diff options
Diffstat (limited to 'prov/src/main/java/org/bouncycastle')
369 files changed, 0 insertions, 73595 deletions
diff --git a/prov/src/main/java/org/bouncycastle/jcajce/io/CipherInputStream.java b/prov/src/main/java/org/bouncycastle/jcajce/io/CipherInputStream.java deleted file mode 100644 index 84291bab..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/io/CipherInputStream.java +++ /dev/null @@ -1,217 +0,0 @@ -package org.bouncycastle.jcajce.io; - -import java.io.FilterInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.security.GeneralSecurityException; - -import javax.crypto.BadPaddingException; -import javax.crypto.Cipher; -import javax.crypto.IllegalBlockSizeException; - -import org.bouncycastle.crypto.io.InvalidCipherTextIOException; - -/** - * A CipherInputStream is composed of an InputStream and a cipher so that read() methods return data - * that are read in from the underlying InputStream but have been additionally processed by the - * Cipher. The cipher must be fully initialized before being used by a CipherInputStream. - * <p/> - * For example, if the Cipher is initialized for decryption, the CipherInputStream will attempt to - * read in data and decrypt them, before returning the decrypted data. - * <p/> - * This is a reimplementation of {@link javax.crypto.CipherInputStream} that is safe for use with - * AEAD block ciphers, and does not silently catch {@link BadPaddingException} and - * {@link IllegalBlockSizeException} errors. Any errors that occur during {@link Cipher#doFinal() - * finalisation} are rethrown wrapped in an {@link InvalidCipherTextIOException}. - */ -public class CipherInputStream - extends FilterInputStream -{ - private final Cipher cipher; - private final byte[] inputBuffer = new byte[512]; - private boolean finalized = false; - private byte[] buf; - private int maxBuf; - private int bufOff; - - /** - * Constructs a CipherInputStream from an InputStream and an initialised Cipher. - */ - public CipherInputStream(InputStream input, Cipher cipher) - { - super(input); - this.cipher = cipher; - } - - /** - * Read data from underlying stream and process with cipher until end of stream or some data is - * available after cipher processing. - * - * @return -1 to indicate end of stream, or the number of bytes (> 0) available. - */ - private int nextChunk() - throws IOException - { - if (finalized) - { - return -1; - } - - bufOff = 0; - maxBuf = 0; - - // Keep reading until EOF or cipher processing produces data - while (maxBuf == 0) - { - int read = in.read(inputBuffer); - if (read == -1) - { - buf = finaliseCipher(); - if ((buf == null) || (buf.length == 0)) - { - return -1; - } - maxBuf = buf.length; - return maxBuf; - } - - buf = cipher.update(inputBuffer, 0, read); - if (buf != null) - { - maxBuf = buf.length; - } - } - return maxBuf; - } - - private byte[] finaliseCipher() - throws InvalidCipherTextIOException - { - try - { - finalized = true; - return cipher.doFinal(); - } - catch (GeneralSecurityException e) - { - throw new InvalidCipherTextIOException("Error finalising cipher", e); - } - } - - /** - * Reads data from the underlying stream and processes it with the cipher until the cipher - * outputs data, and returns the next available byte. - * <p/> - * If the underlying stream is exhausted by this call, the cipher will be finalised. - * - * @throws IOException if there was an error closing the input stream. - * @throws InvalidCipherTextIOException if the data read from the stream was invalid ciphertext - * (e.g. the cipher is an AEAD cipher and the ciphertext tag check fails). - */ - public int read() - throws IOException - { - if (bufOff >= maxBuf) - { - if (nextChunk() < 0) - { - return -1; - } - } - - return buf[bufOff++] & 0xff; - } - - /** - * Reads data from the underlying stream and processes it with the cipher until the cipher - * outputs data, and then returns up to <code>len</code> bytes in the provided array. - * <p/> - * If the underlying stream is exhausted by this call, the cipher will be finalised. - * - * @param b the buffer into which the data is read. - * @param off the start offset in the destination array <code>b</code> - * @param len the maximum number of bytes read. - * @return the total number of bytes read into the buffer, or <code>-1</code> if there is no - * more data because the end of the stream has been reached. - * @throws IOException if there was an error closing the input stream. - * @throws InvalidCipherTextIOException if the data read from the stream was invalid ciphertext - * (e.g. the cipher is an AEAD cipher and the ciphertext tag check fails). - */ - public int read(byte[] b, int off, int len) - throws IOException - { - if (bufOff >= maxBuf) - { - if (nextChunk() < 0) - { - return -1; - } - } - - int toSupply = Math.min(len, available()); - System.arraycopy(buf, bufOff, b, off, toSupply); - bufOff += toSupply; - return toSupply; - } - - public long skip(long n) - throws IOException - { - if (n <= 0) - { - return 0; - } - - int skip = (int)Math.min(n, available()); - bufOff += skip; - return skip; - } - - public int available() - throws IOException - { - return maxBuf - bufOff; - } - - /** - * Closes the underlying input stream, and then finalises the processing of the data by the - * cipher. - * - * @throws IOException if there was an error closing the input stream. - * @throws InvalidCipherTextIOException if the data read from the stream was invalid ciphertext - * (e.g. the cipher is an AEAD cipher and the ciphertext tag check fails). - */ - public void close() - throws IOException - { - try - { - in.close(); - } - finally - { - if (!finalized) - { - // Reset the cipher, discarding any data buffered in it - // Errors in cipher finalisation trump I/O error closing input - finaliseCipher(); - } - } - maxBuf = bufOff = 0; - } - - public void mark(int readlimit) - { - } - - public void reset() - throws IOException - { - } - - public boolean markSupported() - { - return false; - } - -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/io/CipherOutputStream.java b/prov/src/main/java/org/bouncycastle/jcajce/io/CipherOutputStream.java deleted file mode 100644 index 814b3392..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/io/CipherOutputStream.java +++ /dev/null @@ -1,147 +0,0 @@ -package org.bouncycastle.jcajce.io; - -import java.io.FilterOutputStream; -import java.io.IOException; -import java.io.OutputStream; -import java.security.GeneralSecurityException; - -import javax.crypto.BadPaddingException; -import javax.crypto.Cipher; -import javax.crypto.IllegalBlockSizeException; - -import org.bouncycastle.crypto.io.InvalidCipherTextIOException; - -/** - * A CipherOutputStream is composed of an OutputStream and a cipher so that write() methods process - * the written data with the cipher, and the output of the cipher is in turn written to the - * underlying OutputStream. The cipher must be fully initialized before being used by a - * CipherInputStream. - * <p/> - * For example, if the cipher is initialized for encryption, the CipherOutputStream will encrypt the - * data before writing the encrypted data to the underlying stream. - * <p/> - * This is a reimplementation of {@link javax.crypto.CipherOutputStream} that is safe for use with - * AEAD block ciphers, and does not silently catch {@link BadPaddingException} and - * {@link IllegalBlockSizeException} errors. Any errors that occur during {@link Cipher#doFinal() - * finalisation} are rethrown wrapped in an {@link InvalidCipherTextIOException}. - */ -public class CipherOutputStream - extends FilterOutputStream -{ - private final Cipher cipher; - private final byte[] oneByte = new byte[1]; - - /** - * Constructs a CipherOutputStream from an OutputStream and a Cipher. - */ - public CipherOutputStream(OutputStream output, Cipher cipher) - { - super(output); - this.cipher = cipher; - } - - /** - * Writes the specified byte to this output stream. - * - * @param b the <code>byte</code>. - * @throws java.io.IOException if an I/O error occurs. - */ - public void write(int b) - throws IOException - { - oneByte[0] = (byte)b; - write(oneByte, 0, 1); - } - - /** - * Writes <code>len</code> bytes from the specified byte array starting at offset - * <code>off</code> to this output stream. - * - * @param b the data. - * @param off the start offset in the data. - * @param len the number of bytes to write. - * @throws java.io.IOException if an I/O error occurs. - */ - public void write(byte[] b, int off, int len) - throws IOException - { - byte[] outData = cipher.update(b, off, len); - if (outData != null) - { - out.write(outData); - } - } - - /** - * Flushes this output stream by forcing any buffered output bytes that have already been - * processed by the encapsulated cipher object to be written out. - * <p/> - * <p/> - * Any bytes buffered by the encapsulated cipher and waiting to be processed by it will not be - * written out. For example, if the encapsulated cipher is a block cipher, and the total number - * of bytes written using one of the <code>write</code> methods is less than the cipher's block - * size, no bytes will be written out. - * - * @throws java.io.IOException if an I/O error occurs. - */ - public void flush() - throws IOException - { - out.flush(); - } - - /** - * Closes this output stream and releases any system resources associated with this stream. - * <p/> - * This method invokes the <code>doFinal</code> method of the encapsulated cipher object, which - * causes any bytes buffered by the encapsulated cipher to be processed. The result is written - * out by calling the <code>flush</code> method of this output stream. - * <p/> - * This method resets the encapsulated cipher object to its initial state and calls the - * <code>close</code> method of the underlying output stream. - * - * @throws java.io.IOException if an I/O error occurs. - * @throws InvalidCipherTextIOException if the data written to this stream was invalid - * ciphertext (e.g. the cipher is an AEAD cipher and the ciphertext tag check - * fails). - */ - public void close() - throws IOException - { - IOException error = null; - try - { - byte[] outData = cipher.doFinal(); - if (outData != null) - { - out.write(outData); - } - } - catch (GeneralSecurityException e) - { - error = new InvalidCipherTextIOException("Error during cipher finalisation", e); - } - catch (Exception e) - { - error = new IOException("Error closing stream: " + e); - } - try - { - flush(); - out.close(); - } - catch (IOException e) - { - // Invalid ciphertext takes precedence over close error - if (error == null) - { - error = e; - } - } - if (error != null) - { - throw error; - } - } - -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/io/MacOutputStream.java b/prov/src/main/java/org/bouncycastle/jcajce/io/MacOutputStream.java deleted file mode 100644 index 235bfe57..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/io/MacOutputStream.java +++ /dev/null @@ -1,38 +0,0 @@ -package org.bouncycastle.jcajce.io; - -import java.io.IOException; -import java.io.OutputStream; - -import javax.crypto.Mac; - -public class MacOutputStream - extends OutputStream -{ - protected Mac mac; - - public MacOutputStream( - Mac mac) - { - this.mac = mac; - } - - public void write(int b) - throws IOException - { - mac.update((byte)b); - } - - public void write( - byte[] b, - int off, - int len) - throws IOException - { - mac.update(b, off, len); - } - - public byte[] getMac() - { - return mac.doFinal(); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java deleted file mode 100644 index 5b6b8c49..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java +++ /dev/null @@ -1,47 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric; - -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.jcajce.provider.asymmetric.dh.KeyFactorySpi; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider; - -public class DH -{ - private static final String PREFIX = "org.bouncycastle.jcajce.provider.asymmetric" + ".dh."; - - public static class Mappings - extends AsymmetricAlgorithmProvider - { - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("KeyPairGenerator.DH", PREFIX + "KeyPairGeneratorSpi"); - provider.addAlgorithm("Alg.Alias.KeyPairGenerator.DIFFIEHELLMAN", "DH"); - - provider.addAlgorithm("KeyAgreement.DH", PREFIX + "KeyAgreementSpi"); - provider.addAlgorithm("Alg.Alias.KeyAgreement.DIFFIEHELLMAN", "DH"); - - provider.addAlgorithm("KeyFactory.DH", PREFIX + "KeyFactorySpi"); - provider.addAlgorithm("Alg.Alias.KeyFactory.DIFFIEHELLMAN", "DH"); - - provider.addAlgorithm("AlgorithmParameters.DH", PREFIX + "AlgorithmParametersSpi"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.DIFFIEHELLMAN", "DH"); - - provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator.DIFFIEHELLMAN", "DH"); - - provider.addAlgorithm("AlgorithmParameterGenerator.DH", PREFIX + "AlgorithmParameterGeneratorSpi"); - - provider.addAlgorithm("Cipher.DHIES", PREFIX + "IESCipher$IES"); - provider.addAlgorithm("Cipher.DHIESwithAES", PREFIX + "IESCipher$IESwithAES"); - provider.addAlgorithm("Cipher.DHIESWITHAES", PREFIX + "IESCipher$IESwithAES"); - provider.addAlgorithm("Cipher.DHIESWITHDESEDE", PREFIX + "IESCipher$IESwithDESede"); - - registerOid(provider, PKCSObjectIdentifiers.dhKeyAgreement, "DH", new KeyFactorySpi()); - registerOid(provider, X9ObjectIdentifiers.dhpublicnumber, "DH", new KeyFactorySpi()); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DSA.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DSA.java deleted file mode 100644 index 2efffbf4..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DSA.java +++ /dev/null @@ -1,70 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric; - -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.jcajce.provider.asymmetric.dsa.DSAUtil; -import org.bouncycastle.jcajce.provider.asymmetric.dsa.KeyFactorySpi; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider; -import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter; - -public class DSA -{ - private static final String PREFIX = "org.bouncycastle.jcajce.provider.asymmetric" + ".dsa."; - - public static class Mappings - extends AsymmetricAlgorithmProvider - { - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("AlgorithmParameters.DSA", PREFIX + "AlgorithmParametersSpi"); - - provider.addAlgorithm("AlgorithmParameterGenerator.DSA", PREFIX + "AlgorithmParameterGeneratorSpi"); - - provider.addAlgorithm("KeyPairGenerator.DSA", PREFIX + "KeyPairGeneratorSpi"); - provider.addAlgorithm("KeyFactory.DSA", PREFIX + "KeyFactorySpi"); - - provider.addAlgorithm("Signature.DSA", PREFIX + "DSASigner$stdDSA"); - provider.addAlgorithm("Signature.NONEWITHDSA", PREFIX + "DSASigner$noneDSA"); - - provider.addAlgorithm("Alg.Alias.Signature.RAWDSA", "NONEWITHDSA"); - - provider.addAlgorithm("Signature.DETDSA", PREFIX + "DSASigner$detDSA"); - provider.addAlgorithm("Signature.SHA1WITHDETDSA", PREFIX + "DSASigner$detDSA"); - provider.addAlgorithm("Signature.SHA224WITHDETDSA", PREFIX + "DSASigner$detDSA224"); - provider.addAlgorithm("Signature.SHA256WITHDETDSA", PREFIX + "DSASigner$detDSA256"); - provider.addAlgorithm("Signature.SHA384WITHDETDSA", PREFIX + "DSASigner$detDSA384"); - provider.addAlgorithm("Signature.SHA512WITHDETDSA", PREFIX + "DSASigner$detDSA512"); - - addSignatureAlgorithm(provider, "SHA224", "DSA", PREFIX + "DSASigner$dsa224", NISTObjectIdentifiers.dsa_with_sha224); - addSignatureAlgorithm(provider, "SHA256", "DSA", PREFIX + "DSASigner$dsa256", NISTObjectIdentifiers.dsa_with_sha256); - addSignatureAlgorithm(provider, "SHA384", "DSA", PREFIX + "DSASigner$dsa384", NISTObjectIdentifiers.dsa_with_sha384); - addSignatureAlgorithm(provider, "SHA512", "DSA", PREFIX + "DSASigner$dsa512", NISTObjectIdentifiers.dsa_with_sha512); - - provider.addAlgorithm("Alg.Alias.Signature.SHA/DSA", "DSA"); - provider.addAlgorithm("Alg.Alias.Signature.SHA1withDSA", "DSA"); - provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHDSA", "DSA"); - provider.addAlgorithm("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.1", "DSA"); - provider.addAlgorithm("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.3", "DSA"); - provider.addAlgorithm("Alg.Alias.Signature.DSAwithSHA1", "DSA"); - provider.addAlgorithm("Alg.Alias.Signature.DSAWITHSHA1", "DSA"); - provider.addAlgorithm("Alg.Alias.Signature.SHA1WithDSA", "DSA"); - provider.addAlgorithm("Alg.Alias.Signature.DSAWithSHA1", "DSA"); - - provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10040.4.3", "DSA"); - - AsymmetricKeyInfoConverter keyFact = new KeyFactorySpi(); - - for (int i = 0; i != DSAUtil.dsaOids.length; i++) - { - provider.addAlgorithm("Alg.Alias.Signature." + DSAUtil.dsaOids[i], "DSA"); - - registerOid(provider, DSAUtil.dsaOids[i], "DSA", keyFact); - registerOidAlgorithmParameters(provider, DSAUtil.dsaOids[i], "DSA"); - } - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DSTU4145.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DSTU4145.java deleted file mode 100644 index bdf167d2..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DSTU4145.java +++ /dev/null @@ -1,42 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric; - -import org.bouncycastle.asn1.ua.UAObjectIdentifiers; -import org.bouncycastle.jcajce.provider.asymmetric.dstu.KeyFactorySpi; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider; - -public class DSTU4145 -{ - private static final String PREFIX = "org.bouncycastle.jcajce.provider.asymmetric" + ".dstu."; - - public static class Mappings - extends AsymmetricAlgorithmProvider - { - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("KeyFactory.DSTU4145", PREFIX + "KeyFactorySpi"); - provider.addAlgorithm("Alg.Alias.KeyFactory.DSTU-4145-2002", "DSTU4145"); - provider.addAlgorithm("Alg.Alias.KeyFactory.DSTU4145-3410", "DSTU4145"); - - registerOid(provider, UAObjectIdentifiers.dstu4145le, "DSTU4145", new KeyFactorySpi()); - registerOidAlgorithmParameters(provider, UAObjectIdentifiers.dstu4145le, "DSTU4145"); - registerOid(provider, UAObjectIdentifiers.dstu4145be, "DSTU4145", new KeyFactorySpi()); - registerOidAlgorithmParameters(provider, UAObjectIdentifiers.dstu4145be, "DSTU4145"); - - provider.addAlgorithm("KeyPairGenerator.DSTU4145", PREFIX + "KeyPairGeneratorSpi"); - provider.addAlgorithm("Alg.Alias.KeyPairGenerator.DSTU-4145", "DSTU4145"); - provider.addAlgorithm("Alg.Alias.KeyPairGenerator.DSTU-4145-2002", "DSTU4145"); - - provider.addAlgorithm("Signature.DSTU4145", PREFIX + "SignatureSpi"); - provider.addAlgorithm("Alg.Alias.Signature.DSTU-4145", "DSTU4145"); - provider.addAlgorithm("Alg.Alias.Signature.DSTU-4145-2002", "DSTU4145"); - - addSignatureAlgorithm(provider, "GOST3411", "DSTU4145LE", PREFIX + "SignatureSpiLe", UAObjectIdentifiers.dstu4145le); - addSignatureAlgorithm(provider, "GOST3411", "DSTU4145", PREFIX + "SignatureSpi", UAObjectIdentifiers.dstu4145be); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java deleted file mode 100644 index d7b437cb..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java +++ /dev/null @@ -1,110 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric; - -import org.bouncycastle.asn1.bsi.BSIObjectIdentifiers; -import org.bouncycastle.asn1.eac.EACObjectIdentifiers; -import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.jcajce.provider.asymmetric.ec.KeyFactorySpi; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider; - -public class EC -{ - private static final String PREFIX = "org.bouncycastle.jcajce.provider.asymmetric" + ".ec."; - - public static class Mappings - extends AsymmetricAlgorithmProvider - { - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("KeyAgreement.ECDH", PREFIX + "KeyAgreementSpi$DH"); - provider.addAlgorithm("KeyAgreement.ECDHC", PREFIX + "KeyAgreementSpi$DHC"); - provider.addAlgorithm("KeyAgreement.ECMQV", PREFIX + "KeyAgreementSpi$MQV"); - provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA1KDF"); - provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA1KDF"); - provider.addAlgorithm("KeyAgreement.ECDHWITHSHA1KDF", PREFIX + "KeyAgreementSpi$DHwithSHA1KDF"); - - registerOid(provider, X9ObjectIdentifiers.id_ecPublicKey, "EC", new KeyFactorySpi.EC()); - // TODO Should this be an alias for ECDH? - registerOid(provider, X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC", new KeyFactorySpi.EC()); - registerOid(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV()); - - registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.id_ecPublicKey, "EC"); - // TODO Should this be an alias for ECDH? - registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC"); - registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "EC"); - - provider.addAlgorithm("KeyFactory.EC", PREFIX + "KeyFactorySpi$EC"); - provider.addAlgorithm("KeyFactory.ECDSA", PREFIX + "KeyFactorySpi$ECDSA"); - provider.addAlgorithm("KeyFactory.ECDH", PREFIX + "KeyFactorySpi$ECDH"); - provider.addAlgorithm("KeyFactory.ECDHC", PREFIX + "KeyFactorySpi$ECDHC"); - provider.addAlgorithm("KeyFactory.ECMQV", PREFIX + "KeyFactorySpi$ECMQV"); - - provider.addAlgorithm("KeyPairGenerator.EC", PREFIX + "KeyPairGeneratorSpi$EC"); - provider.addAlgorithm("KeyPairGenerator.ECDSA", PREFIX + "KeyPairGeneratorSpi$ECDSA"); - provider.addAlgorithm("KeyPairGenerator.ECDH", PREFIX + "KeyPairGeneratorSpi$ECDH"); - provider.addAlgorithm("KeyPairGenerator.ECDHWITHSHA1KDF", PREFIX + "KeyPairGeneratorSpi$ECDH"); - provider.addAlgorithm("KeyPairGenerator.ECDHC", PREFIX + "KeyPairGeneratorSpi$ECDHC"); - provider.addAlgorithm("KeyPairGenerator.ECIES", PREFIX + "KeyPairGeneratorSpi$ECDH"); - provider.addAlgorithm("KeyPairGenerator.ECMQV", PREFIX + "KeyPairGeneratorSpi$ECMQV"); - - provider.addAlgorithm("Cipher.ECIES", PREFIX + "IESCipher$ECIES"); - provider.addAlgorithm("Cipher.ECIESwithAES", PREFIX + "IESCipher$ECIESwithAES"); - provider.addAlgorithm("Cipher.ECIESWITHAES", PREFIX + "IESCipher$ECIESwithAES"); - provider.addAlgorithm("Cipher.ECIESwithDESEDE", PREFIX + "IESCipher$ECIESwithDESede"); - provider.addAlgorithm("Cipher.ECIESWITHDESEDE", PREFIX + "IESCipher$ECIESwithDESede"); - provider.addAlgorithm("Cipher.ECIESwithAES-CBC", PREFIX + "IESCipher$ECIESwithAESCBC"); - provider.addAlgorithm("Cipher.ECIESWITHAES-CBC", PREFIX + "IESCipher$ECIESwithAESCBC"); - provider.addAlgorithm("Cipher.ECIESwithDESEDE-CBC", PREFIX + "IESCipher$ECIESwithDESedeCBC"); - provider.addAlgorithm("Cipher.ECIESWITHDESEDE-CBC", PREFIX + "IESCipher$ECIESwithDESedeCBC"); - - provider.addAlgorithm("Signature.ECDSA", PREFIX + "SignatureSpi$ecDSA"); - provider.addAlgorithm("Signature.NONEwithECDSA", PREFIX + "SignatureSpi$ecDSAnone"); - - provider.addAlgorithm("Alg.Alias.Signature.SHA1withECDSA", "ECDSA"); - provider.addAlgorithm("Alg.Alias.Signature.ECDSAwithSHA1", "ECDSA"); - provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHECDSA", "ECDSA"); - provider.addAlgorithm("Alg.Alias.Signature.ECDSAWITHSHA1", "ECDSA"); - provider.addAlgorithm("Alg.Alias.Signature.SHA1WithECDSA", "ECDSA"); - provider.addAlgorithm("Alg.Alias.Signature.ECDSAWithSHA1", "ECDSA"); - provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10045.4.1", "ECDSA"); - provider.addAlgorithm("Alg.Alias.Signature." + TeleTrusTObjectIdentifiers.ecSignWithSha1, "ECDSA"); - - provider.addAlgorithm("Signature.DETECDSA", PREFIX + "SignatureSpi$ecDetDSA"); - provider.addAlgorithm("Signature.SHA1WITHDETECDSA", PREFIX + "SignatureSpi$ecDetDSA"); - provider.addAlgorithm("Signature.SHA224WITHDETECDSA", PREFIX + "SignatureSpi$ecDetDSA224"); - provider.addAlgorithm("Signature.SHA256WITHDETECDSA", PREFIX + "SignatureSpi$ecDetDSA256"); - provider.addAlgorithm("Signature.SHA384WITHDETECDSA", PREFIX + "SignatureSpi$ecDetDSA384"); - provider.addAlgorithm("Signature.SHA512WITHDETECDSA", PREFIX + "SignatureSpi$ecDetDSA512"); - - addSignatureAlgorithm(provider, "SHA224", "ECDSA", PREFIX + "SignatureSpi$ecDSA224", X9ObjectIdentifiers.ecdsa_with_SHA224); - addSignatureAlgorithm(provider, "SHA256", "ECDSA", PREFIX + "SignatureSpi$ecDSA256", X9ObjectIdentifiers.ecdsa_with_SHA256); - addSignatureAlgorithm(provider, "SHA384", "ECDSA", PREFIX + "SignatureSpi$ecDSA384", X9ObjectIdentifiers.ecdsa_with_SHA384); - addSignatureAlgorithm(provider, "SHA512", "ECDSA", PREFIX + "SignatureSpi$ecDSA512", X9ObjectIdentifiers.ecdsa_with_SHA512); - addSignatureAlgorithm(provider, "RIPEMD160", "ECDSA", PREFIX + "SignatureSpi$ecDSARipeMD160",TeleTrusTObjectIdentifiers.ecSignWithRipemd160); - - provider.addAlgorithm("Signature.SHA1WITHECNR", PREFIX + "SignatureSpi$ecNR"); - provider.addAlgorithm("Signature.SHA224WITHECNR", PREFIX + "SignatureSpi$ecNR224"); - provider.addAlgorithm("Signature.SHA256WITHECNR", PREFIX + "SignatureSpi$ecNR256"); - provider.addAlgorithm("Signature.SHA384WITHECNR", PREFIX + "SignatureSpi$ecNR384"); - provider.addAlgorithm("Signature.SHA512WITHECNR", PREFIX + "SignatureSpi$ecNR512"); - - addSignatureAlgorithm(provider, "SHA1", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1); - addSignatureAlgorithm(provider, "SHA224", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA224", EACObjectIdentifiers.id_TA_ECDSA_SHA_224); - addSignatureAlgorithm(provider, "SHA256", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", EACObjectIdentifiers.id_TA_ECDSA_SHA_256); - addSignatureAlgorithm(provider, "SHA384", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA384", EACObjectIdentifiers.id_TA_ECDSA_SHA_384); - addSignatureAlgorithm(provider, "SHA512", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA512", EACObjectIdentifiers.id_TA_ECDSA_SHA_512); - - addSignatureAlgorithm(provider, "SHA1", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA", BSIObjectIdentifiers.ecdsa_plain_SHA1); - addSignatureAlgorithm(provider, "SHA224", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA224", BSIObjectIdentifiers.ecdsa_plain_SHA224); - addSignatureAlgorithm(provider, "SHA256", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", BSIObjectIdentifiers.ecdsa_plain_SHA256); - addSignatureAlgorithm(provider, "SHA384", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA384", BSIObjectIdentifiers.ecdsa_plain_SHA384); - addSignatureAlgorithm(provider, "SHA512", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA512", BSIObjectIdentifiers.ecdsa_plain_SHA512); - addSignatureAlgorithm(provider, "RIPEMD160", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecPlainDSARP160", BSIObjectIdentifiers.ecdsa_plain_RIPEMD160); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ECGOST.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ECGOST.java deleted file mode 100644 index d33126bf..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ECGOST.java +++ /dev/null @@ -1,39 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric; - -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.jcajce.provider.asymmetric.ecgost.KeyFactorySpi; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider; - -public class ECGOST -{ - private static final String PREFIX = "org.bouncycastle.jcajce.provider.asymmetric" + ".ecgost."; - - public static class Mappings - extends AsymmetricAlgorithmProvider - { - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("KeyFactory.ECGOST3410", PREFIX + "KeyFactorySpi"); - provider.addAlgorithm("Alg.Alias.KeyFactory.GOST-3410-2001", "ECGOST3410"); - provider.addAlgorithm("Alg.Alias.KeyFactory.ECGOST-3410", "ECGOST3410"); - - registerOid(provider, CryptoProObjectIdentifiers.gostR3410_2001, "ECGOST3410", new KeyFactorySpi()); - registerOidAlgorithmParameters(provider, CryptoProObjectIdentifiers.gostR3410_2001, "ECGOST3410"); - - provider.addAlgorithm("KeyPairGenerator.ECGOST3410", PREFIX + "KeyPairGeneratorSpi"); - provider.addAlgorithm("Alg.Alias.KeyPairGenerator.ECGOST-3410", "ECGOST3410"); - provider.addAlgorithm("Alg.Alias.KeyPairGenerator.GOST-3410-2001", "ECGOST3410"); - - provider.addAlgorithm("Signature.ECGOST3410", PREFIX + "SignatureSpi"); - provider.addAlgorithm("Alg.Alias.Signature.ECGOST-3410", "ECGOST3410"); - provider.addAlgorithm("Alg.Alias.Signature.GOST-3410-2001", "ECGOST3410"); - - addSignatureAlgorithm(provider, "GOST3411", "ECGOST3410", PREFIX + "SignatureSpi", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ElGamal.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ElGamal.java deleted file mode 100644 index 8dfeed08..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ElGamal.java +++ /dev/null @@ -1,46 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric; - -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.jcajce.provider.asymmetric.elgamal.KeyFactorySpi; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider; -import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter; - -public class ElGamal -{ - private static final String PREFIX = "org.bouncycastle.jcajce.provider.asymmetric" + ".elgamal."; - - public static class Mappings - extends AsymmetricAlgorithmProvider - { - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("AlgorithmParameterGenerator.ELGAMAL", PREFIX + "AlgorithmParameterGeneratorSpi"); - provider.addAlgorithm("AlgorithmParameterGenerator.ElGamal", PREFIX + "AlgorithmParameterGeneratorSpi"); - provider.addAlgorithm("AlgorithmParameters.ELGAMAL", PREFIX + "AlgorithmParametersSpi"); - provider.addAlgorithm("AlgorithmParameters.ElGamal", PREFIX + "AlgorithmParametersSpi"); - - provider.addAlgorithm("Cipher.ELGAMAL", PREFIX + "CipherSpi$NoPadding"); - provider.addAlgorithm("Cipher.ElGamal", PREFIX + "CipherSpi$NoPadding"); - provider.addAlgorithm("Alg.Alias.Cipher.ELGAMAL/ECB/PKCS1PADDING", "ELGAMAL/PKCS1"); - provider.addAlgorithm("Alg.Alias.Cipher.ELGAMAL/NONE/PKCS1PADDING", "ELGAMAL/PKCS1"); - provider.addAlgorithm("Alg.Alias.Cipher.ELGAMAL/NONE/NOPADDING", "ELGAMAL"); - - provider.addAlgorithm("Cipher.ELGAMAL/PKCS1", PREFIX + "CipherSpi$PKCS1v1_5Padding"); - provider.addAlgorithm("KeyFactory.ELGAMAL", PREFIX + "KeyFactorySpi"); - provider.addAlgorithm("KeyFactory.ElGamal", PREFIX + "KeyFactorySpi"); - - provider.addAlgorithm("KeyPairGenerator.ELGAMAL", PREFIX + "KeyPairGeneratorSpi"); - provider.addAlgorithm("KeyPairGenerator.ElGamal", PREFIX + "KeyPairGeneratorSpi"); - - AsymmetricKeyInfoConverter keyFact = new KeyFactorySpi(); - - registerOid(provider, OIWObjectIdentifiers.elGamalAlgorithm, "ELGAMAL", keyFact); - registerOidAlgorithmParameters(provider, OIWObjectIdentifiers.elGamalAlgorithm, "ELGAMAL"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/GOST.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/GOST.java deleted file mode 100644 index 39ab20d3..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/GOST.java +++ /dev/null @@ -1,49 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric; - -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.jcajce.provider.asymmetric.gost.KeyFactorySpi; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider; - -public class GOST -{ - private static final String PREFIX = "org.bouncycastle.jcajce.provider.asymmetric" + ".gost."; - - public static class Mappings - extends AsymmetricAlgorithmProvider - { - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("KeyPairGenerator.GOST3410", PREFIX + "KeyPairGeneratorSpi"); - provider.addAlgorithm("Alg.Alias.KeyPairGenerator.GOST-3410", "GOST3410"); - provider.addAlgorithm("Alg.Alias.KeyPairGenerator.GOST-3410-94", "GOST3410"); - - provider.addAlgorithm("KeyFactory.GOST3410", PREFIX + "KeyFactorySpi"); - provider.addAlgorithm("Alg.Alias.KeyFactory.GOST-3410", "GOST3410"); - provider.addAlgorithm("Alg.Alias.KeyFactory.GOST-3410-94", "GOST3410"); - - - provider.addAlgorithm("AlgorithmParameters.GOST3410", PREFIX + "AlgorithmParametersSpi"); - provider.addAlgorithm("AlgorithmParameterGenerator.GOST3410", PREFIX + "AlgorithmParameterGeneratorSpi"); - - registerOid(provider, CryptoProObjectIdentifiers.gostR3410_94, "GOST3410", new KeyFactorySpi()); - registerOidAlgorithmParameters(provider, CryptoProObjectIdentifiers.gostR3410_94, "GOST3410"); - - provider.addAlgorithm("Signature.GOST3410", PREFIX + "SignatureSpi"); - provider.addAlgorithm("Alg.Alias.Signature.GOST-3410", "GOST3410"); - provider.addAlgorithm("Alg.Alias.Signature.GOST-3410-94", "GOST3410"); - provider.addAlgorithm("Alg.Alias.Signature.GOST3411withGOST3410", "GOST3410"); - provider.addAlgorithm("Alg.Alias.Signature.GOST3411WITHGOST3410", "GOST3410"); - provider.addAlgorithm("Alg.Alias.Signature.GOST3411WithGOST3410", "GOST3410"); - provider.addAlgorithm("Alg.Alias.Signature." + CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3410"); - - - provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator.GOST-3410", "GOST3410"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.GOST-3410", "GOST3410"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/IES.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/IES.java deleted file mode 100644 index 47cf3f60..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/IES.java +++ /dev/null @@ -1,23 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric; - -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider; - -public class IES -{ - private static final String PREFIX = "org.bouncycastle.jcajce.provider.asymmetric" + ".ies."; - - public static class Mappings - extends AsymmetricAlgorithmProvider - { - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("AlgorithmParameters.IES", PREFIX + "AlgorithmParametersSpi"); - provider.addAlgorithm("Cipher.IES", PREFIX + "CipherSpi$IES"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/RSA.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/RSA.java deleted file mode 100644 index 438164b5..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/RSA.java +++ /dev/null @@ -1,197 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; -import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; -import org.bouncycastle.jcajce.provider.asymmetric.rsa.KeyFactorySpi; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider; -import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter; - -public class RSA -{ - private static final String PREFIX = "org.bouncycastle.jcajce.provider.asymmetric" + ".rsa."; - - public static class Mappings - extends AsymmetricAlgorithmProvider - { - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("AlgorithmParameters.OAEP", PREFIX + "AlgorithmParametersSpi$OAEP"); - provider.addAlgorithm("AlgorithmParameters.PSS", PREFIX + "AlgorithmParametersSpi$PSS"); - - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSAPSS", "PSS"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSASSA-PSS", "PSS"); - - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224withRSA/PSS", "PSS"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256withRSA/PSS", "PSS"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384withRSA/PSS", "PSS"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512withRSA/PSS", "PSS"); - - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224WITHRSAANDMGF1", "PSS"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256WITHRSAANDMGF1", "PSS"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384WITHRSAANDMGF1", "PSS"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512WITHRSAANDMGF1", "PSS"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RAWRSAPSS", "PSS"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAPSS", "PSS"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSASSA-PSS", "PSS"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAANDMGF1", "PSS"); - - provider.addAlgorithm("Cipher.RSA", PREFIX + "CipherSpi$NoPadding"); - provider.addAlgorithm("Cipher.RSA/RAW", PREFIX + "CipherSpi$NoPadding"); - provider.addAlgorithm("Cipher.RSA/PKCS1", PREFIX + "CipherSpi$PKCS1v1_5Padding"); - provider.addAlgorithm("Cipher.1.2.840.113549.1.1.1", PREFIX + "CipherSpi$PKCS1v1_5Padding"); - provider.addAlgorithm("Cipher.2.5.8.1.1", PREFIX + "CipherSpi$PKCS1v1_5Padding"); - provider.addAlgorithm("Cipher.RSA/1", PREFIX + "CipherSpi$PKCS1v1_5Padding_PrivateOnly"); - provider.addAlgorithm("Cipher.RSA/2", PREFIX + "CipherSpi$PKCS1v1_5Padding_PublicOnly"); - provider.addAlgorithm("Cipher.RSA/OAEP", PREFIX + "CipherSpi$OAEPPadding"); - provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.id_RSAES_OAEP, PREFIX + "CipherSpi$OAEPPadding"); - provider.addAlgorithm("Cipher.RSA/ISO9796-1", PREFIX + "CipherSpi$ISO9796d1Padding"); - - provider.addAlgorithm("Alg.Alias.Cipher.RSA//RAW", "RSA"); - provider.addAlgorithm("Alg.Alias.Cipher.RSA//NOPADDING", "RSA"); - provider.addAlgorithm("Alg.Alias.Cipher.RSA//PKCS1PADDING", "RSA/PKCS1"); - provider.addAlgorithm("Alg.Alias.Cipher.RSA//OAEPPADDING", "RSA/OAEP"); - provider.addAlgorithm("Alg.Alias.Cipher.RSA//ISO9796-1PADDING", "RSA/ISO9796-1"); - - provider.addAlgorithm("KeyFactory.RSA", PREFIX + "KeyFactorySpi"); - provider.addAlgorithm("KeyPairGenerator.RSA", PREFIX + "KeyPairGeneratorSpi"); - - AsymmetricKeyInfoConverter keyFact = new KeyFactorySpi(); - - registerOid(provider, PKCSObjectIdentifiers.rsaEncryption, "RSA", keyFact); - registerOid(provider, X509ObjectIdentifiers.id_ea_rsa, "RSA", keyFact); - registerOid(provider, PKCSObjectIdentifiers.id_RSAES_OAEP, "RSA", keyFact); - registerOid(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "RSA", keyFact); - - registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.rsaEncryption, "RSA"); - registerOidAlgorithmParameters(provider, X509ObjectIdentifiers.id_ea_rsa, "RSA"); - registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSAES_OAEP, "OAEP"); - registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "PSS"); - - - provider.addAlgorithm("Signature.RSASSA-PSS", PREFIX + "PSSSignatureSpi$PSSwithRSA"); - provider.addAlgorithm("Signature." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA"); - provider.addAlgorithm("Signature.OID." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA"); - - provider.addAlgorithm("Signature.SHA224WITHRSAANDMGF1", PREFIX + "PSSSignatureSpi$SHA224withRSA"); - provider.addAlgorithm("Signature.SHA256WITHRSAANDMGF1", PREFIX + "PSSSignatureSpi$SHA256withRSA"); - provider.addAlgorithm("Signature.SHA384WITHRSAANDMGF1", PREFIX + "PSSSignatureSpi$SHA384withRSA"); - provider.addAlgorithm("Signature.SHA512WITHRSAANDMGF1", PREFIX + "PSSSignatureSpi$SHA512withRSA"); - provider.addAlgorithm("Signature.SHA224withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA224withRSA"); - provider.addAlgorithm("Signature.SHA256withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA256withRSA"); - provider.addAlgorithm("Signature.SHA384withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA384withRSA"); - provider.addAlgorithm("Signature.SHA512withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA512withRSA"); - - provider.addAlgorithm("Signature.RSA", PREFIX + "DigestSignatureSpi$noneRSA"); - provider.addAlgorithm("Signature.RAWRSASSA-PSS", PREFIX + "PSSSignatureSpi$nonePSS"); - - provider.addAlgorithm("Alg.Alias.Signature.RAWRSA", "RSA"); - provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSA", "RSA"); - provider.addAlgorithm("Alg.Alias.Signature.RAWRSAPSS", "RAWRSASSA-PSS"); - provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAPSS", "RAWRSASSA-PSS"); - provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSASSA-PSS", "RAWRSASSA-PSS"); - provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAANDMGF1", "RAWRSASSA-PSS"); - provider.addAlgorithm("Alg.Alias.Signature.RSAPSS", "RSASSA-PSS"); - - - provider.addAlgorithm("Alg.Alias.Signature.SHA224withRSAandMGF1", "SHA224withRSA/PSS"); - provider.addAlgorithm("Alg.Alias.Signature.SHA256withRSAandMGF1", "SHA256withRSA/PSS"); - provider.addAlgorithm("Alg.Alias.Signature.SHA384withRSAandMGF1", "SHA384withRSA/PSS"); - provider.addAlgorithm("Alg.Alias.Signature.SHA512withRSAandMGF1", "SHA512withRSA/PSS"); - - if (provider.hasAlgorithm("MessageDigest", "MD2")) - { - addDigestSignature(provider, "MD2", PREFIX + "DigestSignatureSpi$MD2", PKCSObjectIdentifiers.md2WithRSAEncryption); - } - - if (provider.hasAlgorithm("MessageDigest", "MD4")) - { - addDigestSignature(provider, "MD4", PREFIX + "DigestSignatureSpi$MD4", PKCSObjectIdentifiers.md4WithRSAEncryption); - } - - if (provider.hasAlgorithm("MessageDigest", "MD5")) - { - addDigestSignature(provider, "MD5", PREFIX + "DigestSignatureSpi$MD5", PKCSObjectIdentifiers.md5WithRSAEncryption); - provider.addAlgorithm("Signature.MD5withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$MD5WithRSAEncryption"); - provider.addAlgorithm("Alg.Alias.Signature.MD5WithRSA/ISO9796-2", "MD5withRSA/ISO9796-2"); - } - - if (provider.hasAlgorithm("MessageDigest", "SHA1")) - { - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1withRSA/PSS", "PSS"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1WITHRSAANDMGF1", "PSS"); - provider.addAlgorithm("Signature.SHA1withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA1withRSA"); - provider.addAlgorithm("Alg.Alias.Signature.SHA1withRSAandMGF1", "SHA1withRSA/PSS"); - provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHRSAANDMGF1", "SHA1withRSA/PSS"); - - addDigestSignature(provider, "SHA1", PREFIX + "DigestSignatureSpi$SHA1", PKCSObjectIdentifiers.sha1WithRSAEncryption); - - provider.addAlgorithm("Alg.Alias.Signature.SHA1WithRSA/ISO9796-2", "SHA1withRSA/ISO9796-2"); - provider.addAlgorithm("Signature.SHA1withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$SHA1WithRSAEncryption"); - provider.addAlgorithm("Alg.Alias.Signature." + OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA"); - provider.addAlgorithm("Alg.Alias.Signature.OID." + OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA"); - } - - addDigestSignature(provider, "SHA224", PREFIX + "DigestSignatureSpi$SHA224", PKCSObjectIdentifiers.sha224WithRSAEncryption); - addDigestSignature(provider, "SHA256", PREFIX + "DigestSignatureSpi$SHA256", PKCSObjectIdentifiers.sha256WithRSAEncryption); - addDigestSignature(provider, "SHA384", PREFIX + "DigestSignatureSpi$SHA384", PKCSObjectIdentifiers.sha384WithRSAEncryption); - addDigestSignature(provider, "SHA512", PREFIX + "DigestSignatureSpi$SHA512", PKCSObjectIdentifiers.sha512WithRSAEncryption); - - if (provider.hasAlgorithm("MessageDigest", "RIPEMD128")) - { - addDigestSignature(provider, "RIPEMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); - addDigestSignature(provider, "RMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", null); - } - - if (provider.hasAlgorithm("MessageDigest", "RIPEMD160")) - { - addDigestSignature(provider, "RIPEMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); - addDigestSignature(provider, "RMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", null); - provider.addAlgorithm("Alg.Alias.Signature.RIPEMD160WithRSA/ISO9796-2", "RIPEMD160withRSA/ISO9796-2"); - provider.addAlgorithm("Signature.RIPEMD160withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$RIPEMD160WithRSAEncryption"); - } - - if (provider.hasAlgorithm("MessageDigest", "RIPEMD256")) - { - addDigestSignature(provider, "RIPEMD256", PREFIX + "DigestSignatureSpi$RIPEMD256", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); - addDigestSignature(provider, "RMD256", PREFIX + "DigestSignatureSpi$RIPEMD256", null); - } - } - - private void addDigestSignature( - ConfigurableProvider provider, - String digest, - String className, - ASN1ObjectIdentifier oid) - { - String mainName = digest + "WITHRSA"; - String jdk11Variation1 = digest + "withRSA"; - String jdk11Variation2 = digest + "WithRSA"; - String alias = digest + "/" + "RSA"; - String longName = digest + "WITHRSAENCRYPTION"; - String longJdk11Variation1 = digest + "withRSAEncryption"; - String longJdk11Variation2 = digest + "WithRSAEncryption"; - - provider.addAlgorithm("Signature." + mainName, className); - provider.addAlgorithm("Alg.Alias.Signature." + jdk11Variation1, mainName); - provider.addAlgorithm("Alg.Alias.Signature." + jdk11Variation2, mainName); - provider.addAlgorithm("Alg.Alias.Signature." + longName, mainName); - provider.addAlgorithm("Alg.Alias.Signature." + longJdk11Variation1, mainName); - provider.addAlgorithm("Alg.Alias.Signature." + longJdk11Variation2, mainName); - provider.addAlgorithm("Alg.Alias.Signature." + alias, mainName); - - if (oid != null) - { - provider.addAlgorithm("Alg.Alias.Signature." + oid, mainName); - provider.addAlgorithm("Alg.Alias.Signature.OID." + oid, mainName); - } - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/X509.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/X509.java deleted file mode 100644 index 5cbee906..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/X509.java +++ /dev/null @@ -1,31 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric; - -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider; - -/** - * For some reason the class path project thinks that such a KeyFactory will exist. - */ -public class X509 -{ - public static class Mappings - extends AsymmetricAlgorithmProvider - { - public Mappings() - { - - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("KeyFactory.X.509", "org.bouncycastle.jcajce.provider.asymmetric.x509.KeyFactory"); - provider.addAlgorithm("Alg.Alias.KeyFactory.X509", "X.509"); - - // - // certificate factories. - // - provider.addAlgorithm("CertificateFactory.X.509", "org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory"); - provider.addAlgorithm("Alg.Alias.CertificateFactory.X509", "X.509"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/AlgorithmParameterGeneratorSpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/AlgorithmParameterGeneratorSpi.java deleted file mode 100644 index 8bdcc551..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/AlgorithmParameterGeneratorSpi.java +++ /dev/null @@ -1,77 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.dh; - -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.spec.DHGenParameterSpec; -import javax.crypto.spec.DHParameterSpec; - -import org.bouncycastle.crypto.generators.DHParametersGenerator; -import org.bouncycastle.crypto.params.DHParameters; -import org.bouncycastle.jce.provider.BouncyCastleProvider; - -public class AlgorithmParameterGeneratorSpi - extends java.security.AlgorithmParameterGeneratorSpi -{ - protected SecureRandom random; - protected int strength = 1024; - - private int l = 0; - - protected void engineInit( - int strength, - SecureRandom random) - { - this.strength = strength; - this.random = random; - } - - protected void engineInit( - AlgorithmParameterSpec genParamSpec, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - if (!(genParamSpec instanceof DHGenParameterSpec)) - { - throw new InvalidAlgorithmParameterException("DH parameter generator requires a DHGenParameterSpec for initialisation"); - } - DHGenParameterSpec spec = (DHGenParameterSpec)genParamSpec; - - this.strength = spec.getPrimeSize(); - this.l = spec.getExponentSize(); - this.random = random; - } - - protected AlgorithmParameters engineGenerateParameters() - { - DHParametersGenerator pGen = new DHParametersGenerator(); - - if (random != null) - { - pGen.init(strength, 20, random); - } - else - { - pGen.init(strength, 20, new SecureRandom()); - } - - DHParameters p = pGen.generateParameters(); - - AlgorithmParameters params; - - try - { - params = AlgorithmParameters.getInstance("DH", BouncyCastleProvider.PROVIDER_NAME); - params.init(new DHParameterSpec(p.getP(), p.getG(), l)); - } - catch (Exception e) - { - throw new RuntimeException(e.getMessage()); - } - - return params; - } - -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/AlgorithmParametersSpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/AlgorithmParametersSpi.java deleted file mode 100644 index c7711238..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/AlgorithmParametersSpi.java +++ /dev/null @@ -1,142 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.dh; - -import java.io.IOException; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.InvalidParameterSpecException; - -import javax.crypto.spec.DHParameterSpec; - -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.pkcs.DHParameter; - -public class AlgorithmParametersSpi - extends java.security.AlgorithmParametersSpi -{ - DHParameterSpec currentSpec; - - protected boolean isASN1FormatString(String format) - { - return format == null || format.equals("ASN.1"); - } - - protected AlgorithmParameterSpec engineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == null) - { - throw new NullPointerException("argument to getParameterSpec must not be null"); - } - - return localEngineGetParameterSpec(paramSpec); - } - - - - - /** - * Return the PKCS#3 ASN.1 structure DHParameter. - * <p> - * <pre> - * DHParameter ::= SEQUENCE { - * prime INTEGER, -- p - * base INTEGER, -- g - * privateValueLength INTEGER OPTIONAL} - * </pre> - */ - protected byte[] engineGetEncoded() - { - DHParameter dhP = new DHParameter(currentSpec.getP(), currentSpec.getG(), currentSpec.getL()); - - try - { - return dhP.getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - throw new RuntimeException("Error encoding DHParameters"); - } - } - - protected byte[] engineGetEncoded( - String format) - { - if (isASN1FormatString(format)) - { - return engineGetEncoded(); - } - - return null; - } - - protected AlgorithmParameterSpec localEngineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == DHParameterSpec.class) - { - return currentSpec; - } - - throw new InvalidParameterSpecException("unknown parameter spec passed to DH parameters object."); - } - - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (!(paramSpec instanceof DHParameterSpec)) - { - throw new InvalidParameterSpecException("DHParameterSpec required to initialise a Diffie-Hellman algorithm parameters object"); - } - - this.currentSpec = (DHParameterSpec)paramSpec; - } - - protected void engineInit( - byte[] params) - throws IOException - { - try - { - DHParameter dhP = DHParameter.getInstance(params); - - if (dhP.getL() != null) - { - currentSpec = new DHParameterSpec(dhP.getP(), dhP.getG(), dhP.getL().intValue()); - } - else - { - currentSpec = new DHParameterSpec(dhP.getP(), dhP.getG()); - } - } - catch (ClassCastException e) - { - throw new IOException("Not a valid DH Parameter encoding."); - } - catch (ArrayIndexOutOfBoundsException e) - { - throw new IOException("Not a valid DH Parameter encoding."); - } - } - - protected void engineInit( - byte[] params, - String format) - throws IOException - { - if (isASN1FormatString(format)) - { - engineInit(params); - } - else - { - throw new IOException("Unknown parameter format " + format); - } - } - - protected String engineToString() - { - return "Diffie-Hellman Parameters"; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/BCDHPrivateKey.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/BCDHPrivateKey.java deleted file mode 100644 index d5516dce..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/BCDHPrivateKey.java +++ /dev/null @@ -1,213 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.dh; - -import java.io.IOException; -import java.io.ObjectInputStream; -import java.io.ObjectOutputStream; -import java.math.BigInteger; -import java.util.Enumeration; - -import javax.crypto.interfaces.DHPrivateKey; -import javax.crypto.spec.DHParameterSpec; -import javax.crypto.spec.DHPrivateKeySpec; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.pkcs.DHParameter; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x9.DHDomainParameters; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.crypto.params.DHPrivateKeyParameters; -import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl; -import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; - - -public class BCDHPrivateKey - implements DHPrivateKey, PKCS12BagAttributeCarrier -{ - static final long serialVersionUID = 311058815616901812L; - - private BigInteger x; - - private transient DHParameterSpec dhSpec; - private transient PrivateKeyInfo info; - - private transient PKCS12BagAttributeCarrierImpl attrCarrier = new PKCS12BagAttributeCarrierImpl(); - - protected BCDHPrivateKey() - { - } - - BCDHPrivateKey( - DHPrivateKey key) - { - this.x = key.getX(); - this.dhSpec = key.getParams(); - } - - BCDHPrivateKey( - DHPrivateKeySpec spec) - { - this.x = spec.getX(); - this.dhSpec = new DHParameterSpec(spec.getP(), spec.getG()); - } - - public BCDHPrivateKey( - PrivateKeyInfo info) - throws IOException - { - ASN1Sequence seq = ASN1Sequence.getInstance(info.getPrivateKeyAlgorithm().getParameters()); - ASN1Integer derX = (ASN1Integer)info.parsePrivateKey(); - ASN1ObjectIdentifier id = info.getPrivateKeyAlgorithm().getAlgorithm(); - - this.info = info; - this.x = derX.getValue(); - - if (id.equals(PKCSObjectIdentifiers.dhKeyAgreement)) - { - DHParameter params = DHParameter.getInstance(seq); - - if (params.getL() != null) - { - this.dhSpec = new DHParameterSpec(params.getP(), params.getG(), params.getL().intValue()); - } - else - { - this.dhSpec = new DHParameterSpec(params.getP(), params.getG()); - } - } - else if (id.equals(X9ObjectIdentifiers.dhpublicnumber)) - { - DHDomainParameters params = DHDomainParameters.getInstance(seq); - - this.dhSpec = new DHParameterSpec(params.getP().getValue(), params.getG().getValue()); - } - else - { - throw new IllegalArgumentException("unknown algorithm type: " + id); - } - } - - BCDHPrivateKey( - DHPrivateKeyParameters params) - { - this.x = params.getX(); - this.dhSpec = new DHParameterSpec(params.getParameters().getP(), params.getParameters().getG(), params.getParameters().getL()); - } - - public String getAlgorithm() - { - return "DH"; - } - - /** - * return the encoding format we produce in getEncoded(). - * - * @return the string "PKCS#8" - */ - public String getFormat() - { - return "PKCS#8"; - } - - /** - * Return a PKCS8 representation of the key. The sequence returned - * represents a full PrivateKeyInfo object. - * - * @return a PKCS8 representation of the key. - */ - public byte[] getEncoded() - { - try - { - if (info != null) - { - return info.getEncoded(ASN1Encoding.DER); - } - - PrivateKeyInfo info = new PrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.dhKeyAgreement, new DHParameter(dhSpec.getP(), dhSpec.getG(), dhSpec.getL()).toASN1Primitive()), new ASN1Integer(getX())); - - return info.getEncoded(ASN1Encoding.DER); - } - catch (Exception e) - { - return null; - } - } - - public DHParameterSpec getParams() - { - return dhSpec; - } - - public BigInteger getX() - { - return x; - } - - public boolean equals( - Object o) - { - if (!(o instanceof DHPrivateKey)) - { - return false; - } - - DHPrivateKey other = (DHPrivateKey)o; - - return this.getX().equals(other.getX()) - && this.getParams().getG().equals(other.getParams().getG()) - && this.getParams().getP().equals(other.getParams().getP()) - && this.getParams().getL() == other.getParams().getL(); - } - - public int hashCode() - { - return this.getX().hashCode() ^ this.getParams().getG().hashCode() - ^ this.getParams().getP().hashCode() ^ this.getParams().getL(); - } - - public void setBagAttribute( - ASN1ObjectIdentifier oid, - ASN1Encodable attribute) - { - attrCarrier.setBagAttribute(oid, attribute); - } - - public ASN1Encodable getBagAttribute( - ASN1ObjectIdentifier oid) - { - return attrCarrier.getBagAttribute(oid); - } - - public Enumeration getBagAttributeKeys() - { - return attrCarrier.getBagAttributeKeys(); - } - - private void readObject( - ObjectInputStream in) - throws IOException, ClassNotFoundException - { - in.defaultReadObject(); - - this.dhSpec = new DHParameterSpec((BigInteger)in.readObject(), (BigInteger)in.readObject(), in.readInt()); - this.info = null; - this.attrCarrier = new PKCS12BagAttributeCarrierImpl(); - } - - private void writeObject( - ObjectOutputStream out) - throws IOException - { - out.defaultWriteObject(); - - out.writeObject(dhSpec.getP()); - out.writeObject(dhSpec.getG()); - out.writeInt(dhSpec.getL()); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/BCDHPublicKey.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/BCDHPublicKey.java deleted file mode 100644 index 0697f757..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/BCDHPublicKey.java +++ /dev/null @@ -1,204 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.dh; - -import java.io.IOException; -import java.io.ObjectInputStream; -import java.io.ObjectOutputStream; -import java.math.BigInteger; - -import javax.crypto.interfaces.DHPublicKey; -import javax.crypto.spec.DHParameterSpec; -import javax.crypto.spec.DHPublicKeySpec; - -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.pkcs.DHParameter; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x9.DHDomainParameters; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.crypto.params.DHPublicKeyParameters; -import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; - -public class BCDHPublicKey - implements DHPublicKey -{ - static final long serialVersionUID = -216691575254424324L; - - private BigInteger y; - - private transient DHParameterSpec dhSpec; - private transient SubjectPublicKeyInfo info; - - BCDHPublicKey( - DHPublicKeySpec spec) - { - this.y = spec.getY(); - this.dhSpec = new DHParameterSpec(spec.getP(), spec.getG()); - } - - BCDHPublicKey( - DHPublicKey key) - { - this.y = key.getY(); - this.dhSpec = key.getParams(); - } - - BCDHPublicKey( - DHPublicKeyParameters params) - { - this.y = params.getY(); - this.dhSpec = new DHParameterSpec(params.getParameters().getP(), params.getParameters().getG(), params.getParameters().getL()); - } - - BCDHPublicKey( - BigInteger y, - DHParameterSpec dhSpec) - { - this.y = y; - this.dhSpec = dhSpec; - } - - public BCDHPublicKey( - SubjectPublicKeyInfo info) - { - this.info = info; - - ASN1Integer derY; - try - { - derY = (ASN1Integer)info.parsePublicKey(); - } - catch (IOException e) - { - throw new IllegalArgumentException("invalid info structure in DH public key"); - } - - this.y = derY.getValue(); - - ASN1Sequence seq = ASN1Sequence.getInstance(info.getAlgorithm().getParameters()); - ASN1ObjectIdentifier id = info.getAlgorithm().getAlgorithm(); - - // we need the PKCS check to handle older keys marked with the X9 oid. - if (id.equals(PKCSObjectIdentifiers.dhKeyAgreement) || isPKCSParam(seq)) - { - DHParameter params = DHParameter.getInstance(seq); - - if (params.getL() != null) - { - this.dhSpec = new DHParameterSpec(params.getP(), params.getG(), params.getL().intValue()); - } - else - { - this.dhSpec = new DHParameterSpec(params.getP(), params.getG()); - } - } - else if (id.equals(X9ObjectIdentifiers.dhpublicnumber)) - { - DHDomainParameters params = DHDomainParameters.getInstance(seq); - - this.dhSpec = new DHParameterSpec(params.getP().getValue(), params.getG().getValue()); - } - else - { - throw new IllegalArgumentException("unknown algorithm type: " + id); - } - } - - public String getAlgorithm() - { - return "DH"; - } - - public String getFormat() - { - return "X.509"; - } - - public byte[] getEncoded() - { - if (info != null) - { - return KeyUtil.getEncodedSubjectPublicKeyInfo(info); - } - - return KeyUtil.getEncodedSubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.dhKeyAgreement, new DHParameter(dhSpec.getP(), dhSpec.getG(), dhSpec.getL()).toASN1Primitive()), new ASN1Integer(y)); - } - - public DHParameterSpec getParams() - { - return dhSpec; - } - - public BigInteger getY() - { - return y; - } - - private boolean isPKCSParam(ASN1Sequence seq) - { - if (seq.size() == 2) - { - return true; - } - - if (seq.size() > 3) - { - return false; - } - - ASN1Integer l = ASN1Integer.getInstance(seq.getObjectAt(2)); - ASN1Integer p = ASN1Integer.getInstance(seq.getObjectAt(0)); - - if (l.getValue().compareTo(BigInteger.valueOf(p.getValue().bitLength())) > 0) - { - return false; - } - - return true; - } - - public int hashCode() - { - return this.getY().hashCode() ^ this.getParams().getG().hashCode() - ^ this.getParams().getP().hashCode() ^ this.getParams().getL(); - } - - public boolean equals( - Object o) - { - if (!(o instanceof DHPublicKey)) - { - return false; - } - - DHPublicKey other = (DHPublicKey)o; - - return this.getY().equals(other.getY()) - && this.getParams().getG().equals(other.getParams().getG()) - && this.getParams().getP().equals(other.getParams().getP()) - && this.getParams().getL() == other.getParams().getL(); - } - - private void readObject( - ObjectInputStream in) - throws IOException, ClassNotFoundException - { - in.defaultReadObject(); - - this.dhSpec = new DHParameterSpec((BigInteger)in.readObject(), (BigInteger)in.readObject(), in.readInt()); - this.info = null; - } - - private void writeObject( - ObjectOutputStream out) - throws IOException - { - out.defaultWriteObject(); - - out.writeObject(dhSpec.getP()); - out.writeObject(dhSpec.getG()); - out.writeInt(dhSpec.getL()); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/IESCipher.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/IESCipher.java deleted file mode 100644 index c29ff2dc..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/IESCipher.java +++ /dev/null @@ -1,507 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.dh; - -import java.io.ByteArrayOutputStream; -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.BadPaddingException; -import javax.crypto.Cipher; -import javax.crypto.CipherSpi; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.ShortBufferException; -import javax.crypto.interfaces.DHKey; -import javax.crypto.interfaces.DHPrivateKey; -import javax.crypto.interfaces.DHPublicKey; - -import org.bouncycastle.crypto.InvalidCipherTextException; -import org.bouncycastle.crypto.KeyEncoder; -import org.bouncycastle.crypto.agreement.DHBasicAgreement; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.engines.AESEngine; -import org.bouncycastle.crypto.engines.DESedeEngine; -import org.bouncycastle.crypto.engines.IESEngine; -import org.bouncycastle.crypto.generators.DHKeyPairGenerator; -import org.bouncycastle.crypto.generators.EphemeralKeyPairGenerator; -import org.bouncycastle.crypto.generators.KDF2BytesGenerator; -import org.bouncycastle.crypto.macs.HMac; -import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher; -import org.bouncycastle.crypto.params.AsymmetricKeyParameter; -import org.bouncycastle.crypto.params.DHKeyGenerationParameters; -import org.bouncycastle.crypto.params.DHKeyParameters; -import org.bouncycastle.crypto.params.DHParameters; -import org.bouncycastle.crypto.params.DHPublicKeyParameters; -import org.bouncycastle.crypto.params.IESParameters; -import org.bouncycastle.crypto.params.IESWithCipherParameters; -import org.bouncycastle.crypto.parsers.DHIESPublicKeyParser; -import org.bouncycastle.jcajce.provider.asymmetric.util.DHUtil; -import org.bouncycastle.jcajce.provider.asymmetric.util.IESUtil; -import org.bouncycastle.jce.interfaces.IESKey; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.jce.spec.IESParameterSpec; -import org.bouncycastle.util.BigIntegers; -import org.bouncycastle.util.Strings; - - -public class IESCipher - extends CipherSpi -{ - private IESEngine engine; - private int state = -1; - private ByteArrayOutputStream buffer = new ByteArrayOutputStream(); - private AlgorithmParameters engineParam = null; - private IESParameterSpec engineSpec = null; - private AsymmetricKeyParameter key; - private SecureRandom random; - private boolean dhaesMode = false; - private AsymmetricKeyParameter otherKeyParameter = null; - - public IESCipher(IESEngine engine) - { - this.engine = engine; - } - - - public int engineGetBlockSize() - { - if (engine.getCipher() != null) - { - return engine.getCipher().getBlockSize(); - } - else - { - return 0; - } - } - - - public int engineGetKeySize(Key key) - { - if (key instanceof DHKey) - { - return ((DHKey)key).getParams().getP().bitLength(); - } - else - { - throw new IllegalArgumentException("not a DH key"); - } - } - - - public byte[] engineGetIV() - { - return null; - } - - public AlgorithmParameters engineGetParameters() - { - if (engineParam == null && engineSpec != null) - { - try - { - engineParam = AlgorithmParameters.getInstance("IES", BouncyCastleProvider.PROVIDER_NAME); - engineParam.init(engineSpec); - } - catch (Exception e) - { - throw new RuntimeException(e.toString()); - } - } - - return engineParam; - } - - - public void engineSetMode(String mode) - throws NoSuchAlgorithmException - { - String modeName = Strings.toUpperCase(mode); - - if (modeName.equals("NONE")) - { - dhaesMode = false; - } - else if (modeName.equals("DHAES")) - { - dhaesMode = true; - } - else - { - throw new IllegalArgumentException("can't support mode " + mode); - } - } - - public int engineGetOutputSize(int inputLen) - { - int len1, len2, len3; - - len1 = engine.getMac().getMacSize(); - - if (key != null) - { - len2 = ((DHKey)key).getParams().getP().bitLength() / 8 + 1; - } - else - { - throw new IllegalStateException("cipher not initialised"); - } - - if (engine.getCipher() == null) - { - len3 = inputLen; - } - else if (state == Cipher.ENCRYPT_MODE || state == Cipher.WRAP_MODE) - { - len3 = engine.getCipher().getOutputSize(inputLen); - } - else if (state == Cipher.DECRYPT_MODE || state == Cipher.UNWRAP_MODE) - { - len3 = engine.getCipher().getOutputSize(inputLen - len1 - len2); - } - else - { - throw new IllegalStateException("cipher not initialised"); - } - - if (state == Cipher.ENCRYPT_MODE || state == Cipher.WRAP_MODE) - { - return buffer.size() + len1 + len2 + len3; - } - else if (state == Cipher.DECRYPT_MODE || state == Cipher.UNWRAP_MODE) - { - return buffer.size() - len1 - len2 + len3; - } - else - { - throw new IllegalStateException("IESCipher not initialised"); - } - - } - - public void engineSetPadding(String padding) - throws NoSuchPaddingException - { - String paddingName = Strings.toUpperCase(padding); - - // TDOD: make this meaningful... - if (paddingName.equals("NOPADDING")) - { - - } - else if (paddingName.equals("PKCS5PADDING") || paddingName.equals("PKCS7PADDING")) - { - - } - else - { - throw new NoSuchPaddingException("padding not available with IESCipher"); - } - } - - // Initialisation methods - - public void engineInit( - int opmode, - Key key, - AlgorithmParameters params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - AlgorithmParameterSpec paramSpec = null; - - if (params != null) - { - try - { - paramSpec = params.getParameterSpec(IESParameterSpec.class); - } - catch (Exception e) - { - throw new InvalidAlgorithmParameterException("cannot recognise parameters: " + e.toString()); - } - } - - engineParam = params; - engineInit(opmode, key, paramSpec, random); - } - - - public void engineInit( - int opmode, - Key key, - AlgorithmParameterSpec engineSpec, - SecureRandom random) - throws InvalidAlgorithmParameterException, InvalidKeyException - { - // Use default parameters (including cipher key size) if none are specified - if (engineSpec == null) - { - this.engineSpec = IESUtil.guessParameterSpec(engine); - } - else if (engineSpec instanceof IESParameterSpec) - { - this.engineSpec = (IESParameterSpec)engineSpec; - } - else - { - throw new InvalidAlgorithmParameterException("must be passed IES parameters"); - } - - // Parse the recipient's key - if (opmode == Cipher.ENCRYPT_MODE || opmode == Cipher.WRAP_MODE) - { - if (key instanceof DHPublicKey) - { - this.key = DHUtil.generatePublicKeyParameter((PublicKey)key); - } - else if (key instanceof IESKey) - { - IESKey ieKey = (IESKey)key; - - this.key = DHUtil.generatePublicKeyParameter(ieKey.getPublic()); - this.otherKeyParameter = DHUtil.generatePrivateKeyParameter(ieKey.getPrivate()); - } - else - { - throw new InvalidKeyException("must be passed recipient's public DH key for encryption"); - } - } - else if (opmode == Cipher.DECRYPT_MODE || opmode == Cipher.UNWRAP_MODE) - { - if (key instanceof DHPrivateKey) - { - this.key = DHUtil.generatePrivateKeyParameter((PrivateKey)key); - } - else if (key instanceof IESKey) - { - IESKey ieKey = (IESKey)key; - - this.otherKeyParameter = DHUtil.generatePublicKeyParameter(ieKey.getPublic()); - this.key = DHUtil.generatePrivateKeyParameter(ieKey.getPrivate()); - } - else - { - throw new InvalidKeyException("must be passed recipient's private DH key for decryption"); - } - } - else - { - throw new InvalidKeyException("must be passed EC key"); - } - - this.random = random; - this.state = opmode; - buffer.reset(); - - } - - - public void engineInit( - int opmode, - Key key, - SecureRandom random) - throws InvalidKeyException - { - try - { - engineInit(opmode, key, (AlgorithmParameterSpec)null, random); - } - catch (InvalidAlgorithmParameterException e) - { - throw new IllegalArgumentException("can't handle supplied parameter spec"); - } - - } - - - // Update methods - buffer the input - - public byte[] engineUpdate( - byte[] input, - int inputOffset, - int inputLen) - { - buffer.write(input, inputOffset, inputLen); - return null; - } - - - public int engineUpdate( - byte[] input, - int inputOffset, - int inputLen, - byte[] output, - int outputOffset) - { - buffer.write(input, inputOffset, inputLen); - return 0; - } - - - // Finalisation methods - - public byte[] engineDoFinal( - byte[] input, - int inputOffset, - int inputLen) - throws IllegalBlockSizeException, BadPaddingException - { - if (inputLen != 0) - { - buffer.write(input, inputOffset, inputLen); - } - - byte[] in = buffer.toByteArray(); - buffer.reset(); - - // Convert parameters for use in IESEngine - IESParameters params = new IESWithCipherParameters(engineSpec.getDerivationV(), - engineSpec.getEncodingV(), - engineSpec.getMacKeySize(), - engineSpec.getCipherKeySize()); - - DHParameters dhParams = ((DHKeyParameters)key).getParameters(); - - byte[] V; - if (otherKeyParameter != null) - { - try - { - if (state == Cipher.ENCRYPT_MODE || state == Cipher.WRAP_MODE) - { - engine.init(true, otherKeyParameter, key, params); - } - else - { - engine.init(false, key, otherKeyParameter, params); - } - return engine.processBlock(in, 0, in.length); - } - catch (Exception e) - { - throw new BadPaddingException(e.getMessage()); - } - } - - if (state == Cipher.ENCRYPT_MODE || state == Cipher.WRAP_MODE) - { - // Generate the ephemeral key pair - DHKeyPairGenerator gen = new DHKeyPairGenerator(); - gen.init(new DHKeyGenerationParameters(random, dhParams)); - - EphemeralKeyPairGenerator kGen = new EphemeralKeyPairGenerator(gen, new KeyEncoder() - { - public byte[] getEncoded(AsymmetricKeyParameter keyParameter) - { - byte[] Vloc = new byte[(((DHKeyParameters)keyParameter).getParameters().getP().bitLength() + 7) / 8]; - byte[] Vtmp = BigIntegers.asUnsignedByteArray(((DHPublicKeyParameters)keyParameter).getY()); - - if (Vtmp.length > Vloc.length) - { - throw new IllegalArgumentException("Senders's public key longer than expected."); - } - else - { - System.arraycopy(Vtmp, 0, Vloc, Vloc.length - Vtmp.length, Vtmp.length); - } - - return Vloc; - } - }); - - // Encrypt the buffer - try - { - engine.init(key, params, kGen); - - return engine.processBlock(in, 0, in.length); - } - catch (Exception e) - { - throw new BadPaddingException(e.getMessage()); - } - } - else if (state == Cipher.DECRYPT_MODE || state == Cipher.UNWRAP_MODE) - { - // Decrypt the buffer - try - { - engine.init(key, params, new DHIESPublicKeyParser(((DHKeyParameters)key).getParameters())); - - return engine.processBlock(in, 0, in.length); - } - catch (InvalidCipherTextException e) - { - throw new BadPaddingException(e.getMessage()); - } - } - else - { - throw new IllegalStateException("IESCipher not initialised"); - } - - } - - - public int engineDoFinal( - byte[] input, - int inputOffset, - int inputLength, - byte[] output, - int outputOffset) - throws ShortBufferException, IllegalBlockSizeException, BadPaddingException - { - - byte[] buf = engineDoFinal(input, inputOffset, inputLength); - System.arraycopy(buf, 0, output, outputOffset, buf.length); - return buf.length; - - } - - - /** - * Classes that inherit from us - */ - - static public class IES - extends IESCipher - { - public IES() - { - super(new IESEngine(new DHBasicAgreement(), - new KDF2BytesGenerator(new SHA1Digest()), - new HMac(new SHA1Digest()))); - } - } - - static public class IESwithDESede - extends IESCipher - { - public IESwithDESede() - { - super(new IESEngine(new DHBasicAgreement(), - new KDF2BytesGenerator(new SHA1Digest()), - new HMac(new SHA1Digest()), - new PaddedBufferedBlockCipher(new DESedeEngine()))); - } - } - - static public class IESwithAES - extends IESCipher - { - public IESwithAES() - { - super(new IESEngine(new DHBasicAgreement(), - new KDF2BytesGenerator(new SHA1Digest()), - new HMac(new SHA1Digest()), - new PaddedBufferedBlockCipher(new AESEngine()))); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java deleted file mode 100644 index f2b5314f..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java +++ /dev/null @@ -1,227 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.dh; - -import java.math.BigInteger; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; -import java.util.Hashtable; - -import javax.crypto.SecretKey; -import javax.crypto.ShortBufferException; -import javax.crypto.interfaces.DHPrivateKey; -import javax.crypto.interfaces.DHPublicKey; -import javax.crypto.spec.DHParameterSpec; -import javax.crypto.spec.SecretKeySpec; - -import org.bouncycastle.crypto.params.DESParameters; -import org.bouncycastle.util.Integers; -import org.bouncycastle.util.Strings; - -/** - * Diffie-Hellman key agreement. There's actually a better way of doing this - * if you are using long term public keys, see the light-weight version for - * details. - */ -public class KeyAgreementSpi - extends javax.crypto.KeyAgreementSpi -{ - private BigInteger x; - private BigInteger p; - private BigInteger g; - private BigInteger result; - - private static final Hashtable algorithms = new Hashtable(); - - static - { - Integer i64 = Integers.valueOf(64); - Integer i192 = Integers.valueOf(192); - Integer i128 = Integers.valueOf(128); - Integer i256 = Integers.valueOf(256); - - algorithms.put("DES", i64); - algorithms.put("DESEDE", i192); - algorithms.put("BLOWFISH", i128); - algorithms.put("AES", i256); - } - - private byte[] bigIntToBytes( - BigInteger r) - { - // - // RFC 2631 (2.1.2) specifies that the secret should be padded with leading zeros if necessary - // must be the same length as p - // - int expectedLength = (p.bitLength() + 7) / 8; - - byte[] tmp = r.toByteArray(); - - if (tmp.length == expectedLength) - { - return tmp; - } - - if (tmp[0] == 0 && tmp.length == expectedLength + 1) - { - byte[] rv = new byte[tmp.length - 1]; - - System.arraycopy(tmp, 1, rv, 0, rv.length); - return rv; - } - - // tmp must be shorter than expectedLength - // pad to the left with zeros. - byte[] rv = new byte[expectedLength]; - - System.arraycopy(tmp, 0, rv, rv.length - tmp.length, tmp.length); - - return rv; - } - - protected Key engineDoPhase( - Key key, - boolean lastPhase) - throws InvalidKeyException, IllegalStateException - { - if (x == null) - { - throw new IllegalStateException("Diffie-Hellman not initialised."); - } - - if (!(key instanceof DHPublicKey)) - { - throw new InvalidKeyException("DHKeyAgreement doPhase requires DHPublicKey"); - } - DHPublicKey pubKey = (DHPublicKey)key; - - if (!pubKey.getParams().getG().equals(g) || !pubKey.getParams().getP().equals(p)) - { - throw new InvalidKeyException("DHPublicKey not for this KeyAgreement!"); - } - - if (lastPhase) - { - result = ((DHPublicKey)key).getY().modPow(x, p); - return null; - } - else - { - result = ((DHPublicKey)key).getY().modPow(x, p); - } - - return new BCDHPublicKey(result, pubKey.getParams()); - } - - protected byte[] engineGenerateSecret() - throws IllegalStateException - { - if (x == null) - { - throw new IllegalStateException("Diffie-Hellman not initialised."); - } - - return bigIntToBytes(result); - } - - protected int engineGenerateSecret( - byte[] sharedSecret, - int offset) - throws IllegalStateException, ShortBufferException - { - if (x == null) - { - throw new IllegalStateException("Diffie-Hellman not initialised."); - } - - byte[] secret = bigIntToBytes(result); - - if (sharedSecret.length - offset < secret.length) - { - throw new ShortBufferException("DHKeyAgreement - buffer too short"); - } - - System.arraycopy(secret, 0, sharedSecret, offset, secret.length); - - return secret.length; - } - - protected SecretKey engineGenerateSecret( - String algorithm) - { - if (x == null) - { - throw new IllegalStateException("Diffie-Hellman not initialised."); - } - - String algKey = Strings.toUpperCase(algorithm); - byte[] res = bigIntToBytes(result); - - if (algorithms.containsKey(algKey)) - { - Integer length = (Integer)algorithms.get(algKey); - - byte[] key = new byte[length.intValue() / 8]; - System.arraycopy(res, 0, key, 0, key.length); - - if (algKey.startsWith("DES")) - { - DESParameters.setOddParity(key); - } - - return new SecretKeySpec(key, algorithm); - } - - return new SecretKeySpec(res, algorithm); - } - - protected void engineInit( - Key key, - AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - if (!(key instanceof DHPrivateKey)) - { - throw new InvalidKeyException("DHKeyAgreement requires DHPrivateKey for initialisation"); - } - DHPrivateKey privKey = (DHPrivateKey)key; - - if (params != null) - { - if (!(params instanceof DHParameterSpec)) - { - throw new InvalidAlgorithmParameterException("DHKeyAgreement only accepts DHParameterSpec"); - } - DHParameterSpec p = (DHParameterSpec)params; - - this.p = p.getP(); - this.g = p.getG(); - } - else - { - this.p = privKey.getParams().getP(); - this.g = privKey.getParams().getG(); - } - - this.x = this.result = privKey.getX(); - } - - protected void engineInit( - Key key, - SecureRandom random) - throws InvalidKeyException - { - if (!(key instanceof DHPrivateKey)) - { - throw new InvalidKeyException("DHKeyAgreement requires DHPrivateKey"); - } - - DHPrivateKey privKey = (DHPrivateKey)key; - - this.p = privKey.getParams().getP(); - this.g = privKey.getParams().getG(); - this.x = this.result = privKey.getX(); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyFactorySpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyFactorySpi.java deleted file mode 100644 index 9565bd2d..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyFactorySpi.java +++ /dev/null @@ -1,128 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.dh; - -import java.io.IOException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.KeySpec; - -import javax.crypto.interfaces.DHPrivateKey; -import javax.crypto.interfaces.DHPublicKey; -import javax.crypto.spec.DHPrivateKeySpec; -import javax.crypto.spec.DHPublicKeySpec; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.jcajce.provider.asymmetric.util.BaseKeyFactorySpi; - -public class KeyFactorySpi - extends BaseKeyFactorySpi -{ - public KeyFactorySpi() - { - } - - protected KeySpec engineGetKeySpec( - Key key, - Class spec) - throws InvalidKeySpecException - { - if (spec.isAssignableFrom(DHPrivateKeySpec.class) && key instanceof DHPrivateKey) - { - DHPrivateKey k = (DHPrivateKey)key; - - return new DHPrivateKeySpec(k.getX(), k.getParams().getP(), k.getParams().getG()); - } - else if (spec.isAssignableFrom(DHPublicKeySpec.class) && key instanceof DHPublicKey) - { - DHPublicKey k = (DHPublicKey)key; - - return new DHPublicKeySpec(k.getY(), k.getParams().getP(), k.getParams().getG()); - } - - return super.engineGetKeySpec(key, spec); - } - - protected Key engineTranslateKey( - Key key) - throws InvalidKeyException - { - if (key instanceof DHPublicKey) - { - return new BCDHPublicKey((DHPublicKey)key); - } - else if (key instanceof DHPrivateKey) - { - return new BCDHPrivateKey((DHPrivateKey)key); - } - - throw new InvalidKeyException("key type unknown"); - } - - protected PrivateKey engineGeneratePrivate( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof DHPrivateKeySpec) - { - return new BCDHPrivateKey((DHPrivateKeySpec)keySpec); - } - - return super.engineGeneratePrivate(keySpec); - } - - protected PublicKey engineGeneratePublic( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof DHPublicKeySpec) - { - return new BCDHPublicKey((DHPublicKeySpec)keySpec); - } - - return super.engineGeneratePublic(keySpec); - } - - public PrivateKey generatePrivate(PrivateKeyInfo keyInfo) - throws IOException - { - ASN1ObjectIdentifier algOid = keyInfo.getPrivateKeyAlgorithm().getAlgorithm(); - - if (algOid.equals(PKCSObjectIdentifiers.dhKeyAgreement)) - { - return new BCDHPrivateKey(keyInfo); - } - else if (algOid.equals(X9ObjectIdentifiers.dhpublicnumber)) - { - return new BCDHPrivateKey(keyInfo); - } - else - { - throw new IOException("algorithm identifier " + algOid + " in key not recognised"); - } - } - - public PublicKey generatePublic(SubjectPublicKeyInfo keyInfo) - throws IOException - { - ASN1ObjectIdentifier algOid = keyInfo.getAlgorithm().getAlgorithm(); - - if (algOid.equals(PKCSObjectIdentifiers.dhKeyAgreement)) - { - return new BCDHPublicKey(keyInfo); - } - else if (algOid.equals(X9ObjectIdentifiers.dhpublicnumber)) - { - return new BCDHPublicKey(keyInfo); - } - else - { - throw new IOException("algorithm identifier " + algOid + " in key not recognised"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java deleted file mode 100644 index 48da0203..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java +++ /dev/null @@ -1,119 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.dh; - -import java.security.InvalidAlgorithmParameterException; -import java.security.KeyPair; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; -import java.util.Hashtable; - -import javax.crypto.spec.DHParameterSpec; - -import org.bouncycastle.crypto.AsymmetricCipherKeyPair; -import org.bouncycastle.crypto.generators.DHBasicKeyPairGenerator; -import org.bouncycastle.crypto.generators.DHParametersGenerator; -import org.bouncycastle.crypto.params.DHKeyGenerationParameters; -import org.bouncycastle.crypto.params.DHParameters; -import org.bouncycastle.crypto.params.DHPrivateKeyParameters; -import org.bouncycastle.crypto.params.DHPublicKeyParameters; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.util.Integers; - -public class KeyPairGeneratorSpi - extends java.security.KeyPairGenerator -{ - private static Hashtable params = new Hashtable(); - private static Object lock = new Object(); - - DHKeyGenerationParameters param; - DHBasicKeyPairGenerator engine = new DHBasicKeyPairGenerator(); - int strength = 1024; - int certainty = 20; - SecureRandom random = new SecureRandom(); - boolean initialised = false; - - public KeyPairGeneratorSpi() - { - super("DH"); - } - - public void initialize( - int strength, - SecureRandom random) - { - this.strength = strength; - this.random = random; - } - - public void initialize( - AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - if (!