMiscPEMGenerator(obj)); + * @throws IOException + */ public void writeObject( Object obj) throws IOException @@ -31,6 +35,12 @@ public class PEMWriter writeObject(obj, null); } + /** + * @deprecated use writeObject(new JcaMiscPEMGenerator(obj, encryptor)); + * @param obj + * @param encryptor + * @throws IOException + */ public void writeObject( Object obj, PEMEncryptor encryptor) diff --git a/pkix/src/test/java/org/bouncycastle/cert/crmf/test/AllTests.java b/pkix/src/test/java/org/bouncycastle/cert/crmf/test/AllTests.java index 45c5ef00..712210e4 100644 --- a/pkix/src/test/java/org/bouncycastle/cert/crmf/test/AllTests.java +++ b/pkix/src/test/java/org/bouncycastle/cert/crmf/test/AllTests.java @@ -29,10 +29,10 @@ import org.bouncycastle.cert.X509v1CertificateBuilder; import org.bouncycastle.cert.crmf.EncryptedValueBuilder; import org.bouncycastle.cert.crmf.EncryptedValuePadder; import org.bouncycastle.cert.crmf.EncryptedValueParser; -import org.bouncycastle.cert.crmf.FixedLengthMGF1Padder; import org.bouncycastle.cert.crmf.PKIArchiveControl; import org.bouncycastle.cert.crmf.PKMACBuilder; import org.bouncycastle.cert.crmf.ValueDecryptorGenerator; +import org.bouncycastle.cert.crmf.bc.BcFixedLengthMGF1Padder; import org.bouncycastle.cert.crmf.jcajce.JcaCertificateRequestMessage; import org.bouncycastle.cert.crmf.jcajce.JcaCertificateRequestMessageBuilder; import org.bouncycastle.cert.crmf.jcajce.JcaEncryptedValueBuilder; @@ -313,7 +313,7 @@ public class AllTests KeyPair kp = kGen.generateKeyPair(); X509Certificate cert = makeV1Certificate(kp, "CN=Test", kp, "CN=Test"); - FixedLengthMGF1Padder mgf1Padder = new FixedLengthMGF1Padder(200, new SecureRandom()); + BcFixedLengthMGF1Padder mgf1Padder = new BcFixedLengthMGF1Padder(200, new SecureRandom()); EncryptedValueBuilder build = new EncryptedValueBuilder(new JceAsymmetricKeyWrapper(cert.getPublicKey()).setProvider(BC), new JceCRMFEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build(), mgf1Padder); EncryptedValue value = build.build(passphrase); ValueDecryptorGenerator decGen = new JceAsymmetricValueDecryptorGenerator(kp.getPrivate()).setProvider(BC); diff --git a/pkix/src/test/java/org/bouncycastle/cert/ocsp/test/OCSPTest.java b/pkix/src/test/java/org/bouncycastle/cert/ocsp/test/OCSPTest.java index 5df298ae..5c57c7f6 100644 --- a/pkix/src/test/java/org/bouncycastle/cert/ocsp/test/OCSPTest.java +++ b/pkix/src/test/java/org/bouncycastle/cert/ocsp/test/OCSPTest.java @@ -35,7 +35,6 @@ import org.bouncycastle.cert.ocsp.SingleResp; import org.bouncycastle.cert.ocsp.jcajce.JcaBasicOCSPRespBuilder; import org.bouncycastle.jce.X509Principal; import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.ocsp.test.OCSPTestUtil; import org.bouncycastle.operator.DigestCalculatorProvider; import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder; diff --git a/pkix/src/test/java/org/bouncycastle/ocsp/test/OCSPTestUtil.java b/pkix/src/test/java/org/bouncycastle/cert/ocsp/test/OCSPTestUtil.java index 94cd57c3..cab31e76 100644 --- a/pkix/src/test/java/org/bouncycastle/ocsp/test/OCSPTestUtil.java +++ b/pkix/src/test/java/org/bouncycastle/cert/ocsp/test/OCSPTestUtil.java @@ -1,4 +1,4 @@ -package org.bouncycastle.ocsp.test; +package org.bouncycastle.cert.ocsp.test; import java.io.ByteArrayInputStream; import java.io.IOException; diff --git a/pkix/src/test/java/org/bouncycastle/ocsp/test/AllTests.java b/pkix/src/test/java/org/bouncycastle/ocsp/test/AllTests.java deleted file mode 100644 index 024fe757..00000000 --- a/pkix/src/test/java/org/bouncycastle/ocsp/test/AllTests.java +++ /dev/null @@ -1,45 +0,0 @@ -package org.bouncycastle.ocsp.test; - -import java.security.Security; - -import junit.framework.Test; -import junit.framework.TestCase; -import junit.framework.TestSuite; - -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.util.test.SimpleTestResult; - -public class AllTests - extends TestCase -{ - public void testOCSP() - { - Security.addProvider(new BouncyCastleProvider()); - - org.bouncycastle.util.test.Test[] tests = new org.bouncycastle.util.test.Test[] { new OCSPTest() }; - - for (int i = 0; i != tests.length; i++) - { - SimpleTestResult result = (SimpleTestResult)tests[i].perform(); - - if (!result.isSuccessful()) - { - fail(result.toString()); - } - } - } - - public static void main (String[] args) - { - junit.textui.TestRunner.run(suite()); - } - - public static Test suite() - { - TestSuite suite = new TestSuite("OCSP Tests"); - - suite.addTestSuite(AllTests.class); - - return suite; - } -} diff --git a/pkix/src/test/java/org/bouncycastle/ocsp/test/OCSPTest.java b/pkix/src/test/java/org/bouncycastle/ocsp/test/OCSPTest.java deleted file mode 100644 index 62a1f5e5..00000000 --- a/pkix/src/test/java/org/bouncycastle/ocsp/test/OCSPTest.java +++ /dev/null @@ -1,865 +0,0 @@ -package org.bouncycastle.ocsp.test; - -import java.io.ByteArrayInputStream; -import java.math.BigInteger; -import java.security.KeyPair; -import java.security.Security; -import java.security.cert.X509Certificate; -import java.util.Date; -import java.util.Random; -import java.util.Set; -import java.util.Vector; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.X509Extension; -import org.bouncycastle.asn1.x509.X509Extensions; -import org.bouncycastle.asn1.x509.X509Name; -import org.bouncycastle.jce.X509Principal; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.ocsp.BasicOCSPResp; -import org.bouncycastle.ocsp.BasicOCSPRespGenerator; -import org.bouncycastle.ocsp.CertificateID; -import org.bouncycastle.ocsp.CertificateStatus; -import org.bouncycastle.ocsp.OCSPReq; -import org.bouncycastle.ocsp.OCSPReqGenerator; -import org.bouncycastle.ocsp.OCSPResp; -import org.bouncycastle.ocsp.OCSPRespGenerator; -import org.bouncycastle.ocsp.Req; -import org.bouncycastle.ocsp.SingleResp; -import org.bouncycastle.util.encoders.Base64; -import org.bouncycastle.util.test.SimpleTest; -import org.bouncycastle.x509.extension.X509ExtensionUtil; - -public class OCSPTest - extends SimpleTest -{ - byte[] testResp1 = Base64.decode( - "MIIFnAoBAKCCBZUwggWRBgkrBgEFBQcwAQEEggWCMIIFfjCCARehgZ8wgZwx" - + "CzAJBgNVBAYTAklOMRcwFQYDVQQIEw5BbmRocmEgcHJhZGVzaDESMBAGA1UE" - + "BxMJSHlkZXJhYmFkMQwwCgYDVQQKEwNUQ1MxDDAKBgNVBAsTA0FUQzEeMBwG" - + "A1UEAxMVVENTLUNBIE9DU1AgUmVzcG9uZGVyMSQwIgYJKoZIhvcNAQkBFhVv" - + "Y3NwQHRjcy1jYS50Y3MuY28uaW4YDzIwMDMwNDAyMTIzNDU4WjBiMGAwOjAJ" - + "BgUrDgMCGgUABBRs07IuoCWNmcEl1oHwIak1BPnX8QQUtGyl/iL9WJ1VxjxF" - + "j0hAwJ/s1AcCAQKhERgPMjAwMjA4MjkwNzA5MjZaGA8yMDAzMDQwMjEyMzQ1" - + "OFowDQYJKoZIhvcNAQEFBQADgYEAfbN0TCRFKdhsmvOdUoiJ+qvygGBzDxD/" - + "VWhXYA+16AphHLIWNABR3CgHB3zWtdy2j7DJmQ/R7qKj7dUhWLSqclAiPgFt" - + "QQ1YvSJAYfEIdyHkxv4NP0LSogxrumANcDyC9yt/W9yHjD2ICPBIqCsZLuLk" - + "OHYi5DlwWe9Zm9VFwCGgggPMMIIDyDCCA8QwggKsoAMCAQICAQYwDQYJKoZI" - + "hvcNAQEFBQAwgZQxFDASBgNVBAMTC1RDUy1DQSBPQ1NQMSYwJAYJKoZIhvcN" - + "AQkBFhd0Y3MtY2FAdGNzLWNhLnRjcy5jby5pbjEMMAoGA1UEChMDVENTMQww" - + "CgYDVQQLEwNBVEMxEjAQBgNVBAcTCUh5ZGVyYWJhZDEXMBUGA1UECBMOQW5k" - + "aHJhIHByYWRlc2gxCzAJBgNVBAYTAklOMB4XDTAyMDgyOTA3MTE0M1oXDTAz" - + "MDgyOTA3MTE0M1owgZwxCzAJBgNVBAYTAklOMRcwFQYDVQQIEw5BbmRocmEg" - + "cHJhZGVzaDESMBAGA1UEBxMJSHlkZXJhYmFkMQwwCgYDVQQKEwNUQ1MxDDAK" - + "BgNVBAsTA0FUQzEeMBwGA1UEAxMVVENTLUNBIE9DU1AgUmVzcG9uZGVyMSQw" - + "IgYJKoZIhvcNAQkBFhVvY3NwQHRjcy1jYS50Y3MuY28uaW4wgZ8wDQYJKoZI" - + "hvcNAQEBBQADgY0AMIGJAoGBAM+XWW4caMRv46D7L6Bv8iwtKgmQu0SAybmF" - + "RJiz12qXzdvTLt8C75OdgmUomxp0+gW/4XlTPUqOMQWv463aZRv9Ust4f8MH" - + "EJh4ekP/NS9+d8vEO3P40ntQkmSMcFmtA9E1koUtQ3MSJlcs441JjbgUaVnm" - + "jDmmniQnZY4bU3tVAgMBAAGjgZowgZcwDAYDVR0TAQH/BAIwADALBgNVHQ8E" - + "BAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwNgYIKwYBBQUHAQEEKjAoMCYG" - + "CCsGAQUFBzABhhpodHRwOi8vMTcyLjE5LjQwLjExMDo3NzAwLzAtBgNVHR8E" - + "JjAkMCKgIKAehhxodHRwOi8vMTcyLjE5LjQwLjExMC9jcmwuY3JsMA0GCSqG" - + "SIb3DQEBBQUAA4IBAQB6FovM3B4VDDZ15o12gnADZsIk9fTAczLlcrmXLNN4" - + "PgmqgnwF0Ymj3bD5SavDOXxbA65AZJ7rBNAguLUo+xVkgxmoBH7R2sBxjTCc" - + "r07NEadxM3HQkt0aX5XYEl8eRoifwqYAI9h0ziZfTNes8elNfb3DoPPjqq6V" - + "mMg0f0iMS4W8LjNPorjRB+kIosa1deAGPhq0eJ8yr0/s2QR2/WFD5P4aXc8I" - + "KWleklnIImS3zqiPrq6tl2Bm8DZj7vXlTOwmraSQxUwzCKwYob1yGvNOUQTq" - + "pG6jxn7jgDawHU1+WjWQe4Q34/pWeGLysxTraMa+Ug9kPe+jy/qRX2xwvKBZ"); - - byte[] testResp2 = Base64.decode( - "MIII1QoBAKCCCM4wggjKBgkrBgEFBQcwAQEEggi7MIIItzCBjqADAgEAoSMw" - + "ITEfMB0GA1UEAxMWT0NTUCBjZXJ0LVFBLUNMSUVOVC04NxgPMjAwMzA1MTky" - + "MDI2MzBaMFEwTzA6MAkGBSsOAwIaBQAEFJniwiUuyrhKIEF2TjVdVdCAOw0z" - + "BBR2olPKrPOJUVyGZ7BXOC4L2BmAqgIBL4AAGA8yMDAzMDUxOTIwMjYzMFow" - + "DQYJKoZIhvcNAQEEBQADggEBALImFU3kUtpNVf4tIFKg/1sDHvGpk5Pk0uhH" - + "TiNp6vdPfWjOgPkVXskx9nOTabVOBE8RusgwEcK1xeBXSHODb6mnjt9pkfv3" - + "ZdbFLFvH/PYjOb6zQOgdIOXhquCs5XbcaSFCX63hqnSaEqvc9w9ctmQwds5X" - + "tCuyCB1fWu/ie8xfuXR5XZKTBf5c6dO82qFE65gTYbGOxJBYiRieIPW1XutZ" - + "A76qla4m+WdxubV6SPG8PVbzmAseqjsJRn4jkSKOGenqSOqbPbZn9oBsU0Ku" - + "hul3pwsNJvcBvw2qxnWybqSzV+n4OvYXk+xFmtTjw8H9ChV3FYYDs8NuUAKf" - + "jw1IjWegggcOMIIHCjCCAzMwggIboAMCAQICAQIwDQYJKoZIhvcNAQEEBQAw" - + "bzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1BMRAwDgYDVQQHEwdXYWx0aGFt" - + "MRYwFAYDVQQKEw1Gb3J1bSBTeXN0ZW1zMQswCQYDVQQLEwJRQTEcMBoGA1UE" - + "AxMTQ2VydGlmaWNhdGUgTWFuYWdlcjAeFw0wMzAzMjEwNTAwMDBaFw0yNTAz" - + "MjEwNTAwMDBaMCExHzAdBgNVBAMTFk9DU1AgY2VydC1RQS1DTElFTlQtODcw" - + "ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVuxRCZgJAYAftYuRy" - + "9axdtsHrkIJyVVRorLCTWOoLmx2tlrGqKbHOGKmvqEPEpeCDYQk+0WIlWMuM" - + "2pgiYAolwqSFBwCjkjQN3fCIHXiby0JBgCCLoe7wa0pZffE+8XZH0JdSjoT3" - + "2OYD19wWZeY2VB0JWJFWYAnIL+R5Eg7LwJ5QZSdvghnOWKTv60m/O1rC0see" - + "9lbPO+3jRuaDyCUKYy/YIKBYC9rtC4hS47jg70dTfmE2nccjn7rFCPBrVr4M" - + "5szqdRzwu3riL9W+IE99LTKXOH/24JX0S4woeGXMS6me7SyZE6x7P2tYkNXM" - + "OfXk28b3SJF75K7vX6T6ecWjAgMBAAGjKDAmMBMGA1UdJQQMMAoGCCsGAQUF" - + "BwMJMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEEBQADggEBAKNSn7pp" - + "UEC1VTN/Iqk8Sc2cAYM7KSmeB++tuyes1iXY4xSQaEgOxRa5AvPAKnXKSzfY" - + "vqi9WLdzdkpTo4AzlHl5nqU/NCUv3yOKI9lECVMgMxLAvZgMALS5YXNZsqrs" - + "hP3ASPQU99+5CiBGGYa0PzWLstXLa6SvQYoHG2M8Bb2lHwgYKsyrUawcfc/s" - + "jE3jFJeyCyNwzH0eDJUVvW1/I3AhLNWcPaT9/VfyIWu5qqZU+ukV/yQXrKiB" - + "glY8v4QDRD4aWQlOuiV2r9sDRldOPJe2QSFDBe4NtBbynQ+MRvF2oQs/ocu+" - + "OAHX7uiskg9GU+9cdCWPwJf9cP/Zem6MemgwggPPMIICt6ADAgECAgEBMA0G" - + "CSqGSIb3DQEBBQUAMG8xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJNQTEQMA4G" - + "A1UEBxMHV2FsdGhhbTEWMBQGA1UEChMNRm9ydW0gU3lzdGVtczELMAkGA1UE" - + "CxMCUUExHDAaBgNVBAMTE0NlcnRpZmljYXRlIE1hbmFnZXIwHhcNMDMwMzIx" - + "MDUwMDAwWhcNMjUwMzIxMDUwMDAwWjBvMQswCQYDVQQGEwJVUzELMAkGA1UE" - + "CBMCTUExEDAOBgNVBAcTB1dhbHRoYW0xFjAUBgNVBAoTDUZvcnVtIFN5c3Rl" - + "bXMxCzAJBgNVBAsTAlFBMRwwGgYDVQQDExNDZXJ0aWZpY2F0ZSBNYW5hZ2Vy" - + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4VeU+48VBjI0mGRt" - + "9qlD+WAhx3vv4KCOD5f3HWLj8D2DcoszVTVDqtRK+HS1eSpO/xWumyXhjV55" - + "FhG2eYi4e0clv0WyswWkGLqo7IxYn3ZhVmw04ohdTjdhVv8oS+96MUqPmvVW" - + "+MkVRyqm75HdgWhKRr/lEpDNm+RJe85xMCipkyesJG58p5tRmAZAAyRs3jYw" - + "5YIFwDOnt6PCme7ui4xdas2zolqOlynMuq0ctDrUPKGLlR4mVBzgAVPeatcu" - + "ivEQdB3rR6UN4+nv2jx9kmQNNb95R1M3J9xHfOWX176UWFOZHJwVq8eBGF9N" - + "pav4ZGBAyqagW7HMlo7Hw0FzUwIDAQABo3YwdDARBglghkgBhvhCAQEEBAMC" - + "AJcwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU64zBxl1yKES8tjU3/rBA" - + "NaeBpjkwHwYDVR0jBBgwFoAU64zBxl1yKES8tjU3/rBANaeBpjkwDgYDVR0P" - + "AQH/BAQDAgGGMA0GCSqGSIb3DQEBBQUAA4IBAQAzHnf+Z+UgxDVOpCu0DHF+" - + "qYZf8IaUQxLhUD7wjwnt3lJ0QV1z4oyc6Vs9J5xa8Mvf7u1WMmOxvN8r8Kb0" - + "k8DlFszLd0Qwr+NVu5NQO4Vn01UAzCtH4oX2bgrVzotqDnzZ4TcIr11EX3Nb" - + "tO8yWWl+xWIuxKoAO8a0Rh97TyYfAj4++GIm43b2zIvRXEWAytjz7rXUMwRC" - + "1ipRQwSA9gyw2y0s8emV/VwJQXsTe9xtDqlEC67b90V/BgL/jxck5E8yrY9Z" - + "gNxlOgcqscObisAkB5I6GV+dfa+BmZrhSJ/bvFMUrnFzjLFvZp/9qiK11r5K" - + "A5oyOoNv0w+8bbtMNEc1"); - - /** - * extra version number encoding. - */ - private static byte[] irregReq = Base64.decode( - "MIIQpTBUoAMCAQAwTTBLMEkwCQYFKw4DAhoFAAQUIcFvFFVjPem15pKox4cfcnzF" - + "Kf4EFJf8OQzmVmyJ/hc4EhitQbXcqAzDAhB9ePsP19SuP6CsAgFwQuEAoIIQSzCC" - + "EEcwDQYJKoZIhvcNAQEFBQADgYEAlq/Tjl8OtFM8Tib1JYTiaPy9vFDr8UZhqXJI" - + "FyrdgtUyyDt0EcrgnBGacAeRZzF5sokIC6DjXweU7EItGqrpw/RaCUPUWFpPxR6y" - + "HjuzrLmICocTI9MH7dRUXm0qpxoY987sx1PtWB4pSR99ixBtq3OPNdsI0uJ+Qkei" - + "LbEZyvWggg+wMIIPrDCCA5owggKCoAMCAQICEEAxXx/eFe7gm/NX7AkcS68wDQYJ" - + "KoZIhvcNAQEFBQAwgZoxCzAJBgNVBAYTAlNFMTMwMQYDVQQKDCpMw6Ruc2bDtnJz" - + "w6RrcmluZ2FyIEJhbmsgQWt0aWVib2xhZyAocHVibCkxFTATBgNVBAUTDDExMTEx" - + "MTExMTExMTE/MD0GA1UEAww2TMOkbnNmw7Zyc8Oka3JpbmdhciBCYW5rIFB1cmNo" - + "YXNlciBDQTEgZm9yIEJhbmtJRCBURVNUMB4XDTA4MTAwNjIyMDAwMFoXDTEwMTAx" - + "MDIxNTk1OVowgZExCzAJBgNVBAYTAlNFMTMwMQYDVQQKDCpMw6Ruc2bDtnJzw6Rr" - + "cmluZ2FyIEJhbmsgQWt0aWVib2xhZyAocHVibCkxFTATBgNVBAUTDDExMTExMTEx" - + "MTExMTE2MDQGA1UEAwwtTMOkbnNmw7Zyc8Oka3JpbmdhciBCYW5rIE9DU1AgZm9y" - + "IEJhbmtJRCBURVNUMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5e/h6aL2m" - + "DVpWeu5e5p1Ps9kbvuuGeAp9zJDYLbZz7uzT67X+s59HaViroD2+2my/gg7rX7tK" - + "H9VXpJad1W9O19SjfNyxgeAMwVMkrbb4IlrQwu0v/Ub8JPxSWwZZXYiODq5abeXA" - + "abMYIHxSaSkhrsUj1dpSAohHLJRlq707swIDAQABo2cwZTAfBgNVHSMEGDAWgBTR" - + "vcp2QyNdNGZ+q7TjKSrrHZqxmDATBgNVHSAEDDAKMAgGBiqFcDwBBjAOBgNVHQ8B" - + "Af8EBAMCBkAwHQYDVR0OBBYEFF/3557FEvkA8iiPv2XcBclxKnTdMA0GCSqGSIb3" - + "DQEBBQUAA4IBAQAOxRvHO89XJ0v83BZdPFzEBA4B2Tqc1oABUn13S6fAkcGWvOmG" - + "eY61MK16aMnLPNDadZrAqJc6PEtVY57uaywE9acwv9XpHO0bcS94tLwvZZJ2KBt0" - + "Oq96gaI6gnJViUjyWjm+qBZvod0QPOLGv6wUPoiNcCpSid/COTjKpLYpCJj3ZWUV" - + "nsTRWSRVXsdY/xI0gs/A8/c5P1PuTxoi99RTmcruoFxvV4MmhWyX7IGqG4OAtLdo" - + "yefz/90FPGOrmqY9OgEb+gNuTM26YDvSs1dfarPl89d8jjwxHgNbZjh2VHFqKolJ" - + "8TB8ZS5aNvhHPumOOE47y95rTBxrxSmGvKb8MIIENDCCAxygAwIBAgIRAJAFaeOw" - + "7XbxH/DN/Vvhjx8wDQYJKoZIhvcNAQEFBQAwgZUxCzAJBgNVBAYTAlNFMTMwMQYD" - + "VQQKDCpMw6Ruc2bDtnJzw6RrcmluZ2FyIEJhbmsgQWt0aWVib2xhZyAocHVibCkx" - + "FTATBgNVBAUTDDExMTExMTExMTExMTE6MDgGA1UEAwwxTMOkbnNmw7Zyc8Oka3Jp" - + "bmdhciBCYW5rIFJvb3QgQ0ExIGZvciBCYW5rSUQgVEVTVDAeFw0wNzEwMDExMjAw" - + "MzdaFw0yOTA3MDExMjAwMzdaMIGaMQswCQYDVQQGEwJTRTEzMDEGA1UECgwqTMOk" - + "bnNmw7Zyc8Oka3JpbmdhciBCYW5rIEFrdGllYm9sYWcgKHB1YmwpMRUwEwYDVQQF" - + "EwwxMTExMTExMTExMTExPzA9BgNVBAMMNkzDpG5zZsO2cnPDpGtyaW5nYXIgQmFu" - + "ayBQdXJjaGFzZXIgQ0ExIGZvciBCYW5rSUQgVEVTVDCCASIwDQYJKoZIhvcNAQEB" - + "BQADggEPADCCAQoCggEBAMK5WbYojYRX1ZKrbxJBgbd4x503LfMWgr67sVD5L0NY" - + "1RPhZVFJRKJWvawE5/eXJ4oNQwc831h2jiOgINXuKyGXqdAVGBcpFwIxTfzxwT4l" - + "fvztr8pE6wk7mLLwKUvIjbM3EF1IL3zUI3UU/U5ioyGmcb/o4GGN71kMmvV/vrkU" - + "02/s7xicXNxYej4ExLiCkS5+j/+3sR47Uq5cL9e8Yg7t5/6FyLGQjKoS8HU/abYN" - + "4kpx/oyrxzrXMhnMVDiI8QX9NYGJwI8KZ/LU6GDq/NnZ3gG5v4l4UU1GhgUbrk4I" - + "AZPDu99zvwCtkdj9lJN0eDv8jdyEPZ6g1qPBE0pCNqcCAwEAAaN4MHYwDwYDVR0T" - + "AQH/BAUwAwEB/zATBgNVHSAEDDAKMAgGBiqFcDwBBjAOBgNVHQ8BAf8EBAMCAQYw" - + "HwYDVR0jBBgwFoAUnkjp1bkQUOrkRiLgxpxwAe2GQFYwHQYDVR0OBBYEFNG9ynZD" - + "I100Zn6rtOMpKusdmrGYMA0GCSqGSIb3DQEBBQUAA4IBAQAPVSC4HEd+yCtSgL0j" - + "NI19U2hJeP28lAD7OA37bcLP7eNrvfU/2tuqY7rEn1m44fUbifewdgR8x2DzhM0m" - + "fJcA5Z12PYUb85L9z8ewGQdyHLNlMpKSTP+0lebSc/obFbteC4jjuvux60y5KVOp" - + "osXbGw2qyrS6uhZJrTDP1B+bYg/XBttG+i7Qzx0S5Tq//VU9OfAQZWpvejadKAk9" - + "WCcXq6zALiJcxsUwOHZRvvHDxkHuf5eZpPvm1gaqa+G9CtV+oysZMU1eTRasBHsB" - + "NRWYfOSXggsyqRHfIAVieB4VSsB8WhZYm8UgYoLhAQfSJ5Xq5cwBOHkVj33MxAyP" - + "c7Y5MIID/zCCAuegAwIBAgIRAOXEoBcV4gV3Z92gk5AuRgwwDQYJKoZIhvcNAQEF" - + "BQAwZjEkMCIGA1UECgwbRmluYW5zaWVsbCBJRC1UZWtuaWsgQklEIEFCMR8wHQYD" - + "VQQLDBZCYW5rSUQgTWVtYmVyIEJhbmtzIENBMR0wGwYDVQQDDBRCYW5rSUQgUm9v" - + "dCBDQSBURVNUMjAeFw0wNzEwMDExMTQ1NDlaFw0yOTA4MDExMTU4MjVaMIGVMQsw" - + "CQYDVQQGEwJTRTEzMDEGA1UECgwqTMOkbnNmw7Zyc8Oka3JpbmdhciBCYW5rIEFr" - + "dGllYm9sYWcgKHB1YmwpMRUwEwYDVQQFEwwxMTExMTExMTExMTExOjA4BgNVBAMM" - + "MUzDpG5zZsO2cnPDpGtyaW5nYXIgQmFuayBSb290IENBMSBmb3IgQmFua0lEIFRF" - + "U1QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBzn7IXIpyOGCCTuzL" - + "DKE/T+pFRTgFh3QgKtifZ4zxdvB2Sd5+90vUEGcGExUhzpgb9gOUrT1eE0XhdiUR" - + "YuYYpJI/nzPQWTsRtEaql7NHBPKnEauoA9oAhCT4pE5gLlqpTfkB8nAsRTI2XqpI" - + "hQ7vTvnTRx20xog21NIbz1GztV8H1kBH2eDvRX7cXGiugp6CXV/le9cB+/4TBNUN" - + "Xqupt79dM49KCoDuYr72W7Hv4BSWw3IInEN2m8T2X6UBpBGkCiGwLQy/+KOmYRK7" - + "1PSFC0rXDwOJ0HJ/8fHwx6vLMxHAQ6s/9vOW10MjgjSQlbVqH/4Pa+TlpWumSV4E" - + "l0z9AgMBAAGjeDB2MA8GA1UdEwEB/wQFMAMBAf8wEwYDVR0gBAwwCjAIBgYqhXA8" - + "AQYwDgYDVR0PAQH/BAQDAgEGMB8GA1UdIwQYMBaAFJuTMPljHcYdrRO9sEi1amb4" - + "tE3VMB0GA1UdDgQWBBSeSOnVuRBQ6uRGIuDGnHAB7YZAVjANBgkqhkiG9w0BAQUF" - + "AAOCAQEArnW/9n+G+84JOgv1Wn4tsBBS7QgJp1rdCoiNrZPx2du/7Wz3wQVNKBjL" - + "eMCyLjg0OVHuq4hpCv9MZpUqdcUW8gpp4dLDAAd1uE7xqVuG8g4Ir5qocxbZHQew" - + "fnqSJJDlEZgDeZIzod92OO+htv0MWqKWbr3Mo2Hqhn+t0+UVWsW4k44e7rUw3xQq" - + "r2VdMJv/C68BXUgqh3pplUDjWyXfreiACTT0q3HT6v6WaihKCa2WY9Kd1IkDcLHb" - + "TZk8FqMmGn72SgJw3H5Dvu7AiZijjNAUulMnMpxBEKyFTU2xRBlZZVcp50VJ2F7+" - + "siisxbcYOAX4GztLMlcyq921Ov/ipDCCA88wggK3oAMCAQICEQCmaX+5+m5bF5us" - + "CtyMq41SMA0GCSqGSIb3DQEBBQUAMGYxJDAiBgNVBAoMG0ZpbmFuc2llbGwgSUQt" - + "VGVrbmlrIEJJRCBBQjEfMB0GA1UECwwWQmFua0lEIE1lbWJlciBCYW5rcyBDQTEd" - + "MBsGA1UEAwwUQmFua0lEIFJvb3QgQ0EgVEVTVDIwHhcNMDQwODEzMDcyMDEwWhcN" - + "MjkwODEyMTIwMjQ2WjBmMSQwIgYDVQQKDBtGaW5hbnNpZWxsIElELVRla25payBC" - + "SUQgQUIxHzAdBgNVBAsMFkJhbmtJRCBNZW1iZXIgQmFua3MgQ0ExHTAbBgNVBAMM" - + "FEJhbmtJRCBSb290IENBIFRFU1QyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB" - + "CgKCAQEA25D0f1gipbACk4Bg3t6ODUlCWOU0TWeTkzAHR7IRB5T++yvsVosedMMW" - + "6KYYTbPONeJSt5kydX+wZi9nVNdlhkNULLbDKWfRY7x+B9MR1Q0Kq/e4VR0uRsak" - + "Bv5iwEYZ7cSR63HfBaPTqQsGobq+wtGH5JeTBrmCt4A3kN1UWgX32Dv/I3m7v8bK" - + "iwh4cnvAD9PIOtq6pOmAkSvLvp8jCy3qFLe9KAxm8M/ZAmnxYaRV8DVEg57FGoG6" - + "oiG3Ixx8PSVVdzpFY4kuUFLi4ueMPwjnXFiBhhWJJeOtFG3Lc2aW3zvcDbD/MsDm" - + "rSZNTmtbOOou8xuMKjlNY9PU5MHIaQIDAQABo3gwdjAPBgNVHRMBAf8EBTADAQH/" - + "MBMGA1UdIAQMMAowCAYGKoVwPAEGMA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAW" - + "gBSbkzD5Yx3GHa0TvbBItWpm+LRN1TAdBgNVHQ4EFgQUm5Mw+WMdxh2tE72wSLVq" - + "Zvi0TdUwDQYJKoZIhvcNAQEFBQADggEBAIQ4ZBHWssA38pfNzH5A+H3SXpAlI8Jc" - + "LuoMVOIwwbfd1Up0xopCs+Ay41v8FZtcTMFqCVTih2nzVusTgnFBPMPJ2cnTlRue" - + "kAtVRNsiWn2/Ool/OXoYf5YnpgYu8t9jLCBCoDS5YJg714r9V9hCwfey8TCWBU80" - + "vL7EIfjK13nUxf8d49GzZlFMNqGDMjfMp1FYrHBGLZBr8br/G/7em1Cprw7iR8cw" - + "pddz+QXXFIrIz5Y9D/x1RrwoLibPw0kMrSwI2G4aCvoBySfbD6cpnJf6YHRctdSb" - + "755zhdBW7XWTl6ReUVuEt0hTFms4F60kFAi5hIbDRSN1Slv5yP2b0EA="); - public String getName() - { - return "OCSP"; - } - - private void testECDSA() - throws Exception - { - String signDN = "O=Bouncy Castle, C=AU"; - KeyPair signKP = OCSPTestUtil.makeECKeyPair(); - X509Certificate testCert = OCSPTestUtil.makeECDSACertificate(signKP, signDN, signKP, signDN); - - String origDN = "CN=Eric H. Echidna, E=eric@bouncycastle.org, O=Bouncy Castle, C=AU"; - GeneralName origName = new GeneralName(new X509Name(origDN)); - - // - // general id value for our test issuer cert and a serial number. - // - CertificateID id = new CertificateID(CertificateID.HASH_SHA1, testCert, BigInteger.valueOf(1)); - - // - // basic request generation - // - OCSPReqGenerator gen = new OCSPReqGenerator(); - gen.addRequest(id); - - OCSPReq req = gen.generate(); - - if (req.isSigned()) - { - fail("signed but shouldn't be"); - } - - X509Certificate[] certs = req.getCerts("BC"); - - if (certs != null) - { - fail("null certs expected, but not found"); - } - - Req[] requests = req.getRequestList(); - - if (!requests[0].getCertID().equals(id)) - { - fail("Failed isFor test"); - } - - // - // request generation with signing - // - X509Certificate[] chain = new X509Certificate[1]; - - gen = new OCSPReqGenerator(); - - gen.setRequestorName(new GeneralName(GeneralName.directoryName, new X509Principal("CN=fred"))); - - gen.addRequest( - new CertificateID(CertificateID.HASH_SHA1, testCert, BigInteger.valueOf(1))); - - chain[0] = testCert; - - req = gen.generate("SHA1withECDSA", signKP.getPrivate(), chain, "BC"); - - if (!req.isSigned()) - { - fail("not signed but should be"); - } - - if (!req.verify(signKP.getPublic(), "BC")) - { - fail("signature failed to verify"); - } - - requests = req.getRequestList(); - - if (!requests[0].getCertID().equals(id)) - { - fail("Failed isFor test"); - } - - certs = req.getCerts("BC"); - - if (certs == null) - { - fail("null certs found"); - } - - if (certs.length != 1 || !certs[0].equals(testCert)) - { - fail("incorrect certs found in request"); - } - - // - // encoding test - // - byte[] reqEnc = req.getEncoded(); - - OCSPReq newReq = new OCSPReq(reqEnc); - - if (!newReq.verify(signKP.getPublic(), "BC")) - { - fail("newReq signature failed to verify"); - } - - // - // request generation with signing and nonce - // - chain = new X509Certificate[1]; - - gen = new OCSPReqGenerator(); - - Vector oids = new Vector(); - Vector values = new Vector(); - byte[] sampleNonce = new byte[16]; - Random rand = new Random(); - - rand.nextBytes(sampleNonce); - - gen.setRequestorName(new GeneralName(GeneralName.directoryName, new X509Principal("CN=fred"))); - - oids.addElement(OCSPObjectIdentifiers.id_pkix_ocsp_nonce); - values.addElement(new X509Extension(false, new DEROctetString(new DEROctetString(sampleNonce)))); - - gen.setRequestExtensions(new X509Extensions(oids, values)); - - gen.addRequest( - new CertificateID(CertificateID.HASH_SHA1, testCert, BigInteger.valueOf(1))); - - chain[0] = testCert; - - req = gen.generate("SHA1withECDSA", signKP.getPrivate(), chain, "BC"); - - if (!req.isSigned()) - { - fail("not signed but should be"); - } - - if (!req.verify(signKP.getPublic(), "BC")) - { - fail("signature failed to verify"); - } - - // - // extension check. - // - Set extOids = req.getCriticalExtensionOIDs(); - - if (extOids.size() != 0) - { - fail("wrong number of critical extensions in OCSP request."); - } - - extOids = req.getNonCriticalExtensionOIDs(); - - if (extOids.size() != 1) - { - fail("wrong number of non-critical extensions in OCSP request."); - } - - byte[] extValue = req.getExtensionValue(OCSPObjectIdentifiers.id_pkix_ocsp_nonce.getId()); - - ASN1Encodable extObj = X509ExtensionUtil.fromExtensionValue(extValue); - - if (!(extObj instanceof ASN1OctetString)) - { - fail("wrong extension type found."); - } - - if (!areEqual(((ASN1OctetString)extObj).getOctets(), sampleNonce)) - { - fail("wrong extension value found."); - } - - // - // request list check - // - requests = req.getRequestList(); - - if (!requests[0].getCertID().equals(id)) - { - fail("Failed isFor test"); - } - - // - // response generation - // - BasicOCSPRespGenerator respGen = new BasicOCSPRespGenerator(signKP.getPublic()); - - respGen.addResponse(id, CertificateStatus.GOOD); - - BasicOCSPResp resp = respGen.generate("SHA1withECDSA", signKP.getPrivate(), chain, new Date(), "BC"); - } - - private void testRSA() - throws Exception - { - String signDN = "O=Bouncy Castle, C=AU"; - KeyPair signKP = OCSPTestUtil.makeKeyPair(); - X509Certificate testCert = OCSPTestUtil.makeCertificate(signKP, signDN, signKP, signDN); - - String origDN = "CN=Eric H. Echidna, E=eric@bouncycastle.org, O=Bouncy Castle, C=AU"; - GeneralName origName = new GeneralName(new X509Name(origDN)); - - // - // general id value for our test issuer cert and a serial number. - // - CertificateID id = new CertificateID(CertificateID.HASH_SHA1, testCert, BigInteger.valueOf(1)); - - // - // basic request generation - // - OCSPReqGenerator gen = new OCSPReqGenerator(); - - gen.addRequest( - new CertificateID(CertificateID.HASH_SHA1, testCert, BigInteger.valueOf(1))); - - OCSPReq req = gen.generate(); - - if (req.isSigned()) - { - fail("signed but shouldn't be"); - } - - X509Certificate[] certs = req.getCerts("BC"); - - if (certs != null) - { - fail("null certs expected, but not found"); - } - - Req[] requests = req.getRequestList(); - - if (!requests[0].getCertID().equals(id)) - { - fail("Failed isFor test"); - } - - // - // request generation with signing - // - X509Certificate[] chain = new X509Certificate[1]; - - gen = new OCSPReqGenerator(); - - gen.setRequestorName(new GeneralName(GeneralName.directoryName, new X509Principal("CN=fred"))); - - gen.addRequest( - new CertificateID(CertificateID.HASH_SHA1, testCert, BigInteger.valueOf(1))); - - chain[0] = testCert; - - req = gen.generate("SHA1withRSA", signKP.getPrivate(), chain, "BC"); - - if (!req.isSigned()) - { - fail("not signed but should be"); - } - - if (!req.verify(signKP.getPublic(), "BC")) - { - fail("signature failed to verify"); - } - - requests = req.getRequestList(); - - if (!requests[0].getCertID().equals(id)) - { - fail("Failed isFor test"); - } - - certs = req.getCerts("BC"); - - if (certs == null) - { - fail("null certs found"); - } - - if (certs.length != 1 || !certs[0].equals(testCert)) - { - fail("incorrect certs found in request"); - } - - // - // encoding test - // - byte[] reqEnc = req.getEncoded(); - - OCSPReq newReq = new OCSPReq(reqEnc); - - if (!newReq.verify(signKP.getPublic(), "BC")) - { - fail("newReq signature failed to verify"); - } - - // - // request generation with signing and nonce - // - chain = new X509Certificate[1]; - - gen = new OCSPReqGenerator(); - - Vector oids = new Vector(); - Vector values = new Vector(); - byte[] sampleNonce = new byte[16]; - Random rand = new Random(); - - rand.nextBytes(sampleNonce); - - gen.setRequestorName(new GeneralName(GeneralName.directoryName, new X509Principal("CN=fred"))); - - oids.addElement(OCSPObjectIdentifiers.id_pkix_ocsp_nonce); - values.addElement(new X509Extension(false, new DEROctetString(new DEROctetString(sampleNonce)))); - - gen.setRequestExtensions(new X509Extensions(oids, values)); - - gen.addRequest( - new CertificateID(CertificateID.HASH_SHA1, testCert, BigInteger.valueOf(1))); - - chain[0] = testCert; - - req = gen.generate("SHA1withRSA", signKP.getPrivate(), chain, "BC"); - - if (!req.isSigned()) - { - fail("not signed but should be"); - } - - if (!req.verify(signKP.getPublic(), "BC")) - { - fail("signature failed to verify"); - } - - // - // extension check. - // - Set extOids = req.getCriticalExtensionOIDs(); - - if (extOids.size() != 0) - { - fail("wrong number of critical extensions in OCSP request."); - } - - extOids = req.getNonCriticalExtensionOIDs(); - - if (extOids.size() != 1) - { - fail("wrong number of non-critical extensions in OCSP request."); - } - - byte[] extValue = req.getExtensionValue(OCSPObjectIdentifiers.id_pkix_ocsp_nonce.getId()); - - ASN1Encodable extObj = X509ExtensionUtil.fromExtensionValue(extValue); - - if (!