(params instanceof DHParameterSpec)) - { - throw new InvalidAlgorithmParameterException("parameter object not a DHParameterSpec"); - } - DHParameterSpec dhParams = (DHParameterSpec)params; - - param = new DHKeyGenerationParameters(random, new DHParameters(dhParams.getP(), dhParams.getG(), null, dhParams.getL())); - - engine.init(param); - initialised = true; - } - - public KeyPair generateKeyPair() - { - if (!initialised) - { - Integer paramStrength = Integers.valueOf(strength); - - if (params.containsKey(paramStrength)) - { - param = (DHKeyGenerationParameters)params.get(paramStrength); - } - else - { - DHParameterSpec dhParams = BouncyCastleProvider.CONFIGURATION.getDHDefaultParameters(strength); - - if (dhParams != null) - { - param = new DHKeyGenerationParameters(random, new DHParameters(dhParams.getP(), dhParams.getG(), null, dhParams.getL())); - } - else - { - synchronized (lock) - { - // we do the check again in case we were blocked by a generator for - // our key size. - if (params.containsKey(paramStrength)) - { - param = (DHKeyGenerationParameters)params.get(paramStrength); - } - else - { - - DHParametersGenerator pGen = new DHParametersGenerator(); - - pGen.init(strength, certainty, random); - - param = new DHKeyGenerationParameters(random, pGen.generateParameters()); - - params.put(paramStrength, param); - } - } - } - } - - engine.init(param); - - initialised = true; - } - - AsymmetricCipherKeyPair pair = engine.generateKeyPair(); - DHPublicKeyParameters pub = (DHPublicKeyParameters)pair.getPublic(); - DHPrivateKeyParameters priv = (DHPrivateKeyParameters)pair.getPrivate(); - - return new KeyPair(new BCDHPublicKey(pub), - new BCDHPrivateKey(priv)); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParameterGeneratorSpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParameterGeneratorSpi.java deleted file mode 100644 index d850e5de..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParameterGeneratorSpi.java +++ /dev/null @@ -1,103 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.dsa; - -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidParameterException; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.DSAParameterSpec; - -import org.bouncycastle.crypto.digests.SHA256Digest; -import org.bouncycastle.crypto.generators.DSAParametersGenerator; -import org.bouncycastle.crypto.params.DSAParameterGenerationParameters; -import org.bouncycastle.crypto.params.DSAParameters; -import org.bouncycastle.jce.provider.BouncyCastleProvider; - -public class AlgorithmParameterGeneratorSpi - extends java.security.AlgorithmParameterGeneratorSpi -{ - protected SecureRandom random; - protected int strength = 1024; - protected DSAParameterGenerationParameters params; - - protected void engineInit( - int strength, - SecureRandom random) - { - if (strength < 512 || strength > 3072) - { - throw new InvalidParameterException("strength must be from 512 - 3072"); - } - - if (strength <= 1024 && strength % 64 != 0) - { - throw new InvalidParameterException("strength must be a multiple of 64 below 1024 bits."); - } - - if (strength > 1024 && strength % 1024 != 0) - { - throw new InvalidParameterException("strength must be a multiple of 1024 above 1024 bits."); - } - - this.strength = strength; - this.random = random; - } - - protected void engineInit( - AlgorithmParameterSpec genParamSpec, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DSA parameter generation."); - } - - protected AlgorithmParameters engineGenerateParameters() - { - DSAParametersGenerator pGen; - - if (strength <= 1024) - { - pGen = new DSAParametersGenerator(); - } - else - { - pGen = new DSAParametersGenerator(new SHA256Digest()); - } - - if (random == null) - { - random = new SecureRandom(); - } - - if (strength == 1024) - { - params = new DSAParameterGenerationParameters(1024, 160, 80, random); - pGen.init(params); - } - else if (strength > 1024) - { - params = new DSAParameterGenerationParameters(strength, 256, 80, random); - pGen.init(params); - } - else - { - pGen.init(strength, 20, random); - } - - DSAParameters p = pGen.generateParameters(); - - AlgorithmParameters params; - - try - { - params = AlgorithmParameters.getInstance("DSA", BouncyCastleProvider.PROVIDER_NAME); - params.init(new DSAParameterSpec(p.getP(), p.getQ(), p.getG())); - } - catch (Exception e) - { - throw new RuntimeException(e.getMessage()); - } - - return params; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParametersSpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParametersSpi.java deleted file mode 100644 index 61fa33c6..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParametersSpi.java +++ /dev/null @@ -1,132 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.dsa; - -import java.io.IOException; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.DSAParameterSpec; -import java.security.spec.InvalidParameterSpecException; - -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.x509.DSAParameter; - -public class AlgorithmParametersSpi - extends java.security.AlgorithmParametersSpi -{ - DSAParameterSpec currentSpec; - - protected boolean isASN1FormatString(String format) - { - return format == null || format.equals("ASN.1"); - } - - protected AlgorithmParameterSpec engineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == null) - { - throw new NullPointerException("argument to getParameterSpec must not be null"); - } - - return localEngineGetParameterSpec(paramSpec); - } - - /** - * Return the X.509 ASN.1 structure DSAParameter. - * <p/> - * <pre> - * DSAParameter ::= SEQUENCE { - * prime INTEGER, -- p - * subprime INTEGER, -- q - * base INTEGER, -- g} - * </pre> - */ - protected byte[] engineGetEncoded() - { - DSAParameter dsaP = new DSAParameter(currentSpec.getP(), currentSpec.getQ(), currentSpec.getG()); - - try - { - return dsaP.getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - throw new RuntimeException("Error encoding DSAParameters"); - } - } - - protected byte[] engineGetEncoded( - String format) - { - if (isASN1FormatString(format)) - { - return engineGetEncoded(); - } - - return null; - } - - protected AlgorithmParameterSpec localEngineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == DSAParameterSpec.class) - { - return currentSpec; - } - - throw new InvalidParameterSpecException("unknown parameter spec passed to DSA parameters object."); - } - - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (!(paramSpec instanceof DSAParameterSpec)) - { - throw new InvalidParameterSpecException("DSAParameterSpec required to initialise a DSA algorithm parameters object"); - } - - this.currentSpec = (DSAParameterSpec)paramSpec; - } - - protected void engineInit( - byte[] params) - throws IOException - { - try - { - DSAParameter dsaP = DSAParameter.getInstance(ASN1Primitive.fromByteArray(params)); - - currentSpec = new DSAParameterSpec(dsaP.getP(), dsaP.getQ(), dsaP.getG()); - } - catch (ClassCastException e) - { - throw new IOException("Not a valid DSA Parameter encoding."); - } - catch (ArrayIndexOutOfBoundsException e) - { - throw new IOException("Not a valid DSA Parameter encoding."); - } - } - - protected void engineInit( - byte[] params, - String format) - throws IOException - { - if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) - { - engineInit(params); - } - else - { - throw new IOException("Unknown parameter format " + format); - } - } - - protected String engineToString() - { - return "DSA Parameters"; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/BCDSAPrivateKey.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/BCDSAPrivateKey.java deleted file mode 100644 index 0fb4bd9e..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/BCDSAPrivateKey.java +++ /dev/null @@ -1,167 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.dsa; - -import java.io.IOException; -import java.io.ObjectInputStream; -import java.io.ObjectOutputStream; -import java.math.BigInteger; -import java.security.interfaces.DSAParams; -import java.security.interfaces.DSAPrivateKey; -import java.security.spec.DSAParameterSpec; -import java.security.spec.DSAPrivateKeySpec; -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.DSAParameter; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.crypto.params.DSAPrivateKeyParameters; -import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; -import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl; -import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; - -public class BCDSAPrivateKey - implements DSAPrivateKey, PKCS12BagAttributeCarrier -{ - private static final long serialVersionUID = -4677259546958385734L; - - private BigInteger x; - private transient DSAParams dsaSpec; - - private transient PKCS12BagAttributeCarrierImpl attrCarrier = new PKCS12BagAttributeCarrierImpl(); - - protected BCDSAPrivateKey() - { - } - - BCDSAPrivateKey( - DSAPrivateKey key) - { - this.x = key.getX(); - this.dsaSpec = key.getParams(); - } - - BCDSAPrivateKey( - DSAPrivateKeySpec spec) - { - this.x = spec.getX(); - this.dsaSpec = new DSAParameterSpec(spec.getP(), spec.getQ(), spec.getG()); - } - - public BCDSAPrivateKey( - PrivateKeyInfo info) - throws IOException - { - DSAParameter params = DSAParameter.getInstance(info.getPrivateKeyAlgorithm().getParameters()); - ASN1Integer derX = (ASN1Integer)info.parsePrivateKey(); - - this.x = derX.getValue(); - this.dsaSpec = new DSAParameterSpec(params.getP(), params.getQ(), params.getG()); - } - - BCDSAPrivateKey( - DSAPrivateKeyParameters params) - { - this.x = params.getX(); - this.dsaSpec = new DSAParameterSpec(params.getParameters().getP(), params.getParameters().getQ(), params.getParameters().getG()); - } - - public String getAlgorithm() - { - return "DSA"; - } - - /** - * return the encoding format we produce in getEncoded(). - * - * @return the string "PKCS#8" - */ - public String getFormat() - { - return "PKCS#8"; - } - - /** - * Return a PKCS8 representation of the key. The sequence returned - * represents a full PrivateKeyInfo object. - * - * @return a PKCS8 representation of the key. - */ - public byte[] getEncoded() - { - return KeyUtil.getEncodedPrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa, new DSAParameter(dsaSpec.getP(), dsaSpec.getQ(), dsaSpec.getG()).toASN1Primitive()), new ASN1Integer(getX())); - } - - public DSAParams getParams() - { - return dsaSpec; - } - - public BigInteger getX() - { - return x; - } - - public boolean equals( - Object o) - { - if (!(o instanceof DSAPrivateKey)) - { - return false; - } - - DSAPrivateKey other = (DSAPrivateKey)o; - - return this.getX().equals(other.getX()) - && this.getParams().getG().equals(other.getParams().getG()) - && this.getParams().getP().equals(other.getParams().getP()) - && this.getParams().getQ().equals(other.getParams().getQ()); - } - - public int hashCode() - { - return this.getX().hashCode() ^ this.getParams().getG().hashCode() - ^ this.getParams().getP().hashCode() ^ this.getParams().getQ().hashCode(); - } - - public void setBagAttribute( - ASN1ObjectIdentifier oid, - ASN1Encodable attribute) - { - attrCarrier.setBagAttribute(oid, attribute); - } - - public ASN1Encodable getBagAttribute( - ASN1ObjectIdentifier oid) - { - return attrCarrier.getBagAttribute(oid); - } - - public Enumeration getBagAttributeKeys() - { - return attrCarrier.getBagAttributeKeys(); - } - - private void readObject( - ObjectInputStream in) - throws IOException, ClassNotFoundException - { - in.defaultReadObject(); - - this.dsaSpec = new DSAParameterSpec((BigInteger)in.readObject(), (BigInteger)in.readObject(), (BigInteger)in.readObject()); - this.attrCarrier = new PKCS12BagAttributeCarrierImpl(); - } - - private void writeObject( - ObjectOutputStream out) - throws IOException - { - out.defaultWriteObject(); - - out.writeObject(dsaSpec.getP()); - out.writeObject(dsaSpec.getQ()); - out.writeObject(dsaSpec.getG()); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/BCDSAPublicKey.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/BCDSAPublicKey.java deleted file mode 100644 index e66330b3..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/BCDSAPublicKey.java +++ /dev/null @@ -1,171 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.dsa; - -import java.io.IOException; -import java.io.ObjectInputStream; -import java.io.ObjectOutputStream; -import java.math.BigInteger; -import java.security.interfaces.DSAParams; -import java.security.interfaces.DSAPublicKey; -import java.security.spec.DSAParameterSpec; -import java.security.spec.DSAPublicKeySpec; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.DSAParameter; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.crypto.params.DSAPublicKeyParameters; -import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; - -public class BCDSAPublicKey - implements DSAPublicKey -{ - private static final long serialVersionUID = 1752452449903495175L; - - private BigInteger y; - private transient DSAParams dsaSpec; - - BCDSAPublicKey( - DSAPublicKeySpec spec) - { - this.y = spec.getY(); - this.dsaSpec = new DSAParameterSpec(spec.getP(), spec.getQ(), spec.getG()); - } - - BCDSAPublicKey( - DSAPublicKey key) - { - this.y = key.getY(); - this.dsaSpec = key.getParams(); - } - - BCDSAPublicKey( - DSAPublicKeyParameters params) - { - this.y = params.getY(); - this.dsaSpec = new DSAParameterSpec(params.getParameters().getP(), params.getParameters().getQ(), params.getParameters().getG()); - } - - BCDSAPublicKey( - BigInteger y, - DSAParameterSpec dsaSpec) - { - this.y = y; - this.dsaSpec = dsaSpec; - } - - public BCDSAPublicKey( - SubjectPublicKeyInfo info) - { - - ASN1Integer derY; - - try - { - derY = (ASN1Integer)info.parsePublicKey(); - } - catch (IOException e) - { - throw new IllegalArgumentException("invalid info structure in DSA public key"); - } - - this.y = derY.getValue(); - - if (isNotNull(info.getAlgorithm().getParameters())) - { - DSAParameter params = DSAParameter.getInstance(info.getAlgorithm().getParameters()); - - this.dsaSpec = new DSAParameterSpec(params.getP(), params.getQ(), params.getG()); - } - } - - private boolean isNotNull(ASN1Encodable parameters) - { - return parameters != null && !DERNull.INSTANCE.equals(parameters.toASN1Primitive()); - } - - public String getAlgorithm() - { - return "DSA"; - } - - public String getFormat() - { - return "X.509"; - } - - public byte[] getEncoded() - { - if (dsaSpec == null) - { - return KeyUtil.getEncodedSubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa), new ASN1Integer(y)); - } - - return KeyUtil.getEncodedSubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa, new DSAParameter(dsaSpec.getP(), dsaSpec.getQ(), dsaSpec.getG()).toASN1Primitive()), new ASN1Integer(y)); - } - - public DSAParams getParams() - { - return dsaSpec; - } - - public BigInteger getY() - { - return y; - } - - public String toString() - { - StringBuffer buf = new StringBuffer(); - String nl = System.getProperty("line.separator"); - - buf.append("DSA Public Key").append(nl); - buf.append(" y: ").append(this.getY().toString(16)).append(nl); - - return buf.toString(); - } - - public int hashCode() - { - return this.getY().hashCode() ^ this.getParams().getG().hashCode() - ^ this.getParams().getP().hashCode() ^ this.getParams().getQ().hashCode(); - } - - public boolean equals( - Object o) - { - if (!(o instanceof DSAPublicKey)) - { - return false; - } - - DSAPublicKey other = (DSAPublicKey)o; - - return this.getY().equals(other.getY()) - && this.getParams().getG().equals(other.getParams().getG()) - && this.getParams().getP().equals(other.getParams().getP()) - && this.getParams().getQ().equals(other.getParams().getQ()); - } - - private void readObject( - ObjectInputStream in) - throws IOException, ClassNotFoundException - { - in.defaultReadObject(); - - this.dsaSpec = new DSAParameterSpec((BigInteger)in.readObject(), (BigInteger)in.readObject(), (BigInteger)in.readObject()); - } - - private void writeObject( - ObjectOutputStream out) - throws IOException - { - out.defaultWriteObject(); - - out.writeObject(dsaSpec.getP()); - out.writeObject(dsaSpec.getQ()); - out.writeObject(dsaSpec.getG()); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java deleted file mode 100644 index ade49b3d..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java +++ /dev/null @@ -1,313 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.dsa; - -import java.io.IOException; -import java.math.BigInteger; -import java.security.InvalidKeyException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.SignatureException; -import java.security.SignatureSpi; -import java.security.interfaces.DSAKey; -import java.security.spec.AlgorithmParameterSpec; - -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DSA; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.NullDigest; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.digests.SHA224Digest; -import org.bouncycastle.crypto.digests.SHA256Digest; -import org.bouncycastle.crypto.digests.SHA384Digest; -import org.bouncycastle.crypto.digests.SHA512Digest; -import org.bouncycastle.crypto.params.ParametersWithRandom; -import org.bouncycastle.crypto.signers.HMacDSAKCalculator; - -public class DSASigner - extends SignatureSpi - implements PKCSObjectIdentifiers, X509ObjectIdentifiers -{ - private Digest digest; - private DSA signer; - private SecureRandom random; - - protected DSASigner( - Digest digest, - DSA signer) - { - this.digest = digest; - this.signer = signer; - } - - protected void engineInitVerify( - PublicKey publicKey) - throws InvalidKeyException - { - CipherParameters param; - - if (publicKey instanceof DSAKey) - { - param = DSAUtil.generatePublicKeyParameter(publicKey); - } - else - { - try - { - byte[] bytes = publicKey.getEncoded(); - - publicKey = new BCDSAPublicKey(SubjectPublicKeyInfo.getInstance(bytes)); - - if (publicKey instanceof DSAKey) - { - param = DSAUtil.generatePublicKeyParameter(publicKey); - } - else - { - throw new InvalidKeyException("can't recognise key type in DSA based signer"); - } - } - catch (Exception e) - { - throw new InvalidKeyException("can't recognise key type in DSA based signer"); - } - } - - digest.reset(); - signer.init(false, param); - } - - protected void engineInitSign( - PrivateKey privateKey, - SecureRandom random) - throws InvalidKeyException - { - this.random = random; - engineInitSign(privateKey); - } - - protected void engineInitSign( - PrivateKey privateKey) - throws InvalidKeyException - { - CipherParameters param; - - param = DSAUtil.generatePrivateKeyParameter(privateKey); - - if (random != null) - { - param = new ParametersWithRandom(param, random); - } - - digest.reset(); - signer.init(true, param); - } - - protected void engineUpdate( - byte b) - throws SignatureException - { - digest.update(b); - } - - protected void engineUpdate( - byte[] b, - int off, - int len) - throws SignatureException - { - digest.update(b, off, len); - } - - protected byte[] engineSign() - throws SignatureException - { - byte[] hash = new byte[digest.getDigestSize()]; - - digest.doFinal(hash, 0); - - try - { - BigInteger[] sig = signer.generateSignature(hash); - - return derEncode(sig[0], sig[1]); - } - catch (Exception e) - { - throw new SignatureException(e.toString()); - } - } - - protected boolean engineVerify( - byte[] sigBytes) - throws SignatureException - { - byte[] hash = new byte[digest.getDigestSize()]; - - digest.doFinal(hash, 0); - - BigInteger[] sig; - - try - { - sig = derDecode(sigBytes); - } - catch (Exception e) - { - throw new SignatureException("error decoding signature bytes."); - } - - return signer.verifySignature(hash, sig[0], sig[1]); - } - - protected void engineSetParameter( - AlgorithmParameterSpec params) - { - throw new UnsupportedOperationException("engineSetParameter unsupported"); - } - - /** - * @deprecated replaced with <a href = "#engineSetParameter(java.security.spec.AlgorithmParameterSpec)"> - */ - protected void engineSetParameter( - String param, - Object value) - { - throw new UnsupportedOperationException("engineSetParameter unsupported"); - } - - /** - * @deprecated - */ - protected Object engineGetParameter( - String param) - { - throw new UnsupportedOperationException("engineSetParameter unsupported"); - } - - private byte[] derEncode( - BigInteger r, - BigInteger s) - throws IOException - { - ASN1Integer[] rs = new ASN1Integer[]{ new ASN1Integer(r), new ASN1Integer(s) }; - return new DERSequence(rs).getEncoded(ASN1Encoding.DER); - } - - private BigInteger[] derDecode( - byte[] encoding) - throws IOException - { - ASN1Sequence s = (ASN1Sequence)ASN1Primitive.fromByteArray(encoding); - return new BigInteger[]{ - ((ASN1Integer)s.getObjectAt(0)).getValue(), - ((ASN1Integer)s.getObjectAt(1)).getValue() - }; - } - - static public class stdDSA - extends DSASigner - { - public stdDSA() - { - super(new SHA1Digest(), new org.bouncycastle.crypto.signers.DSASigner()); - } - } - - static public class detDSA - extends DSASigner - { - public detDSA() - { - super(new SHA1Digest(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(new SHA1Digest()))); - } - } - - static public class dsa224 - extends DSASigner - { - public dsa224() - { - super(new SHA224Digest(), new org.bouncycastle.crypto.signers.DSASigner()); - } - } - - static public class detDSA224 - extends DSASigner - { - public detDSA224() - { - super(new SHA224Digest(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(new SHA224Digest()))); - } - } - - static public class dsa256 - extends DSASigner - { - public dsa256() - { - super(new SHA256Digest(), new org.bouncycastle.crypto.signers.DSASigner()); - } - } - - static public class detDSA256 - extends DSASigner - { - public detDSA256() - { - super(new SHA256Digest(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(new SHA256Digest()))); - } - } - - static public class dsa384 - extends DSASigner - { - public dsa384() - { - super(new SHA384Digest(), new org.bouncycastle.crypto.signers.DSASigner()); - } - } - - static public class detDSA384 - extends DSASigner - { - public detDSA384() - { - super(new SHA384Digest(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(new SHA384Digest()))); - } - } - - static public class dsa512 - extends DSASigner - { - public dsa512() - { - super(new SHA512Digest(), new org.bouncycastle.crypto.signers.DSASigner()); - } - } - - static public class detDSA512 - extends DSASigner - { - public detDSA512() - { - super(new SHA512Digest(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(new SHA512Digest()))); - } - } - - static public class noneDSA - extends DSASigner - { - public noneDSA() - { - super(new NullDigest(), new org.bouncycastle.crypto.signers.DSASigner()); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.java deleted file mode 100644 index 5e940ec1..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.java +++ /dev/null @@ -1,72 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.dsa; - -import java.security.InvalidKeyException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.interfaces.DSAPrivateKey; -import java.security.interfaces.DSAPublicKey; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.crypto.params.AsymmetricKeyParameter; -import org.bouncycastle.crypto.params.DSAParameters; -import org.bouncycastle.crypto.params.DSAPrivateKeyParameters; -import org.bouncycastle.crypto.params.DSAPublicKeyParameters; - -/** - * utility class for converting jce/jca DSA objects - * objects into their org.bouncycastle.crypto counterparts. - */ -public class DSAUtil -{ - public static final ASN1ObjectIdentifier[] dsaOids = - { - X9ObjectIdentifiers.id_dsa, - OIWObjectIdentifiers.dsaWithSHA1 - }; - - public static boolean isDsaOid( - ASN1ObjectIdentifier algOid) - { - for (int i = 0; i != dsaOids.length; i++) - { - if (algOid.equals(dsaOids[i])) - { - return true; - } - } - - return false; - } - - static public AsymmetricKeyParameter generatePublicKeyParameter( - PublicKey key) - throws InvalidKeyException - { - if (key instanceof DSAPublicKey) - { - DSAPublicKey k = (DSAPublicKey)key; - - return new DSAPublicKeyParameters(k.getY(), - new DSAParameters(k.getParams().getP(), k.getParams().getQ(), k.getParams().getG())); - } - - throw new InvalidKeyException("can't identify DSA public key: " + key.getClass().getName()); - } - - static public AsymmetricKeyParameter generatePrivateKeyParameter( - PrivateKey key) - throws InvalidKeyException - { - if (key instanceof DSAPrivateKey) - { - DSAPrivateKey k = (DSAPrivateKey)key; - - return new DSAPrivateKeyParameters(k.getX(), - new DSAParameters(k.getParams().getP(), k.getParams().getQ(), k.getParams().getG())); - } - - throw new InvalidKeyException("can't identify DSA private key."); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/KeyFactorySpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/KeyFactorySpi.java deleted file mode 100644 index a36f3dd7..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/KeyFactorySpi.java +++ /dev/null @@ -1,117 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.dsa; - -import java.io.IOException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.interfaces.DSAPrivateKey; -import java.security.interfaces.DSAPublicKey; -import java.security.spec.DSAPrivateKeySpec; -import java.security.spec.DSAPublicKeySpec; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.KeySpec; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.jcajce.provider.asymmetric.util.BaseKeyFactorySpi; - -public class KeyFactorySpi - extends BaseKeyFactorySpi -{ - public KeyFactorySpi() - { - } - - protected KeySpec engineGetKeySpec( - Key key, - Class spec) - throws InvalidKeySpecException - { - if (spec.isAssignableFrom(DSAPublicKeySpec.class) && key instanceof DSAPublicKey) - { - DSAPublicKey k = (DSAPublicKey)key; - - return new DSAPublicKeySpec(k.getY(), k.getParams().getP(), k.getParams().getQ(), k.getParams().getG()); - } - else if (spec.isAssignableFrom(DSAPrivateKeySpec.class) && key instanceof java.security.interfaces.DSAPrivateKey) - { - java.security.interfaces.DSAPrivateKey k = (java.security.interfaces.DSAPrivateKey)key; - - return new DSAPrivateKeySpec(k.getX(), k.getParams().getP(), k.getParams().getQ(), k.getParams().getG()); - } - - return super.engineGetKeySpec(key, spec); - } - - protected Key engineTranslateKey( - Key key) - throws InvalidKeyException - { - if (key instanceof DSAPublicKey) - { - return new BCDSAPublicKey((DSAPublicKey)key); - } - else if (key instanceof DSAPrivateKey) - { - return new BCDSAPrivateKey((DSAPrivateKey)key); - } - - throw new InvalidKeyException("key type unknown"); - } - - public PrivateKey generatePrivate(PrivateKeyInfo keyInfo) - throws IOException - { - ASN1ObjectIdentifier algOid = keyInfo.getPrivateKeyAlgorithm().getAlgorithm(); - - if (DSAUtil.isDsaOid(algOid)) - { - return new BCDSAPrivateKey(keyInfo); - } - else - { - throw new IOException("algorithm identifier " + algOid + " in key not recognised"); - } - } - - public PublicKey generatePublic(SubjectPublicKeyInfo keyInfo) - throws IOException - { - ASN1ObjectIdentifier algOid = keyInfo.getAlgorithm().getAlgorithm(); - - if (DSAUtil.isDsaOid(algOid)) - { - return new BCDSAPublicKey(keyInfo); - } - else - { - throw new IOException("algorithm identifier " + algOid + " in key not recognised"); - } - } - - protected PrivateKey engineGeneratePrivate( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof DSAPrivateKeySpec) - { - return new BCDSAPrivateKey((DSAPrivateKeySpec)keySpec); - } - - return super.engineGeneratePrivate(keySpec); - } - - protected PublicKey engineGeneratePublic( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof DSAPublicKeySpec) - { - return new BCDSAPublicKey((DSAPublicKeySpec)keySpec); - } - - return super.engineGeneratePublic(keySpec); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/KeyPairGeneratorSpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/KeyPairGeneratorSpi.java deleted file mode 100644 index d2c2c712..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/KeyPairGeneratorSpi.java +++ /dev/null @@ -1,82 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.dsa; - -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidParameterException; -import java.security.KeyPair; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.DSAParameterSpec; - -import org.bouncycastle.crypto.AsymmetricCipherKeyPair; -import org.bouncycastle.crypto.generators.DSAKeyPairGenerator; -import org.bouncycastle.crypto.generators.DSAParametersGenerator; -import org.bouncycastle.crypto.params.DSAKeyGenerationParameters; -import org.bouncycastle.crypto.params.DSAParameters; -import org.bouncycastle.crypto.params.DSAPrivateKeyParameters; -import org.bouncycastle.crypto.params.DSAPublicKeyParameters; - -public class KeyPairGeneratorSpi - extends java.security.KeyPairGenerator -{ - DSAKeyGenerationParameters param; - DSAKeyPairGenerator engine = new DSAKeyPairGenerator(); - int strength = 1024; - int certainty = 20; - SecureRandom random = new SecureRandom(); - boolean initialised = false; - - public KeyPairGeneratorSpi() - { - super("DSA"); - } - - public void initialize( - int strength, - SecureRandom random) - { - if (strength < 512 || strength > 4096 || ((strength < 1024) && strength % 64 != 0) || (strength >= 1024 && strength % 1024 != 0)) - { - throw new InvalidParameterException("strength must be from 512 - 4096 and a multiple of 1024 above 1024"); - } - - this.strength = strength; - this.random = random; - } - - public void initialize( - AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - if (!(params instanceof DSAParameterSpec)) - { - throw new InvalidAlgorithmParameterException("parameter object not a DSAParameterSpec"); - } - DSAParameterSpec dsaParams = (DSAParameterSpec)params; - - param = new DSAKeyGenerationParameters(random, new DSAParameters(dsaParams.getP(), dsaParams.getQ(), dsaParams.getG())); - - engine.init(param); - initialised = true; - } - - public KeyPair generateKeyPair() - { - if (!initialised) - { - DSAParametersGenerator pGen = new DSAParametersGenerator(); - - pGen.init(strength, certainty, random); - param = new DSAKeyGenerationParameters(random, pGen.generateParameters()); - engine.init(param); - initialised = true; - } - - AsymmetricCipherKeyPair pair = engine.generateKeyPair(); - DSAPublicKeyParameters pub = (DSAPublicKeyParameters)pair.getPublic(); - DSAPrivateKeyParameters priv = (DSAPrivateKeyParameters)pair.getPrivate(); - - return new KeyPair(new BCDSAPublicKey(pub), - new BCDSAPrivateKey(priv)); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dstu/BCDSTU4145PrivateKey.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dstu/BCDSTU4145PrivateKey.java deleted file mode 100644 index 67b151e3..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dstu/BCDSTU4145PrivateKey.java +++ /dev/null @@ -1,467 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.dstu; - -import java.io.IOException; -import java.io.ObjectInputStream; -import java.io.ObjectOutputStream; -import java.math.BigInteger; -import java.security.interfaces.ECPrivateKey; -import java.security.spec.ECParameterSpec; -import java.security.spec.ECPoint; -import java.security.spec.ECPrivateKeySpec; -import java.security.spec.EllipticCurve; -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.ua.DSTU4145NamedCurves; -import org.bouncycastle.asn1.ua.UAObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x9.X962Parameters; -import org.bouncycastle.asn1.x9.X9ECParameters; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.crypto.params.ECDomainParameters; -import org.bouncycastle.crypto.params.ECPrivateKeyParameters; -import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; -import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; -import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl; -import org.bouncycastle.jce.interfaces.ECPointEncoder; -import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.jce.spec.ECNamedCurveSpec; -import org.bouncycastle.math.ec.ECCurve; - -public class BCDSTU4145PrivateKey - implements ECPrivateKey, org.bouncycastle.jce.interfaces.ECPrivateKey, PKCS12BagAttributeCarrier, ECPointEncoder -{ - static final long serialVersionUID = 7245981689601667138L; - - private String algorithm = "DSTU4145"; - private boolean withCompression; - - private transient BigInteger d; - private transient ECParameterSpec ecSpec; - private transient DERBitString publicKey; - private transient PKCS12BagAttributeCarrierImpl attrCarrier = new PKCS12BagAttributeCarrierImpl(); - - protected BCDSTU4145PrivateKey() - { - } - - public BCDSTU4145PrivateKey( - ECPrivateKey key) - { - this.d = key.getS(); - this.algorithm = key.getAlgorithm(); - this.ecSpec = key.getParams(); - } - - public BCDSTU4145PrivateKey( - org.bouncycastle.jce.spec.ECPrivateKeySpec spec) - { - this.d = spec.getD(); - - if (spec.getParams() != null) // can be null if implicitlyCA - { - ECCurve curve = spec.getParams().getCurve(); - EllipticCurve ellipticCurve; - - ellipticCurve = EC5Util.convertCurve(curve, spec.getParams().getSeed()); - - this.ecSpec = EC5Util.convertSpec(ellipticCurve, spec.getParams()); - } - else - { - this.ecSpec = null; - } - } - - - public BCDSTU4145PrivateKey( - ECPrivateKeySpec spec) - { - this.d = spec.getS(); - this.ecSpec = spec.getParams(); - } - - public BCDSTU4145PrivateKey( - BCDSTU4145PrivateKey key) - { - this.d = key.d; - this.ecSpec = key.ecSpec; - this.withCompression = key.withCompression; - this.attrCarrier = key.attrCarrier; - this.publicKey = key.publicKey; - } - - public BCDSTU4145PrivateKey( - String algorithm, - ECPrivateKeyParameters params, - BCDSTU4145PublicKey pubKey, - ECParameterSpec spec) - { - ECDomainParameters dp = params.getParameters(); - - this.algorithm = algorithm; - this.d = params.getD(); - - if (spec == null) - { - EllipticCurve ellipticCurve = EC5Util.convertCurve(dp.getCurve(), dp.getSeed()); - - this.ecSpec = new ECParameterSpec( - ellipticCurve, - new ECPoint( - dp.getG().getAffineXCoord().toBigInteger(), - dp.getG().getAffineYCoord().toBigInteger()), - dp.getN(), - dp.getH().intValue()); - } - else - { - this.ecSpec = spec; - } - - publicKey = getPublicKeyDetails(pubKey); - } - - public BCDSTU4145PrivateKey( - String algorithm, - ECPrivateKeyParameters params, - BCDSTU4145PublicKey pubKey, - org.bouncycastle.jce.spec.ECParameterSpec spec) - { - ECDomainParameters dp = params.getParameters(); - - this.algorithm = algorithm; - this.d = params.getD(); - - if (spec == null) - { - EllipticCurve ellipticCurve = EC5Util.convertCurve(dp.getCurve(), dp.getSeed()); - - this.ecSpec = new ECParameterSpec( - ellipticCurve, - new ECPoint( - dp.getG().getAffineXCoord().toBigInteger(), - dp.getG().getAffineYCoord().toBigInteger()), - dp.getN(), - dp.getH().intValue()); - } - else - { - EllipticCurve ellipticCurve = EC5Util.convertCurve(spec.getCurve(), spec.getSeed()); - - this.ecSpec = new ECParameterSpec( - ellipticCurve, - new ECPoint( - spec.getG().getAffineXCoord().toBigInteger(), - spec.getG().getAffineYCoord().toBigInteger()), - spec.getN(), - spec.getH().intValue()); - } - - publicKey = getPublicKeyDetails(pubKey); - } - - public BCDSTU4145PrivateKey( - String algorithm, - ECPrivateKeyParameters params) - { - this.algorithm = algorithm; - this.d = params.getD(); - this.ecSpec = null; - } - - BCDSTU4145PrivateKey( - PrivateKeyInfo info) - throws IOException - { - populateFromPrivKeyInfo(info); - } - - private void populateFromPrivKeyInfo(PrivateKeyInfo info) - throws IOException - { - X962Parameters params = new X962Parameters((ASN1Primitive)info.getPrivateKeyAlgorithm().getParameters()); - - if (params.isNamedCurve()) - { - ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(params.getParameters()); - X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid); - - if (ecP == null) // DSTU Curve - { - ECDomainParameters gParam = DSTU4145NamedCurves.getByOID(oid); - EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed()); - - ecSpec = new ECNamedCurveSpec( - oid.getId(), - ellipticCurve, - new ECPoint( - gParam.getG().getAffineXCoord().toBigInteger(), - gParam.getG().getAffineYCoord().toBigInteger()), - gParam.getN(), - gParam.getH()); - } - else - { - EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed()); - - ecSpec = new ECNamedCurveSpec( - ECUtil.getCurveName(oid), - ellipticCurve, - new ECPoint( - ecP.getG().getAffineXCoord().toBigInteger(), - ecP.getG().getAffineYCoord().toBigInteger()), - ecP.getN(), - ecP.getH()); - } - } - else if (params.isImplicitlyCA()) - { - ecSpec = null; - } - else - { - X9ECParameters ecP = X9ECParameters.getInstance(params.getParameters()); - EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed()); - - this.ecSpec = new ECParameterSpec( - ellipticCurve, - new ECPoint( - ecP.getG().getAffineXCoord().toBigInteger(), - ecP.getG().getAffineYCoord().toBigInteger()), - ecP.getN(), - ecP.getH().intValue()); - } - - ASN1Encodable privKey = info.parsePrivateKey(); - if (privKey instanceof ASN1Integer) - { - ASN1Integer derD = ASN1Integer.getInstance(privKey); - - this.d = derD.getValue(); - } - else - { - org.bouncycastle.asn1.sec.ECPrivateKey ec = org.bouncycastle.asn1.sec.ECPrivateKey.getInstance(privKey); - - this.d = ec.getKey(); - this.publicKey = ec.getPublicKey(); - } - } - - public String getAlgorithm() - { - return algorithm; - } - - /** - * return the encoding format we produce in getEncoded(). - * - * @return the string "PKCS#8" - */ - public String getFormat() - { - return "PKCS#8"; - } - - /** - * Return a PKCS8 representation of the key. The sequence returned - * represents a full PrivateKeyInfo object. - * - * @return a PKCS8 representation of the key. - */ - public byte[] getEncoded() - { - X962Parameters params; - - if (ecSpec instanceof ECNamedCurveSpec) - { - ASN1ObjectIdentifier curveOid = ECUtil.getNamedCurveOid(((ECNamedCurveSpec)ecSpec).getName()); - if (curveOid == null) // guess it's the OID - { - curveOid = new ASN1ObjectIdentifier(((ECNamedCurveSpec)ecSpec).getName()); - } - params = new X962Parameters(curveOid); - } - else if (ecSpec == null) - { - params = new X962Parameters(DERNull.INSTANCE); - } - else - { - ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve()); - - X9ECParameters ecP = new X9ECParameters( - curve, - EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression), - ecSpec.getOrder(), - BigInteger.valueOf(ecSpec.getCofactor()), - ecSpec.getCurve().getSeed()); - - params = new X962Parameters(ecP); - } - - PrivateKeyInfo info; - org.bouncycastle.asn1.sec.ECPrivateKey keyStructure; - - if (publicKey != null) - { - keyStructure = new org.bouncycastle.asn1.sec.ECPrivateKey(this.getS(), publicKey, params); - } - else - { - keyStructure = new org.bouncycastle.asn1.sec.ECPrivateKey(this.getS(), params); - } - - try - { - if (algorithm.equals("DSTU4145")) - { - info = new PrivateKeyInfo(new AlgorithmIdentifier(UAObjectIdentifiers.dstu4145be, params.toASN1Primitive()), keyStructure.toASN1Primitive()); - } - else - { - - info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.toASN1Primitive()), keyStructure.toASN1Primitive()); - } - - return info.getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - return null; - } - } - - public ECParameterSpec getParams() - { - return ecSpec; - } - - public org.bouncycastle.jce.spec.ECParameterSpec getParameters() - { - if (ecSpec == null) - { - return null; - } - - return EC5Util.convertSpec(ecSpec, withCompression); - } - - org.bouncycastle.jce.spec.ECParameterSpec engineGetSpec() - { - if (ecSpec != null) - { - return EC5Util.convertSpec(ecSpec, withCompression); - } - - return BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); - } - - public BigInteger getS() - { - return d; - } - - public BigInteger getD() - { - return d; - } - - public void setBagAttribute( - ASN1ObjectIdentifier oid, - ASN1Encodable attribute) - { - attrCarrier.setBagAttribute(oid, attribute); - } - - public ASN1Encodable getBagAttribute( - ASN1ObjectIdentifier oid) - { - return attrCarrier.getBagAttribute(oid); - } - - public Enumeration getBagAttributeKeys() - { - return attrCarrier.getBagAttributeKeys(); - } - - public void setPointFormat(String style) - { - withCompression = !("UNCOMPRESSED".equalsIgnoreCase(style)); - } - - public boolean equals(Object o) - { - if (!(o instanceof BCDSTU4145PrivateKey)) - { - return false; - } - - BCDSTU4145PrivateKey other = (BCDSTU4145PrivateKey)o; - - return getD().equals(other.getD()) && (engineGetSpec().equals(other.engineGetSpec())); - } - - public int hashCode() - { - return getD().hashCode() ^ engineGetSpec().hashCode(); - } - - public String toString() - { - StringBuffer buf = new StringBuffer(); - String nl = System.getProperty("line.separator"); - - buf.append("EC Private Key").append(nl); - buf.append(" S: ").append(this.d.toString(16)).append(nl); - - return buf.toString(); - - } - - private DERBitString getPublicKeyDetails(BCDSTU4145PublicKey pub) - { - try - { - SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(ASN1Primitive.fromByteArray(pub.getEncoded())); - - return info.getPublicKeyData(); - } - catch (IOException e) - { // should never happen - return null; - } - } - - private void readObject( - ObjectInputStream in) - throws IOException, ClassNotFoundException - { - in.defaultReadObject(); - - byte[] enc = (byte[])in.readObject(); - - populateFromPrivKeyInfo(PrivateKeyInfo.getInstance(ASN1Primitive.fromByteArray(enc))); - - this.attrCarrier = new PKCS12BagAttributeCarrierImpl(); - } - - private void writeObject( - ObjectOutputStream out) - throws IOException - { - out.defaultWriteObject(); - - out.writeObject(this.getEncoded()); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dstu/BCDSTU4145PublicKey.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dstu/BCDSTU4145PublicKey.java deleted file mode 100644 index 11c52a74..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dstu/BCDSTU4145PublicKey.java +++ /dev/null @@ -1,431 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.dstu; - -import java.io.IOException; -import java.io.ObjectInputStream; -import java.io.ObjectOutputStream; -import java.math.BigInteger; -import java.security.interfaces.ECPublicKey; -import java.security.spec.ECParameterSpec; -import java.security.spec.ECPoint; -import java.security.spec.ECPublicKeySpec; -import java.security.spec.EllipticCurve; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.ua.DSTU4145BinaryField; -import org.bouncycastle.asn1.ua.DSTU4145ECBinary; -import org.bouncycastle.asn1.ua.DSTU4145NamedCurves; -import org.bouncycastle.asn1.ua.DSTU4145Params; -import org.bouncycastle.asn1.ua.DSTU4145PointEncoder; -import org.bouncycastle.asn1.ua.UAObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x9.X962Parameters; -import org.bouncycastle.asn1.x9.X9ECParameters; -import org.bouncycastle.crypto.params.ECDomainParameters; -import org.bouncycastle.crypto.params.ECPublicKeyParameters; -import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; -import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; -import org.bouncycastle.jce.interfaces.ECPointEncoder; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec; -import org.bouncycastle.jce.spec.ECNamedCurveSpec; -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.custom.sec.SecP256K1Point; -import org.bouncycastle.math.ec.custom.sec.SecP256R1Point; - -public class BCDSTU4145PublicKey - implements ECPublicKey, org.bouncycastle.jce.interfaces.ECPublicKey, ECPointEncoder -{ - static final long serialVersionUID = 7026240464295649314L; - - private String algorithm = "DSTU4145"; - private boolean withCompression; - - private transient org.bouncycastle.math.ec.ECPoint q; - private transient ECParameterSpec ecSpec; - private transient DSTU4145Params dstuParams; - - public BCDSTU4145PublicKey( - BCDSTU4145PublicKey key) - { - this.q = key.q; - this.ecSpec = key.ecSpec; - this.withCompression = key.withCompression; - this.dstuParams = key.dstuParams; - } - - public BCDSTU4145PublicKey( - ECPublicKeySpec spec) - { - this.ecSpec = spec.getParams(); - this.q = EC5Util.convertPoint(ecSpec, spec.getW(), false); - } - - public BCDSTU4145PublicKey( - org.bouncycastle.jce.spec.ECPublicKeySpec spec) - { - this.q = spec.getQ(); - - if (spec.getParams() != null) // can be null if implictlyCa - { - ECCurve curve = spec.getParams().getCurve(); - EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getParams().getSeed()); - - this.ecSpec = EC5Util.convertSpec(ellipticCurve, spec.getParams()); - } - else - { - if (q.getCurve() == null) - { - org.bouncycastle.jce.spec.ECParameterSpec s = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); - - q = s.getCurve().createPoint(q.getAffineXCoord().toBigInteger(), q.getAffineYCoord().toBigInteger()); - } - this.ecSpec = null; - } - } - - public BCDSTU4145PublicKey( - String algorithm, - ECPublicKeyParameters params, - ECParameterSpec spec) - { - ECDomainParameters dp = params.getParameters(); - - this.algorithm = algorithm; - this.q = params.getQ(); - - if (spec == null) - { - EllipticCurve ellipticCurve = EC5Util.convertCurve(dp.getCurve(), dp.getSeed()); - - this.ecSpec = createSpec(ellipticCurve, dp); - } - else - { - this.ecSpec = spec; - } - } - - public BCDSTU4145PublicKey( - String algorithm, - ECPublicKeyParameters params, - org.bouncycastle.jce.spec.ECParameterSpec spec) - { - ECDomainParameters dp = params.getParameters(); - - this.algorithm = algorithm; - this.q = params.getQ(); - - if (spec == null) - { - EllipticCurve ellipticCurve = EC5Util.convertCurve(dp.getCurve(), dp.getSeed()); - - this.ecSpec = createSpec(ellipticCurve, dp); - } - else - { - EllipticCurve ellipticCurve = EC5Util.convertCurve(spec.getCurve(), spec.getSeed()); - - this.ecSpec = EC5Util.convertSpec(ellipticCurve, spec); - } - } - - /* - * called for implicitCA - */ - public BCDSTU4145PublicKey( - String algorithm, - ECPublicKeyParameters params) - { - this.algorithm = algorithm; - this.q = params.getQ(); - this.ecSpec = null; - } - - private ECParameterSpec createSpec(EllipticCurve ellipticCurve, ECDomainParameters dp) - { - return new ECParameterSpec( - ellipticCurve, - new ECPoint( - dp.getG().getAffineXCoord().toBigInteger(), - dp.getG().getAffineYCoord().toBigInteger()), - dp.getN(), - dp.getH().intValue()); - } - - public BCDSTU4145PublicKey( - ECPublicKey key) - { - this.algorithm = key.getAlgorithm(); - this.ecSpec = key.getParams(); - this.q = EC5Util.convertPoint(this.ecSpec, key.getW(), false); - } - - BCDSTU4145PublicKey( - SubjectPublicKeyInfo info) - { - populateFromPubKeyInfo(info); - } - - private void reverseBytes(byte[] bytes) - { - byte tmp; - - for (int i = 0; i < bytes.length / 2; i++) - { - tmp = bytes[i]; - bytes[i] = bytes[bytes.length - 1 - i]; - bytes[bytes.length - 1 - i] = tmp; - } - } - - private void populateFromPubKeyInfo(SubjectPublicKeyInfo info) - { - DERBitString bits = info.getPublicKeyData(); - ASN1OctetString key; - this.algorithm = "DSTU4145"; - - try - { - key = (ASN1OctetString)ASN1Primitive.fromByteArray(bits.getBytes()); - } - catch (IOException ex) - { - throw new IllegalArgumentException("error recovering public key"); - } - - byte[] keyEnc = key.getOctets(); - - if (info.getAlgorithm().getAlgorithm().equals(UAObjectIdentifiers.dstu4145le)) - { - reverseBytes(keyEnc); - } - - dstuParams = DSTU4145Params.getInstance((ASN1Sequence)info.getAlgorithm().getParameters()); - - //ECNamedCurveParameterSpec spec = ECGOST3410NamedCurveTable.getParameterSpec(ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet())); - org.bouncycastle.jce.spec.ECParameterSpec spec = null; - if (dstuParams.isNamedCurve()) - { - ASN1ObjectIdentifier curveOid = dstuParams.getNamedCurve(); - ECDomainParameters ecP = DSTU4145NamedCurves.getByOID(curveOid); - - spec = new ECNamedCurveParameterSpec(curveOid.getId(), ecP.getCurve(), ecP.getG(), ecP.getN(), ecP.getH(), ecP.getSeed()); - } - else - { - DSTU4145ECBinary binary = dstuParams.getECBinary(); - byte[] b_bytes = binary.getB(); - if (info.getAlgorithm().getAlgorithm().equals(UAObjectIdentifiers.dstu4145le)) - { - reverseBytes(b_bytes); - } - DSTU4145BinaryField field = binary.getField(); - ECCurve curve = new ECCurve.F2m(field.getM(), field.getK1(), field.getK2(), field.getK3(), binary.getA(), new BigInteger(1, b_bytes)); - byte[] g_bytes = binary.getG(); - if (info.getAlgorithm().getAlgorithm().equals(UAObjectIdentifiers.dstu4145le)) - { - reverseBytes(g_bytes); - } - spec = new org.bouncycastle.jce.spec.ECParameterSpec(curve, DSTU4145PointEncoder.decodePoint(curve, g_bytes), binary.getN()); - } - - ECCurve curve = spec.getCurve(); - EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getSeed()); - - //this.q = curve.createPoint(new BigInteger(1, x), new BigInteger(1, y), false); - this.q = DSTU4145PointEncoder.decodePoint(curve, keyEnc); - - if (dstuParams.isNamedCurve()) - { - ecSpec = new ECNamedCurveSpec( - dstuParams.getNamedCurve().getId(), - ellipticCurve, - new ECPoint( - spec.getG().getAffineXCoord().toBigInteger(), - spec.getG().getAffineYCoord().toBigInteger()), - spec.getN(), spec.getH()); - } - else - { - ecSpec = new ECParameterSpec( - ellipticCurve, - new ECPoint( - spec.getG().getAffineXCoord().toBigInteger(), - spec.getG().getAffineYCoord().toBigInteger()), - spec.getN(), spec.getH().intValue()); - } - } - - public byte[] getSbox() - { - if (null != dstuParams) - { - return dstuParams.getDKE(); - } - else - { - return DSTU4145Params.getDefaultDKE(); - } - } - - public String getAlgorithm() - { - return algorithm; - } - - public String getFormat() - { - return "X.509"; - } - - public byte[] getEncoded() - { - ASN1Encodable params; - SubjectPublicKeyInfo info; - - if (dstuParams != null) - { - params = dstuParams; - } - else - { - if (ecSpec instanceof ECNamedCurveSpec) - { - params = new DSTU4145Params(new ASN1ObjectIdentifier(((ECNamedCurveSpec)ecSpec).getName())); - } - else - { // strictly speaking this may not be applicable... - ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve()); - - X9ECParameters ecP = new X9ECParameters( - curve, - EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression), - ecSpec.getOrder(), - BigInteger.valueOf(ecSpec.getCofactor()), - ecSpec.getCurve().getSeed()); - - params = new X962Parameters(ecP); - } - } - - byte[] encKey = DSTU4145PointEncoder.encodePoint(this.q); - - try - { - info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(UAObjectIdentifiers.dstu4145be, params), new DEROctetString(encKey)); - } - catch (IOException e) - { - return null; - } - - return KeyUtil.getEncodedSubjectPublicKeyInfo(info); - } - - public ECParameterSpec getParams() - { - return ecSpec; - } - - public org.bouncycastle.jce.spec.ECParameterSpec getParameters() - { - if (ecSpec == null) // implictlyCA - { - return null; - } - - return EC5Util.convertSpec(ecSpec, withCompression); - } - - public ECPoint getW() - { - return new ECPoint(q.getAffineXCoord().toBigInteger(), q.getAffineYCoord().toBigInteger()); - } - - public org.bouncycastle.math.ec.ECPoint getQ() - { - if (ecSpec == null) - { - return q.getDetachedPoint(); - } - - return q; - } - - public org.bouncycastle.math.ec.ECPoint engineGetQ() - { - return q; - } - - org.bouncycastle.jce.spec.ECParameterSpec engineGetSpec() - { - if (ecSpec != null) - { - return EC5Util.convertSpec(ecSpec, withCompression); - } - - return BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); - } - - public String toString() - { - StringBuffer buf = new StringBuffer(); - String nl = System.getProperty("line.separator"); - - buf.append("EC Public Key").append(nl); - buf.append(" X: ").append(this.q.getAffineXCoord().toBigInteger().toString(16)).append(nl); - buf.append(" Y: ").append(this.q.getAffineYCoord().toBigInteger().toString(16)).append(nl); - - return buf.toString(); - } - - public void setPointFormat(String style) - { - withCompression = !("UNCOMPRESSED".equalsIgnoreCase(style)); - } - - public boolean equals(Object o) - { - if (!(o instanceof BCDSTU4145PublicKey)) - { - return false; - } - - BCDSTU4145PublicKey other = (BCDSTU4145PublicKey)o; - - return engineGetQ().equals(other.engineGetQ()) && (engineGetSpec().equals(other.engineGetSpec())); - } - - public int hashCode() - { - return engineGetQ().hashCode() ^ engineGetSpec().hashCode(); - } - - private void readObject( - ObjectInputStream in) - throws IOException, ClassNotFoundException - { - in.defaultReadObject(); - - byte[] enc = (byte[])in.readObject(); - - populateFromPubKeyInfo(SubjectPublicKeyInfo.getInstance(ASN1Primitive.fromByteArray(enc))); - } - - private void writeObject( - ObjectOutputStream out) - throws IOException - { - out.defaultWriteObject(); - - out.writeObject(this.getEncoded()); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dstu/KeyFactorySpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dstu/KeyFactorySpi.java deleted file mode 100644 index 95a91dea..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dstu/KeyFactorySpi.java +++ /dev/null @@ -1,166 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.dstu; - -import java.io.IOException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.interfaces.ECPrivateKey; -import java.security.interfaces.ECPublicKey; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.KeySpec; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.ua.UAObjectIdentifiers; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; -import org.bouncycastle.jcajce.provider.asymmetric.util.BaseKeyFactorySpi; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.jce.spec.ECParameterSpec; -import org.bouncycastle.jce.spec.ECPrivateKeySpec; -import org.bouncycastle.jce.spec.ECPublicKeySpec; - -public class KeyFactorySpi - extends BaseKeyFactorySpi -{ - public KeyFactorySpi() - { - } - - protected KeySpec engineGetKeySpec( - Key key, - Class spec) - throws InvalidKeySpecException - { - if (spec.isAssignableFrom(java.security.spec.ECPublicKeySpec.class) && key instanceof ECPublicKey) - { - ECPublicKey k = (ECPublicKey)key; - if (k.getParams() != null) - { - return new java.security.spec.ECPublicKeySpec(k.getW(), k.getParams()); - } - else - { - ECParameterSpec implicitSpec = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); - - return new java.security.spec.ECPublicKeySpec(k.getW(), EC5Util.convertSpec(EC5Util.convertCurve(implicitSpec.getCurve(), implicitSpec.getSeed()), implicitSpec)); - } - } - else if (spec.isAssignableFrom(java.security.spec.ECPrivateKeySpec.class) && key instanceof ECPrivateKey) - { - ECPrivateKey k = (ECPrivateKey)key; - - if (k.getParams() != null) - { - return new java.security.spec.ECPrivateKeySpec(k.getS(), k.getParams()); - } - else - { - ECParameterSpec implicitSpec = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); - - return new java.security.spec.ECPrivateKeySpec(k.getS(), EC5Util.convertSpec(EC5Util.convertCurve(implicitSpec.getCurve(), implicitSpec.getSeed()), implicitSpec)); - } - } - else if (spec.isAssignableFrom(org.bouncycastle.jce.spec.ECPublicKeySpec.class) && key instanceof ECPublicKey) - { - ECPublicKey k = (ECPublicKey)key; - if (k.getParams() != null) - { - return new org.bouncycastle.jce.spec.ECPublicKeySpec(EC5Util.convertPoint(k.getParams(), k.getW(), false), EC5Util.convertSpec(k.getParams(), false)); - } - else - { - ECParameterSpec implicitSpec = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); - - return new org.bouncycastle.jce.spec.ECPublicKeySpec(EC5Util.convertPoint(k.getParams(), k.getW(), false), implicitSpec); - } - } - else if (spec.isAssignableFrom(org.bouncycastle.jce.spec.ECPrivateKeySpec.class) && key instanceof ECPrivateKey) - { - ECPrivateKey k = (ECPrivateKey)key; - - if (k.getParams() != null) - { - return new org.bouncycastle.jce.spec.ECPrivateKeySpec(k.getS(), EC5Util.convertSpec(k.getParams(), false)); - } - else - { - ECParameterSpec implicitSpec = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); - - return new org.bouncycastle.jce.spec.ECPrivateKeySpec(k.getS(), implicitSpec); - } - } - - return super.engineGetKeySpec(key, spec); - } - - protected Key engineTranslateKey( - Key key) - throws InvalidKeyException - { - throw new InvalidKeyException("key type unknown"); - } - - protected PrivateKey engineGeneratePrivate( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof ECPrivateKeySpec) - { - return new BCDSTU4145PrivateKey((ECPrivateKeySpec)keySpec); - } - else if (keySpec instanceof java.security.spec.ECPrivateKeySpec) - { - return new BCDSTU4145PrivateKey((java.security.spec.ECPrivateKeySpec)keySpec); - } - - return super.engineGeneratePrivate(keySpec); - } - - protected PublicKey engineGeneratePublic( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof ECPublicKeySpec) - { - return new BCDSTU4145PublicKey((ECPublicKeySpec)keySpec); - } - else if (keySpec instanceof java.security.spec.ECPublicKeySpec) - { - return new BCDSTU4145PublicKey((java.security.spec.ECPublicKeySpec)keySpec); - } - - return super.engineGeneratePublic(keySpec); - } - - public PrivateKey generatePrivate(PrivateKeyInfo keyInfo) - throws IOException - { - ASN1ObjectIdentifier algOid = keyInfo.getPrivateKeyAlgorithm().getAlgorithm(); - - if (algOid.equals(UAObjectIdentifiers.dstu4145le) || algOid.equals(UAObjectIdentifiers.dstu4145be)) - { - return new BCDSTU4145PrivateKey(keyInfo); - } - else - { - throw new IOException("algorithm identifier " + algOid + " in key not recognised"); - } - } - - public PublicKey generatePublic(SubjectPublicKeyInfo keyInfo) - throws IOException - { - ASN1ObjectIdentifier algOid = keyInfo.getAlgorithm().getAlgorithm(); - - if (algOid.equals(UAObjectIdentifiers.dstu4145le) || algOid.equals(UAObjectIdentifiers.dstu4145be)) - { - return new BCDSTU4145PublicKey(keyInfo); - } - else - { - throw new IOException("algorithm identifier " + algOid + " in key not recognised"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dstu/KeyPairGeneratorSpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dstu/KeyPairGeneratorSpi.java deleted file mode 100644 index f39eb7fa..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dstu/KeyPairGeneratorSpi.java +++ /dev/null @@ -1,188 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.dstu; - -import java.math.BigInteger; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidParameterException; -import java.security.KeyPair; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.ECGenParameterSpec; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ua.DSTU4145NamedCurves; -import org.bouncycastle.crypto.AsymmetricCipherKeyPair; -import org.bouncycastle.crypto.generators.DSTU4145KeyPairGenerator; -import org.bouncycastle.crypto.generators.ECKeyPairGenerator; -import org.bouncycastle.crypto.params.ECDomainParameters; -import org.bouncycastle.crypto.params.ECKeyGenerationParameters; -import org.bouncycastle.crypto.params.ECPrivateKeyParameters; -import org.bouncycastle.crypto.params.ECPublicKeyParameters; -import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.jce.spec.ECNamedCurveGenParameterSpec; -import org.bouncycastle.jce.spec.ECNamedCurveSpec; -import org.bouncycastle.jce.spec.ECParameterSpec; -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECPoint; - -public class KeyPairGeneratorSpi - extends java.security.KeyPairGenerator -{ - Object ecParams = null; - ECKeyPairGenerator engine = new DSTU4145KeyPairGenerator(); - - String algorithm = "DSTU4145"; - ECKeyGenerationParameters param; - //int strength = 239; - SecureRandom random = null; - boolean initialised = false; - - public KeyPairGeneratorSpi() - { - super("DSTU4145"); - } - - public void initialize( - int strength, - SecureRandom random) - { - this.random = random; - - if (ecParams != null) - { - try - { - initialize((ECGenParameterSpec)ecParams, random); - } - catch (InvalidAlgorithmParameterException e) - { - throw new InvalidParameterException("key size not configurable."); - } - } - else - { - throw new InvalidParameterException("unknown key size."); - } - } - - public void initialize( - AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - if (params instanceof ECParameterSpec) - { - ECParameterSpec p = (ECParameterSpec)params; - this.ecParams = params; - - param = new ECKeyGenerationParameters(new ECDomainParameters(p.getCurve(), p.getG(), p.getN()), random); - - engine.init(param); - initialised = true; - } - else if (params instanceof java.security.spec.ECParameterSpec) - { - java.security.spec.ECParameterSpec p = (java.security.spec.ECParameterSpec)params; - this.ecParams = params; - - ECCurve curve = EC5Util.convertCurve(p.getCurve()); - ECPoint g = EC5Util.convertPoint(curve, p.getGenerator(), false); - - param = new ECKeyGenerationParameters(new ECDomainParameters(curve, g, p.getOrder(), BigInteger.valueOf(p.getCofactor())), random); - - engine.init(param); - initialised = true; - } - else if (params instanceof ECGenParameterSpec || params instanceof ECNamedCurveGenParameterSpec) - { - String curveName; - - if (params instanceof ECGenParameterSpec) - { - curveName = ((ECGenParameterSpec)params).getName(); - } - else - { - curveName = ((ECNamedCurveGenParameterSpec)params).getName(); - } - - //ECDomainParameters ecP = ECGOST3410NamedCurves.getByName(curveName); - ECDomainParameters ecP = DSTU4145NamedCurves.getByOID(new ASN1ObjectIdentifier(curveName)); - if (ecP == null) - { - throw new InvalidAlgorithmParameterException("unknown curve name: " + curveName); - } - - this.ecParams = new ECNamedCurveSpec( - curveName, - ecP.getCurve(), - ecP.getG(), - ecP.getN(), - ecP.getH(), - ecP.getSeed()); - - java.security.spec.ECParameterSpec p = (java.security.spec.ECParameterSpec)ecParams; - - ECCurve curve = EC5Util.convertCurve(p.getCurve()); - ECPoint g = EC5Util.convertPoint(curve, p.getGenerator(), false); - - param = new ECKeyGenerationParameters(new ECDomainParameters(curve, g, p.getOrder(), BigInteger.valueOf(p.getCofactor())), random); - - engine.init(param); - initialised = true; - } - else if (params == null && BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa() != null) - { - ECParameterSpec p = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); - this.ecParams = params; - - param = new ECKeyGenerationParameters(new ECDomainParameters(p.getCurve(), p.getG(), p.getN()), random); - - engine.init(param); - initialised = true; - } - else if (params == null && BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa() == null) - { - throw new InvalidAlgorithmParameterException("null parameter passed but no implicitCA set"); - } - else - { - throw new InvalidAlgorithmParameterException("parameter object not a ECParameterSpec: " + params.getClass().getName()); - } - } - - public KeyPair generateKeyPair() - { - if (!initialised) - { - throw new IllegalStateException("DSTU Key Pair Generator not initialised"); - } - - AsymmetricCipherKeyPair pair = engine.generateKeyPair(); - ECPublicKeyParameters pub = (ECPublicKeyParameters)pair.getPublic(); - ECPrivateKeyParameters priv = (ECPrivateKeyParameters)pair.getPrivate(); - - if (ecParams instanceof ECParameterSpec) - { - ECParameterSpec p = (ECParameterSpec)ecParams; - - BCDSTU4145PublicKey pubKey = new BCDSTU4145PublicKey(algorithm, pub, p); - return new KeyPair(pubKey, - new BCDSTU4145PrivateKey(algorithm, priv, pubKey, p)); - } - else if (ecParams == null) - { - return new KeyPair(new BCDSTU4145PublicKey(algorithm, pub), - new BCDSTU4145PrivateKey(algorithm, priv)); - } - else - { - java.security.spec.ECParameterSpec p = (java.security.spec.ECParameterSpec)ecParams; - - BCDSTU4145PublicKey pubKey = new BCDSTU4145PublicKey(algorithm, pub, p); - - return new KeyPair(pubKey, new BCDSTU4145PrivateKey(algorithm, priv, pubKey, p)); - } - } -} - diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dstu/SignatureSpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dstu/SignatureSpi.java deleted file mode 100644 index 1b9ce706..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dstu/SignatureSpi.java +++ /dev/null @@ -1,221 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.dstu; - -import java.math.BigInteger; -import java.security.InvalidKeyException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SignatureException; -import java.security.spec.AlgorithmParameterSpec; - -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DSA; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.GOST3411Digest; -import org.bouncycastle.crypto.params.ParametersWithRandom; -import org.bouncycastle.crypto.signers.DSTU4145Signer; -import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; -import org.bouncycastle.jce.interfaces.ECKey; -import org.bouncycastle.jce.interfaces.ECPublicKey; -import org.bouncycastle.jce.provider.BouncyCastleProvider; - -public class SignatureSpi - extends java.security.SignatureSpi - implements PKCSObjectIdentifiers, X509ObjectIdentifiers -{ - private Digest digest; - private DSA signer; - - private static byte[] DEFAULT_SBOX = { - 0xa, 0x9, 0xd, 0x6, 0xe, 0xb, 0x4, 0x5, 0xf, 0x1, 0x3, 0xc, 0x7, 0x0, 0x8, 0x2, - 0x8, 0x0, 0xc, 0x4, 0x9, 0x6, 0x7, 0xb, 0x2, 0x3, 0x1, 0xf, 0x5, 0xe, 0xa, 0xd, - 0xf, 0x6, 0x5, 0x8, 0xe, 0xb, 0xa, 0x4, 0xc, 0x0, 0x3, 0x7, 0x2, 0x9, 0x1, 0xd, - 0x3, 0x8, 0xd, 0x9, 0x6, 0xb, 0xf, 0x0, 0x2, 0x5, 0xc, 0xa, 0x4, 0xe, 0x1, 0x7, - 0xf, 0x8, 0xe, 0x9, 0x7, 0x2, 0x0, 0xd, 0xc, 0x6, 0x1, 0x5, 0xb, 0x4, 0x3, 0xa, - 0x2, 0x8, 0x9, 0x7, 0x5, 0xf, 0x0, 0xb, 0xc, 0x1, 0xd, 0xe, 0xa, 0x3, 0x6, 0x4, - 0x3, 0x8, 0xb, 0x5, 0x6, 0x4, 0xe, 0xa, 0x2, 0xc, 0x1, 0x7, 0x9, 0xf, 0xd, 0x0, - 0x1, 0x2, 0x3, 0xe, 0x6, 0xd, 0xb, 0x8, 0xf, 0xa, 0xc, 0x5, 0x7, 0x9, 0x0, 0x4 - }; - - public SignatureSpi() - { - //TODO: Add default ua s-box - //this.digest = new GOST3411Digest(DEFAULT_SBOX); - this.signer = new DSTU4145Signer(); - } - - protected void engineInitVerify( - PublicKey publicKey) - throws InvalidKeyException - { - CipherParameters param; - - if (publicKey instanceof ECPublicKey) - { - param = ECUtil.generatePublicKeyParameter(publicKey); - } - else - { - try - { - byte[] bytes = publicKey.getEncoded(); - - publicKey = BouncyCastleProvider.getPublicKey(SubjectPublicKeyInfo.getInstance(bytes)); - - if (publicKey instanceof ECPublicKey) - { - param = ECUtil.generatePublicKeyParameter(publicKey); - } - else - { - throw new InvalidKeyException("can't recognise key type in DSA based signer"); - } - } - catch (Exception e) - { - throw new InvalidKeyException("can't recognise key type in DSA based signer"); - } - } - - digest = new GOST3411Digest(expandSbox(((BCDSTU4145PublicKey)publicKey).getSbox())); - signer.init(false, param); - } - - byte[] expandSbox(byte[] compressed) - { - byte[] expanded = new byte[128]; - - for (int i = 0; i < compressed.length; i++) - { - expanded[i * 2] = (byte)((compressed[i] >> 4) & 0xf); - expanded[i * 2 + 1] = (byte)(compressed[i] & 0xf); - } - return expanded; - } - - protected void engineInitSign( - PrivateKey privateKey) - throws InvalidKeyException - { - CipherParameters param = null; - - if (privateKey instanceof ECKey) - { - param = ECUtil.generatePrivateKeyParameter(privateKey); - } - - digest = new GOST3411Digest(DEFAULT_SBOX); - - if (appRandom != null) - { - signer.init(true, new ParametersWithRandom(param, appRandom)); - } - else - { - signer.init(true, param); - } - } - - protected void engineUpdate( - byte b) - throws SignatureException - { - digest.update(b); - } - - protected void engineUpdate( - byte[] b, - int off, - int len) - throws SignatureException - { - digest.update(b, off, len); - } - - protected byte[] engineSign() - throws SignatureException - { - byte[] hash = new byte[digest.getDigestSize()]; - - digest.doFinal(hash, 0); - - try - { - BigInteger[] sig = signer.generateSignature(hash); - byte[] r = sig[0].toByteArray(); - byte[] s = sig[1].toByteArray(); - - byte[] sigBytes = new byte[(r.length > s.length ? r.length * 2 : s.length * 2)]; - System.arraycopy(s, 0, sigBytes, (sigBytes.length / 2) - s.length, s.length); - System.arraycopy(r, 0, sigBytes, sigBytes.length - r.length, r.length); - - return new DEROctetString(sigBytes).getEncoded(); - } - catch (Exception e) - { - throw new SignatureException(e.toString()); - } - } - - protected boolean engineVerify( - byte[] sigBytes) - throws SignatureException - { - byte[] hash = new byte[digest.getDigestSize()]; - - digest.doFinal(hash, 0); - - BigInteger[] sig; - - try - { - byte[] bytes = ((ASN1OctetString)ASN1OctetString.fromByteArray(sigBytes)).getOctets(); - - byte[] r = new byte[bytes.length / 2]; - byte[] s = new byte[bytes.length / 2]; - - System.arraycopy(bytes, 0, s, 0, bytes.length / 2); - - System.arraycopy(bytes, bytes.length / 2, r, 0, bytes.length / 2); - - sig = new BigInteger[2]; - sig[0] = new BigInteger(1, r); - sig[1] = new BigInteger(1, s); - } - catch (Exception e) - { - throw new SignatureException("error decoding signature bytes."); - } - - return signer.verifySignature(hash, sig[0], sig[1]); - } - - protected void engineSetParameter( - AlgorithmParameterSpec params) - { - throw new UnsupportedOperationException("engineSetParameter unsupported"); - } - - /** - * @deprecated replaced with <a href = "#engineSetParameter(java.security.spec.AlgorithmParameterSpec)"> - */ - protected void engineSetParameter( - String param, - Object value) - { - throw new UnsupportedOperationException("engineSetParameter unsupported"); - } - - /** - * @deprecated - */ - protected Object engineGetParameter( - String param) - { - throw new UnsupportedOperationException("engineSetParameter unsupported"); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dstu/SignatureSpiLe.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dstu/SignatureSpiLe.java deleted file mode 100644 index 0eb8bc93..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dstu/SignatureSpiLe.java +++ /dev/null @@ -1,69 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.dstu; - -import java.io.IOException; -import java.security.SignatureException; - -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.DEROctetString; - -public class SignatureSpiLe - extends SignatureSpi -{ - void reverseBytes(byte[] bytes) - { - byte tmp; - - for (int i = 0; i < bytes.length / 2; i++) - { - tmp = bytes[i]; - bytes[i] = bytes[bytes.length - 1 - i]; - bytes[bytes.length - 1 - i] = tmp; - } - } - - protected byte[] engineSign() - throws SignatureException - { - byte[] signature = ASN1OctetString.getInstance(super.engineSign()).getOctets(); - reverseBytes(signature); - try - { - return (new DEROctetString(signature)).getEncoded(); - } - catch (Exception e) - { - throw new SignatureException(e.toString()); - } - } - - protected boolean engineVerify( - byte[] sigBytes) - throws SignatureException - { - byte[] bytes = null; - - try - { - bytes = ((ASN1OctetString)ASN1OctetString.fromByteArray(sigBytes)).getOctets(); - } - catch (IOException e) - { - throw new SignatureException("error decoding signature bytes."); - } - - reverseBytes(bytes); - - try - { - return super.engineVerify((new DEROctetString(bytes)).getEncoded()); - } - catch (SignatureException e) - { - throw e; - } - catch (Exception e) - { - throw new SignatureException(e.toString()); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java deleted file mode 100644 index 45d5b081..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java +++ /dev/null @@ -1,462 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.ec; - -import java.io.IOException; -import java.io.ObjectInputStream; -import java.io.ObjectOutputStream; -import java.math.BigInteger; -import java.security.interfaces.ECPrivateKey; -import java.security.spec.ECParameterSpec; -import java.security.spec.ECPoint; -import java.security.spec.ECPrivateKeySpec; -import java.security.spec.EllipticCurve; -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x9.X962Parameters; -import org.bouncycastle.asn1.x9.X9ECParameters; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.crypto.params.ECDomainParameters; -import org.bouncycastle.crypto.params.ECPrivateKeyParameters; -import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; -import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; -import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl; -import org.bouncycastle.jcajce.provider.config.ProviderConfiguration; -import org.bouncycastle.jce.interfaces.ECPointEncoder; -import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.jce.spec.ECNamedCurveSpec; -import org.bouncycastle.math.ec.ECCurve; - -public class BCECPrivateKey - implements ECPrivateKey, org.bouncycastle.jce.interfaces.ECPrivateKey, PKCS12BagAttributeCarrier, ECPointEncoder -{ - static final long serialVersionUID = 994553197664784084L; - - private String algorithm = "EC"; - private boolean withCompression; - - private transient BigInteger d; - private transient ECParameterSpec ecSpec; - private transient ProviderConfiguration configuration; - private transient DERBitString publicKey; - - private transient PKCS12BagAttributeCarrierImpl attrCarrier = new PKCS12BagAttributeCarrierImpl(); - - protected BCECPrivateKey() - { - } - - public BCECPrivateKey( - ECPrivateKey key, - ProviderConfiguration configuration) - { - this.d = key.getS(); - this.algorithm = key.getAlgorithm(); - this.ecSpec = key.getParams(); - this.configuration = configuration; - } - - public BCECPrivateKey( - String algorithm, - org.bouncycastle.jce.spec.ECPrivateKeySpec spec, - ProviderConfiguration configuration) - { - this.algorithm = algorithm; - this.d = spec.getD(); - - if (spec.getParams() != null) // can be null if implicitlyCA - { - ECCurve curve = spec.getParams().getCurve(); - EllipticCurve ellipticCurve; - - ellipticCurve = EC5Util.convertCurve(curve, spec.getParams().getSeed()); - - this.ecSpec = EC5Util.convertSpec(ellipticCurve, spec.getParams()); - } - else - { - this.ecSpec = null; - } - - this.configuration = configuration; - } - - - public BCECPrivateKey( - String algorithm, - ECPrivateKeySpec spec, - ProviderConfiguration configuration) - { - this.algorithm = algorithm; - this.d = spec.getS(); - this.ecSpec = spec.getParams(); - this.configuration = configuration; - } - - public BCECPrivateKey( - String algorithm, - BCECPrivateKey key) - { - this.algorithm = algorithm; - this.d = key.d; - this.ecSpec = key.ecSpec; - this.withCompression = key.withCompression; - this.attrCarrier = key.attrCarrier; - this.publicKey = key.publicKey; - this.configuration = key.configuration; - } - - public BCECPrivateKey( - String algorithm, - ECPrivateKeyParameters params, - BCECPublicKey pubKey, - ECParameterSpec spec, - ProviderConfiguration configuration) - { - ECDomainParameters dp = params.getParameters(); - - this.algorithm = algorithm; - this.d = params.getD(); - this.configuration = configuration; - - if (spec == null) - { - EllipticCurve ellipticCurve = EC5Util.convertCurve(dp.getCurve(), dp.getSeed()); - - this.ecSpec = new ECParameterSpec( - ellipticCurve, - new ECPoint( - dp.getG().getAffineXCoord().toBigInteger(), - dp.getG().getAffineYCoord().toBigInteger()), - dp.getN(), - dp.getH().intValue()); - } - else - { - this.ecSpec = spec; - } - - publicKey = getPublicKeyDetails(pubKey); - } - - public BCECPrivateKey( - String algorithm, - ECPrivateKeyParameters params, - BCECPublicKey pubKey, - org.bouncycastle.jce.spec.ECParameterSpec spec, - ProviderConfiguration configuration) - { - ECDomainParameters dp = params.getParameters(); - - this.algorithm = algorithm; - this.d = params.getD(); - this.configuration = configuration; - - if (spec == null) - { - EllipticCurve ellipticCurve = EC5Util.convertCurve(dp.getCurve(), dp.getSeed()); - - this.ecSpec = new ECParameterSpec( - ellipticCurve, - new ECPoint( - dp.getG().getAffineXCoord().toBigInteger(), - dp.getG().getAffineYCoord().toBigInteger()), - dp.getN(), - dp.getH().intValue()); - } - else - { - EllipticCurve ellipticCurve = EC5Util.convertCurve(spec.getCurve(), spec.getSeed()); - - this.ecSpec = EC5Util.convertSpec(ellipticCurve, spec); - } - - publicKey = getPublicKeyDetails(pubKey); - } - - public BCECPrivateKey( - String algorithm, - ECPrivateKeyParameters params, - ProviderConfiguration configuration) - { - this.algorithm = algorithm; - this.d = params.getD(); - this.ecSpec = null; - this.configuration = configuration; - } - - BCECPrivateKey( - String algorithm, - PrivateKeyInfo info, - ProviderConfiguration configuration) - throws IOException - { - this.algorithm = algorithm; - this.configuration = configuration; - populateFromPrivKeyInfo(info); - } - - private void populateFromPrivKeyInfo(PrivateKeyInfo info) - throws IOException - { - X962Parameters params = X962Parameters.getInstance(info.getPrivateKeyAlgorithm().getParameters()); - - if (params.isNamedCurve()) - { - ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(params.getParameters()); - X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid); - EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed()); - - ecSpec = new ECNamedCurveSpec( - ECUtil.getCurveName(oid), - ellipticCurve, - new ECPoint( - ecP.getG().getAffineXCoord().toBigInteger(), - ecP.getG().getAffineYCoord().toBigInteger()), - ecP.getN(), - ecP.getH()); - } - else if (params.isImplicitlyCA()) - { - ecSpec = null; - } - else - { - X9ECParameters ecP = X9ECParameters.getInstance(params.getParameters()); - EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed()); - - this.ecSpec = new ECParameterSpec( - ellipticCurve, - new ECPoint( - ecP.getG().getAffineXCoord().toBigInteger(), - ecP.getG().getAffineYCoord().toBigInteger()), - ecP.getN(), - ecP.getH().intValue()); - } - - ASN1Encodable privKey = info.parsePrivateKey(); - if (privKey instanceof ASN1Integer) - { - ASN1Integer derD = ASN1Integer.getInstance(privKey); - - this.d = derD.getValue(); - } - else - { - org.bouncycastle.asn1.sec.ECPrivateKey ec = org.bouncycastle.asn1.sec.ECPrivateKey.getInstance(privKey); - - this.d = ec.getKey(); - this.publicKey = ec.getPublicKey(); - } - } - - public String getAlgorithm() - { - return algorithm; - } - - /** - * return the encoding format we produce in getEncoded(). - * - * @return the string "PKCS#8" - */ - public String getFormat() - { - return "PKCS#8"; - } - - /** - * Return a PKCS8 representation of the key. The sequence returned - * represents a full PrivateKeyInfo object. - * - * @return a PKCS8 representation of the key. - */ - public byte[] getEncoded() - { - X962Parameters params; - - if (ecSpec instanceof ECNamedCurveSpec) - { - ASN1ObjectIdentifier curveOid = ECUtil.getNamedCurveOid(((ECNamedCurveSpec)ecSpec).getName()); - if (curveOid == null) // guess it's the OID - { - curveOid = new ASN1ObjectIdentifier(((ECNamedCurveSpec)ecSpec).getName()); - } - - params = new X962Parameters(curveOid); - } - else if (ecSpec == null) - { - params = new X962Parameters(DERNull.INSTANCE); - } - else - { - ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve()); - - X9ECParameters ecP = new X9ECParameters( - curve, - EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression), - ecSpec.getOrder(), - BigInteger.valueOf(ecSpec.getCofactor()), - ecSpec.getCurve().getSeed()); - - params = new X962Parameters(ecP); - } - - PrivateKeyInfo info; - org.bouncycastle.asn1.sec.ECPrivateKey keyStructure; - - if (publicKey != null) - { - keyStructure = new org.bouncycastle.asn1.sec.ECPrivateKey(this.getS(), publicKey, params); - } - else - { - keyStructure = new org.bouncycastle.asn1.sec.ECPrivateKey(this.getS(), params); - } - - try - { - info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params), keyStructure); - - return info.getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - return null; - } - } - - public ECParameterSpec getParams() - { - return ecSpec; - } - - public org.bouncycastle.jce.spec.ECParameterSpec getParameters() - { - if (ecSpec == null) - { - return null; - } - - return EC5Util.convertSpec(ecSpec, withCompression); - } - - org.bouncycastle.jce.spec.ECParameterSpec engineGetSpec() - { - if (ecSpec != null) - { - return EC5Util.convertSpec(ecSpec, withCompression); - } - - return configuration.getEcImplicitlyCa(); - } - - public BigInteger getS() - { - return d; - } - - public BigInteger getD() - { - return d; - } - - public void setBagAttribute( - ASN1ObjectIdentifier oid, - ASN1Encodable attribute) - { - attrCarrier.setBagAttribute(oid, attribute); - } - - public ASN1Encodable getBagAttribute( - ASN1ObjectIdentifier oid) - { - return attrCarrier.getBagAttribute(oid); - } - - public Enumeration getBagAttributeKeys() - { - return attrCarrier.getBagAttributeKeys(); - } - - public void setPointFormat(String style) - { - withCompression = !("UNCOMPRESSED".equalsIgnoreCase(style)); - } - - public boolean equals(Object o) - { - if (!(o instanceof BCECPrivateKey)) - { - return false; - } - - BCECPrivateKey other = (BCECPrivateKey)o; - - return getD().equals(other.getD()) && (engineGetSpec().equals(other.engineGetSpec())); - } - - public int hashCode() - { - return getD().hashCode() ^ engineGetSpec().hashCode(); - } - - public String toString() - { - StringBuffer buf = new StringBuffer(); - String nl = System.getProperty("line.separator"); - - buf.append("EC Private Key").append(nl); - buf.append(" S: ").append(this.d.toString(16)).append(nl); - - return buf.toString(); - - } - - private DERBitString getPublicKeyDetails(BCECPublicKey pub) - { - try - { - SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(ASN1Primitive.fromByteArray(pub.getEncoded())); - - return info.getPublicKeyData(); - } - catch (IOException e) - { // should never happen - return null; - } - } - - private void readObject( - ObjectInputStream in) - throws IOException, ClassNotFoundException - { - in.defaultReadObject(); - - byte[] enc = (byte[])in.readObject(); - - populateFromPrivKeyInfo(PrivateKeyInfo.getInstance(ASN1Primitive.fromByteArray(enc))); - - this.configuration = BouncyCastleProvider.CONFIGURATION; - this.attrCarrier = new PKCS12BagAttributeCarrierImpl(); - } - - private void writeObject( - ObjectOutputStream out) - throws IOException - { - out.defaultWriteObject(); - - out.writeObject(this.getEncoded()); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPublicKey.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPublicKey.java deleted file mode 100644 index ac0ddf5b..