(extObj instanceof ASN1OctetString)) - { - fail("wrong extension type found."); - } - - if (!areEqual(((ASN1OctetString)extObj).getOctets(), sampleNonce)) - { - fail("wrong extension value found."); - } - - // - // request list check - // - requests = req.getRequestList(); - - if (!requests[0].getCertID().equals(id)) - { - fail("Failed isFor test"); - } - - // - // response generation - // - BasicOCSPRespGenerator respGen = new BasicOCSPRespGenerator(signKP.getPublic()); - - respGen.addResponse(id, CertificateStatus.GOOD); - - BasicOCSPResp resp = respGen.generate("SHA1withRSA", signKP.getPrivate(), chain, new Date(), "BC"); - OCSPRespGenerator rGen = new OCSPRespGenerator(); - - byte[] enc = rGen.generate(OCSPRespGenerator.SUCCESSFUL, resp).getEncoded(); - } - - private void testIrregularVersionReq() - throws Exception - { - OCSPReq ocspRequest = new OCSPReq(irregReq); - X509Certificate cert = ocspRequest.getCerts("BC")[0]; - if (!ocspRequest.verify(cert.getPublicKey(), "BC")) - { - fail("extra version encoding test failed"); - } - } - - public void performTest() - throws Exception - { - String signDN = "O=Bouncy Castle, C=AU"; - KeyPair signKP = OCSPTestUtil.makeKeyPair(); - X509Certificate testCert = OCSPTestUtil.makeCertificate(signKP, signDN, signKP, signDN); - - String origDN = "CN=Eric H. Echidna, E=eric@bouncycastle.org, O=Bouncy Castle, C=AU"; - GeneralName origName = new GeneralName(new X509Name(origDN)); - - // - // general id value for our test issuer cert and a serial number. - // - CertificateID id = new CertificateID(CertificateID.HASH_SHA1, testCert, BigInteger.valueOf(1)); - - // - // general id value for our test issuer cert and a serial number and the default provider - // - id = new CertificateID(CertificateID.HASH_SHA1, testCert, BigInteger.valueOf(1), null); - - // - // basic request generation - // - OCSPReqGenerator gen = new OCSPReqGenerator(); - - gen.addRequest( - new CertificateID(CertificateID.HASH_SHA1, testCert, BigInteger.valueOf(1))); - - OCSPReq req = gen.generate(); - - if (req.isSigned()) - { - fail("signed but shouldn't be"); - } - - X509Certificate[] certs = req.getCerts("BC"); - - if (certs != null) - { - fail("null certs expected, but not found"); - } - - Req[] requests = req.getRequestList(); - - if (!requests[0].getCertID().equals(id)) - { - fail("Failed isFor test"); - } - - // - // request generation with signing - // - X509Certificate[] chain = new X509Certificate[1]; - - gen = new OCSPReqGenerator(); - - gen.setRequestorName(new GeneralName(GeneralName.directoryName, new X509Principal("CN=fred"))); - - gen.addRequest( - new CertificateID(CertificateID.HASH_SHA1, testCert, BigInteger.valueOf(1))); - - chain[0] = testCert; - - req = gen.generate("SHA1withRSA", signKP.getPrivate(), chain, "BC"); - - if (!req.isSigned()) - { - fail("not signed but should be"); - } - - if (!req.verify(signKP.getPublic(), "BC")) - { - fail("signature failed to verify"); - } - - requests = req.getRequestList(); - - if (!requests[0].getCertID().equals(id)) - { - fail("Failed isFor test"); - } - - certs = req.getCerts("BC"); - - if (certs == null) - { - fail("null certs found"); - } - - if (certs.length != 1 || !certs[0].equals(testCert)) - { - fail("incorrect certs found in request"); - } - - // - // encoding test - // - byte[] reqEnc = req.getEncoded(); - - OCSPReq newReq = new OCSPReq(reqEnc); - - if (!newReq.verify(signKP.getPublic(), "BC")) - { - fail("newReq signature failed to verify"); - } - - // - // request generation with signing and nonce - // - chain = new X509Certificate[1]; - - gen = new OCSPReqGenerator(); - - Vector oids = new Vector(); - Vector values = new Vector(); - byte[] sampleNonce = new byte[16]; - Random rand = new Random(); - - rand.nextBytes(sampleNonce); - - gen.setRequestorName(new GeneralName(GeneralName.directoryName, new X509Principal("CN=fred"))); - - oids.addElement(OCSPObjectIdentifiers.id_pkix_ocsp_nonce); - values.addElement(new X509Extension(false, new DEROctetString(new DEROctetString(sampleNonce)))); - - gen.setRequestExtensions(new X509Extensions(oids, values)); - - gen.addRequest( - new CertificateID(CertificateID.HASH_SHA1, testCert, BigInteger.valueOf(1))); - - chain[0] = testCert; - - req = gen.generate("SHA1withRSA", signKP.getPrivate(), chain, "BC"); - - if (!req.isSigned()) - { - fail("not signed but should be"); - } - - if (!req.verify(signKP.getPublic(), "BC")) - { - fail("signature failed to verify"); - } - - // - // extension check. - // - Set extOids = req.getCriticalExtensionOIDs(); - - if (extOids.size() != 0) - { - fail("wrong number of critical extensions in OCSP request."); - } - - extOids = req.getNonCriticalExtensionOIDs(); - - if (extOids.size() != 1) - { - fail("wrong number of non-critical extensions in OCSP request."); - } - - byte[] extValue = req.getExtensionValue(OCSPObjectIdentifiers.id_pkix_ocsp_nonce.getId()); - - ASN1Encodable extObj = X509ExtensionUtil.fromExtensionValue(extValue); - - if (!(extObj instanceof ASN1OctetString)) - { - fail("wrong extension type found."); - } - - if (!areEqual(((ASN1OctetString)extObj).getOctets(), sampleNonce)) - { - fail("wrong extension value found."); - } - - // - // request list check - // - requests = req.getRequestList(); - - if (!requests[0].getCertID().equals(id)) - { - fail("Failed isFor test"); - } - - // - // response parsing - test 1 - // - OCSPResp response = new OCSPResp(new ByteArrayInputStream(testResp1)); - - if (response.getStatus() != 0) - { - fail("response status not zero."); - } - - BasicOCSPResp brep = (BasicOCSPResp)response.getResponseObject(); - chain = brep.getCerts("BC"); - - if (!brep.verify(chain[0].getPublicKey(), "BC")) - { - fail("response 1 failed to verify."); - } - - // - // test 2 - // - SingleResp[] singleResp = brep.getResponses(); - - response = new OCSPResp(new ByteArrayInputStream(testResp2)); - - if (response.getStatus() != 0) - { - fail("response status not zero."); - } - - brep = (BasicOCSPResp)response.getResponseObject(); - chain = brep.getCerts("BC"); - - if (!brep.verify(chain[0].getPublicKey(), "BC")) - { - fail("response 2 failed to verify."); - } - - singleResp = brep.getResponses(); - - // - // simple response generation - // - OCSPRespGenerator respGen = new OCSPRespGenerator(); - OCSPResp resp = respGen.generate(OCSPRespGenerator.SUCCESSFUL, response.getResponseObject()); - - if (!resp.getResponseObject().equals(response.getResponseObject())) - { - fail("response fails to match"); - } - - testECDSA(); - testRSA(); - testIrregularVersionReq(); - } - - public static void main( - String[] args) - { - Security.addProvider(new BouncyCastleProvider()); - - runTest(new OCSPTest()); - } -} diff --git a/pkix/src/test/jdk1.1/org/bouncycastle/cert/test/PKCS10Test.java b/pkix/src/test/jdk1.1/org/bouncycastle/cert/test/PKCS10Test.java index 48787e0d..ddd2cb66 100644 --- a/pkix/src/test/jdk1.1/org/bouncycastle/cert/test/PKCS10Test.java +++ b/pkix/src/test/jdk1.1/org/bouncycastle/cert/test/PKCS10Test.java @@ -24,9 +24,11 @@ import org.bouncycastle.asn1.x500.style.BCStyle; import org.bouncycastle.asn1.x509.BasicConstraints; import org.bouncycastle.asn1.x509.KeyUsage; import org.bouncycastle.asn1.x509.SubjectKeyIdentifier; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.asn1.x509.X509Extension; import org.bouncycastle.asn1.x509.X509Extensions; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; +import org.bouncycastle.cert.bc.BcX509ExtensionUtils; import org.bouncycastle.jce.ECGOST3410NamedCurveTable; import org.bouncycastle.jce.ECNamedCurveTable; import org.bouncycastle.jce.interfaces.ECPointEncoder; @@ -296,7 +298,7 @@ public class PKCS10Test oids.addElement(X509Extension.keyUsage); values.addElement(new X509Extension(true, new DEROctetString( new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign)))); - SubjectKeyIdentifier subjectKeyIdentifier = new SubjectKeyIdentifierStructure(pair.getPublic()); + SubjectKeyIdentifier subjectKeyIdentifier = new BcX509ExtensionUtils().createSubjectKeyIdentifier(SubjectPublicKeyInfo.getInstance(pair.getPublic().getEncoded())); X509Extension ski = new X509Extension(false, new DEROctetString(subjectKeyIdentifier)); oids.addElement(X509Extension.subjectKeyIdentifier); values.addElement(ski); diff --git a/pkix/src/test/jdk1.3/org/bouncycastle/cert/crmf/test/AllTests.java b/pkix/src/test/jdk1.3/org/bouncycastle/cert/crmf/test/AllTests.java index d450e929..c73fc1b8 100644 --- a/pkix/src/test/jdk1.3/org/bouncycastle/cert/crmf/test/AllTests.java +++ b/pkix/src/test/jdk1.3/org/bouncycastle/cert/crmf/test/AllTests.java @@ -24,10 +24,10 @@ import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.asn1.x509.GeneralName; import org.bouncycastle.cert.X509CertificateHolder; import org.bouncycastle.cert.X509v1CertificateBuilder; +import org.bouncycastle.cert.crmf.bc.BcFixedLengthMGF1Padder; import org.bouncycastle.cert.crmf.EncryptedValueBuilder; import org.bouncycastle.cert.crmf.EncryptedValuePadder; import org.bouncycastle.cert.crmf.EncryptedValueParser; -import org.bouncycastle.cert.crmf.FixedLengthMGF1Padder; import org.bouncycastle.cert.crmf.PKIArchiveControl; import org.bouncycastle.cert.crmf.PKMACBuilder; import org.bouncycastle.cert.crmf.ValueDecryptorGenerator; @@ -40,7 +40,6 @@ import org.bouncycastle.cert.crmf.jcajce.JceCRMFEncryptorBuilder; import org.bouncycastle.cert.crmf.jcajce.JcePKMACValuesCalculator; import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; import org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder; -import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder; import org.bouncycastle.cms.CMSAlgorithm; import org.bouncycastle.cms.CMSEnvelopedDataGenerator; import org.bouncycastle.cms.RecipientId; @@ -284,7 +283,7 @@ public class AllTests KeyPair kp = kGen.generateKeyPair(); X509Certificate cert = makeV1Certificate(kp, "CN=Test", kp, "CN=Test"); - FixedLengthMGF1Padder mgf1Padder = new FixedLengthMGF1Padder(200, new SecureRandom()); + BcFixedLengthMGF1Padder mgf1Padder = new BcFixedLengthMGF1Padder(200, new SecureRandom()); EncryptedValueBuilder build = new EncryptedValueBuilder(new JceAsymmetricKeyWrapper(cert.getPublicKey()).setProvider(BC), new JceCRMFEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build(), mgf1Padder); EncryptedValue value = build.build(passphrase); ValueDecryptorGenerator decGen = new JceAsymmetricValueDecryptorGenerator(kp.getPrivate()).setProvider(BC); diff --git a/pkix/src/test/jdk1.3/org/bouncycastle/cert/test/PKCS10Test.java b/pkix/src/test/jdk1.3/org/bouncycastle/cert/test/PKCS10Test.java index 58838811..6a3397c4 100644 --- a/pkix/src/test/jdk1.3/org/bouncycastle/cert/test/PKCS10Test.java +++ b/pkix/src/test/jdk1.3/org/bouncycastle/cert/test/PKCS10Test.java @@ -427,7 +427,7 @@ public class PKCS10Test oids.addElement(X509Extension.keyUsage); values.addElement(new X509Extension(true, new DEROctetString( new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign)))); - SubjectKeyIdentifier subjectKeyIdentifier = new SubjectKeyIdentifierStructure(pair.getPublic()); + SubjectKeyIdentifier subjectKeyIdentifier = new BcX509ExtensionUtils().createSubjectKeyIdentifier(SubjectPublicKeyInfo.getInstance(pair.getPublic().getEncoded())); X509Extension ski = new X509Extension(false, new DEROctetString(subjectKeyIdentifier)); oids.addElement(X509Extension.subjectKeyIdentifier); values.addElement(ski); diff --git a/prov/src/main/java/org/bouncycastle/ocsp/BasicOCSPResp.java b/prov/src/main/java/org/bouncycastle/ocsp/BasicOCSPResp.java deleted file mode 100644 index dec8312b..00000000 --- a/prov/src/main/java/org/bouncycastle/ocsp/BasicOCSPResp.java +++ /dev/null @@ -1,366 +0,0 @@ -package org.bouncycastle.ocsp; - -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.security.InvalidAlgorithmParameterException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PublicKey; -import java.security.Signature; -import java.security.cert.CertStore; -import java.security.cert.CertStoreParameters; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.security.cert.CollectionCertStoreParameters; -import java.security.cert.X509Certificate; -import java.text.ParseException; -import java.util.ArrayList; -import java.util.Date; -import java.util.Enumeration; -import java.util.HashSet; -import java.util.List; -import java.util.Set; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OutputStream; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ocsp.BasicOCSPResponse; -import org.bouncycastle.asn1.ocsp.ResponseData; -import