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPublicKey.java +++ /dev/null @@ -1,454 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.ec; - -import java.io.IOException; -import java.io.ObjectInputStream; -import java.io.ObjectOutputStream; -import java.math.BigInteger; -import java.security.interfaces.ECPublicKey; -import java.security.spec.ECParameterSpec; -import java.security.spec.ECPoint; -import java.security.spec.ECPublicKeySpec; -import java.security.spec.EllipticCurve; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x9.X962Parameters; -import org.bouncycastle.asn1.x9.X9ECParameters; -import org.bouncycastle.asn1.x9.X9ECPoint; -import org.bouncycastle.asn1.x9.X9IntegerConverter; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.crypto.params.ECDomainParameters; -import org.bouncycastle.crypto.params.ECPublicKeyParameters; -import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; -import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; -import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; -import org.bouncycastle.jcajce.provider.config.ProviderConfiguration; -import org.bouncycastle.jce.interfaces.ECPointEncoder; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.jce.spec.ECNamedCurveSpec; -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.custom.sec.SecP256K1Point; -import org.bouncycastle.math.ec.custom.sec.SecP256R1Point; - -public class BCECPublicKey - implements ECPublicKey, org.bouncycastle.jce.interfaces.ECPublicKey, ECPointEncoder -{ - static final long serialVersionUID = 2422789860422731812L; - - private String algorithm = "EC"; - private boolean withCompression; - - private transient org.bouncycastle.math.ec.ECPoint q; - private transient ECParameterSpec ecSpec; - private transient ProviderConfiguration configuration; - - public BCECPublicKey( - String algorithm, - BCECPublicKey key) - { - this.algorithm = algorithm; - this.q = key.q; - this.ecSpec = key.ecSpec; - this.withCompression = key.withCompression; - this.configuration = key.configuration; - } - - public BCECPublicKey( - String algorithm, - ECPublicKeySpec spec, - ProviderConfiguration configuration) - { - this.algorithm = algorithm; - this.ecSpec = spec.getParams(); - this.q = EC5Util.convertPoint(ecSpec, spec.getW(), false); - this.configuration = configuration; - } - - public BCECPublicKey( - String algorithm, - org.bouncycastle.jce.spec.ECPublicKeySpec spec, - ProviderConfiguration configuration) - { - this.algorithm = algorithm; - this.q = spec.getQ(); - - if (spec.getParams() != null) // can be null if implictlyCa - { - ECCurve curve = spec.getParams().getCurve(); - EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getParams().getSeed()); - - // this may seem a little long-winded but it's how we pick up the custom curve. - this.q = EC5Util.convertCurve(ellipticCurve).createPoint(spec.getQ().getAffineXCoord().toBigInteger(), spec.getQ().getAffineYCoord().toBigInteger()); - this.ecSpec = EC5Util.convertSpec(ellipticCurve, spec.getParams()); - } - else - { - if (q.getCurve() == null) - { - org.bouncycastle.jce.spec.ECParameterSpec s = configuration.getEcImplicitlyCa(); - - q = s.getCurve().createPoint(q.getXCoord().toBigInteger(), q.getYCoord().toBigInteger(), false); - } - this.ecSpec = null; - } - - this.configuration = configuration; - } - - public BCECPublicKey( - String algorithm, - ECPublicKeyParameters params, - ECParameterSpec spec, - ProviderConfiguration configuration) - { - ECDomainParameters dp = params.getParameters(); - - this.algorithm = algorithm; - this.q = params.getQ(); - - if (spec == null) - { - EllipticCurve ellipticCurve = EC5Util.convertCurve(dp.getCurve(), dp.getSeed()); - - this.ecSpec = createSpec(ellipticCurve, dp); - } - else - { - this.ecSpec = spec; - } - - this.configuration = configuration; - } - - public BCECPublicKey( - String algorithm, - ECPublicKeyParameters params, - org.bouncycastle.jce.spec.ECParameterSpec spec, - ProviderConfiguration configuration) - { - ECDomainParameters dp = params.getParameters(); - - this.algorithm = algorithm; - - if (spec == null) - { - EllipticCurve ellipticCurve = EC5Util.convertCurve(dp.getCurve(), dp.getSeed()); - - this.ecSpec = createSpec(ellipticCurve, dp); - } - else - { - EllipticCurve ellipticCurve = EC5Util.convertCurve(spec.getCurve(), spec.getSeed()); - - this.ecSpec = EC5Util.convertSpec(ellipticCurve, spec); - } - - this.q = EC5Util.convertCurve(ecSpec.getCurve()).createPoint(params.getQ().getAffineXCoord().toBigInteger(), params.getQ().getAffineYCoord().toBigInteger()); - - this.configuration = configuration; - } - - /* - * called for implicitCA - */ - public BCECPublicKey( - String algorithm, - ECPublicKeyParameters params, - ProviderConfiguration configuration) - { - this.algorithm = algorithm; - this.q = params.getQ(); - this.ecSpec = null; - this.configuration = configuration; - } - - public BCECPublicKey( - ECPublicKey key, - ProviderConfiguration configuration) - { - this.algorithm = key.getAlgorithm(); - this.ecSpec = key.getParams(); - this.q = EC5Util.convertPoint(this.ecSpec, key.getW(), false); - } - - BCECPublicKey( - String algorithm, - SubjectPublicKeyInfo info, - ProviderConfiguration configuration) - { - this.algorithm = algorithm; - this.configuration = configuration; - populateFromPubKeyInfo(info); - } - - private ECParameterSpec createSpec(EllipticCurve ellipticCurve, ECDomainParameters dp) - { - return new ECParameterSpec( - ellipticCurve, - new ECPoint( - dp.getG().getAffineXCoord().toBigInteger(), - dp.getG().getAffineYCoord().toBigInteger()), - dp.getN(), - dp.getH().intValue()); - } - - private void populateFromPubKeyInfo(SubjectPublicKeyInfo info) - { - X962Parameters params = new X962Parameters((ASN1Primitive)info.getAlgorithm().getParameters()); - ECCurve curve; - EllipticCurve ellipticCurve; - - if (params.isNamedCurve()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)params.getParameters(); - X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid); - - curve = ecP.getCurve(); - ellipticCurve = EC5Util.convertCurve(curve, ecP.getSeed()); - - ecSpec = new ECNamedCurveSpec( - ECUtil.getCurveName(oid), - ellipticCurve, - new ECPoint( - ecP.getG().getAffineXCoord().toBigInteger(), - ecP.getG().getAffineYCoord().toBigInteger()), - ecP.getN(), - ecP.getH()); - } - else if (params.isImplicitlyCA()) - { - ecSpec = null; - curve = configuration.getEcImplicitlyCa().getCurve(); - } - else - { - X9ECParameters ecP = X9ECParameters.getInstance(params.getParameters()); - - curve = ecP.getCurve(); - ellipticCurve = EC5Util.convertCurve(curve, ecP.getSeed()); - - this.ecSpec = new ECParameterSpec( - ellipticCurve, - new ECPoint( - ecP.getG().getAffineXCoord().toBigInteger(), - ecP.getG().getAffineYCoord().toBigInteger()), - ecP.getN(), - ecP.getH().intValue()); - } - - DERBitString bits = info.getPublicKeyData(); - byte[] data = bits.getBytes(); - ASN1OctetString key = new DEROctetString(data); - - // - // extra octet string - one of our old certs... - // - if (data[0] == 0x04 && data[1] == data.length - 2 - && (data[2] == 0x02 || data[2] == 0x03)) - { - int qLength = new X9IntegerConverter().getByteLength(curve); - - if (qLength >= data.length - 3) - { - try - { - key = (ASN1OctetString) ASN1Primitive.fromByteArray(data); - } - catch (IOException ex) - { - throw new IllegalArgumentException("error recovering public key"); - } - } - } - X9ECPoint derQ = new X9ECPoint(curve, key); - - this.q = derQ.getPoint(); - } - - public String getAlgorithm() - { - return algorithm; - } - - public String getFormat() - { - return "X.509"; - } - - public byte[] getEncoded() - { - ASN1Encodable params; - SubjectPublicKeyInfo info; - - if (ecSpec instanceof ECNamedCurveSpec) - { - ASN1ObjectIdentifier curveOid = ECUtil.getNamedCurveOid(((ECNamedCurveSpec)ecSpec).getName()); - if (curveOid == null) - { - curveOid = new ASN1ObjectIdentifier(((ECNamedCurveSpec)ecSpec).getName()); - } - params = new X962Parameters(curveOid); - } - else if (ecSpec == null) - { - params = new X962Parameters(DERNull.INSTANCE); - } - else - { - ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve()); - - X9ECParameters ecP = new X9ECParameters( - curve, - EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression), - ecSpec.getOrder(), - BigInteger.valueOf(ecSpec.getCofactor()), - ecSpec.getCurve().getSeed()); - - params = new X962Parameters(ecP); - } - - ECCurve curve = this.engineGetQ().getCurve(); - ASN1OctetString p; - - // stored curve is null if ImplicitlyCa - if (ecSpec == null) - { - p = (ASN1OctetString) - new X9ECPoint(curve.createPoint(this.getQ().getXCoord().toBigInteger(), this.getQ().getYCoord().toBigInteger(), withCompression)).toASN1Primitive(); - } - else - { - p = (ASN1OctetString) - new X9ECPoint(curve.createPoint(this.getQ().getAffineXCoord().toBigInteger(), this.getQ().getAffineYCoord().toBigInteger(), withCompression)).toASN1Primitive(); - } - - info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params), p.getOctets()); - - return KeyUtil.getEncodedSubjectPublicKeyInfo(info); - } - - private void extractBytes(byte[] encKey, int offSet, BigInteger bI) - { - byte[] val = bI.toByteArray(); - if (val.length < 32) - { - byte[] tmp = new byte[32]; - System.arraycopy(val, 0, tmp, tmp.length - val.length, val.length); - val = tmp; - } - - for (int i = 0; i != 32; i++) - { - encKey[offSet + i] = val[val.length - 1 - i]; - } - } - - public ECParameterSpec getParams() - { - return ecSpec; - } - - public org.bouncycastle.jce.spec.ECParameterSpec getParameters() - { - if (ecSpec == null) // implictlyCA - { - return null; - } - - return EC5Util.convertSpec(ecSpec, withCompression); - } - - public ECPoint getW() - { - return new ECPoint(q.getAffineXCoord().toBigInteger(), q.getAffineYCoord().toBigInteger()); - } - - public org.bouncycastle.math.ec.ECPoint getQ() - { - if (ecSpec == null) - { - return q.getDetachedPoint(); - } - - return q; - } - - public org.bouncycastle.math.ec.ECPoint engineGetQ() - { - return q; - } - - org.bouncycastle.jce.spec.ECParameterSpec engineGetSpec() - { - if (ecSpec != null) - { - return EC5Util.convertSpec(ecSpec, withCompression); - } - - return configuration.getEcImplicitlyCa(); - } - - public String toString() - { - StringBuffer buf = new StringBuffer(); - String nl = System.getProperty("line.separator"); - - buf.append("EC Public Key").append(nl); - buf.append(" X: ").append(this.q.getAffineXCoord().toBigInteger().toString(16)).append(nl); - buf.append(" Y: ").append(this.q.getAffineYCoord().toBigInteger().toString(16)).append(nl); - - return buf.toString(); - - } - - public void setPointFormat(String style) - { - withCompression = !("UNCOMPRESSED".equalsIgnoreCase(style)); - } - - public boolean equals(Object o) - { - if (!(o instanceof BCECPublicKey)) - { - return false; - } - - BCECPublicKey other = (BCECPublicKey)o; - - return engineGetQ().equals(other.engineGetQ()) && (engineGetSpec().equals(other.engineGetSpec())); - } - - public int hashCode() - { - return engineGetQ().hashCode() ^ engineGetSpec().hashCode(); - } - - private void readObject( - ObjectInputStream in) - throws IOException, ClassNotFoundException - { - in.defaultReadObject(); - - byte[] enc = (byte[])in.readObject(); - - populateFromPubKeyInfo(SubjectPublicKeyInfo.getInstance(ASN1Primitive.fromByteArray(enc))); - - this.configuration = BouncyCastleProvider.CONFIGURATION; - } - - private void writeObject( - ObjectOutputStream out) - throws IOException - { - out.defaultWriteObject(); - - out.writeObject(this.getEncoded()); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/IESCipher.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/IESCipher.java deleted file mode 100644 index ff78d22c..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/IESCipher.java +++ /dev/null @@ -1,552 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.ec; - -import java.io.ByteArrayOutputStream; -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.BadPaddingException; -import javax.crypto.Cipher; -import javax.crypto.CipherSpi; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.ShortBufferException; - -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.InvalidCipherTextException; -import org.bouncycastle.crypto.KeyEncoder; -import org.bouncycastle.crypto.agreement.ECDHBasicAgreement; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.engines.AESEngine; -import org.bouncycastle.crypto.engines.DESedeEngine; -import org.bouncycastle.crypto.engines.IESEngine; -import org.bouncycastle.crypto.generators.ECKeyPairGenerator; -import org.bouncycastle.crypto.generators.EphemeralKeyPairGenerator; -import org.bouncycastle.crypto.generators.KDF2BytesGenerator; -import org.bouncycastle.crypto.macs.HMac; -import org.bouncycastle.crypto.modes.CBCBlockCipher; -import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher; -import org.bouncycastle.crypto.params.AsymmetricKeyParameter; -import org.bouncycastle.crypto.params.ECDomainParameters; -import org.bouncycastle.crypto.params.ECKeyGenerationParameters; -import org.bouncycastle.crypto.params.ECKeyParameters; -import org.bouncycastle.crypto.params.ECPublicKeyParameters; -import org.bouncycastle.crypto.params.IESWithCipherParameters; -import org.bouncycastle.crypto.params.ParametersWithIV; -import org.bouncycastle.crypto.parsers.ECIESPublicKeyParser; -import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; -import org.bouncycastle.jcajce.provider.asymmetric.util.IESUtil; -import org.bouncycastle.jce.interfaces.ECKey; -import org.bouncycastle.jce.interfaces.ECPrivateKey; -import org.bouncycastle.jce.interfaces.ECPublicKey; -import org.bouncycastle.jce.interfaces.IESKey; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.jce.spec.IESParameterSpec; -import org.bouncycastle.util.Strings; - - -public class IESCipher - extends CipherSpi -{ - private int ivLength; - private IESEngine engine; - private int state = -1; - private ByteArrayOutputStream buffer = new ByteArrayOutputStream(); - private AlgorithmParameters engineParam = null; - private IESParameterSpec engineSpec = null; - private AsymmetricKeyParameter key; - private SecureRandom random; - private boolean dhaesMode = false; - private AsymmetricKeyParameter otherKeyParameter = null; - - public IESCipher(IESEngine engine) - { - this.engine = engine; - this.ivLength = 0; - } - - public IESCipher(IESEngine engine, int ivLength) - { - this.engine = engine; - this.ivLength = ivLength; - } - - public int engineGetBlockSize() - { - if (engine.getCipher() != null) - { - return engine.getCipher().getBlockSize(); - } - else - { - return 0; - } - } - - - public int engineGetKeySize(Key key) - { - if (key instanceof ECKey) - { - return ((ECKey)key).getParameters().getCurve().getFieldSize(); - } - else - { - throw new IllegalArgumentException("not an EC key"); - } - } - - - public byte[] engineGetIV() - { - return null; - } - - public AlgorithmParameters engineGetParameters() - { - if (engineParam == null && engineSpec != null) - { - try - { - engineParam = AlgorithmParameters.getInstance("IES", BouncyCastleProvider.PROVIDER_NAME); - engineParam.init(engineSpec); - } - catch (Exception e) - { - throw new RuntimeException(e.toString()); - } - } - - return engineParam; - } - - - public void engineSetMode(String mode) - throws NoSuchAlgorithmException - { - String modeName = Strings.toUpperCase(mode); - - if (modeName.equals("NONE")) - { - dhaesMode = false; - } - else if (modeName.equals("DHAES")) - { - dhaesMode = true; - } - else - { - throw new IllegalArgumentException("can't support mode " + mode); - } - } - - - public int engineGetOutputSize(int inputLen) - { - int len1, len2, len3; - - len1 = engine.getMac().getMacSize(); - - if (key != null) - { - len2 = 1 + 2 * (((ECKey)key).getParameters().getCurve().getFieldSize() + 7) / 8; - } - else - { - throw new IllegalStateException("cipher not initialised"); - } - - if (engine.getCipher() == null) - { - len3 = inputLen; - } - else if (state == Cipher.ENCRYPT_MODE || state == Cipher.WRAP_MODE) - { - len3 = engine.getCipher().getOutputSize(inputLen); - } - else if (state == Cipher.DECRYPT_MODE || state == Cipher.UNWRAP_MODE) - { - len3 = engine.getCipher().getOutputSize(inputLen - len1 - len2); - } - else - { - throw new IllegalStateException("cipher not initialised"); - } - - if (state == Cipher.ENCRYPT_MODE || state == Cipher.WRAP_MODE) - { - return buffer.size() + len1 + len2 + len3; - } - else if (state == Cipher.DECRYPT_MODE || state == Cipher.UNWRAP_MODE) - { - return buffer.size() - len1 - len2 + len3; - } - else - { - throw new IllegalStateException("cipher not initialised"); - } - - } - - public void engineSetPadding(String padding) - throws NoSuchPaddingException - { - String paddingName = Strings.toUpperCase(padding); - - // TDOD: make this meaningful... - if (paddingName.equals("NOPADDING")) - { - - } - else if (paddingName.equals("PKCS5PADDING") || paddingName.equals("PKCS7PADDING")) - { - - } - else - { - throw new NoSuchPaddingException("padding not available with IESCipher"); - } - } - - - // Initialisation methods - - public void engineInit( - int opmode, - Key key, - AlgorithmParameters params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - AlgorithmParameterSpec paramSpec = null; - - if (params != null) - { - try - { - paramSpec = params.getParameterSpec(IESParameterSpec.class); - } - catch (Exception e) - { - throw new InvalidAlgorithmParameterException("cannot recognise parameters: " + e.toString()); - } - } - - engineParam = params; - engineInit(opmode, key, paramSpec, random); - - } - - - public void engineInit( - int opmode, - Key key, - AlgorithmParameterSpec engineSpec, - SecureRandom random) - throws InvalidAlgorithmParameterException, InvalidKeyException - { - otherKeyParameter = null; - - // Use default parameters (including cipher key size) if none are specified - if (engineSpec == null) - { - this.engineSpec = IESUtil.guessParameterSpec(engine); - } - else if (engineSpec instanceof IESParameterSpec) - { - this.engineSpec = (IESParameterSpec)engineSpec; - } - else - { - throw new InvalidAlgorithmParameterException("must be passed IES parameters"); - } - - byte[] nonce = this.engineSpec.getNonce(); - - if (nonce != null) - { - if (ivLength == 0) - { - throw new InvalidAlgorithmParameterException("NONCE present in IES Parameters when none required"); - } - else if (nonce.length != ivLength) - { - throw new InvalidAlgorithmParameterException("NONCE in IES Parameters needs to be " + ivLength + " bytes long"); - } - } - - // Parse the recipient's key - if (opmode == Cipher.ENCRYPT_MODE || opmode == Cipher.WRAP_MODE) - { - if (key instanceof ECPublicKey) - { - this.key = ECUtil.generatePublicKeyParameter((PublicKey)key); - } - else if (key instanceof IESKey) - { - IESKey ieKey = (IESKey)key; - - this.key = ECUtil.generatePublicKeyParameter(ieKey.getPublic()); - this.otherKeyParameter = ECUtil.generatePrivateKeyParameter(ieKey.getPrivate()); - } - else - { - throw new InvalidKeyException("must be passed recipient's public EC key for encryption"); - } - } - else if (opmode == Cipher.DECRYPT_MODE || opmode == Cipher.UNWRAP_MODE) - { - if (key instanceof ECPrivateKey) - { - this.key = ECUtil.generatePrivateKeyParameter((PrivateKey)key); - } - else if (key instanceof IESKey) - { - IESKey ieKey = (IESKey)key; - - this.otherKeyParameter = ECUtil.generatePublicKeyParameter(ieKey.getPublic()); - this.key = ECUtil.generatePrivateKeyParameter(ieKey.getPrivate()); - } - else - { - throw new InvalidKeyException("must be passed recipient's private EC key for decryption"); - } - } - else - { - throw new InvalidKeyException("must be passed EC key"); - } - - - this.random = random; - this.state = opmode; - buffer.reset(); - - } - - - public void engineInit( - int opmode, - Key key, - SecureRandom random) - throws InvalidKeyException - { - try - { - engineInit(opmode, key, (AlgorithmParameterSpec)null, random); - } - catch (InvalidAlgorithmParameterException e) - { - throw new IllegalArgumentException("can't handle supplied parameter spec"); - } - - } - - - // Update methods - buffer the input - - public byte[] engineUpdate( - byte[] input, - int inputOffset, - int inputLen) - { - buffer.write(input, inputOffset, inputLen); - return null; - } - - - public int engineUpdate( - byte[] input, - int inputOffset, - int inputLen, - byte[] output, - int outputOffset) - { - buffer.write(input, inputOffset, inputLen); - return 0; - } - - - // Finalisation methods - - public byte[] engineDoFinal( - byte[] input, - int inputOffset, - int inputLen) - throws IllegalBlockSizeException, BadPaddingException - { - if (inputLen != 0) - { - buffer.write(input, inputOffset, inputLen); - } - - final byte[] in = buffer.toByteArray(); - buffer.reset(); - - // Convert parameters for use in IESEngine - CipherParameters params = new IESWithCipherParameters(engineSpec.getDerivationV(), - engineSpec.getEncodingV(), - engineSpec.getMacKeySize(), - engineSpec.getCipherKeySize()); - - if (engineSpec.getNonce() != null) - { - params = new ParametersWithIV(params, engineSpec.getNonce()); - } - - final ECDomainParameters ecParams = ((ECKeyParameters)key).getParameters(); - - final byte[] V; - - if (otherKeyParameter != null) - { - try - { - if (state == Cipher.ENCRYPT_MODE || state == Cipher.WRAP_MODE) - { - engine.init(true, otherKeyParameter, key, params); - } - else - { - engine.init(false, key, otherKeyParameter, params); - } - return engine.processBlock(in, 0, in.length); - } - catch (Exception e) - { - throw new BadPaddingException(e.getMessage()); - } - } - - if (state == Cipher.ENCRYPT_MODE || state == Cipher.WRAP_MODE) - { - // Generate the ephemeral key pair - ECKeyPairGenerator gen = new ECKeyPairGenerator(); - gen.init(new ECKeyGenerationParameters(ecParams, random)); - - EphemeralKeyPairGenerator kGen = new EphemeralKeyPairGenerator(gen, new KeyEncoder() - { - public byte[] getEncoded(AsymmetricKeyParameter keyParameter) - { - return ((ECPublicKeyParameters)keyParameter).getQ().getEncoded(); - } - }); - - // Encrypt the buffer - try - { - engine.init(key, params, kGen); - - return engine.processBlock(in, 0, in.length); - } - catch (Exception e) - { - throw new BadPaddingException(e.getMessage()); - } - - } - else if (state == Cipher.DECRYPT_MODE || state == Cipher.UNWRAP_MODE) - { - // Decrypt the buffer - try - { - engine.init(key, params, new ECIESPublicKeyParser(ecParams)); - - return engine.processBlock(in, 0, in.length); - } - catch (InvalidCipherTextException e) - { - throw new BadPaddingException(e.getMessage()); - } - } - else - { - throw new IllegalStateException("cipher not initialised"); - } - - } - - public int engineDoFinal( - byte[] input, - int inputOffset, - int inputLength, - byte[] output, - int outputOffset) - throws ShortBufferException, IllegalBlockSizeException, BadPaddingException - { - - byte[] buf = engineDoFinal(input, inputOffset, inputLength); - System.arraycopy(buf, 0, output, outputOffset, buf.length); - return buf.length; - } - - - /** - * Classes that inherit from us - */ - - static public class ECIES - extends IESCipher - { - public ECIES() - { - super(new IESEngine(new ECDHBasicAgreement(), - new KDF2BytesGenerator(new SHA1Digest()), - new HMac(new SHA1Digest()))); - } - } - - static public class ECIESwithDESede - extends IESCipher - { - public ECIESwithDESede() - { - super(new IESEngine(new ECDHBasicAgreement(), - new KDF2BytesGenerator(new SHA1Digest()), - new HMac(new SHA1Digest()), - new PaddedBufferedBlockCipher(new DESedeEngine()))); - } - } - - static public class ECIESwithAES - extends IESCipher - { - public ECIESwithAES() - { - super(new IESEngine(new ECDHBasicAgreement(), - new KDF2BytesGenerator(new SHA1Digest()), - new HMac(new SHA1Digest()), - new PaddedBufferedBlockCipher(new AESEngine()))); - } - } - - static public class ECIESwithDESedeCBC - extends IESCipher - { - public ECIESwithDESedeCBC() - { - super(new IESEngine(new ECDHBasicAgreement(), - new KDF2BytesGenerator(new SHA1Digest()), - new HMac(new SHA1Digest()), - new PaddedBufferedBlockCipher(new CBCBlockCipher(new DESedeEngine()))), 8); - } - } - - static public class ECIESwithAESCBC - extends IESCipher - { - public ECIESwithAESCBC() - { - super(new IESEngine(new ECDHBasicAgreement(), - new KDF2BytesGenerator(new SHA1Digest()), - new HMac(new SHA1Digest()), - new PaddedBufferedBlockCipher(new CBCBlockCipher(new AESEngine()))), 16); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java deleted file mode 100644 index 4ea57fee..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java +++ /dev/null @@ -1,361 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.ec; - -import java.math.BigInteger; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; -import java.util.Hashtable; - -import javax.crypto.SecretKey; -import javax.crypto.ShortBufferException; -import javax.crypto.spec.SecretKeySpec; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x9.X9IntegerConverter; -import org.bouncycastle.crypto.BasicAgreement; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DerivationFunction; -import org.bouncycastle.crypto.agreement.ECDHBasicAgreement; -import org.bouncycastle.crypto.agreement.ECDHCBasicAgreement; -import org.bouncycastle.crypto.agreement.ECMQVBasicAgreement; -import org.bouncycastle.crypto.agreement.kdf.DHKDFParameters; -import org.bouncycastle.crypto.agreement.kdf.ECDHKEKGenerator; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.params.DESParameters; -import org.bouncycastle.crypto.params.ECDomainParameters; -import org.bouncycastle.crypto.params.ECPrivateKeyParameters; -import org.bouncycastle.crypto.params.ECPublicKeyParameters; -import org.bouncycastle.crypto.params.MQVPrivateParameters; -import org.bouncycastle.crypto.params.MQVPublicParameters; -import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; -import org.bouncycastle.jce.interfaces.ECPrivateKey; -import org.bouncycastle.jce.interfaces.ECPublicKey; -import org.bouncycastle.jce.interfaces.MQVPrivateKey; -import org.bouncycastle.jce.interfaces.MQVPublicKey; -import org.bouncycastle.util.Integers; -import org.bouncycastle.util.Strings; - -/** - * Diffie-Hellman key agreement using elliptic curve keys, ala IEEE P1363 - * both the simple one, and the simple one with cofactors are supported. - * - * Also, MQV key agreement per SEC-1 - */ -public class KeyAgreementSpi - extends javax.crypto.KeyAgreementSpi -{ - private static final X9IntegerConverter converter = new X9IntegerConverter(); - private static final Hashtable algorithms = new Hashtable(); - private static final Hashtable oids = new Hashtable(); - private static final Hashtable des = new Hashtable(); - - static - { - Integer i64 = Integers.valueOf(64); - Integer i128 = Integers.valueOf(128); - Integer i192 = Integers.valueOf(192); - Integer i256 = Integers.valueOf(256); - - algorithms.put(NISTObjectIdentifiers.id_aes128_CBC.getId(), i128); - algorithms.put(NISTObjectIdentifiers.id_aes192_CBC.getId(), i192); - algorithms.put(NISTObjectIdentifiers.id_aes256_CBC.getId(), i256); - algorithms.put(NISTObjectIdentifiers.id_aes128_wrap.getId(), i128); - algorithms.put(NISTObjectIdentifiers.id_aes192_wrap.getId(), i192); - algorithms.put(NISTObjectIdentifiers.id_aes256_wrap.getId(), i256); - algorithms.put(PKCSObjectIdentifiers.id_alg_CMS3DESwrap.getId(), i192); - algorithms.put(PKCSObjectIdentifiers.des_EDE3_CBC.getId(), i192); - algorithms.put(OIWObjectIdentifiers.desCBC.getId(), i64); - - oids.put("DESEDE", PKCSObjectIdentifiers.des_EDE3_CBC); - oids.put("AES", NISTObjectIdentifiers.id_aes256_CBC); - oids.put("DES", OIWObjectIdentifiers.desCBC); - - des.put("DES", "DES"); - des.put("DESEDE", "DES"); - des.put(OIWObjectIdentifiers.desCBC.getId(), "DES"); - des.put(PKCSObjectIdentifiers.des_EDE3_CBC.getId(), "DES"); - des.put(PKCSObjectIdentifiers.id_alg_CMS3DESwrap.getId(), "DES"); - } - - private String kaAlgorithm; - private BigInteger result; - private ECDomainParameters parameters; - private BasicAgreement agreement; - private DerivationFunction kdf; - - private byte[] bigIntToBytes( - BigInteger r) - { - return converter.integerToBytes(r, converter.getByteLength(parameters.getCurve())); - } - - protected KeyAgreementSpi( - String kaAlgorithm, - BasicAgreement agreement, - DerivationFunction kdf) - { - this.kaAlgorithm = kaAlgorithm; - this.agreement = agreement; - this.kdf = kdf; - } - - protected Key engineDoPhase( - Key key, - boolean lastPhase) - throws InvalidKeyException, IllegalStateException - { - if (parameters == null) - { - throw new IllegalStateException(kaAlgorithm + " not initialised."); - } - - if (!lastPhase) - { - throw new IllegalStateException(kaAlgorithm + " can only be between two parties."); - } - - CipherParameters pubKey; - if (agreement instanceof ECMQVBasicAgreement) - { - if (!(key instanceof MQVPublicKey)) - { - throw new InvalidKeyException(kaAlgorithm + " key agreement requires " - + getSimpleName(MQVPublicKey.class) + " for doPhase"); - } - - MQVPublicKey mqvPubKey = (MQVPublicKey)key; - ECPublicKeyParameters staticKey = (ECPublicKeyParameters) - ECUtil.generatePublicKeyParameter(mqvPubKey.getStaticKey()); - ECPublicKeyParameters ephemKey = (ECPublicKeyParameters) - ECUtil.generatePublicKeyParameter(mqvPubKey.getEphemeralKey()); - - pubKey = new MQVPublicParameters(staticKey, ephemKey); - - // TODO Validate that all the keys are using the same parameters? - } - else - { - if (!(key instanceof PublicKey)) - { - throw new InvalidKeyException(kaAlgorithm + " key agreement requires " - + getSimpleName(ECPublicKey.class) + " for doPhase"); - } - - pubKey = ECUtil.generatePublicKeyParameter((PublicKey)key); - - // TODO Validate that all the keys are using the same parameters? - } - - result = agreement.calculateAgreement(pubKey); - - return null; - } - - protected byte[] engineGenerateSecret() - throws IllegalStateException - { - if (kdf != null) - { - throw new UnsupportedOperationException( - "KDF can only be used when algorithm is known"); - } - - return bigIntToBytes(result); - } - - protected int engineGenerateSecret( - byte[] sharedSecret, - int offset) - throws IllegalStateException, ShortBufferException - { - byte[] secret = engineGenerateSecret(); - - if (sharedSecret.length - offset < secret.length) - { - throw new ShortBufferException(kaAlgorithm + " key agreement: need " + secret.length + " bytes"); - } - - System.arraycopy(secret, 0, sharedSecret, offset, secret.length); - - return secret.length; - } - - protected SecretKey engineGenerateSecret( - String algorithm) - throws NoSuchAlgorithmException - { - byte[] secret = bigIntToBytes(result); - String algKey = Strings.toUpperCase(algorithm); - String oidAlgorithm = algorithm; - - if (oids.containsKey(algKey)) - { - oidAlgorithm = ((ASN1ObjectIdentifier)oids.get(algKey)).getId(); - } - - if (kdf != null) - { - if (!algorithms.containsKey(oidAlgorithm)) - { - throw new NoSuchAlgorithmException("unknown algorithm encountered: " + algorithm); - } - - int keySize = ((Integer)algorithms.get(oidAlgorithm)).intValue(); - - DHKDFParameters params = new DHKDFParameters(new ASN1ObjectIdentifier(oidAlgorithm), keySize, secret); - - byte[] keyBytes = new byte[keySize / 8]; - kdf.init(params); - kdf.generateBytes(keyBytes, 0, keyBytes.length); - secret = keyBytes; - } - else - { - if (algorithms.containsKey(oidAlgorithm)) - { - Integer length = (Integer)algorithms.get(oidAlgorithm); - - byte[] key = new byte[length.intValue() / 8]; - - System.arraycopy(secret, 0, key, 0, key.length); - - secret = key; - } - } - - if (des.containsKey(oidAlgorithm)) - { - DESParameters.setOddParity(secret); - } - - return new SecretKeySpec(secret, algorithm); - } - - protected void engineInit( - Key key, - AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - if (params != null) - { - throw new InvalidAlgorithmParameterException("No algorithm parameters supported"); - } - - initFromKey(key); - } - - protected void engineInit( - Key key, - SecureRandom random) - throws InvalidKeyException - { - initFromKey(key); - } - - private void initFromKey(Key key) - throws InvalidKeyException - { - if (agreement instanceof ECMQVBasicAgreement) - { - if (!(key instanceof MQVPrivateKey)) - { - throw new InvalidKeyException(kaAlgorithm + " key agreement requires " - + getSimpleName(MQVPrivateKey.class) + " for initialisation"); - } - - MQVPrivateKey mqvPrivKey = (MQVPrivateKey)key; - ECPrivateKeyParameters staticPrivKey = (ECPrivateKeyParameters) - ECUtil.generatePrivateKeyParameter(mqvPrivKey.getStaticPrivateKey()); - ECPrivateKeyParameters ephemPrivKey = (ECPrivateKeyParameters) - ECUtil.generatePrivateKeyParameter(mqvPrivKey.getEphemeralPrivateKey()); - - ECPublicKeyParameters ephemPubKey = null; - if (mqvPrivKey.getEphemeralPublicKey() != null) - { - ephemPubKey = (ECPublicKeyParameters) - ECUtil.generatePublicKeyParameter(mqvPrivKey.getEphemeralPublicKey()); - } - - MQVPrivateParameters localParams = new MQVPrivateParameters(staticPrivKey, ephemPrivKey, ephemPubKey); - this.parameters = staticPrivKey.getParameters(); - - // TODO Validate that all the keys are using the same parameters? - - agreement.init(localParams); - } - else - { - if (!(key instanceof PrivateKey)) - { - throw new InvalidKeyException(kaAlgorithm + " key agreement requires " - + getSimpleName(ECPrivateKey.class) + " for initialisation"); - } - - ECPrivateKeyParameters privKey = (ECPrivateKeyParameters)ECUtil.generatePrivateKeyParameter((PrivateKey)key); - this.parameters = privKey.getParameters(); - - agreement.init(privKey); - } - } - - private static String getSimpleName(Class clazz) - { - String fullName = clazz.getName(); - - return fullName.substring(fullName.lastIndexOf('.') + 1); - } - - public static class DH - extends KeyAgreementSpi - { - public DH() - { - super("ECDH", new ECDHBasicAgreement(), null); - } - } - - public static class DHC - extends KeyAgreementSpi - { - public DHC() - { - super("ECDHC", new ECDHCBasicAgreement(), null); - } - } - - public static class MQV - extends KeyAgreementSpi - { - public MQV() - { - super("ECMQV", new ECMQVBasicAgreement(), null); - } - } - - public static class DHwithSHA1KDF - extends KeyAgreementSpi - { - public DHwithSHA1KDF() - { - super("ECDHwithSHA1KDF", new ECDHBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest())); - } - } - - public static class MQVwithSHA1KDF - extends KeyAgreementSpi - { - public MQVwithSHA1KDF() - { - super("ECMQVwithSHA1KDF", new ECMQVBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest())); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java deleted file mode 100644 index 20555c29..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java +++ /dev/null @@ -1,239 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.ec; - -import java.io.IOException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.interfaces.ECPrivateKey; -import java.security.interfaces.ECPublicKey; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.KeySpec; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.jcajce.provider.asymmetric.util.BaseKeyFactorySpi; -import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; -import org.bouncycastle.jcajce.provider.config.ProviderConfiguration; -import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.jce.spec.ECParameterSpec; -import org.bouncycastle.jce.spec.ECPrivateKeySpec; -import org.bouncycastle.jce.spec.ECPublicKeySpec; - -public class KeyFactorySpi - extends BaseKeyFactorySpi - implements AsymmetricKeyInfoConverter -{ - String algorithm; - ProviderConfiguration configuration; - - KeyFactorySpi( - String algorithm, - ProviderConfiguration configuration) - { - this.algorithm = algorithm; - this.configuration = configuration; - } - - protected Key engineTranslateKey( - Key key) - throws InvalidKeyException - { - if (key instanceof ECPublicKey) - { - return new BCECPublicKey((ECPublicKey)key, configuration); - } - else if (key instanceof ECPrivateKey) - { - return new BCECPrivateKey((ECPrivateKey)key, configuration); - } - - throw new InvalidKeyException("key type unknown"); - } - - protected KeySpec engineGetKeySpec( - Key key, - Class spec) - throws InvalidKeySpecException - { - if (spec.isAssignableFrom(java.security.spec.ECPublicKeySpec.class) && key instanceof ECPublicKey) - { - ECPublicKey k = (ECPublicKey)key; - if (k.getParams() != null) - { - return new java.security.spec.ECPublicKeySpec(k.getW(), k.getParams()); - } - else - { - ECParameterSpec implicitSpec = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); - - return new java.security.spec.ECPublicKeySpec(k.getW(), EC5Util.convertSpec(EC5Util.convertCurve(implicitSpec.getCurve(), implicitSpec.getSeed()), implicitSpec)); - } - } - else if (spec.isAssignableFrom(java.security.spec.ECPrivateKeySpec.class) && key instanceof ECPrivateKey) - { - ECPrivateKey k = (ECPrivateKey)key; - - if (k.getParams() != null) - { - return new java.security.spec.ECPrivateKeySpec(k.getS(), k.getParams()); - } - else - { - ECParameterSpec implicitSpec = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); - - return new java.security.spec.ECPrivateKeySpec(k.getS(), EC5Util.convertSpec(EC5Util.convertCurve(implicitSpec.getCurve(), implicitSpec.getSeed()), implicitSpec)); - } - } - else if (spec.isAssignableFrom(org.bouncycastle.jce.spec.ECPublicKeySpec.class) && key instanceof ECPublicKey) - { - ECPublicKey k = (ECPublicKey)key; - if (k.getParams() != null) - { - return new org.bouncycastle.jce.spec.ECPublicKeySpec(EC5Util.convertPoint(k.getParams(), k.getW(), false), EC5Util.convertSpec(k.getParams(), false)); - } - else - { - ECParameterSpec implicitSpec = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); - - return new org.bouncycastle.jce.spec.ECPublicKeySpec(EC5Util.convertPoint(k.getParams(), k.getW(), false), implicitSpec); - } - } - else if (spec.isAssignableFrom(org.bouncycastle.jce.spec.ECPrivateKeySpec.class) && key instanceof ECPrivateKey) - { - ECPrivateKey k = (ECPrivateKey)key; - - if (k.getParams() != null) - { - return new org.bouncycastle.jce.spec.ECPrivateKeySpec(k.getS(), EC5Util.convertSpec(k.getParams(), false)); - } - else - { - ECParameterSpec implicitSpec = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); - - return new org.bouncycastle.jce.spec.ECPrivateKeySpec(k.getS(), implicitSpec); - } - } - - return super.engineGetKeySpec(key, spec); - } - - protected PrivateKey engineGeneratePrivate( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof ECPrivateKeySpec) - { - return new BCECPrivateKey(algorithm, (ECPrivateKeySpec)keySpec, configuration); - } - else if (keySpec instanceof java.security.spec.ECPrivateKeySpec) - { - return new BCECPrivateKey(algorithm, (java.security.spec.ECPrivateKeySpec)keySpec, configuration); - } - - return super.engineGeneratePrivate(keySpec); - } - - protected PublicKey engineGeneratePublic( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof ECPublicKeySpec) - { - return new BCECPublicKey(algorithm, (ECPublicKeySpec)keySpec, configuration); - } - else if (keySpec instanceof java.security.spec.ECPublicKeySpec) - { - return new BCECPublicKey(algorithm, (java.security.spec.ECPublicKeySpec)keySpec, configuration); - } - - return super.engineGeneratePublic(keySpec); - } - - public PrivateKey generatePrivate(PrivateKeyInfo keyInfo) - throws IOException - { - ASN1ObjectIdentifier algOid = keyInfo.getPrivateKeyAlgorithm().getAlgorithm(); - - if (algOid.equals(X9ObjectIdentifiers.id_ecPublicKey)) - { - return new BCECPrivateKey(algorithm, keyInfo, configuration); - } - else - { - throw new IOException("algorithm identifier " + algOid + " in key not recognised"); - } - } - - public PublicKey generatePublic(SubjectPublicKeyInfo keyInfo) - throws IOException - { - ASN1ObjectIdentifier algOid = keyInfo.getAlgorithm().getAlgorithm(); - - if (algOid.equals(X9ObjectIdentifiers.id_ecPublicKey)) - { - return new BCECPublicKey(algorithm, keyInfo, configuration); - } - else - { - throw new IOException("algorithm identifier " + algOid + " in key not recognised"); - } - } - - public static class EC - extends KeyFactorySpi - { - public EC() - { - super("EC", BouncyCastleProvider.CONFIGURATION); - } - } - - public static class ECDSA - extends KeyFactorySpi - { - public ECDSA() - { - super("ECDSA", BouncyCastleProvider.CONFIGURATION); - } - } - - public static class ECGOST3410 - extends KeyFactorySpi - { - public ECGOST3410() - { - super("ECGOST3410", BouncyCastleProvider.CONFIGURATION); - } - } - - public static class ECDH - extends KeyFactorySpi - { - public ECDH() - { - super("ECDH", BouncyCastleProvider.CONFIGURATION); - } - } - - public static class ECDHC - extends KeyFactorySpi - { - public ECDHC() - { - super("ECDHC", BouncyCastleProvider.CONFIGURATION); - } - } - - public static class ECMQV - extends KeyFactorySpi - { - public ECMQV() - { - super("ECMQV", BouncyCastleProvider.CONFIGURATION); - } - } -}
\ No newline at end of file diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java deleted file mode 100644 index ae9be26d..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java +++ /dev/null @@ -1,270 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.ec; - -import java.math.BigInteger; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidParameterException; -import java.security.KeyPair; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.ECGenParameterSpec; -import java.util.Hashtable; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.x9.ECNamedCurveTable; -import org.bouncycastle.asn1.x9.X9ECParameters; -import org.bouncycastle.crypto.AsymmetricCipherKeyPair; -import org.bouncycastle.crypto.generators.ECKeyPairGenerator; -import org.bouncycastle.crypto.params.ECDomainParameters; -import org.bouncycastle.crypto.params.ECKeyGenerationParameters; -import org.bouncycastle.crypto.params.ECPrivateKeyParameters; -import org.bouncycastle.crypto.params.ECPublicKeyParameters; -import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; -import org.bouncycastle.jcajce.provider.config.ProviderConfiguration; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.jce.spec.ECNamedCurveGenParameterSpec; -import org.bouncycastle.jce.spec.ECNamedCurveSpec; -import org.bouncycastle.jce.spec.ECParameterSpec; -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECPoint; -import org.bouncycastle.util.Integers; - -public abstract class KeyPairGeneratorSpi - extends java.security.KeyPairGenerator -{ - public KeyPairGeneratorSpi(String algorithmName) - { - super(algorithmName); - } - - public static class EC - extends KeyPairGeneratorSpi - { - ECKeyGenerationParameters param; - ECKeyPairGenerator engine = new ECKeyPairGenerator(); - Object ecParams = null; - int strength = 239; - int certainty = 50; - SecureRandom random = new SecureRandom(); - boolean initialised = false; - String algorithm; - ProviderConfiguration configuration; - - static private Hashtable ecParameters; - - static { - ecParameters = new Hashtable(); - - ecParameters.put(Integers.valueOf(192), new ECGenParameterSpec("prime192v1")); // a.k.a P-192 - ecParameters.put(Integers.valueOf(239), new ECGenParameterSpec("prime239v1")); - ecParameters.put(Integers.valueOf(256), new ECGenParameterSpec("prime256v1")); // a.k.a P-256 - - ecParameters.put(Integers.valueOf(224), new ECGenParameterSpec("P-224")); - ecParameters.put(Integers.valueOf(384), new ECGenParameterSpec("P-384")); - ecParameters.put(Integers.valueOf(521), new ECGenParameterSpec("P-521")); - } - - public EC() - { - super("EC"); - this.algorithm = "EC"; - this.configuration = BouncyCastleProvider.CONFIGURATION; - } - - public EC( - String algorithm, - ProviderConfiguration configuration) - { - super(algorithm); - this.algorithm = algorithm; - this.configuration = configuration; - } - - public void initialize( - int strength, - SecureRandom random) - { - this.strength = strength; - this.random = random; - - ECGenParameterSpec ecParams = (ECGenParameterSpec)ecParameters.get(Integers.valueOf(strength)); - if (ecParams == null) - { - throw new InvalidParameterException("unknown key size."); - } - - try - { - initialize(ecParams, random); - } - catch (InvalidAlgorithmParameterException e) - { - throw new InvalidParameterException("key size not configurable."); - } - } - - public void initialize( - AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - if (params == null) - { - ECParameterSpec implicitCA = configuration.getEcImplicitlyCa(); - if (implicitCA == null) - { - throw new InvalidAlgorithmParameterException("null parameter passed but no implicitCA set"); - } - - this.ecParams = null; - this.param = createKeyGenParamsBC(implicitCA, random); - } - else if (params instanceof ECParameterSpec) - { - this.ecParams = params; - this.param = createKeyGenParamsBC((ECParameterSpec)params, random); - } - else if (params instanceof java.security.spec.ECParameterSpec) - { - this.ecParams = params; - this.param = createKeyGenParamsJCE((java.security.spec.ECParameterSpec)params, random); - } - else if (params instanceof ECGenParameterSpec) - { - initializeNamedCurve(((ECGenParameterSpec)params).getName(), random); - } - else if (params instanceof ECNamedCurveGenParameterSpec) - { - initializeNamedCurve(((ECNamedCurveGenParameterSpec)params).getName(), random); - } - else - { - throw new InvalidAlgorithmParameterException("parameter object not a ECParameterSpec"); - } - - engine.init(param); - initialised = true; - } - - public KeyPair generateKeyPair() - { - if (!initialised) - { - initialize(strength, new SecureRandom()); - } - - AsymmetricCipherKeyPair pair = engine.generateKeyPair(); - ECPublicKeyParameters pub = (ECPublicKeyParameters)pair.getPublic(); - ECPrivateKeyParameters priv = (ECPrivateKeyParameters)pair.getPrivate(); - - if (ecParams instanceof ECParameterSpec) - { - ECParameterSpec p = (ECParameterSpec)ecParams; - - BCECPublicKey pubKey = new BCECPublicKey(algorithm, pub, p, configuration); - return new KeyPair(pubKey, - new BCECPrivateKey(algorithm, priv, pubKey, p, configuration)); - } - else if (ecParams == null) - { - return new KeyPair(new BCECPublicKey(algorithm, pub, configuration), - new BCECPrivateKey(algorithm, priv, configuration)); - } - else - { - java.security.spec.ECParameterSpec p = (java.security.spec.ECParameterSpec)ecParams; - - BCECPublicKey pubKey = new BCECPublicKey(algorithm, pub, p, configuration); - - return new KeyPair(pubKey, new BCECPrivateKey(algorithm, priv, pubKey, p, configuration)); - } - } - - protected ECKeyGenerationParameters createKeyGenParamsBC(ECParameterSpec p, SecureRandom r) - { - return new ECKeyGenerationParameters(new ECDomainParameters(p.getCurve(), p.getG(), p.getN()), r); - } - - protected ECKeyGenerationParameters createKeyGenParamsJCE(java.security.spec.ECParameterSpec p, SecureRandom r) - { - ECCurve curve = EC5Util.convertCurve(p.getCurve()); - ECPoint g = EC5Util.convertPoint(curve, p.getGenerator(), false); - BigInteger n = p.getOrder(); - BigInteger h = BigInteger.valueOf(p.getCofactor()); - ECDomainParameters dp = new ECDomainParameters(curve, g, n, h); - return new ECKeyGenerationParameters(dp, r); - } - - protected ECNamedCurveSpec createNamedCurveSpec(String curveName) - throws InvalidAlgorithmParameterException - { - // NOTE: Don't bother with custom curves here as the curve will be converted to JCE type shortly - - X9ECParameters p = ECNamedCurveTable.getByName(curveName); - if (p == null) - { - try - { - // Check whether it's actually an OID string (SunJSSE ServerHandshaker setupEphemeralECDHKeys bug) - p = ECNamedCurveTable.getByOID(new ASN1ObjectIdentifier(curveName)); - if (p == null) - { - throw new InvalidAlgorithmParameterException("unknown curve OID: " + curveName); - } - } - catch (IllegalArgumentException ex) - { - throw new InvalidAlgorithmParameterException("unknown curve name: " + curveName); - } - } - - // Work-around for JDK bug -- it won't look up named curves properly if seed is present - byte[] seed = null; //p.getSeed(); - - return new ECNamedCurveSpec(curveName, p.getCurve(), p.getG(), p.getN(), p.getH(), seed); - } - - protected void initializeNamedCurve(String curveName, SecureRandom random) - throws InvalidAlgorithmParameterException - { - ECNamedCurveSpec namedCurve = createNamedCurveSpec(curveName); - this.ecParams = namedCurve; - this.param = createKeyGenParamsJCE(namedCurve, random); - } - } - - public static class ECDSA - extends EC - { - public ECDSA() - { - super("ECDSA", BouncyCastleProvider.CONFIGURATION); - } - } - - public static class ECDH - extends EC - { - public ECDH() - { - super("ECDH", BouncyCastleProvider.CONFIGURATION); - } - } - - public static class ECDHC - extends EC - { - public ECDHC() - { - super("ECDHC", BouncyCastleProvider.CONFIGURATION); - } - } - - public static class ECMQV - extends EC - { - public ECMQV() - { - super("ECMQV", BouncyCastleProvider.CONFIGURATION); - } - } -}
\ No newline at end of file diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java deleted file mode 100644 index 5e2bb4e4..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java +++ /dev/null @@ -1,367 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.ec; - -import java.io.IOException; -import java.math.BigInteger; -import java.security.InvalidKeyException; -import java.security.PrivateKey; -import java.security.PublicKey; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DSA; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.NullDigest; -import org.bouncycastle.crypto.digests.RIPEMD160Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.digests.SHA224Digest; -import org.bouncycastle.crypto.digests.SHA256Digest; -import org.bouncycastle.crypto.digests.SHA384Digest; -import org.bouncycastle.crypto.digests.SHA512Digest; -import org.bouncycastle.crypto.params.ParametersWithRandom; -import org.bouncycastle.crypto.signers.ECDSASigner; -import org.bouncycastle.crypto.signers.ECNRSigner; -import org.bouncycastle.crypto.signers.HMacDSAKCalculator; -import org.bouncycastle.jcajce.provider.asymmetric.util.DSABase; -import org.bouncycastle.jcajce.provider.asymmetric.util.DSAEncoder; -import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; - -public class SignatureSpi - extends DSABase -{ - SignatureSpi(Digest digest, DSA signer, DSAEncoder encoder) - { - super(digest, signer, encoder); - } - - protected void engineInitVerify(PublicKey publicKey) - throws InvalidKeyException - { - CipherParameters param = ECUtil.generatePublicKeyParameter(publicKey); - - digest.reset(); - signer.init(false, param); - } - - protected void engineInitSign( - PrivateKey privateKey) - throws InvalidKeyException - { - CipherParameters param = ECUtil.generatePrivateKeyParameter(privateKey); - - digest.reset(); - - if (appRandom != null) - { - signer.init(true, new ParametersWithRandom(param, appRandom)); - } - else - { - signer.init(true, param); - } - } - - static public class ecDSA - extends SignatureSpi - { - public ecDSA() - { - super(new SHA1Digest(), new ECDSASigner(), new StdDSAEncoder()); - } - } - - static public class ecDetDSA - extends SignatureSpi - { - public ecDetDSA() - { - super(new SHA1Digest(), new ECDSASigner(new HMacDSAKCalculator(new SHA1Digest())), new StdDSAEncoder()); - } - } - - static public class ecDSAnone - extends SignatureSpi - { - public ecDSAnone() - { - super(new NullDigest(), new ECDSASigner(), new StdDSAEncoder()); - } - } - - static public class ecDSA224 - extends SignatureSpi - { - public ecDSA224() - { - super(new SHA224Digest(), new ECDSASigner(), new StdDSAEncoder()); - } - } - - static public class ecDetDSA224 - extends SignatureSpi - { - public ecDetDSA224() - { - super(new SHA224Digest(), new ECDSASigner(new HMacDSAKCalculator(new SHA224Digest())), new StdDSAEncoder()); - } - } - - static public class ecDSA256 - extends SignatureSpi - { - public ecDSA256() - { - super(new SHA256Digest(), new ECDSASigner(), new StdDSAEncoder()); - } - } - - static public class ecDetDSA256 - extends SignatureSpi - { - public ecDetDSA256() - { - super(new SHA256Digest(), new ECDSASigner(new HMacDSAKCalculator(new SHA256Digest())), new StdDSAEncoder()); - } - } - - static public class ecDSA384 - extends SignatureSpi - { - public ecDSA384() - { - super(new SHA384Digest(), new ECDSASigner(), new StdDSAEncoder()); - } - } - - static public class ecDetDSA384 - extends SignatureSpi - { - public ecDetDSA384() - { - super(new SHA384Digest(), new ECDSASigner(new HMacDSAKCalculator(new SHA384Digest())), new StdDSAEncoder()); - } - } - - static public class ecDSA512 - extends SignatureSpi - { - public ecDSA512() - { - super(new SHA512Digest(), new ECDSASigner(), new StdDSAEncoder()); - } - } - - static public class ecDetDSA512 - extends SignatureSpi - { - public ecDetDSA512() - { - super(new SHA512Digest(), new ECDSASigner(new HMacDSAKCalculator(new SHA512Digest())), new StdDSAEncoder()); - } - } - - static public class ecDSARipeMD160 - extends SignatureSpi - { - public ecDSARipeMD160() - { - super(new RIPEMD160Digest(), new ECDSASigner(), new StdDSAEncoder()); - } - } - - static public class ecNR - extends SignatureSpi - { - public ecNR() - { - super(new SHA1Digest(), new ECNRSigner(), new StdDSAEncoder()); - } - } - - static public class ecNR224 - extends SignatureSpi - { - public ecNR224() - { - super(new SHA224Digest(), new ECNRSigner(), new StdDSAEncoder()); - } - } - - static public class ecNR256 - extends SignatureSpi - { - public ecNR256() - { - super(new SHA256Digest(), new ECNRSigner(), new StdDSAEncoder()); - } - } - - static public class ecNR384 - extends SignatureSpi - { - public ecNR384() - { - super(new SHA384Digest(), new ECNRSigner(), new StdDSAEncoder()); - } - } - - static public class ecNR512 - extends SignatureSpi - { - public ecNR512() - { - super(new SHA512Digest(), new ECNRSigner(), new StdDSAEncoder()); - } - } - - static public class ecCVCDSA - extends SignatureSpi - { - public ecCVCDSA() - { - super(new SHA1Digest(), new ECDSASigner(), new PlainDSAEncoder()); - } - } - - static public class ecCVCDSA224 - extends SignatureSpi - { - public ecCVCDSA224() - { - super(new SHA224Digest(), new ECDSASigner(), new PlainDSAEncoder()); - } - } - - static public class ecCVCDSA256 - extends SignatureSpi - { - public ecCVCDSA256() - { - super(new SHA256Digest(), new ECDSASigner(), new PlainDSAEncoder()); - } - } - - static public class ecCVCDSA384 - extends SignatureSpi - { - public ecCVCDSA384() - { - super(new SHA384Digest(), new ECDSASigner(), new PlainDSAEncoder()); - } - } - - static public class ecCVCDSA512 - extends SignatureSpi - { - public ecCVCDSA512() - { - super(new SHA512Digest(), new ECDSASigner(), new PlainDSAEncoder()); - } - } - - static public class ecPlainDSARP160 - extends SignatureSpi - { - public ecPlainDSARP160() - { - super(new RIPEMD160Digest(), new ECDSASigner(), new PlainDSAEncoder()); - } - } - - private static class StdDSAEncoder - implements DSAEncoder - { - public byte[] encode( - BigInteger r, - BigInteger s) - throws IOException - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(new ASN1Integer(r)); - v.add(new ASN1Integer(s)); - - return new DERSequence(v).getEncoded(ASN1Encoding.DER); - } - - public BigInteger[] decode( - byte[] encoding) - throws IOException - { - ASN1Sequence s = (ASN1Sequence)ASN1Primitive.fromByteArray(encoding); - BigInteger[] sig = new BigInteger[2]; - - sig[0] = ASN1Integer.getInstance(s.getObjectAt(0)).getValue(); - sig[1] = ASN1Integer.getInstance(s.getObjectAt(1)).getValue(); - - return sig; - } - } - - private static class PlainDSAEncoder - implements DSAEncoder - { - public byte[] encode( - BigInteger r, - BigInteger s) - throws IOException - { - byte[] first = makeUnsigned(r); - byte[] second = makeUnsigned(s); - byte[] res; - - if (first.length > second.length) - { - res = new byte[first.length * 2]; - } - else - { - res = new byte[second.length * 2]; - } - - System.arraycopy(first, 0, res, res.length / 2 - first.length, first.length); - System.arraycopy(second, 0, res, res.length - second.length, second.length); - - return res; - } - - - private byte[] makeUnsigned(BigInteger val) - { - byte[] res = val.toByteArray(); - - if (res[0] == 0) - { - byte[] tmp = new byte[res.length - 1]; - - System.arraycopy(res, 1, tmp, 0, tmp.length); - - return tmp; - } - - return res; - } - - public BigInteger[] decode( - byte[] encoding) - throws IOException - { - BigInteger[] sig = new BigInteger[2]; - - byte[] first = new byte[encoding.length / 2]; - byte[] second = new byte[encoding.length / 2]; - - System.arraycopy(encoding, 0, first, 0, first.length); - System.arraycopy(encoding, first.length, second, 0, second.length); - - sig[0] = new BigInteger(1, first); - sig[1] = new BigInteger(1, second); - - return sig; - } - } -}
\ No newline at end of file diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ecgost/BCECGOST3410PrivateKey.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ecgost/BCECGOST3410PrivateKey.java deleted file mode 100644 index 9bcc4d41..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ecgost/BCECGOST3410PrivateKey.java +++ /dev/null @@ -1,541 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.ecgost; - -import java.io.IOException; -import java.io.ObjectInputStream; -import java.io.ObjectOutputStream; -import java.math.BigInteger; -import java.security.interfaces.ECPrivateKey; -import java.security.spec.ECParameterSpec; -import java.security.spec.ECPoint; -import java.security.spec.ECPrivateKeySpec; -import java.security.spec.EllipticCurve; -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; -import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x9.X962Parameters; -import org.bouncycastle.asn1.x9.X9ECParameters; -import org.bouncycastle.crypto.params.ECDomainParameters; -import org.bouncycastle.crypto.params.ECPrivateKeyParameters; -import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; -import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; -import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl; -import org.bouncycastle.jce.ECGOST3410NamedCurveTable; -import org.bouncycastle.jce.interfaces.ECPointEncoder; -import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec; -import org.bouncycastle.jce.spec.ECNamedCurveSpec; -import org.bouncycastle.math.ec.ECCurve; - -public class BCECGOST3410PrivateKey - implements ECPrivateKey, org.bouncycastle.jce.interfaces.ECPrivateKey, PKCS12BagAttributeCarrier, ECPointEncoder -{ - static final long serialVersionUID = 7245981689601667138L; - - private String algorithm = "ECGOST3410"; - private boolean withCompression; - - private transient GOST3410PublicKeyAlgParameters gostParams; - private transient BigInteger d; - private transient ECParameterSpec ecSpec; - private transient DERBitString publicKey; - private transient PKCS12BagAttributeCarrierImpl attrCarrier = new PKCS12BagAttributeCarrierImpl(); - - protected BCECGOST3410PrivateKey() - { - } - - public BCECGOST3410PrivateKey( - ECPrivateKey key) - { - this.d = key.getS(); - this.algorithm = key.getAlgorithm(); - this.ecSpec = key.getParams(); - } - - public BCECGOST3410PrivateKey( - org.bouncycastle.jce.spec.ECPrivateKeySpec spec) - { - this.d = spec.getD(); - - if (spec.getParams() != null) // can be null if implicitlyCA - { - ECCurve curve = spec.getParams().getCurve(); - EllipticCurve ellipticCurve; - - ellipticCurve = EC5Util.convertCurve(curve, spec.getParams().getSeed()); - - this.ecSpec = EC5Util.convertSpec(ellipticCurve, spec.getParams()); - } - else - { - this.ecSpec = null; - } - } - - - public BCECGOST3410PrivateKey( - ECPrivateKeySpec spec) - { - this.d = spec.getS(); - this.ecSpec = spec.getParams(); - } - - public BCECGOST3410PrivateKey( - BCECGOST3410PrivateKey key) - { - this.d = key.d; - this.ecSpec = key.ecSpec; - this.withCompression = key.withCompression; - this.attrCarrier = key.attrCarrier; - this.publicKey = key.publicKey; - this.gostParams = key.gostParams; - } - - public BCECGOST3410PrivateKey( - String algorithm, - ECPrivateKeyParameters params, - BCECGOST3410PublicKey pubKey, - ECParameterSpec spec) - { - ECDomainParameters dp = params.getParameters(); - - this.algorithm = algorithm; - this.d = params.getD(); - - if (spec == null) - { - EllipticCurve ellipticCurve = EC5Util.convertCurve(dp.getCurve(), dp.getSeed()); - - this.ecSpec = new ECParameterSpec( - ellipticCurve, - new ECPoint( - dp.getG().getAffineXCoord().toBigInteger(), - dp.getG().getAffineYCoord().toBigInteger()), - dp.getN(), - dp.getH().intValue()); - } - else - { - this.ecSpec = spec; - } - - this.gostParams = pubKey.getGostParams(); - - publicKey = getPublicKeyDetails(pubKey); - } - - public BCECGOST3410PrivateKey( - String algorithm, - ECPrivateKeyParameters params, - BCECGOST3410PublicKey pubKey, - org.bouncycastle.jce.spec.ECParameterSpec spec) - { - ECDomainParameters dp = params.getParameters(); - - this.algorithm = algorithm; - this.d = params.getD(); - - if (spec == null) - { - EllipticCurve ellipticCurve = EC5Util.convertCurve(dp.getCurve(), dp.getSeed()); - - this.ecSpec = new ECParameterSpec( - ellipticCurve, - new ECPoint( - dp.getG().getAffineXCoord().toBigInteger(), - dp.getG().getAffineYCoord().toBigInteger()), - dp.getN(), - dp.getH().intValue()); - } - else - { - EllipticCurve ellipticCurve = EC5Util.convertCurve(spec.getCurve(), spec.getSeed()); - - this.ecSpec = new ECParameterSpec( - ellipticCurve, - new ECPoint( - spec.getG().getAffineXCoord().toBigInteger(), - spec.getG().getAffineYCoord().toBigInteger()), - spec.getN(), - spec.getH().intValue()); - } - - this.gostParams = pubKey.getGostParams(); - - publicKey = getPublicKeyDetails(pubKey); - } - - public BCECGOST3410PrivateKey( - String algorithm, - ECPrivateKeyParameters params) - { - this.algorithm = algorithm; - this.d = params.getD(); - this.ecSpec = null; - } - - BCECGOST3410PrivateKey( - PrivateKeyInfo info) - throws IOException - { - populateFromPrivKeyInfo(info); - } - - private void populateFromPrivKeyInfo(PrivateKeyInfo info) - throws IOException - { - ASN1Primitive p = info.getPrivateKeyAlgorithm().getParameters().toASN1Primitive(); - - if (p instanceof ASN1Sequence && (ASN1Sequence.getInstance(p).size() == 2 || ASN1Sequence.getInstance(p).size() == 3)) - { - gostParams = GOST3410PublicKeyAlgParameters.getInstance(info.getPrivateKeyAlgorithm().getParameters()); - - ECNamedCurveParameterSpec spec = ECGOST3410NamedCurveTable.getParameterSpec(ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet())); - - ECCurve curve = spec.getCurve(); - EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getSeed()); - - ecSpec = new ECNamedCurveSpec( - ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()), - ellipticCurve, - new ECPoint( - spec.getG().getAffineXCoord().toBigInteger(), - spec.getG().getAffineYCoord().toBigInteger()), - spec.getN(), spec.getH()); - - ASN1Encodable privKey = info.parsePrivateKey(); - - byte[] encVal = ASN1OctetString.getInstance(privKey).getOctets(); - byte[] dVal = new byte[encVal.length]; - - for (int i = 0; i != encVal.length; i++) - { - dVal[i] = encVal[encVal.length - 1 - i]; - } - - this.d = new BigInteger(1, dVal); - } - else - { - // for backwards compatibility - X962Parameters params = X962Parameters.getInstance(info.getPrivateKeyAlgorithm().getParameters()); - - if (params.isNamedCurve()) - { - ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(params.getParameters()); - X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid); - - if (ecP == null) // GOST Curve - { - ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid); - EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed()); - - ecSpec = new ECNamedCurveSpec( - ECGOST3410NamedCurves.getName(oid), - ellipticCurve, - new ECPoint( - gParam.getG().getAffineXCoord().toBigInteger(), - gParam.getG().getAffineYCoord().toBigInteger()), - gParam.getN(), - gParam.getH()); - } - else - { - EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed()); - - ecSpec = new ECNamedCurveSpec( - ECUtil.getCurveName(oid), - ellipticCurve, - new ECPoint( - ecP.getG().getAffineXCoord().toBigInteger(), - ecP.getG().getAffineYCoord().toBigInteger()), - ecP.getN(), - ecP.getH()); - } - } - else if (params.isImplicitlyCA()) - { - ecSpec = null; - } - else - { - X9ECParameters ecP = X9ECParameters.getInstance(params.getParameters()); - EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed()); - - this.ecSpec = new ECParameterSpec( - ellipticCurve, - new ECPoint( - ecP.getG().getAffineXCoord().toBigInteger(), - ecP.getG().getAffineYCoord().toBigInteger()), - ecP.getN(), - ecP.getH().intValue()); - } - - ASN1Encodable privKey = info.parsePrivateKey(); - if (privKey instanceof ASN1Integer) - { - ASN1Integer derD = ASN1Integer.getInstance(privKey); - - this.d = derD.getValue(); - } - else - { - org.bouncycastle.asn1.sec.ECPrivateKey ec = org.bouncycastle.asn1.sec.ECPrivateKey.getInstance(privKey); - - this.d = ec.getKey(); - this.publicKey = ec.getPublicKey(); - } - } - } - - public String getAlgorithm() - { - return algorithm; - } - - /** - * return the encoding format we produce in getEncoded(). - * - * @return the string "PKCS#8" - */ - public String getFormat() - { - return "PKCS#8"; - } - - /** - * Return a PKCS8 representation of the key. The sequence returned - * represents a full PrivateKeyInfo object. - * - * @return a PKCS8 representation of the key. - */ - public byte[] getEncoded() - { - if (gostParams != null) - { - byte[] encKey = new byte[32]; - - extractBytes(encKey, 0, this.getS()); - - try - { - PrivateKeyInfo info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, gostParams), new DEROctetString(encKey)); - - return info.getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - return null; - } - } - else - { - X962Parameters params; - - if (ecSpec instanceof ECNamedCurveSpec) - { - ASN1ObjectIdentifier curveOid = ECUtil.getNamedCurveOid(((ECNamedCurveSpec)ecSpec).getName()); - if (curveOid == null) // guess it's the OID - { - curveOid = new ASN1ObjectIdentifier(((ECNamedCurveSpec)ecSpec).getName()); - } - params = new X962Parameters(curveOid); - } - else if (ecSpec == null) - { - params = new X962Parameters(DERNull.INSTANCE); - } - else - { - ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve()); - - X9ECParameters ecP = new X9ECParameters( - curve, - EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression), - ecSpec.getOrder(), - BigInteger.valueOf(ecSpec.getCofactor()), - ecSpec.getCurve().getSeed()); - - params = new X962Parameters(ecP); - } - - PrivateKeyInfo info; - org.bouncycastle.asn1.sec.ECPrivateKey keyStructure; - - if (publicKey != null) - { - keyStructure = new org.bouncycastle.asn1.sec.ECPrivateKey(this.getS(), publicKey, params); - } - else - { - keyStructure = new org.bouncycastle.asn1.sec.ECPrivateKey(this.getS(), params); - } - - try - { - info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.toASN1Primitive()), keyStructure.toASN1Primitive()); - - return info.getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - return null; - } - } - } - - private void extractBytes(byte[] encKey, int offSet, BigInteger bI) - { - byte[] val = bI.toByteArray(); - if (val.length < 32) - { - byte[] tmp = new byte[32]; - System.arraycopy(val, 0, tmp, tmp.length - val.length, val.length); - val = tmp; - } - - for (int i = 0; i != 32; i++) - { - encKey[offSet + i] = val[val.length - 1 - i]; - } - } - - public ECParameterSpec getParams() - { - return ecSpec; - } - - public org.bouncycastle.jce.spec.ECParameterSpec getParameters() - { - if (ecSpec == null) - { - return null; - } - - return EC5Util.convertSpec(ecSpec, withCompression); - } - - org.bouncycastle.jce.spec.ECParameterSpec engineGetSpec() - { - if (ecSpec != null) - { - return EC5Util.convertSpec(ecSpec, withCompression); - } - - return BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); - } - - public BigInteger getS() - { - return d; - } - - public BigInteger getD() - { - return d; - } - - public void setBagAttribute( - ASN1ObjectIdentifier oid, - ASN1Encodable attribute) - { - attrCarrier.setBagAttribute(oid, attribute); - } - - public ASN1Encodable getBagAttribute( - ASN1ObjectIdentifier oid) - { - return attrCarrier.getBagAttribute(oid); - } - - public Enumeration getBagAttributeKeys() - { - return attrCarrier.getBagAttributeKeys(); - } - - public void setPointFormat(String style) - { - withCompression = !("UNCOMPRESSED".equalsIgnoreCase(style)); - } - - public boolean equals(Object o) - { - if (!(o instanceof BCECGOST3410PrivateKey)) - { - return false; - } - - BCECGOST3410PrivateKey other = (BCECGOST3410PrivateKey)o; - - return getD().equals(other.getD()) && (engineGetSpec().equals(other.engineGetSpec())); - } - - public int hashCode() - { - return getD().hashCode() ^ engineGetSpec().hashCode(); - } - - public String toString() - { - StringBuffer buf = new StringBuffer(); - String nl = System.getProperty("line.separator"); - - buf.append("EC Private Key").append(nl); - buf.append(" S: ").append(this.d.toString(16)).append(nl); - - return buf.toString(); - - } - - private DERBitString getPublicKeyDetails(BCECGOST3410PublicKey pub) - { - try - { - SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(ASN1Primitive.fromByteArray(pub.getEncoded())); - - return info.getPublicKeyData(); - } - catch (IOException e) - { // should never happen - return null; - } - } - - private void readObject( - ObjectInputStream in) - throws IOException, ClassNotFoundException - { - in.defaultReadObject(); - - byte[] enc = (byte[])in.readObject(); - - populateFromPrivKeyInfo(PrivateKeyInfo.getInstance(ASN1Primitive.fromByteArray(enc))); - - this.attrCarrier = new PKCS12BagAttributeCarrierImpl(); - } - - private void writeObject( - ObjectOutputStream out) - throws IOException - { - out.defaultWriteObject(); - - out.writeObject(this.getEncoded()); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ecgost/BCECGOST3410PublicKey.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ecgost/BCECGOST3410PublicKey.java deleted file mode 100644 index 1240a0ff..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ecgost/BCECGOST3410PublicKey.java +++ /dev/null @@ -1,400 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.ecgost; - -import java.io.IOException; -import java.io.ObjectInputStream; -import java.io.ObjectOutputStream; -import java.math.BigInteger; -import java.security.interfaces.ECPublicKey; -import java.security.spec.ECParameterSpec; -import java.security.spec.ECPoint; -import java.security.spec.ECPublicKeySpec; -import java.security.spec.EllipticCurve; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; -import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x9.X962Parameters; -import org.bouncycastle.asn1.x9.X9ECParameters; -import org.bouncycastle.crypto.params.ECDomainParameters; -import org.bouncycastle.crypto.params.ECPublicKeyParameters; -import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; -import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; -import org.bouncycastle.jce.ECGOST3410NamedCurveTable; -import org.bouncycastle.jce.interfaces.ECPointEncoder; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec; -import org.bouncycastle.jce.spec.ECNamedCurveSpec; -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.custom.sec.SecP256K1Point; -import org.bouncycastle.math.ec.custom.sec.SecP256R1Point; - -public class BCECGOST3410PublicKey - implements ECPublicKey, org.bouncycastle.jce.interfaces.ECPublicKey, ECPointEncoder -{ - static final long serialVersionUID = 7026240464295649314L; - - private String algorithm = "ECGOST3410"; - private boolean withCompression; - - private transient org.bouncycastle.math.ec.ECPoint q; - private transient ECParameterSpec ecSpec; - private transient GOST3410PublicKeyAlgParameters gostParams; - - public BCECGOST3410PublicKey( - BCECGOST3410PublicKey key) - { - this.q = key.q; - this.ecSpec = key.ecSpec; - this.withCompression = key.withCompression; - this.gostParams = key.gostParams; - } - - public BCECGOST3410PublicKey( - ECPublicKeySpec spec) - { - this.ecSpec = spec.getParams(); - this.q = EC5Util.convertPoint(ecSpec, spec.getW(), false); - } - - public BCECGOST3410PublicKey( - org.bouncycastle.jce.spec.ECPublicKeySpec spec) - { - this.q = spec.getQ(); - - if (spec.getParams() != null) // can be null if implictlyCa - { - ECCurve curve = spec.getParams().getCurve(); - EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getParams().getSeed()); - - this.ecSpec = EC5Util.convertSpec(ellipticCurve, spec.getParams()); - } - else - { - if (q.getCurve() == null) - { - org.bouncycastle.jce.spec.ECParameterSpec s = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); - - q = s.getCurve().createPoint(q.getAffineXCoord().toBigInteger(), q.getAffineYCoord().toBigInteger()); - } - this.ecSpec = null; - } - } - - public BCECGOST3410PublicKey( - String algorithm, - ECPublicKeyParameters params, - ECParameterSpec spec) - { - ECDomainParameters dp = params.getParameters(); - - this.algorithm = algorithm; - this.q = params.getQ(); - - if (spec == null) - { - EllipticCurve ellipticCurve = EC5Util.convertCurve(dp.getCurve(), dp.getSeed()); - - this.ecSpec = createSpec(ellipticCurve, dp); - } - else - { - this.ecSpec = spec; - } - } - - public BCECGOST3410PublicKey( - String algorithm, - ECPublicKeyParameters params, - org.bouncycastle.jce.spec.ECParameterSpec spec) - { - ECDomainParameters dp = params.getParameters(); - - this.algorithm = algorithm; - this.q = params.getQ(); - - if (spec == null) - { - EllipticCurve ellipticCurve = EC5Util.convertCurve(dp.getCurve(), dp.getSeed()); - - this.ecSpec = createSpec(ellipticCurve, dp); - } - else - { - EllipticCurve ellipticCurve = EC5Util.convertCurve(spec.getCurve(), spec.getSeed()); - - this.ecSpec = EC5Util.convertSpec(ellipticCurve, spec); - } - } - - /* - * called for implicitCA - */ - public BCECGOST3410PublicKey( - String algorithm, - ECPublicKeyParameters params) - { - this.algorithm = algorithm; - this.q = params.getQ(); - this.ecSpec = null; - } - - private ECParameterSpec createSpec(EllipticCurve ellipticCurve, ECDomainParameters dp) - { - return new ECParameterSpec( - ellipticCurve, - new ECPoint( - dp.getG().getAffineXCoord().toBigInteger(), - dp.getG().getAffineYCoord().toBigInteger()), - dp.getN(), - dp.getH().intValue()); - } - - public BCECGOST3410PublicKey( - ECPublicKey key) - { - this.algorithm = key.getAlgorithm(); - this.ecSpec = key.getParams(); - this.q = EC5Util.convertPoint(this.ecSpec, key.getW(), false); - } - - BCECGOST3410PublicKey( - SubjectPublicKeyInfo info) - { - populateFromPubKeyInfo(info); - } - - private void populateFromPubKeyInfo(SubjectPublicKeyInfo info) - { - DERBitString bits = info.getPublicKeyData(); - ASN1OctetString key; - this.algorithm = "ECGOST3410"; - - try - { - key = (ASN1OctetString)ASN1Primitive.fromByteArray(bits.getBytes()); - } - catch (IOException ex) - { - throw new IllegalArgumentException("error recovering public key"); - } - - byte[] keyEnc = key.getOctets(); - byte[] x = new byte[32]; - byte[] y = new byte[32]; - - for (int i = 0; i != x.length; i++) - { - x[i] = keyEnc[32 - 1 - i]; - } - - for (int i = 0; i != y.length; i++) - { - y[i] = keyEnc[64 - 1 - i]; - } - - gostParams = GOST3410PublicKeyAlgParameters.getInstance(info.getAlgorithm().getParameters()); - - ECNamedCurveParameterSpec spec = ECGOST3410NamedCurveTable.getParameterSpec(ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet())); - - ECCurve curve = spec.getCurve(); - EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getSeed()); - - this.q = curve.createPoint(new BigInteger(1, x), new BigInteger(1, y)); - - ecSpec = new ECNamedCurveSpec( - ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()), - ellipticCurve, - new ECPoint( - spec.getG().getAffineXCoord().toBigInteger(), - spec.getG().getAffineYCoord().toBigInteger()), - spec.getN(), spec.getH()); - } - - public String getAlgorithm() - { - return algorithm; - } - - public String getFormat() - { - return "X.509"; - } - - public byte[] getEncoded() - { - ASN1Encodable params; - SubjectPublicKeyInfo info; - - if (gostParams != null) - { - params = gostParams; - } - else - { - if (ecSpec instanceof ECNamedCurveSpec) - { - params = new GOST3410PublicKeyAlgParameters( - ECGOST3410NamedCurves.getOID(((ECNamedCurveSpec)ecSpec).getName()), - CryptoProObjectIdentifiers.gostR3411_94_CryptoProParamSet); - } - else - { // strictly speaking this may not be applicable... - ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve()); - - X9ECParameters ecP = new X9ECParameters( - curve, - EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression), - ecSpec.getOrder(), - BigInteger.valueOf(ecSpec.getCofactor()), - ecSpec.getCurve().getSeed()); - - params = new X962Parameters(ecP); - } - } - - BigInteger bX = this.q.getAffineXCoord().toBigInteger(); - BigInteger bY = this.q.getAffineYCoord().toBigInteger(); - byte[] encKey = new byte[64]; - - extractBytes(encKey, 0, bX); - extractBytes(encKey, 32, bY); - - try - { - info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params), new DEROctetString(encKey)); - } - catch (IOException e) - { - return null; - } - - return KeyUtil.getEncodedSubjectPublicKeyInfo(info); - } - - private void extractBytes(byte[] encKey, int offSet, BigInteger bI) - { - byte[] val = bI.toByteArray(); - if (val.length < 32) - { - byte[] tmp = new byte[32]; - System.arraycopy(val, 0, tmp, tmp.length - val.length, val.length); - val = tmp; - } - - for (int i = 0; i != 32; i++) - { - encKey[offSet + i] = val[val.length - 1 - i]; - } - } - - public ECParameterSpec getParams() - { - return ecSpec; - } - - public org.bouncycastle.jce.spec.ECParameterSpec getParameters() - { - if (ecSpec == null) // implictlyCA - { - return null; - } - - return EC5Util.convertSpec(ecSpec, withCompression); - } - - public ECPoint getW() - { - return new ECPoint(q.getAffineXCoord().toBigInteger(), q.getAffineYCoord().toBigInteger()); - } - - public org.bouncycastle.math.ec.ECPoint getQ() - { - if (ecSpec == null) - { - return q.getDetachedPoint(); - } - - return q; - } - - public org.bouncycastle.math.ec.ECPoint engineGetQ() - { - return q; - } - - org.bouncycastle.jce.spec.ECParameterSpec engineGetSpec() - { - if (ecSpec != null) - { - return EC5Util.convertSpec(ecSpec, withCompression); - } - - return BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); - } - - public String toString() - { - StringBuffer buf = new StringBuffer(); - String nl = System.getProperty("line.separator"); - - buf.append("EC Public Key").append(nl); - buf.append(" X: ").append(this.q.getAffineXCoord().toBigInteger().toString(16)).append(nl); - buf.append(" Y: ").append(this.q.getAffineYCoord().toBigInteger().toString(16)).append(nl); - - return buf.toString(); - } - - public void setPointFormat(String style) - { - withCompression = !("UNCOMPRESSED".equalsIgnoreCase(style)); - } - - public boolean equals(Object o) - { - if (!(o instanceof BCECGOST3410PublicKey)) - { - return false; - } - - BCECGOST3410PublicKey other = (BCECGOST3410PublicKey)o; - - return engineGetQ().equals(other.engineGetQ()) && (engineGetSpec().equals(other.engineGetSpec())); - } - - public int hashCode() - { - return engineGetQ().hashCode() ^ engineGetSpec().hashCode(); - } - - private void readObject( - ObjectInputStream in) - throws IOException, ClassNotFoundException - { - in.defaultReadObject(); - - byte[] enc = (byte[])in.readObject(); - - populateFromPubKeyInfo(SubjectPublicKeyInfo.getInstance(ASN1Primitive.fromByteArray(enc))); - } - - private void writeObject( - ObjectOutputStream out) - throws IOException - { - out.defaultWriteObject(); - - out.writeObject(this.getEncoded()); - } - - public GOST3410PublicKeyAlgParameters getGostParams() - { - return gostParams; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ecgost/KeyFactorySpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ecgost/KeyFactorySpi.java deleted file mode 100644 index 61a34be5..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ecgost/KeyFactorySpi.java +++ /dev/null @@ -1,166 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.ecgost; - -import java.io.IOException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.interfaces.ECPrivateKey; -import java.security.interfaces.ECPublicKey; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.KeySpec; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; -import org.bouncycastle.jcajce.provider.asymmetric.util.BaseKeyFactorySpi; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.jce.spec.ECParameterSpec; -import org.bouncycastle.jce.spec.ECPrivateKeySpec; -import org.bouncycastle.jce.spec.ECPublicKeySpec; - -public class KeyFactorySpi - extends BaseKeyFactorySpi -{ - public KeyFactorySpi() - { - } - - protected KeySpec engineGetKeySpec( - Key key, - Class spec) - throws InvalidKeySpecException - { - if (spec.isAssignableFrom(java.security.spec.ECPublicKeySpec.class) && key instanceof ECPublicKey) - { - ECPublicKey k = (ECPublicKey)key; - if (k.getParams() != null) - { - return new java.security.spec.ECPublicKeySpec(k.getW(), k.getParams()); - } - else - { - ECParameterSpec implicitSpec = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); - - return new java.security.spec.ECPublicKeySpec(k.getW(), EC5Util.convertSpec(EC5Util.convertCurve(implicitSpec.getCurve(), implicitSpec.getSeed()), implicitSpec)); - } - } - else if (spec.isAssignableFrom(java.security.spec.ECPrivateKeySpec.class) && key instanceof ECPrivateKey) - { - ECPrivateKey k = (ECPrivateKey)key; - - if (k.getParams() != null) - { - return new java.security.spec.ECPrivateKeySpec(k.getS(), k.getParams()); - } - else - { - ECParameterSpec implicitSpec = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); - - return new java.security.spec.ECPrivateKeySpec(k.getS(), EC5Util.convertSpec(EC5Util.convertCurve(implicitSpec.getCurve(), implicitSpec.getSeed()), implicitSpec)); - } - } - else if (spec.isAssignableFrom(org.bouncycastle.jce.spec.ECPublicKeySpec.class) && key instanceof ECPublicKey) - { - ECPublicKey k = (ECPublicKey)key; - if (k.getParams() != null) - { - return new org.bouncycastle.jce.spec.ECPublicKeySpec(EC5Util.convertPoint(k.getParams(), k.getW(), false), EC5Util.convertSpec(k.getParams(), false)); - } - else - { - ECParameterSpec implicitSpec = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); - - return new org.bouncycastle.jce.spec.ECPublicKeySpec(EC5Util.convertPoint(k.getParams(), k.getW(), false), implicitSpec); - } - } - else if (spec.isAssignableFrom(org.bouncycastle.jce.spec.ECPrivateKeySpec.class) && key instanceof ECPrivateKey) - { - ECPrivateKey k = (ECPrivateKey)key; - - if (k.getParams() != null) - { - return new org.bouncycastle.jce.spec.ECPrivateKeySpec(k.getS(), EC5Util.convertSpec(k.getParams(), false)); - } - else - { - ECParameterSpec implicitSpec = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); - - return new org.bouncycastle.jce.spec.ECPrivateKeySpec(k.getS(), implicitSpec); - } - } - - return super.engineGetKeySpec(key, spec); - } - - protected Key engineTranslateKey( - Key key) - throws InvalidKeyException - { - throw new InvalidKeyException("key type unknown"); - } - - protected PrivateKey engineGeneratePrivate( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof ECPrivateKeySpec) - { - return new BCECGOST3410PrivateKey((ECPrivateKeySpec)keySpec); - } - else if (keySpec instanceof java.security.spec.ECPrivateKeySpec) - { - return new BCECGOST3410PrivateKey((java.security.spec.ECPrivateKeySpec)keySpec); - } - - return super.engineGeneratePrivate(keySpec); - } - - protected PublicKey engineGeneratePublic( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof ECPublicKeySpec) - { - return new BCECGOST3410PublicKey((ECPublicKeySpec)keySpec); - } - else if (keySpec instanceof java.security.spec.ECPublicKeySpec) - { - return new BCECGOST3410PublicKey((java.security.spec.ECPublicKeySpec)keySpec); - } - - return super.engineGeneratePublic(keySpec); - } - - public PrivateKey generatePrivate(PrivateKeyInfo keyInfo) - throws IOException - { - ASN1ObjectIdentifier algOid = keyInfo.getPrivateKeyAlgorithm().getAlgorithm(); - - if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_2001)) - { - return new BCECGOST3410PrivateKey(keyInfo); - } - else - { - throw new IOException("algorithm identifier " + algOid + " in key not recognised"); - } - } - - public PublicKey generatePublic(SubjectPublicKeyInfo keyInfo) - throws IOException - { - ASN1ObjectIdentifier algOid = keyInfo.getAlgorithm().getAlgorithm(); - - if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_2001)) - { - return new BCECGOST3410PublicKey(keyInfo); - } - else - { - throw new IOException("algorithm identifier " + algOid + " in key not recognised"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ecgost/KeyPairGeneratorSpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ecgost/KeyPairGeneratorSpi.java deleted file mode 100644 index efd74b4a..