org.bouncycastle.asn1.ocsp.SingleResponse; -import org.bouncycastle.asn1.x509.X509Extension; -import org.bouncycastle.asn1.x509.X509Extensions; - -/** - * <pre> - * BasicOCSPResponse ::= SEQUENCE { - * tbsResponseData ResponseData, - * signatureAlgorithm AlgorithmIdentifier, - * signature BIT STRING, - * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } - * </pre> - * - * @deprecated use classes in org.bouncycastle.cert.ocsp. - */ -public class BasicOCSPResp - implements java.security.cert.X509Extension -{ - BasicOCSPResponse resp; - ResponseData data; - X509Certificate[] chain = null; - - public BasicOCSPResp( - BasicOCSPResponse resp) - { - this.resp = resp; - this.data = resp.getTbsResponseData(); - } - - /** - * Return the DER encoding of the tbsResponseData field. - * @return DER encoding of tbsResponseData - * @throws OCSPException in the event of an encoding error. - */ - public byte[] getTBSResponseData() - throws OCSPException - { - try - { - return resp.getTbsResponseData().getEncoded(); - } - catch (IOException e) - { - throw new OCSPException("problem encoding tbsResponseData", e); - } - } - - public int getVersion() - { - return data.getVersion().getValue().intValue() + 1; - } - - public RespID getResponderId() - { - return new RespID(data.getResponderID()); - } - - public Date getProducedAt() - { - try - { - return data.getProducedAt().getDate(); - } - catch (ParseException e) - { - throw new IllegalStateException("ParseException:" + e.getMessage()); - } - } - - public SingleResp[] getResponses() - { - ASN1Sequence s = data.getResponses(); - SingleResp[] rs = new SingleResp[s.size()]; - - for (int i = 0; i != rs.length; i++) - { - rs[i] = new SingleResp(SingleResponse.getInstance(s.getObjectAt(i))); - } - - return rs; - } - - public X509Extensions getResponseExtensions() - { - return X509Extensions.getInstance(data.getResponseExtensions()); - } - - /** - * RFC 2650 doesn't specify any critical extensions so we return true - * if any are encountered. - * - * @return true if any critical extensions are present. - */ - public boolean hasUnsupportedCriticalExtension() - { - Set extns = getCriticalExtensionOIDs(); - if (extns != null && !extns.isEmpty()) - { - return true; - } - - return false; - } - - private Set getExtensionOIDs(boolean critical) - { - Set set = new HashSet(); - X509Extensions extensions = this.getResponseExtensions(); - - if (extensions != null) - { - Enumeration e = extensions.oids(); - - while (e.hasMoreElements()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); - X509Extension ext = extensions.getExtension(oid); - - if (critical == ext.isCritical()) - { - set.add(oid.getId()); - } - } - } - - return set; - } - - public Set getCriticalExtensionOIDs() - { - return getExtensionOIDs(true); - } - - public Set getNonCriticalExtensionOIDs() - { - return getExtensionOIDs(false); - } - - public byte[] getExtensionValue(String oid) - { - X509Extensions exts = this.getResponseExtensions(); - - if (exts != null) - { - X509Extension ext = exts.getExtension(new ASN1ObjectIdentifier(oid)); - - if (ext != null) - { - try - { - return ext.getValue().getEncoded(ASN1Encoding.DER); - } - catch (Exception e) - { - throw new RuntimeException("error encoding " + e.toString()); - } - } - } - - return null; - } - - public String getSignatureAlgName() - { - return OCSPUtil.getAlgorithmName(resp.getSignatureAlgorithm().getObjectId()); - } - - public String getSignatureAlgOID() - { - return resp.getSignatureAlgorithm().getObjectId().getId(); - } - - /** - * @deprecated RespData class is no longer required as all functionality is - * available on this class. - * @return the RespData object - */ - public RespData getResponseData() - { - return new RespData(resp.getTbsResponseData()); - } - - public byte[] getSignature() - { - return resp.getSignature().getBytes(); - } - - private List getCertList( - String provider) - throws OCSPException, NoSuchProviderException - { - List certs = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - ASN1OutputStream aOut = new ASN1OutputStream(bOut); - CertificateFactory cf; - - try - { - cf = OCSPUtil.createX509CertificateFactory(provider); - } - catch (CertificateException ex) - { - throw new OCSPException("can't get certificate factory.", ex); - } - - // - // load the certificates and revocation lists if we have any - // - ASN1Sequence s = resp.getCerts(); - - if (s != null) - { - Enumeration e = s.getObjects(); - - while (e.hasMoreElements()) - { - try - { - aOut.writeObject((ASN1Encodable)e.nextElement()); - - certs.add(cf.generateCertificate( - new ByteArrayInputStream(bOut.toByteArray()))); - } - catch (IOException ex) - { - throw new OCSPException( - "can't re-encode certificate!", ex); - } - catch (CertificateException ex) - { - throw new OCSPException( - "can't re-encode certificate!", ex); - } - - bOut.reset(); - } - } - - return certs; - } - - public X509Certificate[] getCerts( - String provider) - throws OCSPException, NoSuchProviderException - { - List certs = getCertList(provider); - - return (X509Certificate[])certs.toArray(new X509Certificate[certs.size()]); - } - - /** - * Return the certificates, if any associated with the response. - * @param type type of CertStore to create - * @param provider provider to use - * @return a CertStore, possibly empty - * @throws NoSuchAlgorithmException - * @throws NoSuchProviderException - * @throws OCSPException - */ - public CertStore getCertificates( - String type, - String provider) - throws NoSuchAlgorithmException, NoSuchProviderException, OCSPException - { - try - { - CertStoreParameters params = new CollectionCertStoreParameters(this.getCertList(provider)); - return OCSPUtil.createCertStoreInstance(type, params, provider); - } - catch (InvalidAlgorithmParameterException e) - { - throw new OCSPException("can't setup the CertStore", e); - } - } - - /** - * verify the signature against the tbsResponseData object we contain. - */ - public boolean verify( - PublicKey key, - String sigProvider) - throws OCSPException, NoSuchProviderException - { - try - { - Signature signature = OCSPUtil.createSignatureInstance(this.getSignatureAlgName(), sigProvider); - - signature.initVerify(key); - - signature.update(resp.getTbsResponseData().getEncoded(ASN1Encoding.DER)); - - return signature.verify(this.getSignature()); - } - catch (NoSuchProviderException e) - { - // TODO Why this special case? - throw e; - } - catch (Exception e) - { - throw new OCSPException("exception processing sig: " + e, e); - } - } - - /** - * return the ASN.1 encoded representation of this object. - */ - public byte[] getEncoded() - throws IOException - { - return resp.getEncoded(); - } - - public boolean equals(Object o) - { - if (o == this) - { - return true; - } - - if (!(o instanceof BasicOCSPResp)) - { - return false; - } - - BasicOCSPResp r = (BasicOCSPResp)o; - - return resp.equals(r.resp); - } - - public int hashCode() - { - return resp.hashCode(); - } -} diff --git a/prov/src/main/java/org/bouncycastle/ocsp/BasicOCSPRespGenerator.java b/prov/src/main/java/org/bouncycastle/ocsp/BasicOCSPRespGenerator.java deleted file mode 100644 index 85a1121b..00000000 --- a/prov/src/main/java/org/bouncycastle/ocsp/BasicOCSPRespGenerator.java +++ /dev/null @@ -1,344 +0,0 @@ -package org.bouncycastle.ocsp; - -import java.io.IOException; -import java.security.GeneralSecurityException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.Signature; -import java.security.cert.CertificateEncodingException; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Date; -import java.util.Iterator; -import java.util.List; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1GeneralizedTime; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.ocsp.BasicOCSPResponse; -import org.bouncycastle.asn1.ocsp.CertStatus; -import org.bouncycastle.asn1.ocsp.ResponseData; -import org.bouncycastle.asn1.ocsp.RevokedInfo; -import org.bouncycastle.asn1.ocsp.SingleResponse; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.CRLReason; -import org.bouncycastle.asn1.x509.X509CertificateStructure; -import org.bouncycastle.asn1.x509.X509Extensions; - -/** - * Generator for basic OCSP response objects. - * - * @deprecated use classes in org.bouncycastle.cert.ocsp. - */ -public class BasicOCSPRespGenerator -{ - private List list = new ArrayList(); - private X509Extensions responseExtensions = null; - private RespID responderID; - - private class ResponseObject - { - CertificateID certId; - CertStatus certStatus; - ASN1GeneralizedTime thisUpdate; - ASN1GeneralizedTime nextUpdate; - X509Extensions extensions; - - public ResponseObject( - CertificateID certId, - CertificateStatus certStatus, - Date thisUpdate, - Date nextUpdate, - X509Extensions extensions) - { - this.certId = certId; - - if (certStatus == null) - { - this.certStatus = new CertStatus(); - } - else if (certStatus instanceof UnknownStatus) - { - this.certStatus = new CertStatus(2, DERNull.INSTANCE); - } - else - { - RevokedStatus rs = (RevokedStatus)certStatus; - - if (rs.hasRevocationReason()) - { - this.certStatus = new CertStatus( - new RevokedInfo(new ASN1GeneralizedTime(rs.getRevocationTime()), CRLReason.lookup(rs.getRevocationReason()))); - } - else - { - this.certStatus = new CertStatus( - new RevokedInfo(new ASN1GeneralizedTime(rs.getRevocationTime()), null)); - } - } - - this.thisUpdate = new DERGeneralizedTime(thisUpdate); - - if (nextUpdate != null) - { - this.nextUpdate = new DERGeneralizedTime(nextUpdate); - } - else - { - this.nextUpdate = null; - } - - this.extensions = extensions; - } - - public SingleResponse toResponse() - throws Exception - { - return new SingleResponse(certId.toASN1Object(), certStatus, thisUpdate, nextUpdate, extensions); - } - } - - /** - * basic constructor - */ - public BasicOCSPRespGenerator( - RespID responderID) - { - this.responderID = responderID; - } - - /** - * construct with the responderID to be the SHA-1 keyHash of the passed in public key. - */ - public BasicOCSPRespGenerator( - PublicKey key) - throws OCSPException - { - this.responderID = new RespID(key); - } - - /** - * Add a response for a particular Certificate ID. - * - * @param certID certificate ID details - * @param certStatus status of the certificate - null if okay - */ - public void addResponse( - CertificateID certID, - CertificateStatus certStatus) - { - list.add(new ResponseObject(certID, certStatus, new Date(), null, null)); - } - - /** - * Add a response for a particular Certificate ID. - * - * @param certID certificate ID details - * @param certStatus status of the certificate - null if okay - * @param singleExtensions optional extensions - */ - public void addResponse( - CertificateID certID, - CertificateStatus certStatus, - X509Extensions singleExtensions) - { - list.add(new ResponseObject(certID, certStatus, new Date(), null, singleExtensions)); - } - - /** - * Add a response for a particular Certificate ID. - * - * @param certID certificate ID details - * @param nextUpdate date when next update should be requested - * @param certStatus status of the certificate - null if okay - * @param singleExtensions optional extensions - */ - public void addResponse( - CertificateID certID, - CertificateStatus certStatus, - Date nextUpdate, - X509Extensions singleExtensions) - { - list.add(new ResponseObject(certID, certStatus, new Date(), nextUpdate, singleExtensions)); - } - - /** - * Add a response for a particular Certificate ID. - * - * @param certID certificate ID details - * @param thisUpdate date this response was valid on - * @param nextUpdate date when next update should be requested - * @param certStatus status of the certificate - null if okay - * @param singleExtensions optional extensions - */ - public void addResponse( - CertificateID certID, - CertificateStatus certStatus, - Date thisUpdate, - Date nextUpdate, - X509Extensions singleExtensions) - { - list.add(new ResponseObject(certID, certStatus, thisUpdate, nextUpdate, singleExtensions)); - } - - /** - * Set the extensions for the response. - * - * @param responseExtensions the extension object to carry. - */ - public void setResponseExtensions( - X509Extensions responseExtensions) - { - this.responseExtensions = responseExtensions; - } - - private BasicOCSPResp generateResponse( - String signatureName, - PrivateKey key, - X509Certificate[] chain, - Date producedAt, - String provider, - SecureRandom random) - throws OCSPException, NoSuchProviderException - { - Iterator it = list.iterator(); - ASN1ObjectIdentifier signingAlgorithm; - - try - { - signingAlgorithm = OCSPUtil.getAlgorithmOID(signatureName); - } - catch (Exception e) - { - throw new IllegalArgumentException("unknown signing algorithm specified"); - } - - ASN1EncodableVector responses = new ASN1EncodableVector(); - - while (it.hasNext()) - { - try - { - responses.add(((ResponseObject)it.next()).toResponse()); - } - catch (Exception