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ecgost/KeyPairGeneratorSpi.java +++ /dev/null @@ -1,186 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.ecgost; - -import java.math.BigInteger; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidParameterException; -import java.security.KeyPair; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.ECGenParameterSpec; - -import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; -import org.bouncycastle.crypto.AsymmetricCipherKeyPair; -import org.bouncycastle.crypto.generators.ECKeyPairGenerator; -import org.bouncycastle.crypto.params.ECDomainParameters; -import org.bouncycastle.crypto.params.ECKeyGenerationParameters; -import org.bouncycastle.crypto.params.ECPrivateKeyParameters; -import org.bouncycastle.crypto.params.ECPublicKeyParameters; -import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.jce.spec.ECNamedCurveGenParameterSpec; -import org.bouncycastle.jce.spec.ECNamedCurveSpec; -import org.bouncycastle.jce.spec.ECParameterSpec; -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECPoint; - -public class KeyPairGeneratorSpi - extends java.security.KeyPairGenerator -{ - Object ecParams = null; - ECKeyPairGenerator engine = new ECKeyPairGenerator(); - - String algorithm = "ECGOST3410"; - ECKeyGenerationParameters param; - int strength = 239; - SecureRandom random = null; - boolean initialised = false; - - public KeyPairGeneratorSpi() - { - super("ECGOST3410"); - } - - public void initialize( - int strength, - SecureRandom random) - { - this.strength = strength; - this.random = random; - - if (ecParams != null) - { - try - { - initialize((ECGenParameterSpec)ecParams, random); - } - catch (InvalidAlgorithmParameterException e) - { - throw new InvalidParameterException("key size not configurable."); - } - } - else - { - throw new InvalidParameterException("unknown key size."); - } - } - - public void initialize( - AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - if (params instanceof ECParameterSpec) - { - ECParameterSpec p = (ECParameterSpec)params; - this.ecParams = params; - - param = new ECKeyGenerationParameters(new ECDomainParameters(p.getCurve(), p.getG(), p.getN()), random); - - engine.init(param); - initialised = true; - } - else if (params instanceof java.security.spec.ECParameterSpec) - { - java.security.spec.ECParameterSpec p = (java.security.spec.ECParameterSpec)params; - this.ecParams = params; - - ECCurve curve = EC5Util.convertCurve(p.getCurve()); - ECPoint g = EC5Util.convertPoint(curve, p.getGenerator(), false); - - param = new ECKeyGenerationParameters(new ECDomainParameters(curve, g, p.getOrder(), BigInteger.valueOf(p.getCofactor())), random); - - engine.init(param); - initialised = true; - } - else if (params instanceof ECGenParameterSpec || params instanceof ECNamedCurveGenParameterSpec) - { - String curveName; - - if (params instanceof ECGenParameterSpec) - { - curveName = ((ECGenParameterSpec)params).getName(); - } - else - { - curveName = ((ECNamedCurveGenParameterSpec)params).getName(); - } - - ECDomainParameters ecP = ECGOST3410NamedCurves.getByName(curveName); - if (ecP == null) - { - throw new InvalidAlgorithmParameterException("unknown curve name: " + curveName); - } - - this.ecParams = new ECNamedCurveSpec( - curveName, - ecP.getCurve(), - ecP.getG(), - ecP.getN(), - ecP.getH(), - ecP.getSeed()); - - java.security.spec.ECParameterSpec p = (java.security.spec.ECParameterSpec)ecParams; - - ECCurve curve = EC5Util.convertCurve(p.getCurve()); - ECPoint g = EC5Util.convertPoint(curve, p.getGenerator(), false); - - param = new ECKeyGenerationParameters(new ECDomainParameters(curve, g, p.getOrder(), BigInteger.valueOf(p.getCofactor())), random); - - engine.init(param); - initialised = true; - } - else if (params == null && BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa() != null) - { - ECParameterSpec p = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); - this.ecParams = params; - - param = new ECKeyGenerationParameters(new ECDomainParameters(p.getCurve(), p.getG(), p.getN()), random); - - engine.init(param); - initialised = true; - } - else if (params == null && BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa() == null) - { - throw new InvalidAlgorithmParameterException("null parameter passed but no implicitCA set"); - } - else - { - throw new InvalidAlgorithmParameterException("parameter object not a ECParameterSpec: " + params.getClass().getName()); - } - } - - public KeyPair generateKeyPair() - { - if (!initialised) - { - throw new IllegalStateException("EC Key Pair Generator not initialised"); - } - - AsymmetricCipherKeyPair pair = engine.generateKeyPair(); - ECPublicKeyParameters pub = (ECPublicKeyParameters)pair.getPublic(); - ECPrivateKeyParameters priv = (ECPrivateKeyParameters)pair.getPrivate(); - - if (ecParams instanceof ECParameterSpec) - { - ECParameterSpec p = (ECParameterSpec)ecParams; - - BCECGOST3410PublicKey pubKey = new BCECGOST3410PublicKey(algorithm, pub, p); - return new KeyPair(pubKey, - new BCECGOST3410PrivateKey(algorithm, priv, pubKey, p)); - } - else if (ecParams == null) - { - return new KeyPair(new BCECGOST3410PublicKey(algorithm, pub), - new BCECGOST3410PrivateKey(algorithm, priv)); - } - else - { - java.security.spec.ECParameterSpec p = (java.security.spec.ECParameterSpec)ecParams; - - BCECGOST3410PublicKey pubKey = new BCECGOST3410PublicKey(algorithm, pub, p); - - return new KeyPair(pubKey, new BCECGOST3410PrivateKey(algorithm, priv, pubKey, p)); - } - } -} - diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ecgost/SignatureSpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ecgost/SignatureSpi.java deleted file mode 100644 index b59db8fa..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ecgost/SignatureSpi.java +++ /dev/null @@ -1,218 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.ecgost; - -import java.math.BigInteger; -import java.security.InvalidKeyException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SignatureException; -import java.security.spec.AlgorithmParameterSpec; - -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DSA; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.GOST3411Digest; -import org.bouncycastle.crypto.params.ParametersWithRandom; -import org.bouncycastle.crypto.signers.ECGOST3410Signer; -import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; -import org.bouncycastle.jce.interfaces.ECKey; -import org.bouncycastle.jce.interfaces.ECPublicKey; -import org.bouncycastle.jce.interfaces.GOST3410Key; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.jcajce.provider.asymmetric.util.GOST3410Util; - -public class SignatureSpi - extends java.security.SignatureSpi - implements PKCSObjectIdentifiers, X509ObjectIdentifiers -{ - private Digest digest; - private DSA signer; - - public SignatureSpi() - { - this.digest = new GOST3411Digest(); - this.signer = new ECGOST3410Signer(); - } - - protected void engineInitVerify( - PublicKey publicKey) - throws InvalidKeyException - { - CipherParameters param; - - if (publicKey instanceof ECPublicKey) - { - param = ECUtil.generatePublicKeyParameter(publicKey); - } - else if (publicKey instanceof GOST3410Key) - { - param = GOST3410Util.generatePublicKeyParameter(publicKey); - } - else - { - try - { - byte[] bytes = publicKey.getEncoded(); - - publicKey = BouncyCastleProvider.getPublicKey(SubjectPublicKeyInfo.getInstance(bytes)); - - if (publicKey instanceof ECPublicKey) - { - param = ECUtil.generatePublicKeyParameter(publicKey); - } - else - { - throw new InvalidKeyException("can't recognise key type in DSA based signer"); - } - } - catch (Exception e) - { - throw new InvalidKeyException("can't recognise key type in DSA based signer"); - } - } - - digest.reset(); - signer.init(false, param); - } - - protected void engineInitSign( - PrivateKey privateKey) - throws InvalidKeyException - { - CipherParameters param; - - if (privateKey instanceof ECKey) - { - param = ECUtil.generatePrivateKeyParameter(privateKey); - } - else - { - param = GOST3410Util.generatePrivateKeyParameter(privateKey); - } - - digest.reset(); - - if (appRandom != null) - { - signer.init(true, new ParametersWithRandom(param, appRandom)); - } - else - { - signer.init(true, param); - } - } - - protected void engineUpdate( - byte b) - throws SignatureException - { - digest.update(b); - } - - protected void engineUpdate( - byte[] b, - int off, - int len) - throws SignatureException - { - digest.update(b, off, len); - } - - protected byte[] engineSign() - throws SignatureException - { - byte[] hash = new byte[digest.getDigestSize()]; - - digest.doFinal(hash, 0); - - try - { - byte[] sigBytes = new byte[64]; - BigInteger[] sig = signer.generateSignature(hash); - byte[] r = sig[0].toByteArray(); - byte[] s = sig[1].toByteArray(); - - if (s[0] != 0) - { - System.arraycopy(s, 0, sigBytes, 32 - s.length, s.length); - } - else - { - System.arraycopy(s, 1, sigBytes, 32 - (s.length - 1), s.length - 1); - } - - if (r[0] != 0) - { - System.arraycopy(r, 0, sigBytes, 64 - r.length, r.length); - } - else - { - System.arraycopy(r, 1, sigBytes, 64 - (r.length - 1), r.length - 1); - } - - return sigBytes; - } - catch (Exception e) - { - throw new SignatureException(e.toString()); - } - } - - protected boolean engineVerify( - byte[] sigBytes) - throws SignatureException - { - byte[] hash = new byte[digest.getDigestSize()]; - - digest.doFinal(hash, 0); - - BigInteger[] sig; - - try - { - byte[] r = new byte[32]; - byte[] s = new byte[32]; - - System.arraycopy(sigBytes, 0, s, 0, 32); - - System.arraycopy(sigBytes, 32, r, 0, 32); - - sig = new BigInteger[2]; - sig[0] = new BigInteger(1, r); - sig[1] = new BigInteger(1, s); - } - catch (Exception e) - { - throw new SignatureException("error decoding signature bytes."); - } - - return signer.verifySignature(hash, sig[0], sig[1]); - } - - protected void engineSetParameter( - AlgorithmParameterSpec params) - { - throw new UnsupportedOperationException("engineSetParameter unsupported"); - } - - /** - * @deprecated replaced with <a href = "#engineSetParameter(java.security.spec.AlgorithmParameterSpec)"> - */ - protected void engineSetParameter( - String param, - Object value) - { - throw new UnsupportedOperationException("engineSetParameter unsupported"); - } - - /** - * @deprecated - */ - protected Object engineGetParameter( - String param) - { - throw new UnsupportedOperationException("engineSetParameter unsupported"); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/AlgorithmParameterGeneratorSpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/AlgorithmParameterGeneratorSpi.java deleted file mode 100644 index 9cb9c87d..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/AlgorithmParameterGeneratorSpi.java +++ /dev/null @@ -1,76 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.elgamal; - -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.spec.DHGenParameterSpec; -import javax.crypto.spec.DHParameterSpec; - -import org.bouncycastle.crypto.generators.ElGamalParametersGenerator; -import org.bouncycastle.crypto.params.ElGamalParameters; -import org.bouncycastle.jce.provider.BouncyCastleProvider; - -public class AlgorithmParameterGeneratorSpi - extends java.security.AlgorithmParameterGeneratorSpi -{ - protected SecureRandom random; - protected int strength = 1024; - - private int l = 0; - - protected void engineInit( - int strength, - SecureRandom random) - { - this.strength = strength; - this.random = random; - } - - protected void engineInit( - AlgorithmParameterSpec genParamSpec, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - if (!(genParamSpec instanceof DHGenParameterSpec)) - { - throw new InvalidAlgorithmParameterException("DH parameter generator requires a DHGenParameterSpec for initialisation"); - } - DHGenParameterSpec spec = (DHGenParameterSpec)genParamSpec; - - this.strength = spec.getPrimeSize(); - this.l = spec.getExponentSize(); - this.random = random; - } - - protected AlgorithmParameters engineGenerateParameters() - { - ElGamalParametersGenerator pGen = new ElGamalParametersGenerator(); - - if (random != null) - { - pGen.init(strength, 20, random); - } - else - { - pGen.init(strength, 20, new SecureRandom()); - } - - ElGamalParameters p = pGen.generateParameters(); - - AlgorithmParameters params; - - try - { - params = AlgorithmParameters.getInstance("ElGamal", BouncyCastleProvider.PROVIDER_NAME); - params.init(new DHParameterSpec(p.getP(), p.getG(), l)); - } - catch (Exception e) - { - throw new RuntimeException(e.getMessage()); - } - - return params; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/AlgorithmParametersSpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/AlgorithmParametersSpi.java deleted file mode 100644 index a77f0a40..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/AlgorithmParametersSpi.java +++ /dev/null @@ -1,130 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.elgamal; - -import java.io.IOException; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.InvalidParameterSpecException; - -import javax.crypto.spec.DHParameterSpec; - -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.oiw.ElGamalParameter; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameters; -import org.bouncycastle.jce.spec.ElGamalParameterSpec; - -public class AlgorithmParametersSpi - extends BaseAlgorithmParameters -{ - ElGamalParameterSpec currentSpec; - - /** - * Return the X.509 ASN.1 structure ElGamalParameter. - * <p/> - * <pre> - * ElGamalParameter ::= SEQUENCE { - * prime INTEGER, -- p - * base INTEGER, -- g} - * </pre> - */ - protected byte[] engineGetEncoded() - { - ElGamalParameter elP = new ElGamalParameter(currentSpec.getP(), currentSpec.getG()); - - try - { - return elP.getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - throw new RuntimeException("Error encoding ElGamalParameters"); - } - } - - protected byte[] engineGetEncoded( - String format) - { - if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) - { - return engineGetEncoded(); - } - - return null; - } - - protected AlgorithmParameterSpec localEngineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == ElGamalParameterSpec.class) - { - return currentSpec; - } - else if (paramSpec == DHParameterSpec.class) - { - return new DHParameterSpec(currentSpec.getP(), currentSpec.getG()); - } - - throw new InvalidParameterSpecException("unknown parameter spec passed to ElGamal parameters object."); - } - - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (!(paramSpec instanceof ElGamalParameterSpec) && !(paramSpec instanceof DHParameterSpec)) - { - throw new InvalidParameterSpecException("DHParameterSpec required to initialise a ElGamal algorithm parameters object"); - } - - if (paramSpec instanceof ElGamalParameterSpec) - { - this.currentSpec = (ElGamalParameterSpec)paramSpec; - } - else - { - DHParameterSpec s = (DHParameterSpec)paramSpec; - - this.currentSpec = new ElGamalParameterSpec(s.getP(), s.getG()); - } - } - - protected void engineInit( - byte[] params) - throws IOException - { - try - { - ElGamalParameter elP = ElGamalParameter.getInstance(ASN1Primitive.fromByteArray(params)); - - currentSpec = new ElGamalParameterSpec(elP.getP(), elP.getG()); - } - catch (ClassCastException e) - { - throw new IOException("Not a valid ElGamal Parameter encoding."); - } - catch (ArrayIndexOutOfBoundsException e) - { - throw new IOException("Not a valid ElGamal Parameter encoding."); - } - } - - protected void engineInit( - byte[] params, - String format) - throws IOException - { - if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) - { - engineInit(params); - } - else - { - throw new IOException("Unknown parameter format " + format); - } - } - - protected String engineToString() - { - return "ElGamal Parameters"; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/BCElGamalPrivateKey.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/BCElGamalPrivateKey.java deleted file mode 100644 index f0f83fa4..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/BCElGamalPrivateKey.java +++ /dev/null @@ -1,197 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.elgamal; - -import java.io.IOException; -import java.io.ObjectInputStream; -import java.io.ObjectOutputStream; -import java.math.BigInteger; -import java.util.Enumeration; - -import javax.crypto.interfaces.DHPrivateKey; -import javax.crypto.spec.DHParameterSpec; -import javax.crypto.spec.DHPrivateKeySpec; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.oiw.ElGamalParameter; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.crypto.params.ElGamalPrivateKeyParameters; -import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl; -import org.bouncycastle.jce.interfaces.ElGamalPrivateKey; -import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; -import org.bouncycastle.jce.spec.ElGamalParameterSpec; -import org.bouncycastle.jce.spec.ElGamalPrivateKeySpec; - -public class BCElGamalPrivateKey - implements ElGamalPrivateKey, DHPrivateKey, PKCS12BagAttributeCarrier -{ - static final long serialVersionUID = 4819350091141529678L; - - private BigInteger x; - - private transient ElGamalParameterSpec elSpec; - private transient PKCS12BagAttributeCarrierImpl attrCarrier = new PKCS12BagAttributeCarrierImpl(); - - protected BCElGamalPrivateKey() - { - } - - BCElGamalPrivateKey( - ElGamalPrivateKey key) - { - this.x = key.getX(); - this.elSpec = key.getParameters(); - } - - BCElGamalPrivateKey( - DHPrivateKey key) - { - this.x = key.getX(); - this.elSpec = new ElGamalParameterSpec(key.getParams().getP(), key.getParams().getG()); - } - - BCElGamalPrivateKey( - ElGamalPrivateKeySpec spec) - { - this.x = spec.getX(); - this.elSpec = new ElGamalParameterSpec(spec.getParams().getP(), spec.getParams().getG()); - } - - BCElGamalPrivateKey( - DHPrivateKeySpec spec) - { - this.x = spec.getX(); - this.elSpec = new ElGamalParameterSpec(spec.getP(), spec.getG()); - } - - BCElGamalPrivateKey( - PrivateKeyInfo info) - throws IOException - { - ElGamalParameter params = ElGamalParameter.getInstance(info.getPrivateKeyAlgorithm().getParameters()); - ASN1Integer derX = ASN1Integer.getInstance(info.parsePrivateKey()); - - this.x = derX.getValue(); - this.elSpec = new ElGamalParameterSpec(params.getP(), params.getG()); - } - - BCElGamalPrivateKey( - ElGamalPrivateKeyParameters params) - { - this.x = params.getX(); - this.elSpec = new ElGamalParameterSpec(params.getParameters().getP(), params.getParameters().getG()); - } - - public String getAlgorithm() - { - return "ElGamal"; - } - - /** - * return the encoding format we produce in getEncoded(). - * - * @return the string "PKCS#8" - */ - public String getFormat() - { - return "PKCS#8"; - } - - /** - * Return a PKCS8 representation of the key. The sequence returned - * represents a full PrivateKeyInfo object. - * - * @return a PKCS8 representation of the key. - */ - public byte[] getEncoded() - { - try - { - PrivateKeyInfo info = new PrivateKeyInfo(new AlgorithmIdentifier(OIWObjectIdentifiers.elGamalAlgorithm, new ElGamalParameter(elSpec.getP(), elSpec.getG())), new ASN1Integer(getX())); - - return info.getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - return null; - } - } - - public ElGamalParameterSpec getParameters() - { - return elSpec; - } - - public DHParameterSpec getParams() - { - return new DHParameterSpec(elSpec.getP(), elSpec.getG()); - } - - public BigInteger getX() - { - return x; - } - - public boolean equals( - Object o) - { - if (!(o instanceof DHPrivateKey)) - { - return false; - } - - DHPrivateKey other = (DHPrivateKey)o; - - return this.getX().equals(other.getX()) - && this.getParams().getG().equals(other.getParams().getG()) - && this.getParams().getP().equals(other.getParams().getP()) - && this.getParams().getL() == other.getParams().getL(); - } - - public int hashCode() - { - return this.getX().hashCode() ^ this.getParams().getG().hashCode() - ^ this.getParams().getP().hashCode() ^ this.getParams().getL(); - } - - private void readObject( - ObjectInputStream in) - throws IOException, ClassNotFoundException - { - in.defaultReadObject(); - - this.elSpec = new ElGamalParameterSpec((BigInteger)in.readObject(), (BigInteger)in.readObject()); - this.attrCarrier = new PKCS12BagAttributeCarrierImpl(); - } - - private void writeObject( - ObjectOutputStream out) - throws IOException - { - out.defaultWriteObject(); - - out.writeObject(elSpec.getP()); - out.writeObject(elSpec.getG()); - } - - public void setBagAttribute( - ASN1ObjectIdentifier oid, - ASN1Encodable attribute) - { - attrCarrier.setBagAttribute(oid, attribute); - } - - public ASN1Encodable getBagAttribute( - ASN1ObjectIdentifier oid) - { - return attrCarrier.getBagAttribute(oid); - } - - public Enumeration getBagAttributeKeys() - { - return attrCarrier.getBagAttributeKeys(); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/BCElGamalPublicKey.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/BCElGamalPublicKey.java deleted file mode 100644 index cd31cc57..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/BCElGamalPublicKey.java +++ /dev/null @@ -1,172 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.elgamal; - -import java.io.IOException; -import java.io.ObjectInputStream; -import java.io.ObjectOutputStream; -import java.math.BigInteger; - -import javax.crypto.interfaces.DHPublicKey; -import javax.crypto.spec.DHParameterSpec; -import javax.crypto.spec.DHPublicKeySpec; - -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.oiw.ElGamalParameter; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.crypto.params.ElGamalPublicKeyParameters; -import org.bouncycastle.jce.interfaces.ElGamalPublicKey; -import org.bouncycastle.jce.spec.ElGamalParameterSpec; -import org.bouncycastle.jce.spec.ElGamalPublicKeySpec; - -public class BCElGamalPublicKey - implements ElGamalPublicKey, DHPublicKey -{ - static final long serialVersionUID = 8712728417091216948L; - - private BigInteger y; - private transient ElGamalParameterSpec elSpec; - - BCElGamalPublicKey( - ElGamalPublicKeySpec spec) - { - this.y = spec.getY(); - this.elSpec = new ElGamalParameterSpec(spec.getParams().getP(), spec.getParams().getG()); - } - - BCElGamalPublicKey( - DHPublicKeySpec spec) - { - this.y = spec.getY(); - this.elSpec = new ElGamalParameterSpec(spec.getP(), spec.getG()); - } - - BCElGamalPublicKey( - ElGamalPublicKey key) - { - this.y = key.getY(); - this.elSpec = key.getParameters(); - } - - BCElGamalPublicKey( - DHPublicKey key) - { - this.y = key.getY(); - this.elSpec = new ElGamalParameterSpec(key.getParams().getP(), key.getParams().getG()); - } - - BCElGamalPublicKey( - ElGamalPublicKeyParameters params) - { - this.y = params.getY(); - this.elSpec = new ElGamalParameterSpec(params.getParameters().getP(), params.getParameters().getG()); - } - - BCElGamalPublicKey( - BigInteger y, - ElGamalParameterSpec elSpec) - { - this.y = y; - this.elSpec = elSpec; - } - - BCElGamalPublicKey( - SubjectPublicKeyInfo info) - { - ElGamalParameter params = ElGamalParameter.getInstance(info.getAlgorithm().getParameters()); - ASN1Integer derY = null; - - try - { - derY = (ASN1Integer)info.parsePublicKey(); - } - catch (IOException e) - { - throw new IllegalArgumentException("invalid info structure in DSA public key"); - } - - this.y = derY.getValue(); - this.elSpec = new ElGamalParameterSpec(params.getP(), params.getG()); - } - - public String getAlgorithm() - { - return "ElGamal"; - } - - public String getFormat() - { - return "X.509"; - } - - public byte[] getEncoded() - { - try - { - SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(OIWObjectIdentifiers.elGamalAlgorithm, new ElGamalParameter(elSpec.getP(), elSpec.getG())), new ASN1Integer(y)); - - return info.getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - return null; - } - } - - public ElGamalParameterSpec getParameters() - { - return elSpec; - } - - public DHParameterSpec getParams() - { - return new DHParameterSpec(elSpec.getP(), elSpec.getG()); - } - - public BigInteger getY() - { - return y; - } - - public int hashCode() - { - return this.getY().hashCode() ^ this.getParams().getG().hashCode() - ^ this.getParams().getP().hashCode() ^ this.getParams().getL(); - } - - public boolean equals( - Object o) - { - if (!(o instanceof DHPublicKey)) - { - return false; - } - - DHPublicKey other = (DHPublicKey)o; - - return this.getY().equals(other.getY()) - && this.getParams().getG().equals(other.getParams().getG()) - && this.getParams().getP().equals(other.getParams().getP()) - && this.getParams().getL() == other.getParams().getL(); - } - - private void readObject( - ObjectInputStream in) - throws IOException, ClassNotFoundException - { - in.defaultReadObject(); - - this.elSpec = new ElGamalParameterSpec((BigInteger)in.readObject(), (BigInteger)in.readObject()); - } - - private void writeObject( - ObjectOutputStream out) - throws IOException - { - out.defaultWriteObject(); - - out.writeObject(elSpec.getP()); - out.writeObject(elSpec.getG()); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/CipherSpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/CipherSpi.java deleted file mode 100644 index fbf4f754..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/CipherSpi.java +++ /dev/null @@ -1,340 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.elgamal; - -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.InvalidParameterException; -import java.security.Key; -import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.MGF1ParameterSpec; - -import javax.crypto.BadPaddingException; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.interfaces.DHKey; -import javax.crypto.spec.OAEPParameterSpec; -import javax.crypto.spec.PSource; - -import org.bouncycastle.crypto.AsymmetricBlockCipher; -import org.bouncycastle.crypto.BufferedAsymmetricBlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.InvalidCipherTextException; -import org.bouncycastle.crypto.encodings.ISO9796d1Encoding; -import org.bouncycastle.crypto.encodings.OAEPEncoding; -import org.bouncycastle.crypto.encodings.PKCS1Encoding; -import org.bouncycastle.crypto.engines.ElGamalEngine; -import org.bouncycastle.crypto.params.ParametersWithRandom; -import org.bouncycastle.jcajce.provider.asymmetric.util.BaseCipherSpi; -import org.bouncycastle.jcajce.provider.util.DigestFactory; -import org.bouncycastle.jce.interfaces.ElGamalKey; -import org.bouncycastle.jce.interfaces.ElGamalPrivateKey; -import org.bouncycastle.jce.interfaces.ElGamalPublicKey; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.util.Strings; - -public class CipherSpi - extends BaseCipherSpi -{ - private BufferedAsymmetricBlockCipher cipher; - private AlgorithmParameterSpec paramSpec; - private AlgorithmParameters engineParams; - - public CipherSpi( - AsymmetricBlockCipher engine) - { - cipher = new BufferedAsymmetricBlockCipher(engine); - } - - private void initFromSpec( - OAEPParameterSpec pSpec) - throws NoSuchPaddingException - { - MGF1ParameterSpec mgfParams = (MGF1ParameterSpec)pSpec.getMGFParameters(); - Digest digest = DigestFactory.getDigest(mgfParams.getDigestAlgorithm()); - - if (digest == null) - { - throw new NoSuchPaddingException("no match on OAEP constructor for digest algorithm: "+ mgfParams.getDigestAlgorithm()); - } - - cipher = new BufferedAsymmetricBlockCipher(new OAEPEncoding(new ElGamalEngine(), digest, ((PSource.PSpecified)pSpec.getPSource()).getValue())); - paramSpec = pSpec; - } - - protected int engineGetBlockSize() - { - return cipher.getInputBlockSize(); - } - - protected int engineGetKeySize( - Key key) - { - if (key instanceof ElGamalKey) - { - ElGamalKey k = (ElGamalKey)key; - - return k.getParameters().getP().bitLength(); - } - else if (key instanceof DHKey) - { - DHKey k = (DHKey)key; - - return k.getParams().getP().bitLength(); - } - - throw new IllegalArgumentException("not an ElGamal key!"); - } - - protected int engineGetOutputSize( - int inputLen) - { - return cipher.getOutputBlockSize(); - } - - protected AlgorithmParameters engineGetParameters() - { - if (engineParams == null) - { - if (paramSpec != null) - { - try - { - engineParams = AlgorithmParameters.getInstance("OAEP", BouncyCastleProvider.PROVIDER_NAME); - engineParams.init(paramSpec); - } - catch (Exception e) - { - throw new RuntimeException(e.toString()); - } - } - } - - return engineParams; - } - - protected void engineSetMode( - String mode) - throws NoSuchAlgorithmException - { - String md = Strings.toUpperCase(mode); - - if (md.equals("NONE") || md.equals("ECB")) - { - return; - } - - throw new NoSuchAlgorithmException("can't support mode " + mode); - } - - protected void engineSetPadding( - String padding) - throws NoSuchPaddingException - { - String pad = Strings.toUpperCase(padding); - - if (pad.equals("NOPADDING")) - { - cipher = new BufferedAsymmetricBlockCipher(new ElGamalEngine()); - } - else if (pad.equals("PKCS1PADDING")) - { - cipher = new BufferedAsymmetricBlockCipher(new PKCS1Encoding(new ElGamalEngine())); - } - else if (pad.equals("ISO9796-1PADDING")) - { - cipher = new BufferedAsymmetricBlockCipher(new ISO9796d1Encoding(new ElGamalEngine())); - } - else if (pad.equals("OAEPPADDING")) - { - initFromSpec(OAEPParameterSpec.DEFAULT); - } - else if (pad.equals("OAEPWITHMD5ANDMGF1PADDING")) - { - initFromSpec(new OAEPParameterSpec("MD5", "MGF1", new MGF1ParameterSpec("MD5"), PSource.PSpecified.DEFAULT)); - } - else if (pad.equals("OAEPWITHSHA1ANDMGF1PADDING")) - { - initFromSpec(OAEPParameterSpec.DEFAULT); - } - else if (pad.equals("OAEPWITHSHA224ANDMGF1PADDING")) - { - initFromSpec(new OAEPParameterSpec("SHA-224", "MGF1", new MGF1ParameterSpec("SHA-224"), PSource.PSpecified.DEFAULT)); - } - else if (pad.equals("OAEPWITHSHA256ANDMGF1PADDING")) - { - initFromSpec(new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT)); - } - else if (pad.equals("OAEPWITHSHA384ANDMGF1PADDING")) - { - initFromSpec(new OAEPParameterSpec("SHA-384", "MGF1", MGF1ParameterSpec.SHA384, PSource.PSpecified.DEFAULT)); - } - else if (pad.equals("OAEPWITHSHA512ANDMGF1PADDING")) - { - initFromSpec(new OAEPParameterSpec("SHA-512", "MGF1", MGF1ParameterSpec.SHA512, PSource.PSpecified.DEFAULT)); - } - else - { - throw new NoSuchPaddingException(padding + " unavailable with ElGamal."); - } - } - - protected void engineInit( - int opmode, - Key key, - AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidKeyException - { - CipherParameters param; - - if (params == null) - { - if (key instanceof ElGamalPublicKey) - { - param = ElGamalUtil.generatePublicKeyParameter((PublicKey)key); - } - else if (key instanceof ElGamalPrivateKey) - { - param = ElGamalUtil.generatePrivateKeyParameter((PrivateKey)key); - } - else - { - throw new InvalidKeyException("unknown key type passed to ElGamal"); - } - } - else - { - throw new IllegalArgumentException("unknown parameter type."); - } - - if (random != null) - { - param = new ParametersWithRandom(param, random); - } - - switch (opmode) - { - case javax.crypto.Cipher.ENCRYPT_MODE: - case javax.crypto.Cipher.WRAP_MODE: - cipher.init(true, param); - break; - case javax.crypto.Cipher.DECRYPT_MODE: - case javax.crypto.Cipher.UNWRAP_MODE: - cipher.init(false, param); - break; - default: - throw new InvalidParameterException("unknown opmode " + opmode + " passed to ElGamal"); - } - } - - protected void engineInit( - int opmode, - Key key, - AlgorithmParameters params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - throw new InvalidAlgorithmParameterException("can't handle parameters in ElGamal"); - } - - protected void engineInit( - int opmode, - Key key, - SecureRandom random) - throws InvalidKeyException - { - engineInit(opmode, key, (AlgorithmParameterSpec)null, random); - } - - protected byte[] engineUpdate( - byte[] input, - int inputOffset, - int inputLen) - { - cipher.processBytes(input, inputOffset, inputLen); - return null; - } - - protected int engineUpdate( - byte[] input, - int inputOffset, - int inputLen, - byte[] output, - int outputOffset) - { - cipher.processBytes(input, inputOffset, inputLen); - return 0; - } - - protected byte[] engineDoFinal( - byte[] input, - int inputOffset, - int inputLen) - throws IllegalBlockSizeException, BadPaddingException - { - cipher.processBytes(input, inputOffset, inputLen); - try - { - return cipher.doFinal(); - } - catch (InvalidCipherTextException e) - { - throw new BadPaddingException(e.getMessage()); - } - } - - protected int engineDoFinal( - byte[] input, - int inputOffset, - int inputLen, - byte[] output, - int outputOffset) - throws IllegalBlockSizeException, BadPaddingException - { - byte[] out; - - cipher.processBytes(input, inputOffset, inputLen); - - try - { - out = cipher.doFinal(); - } - catch (InvalidCipherTextException e) - { - throw new BadPaddingException(e.getMessage()); - } - - for (int i = 0; i != out.length; i++) - { - output[outputOffset + i] = out[i]; - } - - return out.length; - } - - /** - * classes that inherit from us. - */ - static public class NoPadding - extends CipherSpi - { - public NoPadding() - { - super(new ElGamalEngine()); - } - } - - static public class PKCS1v1_5Padding - extends CipherSpi - { - public PKCS1v1_5Padding() - { - super(new PKCS1Encoding(new ElGamalEngine())); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/ElGamalUtil.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/ElGamalUtil.java deleted file mode 100644 index f0442f4a..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/ElGamalUtil.java +++ /dev/null @@ -1,66 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.elgamal; - -import java.security.InvalidKeyException; -import java.security.PrivateKey; -import java.security.PublicKey; - -import javax.crypto.interfaces.DHPrivateKey; -import javax.crypto.interfaces.DHPublicKey; - -import org.bouncycastle.crypto.params.AsymmetricKeyParameter; -import org.bouncycastle.crypto.params.ElGamalParameters; -import org.bouncycastle.crypto.params.ElGamalPrivateKeyParameters; -import org.bouncycastle.crypto.params.ElGamalPublicKeyParameters; -import org.bouncycastle.jce.interfaces.ElGamalPrivateKey; -import org.bouncycastle.jce.interfaces.ElGamalPublicKey; - -/** - * utility class for converting jce/jca ElGamal objects - * objects into their org.bouncycastle.crypto counterparts. - */ -public class ElGamalUtil -{ - static public AsymmetricKeyParameter generatePublicKeyParameter( - PublicKey key) - throws InvalidKeyException - { - if (key instanceof ElGamalPublicKey) - { - ElGamalPublicKey k = (ElGamalPublicKey)key; - - return new ElGamalPublicKeyParameters(k.getY(), - new ElGamalParameters(k.getParameters().getP(), k.getParameters().getG())); - } - else if (key instanceof DHPublicKey) - { - DHPublicKey k = (DHPublicKey)key; - - return new ElGamalPublicKeyParameters(k.getY(), - new ElGamalParameters(k.getParams().getP(), k.getParams().getG())); - } - - throw new InvalidKeyException("can't identify public key for El Gamal."); - } - - static public AsymmetricKeyParameter generatePrivateKeyParameter( - PrivateKey key) - throws InvalidKeyException - { - if (key instanceof ElGamalPrivateKey) - { - ElGamalPrivateKey k = (ElGamalPrivateKey)key; - - return new ElGamalPrivateKeyParameters(k.getX(), - new ElGamalParameters(k.getParameters().getP(), k.getParameters().getG())); - } - else if (key instanceof DHPrivateKey) - { - DHPrivateKey k = (DHPrivateKey)key; - - return new ElGamalPrivateKeyParameters(k.getX(), - new ElGamalParameters(k.getParams().getP(), k.getParams().getG())); - } - - throw new InvalidKeyException("can't identify private key for El Gamal."); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/KeyFactorySpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/KeyFactorySpi.java deleted file mode 100644 index 92e655f7..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/KeyFactorySpi.java +++ /dev/null @@ -1,156 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.elgamal; - -import java.io.IOException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.KeySpec; - -import javax.crypto.interfaces.DHPrivateKey; -import javax.crypto.interfaces.DHPublicKey; -import javax.crypto.spec.DHPrivateKeySpec; -import javax.crypto.spec.DHPublicKeySpec; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.jcajce.provider.asymmetric.util.BaseKeyFactorySpi; -import org.bouncycastle.jce.interfaces.ElGamalPrivateKey; -import org.bouncycastle.jce.interfaces.ElGamalPublicKey; -import org.bouncycastle.jce.spec.ElGamalPrivateKeySpec; -import org.bouncycastle.jce.spec.ElGamalPublicKeySpec; - -public class KeyFactorySpi - extends BaseKeyFactorySpi -{ - public KeyFactorySpi() - { - } - - protected PrivateKey engineGeneratePrivate( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof ElGamalPrivateKeySpec) - { - return new BCElGamalPrivateKey((ElGamalPrivateKeySpec)keySpec); - } - else if (keySpec instanceof DHPrivateKeySpec) - { - return new BCElGamalPrivateKey((DHPrivateKeySpec)keySpec); - } - - return super.engineGeneratePrivate(keySpec); - } - - protected PublicKey engineGeneratePublic( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof ElGamalPublicKeySpec) - { - return new BCElGamalPublicKey((ElGamalPublicKeySpec)keySpec); - } - else if (keySpec instanceof DHPublicKeySpec) - { - return new BCElGamalPublicKey((DHPublicKeySpec)keySpec); - } - return super.engineGeneratePublic(keySpec); - } - - protected KeySpec engineGetKeySpec( - Key key, - Class spec) - throws InvalidKeySpecException - { - if (spec.isAssignableFrom(DHPrivateKeySpec.class) && key instanceof DHPrivateKey) - { - DHPrivateKey k = (DHPrivateKey)key; - - return new DHPrivateKeySpec(k.getX(), k.getParams().getP(), k.getParams().getG()); - } - else if (spec.isAssignableFrom(DHPublicKeySpec.class) && key instanceof DHPublicKey) - { - DHPublicKey k = (DHPublicKey)key; - - return new DHPublicKeySpec(k.getY(), k.getParams().getP(), k.getParams().getG()); - } - - return super.engineGetKeySpec(key, spec); - } - - protected Key engineTranslateKey( - Key key) - throws InvalidKeyException - { - if (key instanceof DHPublicKey) - { - return new BCElGamalPublicKey((DHPublicKey)key); - } - else if (key instanceof DHPrivateKey) - { - return new BCElGamalPrivateKey((DHPrivateKey)key); - } - else if (key instanceof ElGamalPublicKey) - { - return new BCElGamalPublicKey((ElGamalPublicKey)key); - } - else if (key instanceof ElGamalPrivateKey) - { - return new BCElGamalPrivateKey((ElGamalPrivateKey)key); - } - - throw new InvalidKeyException("key type unknown"); - } - - public PrivateKey generatePrivate(PrivateKeyInfo info) - throws IOException - { - ASN1ObjectIdentifier algOid = info.getPrivateKeyAlgorithm().getAlgorithm(); - - if (algOid.equals(PKCSObjectIdentifiers.dhKeyAgreement)) - { - return new BCElGamalPrivateKey(info); - } - else if (algOid.equals(X9ObjectIdentifiers.dhpublicnumber)) - { - return new BCElGamalPrivateKey(info); - } - else if (algOid.equals(OIWObjectIdentifiers.elGamalAlgorithm)) - { - return new BCElGamalPrivateKey(info); - } - else - { - throw new IOException("algorithm identifier " + algOid + " in key not recognised"); - } - } - - public PublicKey generatePublic(SubjectPublicKeyInfo info) - throws IOException - { - ASN1ObjectIdentifier algOid = info.getAlgorithm().getAlgorithm(); - - if (algOid.equals(PKCSObjectIdentifiers.dhKeyAgreement)) - { - return new BCElGamalPublicKey(info); - } - else if (algOid.equals(X9ObjectIdentifiers.dhpublicnumber)) - { - return new BCElGamalPublicKey(info); - } - else if (algOid.equals(OIWObjectIdentifiers.elGamalAlgorithm)) - { - return new BCElGamalPublicKey(info); - } - else - { - throw new IOException("algorithm identifier " + algOid + " in key not recognised"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/KeyPairGeneratorSpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/KeyPairGeneratorSpi.java deleted file mode 100644 index 9455ece2..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/elgamal/KeyPairGeneratorSpi.java +++ /dev/null @@ -1,100 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.elgamal; - -import java.security.InvalidAlgorithmParameterException; -import java.security.KeyPair; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.spec.DHParameterSpec; - -import org.bouncycastle.crypto.AsymmetricCipherKeyPair; -import org.bouncycastle.crypto.generators.ElGamalKeyPairGenerator; -import org.bouncycastle.crypto.generators.ElGamalParametersGenerator; -import org.bouncycastle.crypto.params.ElGamalKeyGenerationParameters; -import org.bouncycastle.crypto.params.ElGamalParameters; -import org.bouncycastle.crypto.params.ElGamalPrivateKeyParameters; -import org.bouncycastle.crypto.params.ElGamalPublicKeyParameters; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.jce.spec.ElGamalParameterSpec; - -public class KeyPairGeneratorSpi - extends java.security.KeyPairGenerator -{ - ElGamalKeyGenerationParameters param; - ElGamalKeyPairGenerator engine = new ElGamalKeyPairGenerator(); - int strength = 1024; - int certainty = 20; - SecureRandom random = new SecureRandom(); - boolean initialised = false; - - public KeyPairGeneratorSpi() - { - super("ElGamal"); - } - - public void initialize( - int strength, - SecureRandom random) - { - this.strength = strength; - this.random = random; - } - - public void initialize( - AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - if (!(params instanceof ElGamalParameterSpec) && !(params instanceof DHParameterSpec)) - { - throw new InvalidAlgorithmParameterException("parameter object not a DHParameterSpec or an ElGamalParameterSpec"); - } - - if (params instanceof ElGamalParameterSpec) - { - ElGamalParameterSpec elParams = (ElGamalParameterSpec)params; - - param = new ElGamalKeyGenerationParameters(random, new ElGamalParameters(elParams.getP(), elParams.getG())); - } - else - { - DHParameterSpec dhParams = (DHParameterSpec)params; - - param = new ElGamalKeyGenerationParameters(random, new ElGamalParameters(dhParams.getP(), dhParams.getG(), dhParams.getL())); - } - - engine.init(param); - initialised = true; - } - - public KeyPair generateKeyPair() - { - if (!initialised) - { - DHParameterSpec dhParams = BouncyCastleProvider.CONFIGURATION.getDHDefaultParameters(strength); - - if (dhParams != null) - { - param = new ElGamalKeyGenerationParameters(random, new ElGamalParameters(dhParams.getP(), dhParams.getG(), dhParams.getL())); - } - else - { - ElGamalParametersGenerator pGen = new ElGamalParametersGenerator(); - - pGen.init(strength, certainty, random); - param = new ElGamalKeyGenerationParameters(random, pGen.generateParameters()); - } - - engine.init(param); - initialised = true; - } - - AsymmetricCipherKeyPair pair = engine.generateKeyPair(); - ElGamalPublicKeyParameters pub = (ElGamalPublicKeyParameters)pair.getPublic(); - ElGamalPrivateKeyParameters priv = (ElGamalPrivateKeyParameters)pair.getPrivate(); - - return new KeyPair(new BCElGamalPublicKey(pub), - new BCElGamalPrivateKey(priv)); - } -} - diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/gost/AlgorithmParameterGeneratorSpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/gost/AlgorithmParameterGeneratorSpi.java deleted file mode 100644 index 7019b819..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/gost/AlgorithmParameterGeneratorSpi.java +++ /dev/null @@ -1,65 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.gost; - -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; - -import org.bouncycastle.crypto.generators.GOST3410ParametersGenerator; -import org.bouncycastle.crypto.params.GOST3410Parameters; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.jce.spec.GOST3410ParameterSpec; -import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec; - -public abstract class AlgorithmParameterGeneratorSpi - extends java.security.AlgorithmParameterGeneratorSpi -{ - protected SecureRandom random; - protected int strength = 1024; - - protected void engineInit( - int strength, - SecureRandom random) - { - this.strength = strength; - this.random = random; - } - - protected void engineInit( - AlgorithmParameterSpec genParamSpec, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for GOST3410 parameter generation."); - } - - protected AlgorithmParameters engineGenerateParameters() - { - GOST3410ParametersGenerator pGen = new GOST3410ParametersGenerator(); - - if (random != null) - { - pGen.init(strength, 2, random); - } - else - { - pGen.init(strength, 2, new SecureRandom()); - } - - GOST3410Parameters p = pGen.generateParameters(); - - AlgorithmParameters params; - - try - { - params = AlgorithmParameters.getInstance("GOST3410", BouncyCastleProvider.PROVIDER_NAME); - params.init(new GOST3410ParameterSpec(new GOST3410PublicKeyParameterSetSpec(p.getP(), p.getQ(), p.getA()))); - } - catch (Exception e) - { - throw new RuntimeException(e.getMessage()); - } - - return params; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/gost/AlgorithmParametersSpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/gost/AlgorithmParametersSpi.java deleted file mode 100644 index 0af98e0b..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/gost/AlgorithmParametersSpi.java +++ /dev/null @@ -1,138 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.gost; - -import java.io.IOException; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.InvalidParameterSpecException; - -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters; -import org.bouncycastle.jce.spec.GOST3410ParameterSpec; -import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec; - -public class AlgorithmParametersSpi - extends java.security.AlgorithmParametersSpi -{ - GOST3410ParameterSpec currentSpec; - - protected boolean isASN1FormatString(String format) - { - return format == null || format.equals("ASN.1"); - } - - protected AlgorithmParameterSpec engineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == null) - { - throw new NullPointerException("argument to getParameterSpec must not be null"); - } - - return localEngineGetParameterSpec(paramSpec); - } - - - /** - * Return the X.509 ASN.1 structure GOST3410Parameter. - * <p/> - * <pre> - * GOST3410Parameter ::= SEQUENCE { - * prime INTEGER, -- p - * subprime INTEGER, -- q - * base INTEGER, -- a} - * </pre> - */ - protected byte[] engineGetEncoded() - { - GOST3410PublicKeyAlgParameters gost3410P = new GOST3410PublicKeyAlgParameters(new ASN1ObjectIdentifier(currentSpec.getPublicKeyParamSetOID()), new ASN1ObjectIdentifier(currentSpec.getDigestParamSetOID()), new ASN1ObjectIdentifier(currentSpec.getEncryptionParamSetOID())); - - try - { - return gost3410P.getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - throw new RuntimeException("Error encoding GOST3410Parameters"); - } - } - - protected byte[] engineGetEncoded( - String format) - { - if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) - { - return engineGetEncoded(); - } - - return null; - } - - protected AlgorithmParameterSpec localEngineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == GOST3410PublicKeyParameterSetSpec.class) - { - return currentSpec; - } - - throw new InvalidParameterSpecException("unknown parameter spec passed to GOST3410 parameters object."); - } - - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (!(paramSpec instanceof GOST3410ParameterSpec)) - { - throw new InvalidParameterSpecException("GOST3410ParameterSpec required to initialise a GOST3410 algorithm parameters object"); - } - - this.currentSpec = (GOST3410ParameterSpec)paramSpec; - } - - protected void engineInit( - byte[] params) - throws IOException - { - try - { - ASN1Sequence seq = (ASN1Sequence)ASN1Primitive.fromByteArray(params); - - this.currentSpec = GOST3410ParameterSpec.fromPublicKeyAlg( - new GOST3410PublicKeyAlgParameters(seq)); - } - catch (ClassCastException e) - { - throw new IOException("Not a valid GOST3410 Parameter encoding."); - } - catch (ArrayIndexOutOfBoundsException e) - { - throw new IOException("Not a valid GOST3410 Parameter encoding."); - } - } - - protected void engineInit( - byte[] params, - String format) - throws IOException - { - if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) - { - engineInit(params); - } - else - { - throw new IOException("Unknown parameter format " + format); - } - } - - protected String engineToString() - { - return "GOST3410 Parameters"; - } - -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/gost/BCGOST3410PrivateKey.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/gost/BCGOST3410PrivateKey.java deleted file mode 100644 index 8da49987..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/gost/BCGOST3410PrivateKey.java +++ /dev/null @@ -1,253 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.gost; - -import java.io.IOException; -import java.io.ObjectInputStream; -import java.io.ObjectOutputStream; -import java.math.BigInteger; -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.crypto.params.GOST3410PrivateKeyParameters; -import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl; -import org.bouncycastle.jce.interfaces.GOST3410Params; -import org.bouncycastle.jce.interfaces.GOST3410PrivateKey; -import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; -import org.bouncycastle.jce.spec.GOST3410ParameterSpec; -import org.bouncycastle.jce.spec.GOST3410PrivateKeySpec; -import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec; - -public class BCGOST3410PrivateKey - implements GOST3410PrivateKey, PKCS12BagAttributeCarrier -{ - static final long serialVersionUID = 8581661527592305464L; - - private BigInteger x; - - private transient GOST3410Params gost3410Spec; - private transient PKCS12BagAttributeCarrier attrCarrier = new PKCS12BagAttributeCarrierImpl(); - - protected BCGOST3410PrivateKey() - { - } - - BCGOST3410PrivateKey( - GOST3410PrivateKey key) - { - this.x = key.getX(); - this.gost3410Spec = key.getParameters(); - } - - BCGOST3410PrivateKey( - GOST3410PrivateKeySpec spec) - { - this.x = spec.getX(); - this.gost3410Spec = new GOST3410ParameterSpec(new GOST3410PublicKeyParameterSetSpec(spec.getP(), spec.getQ(), spec.getA())); - } - - BCGOST3410PrivateKey( - PrivateKeyInfo info) - throws IOException - { - GOST3410PublicKeyAlgParameters params = new GOST3410PublicKeyAlgParameters((ASN1Sequence)info.getAlgorithmId().getParameters()); - ASN1OctetString derX = ASN1OctetString.getInstance(info.parsePrivateKey()); - byte[] keyEnc = derX.getOctets(); - byte[] keyBytes = new byte[keyEnc.length]; - - for (int i = 0; i != keyEnc.length; i++) - { - keyBytes[i] = keyEnc[keyEnc.length - 1 - i]; // was little endian - } - - this.x = new BigInteger(1, keyBytes); - this.gost3410Spec = GOST3410ParameterSpec.fromPublicKeyAlg(params); - } - - BCGOST3410PrivateKey( - GOST3410PrivateKeyParameters params, - GOST3410ParameterSpec spec) - { - this.x = params.getX(); - this.gost3410Spec = spec; - - if (spec == null) - { - throw new IllegalArgumentException("spec is null"); - } - } - - public String getAlgorithm() - { - return "GOST3410"; - } - - /** - * return the encoding format we produce in getEncoded(). - * - * @return the string "PKCS#8" - */ - public String getFormat() - { - return "PKCS#8"; - } - - /** - * Return a PKCS8 representation of the key. The sequence returned - * represents a full PrivateKeyInfo object. - * - * @return a PKCS8 representation of the key. - */ - public byte[] getEncoded() - { - PrivateKeyInfo info; - byte[] keyEnc = this.getX().toByteArray(); - byte[] keyBytes; - - if (keyEnc[0] == 0) - { - keyBytes = new byte[keyEnc.length - 1]; - } - else - { - keyBytes = new byte[keyEnc.length]; - } - - for (int i = 0; i != keyBytes.length; i++) - { - keyBytes[i] = keyEnc[keyEnc.length - 1 - i]; // must be little endian - } - - try - { - if (gost3410Spec instanceof GOST3410ParameterSpec) - { - info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_94, new GOST3410PublicKeyAlgParameters(new ASN1ObjectIdentifier(gost3410Spec.getPublicKeyParamSetOID()), new ASN1ObjectIdentifier(gost3410Spec.getDigestParamSetOID()))), new DEROctetString(keyBytes)); - } - else - { - info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_94), new DEROctetString(keyBytes)); - } - - return info.getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - return null; - } - } - - public GOST3410Params getParameters() - { - return gost3410Spec; - } - - public BigInteger getX() - { - return x; - } - - public boolean equals( - Object o) - { - if (!(o instanceof GOST3410PrivateKey)) - { - return false; - } - - GOST3410PrivateKey other = (GOST3410PrivateKey)o; - - return this.getX().equals(other.getX()) - && this.getParameters().getPublicKeyParameters().equals(other.getParameters().getPublicKeyParameters()) - && this.getParameters().getDigestParamSetOID().equals(other.getParameters().getDigestParamSetOID()) - && compareObj(this.getParameters().getEncryptionParamSetOID(), other.getParameters().getEncryptionParamSetOID()); - } - - private boolean compareObj(Object o1, Object o2) - { - if (o1 == o2) - { - return true; - } - - if (o1 == null) - { - return false; - } - - return o1.equals(o2); - } - - public int hashCode() - { - return this.getX().hashCode() ^ gost3410Spec.hashCode(); - } - - public void setBagAttribute( - ASN1ObjectIdentifier oid, - ASN1Encodable attribute) - { - attrCarrier.setBagAttribute(oid, attribute); - } - - public ASN1Encodable getBagAttribute( - ASN1ObjectIdentifier oid) - { - return attrCarrier.getBagAttribute(oid); - } - - public Enumeration getBagAttributeKeys() - { - return attrCarrier.getBagAttributeKeys(); - } - - private void readObject( - ObjectInputStream in) - throws IOException, ClassNotFoundException - { - in.defaultReadObject(); - - String publicKeyParamSetOID = (String)in.readObject(); - if (publicKeyParamSetOID != null) - { - this.gost3410Spec = new GOST3410ParameterSpec(publicKeyParamSetOID, (String)in.readObject(), (String)in.readObject()); - } - else - { - this.gost3410Spec = new GOST3410ParameterSpec(new GOST3410PublicKeyParameterSetSpec((BigInteger)in.readObject(), (BigInteger)in.readObject(), (BigInteger)in.readObject())); - in.readObject(); - in.readObject(); - } - this.attrCarrier = new PKCS12BagAttributeCarrierImpl(); - } - - private void writeObject( - ObjectOutputStream out) - throws IOException - { - out.defaultWriteObject(); - - if (gost3410Spec.getPublicKeyParamSetOID() != null) - { - out.writeObject(gost3410Spec.getPublicKeyParamSetOID()); - out.writeObject(gost3410Spec.getDigestParamSetOID()); - out.writeObject(gost3410Spec.getEncryptionParamSetOID()); - } - else - { - out.writeObject(null); - out.writeObject(gost3410Spec.getPublicKeyParameters().getP()); - out.writeObject(gost3410Spec.getPublicKeyParameters().getQ()); - out.writeObject(gost3410Spec.getPublicKeyParameters().getA()); - out.writeObject(gost3410Spec.getDigestParamSetOID()); - out.writeObject(gost3410Spec.getEncryptionParamSetOID()); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/gost/BCGOST3410PublicKey.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/gost/BCGOST3410PublicKey.java deleted file mode 100644 index 1729b96d..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/gost/BCGOST3410PublicKey.java +++ /dev/null @@ -1,224 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.gost; - -import java.io.IOException; -import java.io.ObjectInputStream; -import java.io.ObjectOutputStream; -import java.math.BigInteger; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.crypto.params.GOST3410PublicKeyParameters; -import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; -import org.bouncycastle.jce.interfaces.GOST3410Params; -import org.bouncycastle.jce.interfaces.GOST3410PublicKey; -import org.bouncycastle.jce.spec.GOST3410ParameterSpec; -import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec; -import org.bouncycastle.jce.spec.GOST3410PublicKeySpec; - -public class BCGOST3410PublicKey - implements GOST3410PublicKey -{ - static final long serialVersionUID = -6251023343619275990L; - - private BigInteger y; - private transient GOST3410Params gost3410Spec; - - BCGOST3410PublicKey( - GOST3410PublicKeySpec spec) - { - this.y = spec.getY(); - this.gost3410Spec = new GOST3410ParameterSpec(new GOST3410PublicKeyParameterSetSpec(spec.getP(), spec.getQ(), spec.getA())); - } - - BCGOST3410PublicKey( - GOST3410PublicKey key) - { - this.y = key.getY(); - this.gost3410Spec = key.getParameters(); - } - - BCGOST3410PublicKey( - GOST3410PublicKeyParameters params, - GOST3410ParameterSpec spec) - { - this.y = params.getY(); - this.gost3410Spec = spec; - } - - BCGOST3410PublicKey( - BigInteger y, - GOST3410ParameterSpec gost3410Spec) - { - this.y = y; - this.gost3410Spec = gost3410Spec; - } - - BCGOST3410PublicKey( - SubjectPublicKeyInfo info) - { - GOST3410PublicKeyAlgParameters params = new GOST3410PublicKeyAlgParameters((ASN1Sequence)info.getAlgorithmId().getParameters()); - DEROctetString derY; - - try - { - derY = (DEROctetString)info.parsePublicKey(); - - byte[] keyEnc = derY.getOctets(); - byte[] keyBytes = new byte[keyEnc.length]; - - for (int i = 0; i != keyEnc.length; i++) - { - keyBytes[i] = keyEnc[keyEnc.length - 1 - i]; // was little endian - } - - this.y = new BigInteger(1, keyBytes); - } - catch (IOException e) - { - throw new IllegalArgumentException("invalid info structure in GOST3410 public key"); - } - - this.gost3410Spec = GOST3410ParameterSpec.fromPublicKeyAlg(params); - } - - public String getAlgorithm() - { - return "GOST3410"; - } - - public String getFormat() - { - return "X.509"; - } - - public byte[] getEncoded() - { - SubjectPublicKeyInfo info; - byte[] keyEnc = this.getY().toByteArray(); - byte[] keyBytes; - - if (keyEnc[0] == 0) - { - keyBytes = new byte[keyEnc.length - 1]; - } - else - { - keyBytes = new byte[keyEnc.length]; - } - - for (int i = 0; i != keyBytes.length; i++) - { - keyBytes[i] = keyEnc[keyEnc.length - 1 - i]; // must be little endian - } - - try - { - if (gost3410Spec instanceof GOST3410ParameterSpec) - { - if (gost3410Spec.getEncryptionParamSetOID() != null) - { - info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_94, new GOST3410PublicKeyAlgParameters(new ASN1ObjectIdentifier(gost3410Spec.getPublicKeyParamSetOID()), new ASN1ObjectIdentifier(gost3410Spec.getDigestParamSetOID()), new ASN1ObjectIdentifier(gost3410Spec.getEncryptionParamSetOID()))), new DEROctetString(keyBytes)); - } - else - { - info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_94, new GOST3410PublicKeyAlgParameters(new ASN1ObjectIdentifier(gost3410Spec.getPublicKeyParamSetOID()), new ASN1ObjectIdentifier(gost3410Spec.getDigestParamSetOID()))), new DEROctetString(keyBytes)); - } - } - else - { - info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_94), new DEROctetString(keyBytes)); - } - - return KeyUtil.getEncodedSubjectPublicKeyInfo(info); - } - catch (IOException e) - { - return null; - } - } - - public GOST3410Params getParameters() - { - return gost3410Spec; - } - - public BigInteger getY() - { - return y; - } - - public String toString() - { - StringBuffer buf = new StringBuffer(); - String nl = System.getProperty("line.separator"); - - buf.append("GOST3410 Public Key").append(nl); - buf.append(" y: ").append(this.getY().toString(16)).append(nl); - - return buf.toString(); - } - - public boolean equals(Object o) - { - if (o instanceof BCGOST3410PublicKey) - { - BCGOST3410PublicKey other = (BCGOST3410PublicKey)o; - - return this.y.equals(other.y) && this.gost3410Spec.equals(other.gost3410Spec); - } - - return false; - } - - public int hashCode() - { - return y.hashCode() ^ gost3410Spec.hashCode(); - } - - private void readObject( - ObjectInputStream in) - throws IOException, ClassNotFoundException - { - in.defaultReadObject(); - - String publicKeyParamSetOID = (String)in.readObject(); - if (publicKeyParamSetOID != null) - { - this.gost3410Spec = new GOST3410ParameterSpec(publicKeyParamSetOID, (String)in.readObject(), (String)in.readObject()); - } - else - { - this.gost3410Spec = new GOST3410ParameterSpec(new GOST3410PublicKeyParameterSetSpec((BigInteger)in.readObject(), (BigInteger)in.readObject(), (BigInteger)in.readObject())); - in.readObject(); - in.readObject(); - } - } - - private void writeObject( - ObjectOutputStream out) - throws IOException - { - out.defaultWriteObject(); - - if (gost3410Spec.getPublicKeyParamSetOID() != null) - { - out.writeObject(gost3410Spec.getPublicKeyParamSetOID()); - out.writeObject(gost3410Spec.getDigestParamSetOID()); - out.writeObject(gost3410Spec.getEncryptionParamSetOID()); - } - else - { - out.writeObject(null); - out.writeObject(gost3410Spec.getPublicKeyParameters().getP()); - out.writeObject(gost3410Spec.getPublicKeyParameters().getQ()); - out.writeObject(gost3410Spec.getPublicKeyParameters().getA()); - out.writeObject(gost3410Spec.getDigestParamSetOID()); - out.writeObject(gost3410Spec.getEncryptionParamSetOID()); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/gost/KeyFactorySpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/gost/KeyFactorySpi.java deleted file mode 100644 index ceaf967c..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/gost/KeyFactorySpi.java +++ /dev/null @@ -1,121 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.gost; - -import java.io.IOException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.KeySpec; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.jcajce.provider.asymmetric.util.BaseKeyFactorySpi; -import org.bouncycastle.jce.interfaces.GOST3410PrivateKey; -import org.bouncycastle.jce.interfaces.GOST3410PublicKey; -import org.bouncycastle.jce.spec.GOST3410PrivateKeySpec; -import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec; -import org.bouncycastle.jce.spec.GOST3410PublicKeySpec; - -public class KeyFactorySpi - extends BaseKeyFactorySpi -{ - public KeyFactorySpi() - { - } - - protected KeySpec engineGetKeySpec( - Key key, - Class spec) - throws InvalidKeySpecException - { - if (spec.isAssignableFrom(GOST3410PublicKeySpec.class) && key instanceof GOST3410PublicKey) - { - GOST3410PublicKey k = (GOST3410PublicKey)key; - GOST3410PublicKeyParameterSetSpec parameters = k.getParameters().getPublicKeyParameters(); - - return new GOST3410PublicKeySpec(k.getY(), parameters.getP(), parameters.getQ(), parameters.getA()); - } - else if (spec.isAssignableFrom(GOST3410PrivateKeySpec.class) && key instanceof GOST3410PrivateKey) - { - GOST3410PrivateKey k = (GOST3410PrivateKey)key; - GOST3410PublicKeyParameterSetSpec parameters = k.getParameters().getPublicKeyParameters(); - - return new GOST3410PrivateKeySpec(k.getX(), parameters.getP(), parameters.getQ(), parameters.getA()); - } - - return super.engineGetKeySpec(key, spec); - } - - protected Key engineTranslateKey( - Key key) - throws InvalidKeyException - { - if (key instanceof GOST3410PublicKey) - { - return new BCGOST3410PublicKey((GOST3410PublicKey)key); - } - else if (key instanceof GOST3410PrivateKey) - { - return new BCGOST3410PrivateKey((GOST3410PrivateKey)key); - } - - throw new InvalidKeyException("key type unknown"); - } - - protected PrivateKey engineGeneratePrivate( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof GOST3410PrivateKeySpec) - { - return new BCGOST3410PrivateKey((GOST3410PrivateKeySpec)keySpec); - } - - return super.engineGeneratePrivate(keySpec); - } - - protected PublicKey engineGeneratePublic( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof GOST3410PublicKeySpec) - { - return new BCGOST3410PublicKey((GOST3410PublicKeySpec)keySpec); - } - - return super.engineGeneratePublic(keySpec); - } - - public PrivateKey generatePrivate(PrivateKeyInfo keyInfo) - throws IOException - { - ASN1ObjectIdentifier algOid = keyInfo.getPrivateKeyAlgorithm().getAlgorithm(); - - if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_94)) - { - return new BCGOST3410PrivateKey(keyInfo); - } - else - { - throw new IOException("algorithm identifier " + algOid + " in key not recognised"); - } - } - - public PublicKey generatePublic(SubjectPublicKeyInfo keyInfo) - throws IOException - { - ASN1ObjectIdentifier algOid = keyInfo.getAlgorithm().getAlgorithm(); - - if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_94)) - { - return new BCGOST3410PublicKey(keyInfo); - } - else - { - throw new IOException("algorithm identifier " + algOid + " in key not recognised"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/gost/KeyPairGeneratorSpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/gost/KeyPairGeneratorSpi.java deleted file mode 100644 index 0a6a40ec..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/gost/KeyPairGeneratorSpi.java +++ /dev/null @@ -1,81 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.gost; - -import java.security.InvalidAlgorithmParameterException; -import java.security.KeyPair; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; - -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.crypto.AsymmetricCipherKeyPair; -import org.bouncycastle.crypto.generators.GOST3410KeyPairGenerator; -import org.bouncycastle.crypto.params.GOST3410KeyGenerationParameters; -import org.bouncycastle.crypto.params.GOST3410Parameters; -import org.bouncycastle.crypto.params.GOST3410PrivateKeyParameters; -import org.bouncycastle.crypto.params.GOST3410PublicKeyParameters; -import org.bouncycastle.jce.spec.GOST3410ParameterSpec; -import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec; - -public class KeyPairGeneratorSpi - extends java.security.KeyPairGenerator -{ - GOST3410KeyGenerationParameters param; - GOST3410KeyPairGenerator engine = new GOST3410KeyPairGenerator(); - GOST3410ParameterSpec gost3410Params; - int strength = 1024; - SecureRandom random = null; - boolean initialised = false; - - public KeyPairGeneratorSpi() - { - super("GOST3410"); - } - - public void initialize( - int strength, - SecureRandom random) - { - this.strength = strength; - this.random = random; - } - - private void init( - GOST3410ParameterSpec gParams, - SecureRandom random) - { - GOST3410PublicKeyParameterSetSpec spec = gParams.getPublicKeyParameters(); - - param = new GOST3410KeyGenerationParameters(random, new GOST3410Parameters(spec.getP(), spec.getQ(), spec.getA())); - - engine.init(param); - - initialised = true; - gost3410Params = gParams; - } - - public void initialize( - AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - if (!(params instanceof GOST3410ParameterSpec)) - { - throw new InvalidAlgorithmParameterException("parameter object not a GOST3410ParameterSpec"); - } - - init((GOST3410ParameterSpec)params, random); - } - - public KeyPair generateKeyPair() - { - if (!initialised) - { - init(new GOST3410ParameterSpec(CryptoProObjectIdentifiers.gostR3410_94_CryptoPro_A.getId()), new SecureRandom()); - } - - AsymmetricCipherKeyPair pair = engine.generateKeyPair(); - GOST3410PublicKeyParameters pub = (GOST3410PublicKeyParameters)pair.getPublic(); - GOST3410PrivateKeyParameters priv = (GOST3410PrivateKeyParameters)pair.getPrivate(); - - return new KeyPair(new BCGOST3410PublicKey(pub, gost3410Params), new BCGOST3410PrivateKey(priv, gost3410Params)); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/gost/SignatureSpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/gost/SignatureSpi.java deleted file mode 100644 index 30a66601..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/gost/SignatureSpi.java +++ /dev/null @@ -1,229 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.gost; - -import java.math.BigInteger; -import java.security.InvalidKeyException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.SignatureException; -import java.security.spec.AlgorithmParameterSpec; - -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DSA; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.GOST3411Digest; -import org.bouncycastle.crypto.params.ParametersWithRandom; -import org.bouncycastle.crypto.signers.GOST3410Signer; -import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; -import org.bouncycastle.jce.interfaces.ECKey; -import org.bouncycastle.jce.interfaces.ECPublicKey; -import org.bouncycastle.jce.interfaces.GOST3410Key; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.jcajce.provider.asymmetric.util.GOST3410Util; - -public class SignatureSpi - extends java.security.SignatureSpi - implements PKCSObjectIdentifiers, X509ObjectIdentifiers -{ - private Digest digest; - private DSA signer; - private SecureRandom random; - - public SignatureSpi() - { - this.digest = new GOST3411Digest(); - this.signer = new GOST3410Signer(); - } - - protected void engineInitVerify( - PublicKey publicKey) - throws InvalidKeyException - { - CipherParameters param; - - if (publicKey instanceof ECPublicKey) - { - param = ECUtil.generatePublicKeyParameter(publicKey); - } - else if (publicKey instanceof GOST3410Key) - { - param = GOST3410Util.generatePublicKeyParameter(publicKey); - } - else - { - try - { - byte[] bytes = publicKey.getEncoded(); - - publicKey = BouncyCastleProvider.getPublicKey(SubjectPublicKeyInfo.getInstance(bytes)); - - if (publicKey instanceof ECPublicKey) - { - param = ECUtil.generatePublicKeyParameter(publicKey); - } - else - { - throw new InvalidKeyException("can't recognise key type in DSA based signer"); - } - } - catch (Exception e) - { - throw new InvalidKeyException("can't recognise key type in DSA based signer"); - } - } - - digest.reset(); - signer.init(false, param); - } - - protected void engineInitSign( - PrivateKey privateKey, - SecureRandom random) - throws InvalidKeyException - { - this.random = random; - engineInitSign(privateKey); - } - - protected void engineInitSign( - PrivateKey privateKey) - throws InvalidKeyException - { - CipherParameters param; - - if (privateKey instanceof ECKey) - { - param = ECUtil.generatePrivateKeyParameter(privateKey); - } - else - { - param = GOST3410Util.generatePrivateKeyParameter(privateKey); - } - - digest.reset(); - - if (random != null) - { - signer.init(true, new ParametersWithRandom(param, random)); - } - else - { - signer.init(true, param); - } - } - - protected void engineUpdate( - byte b) - throws SignatureException - { - digest.update(b); - } - - protected void engineUpdate( - byte[] b, - int off, - int len) - throws SignatureException - { - digest.update(b, off, len); - } - - protected byte[] engineSign() - throws SignatureException - { - byte[] hash = new byte[digest.getDigestSize()]; - - digest.doFinal(hash, 0); - - try - { - byte[] sigBytes = new byte[64]; - BigInteger[] sig = signer.generateSignature(hash); - byte[] r = sig[0].toByteArray(); - byte[] s = sig[1].toByteArray(); - - if (s[0] != 0) - { - System.arraycopy(s, 0, sigBytes, 32 - s.length, s.length); - } - else - { - System.arraycopy(s, 1, sigBytes, 32 - (s.length - 1), s.length - 1); - } - - if (r[0] != 0) - { - System.arraycopy(r, 0, sigBytes, 64 - r.length, r.length); - } - else - { - System.arraycopy(r, 1, sigBytes, 64 - (r.length - 1), r.length - 1); - } - - return sigBytes; - } - catch (Exception e) - { - throw new SignatureException(e.toString()); - } - } - - protected boolean engineVerify( - byte[] sigBytes) - throws SignatureException - { - byte[] hash = new byte[digest.getDigestSize()]; - - digest.doFinal(hash, 0); - - BigInteger[] sig; - - try - { - byte[] r = new byte[32]; - byte[] s = new byte[32]; - - System.arraycopy(sigBytes, 0, s, 0, 32); - - System.arraycopy(sigBytes, 32, r, 0, 32); - - sig = new BigInteger[2]; - sig[0] = new BigInteger(1, r); - sig[1] = new BigInteger(1, s); - } - catch (Exception e) - { - throw new SignatureException("error decoding signature bytes."); - } - - return signer.verifySignature(hash, sig[0], sig[1]); - } - - protected void engineSetParameter( - AlgorithmParameterSpec params) - { - throw new UnsupportedOperationException("engineSetParameter unsupported"); - } - - /** - * @deprecated replaced with <a href = "#engineSetParameter(java.security.spec.AlgorithmParameterSpec)"> - */ - protected void engineSetParameter( - String param, - Object value) - { - throw new UnsupportedOperationException("engineSetParameter unsupported"); - } - - /** - * @deprecated - */ - protected Object engineGetParameter( - String param) - { - throw new UnsupportedOperationException("engineSetParameter unsupported"); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ies/AlgorithmParametersSpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ies/AlgorithmParametersSpi.java deleted file mode 100644 index 61f1e373..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ies/AlgorithmParametersSpi.java +++ /dev/null @@ -1,138 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.ies; - -import java.io.IOException; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.InvalidParameterSpecException; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.jce.spec.IESParameterSpec; - -public class AlgorithmParametersSpi - extends java.security.AlgorithmParametersSpi -{ - protected boolean isASN1FormatString(String format) - { - return format == null || format.equals("ASN.1"); - } - - protected AlgorithmParameterSpec engineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == null) - { - throw new NullPointerException("argument to getParameterSpec must not be null"); - } - - return localEngineGetParameterSpec(paramSpec); - } - - IESParameterSpec currentSpec; - - /** - * in the absence of a standard way of doing it this will do for - * now... - */ - protected byte[] engineGetEncoded() - { - try - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(new DEROctetString(currentSpec.getDerivationV())); - v.add(new DEROctetString(currentSpec.getEncodingV())); - v.add(new ASN1Integer(currentSpec.getMacKeySize())); - - return new DERSequence(v).getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - throw new RuntimeException("Error encoding IESParameters"); - } - } - - protected byte[] engineGetEncoded( - String format) - { - if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) - { - return engineGetEncoded(); - } - - return null; - } - - protected AlgorithmParameterSpec localEngineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == IESParameterSpec.class) - { - return currentSpec; - } - - throw new InvalidParameterSpecException("unknown parameter spec passed to ElGamal parameters object."); - } - - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (!(paramSpec instanceof IESParameterSpec)) - { - throw new InvalidParameterSpecException("IESParameterSpec required to initialise a IES algorithm parameters object"); - } - - this.currentSpec = (IESParameterSpec)paramSpec; - } - - protected void engineInit( - byte[] params) - throws IOException - { - try - { - ASN1Sequence s = (ASN1Sequence)ASN1Primitive.fromByteArray(params); - - this.currentSpec = new IESParameterSpec( - ((ASN1OctetString)s.getObjectAt(0)).getOctets(), - ((ASN1OctetString)s.getObjectAt(0)).getOctets(), - ((ASN1Integer)s.getObjectAt(0)).getValue().intValue()); - } - catch (ClassCastException e) - { - throw new IOException("Not a valid IES Parameter encoding."); - } - catch (ArrayIndexOutOfBoundsException e) - { - throw new IOException("Not a valid IES Parameter encoding."); - } - } - - protected void engineInit( - byte[] params, - String format) - throws IOException - { - if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) - { - engineInit(params); - } - else - { - throw new IOException("Unknown parameter format " + format); - } - } - - protected String engineToString() - { - return "IES Parameters"; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ies/CipherSpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ies/CipherSpi.java deleted file mode 100644 index 8cfaf2a4..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ies/CipherSpi.java +++ /dev/null @@ -1,363 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.ies; - -import java.io.ByteArrayOutputStream; -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.BadPaddingException; -import javax.crypto.Cipher; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.interfaces.DHPrivateKey; - -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.InvalidCipherTextException; -import org.bouncycastle.crypto.agreement.DHBasicAgreement; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.engines.IESEngine; -import org.bouncycastle.crypto.generators.KDF2BytesGenerator; -import org.bouncycastle.crypto.macs.HMac; -import org.bouncycastle.crypto.params.IESParameters; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.jcajce.provider.asymmetric.util.DHUtil; -import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; -import org.bouncycastle.jce.interfaces.ECPrivateKey; -import org.bouncycastle.jce.interfaces.ECPublicKey; -import org.bouncycastle.jce.interfaces.IESKey; -import org.bouncycastle.jce.spec.IESParameterSpec; - -public class CipherSpi - extends javax.crypto.CipherSpi -{ - private IESEngine cipher; - private int state = -1; - private ByteArrayOutputStream buffer = new ByteArrayOutputStream(); - private AlgorithmParameters engineParam = null; - private IESParameterSpec engineParams = null; - - // - // specs we can handle. - // - private Class[] availableSpecs = - { - IESParameterSpec.class - }; - - public CipherSpi( - IESEngine engine) - { - cipher = engine; - } - - protected int engineGetBlockSize() - { - return 0; - } - - protected byte[] engineGetIV() - { - return null; - } - - protected int engineGetKeySize( - Key key) - { - if (!(key instanceof IESKey)) - { - throw new IllegalArgumentException("must be passed IE key"); - } - - IESKey ieKey = (IESKey)key; - - if (ieKey.getPrivate() instanceof DHPrivateKey) - { - DHPrivateKey k = (DHPrivateKey)ieKey.getPrivate(); - - return k.getX().bitLength(); - } - else if (ieKey.getPrivate() instanceof ECPrivateKey) - { - ECPrivateKey k = (ECPrivateKey)ieKey.getPrivate(); - - return k.getD().bitLength(); - } - - throw new IllegalArgumentException("not an IE key!"); - } - - protected int engineGetOutputSize( - int inputLen) - { - if (state == Cipher.ENCRYPT_MODE || state == Cipher.WRAP_MODE) - { - return buffer.size() + inputLen + 20; /* SHA1 MAC size */ - } - else if (state == Cipher.DECRYPT_MODE || state == Cipher.UNWRAP_MODE) - { - return buffer.size() + inputLen - 20; - } - else - { - throw new IllegalStateException("cipher not initialised"); - } - } - - protected AlgorithmParameters engineGetParameters() - { - if (engineParam == null) - { - if (engineParams != null) - { - String name = "IES"; - - try - { - engineParam = AlgorithmParameters.getInstance(name, BouncyCastleProvider.PROVIDER_NAME); - engineParam.init(engineParams); - } - catch (Exception e) - { - throw new RuntimeException(e.toString()); - } - } - } - - return engineParam; - } - - protected void engineSetMode( - String mode) - { - throw new IllegalArgumentException("can't support mode " + mode); - } - - protected void engineSetPadding( - String padding) - throws NoSuchPaddingException - { - throw new NoSuchPaddingException(padding + " unavailable with RSA."); - } - - protected void engineInit( - int opmode, - Key key, - AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - if (!(key instanceof IESKey)) - { - throw new InvalidKeyException("must be passed IES key"); - } - - if (params == null && (opmode == Cipher.ENCRYPT_MODE || opmode == Cipher.WRAP_MODE)) - { - // - // if nothing is specified we set up for a 128 bit mac, with - // 128 bit derivation vectors. - // - byte[] d = new byte[16]; - byte[] e = new byte[16]; - - if (random == null) - { - random = new SecureRandom(); - } - - random.nextBytes(d); - random.nextBytes(e); - - params = new IESParameterSpec(d, e, 128); - } - else if (!(params instanceof IESParameterSpec)) - { - throw new InvalidAlgorithmParameterException("must be passed IES parameters"); - } - - IESKey ieKey = (IESKey)key; - - CipherParameters pubKey; - CipherParameters privKey; - - if (ieKey.getPublic() instanceof ECPublicKey) - { - pubKey = ECUtil.generatePublicKeyParameter(ieKey.getPublic()); - privKey = ECUtil.generatePrivateKeyParameter(ieKey.getPrivate()); - } - else - { - pubKey = DHUtil.generatePublicKeyParameter(ieKey.getPublic()); - privKey = DHUtil.generatePrivateKeyParameter(ieKey.getPrivate()); - } - - this.engineParams = (IESParameterSpec)params; - - IESParameters p = new IESParameters(engineParams.getDerivationV(), engineParams.getEncodingV(), engineParams.getMacKeySize()); - - this.state = opmode; - - buffer.reset(); - - switch (opmode) - { - case Cipher.ENCRYPT_MODE: - case Cipher.WRAP_MODE: - cipher.init(true, privKey, pubKey, p); - break; - case Cipher.DECRYPT_MODE: - case Cipher.UNWRAP_MODE: - cipher.init(false, privKey, pubKey, p); - break; - default: - System.out.println("eeek!"); - } - } - - protected void engineInit( - int opmode, - Key key, - AlgorithmParameters params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - AlgorithmParameterSpec paramSpec = null; - - if (params != null) - { - for (int i = 0; i != availableSpecs.length; i++) - { - try - { - paramSpec = params.getParameterSpec(availableSpecs[i]); - break; - } - catch (Exception e) - { - continue; - } - } - - if (paramSpec == null) - { - throw new InvalidAlgorithmParameterException("can't handle parameter " + params.toString()); - } - } - - engineParam = params; - engineInit(opmode, key, paramSpec, random); - } - - protected void engineInit( - int opmode, - Key key, - SecureRandom random) - throws InvalidKeyException - { - if (opmode == Cipher.ENCRYPT_MODE || opmode == Cipher.WRAP_MODE) - { - try - { - engineInit(opmode, key, (AlgorithmParameterSpec)null, random); - return; - } - catch (InvalidAlgorithmParameterException e) - { - // fall through... - } - } - - throw new IllegalArgumentException("can't handle null parameter spec in IES"); - } - - protected byte[] engineUpdate( - byte[] input, - int inputOffset, - int inputLen) - { - buffer.write(input, inputOffset, inputLen); - return null; - } - - protected int engineUpdate( - byte[] input, - int inputOffset, - int inputLen, - byte[] output, - int outputOffset) - { - buffer.write(input, inputOffset, inputLen); - return 0; - } - - protected byte[] engineDoFinal( - byte[] input, - int inputOffset, - int inputLen) - throws IllegalBlockSizeException, BadPaddingException - { - if (inputLen != 0) - { - buffer.write(input, inputOffset, inputLen); - } - - try - { - byte[] buf = buffer.toByteArray(); - - buffer.reset(); - - return cipher.processBlock(buf, 0, buf.length); - } - catch (InvalidCipherTextException e) - { - throw new BadPaddingException(e.getMessage()); - } - } - - protected int engineDoFinal( - byte[] input, - int inputOffset, - int inputLen, - byte[] output, - int outputOffset) - throws IllegalBlockSizeException, BadPaddingException - { - if (inputLen != 0) - { - buffer.write(input, inputOffset, inputLen); - } - - try - { - byte[] buf = buffer.toByteArray(); - - buffer.reset(); - - buf = cipher.processBlock(buf, 0, buf.length); - - System.arraycopy(buf, 0, output, outputOffset, buf.length); - - return buf.length; - } - catch (InvalidCipherTextException e) - { - throw new BadPaddingException(e.getMessage()); - } - } - - static public class IES - extends CipherSpi - { - public IES() - { - super(new IESEngine( - new DHBasicAgreement(), - new KDF2BytesGenerator(new SHA1Digest()), - new HMac(new SHA1Digest()))); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/AlgorithmParametersSpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/AlgorithmParametersSpi.java deleted file mode 100644 index baee6d52..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/AlgorithmParametersSpi.java +++ /dev/null @@ -1,265 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.rsa; - -import java.io.IOException; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.InvalidParameterSpecException; -import java.security.spec.MGF1ParameterSpec; -import java.security.spec.PSSParameterSpec; - -import javax.crypto.spec.OAEPParameterSpec; -import javax.crypto.spec.PSource; - -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.RSAESOAEPparams; -import org.bouncycastle.asn1.pkcs.RSASSAPSSparams; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.jcajce.provider.util.DigestFactory; - -public abstract class AlgorithmParametersSpi - extends java.security.AlgorithmParametersSpi -{ - protected boolean isASN1FormatString(String format) - { - return format == null || format.equals("ASN.1"); - } - - protected AlgorithmParameterSpec engineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == null) - { - throw new NullPointerException("argument to getParameterSpec must not be null"); - } - - return localEngineGetParameterSpec(paramSpec); - } - - protected abstract AlgorithmParameterSpec localEngineGetParameterSpec(Class paramSpec) - throws InvalidParameterSpecException; - - public static class OAEP - extends AlgorithmParametersSpi - { - OAEPParameterSpec currentSpec; - - /** - * Return the PKCS#1 ASN.1 structure RSAES-OAEP-params. - */ - protected byte[] engineGetEncoded() - { - AlgorithmIdentifier hashAlgorithm = new AlgorithmIdentifier( - DigestFactory.getOID(currentSpec.getDigestAlgorithm()), - DERNull.INSTANCE); - MGF1ParameterSpec mgfSpec = (MGF1ParameterSpec)currentSpec.getMGFParameters(); - AlgorithmIdentifier maskGenAlgorithm = new AlgorithmIdentifier( - PKCSObjectIdentifiers.id_mgf1, - new AlgorithmIdentifier(DigestFactory.getOID(mgfSpec.getDigestAlgorithm()), DERNull.INSTANCE)); - PSource.PSpecified pSource = (PSource.PSpecified)currentSpec.getPSource(); - AlgorithmIdentifier pSourceAlgorithm = new AlgorithmIdentifier( - PKCSObjectIdentifiers.id_pSpecified, new DEROctetString(pSource.getValue())); - RSAESOAEPparams oaepP = new RSAESOAEPparams(hashAlgorithm, maskGenAlgorithm, pSourceAlgorithm); - - try - { - return oaepP.getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - throw new RuntimeException("Error encoding OAEPParameters"); - } - } - - protected byte[] engineGetEncoded( - String format) - { - if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) - { - return engineGetEncoded(); - } - - return null; - } - - protected AlgorithmParameterSpec localEngineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == OAEPParameterSpec.class && currentSpec != null) - { - return currentSpec; - } - - throw new InvalidParameterSpecException("unknown parameter spec passed to OAEP parameters object."); - } - - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (!(paramSpec instanceof OAEPParameterSpec)) - { - throw new InvalidParameterSpecException("OAEPParameterSpec required to initialise an OAEP algorithm parameters object"); - } - - this.currentSpec = (OAEPParameterSpec)paramSpec; - } - - protected void engineInit( - byte[] params) - throws IOException - { - try - { - RSAESOAEPparams oaepP = RSAESOAEPparams.getInstance(params); - - currentSpec = new OAEPParameterSpec( - oaepP.getHashAlgorithm().getAlgorithm().getId(), - oaepP.getMaskGenAlgorithm().getAlgorithm().getId(), - new MGF1ParameterSpec(AlgorithmIdentifier.getInstance(oaepP.getMaskGenAlgorithm().getParameters()).getAlgorithm().getId()), - new PSource.PSpecified(ASN1OctetString.getInstance(oaepP.getPSourceAlgorithm().getParameters()).getOctets())); - } - catch (ClassCastException e) - { - throw new IOException("Not a valid OAEP Parameter encoding."); - } - catch (ArrayIndexOutOfBoundsException e) - { - throw new IOException("Not a valid OAEP Parameter encoding."); - } - } - - protected void engineInit( - byte[] params, - String format) - throws IOException - { - if (format.equalsIgnoreCase("X.509") - || format.equalsIgnoreCase("ASN.1")) - { - engineInit(params); - } - else - { - throw new IOException("Unknown parameter format " + format); - } - } - - protected String engineToString() - { - return "OAEP Parameters"; - } - } - - public static class PSS - extends AlgorithmParametersSpi - { - PSSParameterSpec currentSpec; - - /** - * Return the PKCS#1 ASN.1 structure RSASSA-PSS-params. - */ - protected byte[] engineGetEncoded() - throws IOException - { - PSSParameterSpec pssSpec = currentSpec; - AlgorithmIdentifier hashAlgorithm = new AlgorithmIdentifier( - DigestFactory.getOID(pssSpec.getDigestAlgorithm()), - DERNull.INSTANCE); - MGF1ParameterSpec mgfSpec = (MGF1ParameterSpec)pssSpec.getMGFParameters(); - AlgorithmIdentifier maskGenAlgorithm = new AlgorithmIdentifier( - PKCSObjectIdentifiers.id_mgf1, - new AlgorithmIdentifier(DigestFactory.getOID(mgfSpec.getDigestAlgorithm()), DERNull.INSTANCE)); - RSASSAPSSparams pssP = new RSASSAPSSparams(hashAlgorithm, maskGenAlgorithm, new ASN1Integer(pssSpec.getSaltLength()), new ASN1Integer(pssSpec.getTrailerField())); - - return pssP.getEncoded("DER"); - } - - protected byte[] engineGetEncoded( - String format) - throws IOException - { - if (format.equalsIgnoreCase("X.509") - || format.equalsIgnoreCase("ASN.1")) - { - return engineGetEncoded(); - } - - return null; - } - - protected AlgorithmParameterSpec localEngineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == PSSParameterSpec.class && currentSpec != null) - { - return currentSpec; - } - - throw new InvalidParameterSpecException("unknown parameter spec passed to PSS parameters object."); - } - - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (!(paramSpec instanceof PSSParameterSpec)) - { - throw new InvalidParameterSpecException("PSSParameterSpec required to initialise an PSS algorithm parameters object"); - } - - this.currentSpec = (PSSParameterSpec)paramSpec; - } - - protected void engineInit( - byte[] params) - throws IOException - { - try - { - RSASSAPSSparams pssP = RSASSAPSSparams.getInstance(params); - - currentSpec = new PSSParameterSpec( - pssP.getHashAlgorithm().getAlgorithm().getId(), - pssP.getMaskGenAlgorithm().getAlgorithm().getId(), - new MGF1ParameterSpec(AlgorithmIdentifier.getInstance(pssP.getMaskGenAlgorithm().getParameters()).getAlgorithm().getId()), - pssP.getSaltLength().intValue(), - pssP.getTrailerField().intValue()); - } - catch (ClassCastException e) - { - throw new IOException("Not a valid PSS Parameter encoding."); - } - catch (ArrayIndexOutOfBoundsException e) - { - throw new IOException("Not a valid PSS Parameter encoding."); - } - } - - protected void engineInit( - byte[] params, - String format) - throws IOException - { - if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509")) - { - engineInit(params); - } - else - { - throw new IOException("Unknown parameter format " + format); - } - } - - protected String engineToString() - { - return "PSS Parameters"; - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateCrtKey.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateCrtKey.java deleted file mode 100644 index 9b70d74d..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateCrtKey.java +++ /dev/null @@ -1,241 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.rsa; - -import java.io.IOException; -import java.math.BigInteger; -import java.security.interfaces.RSAPrivateCrtKey; -import java.security.spec.RSAPrivateCrtKeySpec; - -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.pkcs.RSAPrivateKey; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters; -import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; - -/** - * A provider representation for a RSA private key, with CRT factors included. - */ -public class BCRSAPrivateCrtKey - extends BCRSAPrivateKey - implements RSAPrivateCrtKey -{ - static final long serialVersionUID = 7834723820638524718L; - - private BigInteger publicExponent; - private BigInteger primeP; - private BigInteger primeQ; - private BigInteger primeExponentP; - private BigInteger primeExponentQ; - private BigInteger crtCoefficient; - - /** - * construct a private key from it's org.bouncycastle.crypto equivalent. - * - * @param key the parameters object representing the private key. - */ - BCRSAPrivateCrtKey( - RSAPrivateCrtKeyParameters key) - { - super(key); - - this.publicExponent = key.getPublicExponent(); - this.primeP = key.getP(); - this.primeQ = key.getQ(); - this.primeExponentP = key.getDP(); - this.primeExponentQ = key.getDQ(); - this.crtCoefficient = key.getQInv(); - } - - /** - * construct a private key from an RSAPrivateCrtKeySpec - * - * @param spec the spec to be used in construction. - */ - BCRSAPrivateCrtKey( - RSAPrivateCrtKeySpec spec) - { - this.modulus = spec.getModulus(); - this.publicExponent = spec.getPublicExponent(); - this.privateExponent = spec.getPrivateExponent(); - this.primeP = spec.getPrimeP(); - this.primeQ = spec.getPrimeQ(); - this.primeExponentP = spec.getPrimeExponentP(); - this.primeExponentQ = spec.getPrimeExponentQ(); - this.crtCoefficient = spec.getCrtCoefficient(); - } - - /** - * construct a private key from another RSAPrivateCrtKey. - * - * @param key the object implementing the RSAPrivateCrtKey interface. - */ - BCRSAPrivateCrtKey( - RSAPrivateCrtKey key) - { - this.modulus = key.getModulus(); - this.publicExponent = key.getPublicExponent(); - this.privateExponent = key.getPrivateExponent(); - this.primeP = key.getPrimeP(); - this.primeQ = key.getPrimeQ(); - this.primeExponentP = key.getPrimeExponentP(); - this.primeExponentQ = key.getPrimeExponentQ(); - this.crtCoefficient = key.getCrtCoefficient(); - } - - /** - * construct an RSA key from a private key info object. - */ - BCRSAPrivateCrtKey( - PrivateKeyInfo info) - throws IOException - { - this(RSAPrivateKey.getInstance(info.parsePrivateKey())); - } - - /** - * construct an RSA key from a ASN.1 RSA private key object. - */ - BCRSAPrivateCrtKey( - RSAPrivateKey key) - { - this.modulus = key.getModulus(); - this.publicExponent = key.getPublicExponent(); - this.privateExponent = key.getPrivateExponent(); - this.primeP = key.getPrime1(); - this.primeQ = key.getPrime2(); - this.primeExponentP = key.getExponent1(); - this.primeExponentQ = key.getExponent2(); - this.crtCoefficient = key.getCoefficient(); - } - - /** - * return the encoding format we produce in getEncoded(). - * - * @return the encoding format we produce in getEncoded(). - */ - public String getFormat() - { - return "PKCS#8"; - } - - /** - * Return a PKCS8 representation of the key. The sequence returned - * represents a full PrivateKeyInfo object. - * - * @return a PKCS8 representation of the key. - */ - public byte[] getEncoded() - { - return KeyUtil.getEncodedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new RSAPrivateKey(getModulus(), getPublicExponent(), getPrivateExponent(), getPrimeP(), getPrimeQ(), getPrimeExponentP(), getPrimeExponentQ(), getCrtCoefficient())); - } - - /** - * return the public exponent. - * - * @return the public exponent. - */ - public BigInteger getPublicExponent() - { - return publicExponent; - } - - /** - * return the prime P. - * - * @return the prime P. - */ - public BigInteger getPrimeP() - { - return primeP; - } - - /** - * return the prime Q. - * - * @return the prime Q. - */ - public BigInteger getPrimeQ() - { - return primeQ; - } - - /** - * return the prime exponent for P. - * - * @return the prime exponent for P. - */ - public BigInteger getPrimeExponentP() - { - return primeExponentP; - } - - /** - * return the prime exponent for Q. - * - * @return the prime exponent for Q. - */ - public BigInteger getPrimeExponentQ() - { - return primeExponentQ; - } - - /** - * return the CRT coefficient. - * - * @return the CRT coefficient. - */ - public BigInteger getCrtCoefficient() - { - return crtCoefficient; - } - - public int hashCode() - { - return this.getModulus().hashCode() - ^ this.getPublicExponent().hashCode() - ^ this.getPrivateExponent().hashCode(); - } - - public boolean equals(Object o) - { - if (o == this) - { - return true; - } - - if (!(o instanceof RSAPrivateCrtKey)) - { - return false; - } - - RSAPrivateCrtKey key = (RSAPrivateCrtKey)o; - - return this.getModulus().equals(key.getModulus()) - && this.getPublicExponent().equals(key.getPublicExponent()) - && this.getPrivateExponent().equals(key.getPrivateExponent()) - && this.getPrimeP().equals(key.getPrimeP()) - && this.getPrimeQ().equals(key.getPrimeQ()) - && this.getPrimeExponentP().equals(key.getPrimeExponentP()) - && this.getPrimeExponentQ().equals(key.getPrimeExponentQ()) - && this.getCrtCoefficient().equals(key.getCrtCoefficient()); - } - - public String toString() - { - StringBuffer buf = new StringBuffer(); - String nl = System.getProperty("line.separator"); - - buf.append("RSA Private CRT Key").append(nl); - buf.append(" modulus: ").append(this.getModulus().toString(16)).append(nl); - buf.append(" public exponent: ").append(this.getPublicExponent().toString(16)).append(nl); - buf.append(" private exponent: ").append(this.getPrivateExponent().toString(16)).append(nl); - buf.append(" primeP: ").append(this.getPrimeP().toString(16)).append(nl); - buf.append(" primeQ: ").append(this.getPrimeQ().toString(16)).append(nl); - buf.append(" primeExponentP: ").append(this.getPrimeExponentP().toString(16)).append(nl); - buf.append(" primeExponentQ: ").append(this.getPrimeExponentQ().toString(16)).append(nl); - buf.append(" crtCoefficient: ").append(this.getCrtCoefficient().toString(16)).append(nl); - - return buf.toString(); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateKey.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateKey.java deleted file mode 100644 index b82c5f80..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateKey.java +++ /dev/null @@ -1,145 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.rsa; - -import java.io.IOException; -import java.io.ObjectInputStream; -import java.io.ObjectOutputStream; -import java.math.BigInteger; -import java.security.interfaces.RSAPrivateKey; -import java.security.spec.RSAPrivateKeySpec; -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.crypto.params.RSAKeyParameters; -import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; -import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl; -import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; - -public class BCRSAPrivateKey - implements RSAPrivateKey, PKCS12BagAttributeCarrier -{ - static final long serialVersionUID = 5110188922551353628L; - - private static BigInteger ZERO = BigInteger.valueOf(0); - - protected BigInteger modulus; - protected BigInteger privateExponent; - - private transient PKCS12BagAttributeCarrierImpl attrCarrier = new PKCS12BagAttributeCarrierImpl(); - - protected BCRSAPrivateKey() - { - } - - BCRSAPrivateKey( - RSAKeyParameters key) - { - this.modulus = key.getModulus(); - this.privateExponent = key.getExponent(); - } - - BCRSAPrivateKey( - RSAPrivateKeySpec spec) - { - this.modulus = spec.getModulus(); - this.privateExponent = spec.getPrivateExponent(); - } - - BCRSAPrivateKey( - RSAPrivateKey key) - { - this.modulus = key.getModulus(); - this.privateExponent = key.getPrivateExponent(); - } - - BCRSAPrivateKey(org.bouncycastle.asn1.pkcs.RSAPrivateKey key) - { - this.modulus = key.getModulus(); - this.privateExponent = key.getPrivateExponent(); - } - - public BigInteger getModulus() - { - return modulus; - } - - public BigInteger getPrivateExponent() - { - return privateExponent; - } - - public String getAlgorithm() - { - return "RSA"; - } - - public String getFormat() - { - return "PKCS#8"; - } - - public byte[] getEncoded() - { - return KeyUtil.getEncodedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new org.bouncycastle.asn1.pkcs.RSAPrivateKey(getModulus(), ZERO, getPrivateExponent(), ZERO, ZERO, ZERO, ZERO, ZERO)); - } - - public boolean equals(Object o) - { - if (!(o instanceof RSAPrivateKey)) - { - return false; - } - - if (o == this) - { - return true; - } - - RSAPrivateKey key = (RSAPrivateKey)o; - - return getModulus().equals(key.getModulus()) - && getPrivateExponent().equals(key.getPrivateExponent()); - } - - public int hashCode() - { - return getModulus().hashCode() ^ getPrivateExponent().hashCode(); - } - - public void setBagAttribute( - ASN1ObjectIdentifier oid, - ASN1Encodable attribute) - { - attrCarrier.setBagAttribute(oid, attribute); - } - - public ASN1Encodable getBagAttribute( - ASN1ObjectIdentifier oid) - { - return attrCarrier.getBagAttribute(oid); - } - - public Enumeration getBagAttributeKeys() - { - return attrCarrier.getBagAttributeKeys(); - } - - private void readObject( - ObjectInputStream in) - throws IOException, ClassNotFoundException - { - in.defaultReadObject(); - - this.attrCarrier = new PKCS12BagAttributeCarrierImpl(); - } - - private void writeObject( - ObjectOutputStream out) - throws IOException - { - out.defaultWriteObject(); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPublicKey.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPublicKey.java deleted file mode 100644 index 6f5292ce..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPublicKey.java +++ /dev/null @@ -1,177 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.rsa; - -import java.io.EOFException; -import java.io.IOException; -import java.io.ObjectInputStream; -import java.io.ObjectOutputStream; -import java.io.OptionalDataException; -import java.math.BigInteger; -import java.security.interfaces.RSAPublicKey; -import java.security.spec.RSAPublicKeySpec; - -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.crypto.params.RSAKeyParameters; -import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; - -public class BCRSAPublicKey - implements RSAPublicKey -{ - private static final AlgorithmIdentifier DEFAULT_ALGORITHM_IDENTIFIER = new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE); - - static final long serialVersionUID = 2675817738516720772L; - - private BigInteger modulus; - private BigInteger publicExponent; - private transient AlgorithmIdentifier algorithmIdentifier; - - BCRSAPublicKey( - RSAKeyParameters key) - { - this.algorithmIdentifier = DEFAULT_ALGORITHM_IDENTIFIER; - this.modulus = key.getModulus(); - this.publicExponent = key.getExponent(); - } - - BCRSAPublicKey( - RSAPublicKeySpec spec) - { - this.algorithmIdentifier = DEFAULT_ALGORITHM_IDENTIFIER; - this.modulus = spec.getModulus(); - this.publicExponent = spec.getPublicExponent(); - } - - BCRSAPublicKey( - RSAPublicKey key) - { - this.algorithmIdentifier = DEFAULT_ALGORITHM_IDENTIFIER; - this.modulus = key.getModulus(); - this.publicExponent = key.getPublicExponent(); - } - - BCRSAPublicKey( - SubjectPublicKeyInfo info) - { - populateFromPublicKeyInfo(info); - } - - private void populateFromPublicKeyInfo(SubjectPublicKeyInfo info) - { - try - { - org.bouncycastle.asn1.pkcs.RSAPublicKey pubKey = org.bouncycastle.asn1.pkcs.RSAPublicKey.getInstance(info.parsePublicKey()); - - this.algorithmIdentifier = info.getAlgorithm(); - this.modulus = pubKey.getModulus(); - this.publicExponent = pubKey.getPublicExponent(); - } - catch (IOException e) - { - throw new IllegalArgumentException("invalid info structure in RSA public key"); - } - } - - /** - * return the modulus. - * - * @return the modulus. - */ - public BigInteger getModulus() - { - return modulus; - } - - /** - * return the public exponent. - * - * @return the public exponent. - */ - public BigInteger getPublicExponent() - { - return publicExponent; - } - - public String getAlgorithm() - { - return "RSA"; - } - - public String getFormat() - { - return "X.509"; - } - - public byte[] getEncoded() - { - return KeyUtil.getEncodedSubjectPublicKeyInfo(algorithmIdentifier, new org.bouncycastle.asn1.pkcs.RSAPublicKey(getModulus(), getPublicExponent())); - } - - public int hashCode() - { - return this.getModulus().hashCode() ^ this.getPublicExponent().hashCode(); - } - - public boolean equals(Object o) - { - if (o == this) - { - return true; - } - - if (!(o instanceof RSAPublicKey)) - { - return false; - } - - RSAPublicKey key = (RSAPublicKey)o; - - return getModulus().equals(key.getModulus()) - && getPublicExponent().equals(key.getPublicExponent()); - } - - public String toString() - { - StringBuffer buf = new StringBuffer(); - String nl = System.getProperty("line.separator"); - - buf.append("RSA Public Key").append(nl); - buf.append(" modulus: ").append(this.getModulus().toString(16)).append(nl); - buf.append(" public exponent: ").append(this.getPublicExponent().toString(16)).append(nl); - - return buf.toString(); - } - - private void readObject( - ObjectInputStream in) - throws IOException, ClassNotFoundException - { - in.defaultReadObject(); - - try - { - algorithmIdentifier = AlgorithmIdentifier.getInstance(in.readObject()); - } - catch (OptionalDataException e) - { - algorithmIdentifier = DEFAULT_ALGORITHM_IDENTIFIER; - } - catch (EOFException e) - { - algorithmIdentifier = DEFAULT_ALGORITHM_IDENTIFIER; - } - } - - private void writeObject( - ObjectOutputStream out) - throws IOException - { - out.defaultWriteObject(); - - if (!algorithmIdentifier.equals(DEFAULT_ALGORITHM_IDENTIFIER)) - { - out.writeObject(algorithmIdentifier.getEncoded()); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java deleted file mode 100644 index cabf51b2..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java +++ /dev/null @@ -1,586 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.rsa; - -import java.io.ByteArrayOutputStream; -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.InvalidParameterException; -import java.security.Key; -import java.security.NoSuchAlgorithmException; -import java.security.SecureRandom; -import java.security.interfaces.RSAPrivateKey; -import java.security.interfaces.RSAPublicKey; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.InvalidParameterSpecException; -import java.security.spec.MGF1ParameterSpec; - -import javax.crypto.BadPaddingException; -import javax.crypto.Cipher; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.spec.OAEPParameterSpec; -import javax.crypto.spec.PSource; - -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.crypto.AsymmetricBlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.InvalidCipherTextException; -import org.bouncycastle.crypto.encodings.ISO9796d1Encoding; -import org.bouncycastle.crypto.encodings.OAEPEncoding; -import org.bouncycastle.crypto.encodings.PKCS1Encoding; -import org.bouncycastle.crypto.engines.RSABlindedEngine; -import org.bouncycastle.crypto.params.ParametersWithRandom; -import org.bouncycastle.jcajce.provider.asymmetric.util.BaseCipherSpi; -import org.bouncycastle.jcajce.provider.util.DigestFactory; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.util.Strings; - -public class CipherSpi - extends BaseCipherSpi -{ - private AsymmetricBlockCipher cipher; - private AlgorithmParameterSpec paramSpec; - private AlgorithmParameters engineParams; - private boolean publicKeyOnly = false; - private boolean privateKeyOnly = false; - private ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - public CipherSpi( - AsymmetricBlockCipher engine) - { - cipher = engine; - } - - public CipherSpi( - OAEPParameterSpec pSpec) - { - try - { - initFromSpec(pSpec); - } - catch (NoSuchPaddingException e) - { - throw new IllegalArgumentException(e.getMessage()); - } - } - - public CipherSpi( - boolean publicKeyOnly, - boolean privateKeyOnly, - AsymmetricBlockCipher engine) - { - this.publicKeyOnly = publicKeyOnly; - this.privateKeyOnly = privateKeyOnly; - cipher = engine; - } - - private void initFromSpec( - OAEPParameterSpec pSpec) - throws NoSuchPaddingException - { - MGF1ParameterSpec mgfParams = (MGF1ParameterSpec)pSpec.getMGFParameters(); - Digest digest = DigestFactory.getDigest(mgfParams.getDigestAlgorithm()); - - if (digest == null) - { - throw new NoSuchPaddingException("no match on OAEP constructor for digest algorithm: "+ mgfParams.getDigestAlgorithm()); - } - - cipher = new OAEPEncoding(new RSABlindedEngine(), digest, ((PSource.PSpecified)pSpec.getPSource()).getValue()); - paramSpec = pSpec; - } - - protected int engineGetBlockSize() - { - try - { - return cipher.getInputBlockSize(); - } - catch (NullPointerException e) - { - throw new IllegalStateException("RSA Cipher not initialised"); - } - } - - protected int engineGetKeySize( - Key key) - { - if (key instanceof RSAPrivateKey) - { - RSAPrivateKey k = (RSAPrivateKey)key; - - return k.getModulus().bitLength(); - } - else if (key instanceof RSAPublicKey) - { - RSAPublicKey k = (RSAPublicKey)key; - - return k.getModulus().bitLength(); - } - - throw new IllegalArgumentException("not an RSA key!"); - } - - protected int engineGetOutputSize( - int inputLen) - { - try - { - return cipher.getOutputBlockSize(); - } - catch (NullPointerException e) - { - throw new IllegalStateException("RSA Cipher not initialised"); - } - } - - protected AlgorithmParameters engineGetParameters() - { - if (engineParams == null) - { - if (paramSpec != null) - { - try - { - engineParams = AlgorithmParameters.getInstance("OAEP", BouncyCastleProvider.PROVIDER_NAME); - engineParams.init(paramSpec); - } - catch (Exception e) - { - throw new RuntimeException(e.toString()); - } - } - } - - return engineParams; - } - - protected void engineSetMode( - String mode) - throws NoSuchAlgorithmException - { - String md = Strings.toUpperCase(mode); - - if (md.equals("NONE") || md.equals("ECB")) - { - return; - } - - if (md.equals("1")) - { - privateKeyOnly = true; - publicKeyOnly = false; - return; - } - else if (md.equals("2")) - { - privateKeyOnly = false; - publicKeyOnly = true; - return; - } - - throw new NoSuchAlgorithmException("can't support mode " + mode); - } - - protected void engineSetPadding( - String padding) - throws NoSuchPaddingException - { - String pad = Strings.toUpperCase(padding); - - if (pad.equals("NOPADDING")) - { - cipher = new RSABlindedEngine(); - } - else if (pad.equals("PKCS1PADDING")) - { - cipher = new PKCS1Encoding(new RSABlindedEngine()); - } - else if (pad.equals("ISO9796-1PADDING")) - { - cipher = new ISO9796d1Encoding(new RSABlindedEngine()); - } - else if (pad.equals("OAEPWITHMD5ANDMGF1PADDING")) - { - initFromSpec(new OAEPParameterSpec("MD5", "MGF1", new MGF1ParameterSpec("MD5"), PSource.PSpecified.DEFAULT)); - } - else if (pad.equals("OAEPPADDING")) - { - initFromSpec(OAEPParameterSpec.DEFAULT); - } - else if (pad.equals("OAEPWITHSHA1ANDMGF1PADDING") || pad.equals("OAEPWITHSHA-1ANDMGF1PADDING")) - { - initFromSpec(OAEPParameterSpec.DEFAULT); - } - else if (pad.equals("OAEPWITHSHA224ANDMGF1PADDING") || pad.equals("OAEPWITHSHA-224ANDMGF1PADDING")) - { - initFromSpec(new OAEPParameterSpec("SHA-224", "MGF1", new MGF1ParameterSpec("SHA-224"), PSource.PSpecified.DEFAULT)); - } - else if (pad.equals("OAEPWITHSHA256ANDMGF1PADDING") || pad.equals("OAEPWITHSHA-256ANDMGF1PADDING")) - { - initFromSpec(new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT)); - } - else if (pad.equals("OAEPWITHSHA384ANDMGF1PADDING") || pad.equals("OAEPWITHSHA-384ANDMGF1PADDING")) - { - initFromSpec(new OAEPParameterSpec("SHA-384", "MGF1", MGF1ParameterSpec.SHA384, PSource.PSpecified.DEFAULT)); - } - else if (pad.equals("OAEPWITHSHA512ANDMGF1PADDING") || pad.equals("OAEPWITHSHA-512ANDMGF1PADDING")) - { - initFromSpec(new OAEPParameterSpec("SHA-512", "MGF1", MGF1ParameterSpec.SHA512, PSource.PSpecified.DEFAULT)); - } - else - { - throw new NoSuchPaddingException(padding + " unavailable with RSA."); - } - } - - protected void engineInit( - int opmode, - Key key, - AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - CipherParameters param; - - if (params == null || params instanceof OAEPParameterSpec) - { - if (key instanceof RSAPublicKey) - { - if (privateKeyOnly && opmode == Cipher.ENCRYPT_MODE) - { - throw new InvalidKeyException( - "mode 1 requires RSAPrivateKey"); - } - - param = RSAUtil.generatePublicKeyParameter((RSAPublicKey)key); - } - else if (key instanceof RSAPrivateKey) - { - if (publicKeyOnly && opmode == Cipher.ENCRYPT_MODE) - { - throw new InvalidKeyException( - "mode 2 requires RSAPublicKey"); - } - - param = RSAUtil.generatePrivateKeyParameter((RSAPrivateKey)key); - } - else - { - throw new InvalidKeyException("unknown key type passed to RSA"); - } - - if (params != null) - { - OAEPParameterSpec spec = (OAEPParameterSpec)params; - - paramSpec = params; - - if (!spec.getMGFAlgorithm().equalsIgnoreCase("MGF1") && !spec.getMGFAlgorithm().equals(PKCSObjectIdentifiers.id_mgf1.getId())) - { - throw new InvalidAlgorithmParameterException("unknown mask generation function specified"); - } - - if (!(spec.getMGFParameters() instanceof MGF1ParameterSpec)) - { - throw new InvalidAlgorithmParameterException("unkown MGF parameters"); - } - - Digest digest = DigestFactory.getDigest(spec.getDigestAlgorithm()); - - if (digest == null) - { - throw new InvalidAlgorithmParameterException("no match on digest algorithm: "+ spec.getDigestAlgorithm()); - } - - MGF1ParameterSpec mgfParams = (MGF1ParameterSpec)spec.getMGFParameters(); - Digest mgfDigest = DigestFactory.getDigest(mgfParams.getDigestAlgorithm()); - - if (mgfDigest == null) - { - throw new InvalidAlgorithmParameterException("no match on MGF digest algorithm: "+ mgfParams.getDigestAlgorithm()); - } - - cipher = new OAEPEncoding(new RSABlindedEngine(), digest, mgfDigest, ((PSource.PSpecified)spec.getPSource()).getValue()); - } - } - else - { - throw new InvalidAlgorithmParameterException("unknown parameter type: " + params.getClass().getName()); - } - - if (!(cipher instanceof RSABlindedEngine)) - { - if (random != null) - { - param = new ParametersWithRandom(param, random); - } - else - { - param = new ParametersWithRandom(param, new SecureRandom()); - } - } - - bOut.reset(); - - switch (opmode) - { - case Cipher.ENCRYPT_MODE: - case Cipher.WRAP_MODE: - cipher.init(true, param); - break; - case Cipher.DECRYPT_MODE: - case Cipher.UNWRAP_MODE: - cipher.init(false, param); - break; - default: - throw new InvalidParameterException("unknown opmode " + opmode + " passed to RSA"); - } - } - - protected void engineInit( - int opmode, - Key key, - AlgorithmParameters params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - AlgorithmParameterSpec paramSpec = null; - - if (params != null) - { - try - { - paramSpec = params.getParameterSpec(OAEPParameterSpec.class); - } - catch (InvalidParameterSpecException e) - { - throw new InvalidAlgorithmParameterException("cannot recognise parameters: " + e.toString(), e); - } - } - - engineParams = params; - engineInit(opmode, key, paramSpec, random); - } - - protected void engineInit( - int opmode, - Key key, - SecureRandom random) - throws InvalidKeyException - { - try - { - engineInit(opmode, key, (AlgorithmParameterSpec)null, random); - } - catch (InvalidAlgorithmParameterException e) - { - // this shouldn't happen - throw new InvalidKeyException("Eeeek! " + e.toString(), e); - } - } - - protected byte[] engineUpdate( - byte[] input, - int inputOffset, - int inputLen) - { - bOut.write(input, inputOffset, inputLen); - - if (cipher instanceof RSABlindedEngine) - { - if (bOut.size() > cipher.getInputBlockSize() + 1) - { - throw new ArrayIndexOutOfBoundsException("too much data for RSA block"); - } - } - else - { - if (bOut.size() > cipher.getInputBlockSize()) - { - throw new ArrayIndexOutOfBoundsException("too much data for RSA block"); - } - } - - return null; - } - - protected int engineUpdate( - byte[] input, - int inputOffset, - int inputLen, - byte[] output, - int outputOffset) - { - bOut.write(input, inputOffset, inputLen); - - if (cipher instanceof RSABlindedEngine) - { - if (bOut.size() > cipher.getInputBlockSize() + 1) - { - throw new ArrayIndexOutOfBoundsException("too much data for RSA block"); - } - } - else - { - if (bOut.size() > cipher.getInputBlockSize()) - { - throw new ArrayIndexOutOfBoundsException("too much data for RSA block"); - } - } - - return 0; - } - - protected byte[] engineDoFinal( - byte[] input, - int inputOffset, - int inputLen) - throws IllegalBlockSizeException, BadPaddingException - { - if (input != null) - { - bOut.write(input, inputOffset, inputLen); - } - - if (cipher instanceof RSABlindedEngine) - { - if (bOut.size() > cipher.getInputBlockSize() + 1) - { - throw new ArrayIndexOutOfBoundsException("too much data for RSA block"); - } - } - else - { - if (bOut.size() > cipher.getInputBlockSize()) - { - throw new ArrayIndexOutOfBoundsException("too much data for RSA block"); - } - } - - try - { - byte[] bytes = bOut.toByteArray(); - - bOut.reset(); - - return cipher.processBlock(bytes, 0, bytes.length); - } - catch (InvalidCipherTextException e) - { - throw new BadPaddingException(e.getMessage()); - } - } - - protected int engineDoFinal( - byte[] input, - int inputOffset, - int inputLen, - byte[] output, - int outputOffset) - throws IllegalBlockSizeException, BadPaddingException - { - if (input != null) - { - bOut.write(input, inputOffset, inputLen); - } - - if (cipher instanceof RSABlindedEngine) - { - if (bOut.size() > cipher.getInputBlockSize() + 1) - { - throw new ArrayIndexOutOfBoundsException("too much data for RSA block"); - } - } - else - { - if (bOut.size() > cipher.getInputBlockSize()) - { - throw new ArrayIndexOutOfBoundsException("too much data for RSA block"); - } - } - - byte[] out; - - try - { - byte[] bytes = bOut.toByteArray(); - - out = cipher.processBlock(bytes, 0, bytes.length); - } - catch (InvalidCipherTextException e) - { - throw new BadPaddingException(e.getMessage()); - } - finally - { - bOut.reset(); - } - - for (int i = 0; i != out.length; i++) - { - output[outputOffset + i] = out[i]; - } - - return out.length; - } - - /** - * classes that inherit from us. - */ - - static public class NoPadding - extends CipherSpi - { - public NoPadding() - { - super(new RSABlindedEngine()); - } - } - - static public class PKCS1v1_5Padding - extends CipherSpi - { - public PKCS1v1_5Padding() - { - super(new PKCS1Encoding(new RSABlindedEngine())); - } - } - - static public class PKCS1v1_5Padding_PrivateOnly - extends CipherSpi - { - public PKCS1v1_5Padding_PrivateOnly() - { - super(false, true, new PKCS1Encoding(new RSABlindedEngine())); - } - } - - static public class PKCS1v1_5Padding_PublicOnly - extends CipherSpi - { - public PKCS1v1_5Padding_PublicOnly() - { - super(true, false, new PKCS1Encoding(new RSABlindedEngine())); - } - } - - static public class OAEPPadding - extends CipherSpi - { - public OAEPPadding() - { - super(OAEPParameterSpec.DEFAULT); - } - } - - static public class ISO9796d1Padding - extends CipherSpi - { - public ISO9796d1Padding() - { - super(new ISO9796d1Encoding(new RSABlindedEngine())); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java deleted file mode 100644 index 44625485..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java +++ /dev/null @@ -1,366 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.rsa; - -import java.io.IOException; -import java.security.AlgorithmParameters; -import java.security.InvalidKeyException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SignatureException; -import java.security.SignatureSpi; -import java.security.interfaces.RSAPrivateKey; -import java.security.interfaces.RSAPublicKey; -import java.security.spec.AlgorithmParameterSpec; - -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.DigestInfo; -import org.bouncycastle.crypto.AsymmetricBlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.MD2Digest; -import org.bouncycastle.crypto.digests.MD4Digest; -import org.bouncycastle.crypto.digests.MD5Digest; -import org.bouncycastle.crypto.digests.NullDigest; -import org.bouncycastle.crypto.digests.RIPEMD128Digest; -import org.bouncycastle.crypto.digests.RIPEMD160Digest; -import org.bouncycastle.crypto.digests.RIPEMD256Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.digests.SHA224Digest; -import org.bouncycastle.crypto.digests.SHA256Digest; -import org.bouncycastle.crypto.digests.SHA384Digest; -import org.bouncycastle.crypto.digests.SHA512Digest; -import org.bouncycastle.crypto.encodings.PKCS1Encoding; -import org.bouncycastle.crypto.engines.RSABlindedEngine; - -public class DigestSignatureSpi - extends SignatureSpi -{ - private Digest digest; - private AsymmetricBlockCipher cipher; - private AlgorithmIdentifier algId; - - // care - this constructor is actually used by outside organisations - protected DigestSignatureSpi( - Digest digest, - AsymmetricBlockCipher cipher) - { - this.digest = digest; - this.cipher = cipher; - this.algId = null; - } - - // care - this constructor is actually used by outside organisations - protected DigestSignatureSpi( - ASN1ObjectIdentifier objId, - Digest digest, - AsymmetricBlockCipher cipher) - { - this.digest = digest; - this.cipher = cipher; - this.algId = new AlgorithmIdentifier(objId, DERNull.INSTANCE); - } - - protected void engineInitVerify( - PublicKey publicKey) - throws InvalidKeyException - { - if (!(publicKey instanceof RSAPublicKey)) - { - throw new InvalidKeyException("Supplied key (" + getType(publicKey) + ") is not a RSAPublicKey instance"); - } - - CipherParameters param = RSAUtil.generatePublicKeyParameter((RSAPublicKey)publicKey); - - digest.reset(); - cipher.init(false, param); - } - - protected void engineInitSign( - PrivateKey privateKey) - throws InvalidKeyException - { - if (!(privateKey instanceof RSAPrivateKey)) - { - throw new InvalidKeyException("Supplied key (" + getType(privateKey) + ") is not a RSAPrivateKey instance"); - } - - CipherParameters param = RSAUtil.generatePrivateKeyParameter((RSAPrivateKey)privateKey); - - digest.reset(); - - cipher.init(true, param); - } - - private String getType( - Object o) - { - if (o == null) - { - return null; - } - - return o.getClass().getName(); - } - - protected void engineUpdate( - byte b) - throws SignatureException - { - digest.update(b); - } - - protected void engineUpdate( - byte[] b, - int off, - int len) - throws SignatureException - { - digest.update(b, off, len); - } - - protected byte[] engineSign() - throws SignatureException - { - byte[] hash = new byte[digest.getDigestSize()]; - - digest.doFinal(hash, 0); - - try - { - byte[] bytes = derEncode(hash); - - return cipher.processBlock(bytes, 0, bytes.length); - } - catch (ArrayIndexOutOfBoundsException e) - { - throw new SignatureException("key too small for signature type"); - } - catch (Exception e) - { - throw new SignatureException(e.toString()); - } - } - - protected boolean engineVerify( - byte[] sigBytes) - throws SignatureException - { - byte[] hash = new byte[digest.getDigestSize()]; - - digest.doFinal(hash, 0); - - byte[] sig; - byte[] expected; - - try - { - sig = cipher.processBlock(sigBytes, 0, sigBytes.length); - - expected = derEncode(hash); - } - catch (Exception e) - { - return false; - } - - if (sig.length == expected.length) - { - for (int i = 0; i < sig.length; i++) - { - if (sig[i] != expected[i]) - { - return false; - } - } - } - else if (sig.length == expected.length - 2) // NULL left out - { - int sigOffset = sig.length - hash.length - 2; - int expectedOffset = expected.length - hash.length - 2; - - expected[1] -= 2; // adjust lengths - expected[3] -= 2; - - for (int i = 0; i < hash.length; i++) - { - if (sig[sigOffset + i] != expected[expectedOffset + i]) // check hash - { - return false; - } - } - - for (int i = 0; i < sigOffset; i++) - { - if (sig[i] != expected[i]) // check header less NULL - { - return false; - } - } - } - else - { - return false; - } - - return true; - } - - protected void engineSetParameter( - AlgorithmParameterSpec params) - { - throw new UnsupportedOperationException("engineSetParameter unsupported"); - } - - /** - * @deprecated replaced with <a href = "#engineSetParameter(java.security.spec.AlgorithmParameterSpec)"> - */ - protected void engineSetParameter( - String param, - Object value) - { - throw new UnsupportedOperationException("engineSetParameter unsupported"); - } - - /** - * @deprecated - */ - protected Object engineGetParameter( - String param) - { - return null; - } - - protected AlgorithmParameters engineGetParameters() - { - return null; - } - - private byte[] derEncode( - byte[] hash) - throws IOException - { - if (algId == null) - { - // For raw RSA, the DigestInfo must be prepared externally - return hash; - } - - DigestInfo dInfo = new DigestInfo(algId, hash); - - return dInfo.getEncoded(ASN1Encoding.DER); - } - - static public class SHA1 - extends DigestSignatureSpi - { - public SHA1() - { - super(OIWObjectIdentifiers.idSHA1, new SHA1Digest(), new PKCS1Encoding(new RSABlindedEngine())); - } - } - - static public class SHA224 - extends DigestSignatureSpi - { - public SHA224() - { - super(NISTObjectIdentifiers.id_sha224, new SHA224Digest(), new PKCS1Encoding(new RSABlindedEngine())); - } - } - - static public class SHA256 - extends DigestSignatureSpi - { - public SHA256() - { - super(NISTObjectIdentifiers.id_sha256, new SHA256Digest(), new PKCS1Encoding(new RSABlindedEngine())); - } - } - - static public class SHA384 - extends DigestSignatureSpi - { - public SHA384() - { - super(NISTObjectIdentifiers.id_sha384, new SHA384Digest(), new PKCS1Encoding(new RSABlindedEngine())); - } - } - - static public class SHA512 - extends DigestSignatureSpi - { - public SHA512() - { - super(NISTObjectIdentifiers.id_sha512, new SHA512Digest(), new PKCS1Encoding(new RSABlindedEngine())); - } - } - - static public class MD2 - extends DigestSignatureSpi - { - public MD2() - { - super(PKCSObjectIdentifiers.md2, new MD2Digest(), new PKCS1Encoding(new RSABlindedEngine())); - } - } - - static public class MD4 - extends DigestSignatureSpi - { - public MD4() - { - super(PKCSObjectIdentifiers.md4, new MD4Digest(), new PKCS1Encoding(new RSABlindedEngine())); - } - } - - static public class MD5 - extends DigestSignatureSpi - { - public MD5() - { - super(PKCSObjectIdentifiers.md5, new MD5Digest(), new PKCS1Encoding(new RSABlindedEngine())); - } - } - - static public class RIPEMD160 - extends DigestSignatureSpi - { - public RIPEMD160() - { - super(TeleTrusTObjectIdentifiers.ripemd160, new RIPEMD160Digest(), new PKCS1Encoding(new RSABlindedEngine())); - } - } - - static public class RIPEMD128 - extends DigestSignatureSpi - { - public RIPEMD128() - { - super(TeleTrusTObjectIdentifiers.ripemd128, new RIPEMD128Digest(), new PKCS1Encoding(new RSABlindedEngine())); - } - } - - static public class RIPEMD256 - extends DigestSignatureSpi - { - public RIPEMD256() - { - super(TeleTrusTObjectIdentifiers.ripemd256, new RIPEMD256Digest(), new PKCS1Encoding(new RSABlindedEngine())); - } - } - - static public class noneRSA - extends DigestSignatureSpi - { - public noneRSA() - { - super(new NullDigest(), new PKCS1Encoding(new RSABlindedEngine())); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/ISOSignatureSpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/ISOSignatureSpi.java deleted file mode 100644 index 4d24e96b..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/ISOSignatureSpi.java +++ /dev/null @@ -1,142 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.rsa; - -import java.security.InvalidKeyException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SignatureException; -import java.security.SignatureSpi; -import java.security.interfaces.RSAPrivateKey; -import java.security.interfaces.RSAPublicKey; -import java.security.spec.AlgorithmParameterSpec; - -import org.bouncycastle.crypto.AsymmetricBlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.MD5Digest; -import org.bouncycastle.crypto.digests.RIPEMD160Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.engines.RSABlindedEngine; -import org.bouncycastle.crypto.signers.ISO9796d2Signer; - -public class ISOSignatureSpi - extends SignatureSpi -{ - private ISO9796d2Signer signer; - - protected ISOSignatureSpi( - Digest digest, - AsymmetricBlockCipher cipher) - { - signer = new ISO9796d2Signer(cipher, digest, true); - } - - protected void engineInitVerify( - PublicKey publicKey) - throws InvalidKeyException - { - CipherParameters param = RSAUtil.generatePublicKeyParameter((RSAPublicKey)publicKey); - - signer.init(false, param); - } - - protected void engineInitSign( - PrivateKey privateKey) - throws InvalidKeyException - { - CipherParameters param = RSAUtil.generatePrivateKeyParameter((RSAPrivateKey)privateKey); - - signer.init(true, param); - } - - protected void engineUpdate( - byte b) - throws SignatureException - { - signer.update(b); - } - - protected void engineUpdate( - byte[] b, - int off, - int len) - throws SignatureException - { - signer.update(b, off, len); - } - - protected byte[] engineSign() - throws SignatureException - { - try - { - byte[] sig = signer.generateSignature(); - - return sig; - } - catch (Exception e) - { - throw new SignatureException(e.toString()); - } - } - - protected boolean engineVerify( - byte[] sigBytes) - throws SignatureException - { - boolean yes = signer.verifySignature(sigBytes); - - return yes; - } - - protected void engineSetParameter( - AlgorithmParameterSpec params) - { - throw new UnsupportedOperationException("engineSetParameter unsupported"); - } - - /** - * @deprecated replaced with <a href = "#engineSetParameter(java.security.spec.AlgorithmParameterSpec)"> - */ - protected void engineSetParameter( - String param, - Object value) - { - throw new UnsupportedOperationException("engineSetParameter unsupported"); - } - - /** - * @deprecated - */ - protected Object engineGetParameter( - String param) - { - throw new UnsupportedOperationException("engineSetParameter unsupported"); - } - - static public class SHA1WithRSAEncryption - extends ISOSignatureSpi - { - public SHA1WithRSAEncryption() - { - super(new SHA1Digest(), new RSABlindedEngine()); - } - } - - static public class MD5WithRSAEncryption - extends ISOSignatureSpi - { - public MD5WithRSAEncryption() - { - super(new MD5Digest(), new RSABlindedEngine()); - } - } - - static public class RIPEMD160WithRSAEncryption - extends ISOSignatureSpi - { - public RIPEMD160WithRSAEncryption() - { - super(new RIPEMD160Digest(), new RSABlindedEngine()); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyFactorySpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyFactorySpi.java deleted file mode 100644 index 80690f7c..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyFactorySpi.java +++ /dev/null @@ -1,171 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.rsa; - -import java.io.IOException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.interfaces.RSAPrivateCrtKey; -import java.security.interfaces.RSAPublicKey; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.KeySpec; -import java.security.spec.PKCS8EncodedKeySpec; -import java.security.spec.RSAPrivateCrtKeySpec; -import java.security.spec.RSAPrivateKeySpec; -import java.security.spec.RSAPublicKeySpec; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.pkcs.RSAPrivateKey; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.jcajce.provider.asymmetric.util.BaseKeyFactorySpi; -import org.bouncycastle.jcajce.provider.asymmetric.util.ExtendedInvalidKeySpecException; - -public class KeyFactorySpi - extends BaseKeyFactorySpi -{ - public KeyFactorySpi() - { - } - - protected KeySpec engineGetKeySpec( - Key key, - Class spec) - throws InvalidKeySpecException - { - if (spec.isAssignableFrom(RSAPublicKeySpec.class) && key instanceof RSAPublicKey) - { - RSAPublicKey k = (RSAPublicKey)key; - - return new RSAPublicKeySpec(k.getModulus(), k.getPublicExponent()); - } - else if (spec.isAssignableFrom(RSAPrivateKeySpec.class) && key instanceof java.security.interfaces.RSAPrivateKey) - { - java.security.interfaces.RSAPrivateKey k = (java.security.interfaces.RSAPrivateKey)key; - - return new RSAPrivateKeySpec(k.getModulus(), k.getPrivateExponent()); - } - else if (spec.isAssignableFrom(RSAPrivateCrtKeySpec.class) && key instanceof RSAPrivateCrtKey) - { - RSAPrivateCrtKey k = (RSAPrivateCrtKey)key; - - return new RSAPrivateCrtKeySpec( - k.getModulus(), k.getPublicExponent(), - k.getPrivateExponent(), - k.getPrimeP(), k.getPrimeQ(), - k.getPrimeExponentP(), k.getPrimeExponentQ(), - k.getCrtCoefficient()); - } - - return super.engineGetKeySpec(key, spec); - } - - protected Key engineTranslateKey( - Key key) - throws InvalidKeyException - { - if (key instanceof RSAPublicKey) - { - return new BCRSAPublicKey((RSAPublicKey)key); - } - else if (key instanceof RSAPrivateCrtKey) - { - return new BCRSAPrivateCrtKey((RSAPrivateCrtKey)key); - } - else if (key instanceof java.security.interfaces.RSAPrivateKey) - { - return new BCRSAPrivateKey((java.security.interfaces.RSAPrivateKey)key); - } - - throw new InvalidKeyException("key type unknown"); - } - - protected PrivateKey engineGeneratePrivate( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof PKCS8EncodedKeySpec) - { - try - { - return generatePrivate(PrivateKeyInfo.getInstance(((PKCS8EncodedKeySpec)keySpec).getEncoded())); - } - catch (Exception e) - { - // - // in case it's just a RSAPrivateKey object... -- openSSL produces these - // - try - { - return new BCRSAPrivateCrtKey( - RSAPrivateKey.getInstance(((PKCS8EncodedKeySpec)keySpec).getEncoded())); - } - catch (Exception ex) - { - throw new ExtendedInvalidKeySpecException("unable to process key spec: " + e.toString(), e); - } - } - } - else if (keySpec instanceof RSAPrivateCrtKeySpec) - { - return new BCRSAPrivateCrtKey((RSAPrivateCrtKeySpec)keySpec); - } - else if (keySpec instanceof RSAPrivateKeySpec) - { - return new BCRSAPrivateKey((RSAPrivateKeySpec)keySpec); - } - - throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName()); - } - - protected PublicKey engineGeneratePublic( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof RSAPublicKeySpec) - { - return new BCRSAPublicKey((RSAPublicKeySpec)keySpec); - } - - return super.engineGeneratePublic(keySpec); - } - - public PrivateKey generatePrivate(PrivateKeyInfo keyInfo) - throws IOException - { - ASN1ObjectIdentifier algOid = keyInfo.getPrivateKeyAlgorithm().getAlgorithm(); - - if (RSAUtil.isRsaOid(algOid)) - { - RSAPrivateKey rsaPrivKey = RSAPrivateKey.getInstance(keyInfo.parsePrivateKey()); - - if (rsaPrivKey.getCoefficient().intValue() == 0) - { - return new BCRSAPrivateKey(rsaPrivKey); - } - else - { - return new BCRSAPrivateCrtKey(keyInfo); - } - } - else - { - throw new IOException("algorithm identifier " + algOid + " in key not recognised"); - } - } - - public PublicKey generatePublic(SubjectPublicKeyInfo keyInfo) - throws IOException - { - ASN1ObjectIdentifier algOid = keyInfo.getAlgorithm().getAlgorithm(); - - if (RSAUtil.isRsaOid(algOid)) - { - return new BCRSAPublicKey(keyInfo); - } - else - { - throw new IOException("algorithm identifier " + algOid + " in key not recognised"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyPairGeneratorSpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyPairGeneratorSpi.java deleted file mode 100644 index c61e7cb8..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyPairGeneratorSpi.java +++ /dev/null @@ -1,78 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.rsa; - -import java.math.BigInteger; -import java.security.InvalidAlgorithmParameterException; -import java.security.KeyPair; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.RSAKeyGenParameterSpec; - -import org.bouncycastle.crypto.AsymmetricCipherKeyPair; -import org.bouncycastle.crypto.generators.RSAKeyPairGenerator; -import org.bouncycastle.crypto.params.RSAKeyGenerationParameters; -import org.bouncycastle.crypto.params.RSAKeyParameters; -import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters; - -public class KeyPairGeneratorSpi - extends java.security.KeyPairGenerator -{ - public KeyPairGeneratorSpi( - String algorithmName) - { - super(algorithmName); - } - - final static BigInteger defaultPublicExponent = BigInteger.valueOf(0x10001); - final static int defaultTests = 12; - - RSAKeyGenerationParameters param; - RSAKeyPairGenerator engine; - - public KeyPairGeneratorSpi() - { - super("RSA"); - - engine = new RSAKeyPairGenerator(); - param = new RSAKeyGenerationParameters(defaultPublicExponent, - new SecureRandom(), 2048, defaultTests); - engine.init(param); - } - - public void initialize( - int strength, - SecureRandom random) - { - param = new RSAKeyGenerationParameters(defaultPublicExponent, - random, strength, defaultTests); - - engine.init(param); - } - - public void initialize( - AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - if (!(params instanceof RSAKeyGenParameterSpec)) - { - throw new InvalidAlgorithmParameterException("parameter object not a RSAKeyGenParameterSpec"); - } - RSAKeyGenParameterSpec rsaParams = (RSAKeyGenParameterSpec)params; - - param = new RSAKeyGenerationParameters( - rsaParams.getPublicExponent(), - random, rsaParams.getKeysize(), defaultTests); - - engine.init(param); - } - - public KeyPair generateKeyPair() - { - AsymmetricCipherKeyPair pair = engine.generateKeyPair(); - RSAKeyParameters pub = (RSAKeyParameters)pair.getPublic(); - RSAPrivateCrtKeyParameters priv = (RSAPrivateCrtKeyParameters)pair.getPrivate(); - - return new KeyPair(new BCRSAPublicKey(pub), - new BCRSAPrivateCrtKey(priv)); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/PSSSignatureSpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/PSSSignatureSpi.java deleted file mode 100644 index c0a2fc92..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/PSSSignatureSpi.java +++ /dev/null @@ -1,394 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.rsa; - -import java.io.ByteArrayOutputStream; -import java.security.AlgorithmParameters; -import java.security.InvalidKeyException; -import java.security.InvalidParameterException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.SignatureException; -import java.security.SignatureSpi; -import java.security.interfaces.RSAPrivateKey; -import java.security.interfaces.RSAPublicKey; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.MGF1ParameterSpec; -import java.security.spec.PSSParameterSpec; - -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.crypto.AsymmetricBlockCipher; -import org.bouncycastle.crypto.CryptoException; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.engines.RSABlindedEngine; -import org.bouncycastle.crypto.params.ParametersWithRandom; -import org.bouncycastle.jcajce.provider.util.DigestFactory; -import org.bouncycastle.jce.provider.BouncyCastleProvider; - -public class PSSSignatureSpi - extends SignatureSpi -{ - private AlgorithmParameters engineParams; - private PSSParameterSpec paramSpec; - private PSSParameterSpec originalSpec; - private AsymmetricBlockCipher signer; - private Digest contentDigest; - private Digest mgfDigest; - private int saltLength; - private byte trailer; - private boolean isRaw; - - private org.bouncycastle.crypto.signers.PSSSigner pss; - - private byte getTrailer( - int trailerField) - { - if (trailerField == 1) - { - return org.bouncycastle.crypto.signers.PSSSigner.TRAILER_IMPLICIT; - } - - throw new IllegalArgumentException("unknown trailer field"); - } - - private void setupContentDigest() - { - if (isRaw) - { - this.contentDigest = new NullPssDigest(mgfDigest); - } - else - { - this.contentDigest = mgfDigest; - } - } - - // care - this constructor is actually used by outside organisations - protected PSSSignatureSpi( - AsymmetricBlockCipher signer, - PSSParameterSpec paramSpecArg) - { - this(signer, paramSpecArg, false); - } - - // care - this constructor is actually used by outside organisations - protected PSSSignatureSpi( - AsymmetricBlockCipher signer, - PSSParameterSpec baseParamSpec, - boolean isRaw) - { - this.signer = signer; - this.originalSpec = baseParamSpec; - - if (baseParamSpec == null) - { - this.paramSpec = PSSParameterSpec.DEFAULT; - } - else - { - this.paramSpec = baseParamSpec; - } - - this.mgfDigest = DigestFactory.getDigest(paramSpec.getDigestAlgorithm()); - this.saltLength = paramSpec.getSaltLength(); - this.trailer = getTrailer(paramSpec.getTrailerField()); - this.isRaw = isRaw; - - setupContentDigest(); - } - - protected void engineInitVerify( - PublicKey publicKey) - throws InvalidKeyException - { - if (!(publicKey instanceof RSAPublicKey)) - { - throw new InvalidKeyException("Supplied key is not a RSAPublicKey instance"); - } - - pss = new org.bouncycastle.crypto.signers.PSSSigner(signer, contentDigest, mgfDigest, saltLength, trailer); - pss.init(false, - RSAUtil.generatePublicKeyParameter((RSAPublicKey)publicKey)); - } - - protected void engineInitSign( - PrivateKey privateKey, - SecureRandom random) - throws InvalidKeyException - { - if (!(privateKey instanceof RSAPrivateKey)) - { - throw new InvalidKeyException("Supplied key is not a RSAPrivateKey instance"); - } - - pss = new org.bouncycastle.crypto.signers.PSSSigner(signer, contentDigest, mgfDigest, saltLength, trailer); - pss.init(true, new ParametersWithRandom(RSAUtil.generatePrivateKeyParameter((RSAPrivateKey)privateKey), random)); - } - - protected void engineInitSign( - PrivateKey privateKey) - throws InvalidKeyException - { - if (!(privateKey instanceof RSAPrivateKey)) - { - throw new InvalidKeyException("Supplied key is not a RSAPrivateKey instance"); - } - - pss = new org.bouncycastle.crypto.signers.PSSSigner(signer, contentDigest, mgfDigest, saltLength, trailer); - pss.init(true, RSAUtil.generatePrivateKeyParameter((RSAPrivateKey)privateKey)); - } - - protected void engineUpdate( - byte b) - throws SignatureException - { - pss.update(b); - } - - protected void engineUpdate( - byte[] b, - int off, - int len) - throws SignatureException - { - pss.update(b, off, len); - } - - protected byte[] engineSign() - throws SignatureException - { - try - { - return pss.generateSignature(); - } - catch (CryptoException e) - { - throw new SignatureException(e.getMessage()); - } - } - - protected boolean engineVerify( - byte[] sigBytes) - throws SignatureException - { - return pss.verifySignature(sigBytes); - } - - protected void engineSetParameter( - AlgorithmParameterSpec params) - throws InvalidParameterException - { - if (params instanceof PSSParameterSpec) - { - PSSParameterSpec newParamSpec = (PSSParameterSpec)params; - - if (originalSpec != null) - { - if (!DigestFactory.isSameDigest(originalSpec.getDigestAlgorithm(), newParamSpec.getDigestAlgorithm())) - { - throw new InvalidParameterException("parameter must be using " + originalSpec.getDigestAlgorithm()); - } - } - if (!newParamSpec.getMGFAlgorithm().equalsIgnoreCase("MGF1") && !newParamSpec.getMGFAlgorithm().equals(PKCSObjectIdentifiers.id_mgf1.getId())) - { - throw new InvalidParameterException("unknown mask generation function specified"); - } - - if (!(newParamSpec.getMGFParameters() instanceof MGF1ParameterSpec)) - { - throw new InvalidParameterException("unkown MGF parameters"); - } - - MGF1ParameterSpec mgfParams = (MGF1ParameterSpec)newParamSpec.getMGFParameters(); - - if (!DigestFactory.isSameDigest(mgfParams.getDigestAlgorithm(), newParamSpec.getDigestAlgorithm())) - { - throw new InvalidParameterException("digest algorithm for MGF should be the same as for PSS parameters."); - } - - Digest newDigest = DigestFactory.getDigest(mgfParams.getDigestAlgorithm()); - - if (newDigest == null) - { - throw new InvalidParameterException("no match on MGF digest algorithm: "+ mgfParams.getDigestAlgorithm()); - } - - this.engineParams = null; - this.paramSpec = newParamSpec; - this.mgfDigest = newDigest; - this.saltLength = paramSpec.getSaltLength(); - this.trailer = getTrailer(paramSpec.getTrailerField()); - - setupContentDigest(); - } - else - { - throw new InvalidParameterException("Only PSSParameterSpec supported"); - } - } - - protected AlgorithmParameters engineGetParameters() - { - if (engineParams == null) - { - if (paramSpec != null) - { - try - { - engineParams = AlgorithmParameters.getInstance("PSS", BouncyCastleProvider.PROVIDER_NAME); - engineParams.init(paramSpec); - } - catch (Exception e) - { - throw new RuntimeException(e.toString()); - } - } - } - - return engineParams; - } - - /** - * @deprecated replaced with <a href = "#engineSetParameter(java.security.spec.AlgorithmParameterSpec)"> - */ - protected void engineSetParameter( - String param, - Object value) - { - throw new UnsupportedOperationException("engineSetParameter unsupported"); - } - - protected Object engineGetParameter( - String param) - { - throw new UnsupportedOperationException("engineGetParameter unsupported"); - } - - static public class nonePSS - extends PSSSignatureSpi - { - public nonePSS() - { - super(new RSABlindedEngine(), null, true); - } - } - - static public class PSSwithRSA - extends PSSSignatureSpi - { - public PSSwithRSA() - { - super(new RSABlindedEngine(), null); - } - } - - static public class SHA1withRSA - extends PSSSignatureSpi - { - public SHA1withRSA() - { - super(new RSABlindedEngine(), PSSParameterSpec.DEFAULT); - } - } - - static public class SHA224withRSA - extends PSSSignatureSpi - { - public SHA224withRSA() - { - super(new RSABlindedEngine(), new PSSParameterSpec("SHA-224", "MGF1", new MGF1ParameterSpec("SHA-224"), 28, 1)); - } - } - - static public class SHA256withRSA - extends PSSSignatureSpi - { - public SHA256withRSA() - { - super(new RSABlindedEngine(), new PSSParameterSpec("SHA-256", "MGF1", new MGF1ParameterSpec("SHA-256"), 32, 1)); - } - } - - static public class SHA384withRSA - extends PSSSignatureSpi - { - public SHA384withRSA() - { - super(new RSABlindedEngine(), new PSSParameterSpec("SHA-384", "MGF1", new MGF1ParameterSpec("SHA-384"), 48, 1)); - } - } - - static public class SHA512withRSA - extends PSSSignatureSpi - { - public SHA512withRSA() - { - super(new RSABlindedEngine(), new PSSParameterSpec("SHA-512", "MGF1", new MGF1ParameterSpec("SHA-512"), 64, 1)); - } - } - - private class NullPssDigest - implements Digest - { - private ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - private Digest baseDigest; - private boolean oddTime = true; - - public NullPssDigest(Digest mgfDigest) - { - this.baseDigest = mgfDigest; - } - - public String getAlgorithmName() - { - return "NULL"; - } - - public int getDigestSize() - { - return baseDigest.getDigestSize(); - } - - public void update(byte in) - { - bOut.write(in); - } - - public void update(byte[] in, int inOff, int len) - { - bOut.write(in, inOff, len); - } - - public int doFinal(byte[] out, int outOff) - { - byte[] res = bOut.toByteArray(); - - if (oddTime) - { - System.arraycopy(res, 0, out, outOff, res.length); - } - else - { - baseDigest.update(res, 0, res.length); - - baseDigest.doFinal(out, outOff); - } - - reset(); - - oddTime = !oddTime; - - return res.length; - } - - public void reset() - { - bOut.reset(); - baseDigest.reset(); - } - - public int getByteLength() - { - return 0; - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/RSAUtil.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/RSAUtil.java deleted file mode 100644 index 4943a99b..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/RSAUtil.java +++ /dev/null @@ -1,66 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.rsa; - -import java.security.interfaces.RSAPrivateCrtKey; -import java.security.interfaces.RSAPrivateKey; -import java.security.interfaces.RSAPublicKey; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; -import org.bouncycastle.crypto.params.RSAKeyParameters; -import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters; - -/** - * utility class for converting java.security RSA objects into their - * org.bouncycastle.crypto counterparts. - */ -public class RSAUtil -{ - public static final ASN1ObjectIdentifier[] rsaOids = - { - PKCSObjectIdentifiers.rsaEncryption, - X509ObjectIdentifiers.id_ea_rsa, - PKCSObjectIdentifiers.id_RSAES_OAEP, - PKCSObjectIdentifiers.id_RSASSA_PSS - }; - - public static boolean isRsaOid( - ASN1ObjectIdentifier algOid) - { - for (int i = 0; i != rsaOids.length; i++) - { - if (algOid.equals(rsaOids[i])) - { - return true; - } - } - - return false; - } - - static RSAKeyParameters generatePublicKeyParameter( - RSAPublicKey key) - { - return new RSAKeyParameters(false, key.getModulus(), key.getPublicExponent()); - - } - - static RSAKeyParameters generatePrivateKeyParameter( - RSAPrivateKey key) - { - if (key instanceof RSAPrivateCrtKey) - { - RSAPrivateCrtKey k = (RSAPrivateCrtKey)key; - - return new RSAPrivateCrtKeyParameters(k.getModulus(), - k.getPublicExponent(), k.getPrivateExponent(), - k.getPrimeP(), k.getPrimeQ(), k.getPrimeExponentP(), k.getPrimeExponentQ(), k.getCrtCoefficient()); - } - else - { - RSAPrivateKey k = key; - - return new RSAKeyParameters(true, k.getModulus(), k.getPrivateExponent()); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java deleted file mode 100644 index 722a5cae..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java +++ /dev/null @@ -1,216 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.util; - -import java.security.AlgorithmParameters; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.KeyFactory; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.PKCS8EncodedKeySpec; -import java.security.spec.X509EncodedKeySpec; - -import javax.crypto.BadPaddingException; -import javax.crypto.Cipher; -import javax.crypto.CipherSpi; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.PBEParameterSpec; -import javax.crypto.spec.RC2ParameterSpec; -import javax.crypto.spec.RC5ParameterSpec; -import javax.crypto.spec.SecretKeySpec; - -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.crypto.InvalidCipherTextException; -import org.bouncycastle.crypto.Wrapper; -import org.bouncycastle.jce.provider.BouncyCastleProvider; - -public abstract class BaseCipherSpi - extends CipherSpi -{ - // - // specs we can handle. - // - private Class[] availableSpecs = - { - IvParameterSpec.class, - PBEParameterSpec.class, - RC2ParameterSpec.class, - RC5ParameterSpec.class - }; - - - protected AlgorithmParameters engineParams = null; - - protected Wrapper wrapEngine = null; - - private int ivSize; - private byte[] iv; - - protected BaseCipherSpi() - { - } - - protected int engineGetBlockSize() - { - return 0; - } - - protected byte[] engineGetIV() - { - return null; - } - - protected int engineGetKeySize( - Key key) - { - return key.getEncoded().length; - } - - protected int engineGetOutputSize( - int inputLen) - { - return -1; - } - - protected AlgorithmParameters engineGetParameters() - { - return null; - } - - protected void engineSetMode( - String mode) - throws NoSuchAlgorithmException - { - throw new NoSuchAlgorithmException("can't support mode " + mode); - } - - protected void engineSetPadding( - String padding) - throws NoSuchPaddingException - { - throw new NoSuchPaddingException("Padding " + padding + " unknown."); - } - - protected byte[] engineWrap( - Key key) - throws IllegalBlockSizeException, InvalidKeyException - { - byte[] encoded = key.getEncoded(); - if (encoded == null) - { - throw new InvalidKeyException("Cannot wrap key, null encoding."); - } - - try - { - if (wrapEngine == null) - { - return engineDoFinal(encoded, 0, encoded.length); - } - else - { - return wrapEngine.wrap(encoded, 0, encoded.length); - } - } - catch (BadPaddingException e) - { - throw new IllegalBlockSizeException(e.getMessage()); - } - } - - protected Key engineUnwrap( - byte[] wrappedKey, - String wrappedKeyAlgorithm, - int wrappedKeyType) - throws InvalidKeyException - { - byte[] encoded; - try - { - if (wrapEngine == null) - { - encoded = engineDoFinal(wrappedKey, 0, wrappedKey.length); - } - else - { - encoded = wrapEngine.unwrap(wrappedKey, 0, wrappedKey.length); - } - } - catch (InvalidCipherTextException e) - { - throw new InvalidKeyException(e.getMessage()); - } - catch (BadPaddingException e) - { - throw new InvalidKeyException(e.getMessage()); - } - catch (IllegalBlockSizeException e2) - { - throw new InvalidKeyException(e2.getMessage()); - } - - if (wrappedKeyType == Cipher.SECRET_KEY) - { - return new SecretKeySpec(encoded, wrappedKeyAlgorithm); - } - else if (wrappedKeyAlgorithm.equals("") && wrappedKeyType == Cipher.PRIVATE_KEY) - { - /* - * The caller doesn't know the algorithm as it is part of - * the encrypted data. - */ - try - { - PrivateKeyInfo in = PrivateKeyInfo.getInstance(encoded); - - PrivateKey privKey = BouncyCastleProvider.getPrivateKey(in); - - if (privKey != null) - { - return privKey; - } - else - { - throw new InvalidKeyException("algorithm " + in.getPrivateKeyAlgorithm().getAlgorithm() + " not supported"); - } - } - catch (Exception e) - { - throw new InvalidKeyException("Invalid key encoding."); - } - } - else - { - try - { - KeyFactory kf = KeyFactory.getInstance(wrappedKeyAlgorithm, BouncyCastleProvider.PROVIDER_NAME); - - if (wrappedKeyType == Cipher.PUBLIC_KEY) - { - return kf.generatePublic(new X509EncodedKeySpec(encoded)); - } - else if (wrappedKeyType == Cipher.PRIVATE_KEY) - { - return kf.generatePrivate(new PKCS8EncodedKeySpec(encoded)); - } - } - catch (NoSuchProviderException e) - { - throw new InvalidKeyException("Unknown key type " + e.getMessage()); - } - catch (NoSuchAlgorithmException e) - { - throw new InvalidKeyException("Unknown key type " + e.getMessage()); - } - catch (InvalidKeySpecException e2) - { - throw new InvalidKeyException("Unknown key type " + e2.getMessage()); - } - - throw new InvalidKeyException("Unknown key type " + wrappedKeyType); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseKeyFactorySpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseKeyFactorySpi.java deleted file mode 100644 index cb34f447..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseKeyFactorySpi.java +++ /dev/null @@ -1,77 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.util; - -import java.security.Key; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.KeySpec; -import java.security.spec.PKCS8EncodedKeySpec; -import java.security.spec.X509EncodedKeySpec; - -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter; - -public abstract class BaseKeyFactorySpi - extends java.security.KeyFactorySpi - implements AsymmetricKeyInfoConverter -{ - protected PrivateKey engineGeneratePrivate( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof PKCS8EncodedKeySpec) - { - try - { - return generatePrivate(PrivateKeyInfo.getInstance(((PKCS8EncodedKeySpec)keySpec).getEncoded())); - } - catch (Exception e) - { - throw new InvalidKeySpecException("encoded key spec not recognised"); - } - } - else - { - throw new InvalidKeySpecException("key spec not recognised"); - } - } - - protected PublicKey engineGeneratePublic( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof X509EncodedKeySpec) - { - try - { - return generatePublic(SubjectPublicKeyInfo.getInstance(((X509EncodedKeySpec)keySpec).getEncoded())); - } - catch (Exception e) - { - throw new InvalidKeySpecException("encoded key spec not recognised"); - } - } - else - { - throw new InvalidKeySpecException("key spec not recognised"); - } - } - - protected KeySpec engineGetKeySpec( - Key key, - Class spec) - throws InvalidKeySpecException - { - if (spec.isAssignableFrom(PKCS8EncodedKeySpec.class) && key.getFormat().equals("PKCS#8")) - { - return new PKCS8EncodedKeySpec(key.getEncoded()); - } - else if (spec.isAssignableFrom(X509EncodedKeySpec.class) && key.getFormat().equals("X.509")) - { - return new X509EncodedKeySpec(key.getEncoded()); - } - - throw new InvalidKeySpecException("not implemented yet " + key + " " + spec); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/DHUtil.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/DHUtil.java deleted file mode 100644 index 52c84ec0..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/DHUtil.java +++ /dev/null @@ -1,50 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.util; - -import java.security.InvalidKeyException; -import java.security.PrivateKey; -import java.security.PublicKey; - -import javax.crypto.interfaces.DHPrivateKey; -import javax.crypto.interfaces.DHPublicKey; - -import org.bouncycastle.crypto.params.AsymmetricKeyParameter; -import org.bouncycastle.crypto.params.DHParameters; -import org.bouncycastle.crypto.params.DHPrivateKeyParameters; -import org.bouncycastle.crypto.params.DHPublicKeyParameters; - -/** - * utility class for converting jce/jca DH objects - * objects into their org.bouncycastle.crypto counterparts. - */ -public class DHUtil -{ - static public AsymmetricKeyParameter generatePublicKeyParameter( - PublicKey key) - throws InvalidKeyException - { - if (key instanceof DHPublicKey) - { - DHPublicKey k = (DHPublicKey)key; - - return new DHPublicKeyParameters(k.getY(), - new DHParameters(k.getParams().getP(), k.getParams().getG(), null, k.getParams().getL())); - } - - throw new InvalidKeyException("can't identify DH public key."); - } - - static public AsymmetricKeyParameter generatePrivateKeyParameter( - PrivateKey key) - throws InvalidKeyException - { - if (key instanceof DHPrivateKey) - { - DHPrivateKey k = (DHPrivateKey)key; - - return new DHPrivateKeyParameters(k.getX(), - new DHParameters(k.getParams().getP(), k.getParams().getG(), null, k.getParams().getL())); - } - - throw new InvalidKeyException("can't identify DH private key."); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/DSABase.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/DSABase.java deleted file mode 100644 index 463de890..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/DSABase.java +++ /dev/null @@ -1,112 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.util; - -import java.math.BigInteger; -import java.security.SignatureException; -import java.security.SignatureSpi; -import java.security.spec.AlgorithmParameterSpec; - -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; -import org.bouncycastle.crypto.DSA; -import org.bouncycastle.crypto.Digest; - -public abstract class DSABase - extends SignatureSpi - implements PKCSObjectIdentifiers, X509ObjectIdentifiers -{ - protected Digest digest; - protected DSA signer; - protected DSAEncoder encoder; - - protected DSABase( - Digest digest, - DSA signer, - DSAEncoder encoder) - { - this.digest = digest; - this.signer = signer; - this.encoder = encoder; - } - - protected void engineUpdate( - byte b) - throws SignatureException - { - digest.update(b); - } - - protected void engineUpdate( - byte[] b, - int off, - int len) - throws SignatureException - { - digest.update(b, off, len); - } - - protected byte[] engineSign() - throws SignatureException - { - byte[] hash = new byte[digest.getDigestSize()]; - - digest.doFinal(hash, 0); - - try - { - BigInteger[] sig = signer.generateSignature(hash); - - return encoder.encode(sig[0], sig[1]); - } - catch (Exception e) - { - throw new SignatureException(e.toString()); - } - } - - protected boolean engineVerify( - byte[] sigBytes) - throws SignatureException - { - byte[] hash = new byte[digest.getDigestSize()]; - - digest.doFinal(hash, 0); - - BigInteger[] sig; - - try - { - sig = encoder.decode(sigBytes); - } - catch (Exception e) - { - throw new SignatureException("error decoding signature bytes."); - } - - return signer.verifySignature(hash, sig[0], sig[1]); - } - - protected void engineSetParameter( - AlgorithmParameterSpec params) - { - throw new UnsupportedOperationException("engineSetParameter unsupported"); - } - - /** - * @deprecated replaced with <a href = "#engineSetParameter(java.security.spec.AlgorithmParameterSpec)"> - */ - protected void engineSetParameter( - String param, - Object value) - { - throw new UnsupportedOperationException("engineSetParameter unsupported"); - } - - /** - * @deprecated - */ - protected Object engineGetParameter( - String param) - { - throw new UnsupportedOperationException("engineSetParameter unsupported"); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/DSAEncoder.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/DSAEncoder.java deleted file mode 100644 index 4ea0ff93..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/DSAEncoder.java +++ /dev/null @@ -1,13 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.util; - -import java.io.IOException; -import java.math.BigInteger; - -public interface DSAEncoder -{ - byte[] encode(BigInteger r, BigInteger s) - throws IOException; - - BigInteger[] decode(byte[] sig) - throws IOException; -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/EC5Util.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/EC5Util.java deleted file mode 100644 index d5b62fe8..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/EC5Util.java +++ /dev/null @@ -1,154 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.util; - -import java.math.BigInteger; -import java.security.spec.ECField; -import java.security.spec.ECFieldF2m; -import java.security.spec.ECFieldFp; -import java.security.spec.ECParameterSpec; -import java.security.spec.ECPoint; -import java.security.spec.EllipticCurve; -import java.util.Enumeration; -import java.util.HashMap; -import java.util.Map; - -import org.bouncycastle.asn1.x9.ECNamedCurveTable; -import org.bouncycastle.asn1.x9.X9ECParameters; -import org.bouncycastle.crypto.ec.CustomNamedCurves; -import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec; -import org.bouncycastle.jce.spec.ECNamedCurveSpec; -import org.bouncycastle.math.ec.ECAlgorithms; -import org.bouncycastle.math.ec.ECCurve; - -public class EC5Util -{ - private static Map customCurves = new HashMap(); - - static - { - Enumeration e = CustomNamedCurves.getNames(); - while (e.hasMoreElements()) - { - String name = (String)e.nextElement(); - - X9ECParameters curveParams = ECNamedCurveTable.getByName(name); - if (curveParams != null) // there may not be a regular curve, may just be a custom curve. - { - customCurves.put(curveParams.getCurve(), CustomNamedCurves.getByName(name).getCurve()); - } - } - } - - public static EllipticCurve convertCurve( - ECCurve curve, - byte[] seed) - { - // TODO: the Sun EC implementation doesn't currently handle the seed properly - // so at the moment it's set to null. Should probably look at making this configurable - if (ECAlgorithms.isFpCurve(curve)) - { - return new EllipticCurve(new ECFieldFp(curve.getField().getCharacteristic()), curve.getA().toBigInteger(), curve.getB().toBigInteger(), null); - } - else - { - ECCurve.F2m curveF2m = (ECCurve.F2m)curve; - int ks[]; - - if (curveF2m.isTrinomial()) - { - ks = new int[] { curveF2m.getK1() }; - - return new EllipticCurve(new ECFieldF2m(curveF2m.getM(), ks), curve.getA().toBigInteger(), curve.getB().toBigInteger(), null); - } - else - { - ks = new int[] { curveF2m.getK3(), curveF2m.getK2(), curveF2m.getK1() }; - - return new EllipticCurve(new ECFieldF2m(curveF2m.getM(), ks), curve.getA().toBigInteger(), curve.getB().toBigInteger(), null); - } - } - } - - public static ECCurve convertCurve( - EllipticCurve ec) - { - ECField field = ec.getField(); - BigInteger a = ec.getA(); - BigInteger b = ec.getB(); - - if (field instanceof ECFieldFp) - { - ECCurve.Fp curve = new ECCurve.Fp(((ECFieldFp)field).getP(), a, b); - - if (customCurves.containsKey(curve)) - { - return (ECCurve)customCurves.get(curve); - } - - return curve; - } - else - { - ECFieldF2m fieldF2m = (ECFieldF2m)field; - int m = fieldF2m.getM(); - int ks[] = ECUtil.convertMidTerms(fieldF2m.getMidTermsOfReductionPolynomial()); - return new ECCurve.F2m(m, ks[0], ks[1], ks[2], a, b); - } - } - - public static ECParameterSpec convertSpec( - EllipticCurve ellipticCurve, - org.bouncycastle.jce.spec.ECParameterSpec spec) - { - if (spec instanceof ECNamedCurveParameterSpec) - { - return new ECNamedCurveSpec( - ((ECNamedCurveParameterSpec)spec).getName(), - ellipticCurve, - new ECPoint( - spec.getG().getAffineXCoord().toBigInteger(), - spec.getG().getAffineYCoord().toBigInteger()), - spec.getN(), - spec.getH()); - } - else - { - return new ECParameterSpec( - ellipticCurve, - new ECPoint( - spec.getG().getAffineXCoord().toBigInteger(), - spec.getG().getAffineYCoord().toBigInteger()), - spec.getN(), - spec.getH().intValue()); - } - } - - public static org.bouncycastle.jce.spec.ECParameterSpec convertSpec( - ECParameterSpec ecSpec, - boolean withCompression) - { - ECCurve curve = convertCurve(ecSpec.getCurve()); - - return new org.bouncycastle.jce.spec.ECParameterSpec( - curve, - convertPoint(curve, ecSpec.getGenerator(), withCompression), - ecSpec.getOrder(), - BigInteger.valueOf(ecSpec.getCofactor()), - ecSpec.getCurve().getSeed()); - } - - public static org.bouncycastle.math.ec.ECPoint convertPoint( - ECParameterSpec ecSpec, - ECPoint point, - boolean withCompression) - { - return convertPoint(convertCurve(ecSpec.getCurve()), point, withCompression); - } - - public static org.bouncycastle.math.ec.ECPoint convertPoint( - ECCurve curve, - ECPoint point, - boolean withCompression) - { - return curve.createPoint(point.getAffineX(), point.getAffineY(), withCompression); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java deleted file mode 100644 index 4283273d..