e) - { - throw new OCSPException("exception creating Request", e); - } - } - - ResponseData tbsResp = new ResponseData(responderID.toASN1Object(), new DERGeneralizedTime(producedAt), new DERSequence(responses), responseExtensions); - - Signature sig = null; - - try - { - sig = OCSPUtil.createSignatureInstance(signatureName, provider); - if (random != null) - { - sig.initSign(key, random); - } - else - { - sig.initSign(key); - } - } - catch (NoSuchProviderException e) - { - // TODO Why this special case? - throw e; - } - catch (GeneralSecurityException e) - { - throw new OCSPException("exception creating signature: " + e, e); - } - - DERBitString bitSig = null; - - try - { - sig.update(tbsResp.getEncoded(ASN1Encoding.DER)); - - bitSig = new DERBitString(sig.sign()); - } - catch (Exception e) - { - throw new OCSPException("exception processing TBSRequest: " + e, e); - } - - AlgorithmIdentifier sigAlgId = OCSPUtil.getSigAlgID(signingAlgorithm); - - DERSequence chainSeq = null; - if (chain != null && chain.length > 0) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - try - { - for (int i = 0; i != chain.length; i++) - { - v.add(new X509CertificateStructure( - (ASN1Sequence)ASN1Primitive.fromByteArray(chain[i].getEncoded()))); - } - } - catch (IOException e) - { - throw new OCSPException("error processing certs", e); - } - catch (CertificateEncodingException e) - { - throw new OCSPException("error encoding certs", e); - } - - chainSeq = new DERSequence(v); - } - - return new BasicOCSPResp(new BasicOCSPResponse(tbsResp, sigAlgId, bitSig, chainSeq)); - } - - public BasicOCSPResp generate( - String signingAlgorithm, - PrivateKey key, - X509Certificate[] chain, - Date thisUpdate, - String provider) - throws OCSPException, NoSuchProviderException, IllegalArgumentException - { - return generate(signingAlgorithm, key, chain, thisUpdate, provider, null); - } - - public BasicOCSPResp generate( - String signingAlgorithm, - PrivateKey key, - X509Certificate[] chain, - Date producedAt, - String provider, - SecureRandom random) - throws OCSPException, NoSuchProviderException, IllegalArgumentException - { - if (signingAlgorithm == null) - { - throw new IllegalArgumentException("no signing algorithm specified"); - } - - return generateResponse(signingAlgorithm, key, chain, producedAt, provider, random); - } - - /** - * Return an iterator of the signature names supported by the generator. - * - * @return an iterator containing recognised names. - */ - public Iterator getSignatureAlgNames() - { - return OCSPUtil.getAlgNames(); - } -} diff --git a/prov/src/main/java/org/bouncycastle/ocsp/CertificateID.java b/prov/src/main/java/org/bouncycastle/ocsp/CertificateID.java deleted file mode 100644 index 87bb461c..00000000 --- a/prov/src/main/java/org/bouncycastle/ocsp/CertificateID.java +++ /dev/null @@ -1,170 +0,0 @@ -package org.bouncycastle.ocsp; - -import java.math.BigInteger; -import java.security.MessageDigest; -import java.security.PublicKey; -import java.security.cert.X509Certificate; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.ocsp.CertID; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.jce.PrincipalUtil; -import org.bouncycastle.jce.X509Principal; - -public class CertificateID -{ - public static final String HASH_SHA1 = "1.3.14.3.2.26"; - - private final CertID id; - - public CertificateID( - CertID id) - { - if (id == null) - { - throw new IllegalArgumentException("'id' cannot be null"); - } - this.id = id; - } - - /** - * create from an issuer certificate and the serial number of the - * certificate it signed. - * - * @param hashAlgorithm hash algorithm to use - * @param issuerCert issuing certificate - * @param number serial number - * @param provider provider to use for hashAlgorithm, null if the default one should be used. - * - * @exception OCSPException if any problems occur creating the id fields. - */ - public CertificateID( - String hashAlgorithm, - X509Certificate issuerCert, - BigInteger number, - String provider) - throws OCSPException - { - AlgorithmIdentifier hashAlg = new AlgorithmIdentifier( - new ASN1ObjectIdentifier(hashAlgorithm), DERNull.INSTANCE); - - this.id = createCertID(hashAlg, issuerCert, new ASN1Integer(number), provider); - } - - /** - * create using the BC provider - */ - public CertificateID( - String hashAlgorithm, - X509Certificate issuerCert, - BigInteger number) - throws OCSPException - { - this(hashAlgorithm, issuerCert, number, "BC"); - } - - public String getHashAlgOID() - { - return id.getHashAlgorithm().getObjectId().getId(); - } - - public byte[] getIssuerNameHash() - { - return id.getIssuerNameHash().getOctets(); - } - - public byte[] getIssuerKeyHash() - { - return id.getIssuerKeyHash().getOctets(); - } - - /** - * return the serial number for the certificate associated - * with this request. - */ - public BigInteger getSerialNumber() - { - return id.getSerialNumber().getValue(); - } - - public boolean matchesIssuer(X509Certificate issuerCert, String provider) - throws OCSPException - { - return createCertID(id.getHashAlgorithm(), issuerCert, id.getSerialNumber(), provider) - .equals(id); - } - - public CertID toASN1Object() - { - return id; - } - - public boolean equals( - Object o) - { - if (!(o instanceof CertificateID)) - { - return false; - } - - CertificateID obj = (CertificateID)o; - - return id.toASN1Primitive().equals(obj.id.toASN1Primitive()); - } - - public int hashCode() - { - return id.toASN1Primitive().hashCode(); - } - - /** - * Create a new CertificateID for a new serial number derived from a previous one - * calculated for the same CA certificate. - * - * @param original the previously calculated CertificateID for the CA. - * @param newSerialNumber the serial number for the new certificate of interest. - * - * @return a new CertificateID for newSerialNumber - */ - public static CertificateID deriveCertificateID(CertificateID original, BigInteger newSerialNumber) - { - return new CertificateID(new CertID(original.id.getHashAlgorithm(), original.id.getIssuerNameHash(), original.id.getIssuerKeyHash(), new ASN1Integer(newSerialNumber))); - } - - private static CertID createCertID(AlgorithmIdentifier hashAlg, X509Certificate issuerCert, - ASN1Integer serialNumber, String provider) - throws OCSPException - { - try - { - MessageDigest digest = OCSPUtil.createDigestInstance(hashAlg.getAlgorithm() .getId(), - provider); - - X509Principal issuerName = PrincipalUtil.getSubjectX509Principal(issuerCert); - - digest.update(issuerName.getEncoded()); - - ASN1OctetString issuerNameHash = new DEROctetString(digest.digest()); - PublicKey issuerKey = issuerCert.getPublicKey(); - - ASN1InputStream aIn = new ASN1InputStream(issuerKey.getEncoded()); - SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(aIn.readObject()); - - digest.update(info.getPublicKeyData().getBytes()); - - ASN1OctetString issuerKeyHash = new DEROctetString(digest.digest()); - - return new CertID(hashAlg, issuerNameHash, issuerKeyHash, serialNumber); - } - catch (Exception e) - { - throw new OCSPException("problem creating ID: " + e, e); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/ocsp/CertificateStatus.java b/prov/src/main/java/org/bouncycastle/ocsp/CertificateStatus.java deleted file mode 100644 index 992ca55f..00000000 --- a/prov/src/main/java/org/bouncycastle/ocsp/CertificateStatus.java +++ /dev/null @@ -1,6 +0,0 @@ -package org.bouncycastle.ocsp; - -public interface CertificateStatus -{ - public static final CertificateStatus GOOD = null; -} diff --git a/prov/src/main/java/org/bouncycastle/ocsp/OCSPException.java b/prov/src/main/java/org/bouncycastle/ocsp/OCSPException.java deleted file mode 100644 index d354a310..00000000 --- a/prov/src/main/java/org/bouncycastle/ocsp/OCSPException.java +++ /dev/null @@ -1,32 +0,0 @@ -package org.bouncycastle.ocsp; - -public class OCSPException - extends Exception -{ - Exception e; - - public OCSPException( - String name) - { - super(name); - } - - public OCSPException( - String name, - Exception e) - { - super(name); - - this.e = e; - } - - public Exception getUnderlyingException() - { - return e; - } - - public Throwable getCause() - { - return e; - } -} diff --git a/prov/src/main/java/org/bouncycastle/ocsp/OCSPReq.java b/prov/src/main/java/org/bouncycastle/ocsp/OCSPReq.java deleted file mode 100644 index 7e50621a..00000000 --- a/prov/src/main/java/org/bouncycastle/ocsp/OCSPReq.java +++ /dev/null @@ -1,417 +0,0 @@ -package org.bouncycastle.ocsp; - -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.security.InvalidAlgorithmParameterException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PublicKey; -import java.security.Signature; -import java.security.cert.CertStore; -import java.security.cert.CertStoreParameters; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.security.cert.CollectionCertStoreParameters; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Enumeration; -import java.util.HashSet; -import java.util.List; -import java.util.Set; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OutputStream; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ocsp.OCSPRequest; -import org.bouncycastle.asn1.ocsp.Request; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.X509Extension; -import org.bouncycastle.asn1.x509.X509Extensions; - -/** - * <pre> - * OCSPRequest ::= SEQUENCE { - * tbsRequest TBSRequest, - * optionalSignature [0] EXPLICIT Signature OPTIONAL } - * - * TBSRequest ::= SEQUENCE { - * version [0] EXPLICIT Version DEFAULT v1, - * requestorName [1] EXPLICIT GeneralName OPTIONAL, - * requestList SEQUENCE OF Request, - * requestExtensions [2] EXPLICIT Extensions OPTIONAL } - * - * Signature ::= SEQUENCE { - * signatureAlgorithm AlgorithmIdentifier, - * signature BIT STRING, - * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL} - * - * Version ::= INTEGER { v1(0) } - * - * Request ::= SEQUENCE { - * reqCert CertID, - * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } - * - * CertID ::= SEQUENCE { - * hashAlgorithm AlgorithmIdentifier, - * issuerNameHash OCTET STRING, -- Hash of Issuer's DN - * issuerKeyHash OCTET STRING, -- Hash of Issuers public key - * serialNumber CertificateSerialNumber } - * </pre> - * - * @deprecated use classes in org.bouncycastle.cert.ocsp. - */ -public class OCSPReq - implements java.security.cert.X509Extension -{ - private OCSPRequest req; - - public OCSPReq( - OCSPRequest req) - { - this.req = req; - } - - public OCSPReq( - byte[] req) - throws IOException - { - this(new ASN1InputStream(req)); - } - - public OCSPReq( - InputStream in) - throws IOException - { - this(new ASN1InputStream(in)); - } - - private OCSPReq( - ASN1InputStream aIn) - throws IOException - { - try - { - this.req = OCSPRequest.getInstance(aIn.readObject()); - } - catch (IllegalArgumentException e) - { - throw new IOException("malformed request: " + e.getMessage()); - } - catch (ClassCastException e) - { - throw new IOException("malformed request: " + e.getMessage()); - } - } - - /** - * Return the DER encoding of the tbsRequest field. - * @return DER encoding of tbsRequest - * @throws OCSPException in the event of an encoding error. - */ - public byte[] getTBSRequest() - throws OCSPException - { - try - { - return req.getTbsRequest().getEncoded(); - } - catch (IOException e) - { - throw new OCSPException("problem encoding tbsRequest", e); - } - } - - public int getVersion() - { - return req.getTbsRequest().getVersion().getValue().intValue() + 1; - } - - public GeneralName getRequestorName() - { - return GeneralName.getInstance(req.getTbsRequest().getRequestorName()); - } - - public Req[] getRequestList() - { - ASN1Sequence seq = req.getTbsRequest().getRequestList(); - Req[] requests = new Req[seq.size()]; - - for (int i = 0; i != requests.length; i++) - { - requests[i] = new Req(Request.getInstance(seq.getObjectAt(i))); - } - - return requests; - } - - public X509Extensions getRequestExtensions() - { - return X509Extensions.getInstance(req.getTbsRequest().getRequestExtensions()); - } - - /** - * return the object identifier representing the signature algorithm - */ - public String getSignatureAlgOID() - { - if (!this.isSigned()) - { - return null; - } - - return req.getOptionalSignature().getSignatureAlgorithm().getObjectId().getId(); - } - - public byte[] getSignature() - { - if (!this.isSigned()) - { - return null; - } - - return req.getOptionalSignature().getSignature().getBytes(); - } - - private List getCertList( - String provider) - throws OCSPException, NoSuchProviderException - { - List certs = new ArrayList(); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - ASN1OutputStream aOut = new ASN1OutputStream(bOut); - CertificateFactory cf; - - try - { - cf = OCSPUtil.createX509CertificateFactory(provider); - } - catch (CertificateException ex) - { - throw new OCSPException("can't get certificate factory.", ex); - } - - // - // load the certificates if we have any - // - ASN1Sequence