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java +++ /dev/null @@ -1,291 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.util; - -import java.security.InvalidKeyException; -import java.security.PrivateKey; -import java.security.PublicKey; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; -import org.bouncycastle.asn1.nist.NISTNamedCurves; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.sec.SECNamedCurves; -import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x9.X962NamedCurves; -import org.bouncycastle.asn1.x9.X9ECParameters; -import org.bouncycastle.crypto.ec.CustomNamedCurves; -import org.bouncycastle.crypto.params.AsymmetricKeyParameter; -import org.bouncycastle.crypto.params.ECDomainParameters; -import org.bouncycastle.crypto.params.ECPrivateKeyParameters; -import org.bouncycastle.crypto.params.ECPublicKeyParameters; -import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey; -import org.bouncycastle.jce.interfaces.ECPrivateKey; -import org.bouncycastle.jce.interfaces.ECPublicKey; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.jce.spec.ECParameterSpec; - -/** - * utility class for converting jce/jca ECDSA, ECDH, and ECDHC - * objects into their org.bouncycastle.crypto counterparts. - */ -public class ECUtil -{ - /** - * Returns a sorted array of middle terms of the reduction polynomial. - * @param k The unsorted array of middle terms of the reduction polynomial - * of length 1 or 3. - * @return the sorted array of middle terms of the reduction polynomial. - * This array always has length 3. - */ - static int[] convertMidTerms( - int[] k) - { - int[] res = new int[3]; - - if (k.length == 1) - { - res[0] = k[0]; - } - else - { - if (k.length != 3) - { - throw new IllegalArgumentException("Only Trinomials and pentanomials supported"); - } - - if (k[0] < k[1] && k[0] < k[2]) - { - res[0] = k[0]; - if (k[1] < k[2]) - { - res[1] = k[1]; - res[2] = k[2]; - } - else - { - res[1] = k[2]; - res[2] = k[1]; - } - } - else if (k[1] < k[2]) - { - res[0] = k[1]; - if (k[0] < k[2]) - { - res[1] = k[0]; - res[2] = k[2]; - } - else - { - res[1] = k[2]; - res[2] = k[0]; - } - } - else - { - res[0] = k[2]; - if (k[0] < k[1]) - { - res[1] = k[0]; - res[2] = k[1]; - } - else - { - res[1] = k[1]; - res[2] = k[0]; - } - } - } - - return res; - } - - public static AsymmetricKeyParameter generatePublicKeyParameter( - PublicKey key) - throws InvalidKeyException - { - if (key instanceof ECPublicKey) - { - ECPublicKey k = (ECPublicKey)key; - ECParameterSpec s = k.getParameters(); - - if (s == null) - { - s = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); - - return new ECPublicKeyParameters( - ((BCECPublicKey)k).engineGetQ(), - new ECDomainParameters(s.getCurve(), s.getG(), s.getN(), s.getH(), s.getSeed())); - } - else - { - return new ECPublicKeyParameters( - k.getQ(), - new ECDomainParameters(s.getCurve(), s.getG(), s.getN(), s.getH(), s.getSeed())); - } - } - else if (key instanceof java.security.interfaces.ECPublicKey) - { - java.security.interfaces.ECPublicKey pubKey = (java.security.interfaces.ECPublicKey)key; - ECParameterSpec s = EC5Util.convertSpec(pubKey.getParams(), false); - return new ECPublicKeyParameters( - EC5Util.convertPoint(pubKey.getParams(), pubKey.getW(), false), - new ECDomainParameters(s.getCurve(), s.getG(), s.getN(), s.getH(), s.getSeed())); - } - else - { - // see if we can build a key from key.getEncoded() - try - { - byte[] bytes = key.getEncoded(); - - if (bytes == null) - { - throw new InvalidKeyException("no encoding for EC public key"); - } - - PublicKey publicKey = BouncyCastleProvider.getPublicKey(SubjectPublicKeyInfo.getInstance(bytes)); - - if (publicKey instanceof java.security.interfaces.ECPublicKey) - { - return ECUtil.generatePublicKeyParameter(publicKey); - } - } - catch (Exception e) - { - throw new InvalidKeyException("cannot identify EC public key: " + e.toString()); - } - } - - throw new InvalidKeyException("cannot identify EC public key."); - } - - public static AsymmetricKeyParameter generatePrivateKeyParameter( - PrivateKey key) - throws InvalidKeyException - { - if (key instanceof ECPrivateKey) - { - ECPrivateKey k = (ECPrivateKey)key; - ECParameterSpec s = k.getParameters(); - - if (s == null) - { - s = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); - } - - return new ECPrivateKeyParameters( - k.getD(), - new ECDomainParameters(s.getCurve(), s.getG(), s.getN(), s.getH(), s.getSeed())); - } - else if (key instanceof java.security.interfaces.ECPrivateKey) - { - java.security.interfaces.ECPrivateKey privKey = (java.security.interfaces.ECPrivateKey)key; - ECParameterSpec s = EC5Util.convertSpec(privKey.getParams(), false); - return new ECPrivateKeyParameters( - privKey.getS(), - new ECDomainParameters(s.getCurve(), s.getG(), s.getN(), s.getH(), s.getSeed())); - } - else - { - // see if we can build a key from key.getEncoded() - try - { - byte[] bytes = key.getEncoded(); - - if (bytes == null) - { - throw new InvalidKeyException("no encoding for EC private key"); - } - - PrivateKey privateKey = BouncyCastleProvider.getPrivateKey(PrivateKeyInfo.getInstance(bytes)); - - if (privateKey instanceof java.security.interfaces.ECPrivateKey) - { - return ECUtil.generatePrivateKeyParameter(privateKey); - } - } - catch (Exception e) - { - throw new InvalidKeyException("cannot identify EC private key: " + e.toString()); - } - } - - throw new InvalidKeyException("can't identify EC private key."); - } - - public static ASN1ObjectIdentifier getNamedCurveOid( - String name) - { - ASN1ObjectIdentifier oid = X962NamedCurves.getOID(name); - - if (oid == null) - { - oid = SECNamedCurves.getOID(name); - if (oid == null) - { - oid = NISTNamedCurves.getOID(name); - } - if (oid == null) - { - oid = TeleTrusTNamedCurves.getOID(name); - } - if (oid == null) - { - oid = ECGOST3410NamedCurves.getOID(name); - } - } - - return oid; - } - - public static X9ECParameters getNamedCurveByOid( - ASN1ObjectIdentifier oid) - { - X9ECParameters params = CustomNamedCurves.getByOID(oid); - - if (params == null) - { - params = X962NamedCurves.getByOID(oid); - if (params == null) - { - params = SECNamedCurves.getByOID(oid); - } - if (params == null) - { - params = NISTNamedCurves.getByOID(oid); - } - if (params == null) - { - params = TeleTrusTNamedCurves.getByOID(oid); - } - } - - return params; - } - - public static String getCurveName( - ASN1ObjectIdentifier oid) - { - String name = X962NamedCurves.getName(oid); - - if (name == null) - { - name = SECNamedCurves.getName(oid); - if (name == null) - { - name = NISTNamedCurves.getName(oid); - } - if (name == null) - { - name = TeleTrusTNamedCurves.getName(oid); - } - if (name == null) - { - name = ECGOST3410NamedCurves.getName(oid); - } - } - - return name; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ExtendedInvalidKeySpecException.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ExtendedInvalidKeySpecException.java deleted file mode 100644 index 7945639c..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ExtendedInvalidKeySpecException.java +++ /dev/null @@ -1,21 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.util; - -import java.security.spec.InvalidKeySpecException; - -public class ExtendedInvalidKeySpecException - extends InvalidKeySpecException -{ - private Throwable cause; - - public ExtendedInvalidKeySpecException(String msg, Throwable cause) - { - super(msg); - - this.cause = cause; - } - - public Throwable getCause() - { - return cause; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/GOST3410Util.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/GOST3410Util.java deleted file mode 100644 index 850ab9dd..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/GOST3410Util.java +++ /dev/null @@ -1,52 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.util; - -import java.security.InvalidKeyException; -import java.security.PrivateKey; -import java.security.PublicKey; - -import org.bouncycastle.crypto.params.AsymmetricKeyParameter; -import org.bouncycastle.crypto.params.GOST3410Parameters; -import org.bouncycastle.crypto.params.GOST3410PrivateKeyParameters; -import org.bouncycastle.crypto.params.GOST3410PublicKeyParameters; -import org.bouncycastle.jce.interfaces.GOST3410PrivateKey; -import org.bouncycastle.jce.interfaces.GOST3410PublicKey; -import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec; - -/** - * utility class for converting jce/jca GOST3410-94 objects - * objects into their org.bouncycastle.crypto counterparts. - */ -public class GOST3410Util -{ - static public AsymmetricKeyParameter generatePublicKeyParameter( - PublicKey key) - throws InvalidKeyException - { - if (key instanceof GOST3410PublicKey) - { - GOST3410PublicKey k = (GOST3410PublicKey)key; - GOST3410PublicKeyParameterSetSpec p = k.getParameters().getPublicKeyParameters(); - - return new GOST3410PublicKeyParameters(k.getY(), - new GOST3410Parameters(p.getP(), p.getQ(), p.getA())); - } - - throw new InvalidKeyException("can't identify GOST3410 public key: " + key.getClass().getName()); - } - - static public AsymmetricKeyParameter generatePrivateKeyParameter( - PrivateKey key) - throws InvalidKeyException - { - if (key instanceof GOST3410PrivateKey) - { - GOST3410PrivateKey k = (GOST3410PrivateKey)key; - GOST3410PublicKeyParameterSetSpec p = k.getParameters().getPublicKeyParameters(); - - return new GOST3410PrivateKeyParameters(k.getX(), - new GOST3410Parameters(p.getP(), p.getQ(), p.getA())); - } - - throw new InvalidKeyException("can't identify GOST3410 private key."); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/IESUtil.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/IESUtil.java deleted file mode 100644 index 93ed727d..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/IESUtil.java +++ /dev/null @@ -1,32 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.util; - -import org.bouncycastle.crypto.engines.IESEngine; -import org.bouncycastle.jce.spec.IESParameterSpec; - -public class IESUtil -{ - public static IESParameterSpec guessParameterSpec(IESEngine engine) - { - if (engine.getCipher() == null) - { - return new IESParameterSpec(null, null, 128); - } - else if (engine.getCipher().getUnderlyingCipher().getAlgorithmName().equals("DES") || - engine.getCipher().getUnderlyingCipher().getAlgorithmName().equals("RC2") || - engine.getCipher().getUnderlyingCipher().getAlgorithmName().equals("RC5-32") || - engine.getCipher().getUnderlyingCipher().getAlgorithmName().equals("RC5-64")) - { - return new IESParameterSpec(null, null, 64, 64); - } - else if (engine.getCipher().getUnderlyingCipher().getAlgorithmName().equals("SKIPJACK")) - { - return new IESParameterSpec(null, null, 80, 80); - } - else if (engine.getCipher().getUnderlyingCipher().getAlgorithmName().equals("GOST28147")) - { - return new IESParameterSpec(null, null, 256, 256); - } - - return new IESParameterSpec(null, null, 128, 128); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/KeyUtil.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/KeyUtil.java deleted file mode 100644 index 4dff91a2..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/KeyUtil.java +++ /dev/null @@ -1,72 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.util; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; - -public class KeyUtil -{ - public static byte[] getEncodedSubjectPublicKeyInfo(AlgorithmIdentifier algId, ASN1Encodable keyData) - { - try - { - return getEncodedSubjectPublicKeyInfo(new SubjectPublicKeyInfo(algId, keyData)); - } - catch (Exception e) - { - return null; - } - } - - public static byte[] getEncodedSubjectPublicKeyInfo(AlgorithmIdentifier algId, byte[] keyData) - { - try - { - return getEncodedSubjectPublicKeyInfo(new SubjectPublicKeyInfo(algId, keyData)); - } - catch (Exception e) - { - return null; - } - } - - public static byte[] getEncodedSubjectPublicKeyInfo(SubjectPublicKeyInfo info) - { - try - { - return info.getEncoded(ASN1Encoding.DER); - } - catch (Exception e) - { - return null; - } - } - - public static byte[] getEncodedPrivateKeyInfo(AlgorithmIdentifier algId, ASN1Encodable privKey) - { - try - { - PrivateKeyInfo info = new PrivateKeyInfo(algId, privKey.toASN1Primitive()); - - return getEncodedPrivateKeyInfo(info); - } - catch (Exception e) - { - return null; - } - } - - public static byte[] getEncodedPrivateKeyInfo(PrivateKeyInfo info) - { - try - { - return info.getEncoded(ASN1Encoding.DER); - } - catch (Exception e) - { - return null; - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/PKCS12BagAttributeCarrierImpl.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/PKCS12BagAttributeCarrierImpl.java deleted file mode 100644 index 3e328dae..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/PKCS12BagAttributeCarrierImpl.java +++ /dev/null @@ -1,124 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.util; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.ObjectInputStream; -import java.io.ObjectOutputStream; -import java.util.Enumeration; -import java.util.Hashtable; -import java.util.Vector; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OutputStream; -import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; - -public class PKCS12BagAttributeCarrierImpl - implements PKCS12BagAttributeCarrier -{ - private Hashtable pkcs12Attributes; - private Vector pkcs12Ordering; - - PKCS12BagAttributeCarrierImpl(Hashtable attributes, Vector ordering) - { - this.pkcs12Attributes = attributes; - this.pkcs12Ordering = ordering; - } - - public PKCS12BagAttributeCarrierImpl() - { - this(new Hashtable(), new Vector()); - } - - public void setBagAttribute( - ASN1ObjectIdentifier oid, - ASN1Encodable attribute) - { - if (pkcs12Attributes.containsKey(oid)) - { // preserve original ordering - pkcs12Attributes.put(oid, attribute); - } - else - { - pkcs12Attributes.put(oid, attribute); - pkcs12Ordering.addElement(oid); - } - } - - public ASN1Encodable getBagAttribute( - ASN1ObjectIdentifier oid) - { - return (ASN1Encodable)pkcs12Attributes.get(oid); - } - - public Enumeration getBagAttributeKeys() - { - return pkcs12Ordering.elements(); - } - - int size() - { - return pkcs12Ordering.size(); - } - - Hashtable getAttributes() - { - return pkcs12Attributes; - } - - Vector getOrdering() - { - return pkcs12Ordering; - } - - public void writeObject(ObjectOutputStream out) - throws IOException - { - if (pkcs12Ordering.size() == 0) - { - out.writeObject(new Hashtable()); - out.writeObject(new Vector()); - } - else - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - ASN1OutputStream aOut = new ASN1OutputStream(bOut); - - Enumeration e = this.getBagAttributeKeys(); - - while (e.hasMoreElements()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); - - aOut.writeObject(oid); - aOut.writeObject((ASN1Encodable)pkcs12Attributes.get(oid)); - } - - out.writeObject(bOut.toByteArray()); - } - } - - public void readObject(ObjectInputStream in) - throws IOException, ClassNotFoundException - { - Object obj = in.readObject(); - - if (obj instanceof Hashtable) - { - this.pkcs12Attributes = (Hashtable)obj; - this.pkcs12Ordering = (Vector)in.readObject(); - } - else - { - ASN1InputStream aIn = new ASN1InputStream((byte[])obj); - - ASN1ObjectIdentifier oid; - - while ((oid = (ASN1ObjectIdentifier)aIn.readObject()) != null) - { - this.setBagAttribute(oid, aIn.readObject()); - } - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java deleted file mode 100644 index 03a1fe83..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java +++ /dev/null @@ -1,395 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.x509; - -import java.io.IOException; -import java.io.InputStream; -import java.io.PushbackInputStream; -import java.security.cert.CRL; -import java.security.cert.CRLException; -import java.security.cert.CertPath; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactorySpi; -import java.security.cert.CertificateParsingException; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Iterator; -import java.util.List; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.SignedData; -import org.bouncycastle.asn1.x509.Certificate; -import org.bouncycastle.asn1.x509.CertificateList; - -/** - * class for dealing with X509 certificates. - * <p> - * At the moment this will deal with "-----BEGIN CERTIFICATE-----" to "-----END CERTIFICATE-----" - * base 64 encoded certs, as well as the BER binaries of certificates and some classes of PKCS#7 - * objects. - */ -public class CertificateFactory - extends CertificateFactorySpi -{ - private static final PEMUtil PEM_CERT_PARSER = new PEMUtil("CERTIFICATE"); - private static final PEMUtil PEM_CRL_PARSER = new PEMUtil("CRL"); - - private ASN1Set sData = null; - private int sDataObjectCount = 0; - private InputStream currentStream = null; - - private ASN1Set sCrlData = null; - private int sCrlDataObjectCount = 0; - private InputStream currentCrlStream = null; - - private java.security.cert.Certificate readDERCertificate( - ASN1InputStream dIn) - throws IOException, CertificateParsingException - { - ASN1Sequence seq = (ASN1Sequence)dIn.readObject(); - - if (seq.size() > 1 - && seq.getObjectAt(0) instanceof ASN1ObjectIdentifier) - { - if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData)) - { - sData = SignedData.getInstance(ASN1Sequence.getInstance( - (ASN1TaggedObject)seq.getObjectAt(1), true)).getCertificates(); - - return getCertificate(); - } - } - - return new X509CertificateObject( - Certificate.getInstance(seq)); - } - - private java.security.cert.Certificate getCertificate() - throws CertificateParsingException - { - if (sData != null) - { - while (sDataObjectCount < sData.size()) - { - Object obj = sData.getObjectAt(sDataObjectCount++); - - if (obj instanceof ASN1Sequence) - { - return new X509CertificateObject( - Certificate.getInstance(obj)); - } - } - } - - return null; - } - - private java.security.cert.Certificate readPEMCertificate( - InputStream in) - throws IOException, CertificateParsingException - { - ASN1Sequence seq = PEM_CERT_PARSER.readPEMObject(in); - - if (seq != null) - { - return new X509CertificateObject( - Certificate.getInstance(seq)); - } - - return null; - } - - protected CRL createCRL(CertificateList c) - throws CRLException - { - return new X509CRLObject(c); - } - - private CRL readPEMCRL( - InputStream in) - throws IOException, CRLException - { - ASN1Sequence seq = PEM_CRL_PARSER.readPEMObject(in); - - if (seq != null) - { - return createCRL( - CertificateList.getInstance(seq)); - } - - return null; - } - - private CRL readDERCRL( - ASN1InputStream aIn) - throws IOException, CRLException - { - ASN1Sequence seq = (ASN1Sequence)aIn.readObject(); - - if (seq.size() > 1 - && seq.getObjectAt(0) instanceof ASN1ObjectIdentifier) - { - if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData)) - { - sCrlData = SignedData.getInstance(ASN1Sequence.getInstance( - (ASN1TaggedObject)seq.getObjectAt(1), true)).getCRLs(); - - return getCRL(); - } - } - - return createCRL( - CertificateList.getInstance(seq)); - } - - private CRL getCRL() - throws CRLException - { - if (sCrlData == null || sCrlDataObjectCount >= sCrlData.size()) - { - return null; - } - - return createCRL( - CertificateList.getInstance( - sCrlData.getObjectAt(sCrlDataObjectCount++))); - } - - /** - * Generates a certificate object and initializes it with the data - * read from the input stream inStream. - */ - public java.security.cert.Certificate engineGenerateCertificate( - InputStream in) - throws CertificateException - { - if (currentStream == null) - { - currentStream = in; - sData = null; - sDataObjectCount = 0; - } - else if (currentStream != in) // reset if input stream has changed - { - currentStream = in; - sData = null; - sDataObjectCount = 0; - } - - try - { - if (sData != null) - { - if (sDataObjectCount != sData.size()) - { - return getCertificate(); - } - else - { - sData = null; - sDataObjectCount = 0; - return null; - } - } - - PushbackInputStream pis = new PushbackInputStream(in); - int tag = pis.read(); - - if (tag == -1) - { - return null; - } - - pis.unread(tag); - - if (tag != 0x30) // assume ascii PEM encoded. - { - return readPEMCertificate(pis); - } - else - { - return readDERCertificate(new ASN1InputStream(pis)); - } - } - catch (Exception e) - { - throw new ExCertificateException(e); - } - } - - /** - * Returns a (possibly empty) collection view of the certificates - * read from the given input stream inStream. - */ - public Collection engineGenerateCertificates( - InputStream inStream) - throws CertificateException - { - java.security.cert.Certificate cert; - List certs = new ArrayList(); - - while ((cert = engineGenerateCertificate(inStream)) != null) - { - certs.add(cert); - } - - return certs; - } - - /** - * Generates a certificate revocation list (CRL) object and initializes - * it with the data read from the input stream inStream. - */ - public CRL engineGenerateCRL( - InputStream inStream) - throws CRLException - { - if (currentCrlStream == null) - { - currentCrlStream = inStream; - sCrlData = null; - sCrlDataObjectCount = 0; - } - else if (currentCrlStream != inStream) // reset if input stream has changed - { - currentCrlStream = inStream; - sCrlData = null; - sCrlDataObjectCount = 0; - } - - try - { - if (sCrlData != null) - { - if (sCrlDataObjectCount != sCrlData.size()) - { - return getCRL(); - } - else - { - sCrlData = null; - sCrlDataObjectCount = 0; - return null; - } - } - - PushbackInputStream pis = new PushbackInputStream(inStream); - int tag = pis.read(); - - if (tag == -1) - { - return null; - } - - pis.unread(tag); - - if (tag != 0x30) // assume ascii PEM encoded. - { - return readPEMCRL(pis); - } - else - { // lazy evaluate to help processing of large CRLs - return readDERCRL(new ASN1InputStream(pis, true)); - } - } - catch (CRLException e) - { - throw e; - } - catch (Exception e) - { - throw new CRLException(e.toString()); - } - } - - /** - * Returns a (possibly empty) collection view of the CRLs read from - * the given input stream inStream. - * - * The inStream may contain a sequence of DER-encoded CRLs, or - * a PKCS#7 CRL set. This is a PKCS#7 SignedData object, with the - * only signficant field being crls. In particular the signature - * and the contents are ignored. - */ - public Collection engineGenerateCRLs( - InputStream inStream) - throws CRLException - { - CRL crl; - List crls = new ArrayList(); - - while ((crl = engineGenerateCRL(inStream)) != null) - { - crls.add(crl); - } - - return crls; - } - - public Iterator engineGetCertPathEncodings() - { - return PKIXCertPath.certPathEncodings.iterator(); - } - - public CertPath engineGenerateCertPath( - InputStream inStream) - throws CertificateException - { - return engineGenerateCertPath(inStream, "PkiPath"); - } - - public CertPath engineGenerateCertPath( - InputStream inStream, - String encoding) - throws CertificateException - { - return new PKIXCertPath(inStream, encoding); - } - - public CertPath engineGenerateCertPath( - List certificates) - throws CertificateException - { - Iterator iter = certificates.iterator(); - Object obj; - while (iter.hasNext()) - { - obj = iter.next(); - if (obj != null) - { - if (!(obj instanceof X509Certificate)) - { - throw new CertificateException("list contains non X509Certificate object while creating CertPath\n" + obj.toString()); - } - } - } - return new PKIXCertPath(certificates); - } - - private class ExCertificateException - extends CertificateException - { - private Throwable cause; - - public ExCertificateException(Throwable cause) - { - this.cause = cause; - } - - public ExCertificateException(String msg, Throwable cause) - { - super(msg); - - this.cause = cause; - } - - public Throwable getCause() - { - return cause; - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/ExtCRLException.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/ExtCRLException.java deleted file mode 100644 index e27acfbb..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/ExtCRLException.java +++ /dev/null @@ -1,20 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.x509; - -import java.security.cert.CRLException; - -class ExtCRLException - extends CRLException -{ - Throwable cause; - - ExtCRLException(String message, Throwable cause) - { - super(message); - this.cause = cause; - } - - public Throwable getCause() - { - return cause; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/KeyFactory.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/KeyFactory.java deleted file mode 100644 index a4c701d6..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/KeyFactory.java +++ /dev/null @@ -1,95 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.x509; - -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.KeyFactorySpi; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.KeySpec; -import java.security.spec.PKCS8EncodedKeySpec; -import java.security.spec.X509EncodedKeySpec; - -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.jce.provider.BouncyCastleProvider; - -public class KeyFactory - extends KeyFactorySpi -{ - - protected PrivateKey engineGeneratePrivate( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof PKCS8EncodedKeySpec) - { - try - { - PrivateKeyInfo info = PrivateKeyInfo.getInstance(((PKCS8EncodedKeySpec)keySpec).getEncoded()); - PrivateKey key = BouncyCastleProvider.getPrivateKey(info); - - if (key != null) - { - return key; - } - - throw new InvalidKeySpecException("no factory found for OID: " + info.getPrivateKeyAlgorithm().getAlgorithm()); - } - catch (Exception e) - { - throw new InvalidKeySpecException(e.toString()); - } - } - - throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName()); - } - - protected PublicKey engineGeneratePublic( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof X509EncodedKeySpec) - { - try - { - SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(((X509EncodedKeySpec)keySpec).getEncoded()); - PublicKey key = BouncyCastleProvider.getPublicKey(info); - - if (key != null) - { - return key; - } - - throw new InvalidKeySpecException("no factory found for OID: " + info.getAlgorithm().getAlgorithm()); - } - catch (Exception e) - { - throw new InvalidKeySpecException(e.toString()); - } - } - - throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName()); - } - - protected KeySpec engineGetKeySpec(Key key, Class keySpec) - throws InvalidKeySpecException - { - if (keySpec.isAssignableFrom(PKCS8EncodedKeySpec.class) && key.getFormat().equals("PKCS#8")) - { - return new PKCS8EncodedKeySpec(key.getEncoded()); - } - else if (keySpec.isAssignableFrom(X509EncodedKeySpec.class) && key.getFormat().equals("X.509")) - { - return new X509EncodedKeySpec(key.getEncoded()); - } - - throw new InvalidKeySpecException("not implemented yet " + key + " " + keySpec); - } - - protected Key engineTranslateKey(Key key) - throws InvalidKeyException - { - throw new InvalidKeyException("not implemented yet " + key); - } -}
\ No newline at end of file diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/PEMUtil.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/PEMUtil.java deleted file mode 100644 index e4aaf307..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/PEMUtil.java +++ /dev/null @@ -1,88 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.x509; - -import java.io.IOException; -import java.io.InputStream; - -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.util.encoders.Base64; - -public class PEMUtil -{ - private final String _header1; - private final String _header2; - private final String _footer1; - private final String _footer2; - - PEMUtil( - String type) - { - _header1 = "-----BEGIN " + type + "-----"; - _header2 = "-----BEGIN X509 " + type + "-----"; - _footer1 = "-----END " + type + "-----"; - _footer2 = "-----END X509 " + type + "-----"; - } - - private String readLine( - InputStream in) - throws IOException - { - int c; - StringBuffer l = new StringBuffer(); - - do - { - while (((c = in.read()) != '\r') && c != '\n' && (c >= 0)) - { - l.append((char)c); - } - } - while (c >= 0 && l.length() == 0); - - if (c < 0) - { - return null; - } - - return l.toString(); - } - - ASN1Sequence readPEMObject( - InputStream in) - throws IOException - { - String line; - StringBuffer pemBuf = new StringBuffer(); - - while ((line = readLine(in)) != null) - { - if (line.startsWith(_header1) || line.startsWith(_header2)) - { - break; - } - } - - while ((line = readLine(in)) != null) - { - if (line.startsWith(_footer1) || line.startsWith(_footer2)) - { - break; - } - - pemBuf.append(line); - } - - if (pemBuf.length() != 0) - { - try - { - return ASN1Sequence.getInstance(Base64.decode(pemBuf.toString())); - } - catch (Exception e) - { - throw new IOException("malformed PEM data encountered"); - } - } - - return null; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java deleted file mode 100644 index 91d48294..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java +++ /dev/null @@ -1,372 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.x509; - -import java.io.BufferedInputStream; -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStreamWriter; -import java.security.NoSuchProviderException; -import java.security.cert.CertPath; -import java.security.cert.Certificate; -import java.security.cert.CertificateEncodingException; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Collections; -import java.util.Enumeration; -import java.util.Iterator; -import java.util.List; -import java.util.ListIterator; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.pkcs.ContentInfo; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.SignedData; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.util.io.pem.PemObject; -import org.bouncycastle.util.io.pem.PemWriter; - -/** - * CertPath implementation for X.509 certificates. - * <br /> - **/ -public class PKIXCertPath - extends CertPath -{ - static final List certPathEncodings; - - static - { - List encodings = new ArrayList(); - encodings.add("PkiPath"); - encodings.add("PEM"); - encodings.add("PKCS7"); - certPathEncodings = Collections.unmodifiableList(encodings); - } - - private List certificates; - - /** - * @param certs - */ - private List sortCerts( - List certs) - { - if (certs.size() < 2) - { - return certs; - } - - X500Principal issuer = ((X509Certificate)certs.get(0)).getIssuerX500Principal(); - boolean okay = true; - - for (int i = 1; i != certs.size(); i++) - { - X509Certificate cert = (X509Certificate)certs.get(i); - - if (issuer.equals(cert.getSubjectX500Principal())) - { - issuer = ((X509Certificate)certs.get(i)).getIssuerX500Principal(); - } - else - { - okay = false; - break; - } - } - - if (okay) - { - return certs; - } - - // find end-entity cert - List retList = new ArrayList(certs.size()); - List orig = new ArrayList(certs); - - for (int i = 0; i < certs.size(); i++) - { - X509Certificate cert = (X509Certificate)certs.get(i); - boolean found = false; - - X500Principal subject = cert.getSubjectX500Principal(); - - for (int j = 0; j != certs.size(); j++) - { - X509Certificate c = (X509Certificate)certs.get(j); - if (c.getIssuerX500Principal().equals(subject)) - { - found = true; - break; - } - } - - if (!found) - { - retList.add(cert); - certs.remove(i); - } - } - - // can only have one end entity cert - something's wrong, give up. - if (retList.size() > 1) - { - return orig; - } - - for (int i = 0; i != retList.size(); i++) - { - issuer = ((X509Certificate)retList.get(i)).getIssuerX500Principal(); - - for (int j = 0; j < certs.size(); j++) - { - X509Certificate c = (X509Certificate)certs.get(j); - if (issuer.equals(c.getSubjectX500Principal())) - { - retList.add(c); - certs.remove(j); - break; - } - } - } - - // make sure all certificates are accounted for. - if (certs.size() > 0) - { - return orig; - } - - return retList; - } - - PKIXCertPath(List certificates) - { - super("X.509"); - this.certificates = sortCerts(new ArrayList(certificates)); - } - - /** - * Creates a CertPath of the specified type. - * This constructor is protected because most users should use - * a CertificateFactory to create CertPaths. - **/ - PKIXCertPath( - InputStream inStream, - String encoding) - throws CertificateException - { - super("X.509"); - try - { - if (encoding.equalsIgnoreCase("PkiPath")) - { - ASN1InputStream derInStream = new ASN1InputStream(inStream); - ASN1Primitive derObject = derInStream.readObject(); - if (!(derObject instanceof ASN1Sequence)) - { - throw new CertificateException("input stream does not contain a ASN1 SEQUENCE while reading PkiPath encoded data to load CertPath"); - } - Enumeration e = ((ASN1Sequence)derObject).getObjects(); - certificates = new ArrayList(); - CertificateFactory certFactory = CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME); - while (e.hasMoreElements()) - { - ASN1Encodable element = (ASN1Encodable)e.nextElement(); - byte[] encoded = element.toASN1Primitive().getEncoded(ASN1Encoding.DER); - certificates.add(0, certFactory.generateCertificate( - new ByteArrayInputStream(encoded))); - } - } - else if (encoding.equalsIgnoreCase("PKCS7") || encoding.equalsIgnoreCase("PEM")) - { - inStream = new BufferedInputStream(inStream); - certificates = new ArrayList(); - CertificateFactory certFactory= CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME); - Certificate cert; - while ((cert = certFactory.generateCertificate(inStream)) != null) - { - certificates.add(cert); - } - } - else - { - throw new CertificateException("unsupported encoding: " + encoding); - } - } - catch (IOException ex) - { - throw new CertificateException("IOException throw while decoding CertPath:\n" + ex.toString()); - } - catch (NoSuchProviderException ex) - { - throw new CertificateException("BouncyCastle provider not found while trying to get a CertificateFactory:\n" + ex.toString()); - } - - this.certificates = sortCerts(certificates); - } - - /** - * Returns an iteration of the encodings supported by this - * certification path, with the default encoding - * first. Attempts to modify the returned Iterator via its - * remove method result in an UnsupportedOperationException. - * - * @return an Iterator over the names of the supported encodings (as Strings) - **/ - public Iterator getEncodings() - { - return certPathEncodings.iterator(); - } - - /** - * Returns the encoded form of this certification path, using - * the default encoding. - * - * @return the encoded bytes - * @exception java.security.cert.CertificateEncodingException if an encoding error occurs - **/ - public byte[] getEncoded() - throws CertificateEncodingException - { - Iterator iter = getEncodings(); - if (iter.hasNext()) - { - Object enc = iter.next(); - if (enc instanceof String) - { - return getEncoded((String)enc); - } - } - return null; - } - - /** - * Returns the encoded form of this certification path, using - * the specified encoding. - * - * @param encoding the name of the encoding to use - * @return the encoded bytes - * @exception java.security.cert.CertificateEncodingException if an encoding error - * occurs or the encoding requested is not supported - * - **/ - public byte[] getEncoded(String encoding) - throws CertificateEncodingException - { - if (encoding.equalsIgnoreCase("PkiPath")) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - ListIterator iter = certificates.listIterator(certificates.size()); - while (iter.hasPrevious()) - { - v.add(toASN1Object((X509Certificate)iter.previous())); - } - - return toDEREncoded(new DERSequence(v)); - } - else if (encoding.equalsIgnoreCase("PKCS7")) - { - ContentInfo encInfo = new ContentInfo(PKCSObjectIdentifiers.data, null); - - ASN1EncodableVector v = new ASN1EncodableVector(); - for (int i = 0; i != certificates.size(); i++) - { - v.add(toASN1Object((X509Certificate)certificates.get(i))); - } - - SignedData sd = new SignedData( - new ASN1Integer(1), - new DERSet(), - encInfo, - new DERSet(v), - null, - new DERSet()); - - return toDEREncoded(new ContentInfo( - PKCSObjectIdentifiers.signedData, sd)); - } - else if (encoding.equalsIgnoreCase("PEM")) - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - PemWriter pWrt = new PemWriter(new OutputStreamWriter(bOut)); - - try - { - for (int i = 0; i != certificates.size(); i++) - { - pWrt.writeObject(new PemObject("CERTIFICATE", ((X509Certificate)certificates.get(i)).getEncoded())); - } - - pWrt.close(); - } - catch (Exception e) - { - throw new CertificateEncodingException("can't encode certificate for PEM encoded path"); - } - - return bOut.toByteArray(); - } - else - { - throw new CertificateEncodingException("unsupported encoding: " + encoding); - } - } - - /** - * Returns the list of certificates in this certification - * path. The List returned must be immutable and thread-safe. - * - * @return an immutable List of Certificates (may be empty, but not null) - **/ - public List getCertificates() - { - return Collections.unmodifiableList(new ArrayList(certificates)); - } - - /** - * Return a DERObject containing the encoded certificate. - * - * @param cert the X509Certificate object to be encoded - * - * @return the DERObject - **/ - private ASN1Primitive toASN1Object( - X509Certificate cert) - throws CertificateEncodingException - { - try - { - return new ASN1InputStream(cert.getEncoded()).readObject(); - } - catch (Exception e) - { - throw new CertificateEncodingException("Exception while encoding certificate: " + e.toString()); - } - } - - private byte[] toDEREncoded(ASN1Encodable obj) - throws CertificateEncodingException - { - try - { - return obj.toASN1Primitive().getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - throw new CertificateEncodingException("Exception thrown: " + e); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLEntryObject.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLEntryObject.java deleted file mode 100644 index 32e595c2..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLEntryObject.java +++ /dev/null @@ -1,318 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.x509; - -import java.io.IOException; -import java.math.BigInteger; -import java.security.cert.CRLException; -import java.security.cert.X509CRLEntry; -import java.util.Date; -import java.util.Enumeration; -import java.util.HashSet; -import java.util.Set; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1Enumerated; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.util.ASN1Dump; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x509.CRLReason; -import org.bouncycastle.asn1.x509.Extension; -import org.bouncycastle.asn1.x509.Extensions; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.GeneralNames; -import org.bouncycastle.asn1.x509.TBSCertList; -import org.bouncycastle.asn1.x509.X509Extension; - -/** - * The following extensions are listed in RFC 2459 as relevant to CRL Entries - * - * ReasonCode Hode Instruction Code Invalidity Date Certificate Issuer - * (critical) - */ -public class X509CRLEntryObject extends X509CRLEntry -{ - private TBSCertList.CRLEntry c; - - private X500Name certificateIssuer; - private int hashValue; - private boolean isHashValueSet; - - protected X509CRLEntryObject(TBSCertList.CRLEntry c) - { - this.c = c; - this.certificateIssuer = null; - } - - /** - * Constructor for CRLEntries of indirect CRLs. If <code>isIndirect</code> - * is <code>false</code> {@link #getCertificateIssuer()} will always - * return <code>null</code>, <code>previousCertificateIssuer</code> is - * ignored. If this <code>isIndirect</code> is specified and this CRLEntry - * has no certificate issuer CRL entry extension - * <code>previousCertificateIssuer</code> is returned by - * {@link #getCertificateIssuer()}. - * - * @param c - * TBSCertList.CRLEntry object. - * @param isIndirect - * <code>true</code> if the corresponding CRL is a indirect - * CRL. - * @param previousCertificateIssuer - * Certificate issuer of the previous CRLEntry. - */ - protected X509CRLEntryObject( - TBSCertList.CRLEntry c, - boolean isIndirect, - X500Name previousCertificateIssuer) - { - this.c = c; - this.certificateIssuer = loadCertificateIssuer(isIndirect, previousCertificateIssuer); - } - - /** - * Will return true if any extensions are present and marked as critical as - * we currently don't handle any extensions! - */ - public boolean hasUnsupportedCriticalExtension() - { - Set extns = getCriticalExtensionOIDs(); - - return extns != null && !extns.isEmpty(); - } - - private X500Name loadCertificateIssuer(boolean isIndirect, X500Name previousCertificateIssuer) - { - if (!isIndirect) - { - return null; - } - - Extension ext = getExtension(Extension.certificateIssuer); - if (ext == null) - { - return previousCertificateIssuer; - } - - try - { - GeneralName[] names = GeneralNames.getInstance(ext.getParsedValue()).getNames(); - for (int i = 0; i < names.length; i++) - { - if (names[i].getTagNo() == GeneralName.directoryName) - { - return X500Name.getInstance(names[i].getName()); - } - } - return null; - } - catch (Exception e) - { - return null; - } - } - - public X500Principal getCertificateIssuer() - { - if (certificateIssuer == null) - { - return null; - } - try - { - return new X500Principal(certificateIssuer.getEncoded()); - } - catch (IOException e) - { - return null; - } - } - - private Set getExtensionOIDs(boolean critical) - { - Extensions extensions = c.getExtensions(); - - if (extensions != null) - { - Set set = new HashSet(); - Enumeration e = extensions.oids(); - - while (e.hasMoreElements()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement(); - Extension ext = extensions.getExtension(oid); - - if (critical == ext.isCritical()) - { - set.add(oid.getId()); - } - } - - return set; - } - - return null; - } - - public Set getCriticalExtensionOIDs() - { - return getExtensionOIDs(true); - } - - public Set getNonCriticalExtensionOIDs() - { - return getExtensionOIDs(false); - } - - private Extension getExtension(ASN1ObjectIdentifier oid) - { - Extensions exts = c.getExtensions(); - - if (exts != null) - { - return exts.getExtension(oid); - } - - return null; - } - - public byte[] getExtensionValue(String oid) - { - Extension ext = getExtension(new ASN1ObjectIdentifier(oid)); - - if (ext != null) - { - try - { - return ext.getExtnValue().getEncoded(); - } - catch (Exception e) - { - throw new RuntimeException("error encoding " + e.toString()); - } - } - - return null; - } - - /** - * Cache the hashCode value - calculating it with the standard method. - * @return calculated hashCode. - */ - public int hashCode() - { - if (!isHashValueSet) - { - hashValue = super.hashCode(); - isHashValueSet = true; - } - - return hashValue; - } - - public boolean equals(Object o) - { - if (o == this) - { - return true; - } - - if (o instanceof X509CRLEntryObject) - { - X509CRLEntryObject other = (X509CRLEntryObject)o; - - return this.c.equals(other.c); - } - - return super.equals(this); - } - - public byte[] getEncoded() - throws CRLException - { - try - { - return c.getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - throw new CRLException(e.toString()); - } - } - - public BigInteger getSerialNumber() - { - return c.getUserCertificate().getValue(); - } - - public Date getRevocationDate() - { - return c.getRevocationDate().getDate(); - } - - public boolean hasExtensions() - { - return c.getExtensions() != null; - } - - public String toString() - { - StringBuffer buf = new StringBuffer(); - String nl = System.getProperty("line.separator"); - - buf.append(" userCertificate: ").append(this.getSerialNumber()).append(nl); - buf.append(" revocationDate: ").append(this.getRevocationDate()).append(nl); - buf.append(" certificateIssuer: ").append(this.getCertificateIssuer()).append(nl); - - Extensions extensions = c.getExtensions(); - - if (extensions != null) - { - Enumeration e = extensions.oids(); - if (e.hasMoreElements()) - { - buf.append(" crlEntryExtensions:").append(nl); - - while (e.hasMoreElements()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); - Extension ext = extensions.getExtension(oid); - if (ext.getExtnValue() != null) - { - byte[] octs = ext.getExtnValue().getOctets(); - ASN1InputStream dIn = new ASN1InputStream(octs); - buf.append(" critical(").append(ext.isCritical()).append(") "); - try - { - if (oid.equals(X509Extension.reasonCode)) - { - buf.append(CRLReason.getInstance(ASN1Enumerated.getInstance(dIn.readObject()))).append(nl); - } - else if (oid.equals(X509Extension.certificateIssuer)) - { - buf.append("Certificate issuer: ").append(GeneralNames.getInstance(dIn.readObject())).append(nl); - } - else - { - buf.append(oid.getId()); - buf.append(" value = ").append(ASN1Dump.dumpAsString(dIn.readObject())).append(nl); - } - } - catch (Exception ex) - { - buf.append(oid.getId()); - buf.append(" value = ").append("*****").append(nl); - } - } - else - { - buf.append(nl); - } - } - } - } - - return buf.toString(); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLObject.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLObject.java deleted file mode 100644 index c7d04020..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLObject.java +++ /dev/null @@ -1,627 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.x509; - -import java.io.IOException; -import java.math.BigInteger; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.Principal; -import java.security.PublicKey; -import java.security.Signature; -import java.security.SignatureException; -import java.security.cert.CRLException; -import java.security.cert.Certificate; -import java.security.cert.CertificateEncodingException; -import java.security.cert.X509CRL; -import java.security.cert.X509CRLEntry; -import java.security.cert.X509Certificate; -import java.util.Collections; -import java.util.Date; -import java.util.Enumeration; -import java.util.HashSet; -import java.util.Iterator; -import java.util.Set; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.util.ASN1Dump; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x509.CRLDistPoint; -import org.bouncycastle.asn1.x509.CRLNumber; -import org.bouncycastle.asn1.x509.CertificateList; -import org.bouncycastle.asn1.x509.Extension; -import org.bouncycastle.asn1.x509.Extensions; -import org.bouncycastle.asn1.x509.GeneralNames; -import org.bouncycastle.asn1.x509.IssuingDistributionPoint; -import org.bouncycastle.asn1.x509.TBSCertList; -import org.bouncycastle.jce.X509Principal; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.jce.provider.RFC3280CertPathUtilities; -import org.bouncycastle.util.encoders.Hex; - -/** - * The following extensions are listed in RFC 2459 as relevant to CRLs - * - * Authority Key Identifier - * Issuer Alternative Name - * CRL Number - * Delta CRL Indicator (critical) - * Issuing Distribution Point (critical) - */ -public class X509CRLObject - extends X509CRL -{ - private CertificateList c; - private String sigAlgName; - private byte[] sigAlgParams; - private boolean isIndirect; - private boolean isHashCodeSet = false; - private int hashCodeValue; - - static boolean isIndirectCRL(X509CRL crl) - throws CRLException - { - try - { - byte[] idp = crl.getExtensionValue(Extension.issuingDistributionPoint.getId()); - return idp != null - && IssuingDistributionPoint.getInstance(ASN1OctetString.getInstance(idp).getOctets()).isIndirectCRL(); - } - catch (Exception e) - { - throw new ExtCRLException( - "Exception reading IssuingDistributionPoint", e); - } - } - - protected X509CRLObject( - CertificateList c) - throws CRLException - { - this.c = c; - - try - { - this.sigAlgName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm()); - - if (c.getSignatureAlgorithm().getParameters() != null) - { - this.sigAlgParams = ((ASN1Encodable)c.getSignatureAlgorithm().getParameters()).toASN1Primitive().getEncoded(ASN1Encoding.DER); - } - else - { - this.sigAlgParams = null; - } - - this.isIndirect = isIndirectCRL(this); - } - catch (Exception e) - { - throw new CRLException("CRL contents invalid: " + e); - } - } - - /** - * Will return true if any extensions are present and marked - * as critical as we currently dont handle any extensions! - */ - public boolean hasUnsupportedCriticalExtension() - { - Set extns = getCriticalExtensionOIDs(); - - if (extns == null) - { - return false; - } - - extns.remove(RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT); - extns.remove(RFC3280CertPathUtilities.DELTA_CRL_INDICATOR); - - return !extns.isEmpty(); - } - - private Set getExtensionOIDs(boolean critical) - { - if (this.getVersion() == 2) - { - Extensions extensions = c.getTBSCertList().getExtensions(); - - if (extensions != null) - { - Set set = new HashSet(); - Enumeration e = extensions.oids(); - - while (e.hasMoreElements()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); - Extension ext = extensions.getExtension(oid); - - if (critical == ext.isCritical()) - { - set.add(oid.getId()); - } - } - - return set; - } - } - - return null; - } - - public Set getCriticalExtensionOIDs() - { - return getExtensionOIDs(true); - } - - public Set getNonCriticalExtensionOIDs() - { - return getExtensionOIDs(false); - } - - public byte[] getExtensionValue(String oid) - { - Extensions exts = c.getTBSCertList().getExtensions(); - - if (exts != null) - { - Extension ext = exts.getExtension(new ASN1ObjectIdentifier(oid)); - - if (ext != null) - { - try - { - return ext.getExtnValue().getEncoded(); - } - catch (Exception e) - { - throw new IllegalStateException("error parsing " + e.toString()); - } - } - } - - return null; - } - - public byte[] getEncoded() - throws CRLException - { - try - { - return c.getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - throw new CRLException(e.toString()); - } - } - - public void verify(PublicKey key) - throws CRLException, NoSuchAlgorithmException, - InvalidKeyException, NoSuchProviderException, SignatureException - { - verify(key, BouncyCastleProvider.PROVIDER_NAME); - } - - public void verify(PublicKey key, String sigProvider) - throws CRLException, NoSuchAlgorithmException, - InvalidKeyException, NoSuchProviderException, SignatureException - { - if (!c.getSignatureAlgorithm().equals(c.getTBSCertList().getSignature())) - { - throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList."); - } - - Signature sig; - - if (sigProvider != null) - { - sig = Signature.getInstance(getSigAlgName(), sigProvider); - } - else - { - sig = Signature.getInstance(getSigAlgName()); - } - - sig.initVerify(key); - sig.update(this.getTBSCertList()); - - if (!sig.verify(this.getSignature())) - { - throw new SignatureException("CRL does not verify with supplied public key."); - } - } - - public int getVersion() - { - return c.getVersionNumber(); - } - - public Principal getIssuerDN() - { - return new X509Principal(X500Name.getInstance(c.getIssuer().toASN1Primitive())); - } - - public X500Principal getIssuerX500Principal() - { - try - { - return new X500Principal(c.getIssuer().getEncoded()); - } - catch (IOException e) - { - throw new IllegalStateException("can't encode issuer DN"); - } - } - - public Date getThisUpdate() - { - return c.getThisUpdate().getDate(); - } - - public Date getNextUpdate() - { - if (c.getNextUpdate() != null) - { - return c.getNextUpdate().getDate(); - } - - return null; - } - - private Set loadCRLEntries() - { - Set entrySet = new HashSet(); - Enumeration certs = c.getRevokedCertificateEnumeration(); - - X500Name previousCertificateIssuer = null; // the issuer - while (certs.hasMoreElements()) - { - TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry)certs.nextElement(); - X509CRLEntryObject crlEntry = new X509CRLEntryObject(entry, isIndirect, previousCertificateIssuer); - entrySet.add(crlEntry); - if (isIndirect && entry.hasExtensions()) - { - Extension currentCaName = entry.getExtensions().getExtension(Extension.certificateIssuer); - - if (currentCaName != null) - { - previousCertificateIssuer = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName()); - } - } - } - - return entrySet; - } - - public X509CRLEntry getRevokedCertificate(BigInteger serialNumber) - { - Enumeration certs = c.getRevokedCertificateEnumeration(); - - X500Name previousCertificateIssuer = null; // the issuer - while (certs.hasMoreElements()) - { - TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry)certs.nextElement(); - - if (serialNumber.equals(entry.getUserCertificate().getValue())) - { - return new X509CRLEntryObject(entry, isIndirect, previousCertificateIssuer); - } - - if (isIndirect && entry.hasExtensions()) - { - Extension currentCaName = entry.getExtensions().getExtension(Extension.certificateIssuer); - - if (currentCaName != null) - { - previousCertificateIssuer = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName()); - } - } - } - - return null; - } - - public Set getRevokedCertificates() - { - Set entrySet = loadCRLEntries(); - - if (!entrySet.isEmpty()) - { - return Collections.unmodifiableSet(entrySet); - } - - return null; - } - - public byte[] getTBSCertList() - throws CRLException - { - try - { - return c.getTBSCertList().getEncoded("DER"); - } - catch (IOException e) - { - throw new CRLException(e.toString()); - } - } - - public byte[] getSignature() - { - return c.getSignature().getBytes(); - } - - public String getSigAlgName() - { - return sigAlgName; - } - - public String getSigAlgOID() - { - return c.getSignatureAlgorithm().getAlgorithm().getId(); - } - - public byte[] getSigAlgParams() - { - if (sigAlgParams != null) - { - byte[] tmp = new byte[sigAlgParams.length]; - - System.arraycopy(sigAlgParams, 0, tmp, 0, tmp.length); - - return tmp; - } - - return null; - } - - /** - * Returns a string representation of this CRL. - * - * @return a string representation of this CRL. - */ - public String toString() - { - StringBuffer buf = new StringBuffer(); - String nl = System.getProperty("line.separator"); - - buf.append(" Version: ").append(this.getVersion()).append( - nl); - buf.append(" IssuerDN: ").append(this.getIssuerDN()) - .append(nl); - buf.append(" This update: ").append(this.getThisUpdate()) - .append(nl); - buf.append(" Next update: ").append(this.getNextUpdate()) - .append(nl); - buf.append(" Signature Algorithm: ").append(this.getSigAlgName()) - .append(nl); - - byte[] sig = this.getSignature(); - - buf.append(" Signature: ").append( - new String(Hex.encode(sig, 0, 20))).append(nl); - for (int i = 20; i < sig.length; i += 20) - { - if (i < sig.length - 20) - { - buf.append(" ").append( - new String(Hex.encode(sig, i, 20))).append(nl); - } - else - { - buf.append(" ").append( - new String(Hex.encode(sig, i, sig.length - i))).append(nl); - } - } - - Extensions extensions = c.getTBSCertList().getExtensions(); - - if (extensions != null) - { - Enumeration e = extensions.oids(); - - if (e.hasMoreElements()) - { - buf.append(" Extensions: ").append(nl); - } - - while (e.hasMoreElements()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement(); - Extension ext = extensions.getExtension(oid); - - if (ext.getExtnValue() != null) - { - byte[] octs = ext.getExtnValue().getOctets(); - ASN1InputStream dIn = new ASN1InputStream(octs); - buf.append(" critical(").append( - ext.isCritical()).append(") "); - try - { - if (oid.equals(Extension.cRLNumber)) - { - buf.append( - new CRLNumber(ASN1Integer.getInstance( - dIn.readObject()).getPositiveValue())) - .append(nl); - } - else if (oid.equals(Extension.deltaCRLIndicator)) - { - buf.append( - "Base CRL: " - + new CRLNumber(ASN1Integer.getInstance( - dIn.readObject()).getPositiveValue())) - .append(nl); - } - else if (oid - .equals(Extension.issuingDistributionPoint)) - { - buf.append( - IssuingDistributionPoint.getInstance(dIn.readObject())).append(nl); - } - else if (oid - .equals(Extension.cRLDistributionPoints)) - { - buf.append( - CRLDistPoint.getInstance(dIn.readObject())).append(nl); - } - else if (oid.equals(Extension.freshestCRL)) - { - buf.append( - CRLDistPoint.getInstance(dIn.readObject())).append(nl); - } - else - { - buf.append(oid.getId()); - buf.append(" value = ").append( - ASN1Dump.dumpAsString(dIn.readObject())) - .append(nl); - } - } - catch (Exception ex) - { - buf.append(oid.getId()); - buf.append(" value = ").append("*****").append(nl); - } - } - else - { - buf.append(nl); - } - } - } - Set set = getRevokedCertificates(); - if (set != null) - { - Iterator it = set.iterator(); - while (it.hasNext()) - { - buf.append(it.next()); - buf.append(nl); - } - } - return buf.toString(); - } - - /** - * Checks whether the given certificate is on this CRL. - * - * @param cert the certificate to check for. - * @return true if the given certificate is on this CRL, - * false otherwise. - */ - public boolean isRevoked(Certificate cert) - { - if (!cert.getType().equals("X.509")) - { - throw new RuntimeException("X.509 CRL used with non X.509 Cert"); - } - - Enumeration certs = c.getRevokedCertificateEnumeration(); - - X500Name caName = c.getIssuer(); - - if (certs.hasMoreElements()) - { - BigInteger serial = ((X509Certificate)cert).getSerialNumber(); - - while (certs.hasMoreElements()) - { - TBSCertList.CRLEntry entry = TBSCertList.CRLEntry.getInstance(certs.nextElement()); - - if (isIndirect && entry.hasExtensions()) - { - Extension currentCaName = entry.getExtensions().getExtension(Extension.certificateIssuer); - - if (currentCaName != null) - { - caName = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName()); - } - } - - if (entry.getUserCertificate().getValue().equals(serial)) - { - X500Name issuer; - - if (cert instanceof X509Certificate) - { - issuer = X500Name.getInstance(((X509Certificate)cert).getIssuerX500Principal().getEncoded()); - } - else - { - try - { - issuer = org.bouncycastle.asn1.x509.Certificate.getInstance(cert.getEncoded()).getIssuer(); - } - catch (CertificateEncodingException e) - { - throw new RuntimeException("Cannot process certificate"); - } - } - - if (!caName.equals(issuer)) - { - return false; - } - - return true; - } - } - } - - return false; - } - - public boolean equals(Object other) - { - if (this == other) - { - return true; - } - - if (!(other instanceof X509CRL)) - { - return false; - } - - if (other instanceof X509CRLObject) - { - X509CRLObject crlObject = (X509CRLObject)other; - - if (isHashCodeSet) - { - boolean otherIsHashCodeSet = crlObject.isHashCodeSet; - if (otherIsHashCodeSet) - { - if (crlObject.hashCodeValue != hashCodeValue) - { - return false; - } - } - } - - return this.c.equals(crlObject.c); - } - - return super.equals(other); - } - - public int hashCode() - { - if (!isHashCodeSet) - { - isHashCodeSet = true; - hashCodeValue = super.hashCode(); - } - - return hashCodeValue; - } -} - diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java deleted file mode 100644 index 44220622..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java +++ /dev/null @@ -1,903 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.x509; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.math.BigInteger; -import java.net.InetAddress; -import java.net.UnknownHostException; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.Principal; -import java.security.Provider; -import java.security.PublicKey; -import java.security.Security; -import java.security.Signature; -import java.security.SignatureException; -import java.security.cert.Certificate; -import java.security.cert.CertificateEncodingException; -import java.security.cert.CertificateException; -import java.security.cert.CertificateExpiredException; -import java.security.cert.CertificateNotYetValidException; -import java.security.cert.CertificateParsingException; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Collections; -import java.util.Date; -import java.util.Enumeration; -import java.util.HashSet; -import java.util.List; -import java.util.Set; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OutputStream; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1String; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.misc.MiscObjectIdentifiers; -import org.bouncycastle.asn1.misc.NetscapeCertType; -import org.bouncycastle.asn1.misc.NetscapeRevocationURL; -import org.bouncycastle.asn1.misc.VerisignCzagExtension; -import org.bouncycastle.asn1.util.ASN1Dump; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x500.style.RFC4519Style; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.BasicConstraints; -import org.bouncycastle.asn1.x509.Extension; -import org.bouncycastle.asn1.x509.Extensions; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.KeyUsage; -import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl; -import org.bouncycastle.jce.X509Principal; -import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.jce.provider.RFC3280CertPathUtilities; -import org.bouncycastle.util.Arrays; -import org.bouncycastle.util.Integers; -import org.bouncycastle.util.encoders.Hex; - -class X509CertificateObject - extends X509Certificate - implements PKCS12BagAttributeCarrier -{ - private org.bouncycastle.asn1.x509.Certificate c; - private BasicConstraints basicConstraints; - private boolean[] keyUsage; - private boolean hashValueSet; - private int hashValue; - - private PKCS12BagAttributeCarrier attrCarrier = new PKCS12BagAttributeCarrierImpl(); - - public X509CertificateObject( - org.bouncycastle.asn1.x509.Certificate c) - throws CertificateParsingException - { - this.c = c; - - try - { - byte[] bytes = this.getExtensionBytes("2.5.29.19"); - - if (bytes != null) - { - basicConstraints = BasicConstraints.getInstance(ASN1Primitive.fromByteArray(bytes)); - } - } - catch (Exception e) - { - throw new CertificateParsingException("cannot construct BasicConstraints: " + e); - } - - try - { - byte[] bytes = this.getExtensionBytes("2.5.29.15"); - if (bytes != null) - { - DERBitString bits = DERBitString.getInstance(ASN1Primitive.fromByteArray(bytes)); - - bytes = bits.getBytes(); - int length = (bytes.length * 8) - bits.getPadBits(); - - keyUsage = new boolean[(length < 9) ? 9 : length]; - - for (int i = 0; i != length; i++) - { - keyUsage[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0; - } - } - else - { - keyUsage = null; - } - } - catch (Exception e) - { - throw new CertificateParsingException("cannot construct KeyUsage: " + e); - } - } - - public void checkValidity() - throws CertificateExpiredException, CertificateNotYetValidException - { - this.checkValidity(new Date()); - } - - public void checkValidity( - Date date) - throws CertificateExpiredException, CertificateNotYetValidException - { - if (date.getTime() > this.getNotAfter().getTime()) // for other VM compatibility - { - throw new CertificateExpiredException("certificate expired on " + c.getEndDate().getTime()); - } - - if (date.getTime() < this.getNotBefore().getTime()) - { - throw new CertificateNotYetValidException("certificate not valid till " + c.getStartDate().getTime()); - } - } - - public int getVersion() - { - return c.getVersionNumber(); - } - - public BigInteger getSerialNumber() - { - return c.getSerialNumber().getValue(); - } - - public Principal getIssuerDN() - { - try - { - return new X509Principal(X500Name.getInstance(c.getIssuer().getEncoded())); - } - catch (IOException e) - { - return null; - } - } - - public X500Principal getIssuerX500Principal() - { - try - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - ASN1OutputStream aOut = new ASN1OutputStream(bOut); - - aOut.writeObject(c.getIssuer()); - - return new X500Principal(bOut.toByteArray()); - } - catch (IOException e) - { - throw new IllegalStateException("can't encode issuer DN"); - } - } - - public Principal getSubjectDN() - { - return new X509Principal(X500Name.getInstance(c.getSubject().toASN1Primitive())); - } - - public X500Principal getSubjectX500Principal() - { - try - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - ASN1OutputStream aOut = new ASN1OutputStream(bOut); - - aOut.writeObject(c.getSubject()); - - return new X500Principal(bOut.toByteArray()); - } - catch (IOException e) - { - throw new IllegalStateException("can't encode issuer DN"); - } - } - - public Date getNotBefore() - { - return c.getStartDate().getDate(); - } - - public Date getNotAfter() - { - return c.getEndDate().getDate(); - } - - public byte[] getTBSCertificate() - throws CertificateEncodingException - { - try - { - return c.getTBSCertificate().getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - throw new CertificateEncodingException(e.toString()); - } - } - - public byte[] getSignature() - { - return c.getSignature().getBytes(); - } - - /** - * return a more "meaningful" representation for the signature algorithm used in - * the certficate. - */ - public String getSigAlgName() - { - Provider prov = Security.getProvider(BouncyCastleProvider.PROVIDER_NAME); - - if (prov != null) - { - String algName = prov.getProperty("Alg.Alias.Signature." + this.getSigAlgOID()); - - if (algName != null) - { - return algName; - } - } - - Provider[] provs = Security.getProviders(); - - // - // search every provider looking for a real algorithm - // - for (int i = 0; i != provs.length; i++) - { - String algName = provs[i].getProperty("Alg.Alias.Signature." + this.getSigAlgOID()); - if (algName != null) - { - return algName; - } - } - - return this.getSigAlgOID(); - } - - /** - * return the object identifier for the signature. - */ - public String getSigAlgOID() - { - return c.getSignatureAlgorithm().getAlgorithm().getId(); - } - - /** - * return the signature parameters, or null if there aren't any. - */ - public byte[] getSigAlgParams() - { - if (c.getSignatureAlgorithm().getParameters() != null) - { - try - { - return c.getSignatureAlgorithm().getParameters().toASN1Primitive().getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - return null; - } - } - else - { - return null; - } - } - - public boolean[] getIssuerUniqueID() - { - DERBitString id = c.getTBSCertificate().getIssuerUniqueId(); - - if (id != null) - { - byte[] bytes = id.getBytes(); - boolean[] boolId = new boolean[bytes.length * 8 - id.getPadBits()]; - - for (int i = 0; i != boolId.length; i++) - { - boolId[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0; - } - - return boolId; - } - - return null; - } - - public boolean[] getSubjectUniqueID() - { - DERBitString id = c.getTBSCertificate().getSubjectUniqueId(); - - if (id != null) - { - byte[] bytes = id.getBytes(); - boolean[] boolId = new boolean[bytes.length * 8 - id.getPadBits()]; - - for (int i = 0; i != boolId.length; i++) - { - boolId[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0; - } - - return boolId; - } - - return null; - } - - public boolean[] getKeyUsage() - { - return keyUsage; - } - - public List getExtendedKeyUsage() - throws CertificateParsingException - { - byte[] bytes = this.getExtensionBytes("2.5.29.37"); - - if (bytes != null) - { - try - { - ASN1InputStream dIn = new ASN1InputStream(bytes); - ASN1Sequence seq = (ASN1Sequence)dIn.readObject(); - List list = new ArrayList(); - - for (int i = 0; i != seq.size(); i++) - { - list.add(((ASN1ObjectIdentifier)seq.getObjectAt(i)).getId()); - } - - return Collections.unmodifiableList(list); - } - catch (Exception e) - { - throw new CertificateParsingException("error processing extended key usage extension"); - } - } - - return null; - } - - public int getBasicConstraints() - { - if (basicConstraints != null) - { - if (basicConstraints.isCA()) - { - if (basicConstraints.getPathLenConstraint() == null) - { - return Integer.MAX_VALUE; - } - else - { - return basicConstraints.getPathLenConstraint().intValue(); - } - } - else - { - return -1; - } - } - - return -1; - } - - public Collection getSubjectAlternativeNames() - throws CertificateParsingException - { - return getAlternativeNames(getExtensionBytes(Extension.subjectAlternativeName.getId())); - } - - public Collection getIssuerAlternativeNames() - throws CertificateParsingException - { - return getAlternativeNames(getExtensionBytes(Extension.issuerAlternativeName.getId())); - } - - public Set getCriticalExtensionOIDs() - { - if (this.getVersion() == 3) - { - Set set = new HashSet(); - Extensions extensions = c.getTBSCertificate().getExtensions(); - - if (extensions != null) - { - Enumeration e = extensions.oids(); - - while (e.hasMoreElements()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); - Extension ext = extensions.getExtension(oid); - - if (ext.isCritical()) - { - set.add(oid.getId()); - } - } - - return set; - } - } - - return null; - } - - private byte[] getExtensionBytes(String oid) - { - Extensions exts = c.getTBSCertificate().getExtensions(); - - if (exts != null) - { - Extension ext = exts.getExtension(new ASN1ObjectIdentifier(oid)); - if (ext != null) - { - return ext.getExtnValue().getOctets(); - } - } - - return null; - } - - public byte[] getExtensionValue(String oid) - { - Extensions exts = c.getTBSCertificate().getExtensions(); - - if (exts != null) - { - Extension ext = exts.getExtension(new ASN1ObjectIdentifier(oid)); - - if (ext != null) - { - try - { - return ext.getExtnValue().getEncoded(); - } - catch (Exception e) - { - throw new IllegalStateException("error parsing " + e.toString()); - } - } - } - - return null; - } - - public Set getNonCriticalExtensionOIDs() - { - if (this.getVersion() == 3) - { - Set set = new HashSet(); - Extensions extensions = c.getTBSCertificate().getExtensions(); - - if (extensions != null) - { - Enumeration e = extensions.oids(); - - while (e.hasMoreElements()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); - Extension ext = extensions.getExtension(oid); - - if (!ext.isCritical()) - { - set.add(oid.getId()); - } - } - - return set; - } - } - - return null; - } - - public boolean hasUnsupportedCriticalExtension() - { - if (this.getVersion() == 3) - { - Extensions extensions = c.getTBSCertificate().getExtensions(); - - if (extensions != null) - { - Enumeration e = extensions.oids(); - - while (e.hasMoreElements()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); - String oidId = oid.getId(); - - if (oidId.equals(RFC3280CertPathUtilities.KEY_USAGE) - || oidId.equals(RFC3280CertPathUtilities.CERTIFICATE_POLICIES) - || oidId.equals(RFC3280CertPathUtilities.POLICY_MAPPINGS) - || oidId.equals(RFC3280CertPathUtilities.INHIBIT_ANY_POLICY) - || oidId.equals(RFC3280CertPathUtilities.CRL_DISTRIBUTION_POINTS) - || oidId.equals(RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT) - || oidId.equals(RFC3280CertPathUtilities.DELTA_CRL_INDICATOR) - || oidId.equals(RFC3280CertPathUtilities.POLICY_CONSTRAINTS) - || oidId.equals(RFC3280CertPathUtilities.BASIC_CONSTRAINTS) - || oidId.equals(RFC3280CertPathUtilities.SUBJECT_ALTERNATIVE_NAME) - || oidId.equals(RFC3280CertPathUtilities.NAME_CONSTRAINTS)) - { - continue; - } - - Extension ext = extensions.getExtension(oid); - - if (ext.isCritical()) - { - return true; - } - } - } - } - - return false; - } - - public PublicKey getPublicKey() - { - try - { - return BouncyCastleProvider.getPublicKey(c.getSubjectPublicKeyInfo()); - } - catch (IOException e) - { - return null; // should never happen... - } - } - - public byte[] getEncoded() - throws CertificateEncodingException - { - try - { - return c.getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - throw new CertificateEncodingException(e.toString()); - } - } - - public boolean equals( - Object o) - { - if (o == this) - { - return true; - } - - if (!(o instanceof Certificate)) - { - return false; - } - - Certificate other = (Certificate)o; - - try - { - byte[] b1 = this.getEncoded(); - byte[] b2 = other.getEncoded(); - - return Arrays.areEqual(b1, b2); - } - catch (CertificateEncodingException e) - { - return false; - } - } - - public synchronized int hashCode() - { - if (!hashValueSet) - { - hashValue = calculateHashCode(); - hashValueSet = true; - } - - return hashValue; - } - - private int calculateHashCode() - { - try - { - int hashCode = 0; - byte[] certData = this.getEncoded(); - for (int i = 1; i < certData.length; i++) - { - hashCode += certData[i] * i; - } - return hashCode; - } - catch (CertificateEncodingException e) - { - return 0; - } - } - - public void setBagAttribute( - ASN1ObjectIdentifier oid, - ASN1Encodable attribute) - { - attrCarrier.setBagAttribute(oid, attribute); - } - - public ASN1Encodable getBagAttribute( - ASN1ObjectIdentifier oid) - { - return attrCarrier.getBagAttribute(oid); - } - - public Enumeration getBagAttributeKeys() - { - return attrCarrier.getBagAttributeKeys(); - } - - public String toString() - { - StringBuffer buf = new StringBuffer(); - String nl = System.getProperty("line.separator"); - - buf.append(" [0] Version: ").append(this.getVersion()).append(nl); - buf.append(" SerialNumber: ").append(this.getSerialNumber()).append(nl); - buf.append(" IssuerDN: ").append(this.getIssuerDN()).append(nl); - buf.append(" Start Date: ").append(this.getNotBefore()).append(nl); - buf.append(" Final Date: ").append(this.getNotAfter()).append(nl); - buf.append(" SubjectDN: ").append(this.getSubjectDN()).append(nl); - buf.append(" Public Key: ").append(this.getPublicKey()).append(nl); - buf.append(" Signature Algorithm: ").append(this.getSigAlgName()).append(nl); - - byte[] sig = this.getSignature(); - - buf.append(" Signature: ").append(new String(Hex.encode(sig, 0, 20))).append(nl); - for (int i = 20; i < sig.length; i += 20) - { - if (i < sig.length - 20) - { - buf.append(" ").append(new String(Hex.encode(sig, i, 20))).append(nl); - } - else - { - buf.append(" ").append(new String(Hex.encode(sig, i, sig.length - i))).append(nl); - } - } - - Extensions extensions = c.getTBSCertificate().getExtensions(); - - if (extensions != null) - { - Enumeration e = extensions.oids(); - - if (e.hasMoreElements()) - { - buf.append(" Extensions: \n"); - } - - while (e.hasMoreElements()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); - Extension ext = extensions.getExtension(oid); - - if (ext.getExtnValue() != null) - { - byte[] octs = ext.getExtnValue().getOctets(); - ASN1InputStream dIn = new ASN1InputStream(octs); - buf.append(" critical(").append(ext.isCritical()).append(") "); - try - { - if (oid.equals(Extension.basicConstraints)) - { - buf.append(BasicConstraints.getInstance(dIn.readObject())).append(nl); - } - else if (oid.equals(Extension.keyUsage)) - { - buf.append(KeyUsage.getInstance(dIn.readObject())).append(nl); - } - else if (oid.equals(MiscObjectIdentifiers.netscapeCertType)) - { - buf.append(new NetscapeCertType((DERBitString)dIn.readObject())).append(nl); - } - else if (oid.equals(MiscObjectIdentifiers.netscapeRevocationURL)) - { - buf.append(new NetscapeRevocationURL((DERIA5String)dIn.readObject())).append(nl); - } - else if (oid.equals(MiscObjectIdentifiers.verisignCzagExtension)) - { - buf.append(new VerisignCzagExtension((DERIA5String)dIn.readObject())).append(nl); - } - else - { - buf.append(oid.getId()); - buf.append(" value = ").append(ASN1Dump.dumpAsString(dIn.readObject())).append(nl); - //buf.append(" value = ").append("*****").append(nl); - } - } - catch (Exception ex) - { - buf.append(oid.getId()); - // buf.append(" value = ").append(new String(Hex.encode(ext.getExtnValue().getOctets()))).append(nl); - buf.append(" value = ").append("*****").append(nl); - } - } - else - { - buf.append(nl); - } - } - } - - return buf.toString(); - } - - public final void verify( - PublicKey key) - throws CertificateException, NoSuchAlgorithmException, - InvalidKeyException, NoSuchProviderException, SignatureException - { - Signature signature; - String sigName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm()); - - try - { - signature = Signature.getInstance(sigName, BouncyCastleProvider.PROVIDER_NAME); - } - catch (Exception e) - { - signature = Signature.getInstance(sigName); - } - - checkSignature(key, signature); - } - - public final void verify( - PublicKey key, - String sigProvider) - throws CertificateException, NoSuchAlgorithmException, - InvalidKeyException, NoSuchProviderException, SignatureException - { - String sigName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm()); - Signature signature = Signature.getInstance(sigName, sigProvider); - - checkSignature(key, signature); - } - - private void checkSignature( - PublicKey key, - Signature signature) - throws CertificateException, NoSuchAlgorithmException, - SignatureException, InvalidKeyException - { - if (!isAlgIdEqual(c.getSignatureAlgorithm(), c.getTBSCertificate().getSignature())) - { - throw new CertificateException("signature algorithm in TBS cert not same as outer cert"); - } - - ASN1Encodable params = c.getSignatureAlgorithm().getParameters(); - - // TODO This should go after the initVerify? - X509SignatureUtil.setSignatureParameters(signature, params); - - signature.initVerify(key); - - signature.update(this.getTBSCertificate()); - - if (!signature.verify(this.getSignature())) - { - throw new SignatureException("certificate does not verify with supplied key"); - } - } - - private boolean isAlgIdEqual(AlgorithmIdentifier id1, AlgorithmIdentifier id2) - { - if (!id1.getAlgorithm().equals(id2.getAlgorithm())) - { - return false; - } - - if (id1.getParameters() == null) - { - if (id2.getParameters() != null && !id2.getParameters().equals(DERNull.INSTANCE)) - { - return false; - } - - return true; - } - - if (id2.getParameters() == null) - { - if (id1.getParameters() != null && !id1.getParameters().equals(DERNull.INSTANCE)) - { - return false; - } - - return true; - } - - return id1.getParameters().equals(id2.getParameters()); - } - - private static Collection getAlternativeNames(byte[] extVal) - throws CertificateParsingException - { - if (extVal == null) - { - return null; - } - try - { - Collection temp = new ArrayList(); - Enumeration it = ASN1Sequence.getInstance(extVal).getObjects(); - while (it.hasMoreElements()) - { - GeneralName genName = GeneralName.getInstance(it.nextElement()); - List list = new ArrayList(); - list.add(Integers.valueOf(genName.getTagNo())); - switch (genName.getTagNo()) - { - case GeneralName.ediPartyName: - case GeneralName.x400Address: - case GeneralName.otherName: - list.add(genName.getEncoded()); - break; - case GeneralName.directoryName: - list.add(X500Name.getInstance(RFC4519Style.INSTANCE, genName.getName()).toString()); - break; - case GeneralName.dNSName: - case GeneralName.rfc822Name: - case GeneralName.uniformResourceIdentifier: - list.add(((ASN1String)genName.getName()).getString()); - break; - case GeneralName.registeredID: - list.add(ASN1ObjectIdentifier.getInstance(genName.getName()).getId()); - break; - case GeneralName.iPAddress: - byte[] addrBytes = DEROctetString.getInstance(genName.getName()).getOctets(); - final String addr; - try - { - addr = InetAddress.getByAddress(addrBytes).getHostAddress(); - } - catch (UnknownHostException e) - { - continue; - } - list.add(addr); - break; - default: - throw new IOException("Bad tag number: " + genName.getTagNo()); - } - - temp.add(Collections.unmodifiableList(list)); - } - if (temp.size() == 0) - { - return null; - } - return Collections.unmodifiableCollection(temp); - } - catch (Exception e) - { - throw new CertificateParsingException(e.getMessage()); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.java deleted file mode 100644 index 06d30759..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.java +++ /dev/null @@ -1,138 +0,0 @@ -package org.bouncycastle.jcajce.provider.asymmetric.x509; - -import java.io.IOException; -import java.security.AlgorithmParameters; -import java.security.GeneralSecurityException; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.Signature; -import java.security.SignatureException; -import java.security.spec.PSSParameterSpec; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Null; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.RSASSAPSSparams; -import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; - -class X509SignatureUtil -{ - private static final ASN1Null derNull = DERNull.INSTANCE; - - static void setSignatureParameters( - Signature signature, - ASN1Encodable params) - throws NoSuchAlgorithmException, SignatureException, InvalidKeyException - { - if (params != null && !derNull.equals(params)) - { - AlgorithmParameters sigParams = AlgorithmParameters.getInstance(signature.getAlgorithm(), signature.getProvider()); - - try - { - sigParams.init(params.toASN1Primitive().getEncoded()); - } - catch (IOException e) - { - throw new SignatureException("IOException decoding parameters: " + e.getMessage()); - } - - if (signature.getAlgorithm().endsWith("MGF1")) - { - try - { - signature.setParameter(sigParams.getParameterSpec(PSSParameterSpec.class)); - } - catch (GeneralSecurityException e) - { - throw new SignatureException("Exception extracting parameters: " + e.getMessage()); - } - } - } - } - - static String getSignatureName( - AlgorithmIdentifier sigAlgId) - { - ASN1Encodable params = sigAlgId.getParameters(); - - if (params != null && !derNull.equals(params)) - { - if (sigAlgId.getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS)) - { - RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params); - - return getDigestAlgName(rsaParams.getHashAlgorithm().getAlgorithm()) + "withRSAandMGF1"; - } - if (sigAlgId.getAlgorithm().equals(X9ObjectIdentifiers.ecdsa_with_SHA2)) - { - ASN1Sequence ecDsaParams = ASN1Sequence.getInstance(params); - - return getDigestAlgName((ASN1ObjectIdentifier)ecDsaParams.getObjectAt(0)) + "withECDSA"; - } - } - - return sigAlgId.getAlgorithm().getId(); - } - - /** - * Return the digest algorithm using one of the standard JCA string - * representations rather the the algorithm identifier (if possible). - */ - private static String getDigestAlgName( - ASN1ObjectIdentifier digestAlgOID) - { - if (PKCSObjectIdentifiers.md5.equals(digestAlgOID)) - { - return "MD5"; - } - else if (OIWObjectIdentifiers.idSHA1.equals(digestAlgOID)) - { - return "SHA1"; - } - else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID)) - { - return "SHA224"; - } - else if (NISTObjectIdentifiers.id_sha256.equals(digestAlgOID)) - { - return "SHA256"; - } - else if (NISTObjectIdentifiers.id_sha384.equals(digestAlgOID)) - { - return "SHA384"; - } - else if (NISTObjectIdentifiers.id_sha512.equals(digestAlgOID)) - { - return "SHA512"; - } - else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID)) - { - return "RIPEMD128"; - } - else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID)) - { - return "RIPEMD160"; - } - else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID)) - { - return "RIPEMD256"; - } - else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID)) - { - return "GOST3411"; - } - else - { - return digestAlgOID.getId(); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java deleted file mode 100644 index 123ff7de..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java +++ /dev/null @@ -1,39 +0,0 @@ -package org.bouncycastle.jcajce.provider.config; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter; - -/** - * Implemented by the BC provider. This allows setting of hidden parameters, - * such as the ImplicitCA parameters from X.962, if used. - */ -public interface ConfigurableProvider -{ - /** - * Elliptic Curve CA parameters - thread local version - */ - static final String THREAD_LOCAL_EC_IMPLICITLY_CA = "threadLocalEcImplicitlyCa"; - - /** - * Elliptic Curve CA parameters - VM wide version - */ - static final String EC_IMPLICITLY_CA = "ecImplicitlyCa"; - - /** - * Diffie-Hellman Default Parameters - thread local version - */ - static final String THREAD_LOCAL_DH_DEFAULT_PARAMS = "threadLocalDhDefaultParams"; - - /** - * Diffie-Hellman Default Parameters - VM wide version - */ - static final String DH_DEFAULT_PARAMS = "DhDefaultParams"; - - void setParameter(String parameterName, Object parameter); - - void addAlgorithm(String key, String value); - - boolean hasAlgorithm(String type, String name); - - void addKeyInfoConverter(ASN1ObjectIdentifier oid, AsymmetricKeyInfoConverter keyInfoConverter); -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/config/PKCS12StoreParameter.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/config/PKCS12StoreParameter.java deleted file mode 100644 index 36a32b17..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/config/PKCS12StoreParameter.java +++ /dev/null @@ -1,51 +0,0 @@ -package org.bouncycastle.jcajce.provider.config; - -import java.io.OutputStream; -import java.security.KeyStore; -import java.security.KeyStore.LoadStoreParameter; -import java.security.KeyStore.ProtectionParameter; - -public class PKCS12StoreParameter - implements LoadStoreParameter -{ - private final OutputStream out; - private final ProtectionParameter protectionParameter; - private final boolean forDEREncoding; - - public PKCS12StoreParameter(OutputStream out, char[] password) - { - this(out, password, false); - } - - public PKCS12StoreParameter(OutputStream out, ProtectionParameter protectionParameter) - { - this(out, protectionParameter, false); - } - - public PKCS12StoreParameter(OutputStream out, char[] password, boolean forDEREncoding) - { - this(out, new KeyStore.PasswordProtection(password), forDEREncoding); - } - - public PKCS12StoreParameter(OutputStream out, ProtectionParameter protectionParameter, boolean forDEREncoding) - { - this.out = out; - this.protectionParameter = protectionParameter; - this.forDEREncoding = forDEREncoding; - } - - public OutputStream getOutputStream() - { - return out; - } - - public ProtectionParameter getProtectionParameter() - { - return protectionParameter; - } - - public boolean isForDEREncoding() - { - return forDEREncoding; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/config/ProviderConfiguration.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/config/ProviderConfiguration.java deleted file mode 100644 index 2d99ed9b..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/config/ProviderConfiguration.java +++ /dev/null @@ -1,12 +0,0 @@ -package org.bouncycastle.jcajce.provider.config; - -import javax.crypto.spec.DHParameterSpec; - -import org.bouncycastle.jce.spec.ECParameterSpec; - -public interface ProviderConfiguration -{ - ECParameterSpec getEcImplicitlyCa(); - - DHParameterSpec getDHDefaultParameters(int keySize); -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/config/ProviderConfigurationPermission.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/config/ProviderConfigurationPermission.java deleted file mode 100644 index b21afc54..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/config/ProviderConfigurationPermission.java +++ /dev/null @@ -1,146 +0,0 @@ -package org.bouncycastle.jcajce.provider.config; - -import java.security.BasicPermission; -import java.security.Permission; -import java.util.StringTokenizer; - -import org.bouncycastle.util.Strings; - -/** - * A permission class to define what can be done with the ConfigurableProvider interface. - * <p> - * Available permissions are "threadLocalEcImplicitlyCa" and "ecImplicitlyCa" which allow the setting - * of the thread local and global ecImplicitlyCa parameters respectively. - * </p> - * <p> - * Examples: - * <ul> - * <li>ProviderConfigurationPermission("BC"); // enable all permissions</li> - * <li>ProviderConfigurationPermission("BC", "threadLocalEcImplicitlyCa"); // enable thread local only</li> - * <li>ProviderConfigurationPermission("BC", "ecImplicitlyCa"); // enable global setting only</li> - * <li>ProviderConfigurationPermission("BC", "threadLocalEcImplicitlyCa, ecImplicitlyCa"); // enable both explicitly</li> - * </ul> - * <p> - * Note: permission checks are only enforced if a security manager is present. - * </p> - */ -public class ProviderConfigurationPermission - extends BasicPermission -{ - private static final int THREAD_LOCAL_EC_IMPLICITLY_CA = 0x01; - private static final int EC_IMPLICITLY_CA = 0x02; - private static final int THREAD_LOCAL_DH_DEFAULT_PARAMS = 0x04; - private static final int DH_DEFAULT_PARAMS = 0x08; - - private static final int ALL = THREAD_LOCAL_EC_IMPLICITLY_CA | EC_IMPLICITLY_CA | THREAD_LOCAL_DH_DEFAULT_PARAMS | DH_DEFAULT_PARAMS; - - private static final String THREAD_LOCAL_EC_IMPLICITLY_CA_STR = "threadlocalecimplicitlyca"; - private static final String EC_IMPLICITLY_CA_STR = "ecimplicitlyca"; - private static final String THREAD_LOCAL_DH_DEFAULT_PARAMS_STR = "threadlocaldhdefaultparams"; - private static final String DH_DEFAULT_PARAMS_STR = "dhdefaultparams"; - - private static final String ALL_STR = "all"; - - private final String actions; - private final int permissionMask; - - public ProviderConfigurationPermission(String name) - { - super(name); - this.actions = "all"; - this.permissionMask = ALL; - } - - public ProviderConfigurationPermission(String name, String actions) - { - super(name, actions); - this.actions = actions; - this.permissionMask = calculateMask(actions); - } - - private int calculateMask( - String actions) - { - StringTokenizer tok = new StringTokenizer(Strings.toLowerCase(actions), " ,"); - int mask = 0; - - while (tok.hasMoreTokens()) - { - String s = tok.nextToken(); - - if (s.equals(THREAD_LOCAL_EC_IMPLICITLY_CA_STR)) - { - mask |= THREAD_LOCAL_EC_IMPLICITLY_CA; - } - else if (s.equals(EC_IMPLICITLY_CA_STR)) - { - mask |= EC_IMPLICITLY_CA; - } - else if (s.equals(THREAD_LOCAL_DH_DEFAULT_PARAMS_STR)) - { - mask |= THREAD_LOCAL_DH_DEFAULT_PARAMS; - } - else if (s.equals(DH_DEFAULT_PARAMS_STR)) - { - mask |= DH_DEFAULT_PARAMS; - } - else if (s.equals(ALL_STR)) - { - mask |= ALL; - } - } - - if (mask == 0) - { - throw new IllegalArgumentException("unknown permissions passed to mask"); - } - - return mask; - } - - public String getActions() - { - return actions; - } - - public boolean implies( - Permission permission) - { - if (!(permission instanceof ProviderConfigurationPermission)) - { - return false; - } - - if (!this.getName().equals(permission.getName())) - { - return false; - } - - ProviderConfigurationPermission other = (ProviderConfigurationPermission)permission; - - return (this.permissionMask & other.permissionMask) == other.permissionMask; - } - - public boolean equals( - Object obj) - { - if (obj == this) - { - return true; - } - - if (obj instanceof ProviderConfigurationPermission) - { - ProviderConfigurationPermission other = (ProviderConfigurationPermission)obj; - - return this.permissionMask == other.permissionMask && this.getName().equals(other.getName()); - } - - return false; - } - - public int hashCode() - { - return this.getName().hashCode() + this.permissionMask; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/BCMessageDigest.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/BCMessageDigest.java deleted file mode 100644 index 3c5b78d7..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/BCMessageDigest.java +++ /dev/null @@ -1,47 +0,0 @@ -package org.bouncycastle.jcajce.provider.digest; - -import java.security.MessageDigest; - -import org.bouncycastle.crypto.Digest; - -public class BCMessageDigest - extends MessageDigest -{ - protected Digest digest; - - protected BCMessageDigest( - Digest digest) - { - super(digest.getAlgorithmName()); - - this.digest = digest; - } - - public void engineReset() - { - digest.reset(); - } - - public void engineUpdate( - byte input) - { - digest.update(input); - } - - public void engineUpdate( - byte[] input, - int offset, - int len) - { - digest.update(input, offset, len); - } - - public byte[] engineDigest() - { - byte[] digestBytes = new byte[digest.getDigestSize()]; - - digest.doFinal(digestBytes, 0); - - return digestBytes; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/DigestAlgorithmProvider.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/DigestAlgorithmProvider.java deleted file mode 100644 index 2325f597..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/DigestAlgorithmProvider.java +++ /dev/null @@ -1,36 +0,0 @@ -package org.bouncycastle.jcajce.provider.digest; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; - -abstract class DigestAlgorithmProvider - extends AlgorithmProvider -{ - protected void addHMACAlgorithm( - ConfigurableProvider provider, - String algorithm, - String algorithmClassName, - String keyGeneratorClassName) - { - String mainName = "HMAC" + algorithm; - - provider.addAlgorithm("Mac." + mainName, algorithmClassName); - provider.addAlgorithm("Alg.Alias.Mac.HMAC-" + algorithm, mainName); - provider.addAlgorithm("Alg.Alias.Mac.HMAC/" + algorithm, mainName); - provider.addAlgorithm("KeyGenerator." + mainName, keyGeneratorClassName); - provider.addAlgorithm("Alg.Alias.KeyGenerator.HMAC-" + algorithm, mainName); - provider.addAlgorithm("Alg.Alias.KeyGenerator.HMAC/" + algorithm, mainName); - } - - protected void addHMACAlias( - ConfigurableProvider provider, - String algorithm, - ASN1ObjectIdentifier oid) - { - String mainName = "HMAC" + algorithm; - - provider.addAlgorithm("Alg.Alias.Mac." + oid, mainName); - provider.addAlgorithm("Alg.Alias.KeyGenerator." + oid, mainName); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/GOST3411.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/GOST3411.java deleted file mode 100644 index 2112673e..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/GOST3411.java +++ /dev/null @@ -1,94 +0,0 @@ -package org.bouncycastle.jcajce.provider.digest; - -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.digests.GOST3411Digest; -import org.bouncycastle.crypto.macs.HMac; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; -import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory; - -public class GOST3411 -{ - private GOST3411() - { - - } - - static public class Digest - extends BCMessageDigest - implements Cloneable - { - public Digest() - { - super(new GOST3411Digest()); - } - - public Object clone() - throws CloneNotSupportedException - { - Digest d = (Digest)super.clone(); - d.digest = new GOST3411Digest((GOST3411Digest)digest); - - return d; - } - } - - /** - * GOST3411 HMac - */ - public static class HashMac - extends BaseMac - { - public HashMac() - { - super(new HMac(new GOST3411Digest())); - } - } - - /** - * PBEWithHmacGOST3411 - */ - public static class PBEWithMacKeyFactory - extends PBESecretKeyFactory - { - public PBEWithMacKeyFactory() - { - super("PBEwithHmacGOST3411", null, false, PKCS12, GOST3411, 256, 0); - } - } - - public static class KeyGenerator - extends BaseKeyGenerator - { - public KeyGenerator() - { - super("HMACGOST3411", 256, new CipherKeyGenerator()); - } - } - - public static class Mappings - extends DigestAlgorithmProvider - { - private static final String PREFIX = GOST3411.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("MessageDigest.GOST3411", PREFIX + "$Digest"); - provider.addAlgorithm("Alg.Alias.MessageDigest.GOST", "GOST3411"); - provider.addAlgorithm("Alg.Alias.MessageDigest.GOST-3411", "GOST3411"); - provider.addAlgorithm("Alg.Alias.MessageDigest." + CryptoProObjectIdentifiers.gostR3411, "GOST3411"); - - provider.addAlgorithm("SecretKeyFactory.PBEWITHHMACGOST3411", PREFIX + "$PBEWithMacKeyFactory"); - provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + CryptoProObjectIdentifiers.gostR3411, "PBEWITHHMACGOST3411"); - - addHMACAlgorithm(provider, "GOST3411", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); - addHMACAlias(provider, "GOST3411", CryptoProObjectIdentifiers.gostR3411); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/MD2.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/MD2.java deleted file mode 100644 index 5a3a2bf8..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/MD2.java +++ /dev/null @@ -1,75 +0,0 @@ -package org.bouncycastle.jcajce.provider.digest; - -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.digests.MD2Digest; -import org.bouncycastle.crypto.macs.HMac; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; - -public class MD2 -{ - private MD2() - { - - } - - static public class Digest - extends BCMessageDigest - implements Cloneable - { - public Digest() - { - super(new MD2Digest()); - } - - public Object clone() - throws CloneNotSupportedException - { - Digest d = (Digest)super.clone(); - d.digest = new MD2Digest((MD2Digest)digest); - - return d; - } - } - - /** - * MD2 HMac - */ - public static class HashMac - extends BaseMac - { - public HashMac() - { - super(new HMac(new MD2Digest())); - } - } - - public static class KeyGenerator - extends BaseKeyGenerator - { - public KeyGenerator() - { - super("HMACMD2", 128, new CipherKeyGenerator()); - } - } - - public static class Mappings - extends DigestAlgorithmProvider - { - private static final String PREFIX = MD2.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("MessageDigest.MD2", PREFIX + "$Digest"); - provider.addAlgorithm("Alg.Alias.MessageDigest." + PKCSObjectIdentifiers.md2, "MD2"); - - addHMACAlgorithm(provider, "MD2", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/MD4.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/MD4.java deleted file mode 100644 index 8a30baaf..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/MD4.java +++ /dev/null @@ -1,75 +0,0 @@ -package org.bouncycastle.jcajce.provider.digest; - -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.digests.MD4Digest; -import org.bouncycastle.crypto.macs.HMac; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; - -public class MD4 -{ - private MD4() - { - - } - - /** - * MD4 HashMac - */ - public static class HashMac - extends BaseMac - { - public HashMac() - { - super(new HMac(new MD4Digest())); - } - } - - public static class KeyGenerator - extends BaseKeyGenerator - { - public KeyGenerator() - { - super("HMACMD4", 128, new CipherKeyGenerator()); - } - } - - static public class Digest - extends BCMessageDigest - implements Cloneable - { - public Digest() - { - super(new MD4Digest()); - } - - public Object clone() - throws CloneNotSupportedException - { - Digest d = (Digest)super.clone(); - d.digest = new MD4Digest((MD4Digest)digest); - - return d; - } - } - - public static class Mappings - extends DigestAlgorithmProvider - { - private static final String PREFIX = MD4.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("MessageDigest.MD4", PREFIX + "$Digest"); - provider.addAlgorithm("Alg.Alias.MessageDigest." + PKCSObjectIdentifiers.md4, "MD4"); - - addHMACAlgorithm(provider, "MD4", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/MD5.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/MD5.java deleted file mode 100644 index 93a7d716..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/MD5.java +++ /dev/null @@ -1,77 +0,0 @@ -package org.bouncycastle.jcajce.provider.digest; - -import org.bouncycastle.asn1.iana.IANAObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.digests.MD5Digest; -import org.bouncycastle.crypto.macs.HMac; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; - -public class MD5 -{ - private MD5() - { - - } - - /** - * MD5 HashMac - */ - public static class HashMac - extends BaseMac - { - public HashMac() - { - super(new HMac(new MD5Digest())); - } - } - - public static class KeyGenerator - extends BaseKeyGenerator - { - public KeyGenerator() - { - super("HMACMD5", 128, new CipherKeyGenerator()); - } - } - - static public class Digest - extends BCMessageDigest - implements Cloneable - { - public Digest() - { - super(new MD5Digest()); - } - - public Object clone() - throws CloneNotSupportedException - { - Digest d = (Digest)super.clone(); - d.digest = new MD5Digest((MD5Digest)digest); - - return d; - } - } - - public static class Mappings - extends DigestAlgorithmProvider - { - private static final String PREFIX = MD5.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("MessageDigest.MD5", PREFIX + "$Digest"); - provider.addAlgorithm("Alg.Alias.MessageDigest." + PKCSObjectIdentifiers.md5, "MD5"); - - addHMACAlgorithm(provider, "MD5", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); - addHMACAlias(provider, "MD5", IANAObjectIdentifiers.hmacMD5); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/RIPEMD128.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/RIPEMD128.java deleted file mode 100644 index e913f658..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/RIPEMD128.java +++ /dev/null @@ -1,75 +0,0 @@ -package org.bouncycastle.jcajce.provider.digest; - -import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.digests.RIPEMD128Digest; -import org.bouncycastle.crypto.macs.HMac; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; - -public class RIPEMD128 -{ - private RIPEMD128() - { - - } - - static public class Digest - extends BCMessageDigest - implements Cloneable - { - public Digest() - { - super(new RIPEMD128Digest()); - } - - public Object clone() - throws CloneNotSupportedException - { - Digest d = (Digest)super.clone(); - d.digest = new RIPEMD128Digest((RIPEMD128Digest)digest); - - return d; - } - } - - /** - * RIPEMD128 HashMac - */ - public static class HashMac - extends BaseMac - { - public HashMac() - { - super(new HMac(new RIPEMD128Digest())); - } - } - - public static class KeyGenerator - extends BaseKeyGenerator - { - public KeyGenerator() - { - super("HMACRIPEMD128", 128, new CipherKeyGenerator()); - } - } - - public static class Mappings - extends DigestAlgorithmProvider - { - private static final String PREFIX = RIPEMD128.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("MessageDigest.RIPEMD128", PREFIX + "$Digest"); - provider.addAlgorithm("Alg.Alias.MessageDigest." + TeleTrusTObjectIdentifiers.ripemd128, "RIPEMD128"); - - addHMACAlgorithm(provider, "RIPEMD128", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/RIPEMD160.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/RIPEMD160.java deleted file mode 100644 index f081713a..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/RIPEMD160.java +++ /dev/null @@ -1,113 +0,0 @@ -package org.bouncycastle.jcajce.provider.digest; - -import org.bouncycastle.asn1.iana.IANAObjectIdentifiers; -import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.digests.RIPEMD160Digest; -import org.bouncycastle.crypto.macs.HMac; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; -import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory; - -public class RIPEMD160 -{ - private RIPEMD160() - { - - } - - static public class Digest - extends BCMessageDigest - implements Cloneable - { - public Digest() - { - super(new RIPEMD160Digest()); - } - - public Object clone() - throws CloneNotSupportedException - { - Digest d = (Digest)super.clone(); - d.digest = new RIPEMD160Digest((RIPEMD160Digest)digest); - - return d; - } - } - - /** - * RIPEMD160 HMac - */ - public static class HashMac - extends BaseMac - { - public HashMac() - { - super(new HMac(new RIPEMD160Digest())); - } - } - - public static class KeyGenerator - extends BaseKeyGenerator - { - public KeyGenerator() - { - super("HMACRIPEMD160", 160, new CipherKeyGenerator()); - } - } - - - // - // PKCS12 states that the same algorithm should be used - // for the key generation as is used in the HMAC, so that - // is what we do here. - // - - /** - * PBEWithHmacRIPEMD160 - */ - public static class PBEWithHmac - extends BaseMac - { - public PBEWithHmac() - { - super(new HMac(new RIPEMD160Digest()), PKCS12, RIPEMD160, 160); - } - } - - /** - * PBEWithHmacRIPEMD160 - */ - public static class PBEWithHmacKeyFactory - extends PBESecretKeyFactory - { - public PBEWithHmacKeyFactory() - { - super("PBEwithHmacRIPEMD160", null, false, PKCS12, RIPEMD160, 160, 0); - } - } - - public static class Mappings - extends DigestAlgorithmProvider - { - private static final String PREFIX = RIPEMD160.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("MessageDigest.RIPEMD160", PREFIX + "$Digest"); - provider.addAlgorithm("Alg.Alias.MessageDigest." + TeleTrusTObjectIdentifiers.ripemd160, "RIPEMD160"); - - addHMACAlgorithm(provider, "RIPEMD160", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); - addHMACAlias(provider, "RIPEMD160", IANAObjectIdentifiers.hmacRIPEMD160); - - - provider.addAlgorithm("SecretKeyFactory.PBEWITHHMACRIPEMD160", PREFIX + "$PBEWithHmacKeyFactory"); - provider.addAlgorithm("Mac.PBEWITHHMACRIPEMD160", PREFIX + "$PBEWithHmac"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/RIPEMD256.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/RIPEMD256.java deleted file mode 100644 index dcb1b56b..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/RIPEMD256.java +++ /dev/null @@ -1,75 +0,0 @@ -package org.bouncycastle.jcajce.provider.digest; - -import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.digests.RIPEMD256Digest; -import org.bouncycastle.crypto.macs.HMac; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; - -public class RIPEMD256 -{ - private RIPEMD256() - { - - } - - static public class Digest - extends BCMessageDigest - implements Cloneable - { - public Digest() - { - super(new RIPEMD256Digest()); - } - - public Object clone() - throws CloneNotSupportedException - { - Digest d = (Digest)super.clone(); - d.digest = new RIPEMD256Digest((RIPEMD256Digest)digest); - - return d; - } - } - - /** - * RIPEMD256 HMac - */ - public static class HashMac - extends BaseMac - { - public HashMac() - { - super(new HMac(new RIPEMD256Digest())); - } - } - - public static class KeyGenerator - extends BaseKeyGenerator - { - public KeyGenerator() - { - super("HMACRIPEMD256", 256, new CipherKeyGenerator()); - } - } - - public static class Mappings - extends DigestAlgorithmProvider - { - private static final String PREFIX = RIPEMD256.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("MessageDigest.RIPEMD256", PREFIX + "$Digest"); - provider.addAlgorithm("Alg.Alias.MessageDigest." + TeleTrusTObjectIdentifiers.ripemd256, "RIPEMD256"); - - addHMACAlgorithm(provider, "RIPEMD256", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/RIPEMD320.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/RIPEMD320.java deleted file mode 100644 index 12e0fd8b..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/RIPEMD320.java +++ /dev/null @@ -1,73 +0,0 @@ -package org.bouncycastle.jcajce.provider.digest; - -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.digests.RIPEMD320Digest; -import org.bouncycastle.crypto.macs.HMac; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; - -public class RIPEMD320 -{ - private RIPEMD320() - { - - } - - static public class Digest - extends BCMessageDigest - implements Cloneable - { - public Digest() - { - super(new RIPEMD320Digest()); - } - - public Object clone() - throws CloneNotSupportedException - { - Digest d = (Digest)super.clone(); - d.digest = new RIPEMD320Digest((RIPEMD320Digest)digest); - - return d; - } - } - - /** - * RIPEMD320 HMac - */ - public static class HashMac - extends BaseMac - { - public HashMac() - { - super(new HMac(new RIPEMD320Digest())); - } - } - - public static class KeyGenerator - extends BaseKeyGenerator - { - public KeyGenerator() - { - super("HMACRIPEMD320", 320, new CipherKeyGenerator()); - } - } - - public static class Mappings - extends DigestAlgorithmProvider - { - private static final String PREFIX = RIPEMD320.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("MessageDigest.RIPEMD320", PREFIX + "$Digest"); - - addHMACAlgorithm(provider, "RIPEMD320", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA1.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA1.java deleted file mode 100644 index c7502c77..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA1.java +++ /dev/null @@ -1,200 +0,0 @@ -package org.bouncycastle.jcajce.provider.digest; - -import java.security.spec.InvalidKeySpecException; -import java.security.spec.KeySpec; - -import javax.crypto.SecretKey; -import javax.crypto.spec.PBEKeySpec; - -import org.bouncycastle.asn1.iana.IANAObjectIdentifiers; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.macs.HMac; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseSecretKeyFactory; -import org.bouncycastle.jcajce.provider.symmetric.util.PBE; -import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory; - -public class SHA1 -{ - private SHA1() - { - - } - - static public class Digest - extends BCMessageDigest - implements Cloneable - { - public Digest() - { - super(new SHA1Digest()); - } - - public Object clone() - throws CloneNotSupportedException - { - Digest d = (Digest)super.clone(); - d.digest = new SHA1Digest((SHA1Digest)digest); - - return d; - } - } - - /** - * SHA1 HMac - */ - public static class HashMac - extends BaseMac - { - public HashMac() - { - super(new HMac(new SHA1Digest())); - } - } - - public static class KeyGenerator - extends BaseKeyGenerator - { - public KeyGenerator() - { - super("HMACSHA1", 160, new CipherKeyGenerator()); - } - } - - /** - * SHA1 HMac - */ - public static class SHA1Mac - extends BaseMac - { - public SHA1Mac() - { - super(new HMac(new SHA1Digest())); - } - } - - /** - * PBEWithHmacSHA - */ - public static class PBEWithMacKeyFactory - extends PBESecretKeyFactory - { - public PBEWithMacKeyFactory() - { - super("PBEwithHmacSHA", null, false, PKCS12, SHA1, 160, 0); - } - } - - - public static class BasePBKDF2WithHmacSHA1 - extends BaseSecretKeyFactory - { - private int scheme; - - public BasePBKDF2WithHmacSHA1(String name, int scheme) - { - super(name, PKCSObjectIdentifiers.id_PBKDF2); - - this.scheme = scheme; - } - - protected SecretKey engineGenerateSecret( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof PBEKeySpec) - { - PBEKeySpec pbeSpec = (PBEKeySpec)keySpec; - - if (pbeSpec.getSalt() == null) - { - throw new InvalidKeySpecException("missing required salt"); - } - - if (pbeSpec.getIterationCount() <= 0) - { - throw new InvalidKeySpecException("positive iteration count required: " - + pbeSpec.getIterationCount()); - } - - if (pbeSpec.getKeyLength() <= 0) - { - throw new InvalidKeySpecException("positive key length required: " - + pbeSpec.getKeyLength()); - } - - if (pbeSpec.getPassword().length == 0) - { - throw new IllegalArgumentException("password empty"); - } - - int digest = SHA1; - int keySize = pbeSpec.getKeyLength(); - int ivSize = -1; // JDK 1,2 and earlier does not understand simplified version. - CipherParameters param = PBE.Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize); - - return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); - } - - throw new InvalidKeySpecException("Invalid KeySpec"); - } - } - - public static class PBKDF2WithHmacSHA1UTF8 - extends BasePBKDF2WithHmacSHA1 - { - public PBKDF2WithHmacSHA1UTF8() - { - super("PBKDF2WithHmacSHA1", PKCS5S2_UTF8); - } - } - - public static class PBKDF2WithHmacSHA18BIT - extends BasePBKDF2WithHmacSHA1 - { - public PBKDF2WithHmacSHA18BIT() - { - super("PBKDF2WithHmacSHA1And8bit", PKCS5S2); - } - } - - public static class Mappings - extends DigestAlgorithmProvider - { - private static final String PREFIX = SHA1.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("MessageDigest.SHA-1", PREFIX + "$Digest"); - provider.addAlgorithm("Alg.Alias.MessageDigest.SHA1", "SHA-1"); - provider.addAlgorithm("Alg.Alias.MessageDigest.SHA", "SHA-1"); - provider.addAlgorithm("Alg.Alias.MessageDigest." + OIWObjectIdentifiers.idSHA1, "SHA-1"); - - addHMACAlgorithm(provider, "SHA1", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); - addHMACAlias(provider, "SHA1", PKCSObjectIdentifiers.id_hmacWithSHA1); - addHMACAlias(provider, "SHA1", IANAObjectIdentifiers.hmacSHA1); - - provider.addAlgorithm("Mac.PBEWITHHMACSHA", PREFIX + "$SHA1Mac"); - provider.addAlgorithm("Mac.PBEWITHHMACSHA1", PREFIX + "$SHA1Mac"); - provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHHMACSHA", "PBEWITHHMACSHA1"); - provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + OIWObjectIdentifiers.idSHA1, "PBEWITHHMACSHA1"); - provider.addAlgorithm("Alg.Alias.Mac." + OIWObjectIdentifiers.idSHA1, "PBEWITHHMACSHA"); - - provider.addAlgorithm("SecretKeyFactory.PBEWITHHMACSHA1", PREFIX + "$PBEWithMacKeyFactory"); - provider.addAlgorithm("SecretKeyFactory.PBKDF2WithHmacSHA1", PREFIX + "$PBKDF2WithHmacSHA1UTF8"); - provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBKDF2WithHmacSHA1AndUTF8", "PBKDF2WithHmacSHA1"); - provider.addAlgorithm("SecretKeyFactory.PBKDF2WithHmacSHA1And8BIT", PREFIX + "$PBKDF2WithHmacSHA18BIT"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA224.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA224.java deleted file mode 100644 index ba06a0fb..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA224.java +++ /dev/null @@ -1,76 +0,0 @@ -package org.bouncycastle.jcajce.provider.digest; - -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.digests.SHA224Digest; -import org.bouncycastle.crypto.macs.HMac; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; - -public class SHA224 -{ - private SHA224() - { - - } - - static public class Digest - extends BCMessageDigest - implements Cloneable - { - public Digest() - { - super(new SHA224Digest()); - } - - public Object clone() - throws CloneNotSupportedException - { - Digest d = (Digest)super.clone(); - d.digest = new SHA224Digest((SHA224Digest)digest); - - return d; - } - } - - public static class HashMac - extends BaseMac - { - public HashMac() - { - super(new HMac(new SHA224Digest())); - } - } - - public static class KeyGenerator - extends BaseKeyGenerator - { - public KeyGenerator() - { - super("HMACSHA224", 224, new CipherKeyGenerator()); - } - } - - public static class Mappings - extends DigestAlgorithmProvider - { - private static final String PREFIX = SHA224.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("MessageDigest.SHA-224", PREFIX + "$Digest"); - provider.addAlgorithm("Alg.Alias.MessageDigest.SHA224", "SHA-224"); - provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha224, "SHA-224"); - - addHMACAlgorithm(provider, "SHA224", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); - addHMACAlias(provider, "SHA224", PKCSObjectIdentifiers.id_hmacWithSHA224); - - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA256.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA256.java deleted file mode 100644 index 785cf655..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA256.java +++ /dev/null @@ -1,96 +0,0 @@ -package org.bouncycastle.jcajce.provider.digest; - -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.digests.SHA256Digest; -import org.bouncycastle.crypto.macs.HMac; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; -import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory; - -public class SHA256 -{ - private SHA256() - { - - } - - static public class Digest - extends BCMessageDigest - implements Cloneable - { - public Digest() - { - super(new SHA256Digest()); - } - - public Object clone() - throws CloneNotSupportedException - { - Digest d = (Digest)super.clone(); - d.digest = new SHA256Digest((SHA256Digest)digest); - - return d; - } - } - - public static class HashMac - extends BaseMac - { - public HashMac() - { - super(new HMac(new SHA256Digest())); - } - } - - /** - * PBEWithHmacSHA - */ - public static class PBEWithMacKeyFactory - extends PBESecretKeyFactory - { - public PBEWithMacKeyFactory() - { - super("PBEwithHmacSHA256", null, false, PKCS12, SHA256, 256, 0); - } - } - - /** - * HMACSHA256 - */ - public static class KeyGenerator - extends BaseKeyGenerator - { - public KeyGenerator() - { - super("HMACSHA256", 256, new CipherKeyGenerator()); - } - } - - public static class Mappings - extends DigestAlgorithmProvider - { - private static final String PREFIX = SHA256.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("MessageDigest.SHA-256", PREFIX + "$Digest"); - provider.addAlgorithm("Alg.Alias.MessageDigest.SHA256", "SHA-256"); - provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha256, "SHA-256"); - - provider.addAlgorithm("SecretKeyFactory.PBEWITHHMACSHA256", PREFIX + "$PBEWithMacKeyFactory"); - provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHHMACSHA-256", "PBEWITHHMACSHA256"); - provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + NISTObjectIdentifiers.id_sha256, "PBEWITHHMACSHA256"); - - addHMACAlgorithm(provider, "SHA256", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); - addHMACAlias(provider, "SHA256", PKCSObjectIdentifiers.id_hmacWithSHA256); - addHMACAlias(provider, "SHA256", NISTObjectIdentifiers.id_sha256); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA3.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA3.java deleted file mode 100644 index 2c832fbd..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA3.java +++ /dev/null @@ -1,171 +0,0 @@ -package org.bouncycastle.jcajce.provider.digest; - -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.digests.SHA3Digest; -import org.bouncycastle.crypto.macs.HMac; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; - -public class SHA3 -{ - private SHA3() - { - - } - - static public class DigestSHA3 - extends BCMessageDigest - implements Cloneable - { - public DigestSHA3(int size) - { - super(new SHA3Digest(size)); - } - - public Object clone() - throws CloneNotSupportedException - { - BCMessageDigest d = (BCMessageDigest)super.clone(); - d.digest = new SHA3Digest((SHA3Digest)digest); - - return d; - } - } - - static public class Digest224 - extends DigestSHA3 - { - public Digest224() - { - super(224); - } - } - - static public class Digest256 - extends DigestSHA3 - { - public Digest256() - { - super(256); - } - } - - static public class Digest384 - extends DigestSHA3 - { - public Digest384() - { - super(384); - } - } - - static public class Digest512 - extends DigestSHA3 - { - public Digest512() - { - super(512); - } - } - - /** - * SHA3 HMac - */ - public static class HashMac224 - extends BaseMac - { - public HashMac224() - { - super(new HMac(new SHA3Digest(224))); - } - } - - public static class HashMac256 - extends BaseMac - { - public HashMac256() - { - super(new HMac(new SHA3Digest(256))); - } - } - - public static class HashMac384 - extends BaseMac - { - public HashMac384() - { - super(new HMac(new SHA3Digest(384))); - } - } - - public static class HashMac512 - extends BaseMac - { - public HashMac512() - { - super(new HMac(new SHA3Digest(512))); - } - } - - public static class KeyGenerator224 - extends BaseKeyGenerator - { - public KeyGenerator224() - { - super("HMACSHA3-224", 224, new CipherKeyGenerator()); - } - } - - public static class KeyGenerator256 - extends BaseKeyGenerator - { - public KeyGenerator256() - { - super("HMACSHA3-256", 256, new CipherKeyGenerator()); - } - } - - public static class KeyGenerator384 - extends BaseKeyGenerator - { - public KeyGenerator384() - { - super("HMACSHA3-384", 384, new CipherKeyGenerator()); - } - } - - public static class KeyGenerator512 - extends BaseKeyGenerator - { - public KeyGenerator512() - { - super("HMACSHA3-512", 512, new CipherKeyGenerator()); - } - } - - public static class Mappings - extends DigestAlgorithmProvider - { - private static final String PREFIX = SHA3.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("MessageDigest.SHA3-224", PREFIX + "$Digest224"); - provider.addAlgorithm("MessageDigest.SHA3-256", PREFIX + "$Digest256"); - provider.addAlgorithm("MessageDigest.SHA3-384", PREFIX + "$Digest384"); - provider.addAlgorithm("MessageDigest.SHA3-512", PREFIX + "$Digest512"); - // look for an object identifier (NIST???) for SHA3 family - // provider.addAlgorithm("Alg.Alias.MessageDigest." + OIWObjectIdentifiers.idSHA3, "SHA3-224"); // ***** - - addHMACAlgorithm(provider, "SHA3-224", PREFIX + "$HashMac224", PREFIX + "$KeyGenerator224"); - addHMACAlgorithm(provider, "SHA3-256", PREFIX + "$HashMac256", PREFIX + "$KeyGenerator256"); - addHMACAlgorithm(provider, "SHA3-384", PREFIX + "$HashMac384", PREFIX + "$KeyGenerator384"); - addHMACAlgorithm(provider, "SHA3-512", PREFIX + "$HashMac512", PREFIX + "$KeyGenerator512"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA384.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA384.java deleted file mode 100644 index f811df66..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA384.java +++ /dev/null @@ -1,89 +0,0 @@ -package org.bouncycastle.jcajce.provider.digest; - -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.digests.SHA384Digest; -import org.bouncycastle.crypto.macs.HMac; -import org.bouncycastle.crypto.macs.OldHMac; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; - -public class SHA384 -{ - private SHA384() - { - - } - - static public class Digest - extends BCMessageDigest - implements Cloneable - { - public Digest() - { - super(new SHA384Digest()); - } - - public Object clone() - throws CloneNotSupportedException - { - Digest d = (Digest)super.clone(); - d.digest = new SHA384Digest((SHA384Digest)digest); - - return d; - } - } - - public static class HashMac - extends BaseMac - { - public HashMac() - { - super(new HMac(new SHA384Digest())); - } - } - - /** - * HMACSHA384 - */ - public static class KeyGenerator - extends BaseKeyGenerator - { - public KeyGenerator() - { - super("HMACSHA384", 384, new CipherKeyGenerator()); - } - } - - public static class OldSHA384 - extends BaseMac - { - public OldSHA384() - { - super(new OldHMac(new SHA384Digest())); - } - } - - public static class Mappings - extends DigestAlgorithmProvider - { - private static final String PREFIX = SHA384.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("MessageDigest.SHA-384", PREFIX + "$Digest"); - provider.addAlgorithm("Alg.Alias.MessageDigest.SHA384", "SHA-384"); - provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha384, "SHA-384"); - provider.addAlgorithm("Mac.OLDHMACSHA384", PREFIX + "$OldSHA384"); - - addHMACAlgorithm(provider, "SHA384", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); - addHMACAlias(provider, "SHA384", PKCSObjectIdentifiers.id_hmacWithSHA384); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA512.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA512.java deleted file mode 100644 index 48adf738..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA512.java +++ /dev/null @@ -1,179 +0,0 @@ -package org.bouncycastle.jcajce.provider.digest; - -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.digests.SHA512Digest; -import org.bouncycastle.crypto.digests.SHA512tDigest; -import org.bouncycastle.crypto.macs.HMac; -import org.bouncycastle.crypto.macs.OldHMac; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; - -public class SHA512 -{ - private SHA512() - { - - } - - static public class Digest - extends BCMessageDigest - implements Cloneable - { - public Digest() - { - super(new SHA512Digest()); - } - - public Object clone() - throws CloneNotSupportedException - { - Digest d = (Digest)super.clone(); - d.digest = new SHA512Digest((SHA512Digest)digest); - - return d; - } - } - - static public class DigestT - extends BCMessageDigest - implements Cloneable - { - public DigestT(int bitLength) - { - super(new SHA512tDigest(bitLength)); - } - - public Object clone() - throws CloneNotSupportedException - { - DigestT d = (DigestT)super.clone(); - d.digest = new SHA512tDigest((SHA512tDigest)digest); - - return d; - } - } - - static public class DigestT224 - extends DigestT - { - public DigestT224() - { - super(224); - } - } - - static public class DigestT256 - extends DigestT - { - public DigestT256() - { - super(256); - } - } - - public static class HashMac - extends BaseMac - { - public HashMac() - { - super(new HMac(new SHA512Digest())); - } - } - - public static class HashMacT224 - extends BaseMac - { - public HashMacT224() - { - super(new HMac(new SHA512tDigest(224))); - } - } - - public static class HashMacT256 - extends BaseMac - { - public HashMacT256() - { - super(new HMac(new SHA512tDigest(256))); - } - } - - /** - * SHA-512 HMac - */ - public static class OldSHA512 - extends BaseMac - { - public OldSHA512() - { - super(new OldHMac(new SHA512Digest())); - } - } - - /** - * HMACSHA512 - */ - public static class KeyGenerator - extends BaseKeyGenerator - { - public KeyGenerator() - { - super("HMACSHA512", 512, new CipherKeyGenerator()); - } - } - - public static class KeyGeneratorT224 - extends BaseKeyGenerator - { - public KeyGeneratorT224() - { - super("HMACSHA512/224", 224, new CipherKeyGenerator()); - } - } - - public static class KeyGeneratorT256 - extends BaseKeyGenerator - { - public KeyGeneratorT256() - { - super("HMACSHA512/256", 256, new CipherKeyGenerator()); - } - } - - public static class Mappings - extends DigestAlgorithmProvider - { - private static final String PREFIX = SHA512.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("MessageDigest.SHA-512", PREFIX + "$Digest"); - provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512", "SHA-512"); - provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512, "SHA-512"); - - provider.addAlgorithm("MessageDigest.SHA-512/224", PREFIX + "$DigestT224"); - provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512/224", "SHA-512/224"); - provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_224, "SHA-512/224"); - - provider.addAlgorithm("MessageDigest.SHA-512/256", PREFIX + "$DigestT256"); - provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512256", "SHA-512/256"); - provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_256, "SHA-512/256"); - - provider.addAlgorithm("Mac.OLDHMACSHA512", PREFIX + "$OldSHA512"); - - addHMACAlgorithm(provider, "SHA512", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); - addHMACAlias(provider, "SHA512", PKCSObjectIdentifiers.id_hmacWithSHA512); - - addHMACAlgorithm(provider, "SHA512/224", PREFIX + "$HashMacT224", PREFIX + "$KeyGeneratorT224"); - addHMACAlgorithm(provider, "SHA512/256", PREFIX + "$HashMacT256", PREFIX + "$KeyGeneratorT256"); - } - } - -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/SM3.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/SM3.java deleted file mode 100644 index 8050e354..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/SM3.java +++ /dev/null @@ -1,47 +0,0 @@ -package org.bouncycastle.jcajce.provider.digest; - -import org.bouncycastle.crypto.digests.SM3Digest; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; - -public class SM3 -{ - private SM3() - { - } - - static public class Digest - extends BCMessageDigest - implements Cloneable - { - public Digest() - { - super(new SM3Digest()); - } - - public Object clone() - throws CloneNotSupportedException - { - Digest d = (Digest)super.clone(); - d.digest = new SM3Digest((SM3Digest)digest); - - return d; - } - } - - public static class Mappings - extends DigestAlgorithmProvider - { - private static final String PREFIX = SM3.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("MessageDigest.SM3", PREFIX + "$Digest"); - provider.addAlgorithm("Alg.Alias.MessageDigest.SM3", "SM3"); - provider.addAlgorithm("Alg.Alias.MessageDigest.1.2.156.197.1.401", "SM3"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/Skein.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/Skein.java deleted file mode 100644 index 11910494..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/Skein.java +++ /dev/null @@ -1,740 +0,0 @@ -package org.bouncycastle.jcajce.provider.digest; - -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.digests.SkeinDigest; -import org.bouncycastle.crypto.macs.HMac; -import org.bouncycastle.crypto.macs.SkeinMac; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; - -public class Skein -{ - private Skein() - { - } - - public static class DigestSkein256 - extends BCMessageDigest - implements Cloneable - { - public DigestSkein256(int outputSize) - { - super(new SkeinDigest(SkeinDigest.SKEIN_256, outputSize)); - } - - public Object clone() - throws CloneNotSupportedException - { - BCMessageDigest d = (BCMessageDigest)super.clone(); - d.digest = new SkeinDigest((SkeinDigest)digest); - - return d; - } - } - - public static class Digest_256_128 - extends DigestSkein256 - { - public Digest_256_128() - { - super(128); - } - } - - public static class Digest_256_160 - extends DigestSkein256 - { - public Digest_256_160() - { - super(160); - } - } - - public static class Digest_256_224 - extends DigestSkein256 - { - public Digest_256_224() - { - super(224); - } - } - - public static class Digest_256_256 - extends DigestSkein256 - { - public Digest_256_256() - { - super(256); - } - } - - public static class DigestSkein512 - extends BCMessageDigest - implements Cloneable - { - public DigestSkein512(int outputSize) - { - super(new SkeinDigest(SkeinDigest.SKEIN_512, outputSize)); - } - - public Object clone() - throws CloneNotSupportedException - { - BCMessageDigest d = (BCMessageDigest)super.clone(); - d.digest = new SkeinDigest((SkeinDigest)digest); - - return d; - } - } - - public static class Digest_512_128 - extends DigestSkein512 - { - public Digest_512_128() - { - super(128); - } - } - - public static class Digest_512_160 - extends DigestSkein512 - { - public Digest_512_160() - { - super(160); - } - } - - public static class Digest_512_224 - extends DigestSkein512 - { - public Digest_512_224() - { - super(224); - } - } - - public static class Digest_512_256 - extends DigestSkein512 - { - public Digest_512_256() - { - super(256); - } - } - - public static class Digest_512_384 - extends DigestSkein512 - { - public Digest_512_384() - { - super(384); - } - } - - public static class Digest_512_512 - extends DigestSkein512 - { - public Digest_512_512() - { - super(512); - } - } - - public static class DigestSkein1024 - extends BCMessageDigest - implements Cloneable - { - public DigestSkein1024(int outputSize) - { - super(new SkeinDigest(SkeinDigest.SKEIN_1024, outputSize)); - } - - public Object clone() - throws CloneNotSupportedException - { - BCMessageDigest d = (BCMessageDigest)super.clone(); - d.digest = new SkeinDigest((SkeinDigest)digest); - - return d; - } - } - - public static class Digest_1024_384 - extends DigestSkein1024 - { - public Digest_1024_384() - { - super(384); - } - } - - public static class Digest_1024_512 - extends DigestSkein1024 - { - public Digest_1024_512() - { - super(512); - } - } - - public static class Digest_1024_1024 - extends DigestSkein1024 - { - public Digest_1024_1024() - { - super(1024); - } - } - - /** - * Skein HMac - */ - public static class HashMac_256_128 - extends BaseMac - { - public HashMac_256_128() - { - super(new HMac(new SkeinDigest(SkeinDigest.SKEIN_256, 128))); - } - } - - public static class HashMac_256_160 - extends BaseMac - { - public HashMac_256_160() - { - super(new HMac(new SkeinDigest(SkeinDigest.SKEIN_256, 160))); - } - } - - public static class HashMac_256_224 - extends BaseMac - { - public HashMac_256_224() - { - super(new HMac(new SkeinDigest(SkeinDigest.SKEIN_256, 224))); - } - } - - public static class HashMac_256_256 - extends BaseMac - { - public HashMac_256_256() - { - super(new HMac(new SkeinDigest(SkeinDigest.SKEIN_256, 256))); - } - } - - public static class HashMac_512_128 - extends BaseMac - { - public HashMac_512_128() - { - super(new HMac(new SkeinDigest(SkeinDigest.SKEIN_512, 128))); - } - } - - public static class HashMac_512_160 - extends BaseMac - { - public HashMac_512_160() - { - super(new HMac(new SkeinDigest(SkeinDigest.SKEIN_512, 160))); - } - } - - public static class HashMac_512_224 - extends BaseMac - { - public HashMac_512_224() - { - super(new HMac(new SkeinDigest(SkeinDigest.SKEIN_512, 224))); - } - } - - public static class HashMac_512_256 - extends BaseMac - { - public HashMac_512_256() - { - super(new HMac(new SkeinDigest(SkeinDigest.SKEIN_512, 256))); - } - } - - public static class HashMac_512_384 - extends BaseMac - { - public HashMac_512_384() - { - super(new HMac(new SkeinDigest(SkeinDigest.SKEIN_512, 384))); - } - } - - public static class HashMac_512_512 - extends BaseMac - { - public HashMac_512_512() - { - super(new HMac(new SkeinDigest(SkeinDigest.SKEIN_512, 512))); - } - } - - public static class HashMac_1024_384 - extends BaseMac - { - public HashMac_1024_384() - { - super(new HMac(new SkeinDigest(SkeinDigest.SKEIN_1024, 384))); - } - } - - public static class HashMac_1024_512 - extends BaseMac - { - public HashMac_1024_512() - { - super(new HMac(new SkeinDigest(SkeinDigest.SKEIN_1024, 512))); - } - } - - public static class HashMac_1024_1024 - extends BaseMac - { - public HashMac_1024_1024() - { - super(new HMac(new SkeinDigest(SkeinDigest.SKEIN_1024, 1024))); - } - } - - public static class HMacKeyGenerator_256_128 - extends BaseKeyGenerator - { - public HMacKeyGenerator_256_128() - { - super("HMACSkein-256-128", 128, new CipherKeyGenerator()); - } - } - - public static class HMacKeyGenerator_256_160 - extends BaseKeyGenerator - { - public HMacKeyGenerator_256_160() - { - super("HMACSkein-256-160", 160, new CipherKeyGenerator()); - } - } - - public static class HMacKeyGenerator_256_224 - extends BaseKeyGenerator - { - public HMacKeyGenerator_256_224() - { - super("HMACSkein-256-224", 224, new CipherKeyGenerator()); - } - } - - public static class HMacKeyGenerator_256_256 - extends BaseKeyGenerator - { - public HMacKeyGenerator_256_256() - { - super("HMACSkein-256-256", 256, new CipherKeyGenerator()); - } - } - - public static class HMacKeyGenerator_512_128 - extends BaseKeyGenerator - { - public HMacKeyGenerator_512_128() - { - super("HMACSkein-512-128", 128, new CipherKeyGenerator()); - } - } - - public static class HMacKeyGenerator_512_160 - extends BaseKeyGenerator - { - public HMacKeyGenerator_512_160() - { - super("HMACSkein-512-160", 160, new CipherKeyGenerator()); - } - } - - public static class HMacKeyGenerator_512_224 - extends BaseKeyGenerator - { - public HMacKeyGenerator_512_224() - { - super("HMACSkein-512-224", 224, new CipherKeyGenerator()); - } - } - - public static class HMacKeyGenerator_512_256 - extends BaseKeyGenerator - { - public HMacKeyGenerator_512_256() - { - super("HMACSkein-512-256", 256, new CipherKeyGenerator()); - } - } - - public static class HMacKeyGenerator_512_384 - extends BaseKeyGenerator - { - public HMacKeyGenerator_512_384() - { - super("HMACSkein-512-384", 384, new CipherKeyGenerator()); - } - } - - public static class HMacKeyGenerator_512_512 - extends BaseKeyGenerator - { - public HMacKeyGenerator_512_512() - { - super("HMACSkein-512-512", 512, new CipherKeyGenerator()); - } - } - - public static class HMacKeyGenerator_1024_384 - extends BaseKeyGenerator - { - public HMacKeyGenerator_1024_384() - { - super("HMACSkein-1024-384", 384, new CipherKeyGenerator()); - } - } - - public static class HMacKeyGenerator_1024_512 - extends BaseKeyGenerator - { - public HMacKeyGenerator_1024_512() - { - super("HMACSkein-1024-512", 512, new CipherKeyGenerator()); - } - } - - public static class HMacKeyGenerator_1024_1024 - extends BaseKeyGenerator - { - public HMacKeyGenerator_1024_1024() - { - super("HMACSkein-1024-1024", 1024, new CipherKeyGenerator()); - } - } - - /* - * Skein-MAC - */ - public static class SkeinMac_256_128 - extends BaseMac - { - public SkeinMac_256_128() - { - super(new SkeinMac(SkeinMac.SKEIN_256, 128)); - } - } - - public static class SkeinMac_256_160 - extends BaseMac - { - public SkeinMac_256_160() - { - super(new SkeinMac(SkeinMac.SKEIN_256, 160)); - } - } - - public static class SkeinMac_256_224 - extends BaseMac - { - public SkeinMac_256_224() - { - super(new SkeinMac(SkeinMac.SKEIN_256, 224)); - } - } - - public static class SkeinMac_256_256 - extends BaseMac - { - public SkeinMac_256_256() - { - super(new SkeinMac(SkeinMac.SKEIN_256, 256)); - } - } - - public static class SkeinMac_512_128 - extends BaseMac - { - public SkeinMac_512_128() - { - super(new SkeinMac(SkeinMac.SKEIN_512, 128)); - } - } - - public static class SkeinMac_512_160 - extends BaseMac - { - public SkeinMac_512_160() - { - super(new SkeinMac(SkeinMac.SKEIN_512, 160)); - } - } - - public static class SkeinMac_512_224 - extends BaseMac - { - public SkeinMac_512_224() - { - super(new SkeinMac(SkeinMac.SKEIN_512, 224)); - } - } - - public static class SkeinMac_512_256 - extends BaseMac - { - public SkeinMac_512_256() - { - super(new SkeinMac(SkeinMac.SKEIN_512, 256)); - } - } - - public static class SkeinMac_512_384 - extends BaseMac - { - public SkeinMac_512_384() - { - super(new SkeinMac(SkeinMac.SKEIN_512, 384)); - } - } - - public static class SkeinMac_512_512 - extends BaseMac - { - public SkeinMac_512_512() - { - super(new SkeinMac(SkeinMac.SKEIN_512, 512)); - } - } - - public static class SkeinMac_1024_384 - extends BaseMac - { - public SkeinMac_1024_384() - { - super(new SkeinMac(SkeinMac.SKEIN_1024, 384)); - } - } - - public static class SkeinMac_1024_512 - extends BaseMac - { - public SkeinMac_1024_512() - { - super(new SkeinMac(SkeinMac.SKEIN_1024, 512)); - } - } - - public static class SkeinMac_1024_1024 - extends BaseMac - { - public SkeinMac_1024_1024() - { - super(new SkeinMac(SkeinMac.SKEIN_1024, 1024)); - } - } - - public static class SkeinMacKeyGenerator_256_128 - extends BaseKeyGenerator - { - public SkeinMacKeyGenerator_256_128() - { - super("Skein-MAC-256-128", 128, new CipherKeyGenerator()); - } - } - - public static class SkeinMacKeyGenerator_256_160 - extends BaseKeyGenerator - { - public SkeinMacKeyGenerator_256_160() - { - super("Skein-MAC-256-160", 160, new CipherKeyGenerator()); - } - } - - public static class SkeinMacKeyGenerator_256_224 - extends BaseKeyGenerator - { - public SkeinMacKeyGenerator_256_224() - { - super("Skein-MAC-256-224", 224, new CipherKeyGenerator()); - } - } - - public static class SkeinMacKeyGenerator_256_256 - extends BaseKeyGenerator - { - public SkeinMacKeyGenerator_256_256() - { - super("Skein-MAC-256-256", 256, new CipherKeyGenerator()); - } - } - - public static class SkeinMacKeyGenerator_512_128 - extends BaseKeyGenerator - { - public SkeinMacKeyGenerator_512_128() - { - super("Skein-MAC-512-128", 128, new CipherKeyGenerator()); - } - } - - public static class SkeinMacKeyGenerator_512_160 - extends BaseKeyGenerator - { - public SkeinMacKeyGenerator_512_160() - { - super("Skein-MAC-512-160", 160, new CipherKeyGenerator()); - } - } - - public static class SkeinMacKeyGenerator_512_224 - extends BaseKeyGenerator - { - public SkeinMacKeyGenerator_512_224() - { - super("Skein-MAC-512-224", 224, new CipherKeyGenerator()); - } - } - - public static class SkeinMacKeyGenerator_512_256 - extends BaseKeyGenerator - { - public SkeinMacKeyGenerator_512_256() - { - super("Skein-MAC-512-256", 256, new CipherKeyGenerator()); - } - } - - public static class SkeinMacKeyGenerator_512_384 - extends BaseKeyGenerator - { - public SkeinMacKeyGenerator_512_384() - { - super("Skein-MAC-512-384", 384, new CipherKeyGenerator()); - } - } - - public static class SkeinMacKeyGenerator_512_512 - extends BaseKeyGenerator - { - public SkeinMacKeyGenerator_512_512() - { - super("Skein-MAC-512-512", 512, new CipherKeyGenerator()); - } - } - - public static class SkeinMacKeyGenerator_1024_384 - extends BaseKeyGenerator - { - public SkeinMacKeyGenerator_1024_384() - { - super("Skein-MAC-1024-384", 384, new CipherKeyGenerator()); - } - } - - public static class SkeinMacKeyGenerator_1024_512 - extends BaseKeyGenerator - { - public SkeinMacKeyGenerator_1024_512() - { - super("Skein-MAC-1024-512", 512, new CipherKeyGenerator()); - } - } - - public static class SkeinMacKeyGenerator_1024_1024 - extends BaseKeyGenerator - { - public SkeinMacKeyGenerator_1024_1024() - { - super("Skein-MAC-1024-1024", 1024, new CipherKeyGenerator()); - } - } - - public static class Mappings - extends DigestAlgorithmProvider - { - private static final String PREFIX = Skein.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - // Skein sizes as used in "The Skein Hash Function Family 1.3" - - provider.addAlgorithm("MessageDigest.Skein-256-128", PREFIX + "$Digest_256_128"); - provider.addAlgorithm("MessageDigest.Skein-256-160", PREFIX + "$Digest_256_160"); - provider.addAlgorithm("MessageDigest.Skein-256-224", PREFIX + "$Digest_256_224"); - provider.addAlgorithm("MessageDigest.Skein-256-256", PREFIX + "$Digest_256_256"); - - provider.addAlgorithm("MessageDigest.Skein-512-128", PREFIX + "$Digest_512_128"); - provider.addAlgorithm("MessageDigest.Skein-512-160", PREFIX + "$Digest_512_160"); - provider.addAlgorithm("MessageDigest.Skein-512-224", PREFIX + "$Digest_512_224"); - provider.addAlgorithm("MessageDigest.Skein-512-256", PREFIX + "$Digest_512_256"); - provider.addAlgorithm("MessageDigest.Skein-512-384", PREFIX + "$Digest_512_384"); - provider.addAlgorithm("MessageDigest.Skein-512-512", PREFIX + "$Digest_512_512"); - - provider.addAlgorithm("MessageDigest.Skein-1024-384", PREFIX + "$Digest_1024_384"); - provider.addAlgorithm("MessageDigest.Skein-1024-512", PREFIX + "$Digest_1024_512"); - provider.addAlgorithm("MessageDigest.Skein-1024-1024", PREFIX + "$Digest_1024_1024"); - - addHMACAlgorithm(provider, "Skein-256-128", PREFIX + "$HashMac_256_128", PREFIX + "$HMacKeyGenerator_256_128"); - addHMACAlgorithm(provider, "Skein-256-160", PREFIX + "$HashMac_256_160", PREFIX + "$HMacKeyGenerator_256_160"); - addHMACAlgorithm(provider, "Skein-256-224", PREFIX + "$HashMac_256_224", PREFIX + "$HMacKeyGenerator_256_224"); - addHMACAlgorithm(provider, "Skein-256-256", PREFIX + "$HashMac_256_256", PREFIX + "$HMacKeyGenerator_256_256"); - - addHMACAlgorithm(provider, "Skein-512-128", PREFIX + "$HashMac_512_128", PREFIX + "$HMacKeyGenerator_512_128"); - addHMACAlgorithm(provider, "Skein-512-160", PREFIX + "$HashMac_512_160", PREFIX + "$HMacKeyGenerator_512_160"); - addHMACAlgorithm(provider, "Skein-512-224", PREFIX + "$HashMac_512_224", PREFIX + "$HMacKeyGenerator_512_224"); - addHMACAlgorithm(provider, "Skein-512-256", PREFIX + "$HashMac_512_256", PREFIX + "$HMacKeyGenerator_512_256"); - addHMACAlgorithm(provider, "Skein-512-384", PREFIX + "$HashMac_512_384", PREFIX + "$HMacKeyGenerator_512_384"); - addHMACAlgorithm(provider, "Skein-512-512", PREFIX + "$HashMac_512_512", PREFIX + "$HMacKeyGenerator_512_512"); - - addHMACAlgorithm(provider, "Skein-1024-384", PREFIX + "$HashMac_1024_384", PREFIX + "$HMacKeyGenerator_1024_384"); - addHMACAlgorithm(provider, "Skein-1024-512", PREFIX + "$HashMac_1024_512", PREFIX + "$HMacKeyGenerator_1024_512"); - addHMACAlgorithm(provider, "Skein-1024-1024", PREFIX + "$HashMac_1024_1024", PREFIX + "$HMacKeyGenerator_1024_1024"); - - addSkeinMacAlgorithm(provider, 256, 128); - addSkeinMacAlgorithm(provider, 256, 160); - addSkeinMacAlgorithm(provider, 256, 224); - addSkeinMacAlgorithm(provider, 256, 256); - - addSkeinMacAlgorithm(provider, 512, 128); - addSkeinMacAlgorithm(provider, 512, 160); - addSkeinMacAlgorithm(provider, 512, 224); - addSkeinMacAlgorithm(provider, 512, 256); - addSkeinMacAlgorithm(provider, 512, 384); - addSkeinMacAlgorithm(provider, 512, 512); - - addSkeinMacAlgorithm(provider, 1024, 384); - addSkeinMacAlgorithm(provider, 1024, 512); - addSkeinMacAlgorithm(provider, 1024, 1024); - } - - private void addSkeinMacAlgorithm(ConfigurableProvider provider, int blockSize, int outputSize) - { - String mainName = "Skein-MAC-" + blockSize + "-" + outputSize; - String algorithmClassName = PREFIX + "$SkeinMac_" + blockSize + "_" + outputSize; - String keyGeneratorClassName = PREFIX + "$SkeinMacKeyGenerator_" + blockSize + "_" + outputSize; - - provider.addAlgorithm("Mac." + mainName, algorithmClassName); - provider.addAlgorithm("Alg.Alias.Mac.Skein-MAC" + blockSize + "/" + outputSize, mainName); - provider.addAlgorithm("KeyGenerator." + mainName, keyGeneratorClassName); - provider.addAlgorithm("Alg.Alias.KeyGenerator.Skein-MAC" + blockSize + "/" + outputSize, mainName); - } - - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/Tiger.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/Tiger.java deleted file mode 100644 index 3d248aad..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/Tiger.java +++ /dev/null @@ -1,115 +0,0 @@ -package org.bouncycastle.jcajce.provider.digest; - -import org.bouncycastle.asn1.iana.IANAObjectIdentifiers; -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.digests.TigerDigest; -import org.bouncycastle.crypto.macs.HMac; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; -import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory; - -public class Tiger -{ - private Tiger() - { - - } - - static public class Digest - extends BCMessageDigest - implements Cloneable - { - public Digest() - { - super(new TigerDigest()); - } - - public Object clone() - throws CloneNotSupportedException - { - Digest d = (Digest)super.clone(); - d.digest = new TigerDigest((TigerDigest)digest); - - return d; - } - } - - /** - * Tiger HMac - */ - public static class HashMac - extends BaseMac - { - public HashMac() - { - super(new HMac(new TigerDigest())); - } - } - - public static class KeyGenerator - extends BaseKeyGenerator - { - public KeyGenerator() - { - super("HMACTIGER", 192, new CipherKeyGenerator()); - } - } - - /** - * Tiger HMac - */ - public static class TigerHmac - extends BaseMac - { - public TigerHmac() - { - super(new HMac(new TigerDigest())); - } - } - - /** - * PBEWithHmacTiger - */ - public static class PBEWithMacKeyFactory - extends PBESecretKeyFactory - { - public PBEWithMacKeyFactory() - { - super("PBEwithHmacTiger", null, false, PKCS12, TIGER, 192, 0); - } - } - - /** - * PBEWithHmacTiger - */ - public static class PBEWithHashMac - extends BaseMac - { - public PBEWithHashMac() - { - super(new HMac(new TigerDigest()), PKCS12, TIGER, 192); - } - } - - public static class Mappings - extends DigestAlgorithmProvider - { - private static final String PREFIX = Tiger.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("MessageDigest.TIGER", PREFIX + "$Digest"); - provider.addAlgorithm("MessageDigest.Tiger", PREFIX + "$Digest"); // JDK 1.1. - - addHMACAlgorithm(provider, "TIGER", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); - addHMACAlias(provider, "TIGER", IANAObjectIdentifiers.hmacTIGER); - - provider.addAlgorithm("SecretKeyFactory.PBEWITHHMACTIGER", PREFIX + "$PBEWithMacKeyFactory"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/Whirlpool.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/Whirlpool.java deleted file mode 100644 index bf1c06c6..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/digest/Whirlpool.java +++ /dev/null @@ -1,73 +0,0 @@ -package org.bouncycastle.jcajce.provider.digest; - -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.digests.WhirlpoolDigest; -import org.bouncycastle.crypto.macs.HMac; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; - -public class Whirlpool -{ - private Whirlpool() - { - - } - - static public class Digest - extends BCMessageDigest - implements Cloneable - { - public Digest() - { - super(new WhirlpoolDigest()); - } - - public Object clone() - throws CloneNotSupportedException - { - Digest d = (Digest)super.clone(); - d.digest = new WhirlpoolDigest((WhirlpoolDigest)digest); - - return d; - } - } - - /** - * Tiger HMac - */ - public static class HashMac - extends BaseMac - { - public HashMac() - { - super(new HMac(new WhirlpoolDigest())); - } - } - - public static class KeyGenerator - extends BaseKeyGenerator - { - public KeyGenerator() - { - super("HMACWHIRLPOOL", 512, new CipherKeyGenerator()); - } - } - - public static class Mappings - extends DigestAlgorithmProvider - { - private static final String PREFIX = Whirlpool.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("MessageDigest.WHIRLPOOL", PREFIX + "$Digest"); - - addHMACAlgorithm(provider, "WHIRLPOOL", PREFIX + "$HashMac", PREFIX + "$KeyGenerator"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/keystore/BC.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/keystore/BC.java deleted file mode 100644 index 30a81ffb..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/keystore/BC.java +++ /dev/null @@ -1,27 +0,0 @@ -package org.bouncycastle.jcajce.provider.keystore; - -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider; - -public class BC -{ - private static final String PREFIX = "org.bouncycastle.jcajce.provider.keystore" + ".bc."; - - public static class Mappings - extends AsymmetricAlgorithmProvider - { - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("KeyStore.BKS", PREFIX + "BcKeyStoreSpi$Std"); - provider.addAlgorithm("KeyStore.BKS-V1", PREFIX + "BcKeyStoreSpi$Version1"); - provider.addAlgorithm("KeyStore.BouncyCastle", PREFIX + "BcKeyStoreSpi$BouncyCastleStore"); - provider.addAlgorithm("Alg.Alias.KeyStore.UBER", "BouncyCastle"); - provider.addAlgorithm("Alg.Alias.KeyStore.BOUNCYCASTLE", "BouncyCastle"); - provider.addAlgorithm("Alg.Alias.KeyStore.bouncycastle", "BouncyCastle"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/keystore/PKCS12.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/keystore/PKCS12.java deleted file mode 100644 index 73abd174..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/keystore/PKCS12.java +++ /dev/null @@ -1,30 +0,0 @@ -package org.bouncycastle.jcajce.provider.keystore; - -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider; - -public class PKCS12 -{ - private static final String PREFIX = "org.bouncycastle.jcajce.provider.keystore" + ".pkcs12."; - - public static class Mappings - extends AsymmetricAlgorithmProvider - { - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("KeyStore.PKCS12", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore"); - provider.addAlgorithm("KeyStore.BCPKCS12", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore"); - provider.addAlgorithm("KeyStore.PKCS12-DEF", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore"); - - provider.addAlgorithm("KeyStore.PKCS12-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore"); - provider.addAlgorithm("KeyStore.PKCS12-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore3DES"); - - provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore"); - provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore3DES"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/keystore/bc/BcKeyStoreSpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/keystore/bc/BcKeyStoreSpi.java deleted file mode 100644 index ea892610..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/keystore/bc/BcKeyStoreSpi.java +++ /dev/null @@ -1,1061 +0,0 @@ -package org.bouncycastle.jcajce.provider.keystore.bc; - -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.DataInputStream; -import java.io.DataOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.security.Key; -import java.security.KeyFactory; -import java.security.KeyStoreException; -import java.security.KeyStoreSpi; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.UnrecoverableKeyException; -import java.security.cert.Certificate; -import java.security.cert.CertificateEncodingException; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.security.spec.KeySpec; -import java.security.spec.PKCS8EncodedKeySpec; -import java.security.spec.X509EncodedKeySpec; -import java.util.Date; -import java.util.Enumeration; -import java.util.Hashtable; - -import javax.crypto.Cipher; -import javax.crypto.CipherInputStream; -import javax.crypto.CipherOutputStream; -import javax.crypto.SecretKeyFactory; -import javax.crypto.spec.PBEKeySpec; -import javax.crypto.spec.PBEParameterSpec; -import javax.crypto.spec.SecretKeySpec; - -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.PBEParametersGenerator; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator; -import org.bouncycastle.crypto.io.DigestInputStream; -import org.bouncycastle.crypto.io.DigestOutputStream; -import org.bouncycastle.crypto.io.MacInputStream; -import org.bouncycastle.crypto.io.MacOutputStream; -import org.bouncycastle.crypto.macs.HMac; -import org.bouncycastle.jce.interfaces.BCKeyStore; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.util.Arrays; -import org.bouncycastle.util.io.Streams; -import org.bouncycastle.util.io.TeeOutputStream; - -public class BcKeyStoreSpi - extends KeyStoreSpi - implements BCKeyStore -{ - private static final int STORE_VERSION = 2; - - private static final int STORE_SALT_SIZE = 20; - private static final String STORE_CIPHER = "PBEWithSHAAndTwofish-CBC"; - - private static final int KEY_SALT_SIZE = 20; - private static final int MIN_ITERATIONS = 1024; - - private static final String KEY_CIPHER = "PBEWithSHAAnd3-KeyTripleDES-CBC"; - - // - // generic object types - // - static final int NULL = 0; - static final int CERTIFICATE = 1; - static final int KEY = 2; - static final int SECRET = 3; - static final int SEALED = 4; - - // - // key types - // - static final int KEY_PRIVATE = 0; - static final int KEY_PUBLIC = 1; - static final int KEY_SECRET = 2; - - protected Hashtable table = new Hashtable(); - - protected SecureRandom random = new SecureRandom(); - - protected int version; - - public BcKeyStoreSpi(int version) - { - this.version = version; - } - - private class StoreEntry - { - int type; - String alias; - Object obj; - Certificate[] certChain; - Date date = new Date(); - - StoreEntry( - String alias, - Certificate obj) - { - this.type = CERTIFICATE; - this.alias = alias; - this.obj = obj; - this.certChain = null; - } - - StoreEntry( - String alias, - byte[] obj, - Certificate[] certChain) - { - this.type = SECRET; - this.alias = alias; - this.obj = obj; - this.certChain = certChain; - } - - StoreEntry( - String alias, - Key key, - char[] password, - Certificate[] certChain) - throws Exception - { - this.type = SEALED; - this.alias = alias; - this.certChain = certChain; - - byte[] salt = new byte[KEY_SALT_SIZE]; - - random.setSeed(System.currentTimeMillis()); - random.nextBytes(salt); - - int iterationCount = MIN_ITERATIONS + (random.nextInt() & 0x3ff); - - - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DataOutputStream dOut = new DataOutputStream(bOut); - - dOut.writeInt(salt.length); - dOut.write(salt); - dOut.writeInt(iterationCount); - - Cipher cipher = makePBECipher(KEY_CIPHER, Cipher.ENCRYPT_MODE, password, salt, iterationCount); - CipherOutputStream cOut = new CipherOutputStream(dOut, cipher); - - dOut = new DataOutputStream(cOut); - - encodeKey(key, dOut); - - dOut.close(); - - obj = bOut.toByteArray(); - } - - StoreEntry( - String alias, - Date date, - int type, - Object obj) - { - this.alias = alias; - this.date = date; - this.type = type; - this.obj = obj; - } - - StoreEntry( - String alias, - Date date, - int type, - Object obj, - Certificate[] certChain) - { - this.alias = alias; - this.date = date; - this.type = type; - this.obj = obj; - this.certChain = certChain; - } - - int getType() - { - return type; - } - - String getAlias() - { - return alias; - } - - Object getObject() - { - return obj; - } - - Object getObject( - char[] password) - throws NoSuchAlgorithmException, UnrecoverableKeyException - { - if (password == null || password.length == 0) - { - if (obj instanceof Key) - { - return obj; - } - } - - if (type == SEALED) - { - ByteArrayInputStream bIn = new ByteArrayInputStream((byte[])obj); - DataInputStream dIn = new DataInputStream(bIn); - - try - { - byte[] salt = new byte[dIn.readInt()]; - - dIn.readFully(salt); - - int iterationCount = dIn.readInt(); - - Cipher cipher = makePBECipher(KEY_CIPHER, Cipher.DECRYPT_MODE, password, salt, iterationCount); - - CipherInputStream cIn = new CipherInputStream(dIn, cipher); - - try - { - return decodeKey(new DataInputStream(cIn)); - } - catch (Exception x) - { - bIn = new ByteArrayInputStream((byte[])obj); - dIn = new DataInputStream(bIn); - - salt = new byte[dIn.readInt()]; - - dIn.readFully(salt); - - iterationCount = dIn.readInt(); - - cipher = makePBECipher("Broken" + KEY_CIPHER, Cipher.DECRYPT_MODE, password, salt, iterationCount); - - cIn = new CipherInputStream(dIn, cipher); - - Key k = null; - - try - { - k = decodeKey(new DataInputStream(cIn)); - } - catch (Exception y) - { - bIn = new ByteArrayInputStream((byte[])obj); - dIn = new DataInputStream(bIn); - - salt = new byte[dIn.readInt()]; - - dIn.readFully(salt); - - iterationCount = dIn.readInt(); - - cipher = makePBECipher("Old" + KEY_CIPHER, Cipher.DECRYPT_MODE, password, salt, iterationCount); - - cIn = new CipherInputStream(dIn, cipher); - - k = decodeKey(new DataInputStream(cIn)); - } - - // - // reencrypt key with correct cipher. - // - if (k != null) - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DataOutputStream dOut = new DataOutputStream(bOut); - - dOut.writeInt(salt.length); - dOut.write(salt); - dOut.writeInt(iterationCount); - - Cipher out = makePBECipher(KEY_CIPHER, Cipher.ENCRYPT_MODE, password, salt, iterationCount); - CipherOutputStream cOut = new CipherOutputStream(dOut, out); - - dOut = new DataOutputStream(cOut); - - encodeKey(k, dOut); - - dOut.close(); - - obj = bOut.toByteArray(); - - return k; - } - else - { - throw new UnrecoverableKeyException("no match"); - } - } - } - catch (Exception e) - { - throw new UnrecoverableKeyException("no match"); - } - } - else - { - throw new RuntimeException("forget something!"); - // TODO - // if we get to here key was saved as byte data, which - // according to the docs means it must be a private key - // in EncryptedPrivateKeyInfo (PKCS8 format), later... - // - } - } - - Certificate[] getCertificateChain() - { - return certChain; - } - - Date getDate() - { - return date; - } - } - - private void encodeCertificate( - Certificate cert, - DataOutputStream dOut) - throws IOException - { - try - { - byte[] cEnc = cert.getEncoded(); - - dOut.writeUTF(cert.getType()); - dOut.writeInt(cEnc.length); - dOut.write(cEnc); - } - catch (CertificateEncodingException ex) - { - throw new IOException(ex.toString()); - } - } - - private Certificate decodeCertificate( - DataInputStream dIn) - throws IOException - { - String type = dIn.readUTF(); - byte[] cEnc = new byte[dIn.readInt()]; - - dIn.readFully(cEnc); - - try - { - CertificateFactory cFact = CertificateFactory.getInstance(type, BouncyCastleProvider.PROVIDER_NAME); - ByteArrayInputStream bIn = new ByteArrayInputStream(cEnc); - - return cFact.generateCertificate(bIn); - } - catch (NoSuchProviderException ex) - { - throw new IOException(ex.toString()); - } - catch (CertificateException ex) - { - throw new IOException(ex.toString()); - } - } - - private void encodeKey( - Key key, - DataOutputStream dOut) - throws IOException - { - byte[] enc = key.getEncoded(); - - if (key instanceof PrivateKey) - { - dOut.write(KEY_PRIVATE); - } - else if (key instanceof PublicKey) - { - dOut.write(KEY_PUBLIC); - } - else - { - dOut.write(KEY_SECRET); - } - - dOut.writeUTF(key.getFormat()); - dOut.writeUTF(key.getAlgorithm()); - dOut.writeInt(enc.length); - dOut.write(enc); - } - - private Key decodeKey( - DataInputStream dIn) - throws IOException - { - int keyType = dIn.read(); - String format = dIn.readUTF(); - String algorithm = dIn.readUTF(); - byte[] enc = new byte[dIn.readInt()]; - KeySpec spec; - - dIn.readFully(enc); - - if (format.equals("PKCS#8") || format.equals("PKCS8")) - { - spec = new PKCS8EncodedKeySpec(enc); - } - else if (format.equals("X.509") || format.equals("X509")) - { - spec = new X509EncodedKeySpec(enc); - } - else if (format.equals("RAW")) - { - return new SecretKeySpec(enc, algorithm); - } - else - { - throw new IOException("Key format " + format + " not recognised!"); - } - - try - { - switch (keyType) - { - case KEY_PRIVATE: - return KeyFactory.getInstance(algorithm, BouncyCastleProvider.PROVIDER_NAME).generatePrivate(spec); - case KEY_PUBLIC: - return KeyFactory.getInstance(algorithm, BouncyCastleProvider.PROVIDER_NAME).generatePublic(spec); - case KEY_SECRET: - return SecretKeyFactory.getInstance(algorithm, BouncyCastleProvider.PROVIDER_NAME).generateSecret(spec); - default: - throw new IOException("Key type " + keyType + " not recognised!"); - } - } - catch (Exception e) - { - throw new IOException("Exception creating key: " + e.toString()); - } - } - - protected Cipher makePBECipher( - String algorithm, - int mode, - char[] password, - byte[] salt, - int iterationCount) - throws IOException - { - try - { - PBEKeySpec pbeSpec = new PBEKeySpec(password); - SecretKeyFactory keyFact = SecretKeyFactory.getInstance(algorithm, BouncyCastleProvider.PROVIDER_NAME); - PBEParameterSpec defParams = new PBEParameterSpec(salt, iterationCount); - - Cipher cipher = Cipher.getInstance(algorithm, BouncyCastleProvider.PROVIDER_NAME); - - cipher.init(mode, keyFact.generateSecret(pbeSpec), defParams); - - return cipher; - } - catch (Exception e) - { - throw new IOException("Error initialising store of key store: " + e); - } - } - - public void setRandom( - SecureRandom rand) - { - this.random = rand; - } - - public Enumeration engineAliases() - { - return table.keys(); - } - - public boolean engineContainsAlias( - String alias) - { - return (table.get(alias) != null); - } - - public void engineDeleteEntry( - String alias) - throws KeyStoreException - { - Object entry = table.get(alias); - - if (entry == null) - { - return; - } - - table.remove(alias); - } - - public Certificate engineGetCertificate( - String alias) - { - StoreEntry entry = (StoreEntry)table.get(alias); - - if (entry != null) - { - if (entry.getType() == CERTIFICATE) - { - return (Certificate)entry.getObject(); - } - else - { - Certificate[] chain = entry.getCertificateChain(); - - if (chain != null) - { - return chain[0]; - } - } - } - - return null; - } - - public String engineGetCertificateAlias( - Certificate cert) - { - Enumeration e = table.elements(); - while (e.hasMoreElements()) - { - StoreEntry entry = (StoreEntry)e.nextElement(); - - if (entry.getObject() instanceof Certificate) - { - Certificate c = (Certificate)entry.getObject(); - - if (c.equals(cert)) - { - return entry.getAlias(); - } - } - else - { - Certificate[] chain = entry.getCertificateChain(); - - if (chain != null && chain[0].equals(cert)) - { - return entry.getAlias(); - } - } - } - - return null; - } - - public Certificate[] engineGetCertificateChain( - String alias) - { - StoreEntry entry = (StoreEntry)table.get(alias); - - if (entry != null) - { - return entry.getCertificateChain(); - } - - return null; - } - - public Date engineGetCreationDate(String alias) - { - StoreEntry entry = (StoreEntry)table.get(alias); - - if (entry != null) - { - return entry.getDate(); - } - - return null; - } - - public Key engineGetKey( - String alias, - char[] password) - throws NoSuchAlgorithmException, UnrecoverableKeyException - { - StoreEntry entry = (StoreEntry)table.get(alias); - - if (entry == null || entry.getType() == CERTIFICATE) - { - return null; - } - - return (Key)entry.getObject(password); - } - - public boolean engineIsCertificateEntry( - String alias) - { - StoreEntry entry = (StoreEntry)table.get(alias); - - if (entry != null && entry.getType() == CERTIFICATE) - { - return true; - } - - return false; - } - - public boolean engineIsKeyEntry( - String alias) - { - StoreEntry entry = (StoreEntry)table.get(alias); - - if (entry != null && entry.getType() != CERTIFICATE) - { - return true; - } - - return false; - } - - public void engineSetCertificateEntry( - String alias, - Certificate cert) - throws KeyStoreException - { - StoreEntry entry = (StoreEntry)table.get(alias); - - if (entry != null && entry.getType() != CERTIFICATE) - { - throw new KeyStoreException("key store already has a key entry with alias " + alias); - } - - table.put(alias, new StoreEntry(alias, cert)); - } - - public void engineSetKeyEntry( - String alias, - byte[] key, - Certificate[] chain) - throws KeyStoreException - { - table.put(alias, new StoreEntry(alias, key, chain)); - } - - public void engineSetKeyEntry( - String alias, - Key key, - char[] password, - Certificate[] chain) - throws KeyStoreException - { - if ((key instanceof PrivateKey) && (chain == null)) - { - throw new KeyStoreException("no certificate chain for private key"); - } - - try - { - table.put(alias, new StoreEntry(alias, key, password, chain)); - } - catch (Exception e) - { - throw new KeyStoreException(e.toString()); - } - } - - public int engineSize() - { - return table.size(); - } - - protected void loadStore( - InputStream in) - throws IOException - { - DataInputStream dIn = new DataInputStream(in); - int type = dIn.read(); - - while (type > NULL) - { - String alias = dIn.readUTF(); - Date date = new Date(dIn.readLong()); - int chainLength = dIn.readInt(); - Certificate[] chain = null; - - if (chainLength != 0) - { - chain = new Certificate[chainLength]; - - for (int i = 0; i != chainLength; i++) - { - chain[i] = decodeCertificate(dIn); - } - } - - switch (type) - { - case CERTIFICATE: - Certificate cert = decodeCertificate(dIn); - - table.put(alias, new StoreEntry(alias, date, CERTIFICATE, cert)); - break; - case KEY: - Key key = decodeKey(dIn); - table.put(alias, new StoreEntry(alias, date, KEY, key, chain)); - break; - case SECRET: - case SEALED: - byte[] b = new byte[dIn.readInt()]; - - dIn.readFully(b); - table.put(alias, new StoreEntry(alias, date, type, b, chain)); - break; - default: - throw new RuntimeException("Unknown object type in store."); - } - - type = dIn.read(); - } - } - - protected void saveStore( - OutputStream out) - throws IOException - { - Enumeration e = table.elements(); - DataOutputStream dOut = new DataOutputStream(out); - - while (e.hasMoreElements()) - { - StoreEntry entry = (StoreEntry)e.nextElement(); - - dOut.write(entry.getType()); - dOut.writeUTF(entry.getAlias()); - dOut.writeLong(entry.getDate().getTime()); - - Certificate[] chain = entry.getCertificateChain(); - if (chain == null) - { - dOut.writeInt(0); - } - else - { - dOut.writeInt(chain.length); - for (int i = 0; i != chain.length; i++) - { - encodeCertificate(chain[i], dOut); - } - } - - switch (entry.getType()) - { - case CERTIFICATE: - encodeCertificate((Certificate)entry.getObject(), dOut); - break; - case KEY: - encodeKey((Key)entry.getObject(), dOut); - break; - case SEALED: - case SECRET: - byte[] b = (byte[])entry.getObject(); - - dOut.writeInt(b.length); - dOut.write(b); - break; - default: - throw new RuntimeException("Unknown object type in store."); - } - } - - dOut.write(NULL); - } - - public void engineLoad( - InputStream stream, - char[] password) - throws IOException - { - table.clear(); - - if (stream == null) // just initialising - { - return; - } - - DataInputStream dIn = new DataInputStream(stream); - int version = dIn.readInt(); - - if (version != STORE_VERSION) - { - if (version != 0 && version != 1) - { - throw new IOException("Wrong version of key store."); - } - } - - int saltLength = dIn.readInt(); - if (saltLength <= 0) - { - throw new IOException("Invalid salt detected"); - } - - byte[] salt = new byte[saltLength]; - - dIn.readFully(salt); - - int iterationCount = dIn.readInt(); - - // - // we only do an integrity check if the password is provided. - // - HMac hMac = new HMac(new SHA1Digest()); - if (password != null && password.length != 0) - { - byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password); - - PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new SHA1Digest()); - pbeGen.init(passKey, salt, iterationCount); - - CipherParameters macParams; - - if (version != 2) - { - macParams = pbeGen.generateDerivedMacParameters(hMac.getMacSize()); - } - else - { - macParams = pbeGen.generateDerivedMacParameters(hMac.getMacSize() * 8); - } - - Arrays.fill(passKey, (byte)0); - - hMac.init(macParams); - MacInputStream mIn = new MacInputStream(dIn, hMac); - - loadStore(mIn); - - // Finalise our mac calculation - byte[] mac = new byte[hMac.getMacSize()]; - hMac.doFinal(mac, 0); - - // TODO Should this actually be reading the remainder of the stream? - // Read the original mac from the stream - byte[] oldMac = new byte[hMac.getMacSize()]; - dIn.readFully(oldMac); - - if (!Arrays.constantTimeAreEqual(mac, oldMac)) - { - table.clear(); - throw new IOException("KeyStore integrity check failed."); - } - } - else - { - loadStore(dIn); - - // TODO Should this actually be reading the remainder of the stream? - // Parse the original mac from the stream too - byte[] oldMac = new byte[hMac.getMacSize()]; - dIn.readFully(oldMac); - } - } - - - public void engineStore(OutputStream stream, char[] password) - throws IOException - { - DataOutputStream dOut = new DataOutputStream(stream); - byte[] salt = new byte[STORE_SALT_SIZE]; - int iterationCount = MIN_ITERATIONS + (random.nextInt() & 0x3ff); - - random.nextBytes(salt); - - dOut.writeInt(version); - dOut.writeInt(salt.length); - dOut.write(salt); - dOut.writeInt(iterationCount); - - HMac hMac = new HMac(new SHA1Digest()); - MacOutputStream mOut = new MacOutputStream(hMac); - PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new SHA1Digest()); - byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password); - - pbeGen.init(passKey, salt, iterationCount); - - if (version < 2) - { - hMac.init(pbeGen.generateDerivedMacParameters(hMac.getMacSize())); - } - else - { - hMac.init(pbeGen.generateDerivedMacParameters(hMac.getMacSize() * 8)); - } - - for (int i = 0; i != passKey.length; i++) - { - passKey[i] = 0; - } - - saveStore(new TeeOutputStream(dOut, mOut)); - - byte[] mac = new byte[hMac.getMacSize()]; - - hMac.doFinal(mac, 0); - - dOut.write(mac); - - dOut.close(); - } - - /** - * the BouncyCastle store. This wont work with the key tool as the - * store is stored encrypted on disk, so the password is mandatory, - * however if you hard drive is in a bad part of town and you absolutely, - * positively, don't want nobody peeking at your things, this is the - * one to use, no problem! After all in a Bouncy Castle nothing can - * touch you. - * - * Also referred to by the alias UBER. - */ - public static class BouncyCastleStore - extends BcKeyStoreSpi - { - public BouncyCastleStore() - { - super(1); - } - - public void engineLoad( - InputStream stream, - char[] password) - throws IOException - { - table.clear(); - - if (stream == null) // just initialising - { - return; - } - - DataInputStream dIn = new DataInputStream(stream); - int version = dIn.readInt(); - - if (version != STORE_VERSION) - { - if (version != 0 && version != 1) - { - throw new IOException("Wrong version of key store."); - } - } - - byte[] salt = new byte[dIn.readInt()]; - - if (salt.length != STORE_SALT_SIZE) - { - throw new IOException("Key store corrupted."); - } - - dIn.readFully(salt); - - int iterationCount = dIn.readInt(); - - if ((iterationCount < 0) || (iterationCount > 4 * MIN_ITERATIONS)) - { - throw new IOException("Key store corrupted."); - } - - String cipherAlg; - if (version == 0) - { - cipherAlg = "Old" + STORE_CIPHER; - } - else - { - cipherAlg = STORE_CIPHER; - } - - Cipher cipher = this.makePBECipher(cipherAlg, Cipher.DECRYPT_MODE, password, salt, iterationCount); - CipherInputStream cIn = new CipherInputStream(dIn, cipher); - - Digest dig = new SHA1Digest(); - DigestInputStream dgIn = new DigestInputStream(cIn, dig); - - this.loadStore(dgIn); - - // Finalise our digest calculation - byte[] hash = new byte[dig.getDigestSize()]; - dig.doFinal(hash, 0); - - // TODO Should this actually be reading the remainder of the stream? - // Read the original digest from the stream - byte[] oldHash = new byte[dig.getDigestSize()]; - Streams.readFully(cIn, oldHash); - - if (!Arrays.constantTimeAreEqual(hash, oldHash)) - { - table.clear(); - throw new IOException("KeyStore integrity check failed."); - } - } - - public void engineStore(OutputStream stream, char[] password) - throws IOException - { - Cipher cipher; - DataOutputStream dOut = new DataOutputStream(stream); - byte[] salt = new byte[STORE_SALT_SIZE]; - int iterationCount = MIN_ITERATIONS + (random.nextInt() & 0x3ff); - - random.nextBytes(salt); - - dOut.writeInt(version); - dOut.writeInt(salt.length); - dOut.write(salt); - dOut.writeInt(iterationCount); - - cipher = this.makePBECipher(STORE_CIPHER, Cipher.ENCRYPT_MODE, password, salt, iterationCount); - - CipherOutputStream cOut = new CipherOutputStream(dOut, cipher); - DigestOutputStream dgOut = new DigestOutputStream(new SHA1Digest()); - - this.saveStore(new TeeOutputStream(cOut, dgOut)); - - byte[] dig = dgOut.getDigest(); - - cOut.write(dig); - - cOut.close(); - } - } - - public static class Std - extends BcKeyStoreSpi - { - public Std() - { - super(STORE_VERSION); - } - } - - public static class Version1 - extends BcKeyStoreSpi - { - public Version1() - { - super(1); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java deleted file mode 100644 index 69a7206d..