s = req.getOptionalSignature().getCerts(); - - if (s != null) - { - Enumeration e = s.getObjects(); - - while (e.hasMoreElements()) - { - try - { - aOut.writeObject((ASN1Encodable)e.nextElement()); - - certs.add(cf.generateCertificate( - new ByteArrayInputStream(bOut.toByteArray()))); - } - catch (IOException ex) - { - throw new OCSPException( - "can't re-encode certificate!", ex); - } - catch (CertificateException ex) - { - throw new OCSPException( - "can't re-encode certificate!", ex); - } - - bOut.reset(); - } - } - - return certs; - } - - public X509Certificate[] getCerts( - String provider) - throws OCSPException, NoSuchProviderException - { - if (!this.isSigned()) - { - return null; - } - - List certs = this.getCertList(provider); - - return (X509Certificate[])certs.toArray(new X509Certificate[certs.size()]); - } - - /** - * If the request is signed return a possibly empty CertStore containing the certificates in the - * request. If the request is not signed the method returns null. - * - * @param type type of CertStore to return - * @param provider provider to use - * @return null if not signed, a CertStore otherwise - * @throws NoSuchAlgorithmException - * @throws NoSuchProviderException - * @throws OCSPException - */ - public CertStore getCertificates( - String type, - String provider) - throws NoSuchAlgorithmException, NoSuchProviderException, OCSPException - { - if (!this.isSigned()) - { - return null; - } - - try - { - CertStoreParameters params = new CollectionCertStoreParameters(this.getCertList(provider)); - return OCSPUtil.createCertStoreInstance(type, params, provider); - } - catch (InvalidAlgorithmParameterException e) - { - throw new OCSPException("can't setup the CertStore", e); - } - } - - /** - * Return whether or not this request is signed. - * - * @return true if signed false otherwise. - */ - public boolean isSigned() - { - return req.getOptionalSignature() != null; - } - - /** - * verify the signature against the TBSRequest object we contain. - */ - public boolean verify( - PublicKey key, - String sigProvider) - throws OCSPException, NoSuchProviderException - { - if (!this.isSigned()) - { - throw new OCSPException("attempt to verify signature on unsigned object"); - } - - try - { - Signature signature = OCSPUtil.createSignatureInstance(this.getSignatureAlgOID(), sigProvider); - - signature.initVerify(key); - - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - ASN1OutputStream aOut = new ASN1OutputStream(bOut); - - aOut.writeObject(req.getTbsRequest()); - - signature.update(bOut.toByteArray()); - - return signature.verify(this.getSignature()); - } - catch (NoSuchProviderException e) - { - // TODO Why this special case? - throw e; - } - catch (Exception e) - { - throw new OCSPException("exception processing sig: " + e, e); - } - } - - /** - * return the ASN.1 encoded representation of this object. - */ - public byte[] getEncoded() - throws IOException - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - ASN1OutputStream aOut = new ASN1OutputStream(bOut); - - aOut.writeObject(req); - - return bOut.toByteArray(); - } - - /** - * RFC 2650 doesn't specify any critical extensions so we return true - * if any are encountered. - * - * @return true if any critical extensions are present. - */ - public boolean hasUnsupportedCriticalExtension() - { - Set extns = getCriticalExtensionOIDs(); - if (extns != null && !extns.isEmpty()) - { - return true; - } - - return false; - } - - private Set getExtensionOIDs(boolean critical) - { - Set set = new HashSet(); - X509Extensions extensions = this.getRequestExtensions(); - - if (extensions != null) - { - Enumeration e = extensions.oids(); - - while (e.hasMoreElements()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); - X509Extension ext = extensions.getExtension(oid); - - if (critical == ext.isCritical()) - { - set.add(oid.getId()); - } - } - } - - return set; - } - - public Set getCriticalExtensionOIDs() - { - return getExtensionOIDs(true); - } - - public Set getNonCriticalExtensionOIDs() - { - return getExtensionOIDs(false); - } - - public byte[] getExtensionValue(String oid) - { - X509Extensions exts = this.getRequestExtensions(); - - if (exts != null) - { - X509Extension ext = exts.getExtension(new ASN1ObjectIdentifier(oid)); - - if (ext != null) - { - try - { - return ext.getValue().getEncoded(ASN1Encoding.DER); - } - catch (Exception e) - { - throw new RuntimeException("error encoding " + e.toString()); - } - } - } - - return null; - } -} diff --git a/prov/src/main/java/org/bouncycastle/ocsp/OCSPReqGenerator.java b/prov/src/main/java/org/bouncycastle/ocsp/OCSPReqGenerator.java deleted file mode 100644 index 0e01e8ec..00000000 --- a/prov/src/main/java/org/bouncycastle/ocsp/OCSPReqGenerator.java +++ /dev/null @@ -1,294 +0,0 @@ -package org.bouncycastle.ocsp; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.security.GeneralSecurityException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.SecureRandom; -import java.security.cert.CertificateEncodingException; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Iterator; -import java.util.List; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OutputStream; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.ocsp.OCSPRequest; -import org.bouncycastle.asn1.ocsp.Request; -import org.bouncycastle.asn1.ocsp.Signature; -import org.bouncycastle.asn1.ocsp.TBSRequest; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.Extensions; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.X509CertificateStructure; -import org.bouncycastle.asn1.x509.X509Extensions; -import org.bouncycastle.jce.X509Principal; - -/** - * @deprecated use classes in org.bouncycastle.cert.ocsp. - */ -public class OCSPReqGenerator -{ - private List list = new ArrayList(); - private GeneralName requestorName = null; - private X509Extensions requestExtensions = null; - - private class RequestObject - { - CertificateID certId; - X509Extensions extensions; - - public RequestObject( - CertificateID certId, - X509Extensions extensions) - { - this.certId = certId; - this.extensions = extensions; - } - - public Request toRequest() - throws Exception - { - return new Request(certId.toASN1Object(), Extensions.getInstance(extensions)); - } - } - - /** - * Add a request for the given CertificateID. - * - * @param certId certificate ID of interest - */ - public void addRequest( - CertificateID certId) - { - list.add(new RequestObject(certId, null)); - } - - /** - * Add a request with extensions - * - * @param certId certificate ID of interest - * @param singleRequestExtensions the extensions to attach to the request - */ - public void addRequest( - CertificateID certId, - X509Extensions singleRequestExtensions) - { - list.add(new RequestObject(certId, singleRequestExtensions)); - } - - /** - * Set the requestor name to the passed in X500Principal - * - * @param requestorName a X500Principal representing the requestor name. - */ - public void setRequestorName( - X500Principal requestorName) - { - try - { - this.requestorName = new GeneralName(GeneralName.directoryName, new X509Principal(requestorName.getEncoded())); - } - catch (IOException e) - { - throw new IllegalArgumentException("cannot encode principal: " + e); - } - } - - public void setRequestorName( - GeneralName requestorName) - { - this.requestorName = requestorName; - } - - public void setRequestExtensions( - X509Extensions requestExtensions) - { - this.requestExtensions = requestExtensions; - } - - private OCSPReq generateRequest( - ASN1ObjectIdentifier signingAlgorithm, - PrivateKey key, - X509Certificate[] chain, - String provider, - SecureRandom random) - throws OCSPException, NoSuchProviderException - { - Iterator it = list.iterator(); - - ASN1EncodableVector requests = new ASN1EncodableVector(); - - while (it.hasNext()) - { - try - { - requests.add(((RequestObject)it.next()).toRequest()); - } - catch (Exception e) - { - throw new OCSPException("exception creating Request", e); - } - } - - TBSRequest tbsReq = new TBSRequest(requestorName, new DERSequence(requests), requestExtensions); - - java.security.Signature sig = null; - Signature signature = null; - - if (signingAlgorithm != null) - { - if (requestorName == null) - { - throw new OCSPException("requestorName must be specified if request is signed."); - } - - try - { - sig = OCSPUtil.createSignatureInstance(signingAlgorithm.getId(), provider); - if (random != null) - { - sig.initSign(key, random); - } - else - { - sig.initSign(key); - } - } - catch (NoSuchProviderException e) - { - // TODO Why this special case? - throw e; - } - catch (GeneralSecurityException e) - { - throw new OCSPException("exception creating signature: " + e, e); - } - - DERBitString bitSig = null; - - try - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - ASN1OutputStream aOut = new ASN1OutputStream(bOut); - - aOut.writeObject(tbsReq); - - sig.update(bOut.toByteArray()); - - bitSig = new DERBitString(sig.sign()); - } - catch (Exception e) - { - throw new OCSPException("exception processing TBSRequest: " + e, e); - } - - AlgorithmIdentifier sigAlgId = new AlgorithmIdentifier(signingAlgorithm, DERNull.INSTANCE); - - if (chain != null && chain.length > 0) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - try - { - for (int i = 0; i != chain.length; i++) - { - v.add(new X509CertificateStructure( - (ASN1Sequence)ASN1Primitive.fromByteArray(chain[i].getEncoded()))); - } - } - catch (IOException e) - { - throw new OCSPException("error processing certs", e); - } - catch (CertificateEncodingException e) - { - throw new OCSPException("error encoding certs", e); - } - - signature = new Signature(sigAlgId, bitSig, new DERSequence(v)); - } - else - { - signature = new Signature(sigAlgId, bitSig); - } - } - - return new OCSPReq(new OCSPRequest(tbsReq, signature)); - } - - /** - * Generate an unsigned request - * - * @return the OCSPReq - * @throws OCSPException - */ - public OCSPReq generate() - throws OCSPException - { - try - { - return generateRequest(null, null, null, null, null); - } - catch (NoSuchProviderException e) - { - // - // this shouldn't happen but... - // - throw new OCSPException("no provider! - " + e, e); - } - } - - public OCSPReq generate( - String signingAlgorithm, - PrivateKey key, - X509Certificate[] chain, - String provider) - throws OCSPException, NoSuchProviderException, IllegalArgumentException - { - return generate(signingAlgorithm, key, chain, provider, null); - } - - public OCSPReq generate( - String signingAlgorithm, - PrivateKey key, - X509Certificate[] chain, - String provider, - SecureRandom random) - throws OCSPException, NoSuchProviderException, IllegalArgumentException - { - if (signingAlgorithm == null) - { - throw new IllegalArgumentException("no signing algorithm specified"); - } - - try - { - ASN1ObjectIdentifier oid = OCSPUtil.getAlgorithmOID(signingAlgorithm); - - return generateRequest(oid, key, chain, provider, random); - } - catch (IllegalArgumentException e) - { - throw new IllegalArgumentException("unknown signing algorithm specified: " + signingAlgorithm); - } - } - - /** - * Return an iterator of the signature names supported by the generator. - * - * @return an iterator containing recognised names. - */ - public Iterator getSignatureAlgNames() - { - return OCSPUtil.getAlgNames(); - } -} diff --git a/prov/src/main/java/org/bouncycastle/ocsp/OCSPResp.java b/prov/src/main/java/org/bouncycastle/ocsp/OCSPResp.java deleted file mode 100644 index 3ec61cde..00000000 --- a/prov/src/main/java/org/bouncycastle/ocsp/OCSPResp.java +++ /dev/null @@ -1,128 +0,0 @@ -package org.bouncycastle.ocsp; - -import java.io.IOException; -import java.io.InputStream; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ocsp.BasicOCSPResponse; -import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers; -import org.bouncycastle.asn1.ocsp.OCSPResponse; -import org.bouncycastle.asn1.ocsp.ResponseBytes; - -/** - * @deprecated use classes in org.bouncycastle.cert.ocsp. - */ -public class OCSPResp -{ - private OCSPResponse resp; - - /** - * @deprecated use classes in org.bouncycastle.cert.ocsp. - */ - public OCSPResp( - OCSPResponse resp) - { - this.resp = resp; - } - - /** - * @deprecated use classes in org.bouncycastle.cert.ocsp. - */ - public OCSPResp( - byte[] resp) - throws IOException - { - this(new ASN1InputStream(resp)); - } - - /** - * @deprecated use classes in org.bouncycastle.cert.ocsp. - */ - public OCSPResp( - InputStream in) - throws IOException - { - this(new ASN1InputStream(in)); - } - - private OCSPResp( - ASN1InputStream aIn) - throws IOException - { - try - { - this.resp = OCSPResponse.getInstance(aIn.readObject()); - } - catch (IllegalArgumentException e) - { - throw new IOException("malformed response: " + e.getMessage()); - } - catch (ClassCastException e) - { - throw new IOException("malformed response: " + e.getMessage()); - } - } - - public int getStatus() - { - return this.resp.getResponseStatus().getValue().intValue(); - } - - public Object getResponseObject() - throws OCSPException - { - ResponseBytes rb = this.resp.getResponseBytes(); - - if (rb == null) - { - return null; - } - - if (rb.getResponseType().equals(OCSPObjectIdentifiers.id_pkix_ocsp_basic)) - { - try - { - ASN1Primitive obj = ASN1Primitive.fromByteArray(rb.getResponse().getOctets()); - return new BasicOCSPResp(BasicOCSPResponse.getInstance(obj)); - } - catch (Exception e) - { - throw new OCSPException("problem decoding object: " + e, e); - } - } - - return rb.getResponse(); - } - - /** - * return the ASN.1 encoded representation of this object. - */ - public byte[] getEncoded() - throws IOException - { - return resp.getEncoded(); - } - - public boolean equals(Object o) - { - if (o == this) - { - return true; - } - - if (!(o instanceof OCSPResp)) - { - return false; - } - - OCSPResp r = (OCSPResp)o; - - return resp.equals(r.resp); - } - - public int hashCode() - { - return resp.hashCode(); - } -} diff --git a/prov/src/main/java/org/bouncycastle/ocsp/OCSPRespGenerator.java b/prov/src/main/java/org/bouncycastle/ocsp/OCSPRespGenerator.java deleted file mode 100644 index 1437ea87..00000000 --- a/prov/src/main/java/org/bouncycastle/ocsp/OCSPRespGenerator.java +++ /dev/null @@ -1,60 +0,0 @@ -package org.bouncycastle.ocsp; - -import java.io.IOException; - -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers; -import org.bouncycastle.asn1.ocsp.OCSPResponse; -import org.bouncycastle.asn1.ocsp.OCSPResponseStatus; -import org.bouncycastle.asn1.ocsp.ResponseBytes; - -/** - * base generator for an OCSP response - at the moment this only supports the - * generation of responses containing BasicOCSP responses. - * - * @deprecated use classes in org.bouncycastle.cert.ocsp. - */ -public class OCSPRespGenerator -{ - public static final int SUCCESSFUL = 0; // Response has valid confirmations - public static final int MALFORMED_REQUEST = 1; // Illegal confirmation request - public static final int INTERNAL_ERROR = 2; // Internal error in issuer - public static final int TRY_LATER = 3; // Try again later - // (4) is not used - public static final int SIG_REQUIRED = 5; // Must sign the request - public static final int UNAUTHORIZED = 6; // Request unauthorized - - public OCSPResp generate( - int status, - Object response) - throws OCSPException - { - if (response == null) - { - return new OCSPResp(new OCSPResponse(new OCSPResponseStatus(status),null)); - } - if (response instanceof BasicOCSPResp) - { - BasicOCSPResp r = (BasicOCSPResp)response; - ASN1OctetString octs; - - try - { - octs = new DEROctetString(r.getEncoded()); - } - catch (IOException e) - { - throw new OCSPException("can't encode object.", e); - } - - ResponseBytes rb = new ResponseBytes( - OCSPObjectIdentifiers.id_pkix_ocsp_basic, octs); - - return new OCSPResp(new OCSPResponse( - new OCSPResponseStatus(status), rb)); - } - - throw new OCSPException("unknown response object"); - } -} diff --git a/prov/src/main/java/org/bouncycastle/ocsp/OCSPRespStatus.java b/prov/src/main/java/org/bouncycastle/ocsp/OCSPRespStatus.java deleted file mode 100644 index f58000d9..00000000 --- a/prov/src/main/java/org/bouncycastle/ocsp/OCSPRespStatus.java +++ /dev/null @@ -1,14 +0,0 @@ -package org.bouncycastle.ocsp; - -public interface OCSPRespStatus -{ - /** - * note 4 is not used. - */ - public static final int SUCCESSFUL = 0; // --Response has valid confirmations - public static final int MALFORMED_REQUEST = 1; // --Illegal confirmation request - public static final int INTERNAL_ERROR = 2; // --Internal error in issuer - public static final int TRY_LATER = 3; // --Try again later - public static final int SIGREQUIRED = 5; // --Must sign the request - public static final int UNAUTHORIZED = 6; // --Request unauthorized -} diff --git a/prov/src/main/java/org/bouncycastle/ocsp/OCSPUtil.java b/prov/src/main/java/org/bouncycastle/ocsp/OCSPUtil.java deleted file mode 100644 index 4f0c5efc..00000000 --- a/prov/src/main/java/org/bouncycastle/ocsp/OCSPUtil.java +++ /dev/null @@ -1,198 +0,0 @@ -package org.bouncycastle.ocsp; - -import java.security.InvalidAlgorithmParameterException; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.Signature; -import java.security.cert.CertStore; -import java.security.cert.CertStoreParameters; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.util.ArrayList; -import java.util.Enumeration; -import java.util.HashSet; -import java.util.Hashtable; -import java.util.Iterator; -import java.util.List; -import java.util.Set; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.util.Strings; - -class OCSPUtil -{ - private static Hashtable algorithms = new Hashtable(); - private static Hashtable oids = new Hashtable(); - private static Set noParams = new HashSet(); - - static - { - algorithms.put("MD2WITHRSAENCRYPTION", PKCSObjectIdentifiers.md2WithRSAEncryption); - algorithms.put("MD2WITHRSA", PKCSObjectIdentifiers.md2WithRSAEncryption); - algorithms.put("MD5WITHRSAENCRYPTION", PKCSObjectIdentifiers.md5WithRSAEncryption); - algorithms.put("MD5WITHRSA", PKCSObjectIdentifiers.md5WithRSAEncryption); - algorithms.put("SHA1WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha1WithRSAEncryption); - algorithms.put("SHA1WITHRSA", PKCSObjectIdentifiers.sha1WithRSAEncryption); - algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption); - algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption); - algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption); - algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption); - algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption); - algorithms.put("SHA384WITHRSA", PKCSObjectIdentifiers.sha384WithRSAEncryption); - algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption); - algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption); - algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); - algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); - algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); - algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); - algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); - algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); - algorithms.put("SHA1WITHDSA", X9ObjectIdentifiers.id_dsa_with_sha1); - algorithms.put("DSAWITHSHA1", X9ObjectIdentifiers.id_dsa_with_sha1); - algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224); - algorithms.put("SHA256WITHDSA", NISTObjectIdentifiers.dsa_with_sha256); - algorithms.put("SHA1WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1); - algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1); - algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224); - algorithms.put("SHA256WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256); - algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384); - algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512); - algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); - algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); - - oids.put(PKCSObjectIdentifiers.md2WithRSAEncryption, "MD2WITHRSA"); - oids.put(PKCSObjectIdentifiers.md5WithRSAEncryption, "MD5WITHRSA"); - oids.put(PKCSObjectIdentifiers.sha1WithRSAEncryption, "SHA1WITHRSA"); - oids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224WITHRSA"); - oids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256WITHRSA"); - oids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384WITHRSA"); - oids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512WITHRSA"); - oids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160, "RIPEMD160WITHRSA"); - oids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128, "RIPEMD128WITHRSA"); - oids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256, "RIPEMD256WITHRSA"); - oids.put(X9ObjectIdentifiers.id_dsa_with_sha1, "SHA1WITHDSA"); - oids.put(NISTObjectIdentifiers.dsa_with_sha224, "SHA224WITHDSA"); - oids.put(NISTObjectIdentifiers.dsa_with_sha256, "SHA256WITHDSA"); - oids.put(X9ObjectIdentifiers.ecdsa_with_SHA1, "SHA1WITHECDSA"); - oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA"); - oids.put(X9ObjectIdentifiers.ecdsa_with_SHA256, "SHA256WITHECDSA"); - oids.put(X9ObjectIdentifiers.ecdsa_with_SHA384, "SHA384WITHECDSA"); - oids.put(X9ObjectIdentifiers.ecdsa_with_SHA512, "SHA512WITHECDSA"); - oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410"); - - // - // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field. - // The parameters field SHALL be NULL for RSA based signature algorithms. - // - noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA1); - noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224); - noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA256); - noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA384); - noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA512); - noParams.add(X9ObjectIdentifiers.id_dsa_with_sha1); - noParams.add(NISTObjectIdentifiers.dsa_with_sha224); - noParams.add(NISTObjectIdentifiers.dsa_with_sha256); - } - - static ASN1ObjectIdentifier getAlgorithmOID( - String algorithmName) - { - algorithmName = Strings.toUpperCase(algorithmName); - - if (algorithms.containsKey(algorithmName)) - { - return (ASN1ObjectIdentifier)algorithms.get(algorithmName); - } - - return new ASN1ObjectIdentifier(algorithmName); - } - - static String getAlgorithmName( - ASN1ObjectIdentifier oid) - { - if (oids.containsKey(oid)) - { - return (String)oids.get(oid); - } - - return oid.getId(); - } - - static AlgorithmIdentifier getSigAlgID( - ASN1ObjectIdentifier sigOid) - { - if (noParams.contains(sigOid)) - { - return new AlgorithmIdentifier(sigOid); - } - else - { - return new AlgorithmIdentifier(sigOid, DERNull.INSTANCE); - } - } - - static Iterator getAlgNames() - { - Enumeration e = algorithms.keys(); - List l = new ArrayList(); - - while (e.hasMoreElements()) - { - l.add(e.nextElement()); - } - - return l.iterator(); - } - - static CertStore createCertStoreInstance(String type, CertStoreParameters params, String provider) - throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException - { - if (provider == null) - { - return CertStore.getInstance(type, params); - } - - return CertStore.getInstance(type, params, provider); - } - - static MessageDigest createDigestInstance(String digestName, String provider) - throws NoSuchAlgorithmException, NoSuchProviderException - { - if (provider == null) - { - return MessageDigest.getInstance(digestName); - } - - return MessageDigest.getInstance(digestName, provider); - } - - static Signature createSignatureInstance(String sigName, String provider) - throws NoSuchAlgorithmException, NoSuchProviderException - { - if (provider == null) - { - return Signature.getInstance(sigName); - } - - return Signature.getInstance(sigName, provider); - } - - static CertificateFactory createX509CertificateFactory(String provider) - throws CertificateException, NoSuchProviderException - { - if (provider == null) - { - return CertificateFactory.getInstance("X.509"); - } - - return CertificateFactory.getInstance("X.509", provider); - } -} diff --git a/prov/src/main/java/org/bouncycastle/ocsp/Req.java b/prov/src/main/java/org/bouncycastle/ocsp/Req.java deleted file mode 100644 index c5f472a5..00000000 --- a/prov/src/main/java/org/bouncycastle/ocsp/Req.java +++ /dev/null @@ -1,108 +0,0 @@ -package org.bouncycastle.ocsp; - -import java.util.Enumeration; -import java.util.HashSet; -import java.util.Set; - -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ocsp.Request; -import org.bouncycastle.asn1.x509.X509Extension; -import org.bouncycastle.asn1.x509.X509Extensions; - -public class Req - implements java.security.cert.X509Extension -{ - private Request req; - - public Req( - Request req) - { - this.req = req; - } - - public CertificateID getCertID() - { - return new CertificateID(req.getReqCert()); - } - - public X509Extensions getSingleRequestExtensions() - { - return X509Extensions.getInstance(req.getSingleRequestExtensions()); - } - - /** - * RFC 2650 doesn't specify any critical extensions so we return true - * if any are encountered. - * - * @return true if any critical extensions are present. - */ - public boolean hasUnsupportedCriticalExtension() - { - Set extns = getCriticalExtensionOIDs(); - if (extns != null && !extns.isEmpty()) - { - return true; - } - - return false; - } - - private Set getExtensionOIDs(boolean critical) - { - Set set = new HashSet(); - X509Extensions extensions = this.getSingleRequestExtensions(); - - if (extensions != null) - { - Enumeration e = extensions.oids(); - - while (e.hasMoreElements()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); - X509Extension ext = extensions.getExtension(oid); - - if (critical == ext.isCritical()) - { - set.add(oid.getId()); - } - } - } - - return set; - } - - public Set getCriticalExtensionOIDs() - { - return getExtensionOIDs(true); - } - - public Set getNonCriticalExtensionOIDs() - { - return getExtensionOIDs(false); - } - - public byte[] getExtensionValue(String oid) - { - X509Extensions exts = this.getSingleRequestExtensions(); - - if (exts != null) - { - X509Extension ext = exts.getExtension(new ASN1ObjectIdentifier(oid)); - - if (ext != null) - { - try - { - return ext.getValue().getEncoded(ASN1Encoding.DER); - } - catch (Exception e) - { - throw new RuntimeException("error encoding " + e.toString()); - } - } - } - - return null; - } -} diff --git a/prov/src/main/java/org/bouncycastle/ocsp/RespData.java b/prov/src/main/java/org/bouncycastle/ocsp/RespData.java deleted file mode 100644 index 4b973bbd..00000000 --- a/prov/src/main/java/org/bouncycastle/ocsp/RespData.java +++ /dev/null @@ -1,142 +0,0 @@ -package org.bouncycastle.ocsp; - -import java.text.ParseException; -import java.util.Date; -import java.util.Enumeration; -import java.util.HashSet; -import java.util.Set; - -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ocsp.ResponseData; -import org.bouncycastle.asn1.ocsp.SingleResponse; -import org.bouncycastle.asn1.x509.X509Extension; -import org.bouncycastle.asn1.x509.X509Extensions; - -public class RespData - implements java.security.cert.X509Extension -{ - ResponseData data; - - public RespData( - ResponseData data) - { - this.data = data; - } - - public int getVersion() - { - return data.getVersion().getValue().intValue() + 1; - } - - public RespID getResponderId() - { - return new RespID(data.getResponderID()); - } - - public Date getProducedAt() - { - try - { - return data.getProducedAt().getDate(); - } - catch (ParseException e) - { - throw new IllegalStateException("ParseException:" + e.getMessage()); - } - } - - public SingleResp[] getResponses() - { - ASN1Sequence s = data.getResponses(); - SingleResp[] rs = new SingleResp[s.size()]; - - for (int i = 0; i != rs.length; i++) - { - rs[i] = new SingleResp(SingleResponse.getInstance(s.getObjectAt(i))); - } - - return rs; - } - - public X509Extensions getResponseExtensions() - { - return X509Extensions.getInstance(data.getResponseExtensions()); - } - - /** - * RFC 2650 doesn't specify any critical extensions so we return true - * if any are encountered. - * - * @return true if any critical extensions are present. - */ - public boolean hasUnsupportedCriticalExtension() - { - Set extns = getCriticalExtensionOIDs(); - if (extns != null && !extns.isEmpty()) - { - return true; - } - - return false; - } - - private Set getExtensionOIDs(boolean critical) - { - Set set = new HashSet(); - X509Extensions extensions = this.getResponseExtensions(); - - if (extensions != null) - { - Enumeration e = extensions.oids(); - - while (e.hasMoreElements()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); - X509Extension ext = extensions.getExtension(oid); - - if (critical == ext.isCritical()) - { - set.add(oid.getId()); - } - } - } - - return set; - } - - public Set getCriticalExtensionOIDs() - { - return getExtensionOIDs(true); - } - - public Set getNonCriticalExtensionOIDs() - { - return getExtensionOIDs(false); - } - - public byte[] getExtensionValue(String oid) - { - X509Extensions exts = this.getResponseExtensions(); - - if (exts != null) - { - X509Extension ext = exts.getExtension(new ASN1ObjectIdentifier(oid)); - - if (ext != null) - { - try - { - return ext.getValue().getEncoded(ASN1Encoding.DER); - } - catch (Exception e) - { - throw new RuntimeException("error encoding " + e.toString()); - } - } - } - - return null; - } -} diff --git a/prov/src/main/java/org/bouncycastle/ocsp/RespID.java b/prov/src/main/java/org/bouncycastle/ocsp/RespID.java deleted file mode 100644 index 631086c6..00000000 --- a/prov/src/main/java/org/bouncycastle/ocsp/RespID.java +++ /dev/null @@ -1,80 +0,0 @@ -package org.bouncycastle.ocsp; - -import java.security.MessageDigest; -import java.security.PublicKey; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.ocsp.ResponderID; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; - -/** - * Carrier for a ResponderID. - */ -public class RespID -{ - ResponderID id; - - public RespID( - ResponderID id) - { - this.id = id; - } - - public RespID( - X500Principal name) - { - this.id = new ResponderID(X500Name.getInstance(name.getEncoded())); - } - - public RespID( - PublicKey key) - throws OCSPException - { - try - { - // TODO Allow specification of a particular provider - MessageDigest digest = OCSPUtil.createDigestInstance("SHA1", null); - - ASN1InputStream aIn = new ASN1InputStream(key.getEncoded()); - SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(aIn.readObject()); - - digest.update(info.getPublicKeyData().getBytes()); - - ASN1OctetString keyHash = new DEROctetString(digest.digest()); - - this.id = new ResponderID(keyHash); - } - catch (Exception e) - { - throw new OCSPException("problem creating ID: " + e, e); - } - } - - public ResponderID toASN1Object() - { - return id; - } - - public boolean equals( - Object o) - { - if (!(o instanceof RespID)) - { - return false; - } - - RespID obj = (RespID)o; - - return id.equals(obj.id); - } - - public int hashCode() - { - return id.hashCode(); - } -} diff --git a/prov/src/main/java/org/bouncycastle/ocsp/RevokedStatus.java b/prov/src/main/java/org/bouncycastle/ocsp/RevokedStatus.java deleted file mode 100644 index 004cade1..00000000 --- a/prov/src/main/java/org/bouncycastle/ocsp/RevokedStatus.java +++ /dev/null @@ -1,63 +0,0 @@ -package org.bouncycastle.ocsp; - -import java.text.ParseException; -import java.util.Date; - -import org.bouncycastle.asn1.ASN1GeneralizedTime; -import org.bouncycastle.asn1.ocsp.RevokedInfo; -import org.bouncycastle.asn1.x509.CRLReason; - -/** - * wrapper for the RevokedInfo object - */ -public class RevokedStatus - implements CertificateStatus -{ - RevokedInfo info; - - public RevokedStatus( - RevokedInfo info) - { - this.info = info; - } - - public RevokedStatus( - Date revocationDate, - int reason) - { - this.info = new RevokedInfo(new ASN1GeneralizedTime(revocationDate), CRLReason.lookup(reason)); - } - - public Date getRevocationTime() - { - try - { - return info.getRevocationTime().getDate(); - } - catch (ParseException e) - { - throw new IllegalStateException("ParseException:" + e.getMessage()); - } - } - - public boolean hasRevocationReason() - { - return (info.getRevocationReason() != null); - } - - /** - * return the revocation reason. Note: this field is optional, test for it - * with hasRevocationReason() first. - * @return the revocation reason value. - * @exception IllegalStateException if a reason is asked for and none is avaliable - */ - public int getRevocationReason() - { - if (info.getRevocationReason() == null) - { - throw new IllegalStateException("attempt to get a reason where none is available"); - } - - return info.getRevocationReason().getValue().intValue(); - } -} diff --git a/prov/src/main/java/org/bouncycastle/ocsp/SingleResp.java b/prov/src/main/java/org/bouncycastle/ocsp/SingleResp.java deleted file mode 100644 index da640923..00000000 --- a/prov/src/main/java/org/bouncycastle/ocsp/SingleResp.java +++ /dev/null @@ -1,164 +0,0 @@ -package org.bouncycastle.ocsp; - -import java.text.ParseException; -import java.util.Date; -import java.util.Enumeration; -import java.util.HashSet; -import java.util.Set; - -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ocsp.CertStatus; -import org.bouncycastle.asn1.ocsp.RevokedInfo; -import org.bouncycastle.asn1.ocsp.SingleResponse; -import org.bouncycastle.asn1.x509.X509Extension; -import org.bouncycastle.asn1.x509.X509Extensions; - -public class SingleResp - implements java.security.cert.X509Extension -{ - SingleResponse resp; - - public SingleResp( - SingleResponse resp) - { - this.resp = resp; - } - - public CertificateID getCertID() - { - return new CertificateID(resp.getCertID()); - } - - /** - * Return the status object for the response - null indicates good. - * - * @return the status object for the response, null if it is good. - */ - public Object getCertStatus() - { - CertStatus s = resp.getCertStatus(); - - if (s.getTagNo() == 0) - { - return null; // good - } - else if (s.getTagNo() == 1) - { - return new RevokedStatus(RevokedInfo.getInstance(s.getStatus())); - } - - return new UnknownStatus(); - } - - public Date getThisUpdate() - { - try - { - return resp.getThisUpdate().getDate(); - } - catch (ParseException e) - { - throw new IllegalStateException("ParseException: " + e.getMessage()); - } - } - - /** - * return the NextUpdate value - note: this is an optional field so may - * be returned as null. - * - * @return nextUpdate, or null if not present. - */ - public Date getNextUpdate() - { - if (resp.getNextUpdate() == null) - { - return null; - } - - try - { - return resp.getNextUpdate().getDate(); - } - catch (ParseException e) - { - throw new IllegalStateException("ParseException: " + e.getMessage()); - } - } - - public X509Extensions getSingleExtensions() - { - return X509Extensions.getInstance(resp.getSingleExtensions()); - } - - /** - * RFC 2650 doesn't specify any critical extensions so we return true - * if any are encountered. - * - * @return true if any critical extensions are present. - */ - public boolean hasUnsupportedCriticalExtension() - { - Set extns = getCriticalExtensionOIDs(); - - return extns != null && !extns.isEmpty(); - } - - private Set getExtensionOIDs(boolean critical) - { - Set set = new HashSet(); - X509Extensions extensions = this.getSingleExtensions(); - - if (extensions != null) - { - Enumeration e = extensions.oids(); - - while (e.hasMoreElements()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); - X509Extension ext = extensions.getExtension(oid); - - if (critical == ext.isCritical()) - { - set.add(oid.getId()); - } - } - } - - return set; - } - - public Set getCriticalExtensionOIDs() - { - return getExtensionOIDs(true); - } - - public Set getNonCriticalExtensionOIDs() - { - return getExtensionOIDs(false); - } - - public byte[] getExtensionValue(String oid) - { - X509Extensions exts = this.getSingleExtensions(); - - if (exts != null) - { - X509Extension ext = exts.getExtension(new ASN1ObjectIdentifier(oid)); - - if (ext != null) - { - try - { - return ext.getValue().getEncoded(ASN1Encoding.DER); - } - catch (Exception e) - { - throw new RuntimeException("error encoding " + e.toString()); - } - } - } - - return null; - } -} diff --git a/prov/src/main/java/org/bouncycastle/ocsp/UnknownStatus.java b/prov/src/main/java/org/bouncycastle/ocsp/UnknownStatus.java deleted file mode 100644 index cd041476..00000000 --- a/prov/src/main/java/org/bouncycastle/ocsp/UnknownStatus.java +++ /dev/null @@ -1,12 +0,0 @@ -package org.bouncycastle.ocsp; - -/** - * wrapper for the UnknownInfo object - */ -public class UnknownStatus - implements CertificateStatus -{ - public UnknownStatus() - { - } -} diff --git a/prov/src/test/java/org/bouncycastle/jce/provider/test/TestUtils.java b/prov/src/test/java/org/bouncycastle/jce/provider/test/TestUtils.java index bd4cfa64..4d57efe0 100644 --- a/prov/src/test/java/org/bouncycastle/jce/provider/test/TestUtils.java +++ b/prov/src/test/java/org/bouncycastle/jce/provider/test/TestUtils.java @@ -24,6 +24,7 @@ import org.bouncycastle.asn1.x509.BasicConstraints; import org.bouncycastle.asn1.x509.CRLNumber; import org.bouncycastle.asn1.x509.CRLReason; import org.bouncycastle.asn1.x509.KeyUsage; +import org.bouncycastle.asn1.x509.SubjectKeyIdentifier; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.asn1.x509.X509Extensions; import org.bouncycastle.crypto.Digest; @@ -34,7 +35,6 @@ import org.bouncycastle.x509.X509V1CertificateGenerator; import org.bouncycastle.x509.X509V2CRLGenerator; import org.bouncycastle.x509.X509V3CertificateGenerator; import org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure; -import org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure; /** * Test Utils @@ -84,7 +84,7 @@ class TestUtils certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert)); - certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(getDigest(SubjectPublicKeyInfo.getInstance(intKey.getEncoded())))); + certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(getDigest(SubjectPublicKeyInfo.getInstance(intKey.getEncoded())))); certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(0)); certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign)); @@ -105,7 +105,7 @@ class TestUtils certGen.setSignatureAlgorithm("SHA256WithRSAEncryption"); certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert)); - certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(getDigest(SubjectPublicKeyInfo.getInstance(entityKey.getEncoded())))); + certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(getDigest(SubjectPublicKeyInfo.getInstance(entityKey.getEncoded())))); certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false)); certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); |