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java +++ /dev/null @@ -1,1797 +0,0 @@ -package org.bouncycastle.jcajce.provider.keystore.pkcs12; - -import java.io.BufferedInputStream; -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.KeyStore; -import java.security.KeyStore.LoadStoreParameter; -import java.security.KeyStore.ProtectionParameter; -import java.security.KeyStoreException; -import java.security.KeyStoreSpi; -import java.security.NoSuchAlgorithmException; -import java.security.Principal; -import java.security.PrivateKey; -import java.security.Provider; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.UnrecoverableKeyException; -import java.security.cert.Certificate; -import java.security.cert.CertificateEncodingException; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; -import java.security.spec.InvalidKeySpecException; -import java.util.Collections; -import java.util.Date; -import java.util.Enumeration; -import java.util.HashMap; -import java.util.Hashtable; -import java.util.Map; -import java.util.Vector; - -import javax.crypto.Cipher; -import javax.crypto.Mac; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.SecretKey; -import javax.crypto.SecretKeyFactory; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.PBEKeySpec; -import javax.crypto.spec.PBEParameterSpec; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.BEROctetString; -import org.bouncycastle.asn1.BEROutputStream; -import org.bouncycastle.asn1.DERBMPString; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DEROutputStream; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.cryptopro.GOST28147Parameters; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.AuthenticatedSafe; -import org.bouncycastle.asn1.pkcs.CertBag; -import org.bouncycastle.asn1.pkcs.ContentInfo; -import org.bouncycastle.asn1.pkcs.EncryptedData; -import org.bouncycastle.asn1.pkcs.MacData; -import org.bouncycastle.asn1.pkcs.PBES2Parameters; -import org.bouncycastle.asn1.pkcs.PBKDF2Params; -import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.Pfx; -import org.bouncycastle.asn1.pkcs.SafeBag; -import org.bouncycastle.asn1.util.ASN1Dump; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier; -import org.bouncycastle.asn1.x509.DigestInfo; -import org.bouncycastle.asn1.x509.Extension; -import org.bouncycastle.asn1.x509.SubjectKeyIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.jcajce.provider.config.PKCS12StoreParameter; -import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey; -import org.bouncycastle.jcajce.spec.GOST28147ParameterSpec; -import org.bouncycastle.jcajce.spec.PBKDF2KeySpec; -import org.bouncycastle.jce.interfaces.BCKeyStore; -import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.jce.provider.JDKPKCS12StoreParameter; -import org.bouncycastle.util.Arrays; -import org.bouncycastle.util.Integers; -import org.bouncycastle.util.Strings; -import org.bouncycastle.util.encoders.Hex; - -public class PKCS12KeyStoreSpi - extends KeyStoreSpi - implements PKCSObjectIdentifiers, X509ObjectIdentifiers, BCKeyStore -{ - private static final int SALT_SIZE = 20; - private static final int MIN_ITERATIONS = 1024; - - private static final Provider bcProvider = new BouncyCastleProvider(); - private static final DefaultSecretKeyProvider keySizeProvider = new DefaultSecretKeyProvider(); - - private IgnoresCaseHashtable keys = new IgnoresCaseHashtable(); - private Hashtable localIds = new Hashtable(); - private IgnoresCaseHashtable certs = new IgnoresCaseHashtable(); - private Hashtable chainCerts = new Hashtable(); - private Hashtable keyCerts = new Hashtable(); - - // - // generic object types - // - static final int NULL = 0; - static final int CERTIFICATE = 1; - static final int KEY = 2; - static final int SECRET = 3; - static final int SEALED = 4; - - // - // key types - // - static final int KEY_PRIVATE = 0; - static final int KEY_PUBLIC = 1; - static final int KEY_SECRET = 2; - - protected SecureRandom random = new SecureRandom(); - - // use of final causes problems with JDK 1.2 compiler - private CertificateFactory certFact; - private ASN1ObjectIdentifier keyAlgorithm; - private ASN1ObjectIdentifier certAlgorithm; - - private class CertId - { - byte[] id; - - CertId( - PublicKey key) - { - this.id = createSubjectKeyId(key).getKeyIdentifier(); - } - - CertId( - byte[] id) - { - this.id = id; - } - - public int hashCode() - { - return Arrays.hashCode(id); - } - - public boolean equals( - Object o) - { - if (o == this) - { - return true; - } - - if (!(o instanceof CertId)) - { - return false; - } - - CertId cId = (CertId)o; - - return Arrays.areEqual(id, cId.id); - } - } - - public PKCS12KeyStoreSpi( - Provider provider, - ASN1ObjectIdentifier keyAlgorithm, - ASN1ObjectIdentifier certAlgorithm) - { - this.keyAlgorithm = keyAlgorithm; - this.certAlgorithm = certAlgorithm; - - try - { - if (provider != null) - { - certFact = CertificateFactory.getInstance("X.509", provider); - } - else - { - certFact = CertificateFactory.getInstance("X.509"); - } - } - catch (Exception e) - { - throw new IllegalArgumentException("can't create cert factory - " + e.toString()); - } - } - - private SubjectKeyIdentifier createSubjectKeyId( - PublicKey pubKey) - { - try - { - SubjectPublicKeyInfo info = new SubjectPublicKeyInfo( - (ASN1Sequence)ASN1Primitive.fromByteArray(pubKey.getEncoded())); - - return new SubjectKeyIdentifier(getDigest(info)); - } - catch (Exception e) - { - throw new RuntimeException("error creating key"); - } - } - - private static byte[] getDigest(SubjectPublicKeyInfo spki) - { - Digest digest = new SHA1Digest(); - byte[] resBuf = new byte[digest.getDigestSize()]; - - byte[] bytes = spki.getPublicKeyData().getBytes(); - digest.update(bytes, 0, bytes.length); - digest.doFinal(resBuf, 0); - return resBuf; - } - - public void setRandom( - SecureRandom rand) - { - this.random = rand; - } - - public Enumeration engineAliases() - { - Hashtable tab = new Hashtable(); - - Enumeration e = certs.keys(); - while (e.hasMoreElements()) - { - tab.put(e.nextElement(), "cert"); - } - - e = keys.keys(); - while (e.hasMoreElements()) - { - String a = (String)e.nextElement(); - if (tab.get(a) == null) - { - tab.put(a, "key"); - } - } - - return tab.keys(); - } - - public boolean engineContainsAlias( - String alias) - { - return (certs.get(alias) != null || keys.get(alias) != null); - } - - /** - * this is not quite complete - we should follow up on the chain, a bit - * tricky if a certificate appears in more than one chain... - */ - public void engineDeleteEntry( - String alias) - throws KeyStoreException - { - Key k = (Key)keys.remove(alias); - - Certificate c = (Certificate)certs.remove(alias); - - if (c != null) - { - chainCerts.remove(new CertId(c.getPublicKey())); - } - - if (k != null) - { - String id = (String)localIds.remove(alias); - if (id != null) - { - c = (Certificate)keyCerts.remove(id); - } - if (c != null) - { - chainCerts.remove(new CertId(c.getPublicKey())); - } - } - } - - /** - * simply return the cert for the private key - */ - public Certificate engineGetCertificate( - String alias) - { - if (alias == null) - { - throw new IllegalArgumentException("null alias passed to getCertificate."); - } - - Certificate c = (Certificate)certs.get(alias); - - // - // look up the key table - and try the local key id - // - if (c == null) - { - String id = (String)localIds.get(alias); - if (id != null) - { - c = (Certificate)keyCerts.get(id); - } - else - { - c = (Certificate)keyCerts.get(alias); - } - } - - return c; - } - - public String engineGetCertificateAlias( - Certificate cert) - { - Enumeration c = certs.elements(); - Enumeration k = certs.keys(); - - while (c.hasMoreElements()) - { - Certificate tc = (Certificate)c.nextElement(); - String ta = (String)k.nextElement(); - - if (tc.equals(cert)) - { - return ta; - } - } - - c = keyCerts.elements(); - k = keyCerts.keys(); - - while (c.hasMoreElements()) - { - Certificate tc = (Certificate)c.nextElement(); - String ta = (String)k.nextElement(); - - if (tc.equals(cert)) - { - return ta; - } - } - - return null; - } - - public Certificate[] engineGetCertificateChain( - String alias) - { - if (alias == null) - { - throw new IllegalArgumentException("null alias passed to getCertificateChain."); - } - - if (!engineIsKeyEntry(alias)) - { - return null; - } - - Certificate c = engineGetCertificate(alias); - - if (c != null) - { - Vector cs = new Vector(); - - while (c != null) - { - X509Certificate x509c = (X509Certificate)c; - Certificate nextC = null; - - byte[] bytes = x509c.getExtensionValue(Extension.authorityKeyIdentifier.getId()); - if (bytes != null) - { - try - { - ASN1InputStream aIn = new ASN1InputStream(bytes); - - byte[] authBytes = ((ASN1OctetString)aIn.readObject()).getOctets(); - aIn = new ASN1InputStream(authBytes); - - AuthorityKeyIdentifier id = AuthorityKeyIdentifier.getInstance(aIn.readObject()); - if (id.getKeyIdentifier() != null) - { - nextC = (Certificate)chainCerts.get(new CertId(id.getKeyIdentifier())); - } - - } - catch (IOException e) - { - throw new RuntimeException(e.toString()); - } - } - - if (nextC == null) - { - // - // no authority key id, try the Issuer DN - // - Principal i = x509c.getIssuerDN(); - Principal s = x509c.getSubjectDN(); - - if (!i.equals(s)) - { - Enumeration e = chainCerts.keys(); - - while (e.hasMoreElements()) - { - X509Certificate crt = (X509Certificate)chainCerts.get(e.nextElement()); - Principal sub = crt.getSubjectDN(); - if (sub.equals(i)) - { - try - { - x509c.verify(crt.getPublicKey()); - nextC = crt; - break; - } - catch (Exception ex) - { - // continue - } - } - } - } - } - - cs.addElement(c); - if (nextC != c) // self signed - end of the chain - { - c = nextC; - } - else - { - c = null; - } - } - - Certificate[] certChain = new Certificate[cs.size()]; - - for (int i = 0; i != certChain.length; i++) - { - certChain[i] = (Certificate)cs.elementAt(i); - } - - return certChain; - } - - return null; - } - - public Date engineGetCreationDate(String alias) - { - if (alias == null) - { - throw new NullPointerException("alias == null"); - } - if (keys.get(alias) == null && certs.get(alias) == null) - { - return null; - } - return new Date(); - } - - public Key engineGetKey( - String alias, - char[] password) - throws NoSuchAlgorithmException, UnrecoverableKeyException - { - if (alias == null) - { - throw new IllegalArgumentException("null alias passed to getKey."); - } - - return (Key)keys.get(alias); - } - - public boolean engineIsCertificateEntry( - String alias) - { - return (certs.get(alias) != null && keys.get(alias) == null); - } - - public boolean engineIsKeyEntry( - String alias) - { - return (keys.get(alias) != null); - } - - public void engineSetCertificateEntry( - String alias, - Certificate cert) - throws KeyStoreException - { - if (keys.get(alias) != null) - { - throw new KeyStoreException("There is a key entry with the name " + alias + "."); - } - - certs.put(alias, cert); - chainCerts.put(new CertId(cert.getPublicKey()), cert); - } - - public void engineSetKeyEntry( - String alias, - byte[] key, - Certificate[] chain) - throws KeyStoreException - { - throw new RuntimeException("operation not supported"); - } - - public void engineSetKeyEntry( - String alias, - Key key, - char[] password, - Certificate[] chain) - throws KeyStoreException - { - if (!(key instanceof PrivateKey)) - { - throw new KeyStoreException("PKCS12 does not support non-PrivateKeys"); - } - - if ((key instanceof PrivateKey) && (chain == null)) - { - throw new KeyStoreException("no certificate chain for private key"); - } - - if (keys.get(alias) != null) - { - engineDeleteEntry(alias); - } - - keys.put(alias, key); - if (chain != null) - { - certs.put(alias, chain[0]); - - for (int i = 0; i != chain.length; i++) - { - chainCerts.put(new CertId(chain[i].getPublicKey()), chain[i]); - } - } - } - - public int engineSize() - { - Hashtable tab = new Hashtable(); - - Enumeration e = certs.keys(); - while (e.hasMoreElements()) - { - tab.put(e.nextElement(), "cert"); - } - - e = keys.keys(); - while (e.hasMoreElements()) - { - String a = (String)e.nextElement(); - if (tab.get(a) == null) - { - tab.put(a, "key"); - } - } - - return tab.size(); - } - - protected PrivateKey unwrapKey( - AlgorithmIdentifier algId, - byte[] data, - char[] password, - boolean wrongPKCS12Zero) - throws IOException - { - ASN1ObjectIdentifier algorithm = algId.getAlgorithm(); - try - { - if (algorithm.on(PKCSObjectIdentifiers.pkcs_12PbeIds)) - { - PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algId.getParameters()); - - PBEKeySpec pbeSpec = new PBEKeySpec(password); - PrivateKey out; - - SecretKeyFactory keyFact = SecretKeyFactory.getInstance( - algorithm.getId(), bcProvider); - PBEParameterSpec defParams = new PBEParameterSpec( - pbeParams.getIV(), - pbeParams.getIterations().intValue()); - - SecretKey k = keyFact.generateSecret(pbeSpec); - - ((BCPBEKey)k).setTryWrongPKCS12Zero(wrongPKCS12Zero); - - Cipher cipher = Cipher.getInstance(algorithm.getId(), bcProvider); - - cipher.init(Cipher.UNWRAP_MODE, k, defParams); - - // we pass "" as the key algorithm type as it is unknown at this point - return (PrivateKey)cipher.unwrap(data, "", Cipher.PRIVATE_KEY); - } - else if (algorithm.equals(PKCSObjectIdentifiers.id_PBES2)) - { - - Cipher cipher = createCipher(Cipher.UNWRAP_MODE, password, algId); - - // we pass "" as the key algorithm type as it is unknown at this point - return (PrivateKey)cipher.unwrap(data, "", Cipher.PRIVATE_KEY); - } - } - catch (Exception e) - { - throw new IOException("exception unwrapping private key - " + e.toString()); - } - - throw new IOException("exception unwrapping private key - cannot recognise: " + algorithm); - } - - protected byte[] wrapKey( - String algorithm, - Key key, - PKCS12PBEParams pbeParams, - char[] password) - throws IOException - { - PBEKeySpec pbeSpec = new PBEKeySpec(password); - byte[] out; - - try - { - SecretKeyFactory keyFact = SecretKeyFactory.getInstance( - algorithm, bcProvider); - PBEParameterSpec defParams = new PBEParameterSpec( - pbeParams.getIV(), - pbeParams.getIterations().intValue()); - - Cipher cipher = Cipher.getInstance(algorithm, bcProvider); - - cipher.init(Cipher.WRAP_MODE, keyFact.generateSecret(pbeSpec), defParams); - - out = cipher.wrap(key); - } - catch (Exception e) - { - throw new IOException("exception encrypting data - " + e.toString()); - } - - return out; - } - - protected byte[] cryptData( - boolean forEncryption, - AlgorithmIdentifier algId, - char[] password, - boolean wrongPKCS12Zero, - byte[] data) - throws IOException - { - ASN1ObjectIdentifier algorithm = algId.getAlgorithm(); - int mode = forEncryption ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE; - - if (algorithm.on(PKCSObjectIdentifiers.pkcs_12PbeIds)) - { - PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algId.getParameters()); - PBEKeySpec pbeSpec = new PBEKeySpec(password); - - try - { - SecretKeyFactory keyFact = SecretKeyFactory.getInstance(algorithm.getId(), bcProvider); - PBEParameterSpec defParams = new PBEParameterSpec( - pbeParams.getIV(), - pbeParams.getIterations().intValue()); - BCPBEKey key = (BCPBEKey)keyFact.generateSecret(pbeSpec); - - key.setTryWrongPKCS12Zero(wrongPKCS12Zero); - - Cipher cipher = Cipher.getInstance(algorithm.getId(), bcProvider); - - cipher.init(mode, key, defParams); - return cipher.doFinal(data); - } - catch (Exception e) - { - throw new IOException("exception decrypting data - " + e.toString()); - } - } - else if (algorithm.equals(PKCSObjectIdentifiers.id_PBES2)) - { - try - { - Cipher cipher = createCipher(mode, password, algId); - - return cipher.doFinal(data); - } - catch (Exception e) - { - throw new IOException("exception decrypting data - " + e.toString()); - } - } - else - { - throw new IOException("unknown PBE algorithm: " + algorithm); - } - } - - private Cipher createCipher(int mode, char[] password, AlgorithmIdentifier algId) - throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException - { - PBES2Parameters alg = PBES2Parameters.getInstance(algId.getParameters()); - PBKDF2Params func = PBKDF2Params.getInstance(alg.getKeyDerivationFunc().getParameters()); - AlgorithmIdentifier encScheme = AlgorithmIdentifier.getInstance(alg.getEncryptionScheme()); - - SecretKeyFactory keyFact = SecretKeyFactory.getInstance(alg.getKeyDerivationFunc().getAlgorithm().getId(), bcProvider); - SecretKey key; - - if (func.isDefaultPrf()) - { - key = keyFact.generateSecret(new PBEKeySpec(password, func.getSalt(), func.getIterationCount().intValue(), keySizeProvider.getKeySize(encScheme))); - } - else - { - key = keyFact.generateSecret(new PBKDF2KeySpec(password, func.getSalt(), func.getIterationCount().intValue(), keySizeProvider.getKeySize(encScheme), func.getPrf())); - } - - Cipher cipher = Cipher.getInstance(alg.getEncryptionScheme().getAlgorithm().getId()); - - AlgorithmIdentifier encryptionAlg = AlgorithmIdentifier.getInstance(alg.getEncryptionScheme()); - - ASN1Encodable encParams = alg.getEncryptionScheme().getParameters(); - if (encParams instanceof ASN1OctetString) - { - cipher.init(mode, key, new IvParameterSpec(ASN1OctetString.getInstance(encParams).getOctets())); - } - else - { - // TODO: at the moment it's just GOST, but... - GOST28147Parameters gParams = GOST28147Parameters.getInstance(encParams); - - cipher.init(mode, key, new GOST28147ParameterSpec(gParams.getEncryptionParamSet(), gParams.getIV())); - } - return cipher; - } - - public void engineLoad( - InputStream stream, - char[] password) - throws IOException - { - if (stream == null) // just initialising - { - return; - } - - if (password == null) - { - throw new NullPointerException("No password supplied for PKCS#12 KeyStore."); - } - - BufferedInputStream bufIn = new BufferedInputStream(stream); - - bufIn.mark(10); - - int head = bufIn.read(); - - if (head != 0x30) - { - throw new IOException("stream does not represent a PKCS12 key store"); - } - - bufIn.reset(); - - ASN1InputStream bIn = new ASN1InputStream(bufIn); - ASN1Sequence obj = (ASN1Sequence)bIn.readObject(); - Pfx bag = Pfx.getInstance(obj); - ContentInfo info = bag.getAuthSafe(); - Vector chain = new Vector(); - boolean unmarkedKey = false; - boolean wrongPKCS12Zero = false; - - if (bag.getMacData() != null) // check the mac code - { - MacData mData = bag.getMacData(); - DigestInfo dInfo = mData.getMac(); - AlgorithmIdentifier algId = dInfo.getAlgorithmId(); - byte[] salt = mData.getSalt(); - int itCount = mData.getIterationCount().intValue(); - - byte[] data = ((ASN1OctetString)info.getContent()).getOctets(); - - try - { - byte[] res = calculatePbeMac(algId.getAlgorithm(), salt, itCount, password, false, data); - byte[] dig = dInfo.getDigest(); - - if (!Arrays.constantTimeAreEqual(res, dig)) - { - if (password.length > 0) - { - throw new IOException("PKCS12 key store mac invalid - wrong password or corrupted file."); - } - - // Try with incorrect zero length password - res = calculatePbeMac(algId.getAlgorithm(), salt, itCount, password, true, data); - - if (!Arrays.constantTimeAreEqual(res, dig)) - { - throw new IOException("PKCS12 key store mac invalid - wrong password or corrupted file."); - } - - wrongPKCS12Zero = true; - } - } - catch (IOException e) - { - throw e; - } - catch (Exception e) - { - throw new IOException("error constructing MAC: " + e.toString()); - } - } - - keys = new IgnoresCaseHashtable(); - localIds = new Hashtable(); - - if (info.getContentType().equals(data)) - { - bIn = new ASN1InputStream(((ASN1OctetString)info.getContent()).getOctets()); - - AuthenticatedSafe authSafe = AuthenticatedSafe.getInstance(bIn.readObject()); - ContentInfo[] c = authSafe.getContentInfo(); - - for (int i = 0; i != c.length; i++) - { - if (c[i].getContentType().equals(data)) - { - ASN1InputStream dIn = new ASN1InputStream(((ASN1OctetString)c[i].getContent()).getOctets()); - ASN1Sequence seq = (ASN1Sequence)dIn.readObject(); - - for (int j = 0; j != seq.size(); j++) - { - SafeBag b = SafeBag.getInstance(seq.getObjectAt(j)); - if (b.getBagId().equals(pkcs8ShroudedKeyBag)) - { - org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo eIn = org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo.getInstance(b.getBagValue()); - PrivateKey privKey = unwrapKey(eIn.getEncryptionAlgorithm(), eIn.getEncryptedData(), password, wrongPKCS12Zero); - - // - // set the attributes on the key - // - PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier)privKey; - String alias = null; - ASN1OctetString localId = null; - - if (b.getBagAttributes() != null) - { - Enumeration e = b.getBagAttributes().getObjects(); - while (e.hasMoreElements()) - { - ASN1Sequence sq = (ASN1Sequence)e.nextElement(); - ASN1ObjectIdentifier aOid = (ASN1ObjectIdentifier)sq.getObjectAt(0); - ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1); - ASN1Primitive attr = null; - - if (attrSet.size() > 0) - { - attr = (ASN1Primitive)attrSet.getObjectAt(0); - - ASN1Encodable existing = bagAttr.getBagAttribute(aOid); - if (existing != null) - { - // OK, but the value has to be the same - if (!existing.toASN1Primitive().equals(attr)) - { - throw new IOException( - "attempt to add existing attribute with different value"); - } - } - else - { - bagAttr.setBagAttribute(aOid, attr); - } - } - - if (aOid.equals(pkcs_9_at_friendlyName)) - { - alias = ((DERBMPString)attr).getString(); - keys.put(alias, privKey); - } - else if (aOid.equals(pkcs_9_at_localKeyId)) - { - localId = (ASN1OctetString)attr; - } - } - } - - if (localId != null) - { - String name = new String(Hex.encode(localId.getOctets())); - - if (alias == null) - { - keys.put(name, privKey); - } - else - { - localIds.put(alias, name); - } - } - else - { - unmarkedKey = true; - keys.put("unmarked", privKey); - } - } - else if (b.getBagId().equals(certBag)) - { - chain.addElement(b); - } - else - { - System.out.println("extra in data " + b.getBagId()); - System.out.println(ASN1Dump.dumpAsString(b)); - } - } - } - else if (c[i].getContentType().equals(encryptedData)) - { - EncryptedData d = EncryptedData.getInstance(c[i].getContent()); - byte[] octets = cryptData(false, d.getEncryptionAlgorithm(), - password, wrongPKCS12Zero, d.getContent().getOctets()); - ASN1Sequence seq = (ASN1Sequence)ASN1Primitive.fromByteArray(octets); - - for (int j = 0; j != seq.size(); j++) - { - SafeBag b = SafeBag.getInstance(seq.getObjectAt(j)); - - if (b.getBagId().equals(certBag)) - { - chain.addElement(b); - } - else if (b.getBagId().equals(pkcs8ShroudedKeyBag)) - { - org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo eIn = org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo.getInstance(b.getBagValue()); - PrivateKey privKey = unwrapKey(eIn.getEncryptionAlgorithm(), eIn.getEncryptedData(), password, wrongPKCS12Zero); - - // - // set the attributes on the key - // - PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier)privKey; - String alias = null; - ASN1OctetString localId = null; - - Enumeration e = b.getBagAttributes().getObjects(); - while (e.hasMoreElements()) - { - ASN1Sequence sq = (ASN1Sequence)e.nextElement(); - ASN1ObjectIdentifier aOid = (ASN1ObjectIdentifier)sq.getObjectAt(0); - ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1); - ASN1Primitive attr = null; - - if (attrSet.size() > 0) - { - attr = (ASN1Primitive)attrSet.getObjectAt(0); - - ASN1Encodable existing = bagAttr.getBagAttribute(aOid); - if (existing != null) - { - // OK, but the value has to be the same - if (!existing.toASN1Primitive().equals(attr)) - { - throw new IOException( - "attempt to add existing attribute with different value"); - } - } - else - { - bagAttr.setBagAttribute(aOid, attr); - } - } - - if (aOid.equals(pkcs_9_at_friendlyName)) - { - alias = ((DERBMPString)attr).getString(); - keys.put(alias, privKey); - } - else if (aOid.equals(pkcs_9_at_localKeyId)) - { - localId = (ASN1OctetString)attr; - } - } - - String name = new String(Hex.encode(localId.getOctets())); - - if (alias == null) - { - keys.put(name, privKey); - } - else - { - localIds.put(alias, name); - } - } - else if (b.getBagId().equals(keyBag)) - { - org.bouncycastle.asn1.pkcs.PrivateKeyInfo kInfo = org.bouncycastle.asn1.pkcs.PrivateKeyInfo.getInstance(b.getBagValue()); - PrivateKey privKey = BouncyCastleProvider.getPrivateKey(kInfo); - - // - // set the attributes on the key - // - PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier)privKey; - String alias = null; - ASN1OctetString localId = null; - - Enumeration e = b.getBagAttributes().getObjects(); - while (e.hasMoreElements()) - { - ASN1Sequence sq = ASN1Sequence.getInstance(e.nextElement()); - ASN1ObjectIdentifier aOid = ASN1ObjectIdentifier.getInstance(sq.getObjectAt(0)); - ASN1Set attrSet = ASN1Set.getInstance(sq.getObjectAt(1)); - ASN1Primitive attr = null; - - if (attrSet.size() > 0) - { - attr = (ASN1Primitive)attrSet.getObjectAt(0); - - ASN1Encodable existing = bagAttr.getBagAttribute(aOid); - if (existing != null) - { - // OK, but the value has to be the same - if (!existing.toASN1Primitive().equals(attr)) - { - throw new IOException( - "attempt to add existing attribute with different value"); - } - } - else - { - bagAttr.setBagAttribute(aOid, attr); - } - - if (aOid.equals(pkcs_9_at_friendlyName)) - { - alias = ((DERBMPString)attr).getString(); - keys.put(alias, privKey); - } - else if (aOid.equals(pkcs_9_at_localKeyId)) - { - localId = (ASN1OctetString)attr; - } - } - } - - String name = new String(Hex.encode(localId.getOctets())); - - if (alias == null) - { - keys.put(name, privKey); - } - else - { - localIds.put(alias, name); - } - } - else - { - System.out.println("extra in encryptedData " + b.getBagId()); - System.out.println(ASN1Dump.dumpAsString(b)); - } - } - } - else - { - System.out.println("extra " + c[i].getContentType().getId()); - System.out.println("extra " + ASN1Dump.dumpAsString(c[i].getContent())); - } - } - } - - certs = new IgnoresCaseHashtable(); - chainCerts = new Hashtable(); - keyCerts = new Hashtable(); - - for (int i = 0; i != chain.size(); i++) - { - SafeBag b = (SafeBag)chain.elementAt(i); - CertBag cb = CertBag.getInstance(b.getBagValue()); - - if (!cb.getCertId().equals(x509Certificate)) - { - throw new RuntimeException("Unsupported certificate type: " + cb.getCertId()); - } - - Certificate cert; - - try - { - ByteArrayInputStream cIn = new ByteArrayInputStream( - ((ASN1OctetString)cb.getCertValue()).getOctets()); - cert = certFact.generateCertificate(cIn); - } - catch (Exception e) - { - throw new RuntimeException(e.toString()); - } - - // - // set the attributes - // - ASN1OctetString localId = null; - String alias = null; - - if (b.getBagAttributes() != null) - { - Enumeration e = b.getBagAttributes().getObjects(); - while (e.hasMoreElements()) - { - ASN1Sequence sq = ASN1Sequence.getInstance(e.nextElement()); - ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(sq.getObjectAt(0)); - ASN1Set attrSet = ASN1Set.getInstance(sq.getObjectAt(1)); - - if (attrSet.size() > 0) // sometimes this is empty! - { - ASN1Primitive attr = (ASN1Primitive)attrSet.getObjectAt(0); - PKCS12BagAttributeCarrier bagAttr = null; - - if (cert instanceof PKCS12BagAttributeCarrier) - { - bagAttr = (PKCS12BagAttributeCarrier)cert; - - ASN1Encodable existing = bagAttr.getBagAttribute(oid); - if (existing != null) - { - // OK, but the value has to be the same - if (!existing.toASN1Primitive().equals(attr)) - { - throw new IOException( - "attempt to add existing attribute with different value"); - } - } - else - { - bagAttr.setBagAttribute(oid, attr); - } - } - - if (oid.equals(pkcs_9_at_friendlyName)) - { - alias = ((DERBMPString)attr).getString(); - } - else if (oid.equals(pkcs_9_at_localKeyId)) - { - localId = (ASN1OctetString)attr; - } - } - } - } - - chainCerts.put(new CertId(cert.getPublicKey()), cert); - - if (unmarkedKey) - { - if (keyCerts.isEmpty()) - { - String name = new String(Hex.encode(createSubjectKeyId(cert.getPublicKey()).getKeyIdentifier())); - - keyCerts.put(name, cert); - keys.put(name, keys.remove("unmarked")); - } - } - else - { - // - // the local key id needs to override the friendly name - // - if (localId != null) - { - String name = new String(Hex.encode(localId.getOctets())); - - keyCerts.put(name, cert); - } - if (alias != null) - { - certs.put(alias, cert); - } - } - } - } - - public void engineStore(LoadStoreParameter param) - throws IOException, - NoSuchAlgorithmException, CertificateException - { - if (param == null) - { - throw new IllegalArgumentException("'param' arg cannot be null"); - } - - if (!(param instanceof PKCS12StoreParameter || param instanceof JDKPKCS12StoreParameter)) - { - throw new IllegalArgumentException( - "No support for 'param' of type " + param.getClass().getName()); - } - - PKCS12StoreParameter bcParam; - - if (param instanceof PKCS12StoreParameter) - { - bcParam = (PKCS12StoreParameter)param; - } - else - { - bcParam = new PKCS12StoreParameter(((JDKPKCS12StoreParameter)param).getOutputStream(), - param.getProtectionParameter(), ((JDKPKCS12StoreParameter)param).isUseDEREncoding()); - } - - char[] password; - ProtectionParameter protParam = param.getProtectionParameter(); - if (protParam == null) - { - password = null; - } - else if (protParam instanceof KeyStore.PasswordProtection) - { - password = ((KeyStore.PasswordProtection)protParam).getPassword(); - } - else - { - throw new IllegalArgumentException( - "No support for protection parameter of type " + protParam.getClass().getName()); - } - - doStore(bcParam.getOutputStream(), password, bcParam.isForDEREncoding()); - } - - public void engineStore(OutputStream stream, char[] password) - throws IOException - { - doStore(stream, password, false); - } - - private void doStore(OutputStream stream, char[] password, boolean useDEREncoding) - throws IOException - { - if (password == null) - { - throw new NullPointerException("No password supplied for PKCS#12 KeyStore."); - } - - // - // handle the key - // - ASN1EncodableVector keyS = new ASN1EncodableVector(); - - - Enumeration ks = keys.keys(); - - while (ks.hasMoreElements()) - { - byte[] kSalt = new byte[SALT_SIZE]; - - random.nextBytes(kSalt); - - String name = (String)ks.nextElement(); - PrivateKey privKey = (PrivateKey)keys.get(name); - PKCS12PBEParams kParams = new PKCS12PBEParams(kSalt, MIN_ITERATIONS); - byte[] kBytes = wrapKey(keyAlgorithm.getId(), privKey, kParams, password); - AlgorithmIdentifier kAlgId = new AlgorithmIdentifier(keyAlgorithm, kParams.toASN1Primitive()); - org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo kInfo = new org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo(kAlgId, kBytes); - boolean attrSet = false; - ASN1EncodableVector kName = new ASN1EncodableVector(); - - if (privKey instanceof PKCS12BagAttributeCarrier) - { - PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier)privKey; - // - // make sure we are using the local alias on store - // - DERBMPString nm = (DERBMPString)bagAttrs.getBagAttribute(pkcs_9_at_friendlyName); - if (nm == null || !nm.getString().equals(name)) - { - bagAttrs.setBagAttribute(pkcs_9_at_friendlyName, new DERBMPString(name)); - } - - // - // make sure we have a local key-id - // - if (bagAttrs.getBagAttribute(pkcs_9_at_localKeyId) == null) - { - Certificate ct = engineGetCertificate(name); - - bagAttrs.setBagAttribute(pkcs_9_at_localKeyId, createSubjectKeyId(ct.getPublicKey())); - } - - Enumeration e = bagAttrs.getBagAttributeKeys(); - - while (e.hasMoreElements()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); - ASN1EncodableVector kSeq = new ASN1EncodableVector(); - - kSeq.add(oid); - kSeq.add(new DERSet(bagAttrs.getBagAttribute(oid))); - - attrSet = true; - - kName.add(new DERSequence(kSeq)); - } - } - - if (!attrSet) - { - // - // set a default friendly name (from the key id) and local id - // - ASN1EncodableVector kSeq = new ASN1EncodableVector(); - Certificate ct = engineGetCertificate(name); - - kSeq.add(pkcs_9_at_localKeyId); - kSeq.add(new DERSet(createSubjectKeyId(ct.getPublicKey()))); - - kName.add(new DERSequence(kSeq)); - - kSeq = new ASN1EncodableVector(); - - kSeq.add(pkcs_9_at_friendlyName); - kSeq.add(new DERSet(new DERBMPString(name))); - - kName.add(new DERSequence(kSeq)); - } - - SafeBag kBag = new SafeBag(pkcs8ShroudedKeyBag, kInfo.toASN1Primitive(), new DERSet(kName)); - keyS.add(kBag); - } - - byte[] keySEncoded = new DERSequence(keyS).getEncoded(ASN1Encoding.DER); - BEROctetString keyString = new BEROctetString(keySEncoded); - - // - // certificate processing - // - byte[] cSalt = new byte[SALT_SIZE]; - - random.nextBytes(cSalt); - - ASN1EncodableVector certSeq = new ASN1EncodableVector(); - PKCS12PBEParams cParams = new PKCS12PBEParams(cSalt, MIN_ITERATIONS); - AlgorithmIdentifier cAlgId = new AlgorithmIdentifier(certAlgorithm, cParams.toASN1Primitive()); - Hashtable doneCerts = new Hashtable(); - - Enumeration cs = keys.keys(); - while (cs.hasMoreElements()) - { - try - { - String name = (String)cs.nextElement(); - Certificate cert = engineGetCertificate(name); - boolean cAttrSet = false; - CertBag cBag = new CertBag( - x509Certificate, - new DEROctetString(cert.getEncoded())); - ASN1EncodableVector fName = new ASN1EncodableVector(); - - if (cert instanceof PKCS12BagAttributeCarrier) - { - PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier)cert; - // - // make sure we are using the local alias on store - // - DERBMPString nm = (DERBMPString)bagAttrs.getBagAttribute(pkcs_9_at_friendlyName); - if (nm == null || !nm.getString().equals(name)) - { - bagAttrs.setBagAttribute(pkcs_9_at_friendlyName, new DERBMPString(name)); - } - - // - // make sure we have a local key-id - // - if (bagAttrs.getBagAttribute(pkcs_9_at_localKeyId) == null) - { - bagAttrs.setBagAttribute(pkcs_9_at_localKeyId, createSubjectKeyId(cert.getPublicKey())); - } - - Enumeration e = bagAttrs.getBagAttributeKeys(); - - while (e.hasMoreElements()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); - ASN1EncodableVector fSeq = new ASN1EncodableVector(); - - fSeq.add(oid); - fSeq.add(new DERSet(bagAttrs.getBagAttribute(oid))); - fName.add(new DERSequence(fSeq)); - - cAttrSet = true; - } - } - - if (!cAttrSet) - { - ASN1EncodableVector fSeq = new ASN1EncodableVector(); - - fSeq.add(pkcs_9_at_localKeyId); - fSeq.add(new DERSet(createSubjectKeyId(cert.getPublicKey()))); - fName.add(new DERSequence(fSeq)); - - fSeq = new ASN1EncodableVector(); - - fSeq.add(pkcs_9_at_friendlyName); - fSeq.add(new DERSet(new DERBMPString(name))); - - fName.add(new DERSequence(fSeq)); - } - - SafeBag sBag = new SafeBag(certBag, cBag.toASN1Primitive(), new DERSet(fName)); - - certSeq.add(sBag); - - doneCerts.put(cert, cert); - } - catch (CertificateEncodingException e) - { - throw new IOException("Error encoding certificate: " + e.toString()); - } - } - - cs = certs.keys(); - while (cs.hasMoreElements()) - { - try - { - String certId = (String)cs.nextElement(); - Certificate cert = (Certificate)certs.get(certId); - boolean cAttrSet = false; - - if (keys.get(certId) != null) - { - continue; - } - - CertBag cBag = new CertBag( - x509Certificate, - new DEROctetString(cert.getEncoded())); - ASN1EncodableVector fName = new ASN1EncodableVector(); - - if (cert instanceof PKCS12BagAttributeCarrier) - { - PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier)cert; - // - // make sure we are using the local alias on store - // - DERBMPString nm = (DERBMPString)bagAttrs.getBagAttribute(pkcs_9_at_friendlyName); - if (nm == null || !nm.getString().equals(certId)) - { - bagAttrs.setBagAttribute(pkcs_9_at_friendlyName, new DERBMPString(certId)); - } - - Enumeration e = bagAttrs.getBagAttributeKeys(); - - while (e.hasMoreElements()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); - - // a certificate not immediately linked to a key doesn't require - // a localKeyID and will confuse some PKCS12 implementations. - // - // If we find one, we'll prune it out. - if (oid.equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId)) - { - continue; - } - - ASN1EncodableVector fSeq = new ASN1EncodableVector(); - - fSeq.add(oid); - fSeq.add(new DERSet(bagAttrs.getBagAttribute(oid))); - fName.add(new DERSequence(fSeq)); - - cAttrSet = true; - } - } - - if (!cAttrSet) - { - ASN1EncodableVector fSeq = new ASN1EncodableVector(); - - fSeq.add(pkcs_9_at_friendlyName); - fSeq.add(new DERSet(new DERBMPString(certId))); - - fName.add(new DERSequence(fSeq)); - } - - SafeBag sBag = new SafeBag(certBag, cBag.toASN1Primitive(), new DERSet(fName)); - - certSeq.add(sBag); - - doneCerts.put(cert, cert); - } - catch (CertificateEncodingException e) - { - throw new IOException("Error encoding certificate: " + e.toString()); - } - } - - cs = chainCerts.keys(); - while (cs.hasMoreElements()) - { - try - { - CertId certId = (CertId)cs.nextElement(); - Certificate cert = (Certificate)chainCerts.get(certId); - - if (doneCerts.get(cert) != null) - { - continue; - } - - CertBag cBag = new CertBag( - x509Certificate, - new DEROctetString(cert.getEncoded())); - ASN1EncodableVector fName = new ASN1EncodableVector(); - - if (cert instanceof PKCS12BagAttributeCarrier) - { - PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier)cert; - Enumeration e = bagAttrs.getBagAttributeKeys(); - - while (e.hasMoreElements()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); - - // a certificate not immediately linked to a key doesn't require - // a localKeyID and will confuse some PKCS12 implementations. - // - // If we find one, we'll prune it out. - if (oid.equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId)) - { - continue; - } - - ASN1EncodableVector fSeq = new ASN1EncodableVector(); - - fSeq.add(oid); - fSeq.add(new DERSet(bagAttrs.getBagAttribute(oid))); - fName.add(new DERSequence(fSeq)); - } - } - - SafeBag sBag = new SafeBag(certBag, cBag.toASN1Primitive(), new DERSet(fName)); - - certSeq.add(sBag); - } - catch (CertificateEncodingException e) - { - throw new IOException("Error encoding certificate: " + e.toString()); - } - } - - byte[] certSeqEncoded = new DERSequence(certSeq).getEncoded(ASN1Encoding.DER); - byte[] certBytes = cryptData(true, cAlgId, password, false, certSeqEncoded); - EncryptedData cInfo = new EncryptedData(data, cAlgId, new BEROctetString(certBytes)); - - ContentInfo[] info = new ContentInfo[] - { - new ContentInfo(data, keyString), - new ContentInfo(encryptedData, cInfo.toASN1Primitive()) - }; - - AuthenticatedSafe auth = new AuthenticatedSafe(info); - - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream asn1Out; - if (useDEREncoding) - { - asn1Out = new DEROutputStream(bOut); - } - else - { - asn1Out = new BEROutputStream(bOut); - } - - asn1Out.writeObject(auth); - - byte[] pkg = bOut.toByteArray(); - - ContentInfo mainInfo = new ContentInfo(data, new BEROctetString(pkg)); - - // - // create the mac - // - byte[] mSalt = new byte[20]; - int itCount = MIN_ITERATIONS; - - random.nextBytes(mSalt); - - byte[] data = ((ASN1OctetString)mainInfo.getContent()).getOctets(); - - MacData mData; - - try - { - byte[] res = calculatePbeMac(id_SHA1, mSalt, itCount, password, false, data); - - AlgorithmIdentifier algId = new AlgorithmIdentifier(id_SHA1, DERNull.INSTANCE); - DigestInfo dInfo = new DigestInfo(algId, res); - - mData = new MacData(dInfo, mSalt, itCount); - } - catch (Exception e) - { - throw new IOException("error constructing MAC: " + e.toString()); - } - - // - // output the Pfx - // - Pfx pfx = new Pfx(mainInfo, mData); - - if (useDEREncoding) - { - asn1Out = new DEROutputStream(stream); - } - else - { - asn1Out = new BEROutputStream(stream); - } - - asn1Out.writeObject(pfx); - } - - private static byte[] calculatePbeMac( - ASN1ObjectIdentifier oid, - byte[] salt, - int itCount, - char[] password, - boolean wrongPkcs12Zero, - byte[] data) - throws Exception - { - SecretKeyFactory keyFact = SecretKeyFactory.getInstance(oid.getId(), bcProvider); - PBEParameterSpec defParams = new PBEParameterSpec(salt, itCount); - PBEKeySpec pbeSpec = new PBEKeySpec(password); - BCPBEKey key = (BCPBEKey)keyFact.generateSecret(pbeSpec); - key.setTryWrongPKCS12Zero(wrongPkcs12Zero); - - Mac mac = Mac.getInstance(oid.getId(), bcProvider); - mac.init(key, defParams); - mac.update(data); - return mac.doFinal(); - } - - public static class BCPKCS12KeyStore - extends PKCS12KeyStoreSpi - { - public BCPKCS12KeyStore() - { - super(bcProvider, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC); - } - } - - public static class BCPKCS12KeyStore3DES - extends PKCS12KeyStoreSpi - { - public BCPKCS12KeyStore3DES() - { - super(bcProvider, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC); - } - } - - public static class DefPKCS12KeyStore - extends PKCS12KeyStoreSpi - { - public DefPKCS12KeyStore() - { - super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC); - } - } - - public static class DefPKCS12KeyStore3DES - extends PKCS12KeyStoreSpi - { - public DefPKCS12KeyStore3DES() - { - super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC); - } - } - - private static class IgnoresCaseHashtable - { - private Hashtable orig = new Hashtable(); - private Hashtable keys = new Hashtable(); - - public void put(String key, Object value) - { - String lower = (key == null) ? null : Strings.toLowerCase(key); - String k = (String)keys.get(lower); - if (k != null) - { - orig.remove(k); - } - - keys.put(lower, key); - orig.put(key, value); - } - - public Enumeration keys() - { - return orig.keys(); - } - - public Object remove(String alias) - { - String k = (String)keys.remove(alias == null ? null : Strings.toLowerCase(alias)); - if (k == null) - { - return null; - } - - return orig.remove(k); - } - - public Object get(String alias) - { - String k = (String)keys.get(alias == null ? null : Strings.toLowerCase(alias)); - if (k == null) - { - return null; - } - - return orig.get(k); - } - - public Enumeration elements() - { - return orig.elements(); - } - } - - private static class DefaultSecretKeyProvider - { - private final Map KEY_SIZES; - - DefaultSecretKeyProvider() - { - Map keySizes = new HashMap(); - - keySizes.put(new ASN1ObjectIdentifier("1.2.840.113533.7.66.10"), Integers.valueOf(128)); - - keySizes.put(PKCSObjectIdentifiers.des_EDE3_CBC.getId(), Integers.valueOf(192)); - - keySizes.put(NISTObjectIdentifiers.id_aes128_CBC, Integers.valueOf(128)); - keySizes.put(NISTObjectIdentifiers.id_aes192_CBC, Integers.valueOf(192)); - keySizes.put(NISTObjectIdentifiers.id_aes256_CBC, Integers.valueOf(256)); - - keySizes.put(NTTObjectIdentifiers.id_camellia128_cbc, Integers.valueOf(128)); - keySizes.put(NTTObjectIdentifiers.id_camellia192_cbc, Integers.valueOf(192)); - keySizes.put(NTTObjectIdentifiers.id_camellia256_cbc, Integers.valueOf(256)); - - keySizes.put(CryptoProObjectIdentifiers.gostR28147_gcfb, Integers.valueOf(256)); - - KEY_SIZES = Collections.unmodifiableMap(keySizes); - } - - public int getKeySize(AlgorithmIdentifier algorithmIdentifier) - { - // TODO: not all ciphers/oid relationships are this simple. - Integer keySize = (Integer)KEY_SIZES.get(algorithmIdentifier.getAlgorithm()); - - if (keySize != null) - { - return keySize.intValue(); - } - - return -1; - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java deleted file mode 100644 index 244342b1..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java +++ /dev/null @@ -1,651 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric; - -import java.io.IOException; -import java.lang.reflect.Constructor; -import java.lang.reflect.Method; -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.InvalidParameterSpecException; - -import javax.crypto.spec.IvParameterSpec; - -import org.bouncycastle.asn1.bc.BCObjectIdentifiers; -import org.bouncycastle.asn1.cms.GCMParameters; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.BufferedBlockCipher; -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.engines.AESFastEngine; -import org.bouncycastle.crypto.engines.AESWrapEngine; -import org.bouncycastle.crypto.engines.RFC3211WrapEngine; -import org.bouncycastle.crypto.engines.RFC5649WrapEngine; -import org.bouncycastle.crypto.generators.Poly1305KeyGenerator; -import org.bouncycastle.crypto.macs.CMac; -import org.bouncycastle.crypto.macs.GMac; -import org.bouncycastle.crypto.modes.CBCBlockCipher; -import org.bouncycastle.crypto.modes.CFBBlockCipher; -import org.bouncycastle.crypto.modes.GCMBlockCipher; -import org.bouncycastle.crypto.modes.OFBBlockCipher; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameters; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher; -import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters; -import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.util.Integers; - -public final class AES -{ - private static final Class gcmSpecClass = lookup("javax.crypto.spec.GCMParameterSpec"); - - private AES() - { - } - - public static class ECB - extends BaseBlockCipher - { - public ECB() - { - super(new BlockCipherProvider() - { - public BlockCipher get() - { - return new AESFastEngine(); - } - }); - } - } - - public static class CBC - extends BaseBlockCipher - { - public CBC() - { - super(new CBCBlockCipher(new AESFastEngine()), 128); - } - } - - static public class CFB - extends BaseBlockCipher - { - public CFB() - { - super(new BufferedBlockCipher(new CFBBlockCipher(new AESFastEngine(), 128)), 128); - } - } - - static public class OFB - extends BaseBlockCipher - { - public OFB() - { - super(new BufferedBlockCipher(new OFBBlockCipher(new AESFastEngine(), 128)), 128); - } - } - - static public class GCM - extends BaseBlockCipher - { - public GCM() - { - super(new GCMBlockCipher(new AESFastEngine())); - } - } - - public static class AESCMAC - extends BaseMac - { - public AESCMAC() - { - super(new CMac(new AESFastEngine())); - } - } - - public static class AESGMAC - extends BaseMac - { - public AESGMAC() - { - super(new GMac(new GCMBlockCipher(new AESFastEngine()))); - } - } - - public static class Poly1305 - extends BaseMac - { - public Poly1305() - { - super(new org.bouncycastle.crypto.macs.Poly1305(new AESFastEngine())); - } - } - - public static class Poly1305KeyGen - extends BaseKeyGenerator - { - public Poly1305KeyGen() - { - super("Poly1305-AES", 256, new Poly1305KeyGenerator()); - } - } - - static public class Wrap - extends BaseWrapCipher - { - public Wrap() - { - super(new AESWrapEngine()); - } - } - - public static class RFC3211Wrap - extends BaseWrapCipher - { - public RFC3211Wrap() - { - super(new RFC3211WrapEngine(new AESFastEngine()), 16); - } - } - - public static class RFC5649Wrap - extends BaseWrapCipher - { - public RFC5649Wrap() - { - super(new RFC5649WrapEngine(new AESFastEngine())); - } - } - - /** - * PBEWithAES-CBC - */ - static public class PBEWithAESCBC - extends BaseBlockCipher - { - public PBEWithAESCBC() - { - super(new CBCBlockCipher(new AESFastEngine())); - } - } - - public static class KeyGen - extends BaseKeyGenerator - { - public KeyGen() - { - this(192); - } - - public KeyGen(int keySize) - { - super("AES", keySize, new CipherKeyGenerator()); - } - } - - public static class KeyGen128 - extends KeyGen - { - public KeyGen128() - { - super(128); - } - } - - public static class KeyGen192 - extends KeyGen - { - public KeyGen192() - { - super(192); - } - } - - public static class KeyGen256 - extends KeyGen - { - public KeyGen256() - { - super(256); - } - } - - /** - * PBEWithSHA1And128BitAES-BC - */ - static public class PBEWithSHAAnd128BitAESBC - extends PBESecretKeyFactory - { - public PBEWithSHAAnd128BitAESBC() - { - super("PBEWithSHA1And128BitAES-CBC-BC", null, true, PKCS12, SHA1, 128, 128); - } - } - - /** - * PBEWithSHA1And192BitAES-BC - */ - static public class PBEWithSHAAnd192BitAESBC - extends PBESecretKeyFactory - { - public PBEWithSHAAnd192BitAESBC() - { - super("PBEWithSHA1And192BitAES-CBC-BC", null, true, PKCS12, SHA1, 192, 128); - } - } - - /** - * PBEWithSHA1And256BitAES-BC - */ - static public class PBEWithSHAAnd256BitAESBC - extends PBESecretKeyFactory - { - public PBEWithSHAAnd256BitAESBC() - { - super("PBEWithSHA1And256BitAES-CBC-BC", null, true, PKCS12, SHA1, 256, 128); - } - } - - /** - * PBEWithSHA256And128BitAES-BC - */ - static public class PBEWithSHA256And128BitAESBC - extends PBESecretKeyFactory - { - public PBEWithSHA256And128BitAESBC() - { - super("PBEWithSHA256And128BitAES-CBC-BC", null, true, PKCS12, SHA256, 128, 128); - } - } - - /** - * PBEWithSHA256And192BitAES-BC - */ - static public class PBEWithSHA256And192BitAESBC - extends PBESecretKeyFactory - { - public PBEWithSHA256And192BitAESBC() - { - super("PBEWithSHA256And192BitAES-CBC-BC", null, true, PKCS12, SHA256, 192, 128); - } - } - - /** - * PBEWithSHA256And256BitAES-BC - */ - static public class PBEWithSHA256And256BitAESBC - extends PBESecretKeyFactory - { - public PBEWithSHA256And256BitAESBC() - { - super("PBEWithSHA256And256BitAES-CBC-BC", null, true, PKCS12, SHA256, 256, 128); - } - } - - /** - * PBEWithMD5And128BitAES-OpenSSL - */ - static public class PBEWithMD5And128BitAESCBCOpenSSL - extends PBESecretKeyFactory - { - public PBEWithMD5And128BitAESCBCOpenSSL() - { - super("PBEWithMD5And128BitAES-CBC-OpenSSL", null, true, OPENSSL, MD5, 128, 128); - } - } - - /** - * PBEWithMD5And192BitAES-OpenSSL - */ - static public class PBEWithMD5And192BitAESCBCOpenSSL - extends PBESecretKeyFactory - { - public PBEWithMD5And192BitAESCBCOpenSSL() - { - super("PBEWithMD5And192BitAES-CBC-OpenSSL", null, true, OPENSSL, MD5, 192, 128); - } - } - - /** - * PBEWithMD5And256BitAES-OpenSSL - */ - static public class PBEWithMD5And256BitAESCBCOpenSSL - extends PBESecretKeyFactory - { - public PBEWithMD5And256BitAESCBCOpenSSL() - { - super("PBEWithMD5And256BitAES-CBC-OpenSSL", null, true, OPENSSL, MD5, 256, 128); - } - } - - public static class AlgParamGen - extends BaseAlgorithmParameterGenerator - { - protected void engineInit( - AlgorithmParameterSpec genParamSpec, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation."); - } - - protected AlgorithmParameters engineGenerateParameters() - { - byte[] iv = new byte[16]; - - if (random == null) - { - random = new SecureRandom(); - } - - random.nextBytes(iv); - - AlgorithmParameters params; - - try - { - params = AlgorithmParameters.getInstance("AES", BouncyCastleProvider.PROVIDER_NAME); - params.init(new IvParameterSpec(iv)); - } - catch (Exception e) - { - throw new RuntimeException(e.getMessage()); - } - - return params; - } - } - - public static class AlgParams - extends IvAlgorithmParameters - { - protected String engineToString() - { - return "AES IV"; - } - } - - public static class AlgParamsGCM - extends BaseAlgorithmParameters - { - private GCMParameters gcmParams; - - protected void engineInit(AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (gcmSpecClass != null) - { - try - { - Method tLen = gcmSpecClass.getDeclaredMethod("getTLen", new Class[0]); - Method iv= gcmSpecClass.getDeclaredMethod("getIV", new Class[0]); - - - gcmParams = new GCMParameters((byte[])iv.invoke(paramSpec, new Object[0]), ((Integer)tLen.invoke(paramSpec, new Object[0])).intValue()); - } - catch (Exception e) - { - throw new InvalidParameterSpecException("Cannot process GCMParameterSpec."); - } - } - } - - protected void engineInit(byte[] params) - throws IOException - { - gcmParams = GCMParameters.getInstance(params); - } - - protected void engineInit(byte[] params, String format) - throws IOException - { - if (!isASN1FormatString(format)) - { - throw new IOException("unknown format specified"); - } - - gcmParams = GCMParameters.getInstance(params); - } - - protected byte[] engineGetEncoded() - throws IOException - { - return gcmParams.getEncoded(); - } - - protected byte[] engineGetEncoded(String format) - throws IOException - { - if (!isASN1FormatString(format)) - { - throw new IOException("unknown format specified"); - } - - return gcmParams.getEncoded(); - } - - protected String engineToString() - { - return "GCM"; - } - - protected AlgorithmParameterSpec localEngineGetParameterSpec(Class paramSpec) - throws InvalidParameterSpecException - { - if (gcmSpecClass != null) - { - try - { - Constructor constructor = gcmSpecClass.getConstructor(new Class[] { Integer.TYPE, byte[].class }); - - return (AlgorithmParameterSpec)constructor.newInstance(new Object[] { Integers.valueOf(gcmParams.getIcvLen()), gcmParams.getNonce() }); - } - catch (NoSuchMethodException e) - { - throw new InvalidParameterSpecException("no constructor found!"); // should never happen - } - catch (Exception e) - { - throw new InvalidParameterSpecException("construction failed: " + e.getMessage()); // should never happen - } - } - - throw new InvalidParameterSpecException("unknown parameter spec: " + paramSpec.getName()); - } - } - - public static class Mappings - extends SymmetricAlgorithmProvider - { - private static final String PREFIX = AES.class.getName(); - - /** - * These three got introduced in some messages as a result of a typo in an - * early document. We don't produce anything using these OID values, but we'll - * read them. - */ - private static final String wrongAES128 = "2.16.840.1.101.3.4.2"; - private static final String wrongAES192 = "2.16.840.1.101.3.4.22"; - private static final String wrongAES256 = "2.16.840.1.101.3.4.42"; - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("AlgorithmParameters.AES", PREFIX + "$AlgParams"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + wrongAES128, "AES"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + wrongAES192, "AES"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + wrongAES256, "AES"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes128_CBC, "AES"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes192_CBC, "AES"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes256_CBC, "AES"); - - provider.addAlgorithm("AlgorithmParameters.GCM", PREFIX + "$AlgParamsGCM"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes128_GCM, "GCM"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes192_GCM, "GCM"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes256_GCM, "GCM"); - - provider.addAlgorithm("AlgorithmParameterGenerator.AES", PREFIX + "$AlgParamGen"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES128, "AES"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES192, "AES"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES256, "AES"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "AES"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES"); - - provider.addAlgorithm("Cipher.AES", PREFIX + "$ECB"); - provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES128, "AES"); - provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES192, "AES"); - provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES256, "AES"); - provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$ECB"); - provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$ECB"); - provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$ECB"); - provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$CBC"); - provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$CBC"); - provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$CBC"); - provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$OFB"); - provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$OFB"); - provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$OFB"); - provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$CFB"); - provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$CFB"); - provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$CFB"); - provider.addAlgorithm("Cipher.AESWRAP", PREFIX + "$Wrap"); - provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_wrap, "AESWRAP"); - provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_wrap, "AESWRAP"); - provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_wrap, "AESWRAP"); - - provider.addAlgorithm("Cipher.AESRFC3211WRAP", PREFIX + "$RFC3211Wrap"); - provider.addAlgorithm("Cipher.AESRFC5649WRAP", PREFIX + "$RFC5649Wrap"); - - provider.addAlgorithm("Cipher.GCM", PREFIX + "$GCM"); - provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_GCM, "GCM"); - provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_GCM, "GCM"); - provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_GCM, "GCM"); - - provider.addAlgorithm("KeyGenerator.AES", PREFIX + "$KeyGen"); - provider.addAlgorithm("KeyGenerator." + wrongAES128, PREFIX + "$KeyGen128"); - provider.addAlgorithm("KeyGenerator." + wrongAES192, PREFIX + "$KeyGen192"); - provider.addAlgorithm("KeyGenerator." + wrongAES256, PREFIX + "$KeyGen256"); - provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$KeyGen128"); - provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$KeyGen128"); - provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$KeyGen128"); - provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$KeyGen128"); - provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$KeyGen192"); - provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$KeyGen192"); - provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$KeyGen192"); - provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$KeyGen192"); - provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$KeyGen256"); - provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$KeyGen256"); - provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$KeyGen256"); - provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$KeyGen256"); - provider.addAlgorithm("KeyGenerator.AESWRAP", PREFIX + "$KeyGen"); - provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_wrap, PREFIX + "$KeyGen128"); - provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_wrap, PREFIX + "$KeyGen192"); - provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_wrap, PREFIX + "$KeyGen256"); - - provider.addAlgorithm("Mac.AESCMAC", PREFIX + "$AESCMAC"); - - provider.addAlgorithm("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.getId(), "PBEWITHSHAAND128BITAES-CBC-BC"); - provider.addAlgorithm("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.getId(), "PBEWITHSHAAND192BITAES-CBC-BC"); - provider.addAlgorithm("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes256_cbc.getId(), "PBEWITHSHAAND256BITAES-CBC-BC"); - provider.addAlgorithm("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes128_cbc.getId(), "PBEWITHSHA256AND128BITAES-CBC-BC"); - provider.addAlgorithm("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PBEWITHSHA256AND192BITAES-CBC-BC"); - provider.addAlgorithm("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PBEWITHSHA256AND256BITAES-CBC-BC"); - - provider.addAlgorithm("Cipher.PBEWITHSHAAND128BITAES-CBC-BC", PREFIX + "$PBEWithAESCBC"); - provider.addAlgorithm("Cipher.PBEWITHSHAAND192BITAES-CBC-BC", PREFIX + "$PBEWithAESCBC"); - provider.addAlgorithm("Cipher.PBEWITHSHAAND256BITAES-CBC-BC", PREFIX + "$PBEWithAESCBC"); - provider.addAlgorithm("Cipher.PBEWITHSHA256AND128BITAES-CBC-BC", PREFIX + "$PBEWithAESCBC"); - provider.addAlgorithm("Cipher.PBEWITHSHA256AND192BITAES-CBC-BC", PREFIX + "$PBEWithAESCBC"); - provider.addAlgorithm("Cipher.PBEWITHSHA256AND256BITAES-CBC-BC", PREFIX + "$PBEWithAESCBC"); - - provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1AND128BITAES-CBC-BC","PBEWITHSHAAND128BITAES-CBC-BC"); - provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1AND192BITAES-CBC-BC","PBEWITHSHAAND192BITAES-CBC-BC"); - provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1AND256BITAES-CBC-BC","PBEWITHSHAAND256BITAES-CBC-BC"); - provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA-1AND128BITAES-CBC-BC","PBEWITHSHAAND128BITAES-CBC-BC"); - provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA-1AND192BITAES-CBC-BC","PBEWITHSHAAND192BITAES-CBC-BC"); - provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA-1AND256BITAES-CBC-BC","PBEWITHSHAAND256BITAES-CBC-BC"); - provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA-256AND128BITAES-CBC-BC","PBEWITHSHA256AND128BITAES-CBC-BC"); - provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA-256AND192BITAES-CBC-BC","PBEWITHSHA256AND192BITAES-CBC-BC"); - provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA-256AND256BITAES-CBC-BC","PBEWITHSHA256AND256BITAES-CBC-BC"); - - provider.addAlgorithm("Cipher.PBEWITHMD5AND128BITAES-CBC-OPENSSL", PREFIX + "$PBEWithAESCBC"); - provider.addAlgorithm("Cipher.PBEWITHMD5AND192BITAES-CBC-OPENSSL", PREFIX + "$PBEWithAESCBC"); - provider.addAlgorithm("Cipher.PBEWITHMD5AND256BITAES-CBC-OPENSSL", PREFIX + "$PBEWithAESCBC"); - - provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5AND128BITAES-CBC-OPENSSL", PREFIX + "$PBEWithMD5And128BitAESCBCOpenSSL"); - provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5AND192BITAES-CBC-OPENSSL", PREFIX + "$PBEWithMD5And192BitAESCBCOpenSSL"); - provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5AND256BITAES-CBC-OPENSSL", PREFIX + "$PBEWithMD5And256BitAESCBCOpenSSL"); - - provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND128BITAES-CBC-BC", PREFIX + "$PBEWithSHAAnd128BitAESBC"); - provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND192BITAES-CBC-BC", PREFIX + "$PBEWithSHAAnd192BitAESBC"); - provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND256BITAES-CBC-BC", PREFIX + "$PBEWithSHAAnd256BitAESBC"); - provider.addAlgorithm("SecretKeyFactory.PBEWITHSHA256AND128BITAES-CBC-BC", PREFIX + "$PBEWithSHA256And128BitAESBC"); - provider.addAlgorithm("SecretKeyFactory.PBEWITHSHA256AND192BITAES-CBC-BC", PREFIX + "$PBEWithSHA256And192BitAESBC"); - provider.addAlgorithm("SecretKeyFactory.PBEWITHSHA256AND256BITAES-CBC-BC", PREFIX + "$PBEWithSHA256And256BitAESBC"); - provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA1AND128BITAES-CBC-BC","PBEWITHSHAAND128BITAES-CBC-BC"); - provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA1AND192BITAES-CBC-BC","PBEWITHSHAAND192BITAES-CBC-BC"); - provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA1AND256BITAES-CBC-BC","PBEWITHSHAAND256BITAES-CBC-BC"); - provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA-1AND128BITAES-CBC-BC","PBEWITHSHAAND128BITAES-CBC-BC"); - provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA-1AND192BITAES-CBC-BC","PBEWITHSHAAND192BITAES-CBC-BC"); - provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA-1AND256BITAES-CBC-BC","PBEWITHSHAAND256BITAES-CBC-BC"); - provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA-256AND128BITAES-CBC-BC","PBEWITHSHA256AND128BITAES-CBC-BC"); - provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA-256AND192BITAES-CBC-BC","PBEWITHSHA256AND192BITAES-CBC-BC"); - provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA-256AND256BITAES-CBC-BC","PBEWITHSHA256AND256BITAES-CBC-BC"); - provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.getId(), "PBEWITHSHAAND128BITAES-CBC-BC"); - provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.getId(), "PBEWITHSHAAND192BITAES-CBC-BC"); - provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes256_cbc.getId(), "PBEWITHSHAAND256BITAES-CBC-BC"); - provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes128_cbc.getId(), "PBEWITHSHA256AND128BITAES-CBC-BC"); - provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PBEWITHSHA256AND192BITAES-CBC-BC"); - provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PBEWITHSHA256AND256BITAES-CBC-BC"); - - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITAES-CBC-BC", "PKCS12PBE"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND192BITAES-CBC-BC", "PKCS12PBE"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND256BITAES-CBC-BC", "PKCS12PBE"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA256AND128BITAES-CBC-BC", "PKCS12PBE"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA256AND192BITAES-CBC-BC", "PKCS12PBE"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA256AND256BITAES-CBC-BC", "PKCS12PBE"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA1AND128BITAES-CBC-BC","PKCS12PBE"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA1AND192BITAES-CBC-BC","PKCS12PBE"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA1AND256BITAES-CBC-BC","PKCS12PBE"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA-1AND128BITAES-CBC-BC","PKCS12PBE"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA-1AND192BITAES-CBC-BC","PKCS12PBE"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA-1AND256BITAES-CBC-BC","PKCS12PBE"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND128BITAES-CBC-BC","PKCS12PBE"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND192BITAES-CBC-BC","PKCS12PBE"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND256BITAES-CBC-BC","PKCS12PBE"); - - provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.getId(), "PKCS12PBE"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.getId(), "PKCS12PBE"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes256_cbc.getId(), "PKCS12PBE"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes128_cbc.getId(), "PKCS12PBE"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PKCS12PBE"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PKCS12PBE"); - - addGMacAlgorithm(provider, "AES", PREFIX + "$AESGMAC", PREFIX + "$KeyGen128"); - addPoly1305Algorithm(provider, "AES", PREFIX + "$Poly1305", PREFIX + "$Poly1305KeyGen"); - } - } - - private static Class lookup(String className) - { - try - { - Class def = AES.class.getClassLoader().loadClass(className); - - return def; - } - catch (Exception e) - { - return null; - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/ARC4.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/ARC4.java deleted file mode 100644 index e31ab296..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/ARC4.java +++ /dev/null @@ -1,124 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric; - -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.engines.RC4Engine; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseStreamCipher; -import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory; -import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; - -public final class ARC4 -{ - private ARC4() - { - } - - public static class Base - extends BaseStreamCipher - { - public Base() - { - super(new RC4Engine(), 0); - } - } - - public static class KeyGen - extends BaseKeyGenerator - { - public KeyGen() - { - super("RC4", 128, new CipherKeyGenerator()); - } - } - - /** - * PBEWithSHAAnd128BitRC4 - */ - static public class PBEWithSHAAnd128BitKeyFactory - extends PBESecretKeyFactory - { - public PBEWithSHAAnd128BitKeyFactory() - { - super("PBEWithSHAAnd128BitRC4", PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC4, true, PKCS12, SHA1, 128, 0); - } - } - - /** - * PBEWithSHAAnd40BitRC4 - */ - static public class PBEWithSHAAnd40BitKeyFactory - extends PBESecretKeyFactory - { - public PBEWithSHAAnd40BitKeyFactory() - { - super("PBEWithSHAAnd128BitRC4", PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC4, true, PKCS12, SHA1, 40, 0); - } - } - - - /** - * PBEWithSHAAnd128BitRC4 - */ - static public class PBEWithSHAAnd128Bit - extends BaseStreamCipher - { - public PBEWithSHAAnd128Bit() - { - super(new RC4Engine(), 0); - } - } - - /** - * PBEWithSHAAnd40BitRC4 - */ - static public class PBEWithSHAAnd40Bit - extends BaseStreamCipher - { - public PBEWithSHAAnd40Bit() - { - super(new RC4Engine(), 0); - } - } - - public static class Mappings - extends AlgorithmProvider - { - private static final String PREFIX = ARC4.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("Cipher.ARC4", PREFIX + "$Base"); - provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.rc4, "ARC4"); - provider.addAlgorithm("Alg.Alias.Cipher.ARCFOUR", "ARC4"); - provider.addAlgorithm("Alg.Alias.Cipher.RC4", "ARC4"); - provider.addAlgorithm("KeyGenerator.ARC4", PREFIX + "$KeyGen"); - provider.addAlgorithm("Alg.Alias.KeyGenerator.RC4", "ARC4"); - provider.addAlgorithm("Alg.Alias.KeyGenerator.1.2.840.113549.3.4", "ARC4"); - provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND128BITRC4", PREFIX + "$PBEWithSHAAnd128BitKeyFactory"); - provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND40BITRC4", PREFIX + "$PBEWithSHAAnd40BitKeyFactory"); - - provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC4, "PKCS12PBE"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC4, "PKCS12PBE"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND40BITRC4", "PKCS12PBE"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITRC4", "PKCS12PBE"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDRC4", "PKCS12PBE"); - provider.addAlgorithm("Cipher.PBEWITHSHAAND128BITRC4", PREFIX + "$PBEWithSHAAnd128Bit"); - provider.addAlgorithm("Cipher.PBEWITHSHAAND40BITRC4", PREFIX + "$PBEWithSHAAnd40Bit"); - - provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC4, "PBEWITHSHAAND128BITRC4"); - provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC4, "PBEWITHSHAAND40BITRC4"); - - provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1AND128BITRC4", "PBEWITHSHAAND128BITRC4"); - provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1AND40BITRC4", "PBEWITHSHAAND40BITRC4"); - - provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC4, "PBEWITHSHAAND128BITRC4"); - provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC4, "PBEWITHSHAAND40BITRC4"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java deleted file mode 100644 index 76949344..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java +++ /dev/null @@ -1,75 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric; - -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.engines.BlowfishEngine; -import org.bouncycastle.crypto.modes.CBCBlockCipher; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters; -import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; - -public final class Blowfish -{ - private Blowfish() - { - } - - public static class ECB - extends BaseBlockCipher - { - public ECB() - { - super(new BlowfishEngine()); - } - } - - public static class CBC - extends BaseBlockCipher - { - public CBC() - { - super(new CBCBlockCipher(new BlowfishEngine()), 64); - } - } - - public static class KeyGen - extends BaseKeyGenerator - { - public KeyGen() - { - super("Blowfish", 128, new CipherKeyGenerator()); - } - } - - public static class AlgParams - extends IvAlgorithmParameters - { - protected String engineToString() - { - return "Blowfish IV"; - } - } - - public static class Mappings - extends AlgorithmProvider - { - private static final String PREFIX = Blowfish.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - - provider.addAlgorithm("Cipher.BLOWFISH", PREFIX + "$ECB"); - provider.addAlgorithm("Cipher.1.3.6.1.4.1.3029.1.2", PREFIX + "$CBC"); - provider.addAlgorithm("KeyGenerator.BLOWFISH", PREFIX + "$KeyGen"); - provider.addAlgorithm("Alg.Alias.KeyGenerator.1.3.6.1.4.1.3029.1.2", "BLOWFISH"); - provider.addAlgorithm("AlgorithmParameters.BLOWFISH", PREFIX + "$AlgParams"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.1.3.6.1.4.1.3029.1.2", "BLOWFISH"); - - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/CAST5.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/CAST5.java deleted file mode 100644 index f360a41f..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/CAST5.java +++ /dev/null @@ -1,221 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric; - -import java.io.IOException; -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.InvalidParameterSpecException; - -import javax.crypto.spec.IvParameterSpec; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.misc.CAST5CBCParameters; -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.engines.CAST5Engine; -import org.bouncycastle.crypto.modes.CBCBlockCipher; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameters; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; -import org.bouncycastle.jce.provider.BouncyCastleProvider; - -public final class CAST5 -{ - private CAST5() - { - } - - public static class ECB - extends BaseBlockCipher - { - public ECB() - { - super(new CAST5Engine()); - } - } - - public static class CBC - extends BaseBlockCipher - { - public CBC() - { - super(new CBCBlockCipher(new CAST5Engine()), 64); - } - } - - public static class KeyGen - extends BaseKeyGenerator - { - public KeyGen() - { - super("CAST5", 128, new CipherKeyGenerator()); - } - } - - public static class AlgParamGen - extends BaseAlgorithmParameterGenerator - { - protected void engineInit( - AlgorithmParameterSpec genParamSpec, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for CAST5 parameter generation."); - } - - protected AlgorithmParameters engineGenerateParameters() - { - byte[] iv = new byte[8]; - - if (random == null) - { - random = new SecureRandom(); - } - - random.nextBytes(iv); - - AlgorithmParameters params; - - try - { - params = AlgorithmParameters.getInstance("CAST5", BouncyCastleProvider.PROVIDER_NAME); - params.init(new IvParameterSpec(iv)); - } - catch (Exception e) - { - throw new RuntimeException(e.getMessage()); - } - - return params; - } - } - - public static class AlgParams - extends BaseAlgorithmParameters - { - private byte[] iv; - private int keyLength = 128; - - protected byte[] engineGetEncoded() - { - byte[] tmp = new byte[iv.length]; - - System.arraycopy(iv, 0, tmp, 0, iv.length); - return tmp; - } - - protected byte[] engineGetEncoded( - String format) - throws IOException - { - if (this.isASN1FormatString(format)) - { - return new CAST5CBCParameters(engineGetEncoded(), keyLength).getEncoded(); - } - - if (format.equals("RAW")) - { - return engineGetEncoded(); - } - - - return null; - } - - protected AlgorithmParameterSpec localEngineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == IvParameterSpec.class) - { - return new IvParameterSpec(iv); - } - - throw new InvalidParameterSpecException("unknown parameter spec passed to CAST5 parameters object."); - } - - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec instanceof IvParameterSpec) - { - this.iv = ((IvParameterSpec)paramSpec).getIV(); - } - else - { - throw new InvalidParameterSpecException("IvParameterSpec required to initialise a CAST5 parameters algorithm parameters object"); - } - } - - protected void engineInit( - byte[] params) - throws IOException - { - this.iv = new byte[params.length]; - - System.arraycopy(params, 0, iv, 0, iv.length); - } - - protected void engineInit( - byte[] params, - String format) - throws IOException - { - if (this.isASN1FormatString(format)) - { - ASN1InputStream aIn = new ASN1InputStream(params); - CAST5CBCParameters p = CAST5CBCParameters.getInstance(aIn.readObject()); - - keyLength = p.getKeyLength(); - - iv = p.getIV(); - - return; - } - - if (format.equals("RAW")) - { - engineInit(params); - return; - } - - throw new IOException("Unknown parameters format in IV parameters object"); - } - - protected String engineToString() - { - return "CAST5 Parameters"; - } - } - - public static class Mappings - extends AlgorithmProvider - { - private static final String PREFIX = CAST5.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - - provider.addAlgorithm("AlgorithmParameters.CAST5", PREFIX + "$AlgParams"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.1.2.840.113533.7.66.10", "CAST5"); - - provider.addAlgorithm("AlgorithmParameterGenerator.CAST5", PREFIX + "$AlgParamGen"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator.1.2.840.113533.7.66.10", "CAST5"); - - provider.addAlgorithm("Cipher.CAST5", PREFIX + "$ECB"); - provider.addAlgorithm("Cipher.1.2.840.113533.7.66.10", PREFIX + "$CBC"); - - provider.addAlgorithm("KeyGenerator.CAST5", PREFIX + "$KeyGen"); - provider.addAlgorithm("Alg.Alias.KeyGenerator.1.2.840.113533.7.66.10", "CAST5"); - - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/CAST6.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/CAST6.java deleted file mode 100644 index d16e6c76..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/CAST6.java +++ /dev/null @@ -1,90 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.engines.CAST6Engine; -import org.bouncycastle.crypto.generators.Poly1305KeyGenerator; -import org.bouncycastle.crypto.macs.GMac; -import org.bouncycastle.crypto.modes.GCMBlockCipher; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; -import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider; - -public final class CAST6 -{ - private CAST6() - { - } - - public static class ECB - extends BaseBlockCipher - { - public ECB() - { - super(new BlockCipherProvider() - { - public BlockCipher get() - { - return new CAST6Engine(); - } - }); - } - } - - public static class KeyGen - extends BaseKeyGenerator - { - public KeyGen() - { - super("CAST6", 256, new CipherKeyGenerator()); - } - } - - public static class GMAC - extends BaseMac - { - public GMAC() - { - super(new GMac(new GCMBlockCipher(new CAST6Engine()))); - } - } - - public static class Poly1305 - extends BaseMac - { - public Poly1305() - { - super(new org.bouncycastle.crypto.macs.Poly1305(new CAST6Engine())); - } - } - - public static class Poly1305KeyGen - extends BaseKeyGenerator - { - public Poly1305KeyGen() - { - super("Poly1305-CAST6", 256, new Poly1305KeyGenerator()); - } - } - - public static class Mappings - extends SymmetricAlgorithmProvider - { - private static final String PREFIX = CAST6.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("Cipher.CAST6", PREFIX + "$ECB"); - provider.addAlgorithm("KeyGenerator.CAST6", PREFIX + "$KeyGen"); - - addGMacAlgorithm(provider, "CAST6", PREFIX + "$GMAC", PREFIX + "$KeyGen"); - addPoly1305Algorithm(provider, "CAST6", PREFIX + "$Poly1305", PREFIX + "$Poly1305KeyGen"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Camellia.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Camellia.java deleted file mode 100644 index 95b51567..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Camellia.java +++ /dev/null @@ -1,238 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric; - -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.spec.IvParameterSpec; - -import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers; -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.engines.CamelliaEngine; -import org.bouncycastle.crypto.engines.CamelliaWrapEngine; -import org.bouncycastle.crypto.engines.RFC3211WrapEngine; -import org.bouncycastle.crypto.generators.Poly1305KeyGenerator; -import org.bouncycastle.crypto.macs.GMac; -import org.bouncycastle.crypto.modes.CBCBlockCipher; -import org.bouncycastle.crypto.modes.GCMBlockCipher; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher; -import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters; -import org.bouncycastle.jce.provider.BouncyCastleProvider; - -public final class Camellia -{ - private Camellia() - { - } - - public static class ECB - extends BaseBlockCipher - { - public ECB() - { - super(new BlockCipherProvider() - { - public BlockCipher get() - { - return new CamelliaEngine(); - } - }); - } - } - - public static class CBC - extends BaseBlockCipher - { - public CBC() - { - super(new CBCBlockCipher(new CamelliaEngine()), 128); - } - } - - public static class Wrap - extends BaseWrapCipher - { - public Wrap() - { - super(new CamelliaWrapEngine()); - } - } - - public static class RFC3211Wrap - extends BaseWrapCipher - { - public RFC3211Wrap() - { - super(new RFC3211WrapEngine(new CamelliaEngine()), 16); - } - } - - public static class GMAC - extends BaseMac - { - public GMAC() - { - super(new GMac(new GCMBlockCipher(new CamelliaEngine()))); - } - } - - public static class Poly1305 - extends BaseMac - { - public Poly1305() - { - super(new org.bouncycastle.crypto.macs.Poly1305(new CamelliaEngine())); - } - } - - public static class Poly1305KeyGen - extends BaseKeyGenerator - { - public Poly1305KeyGen() - { - super("Poly1305-Camellia", 256, new Poly1305KeyGenerator()); - } - } - - public static class KeyGen - extends BaseKeyGenerator - { - public KeyGen() - { - this(256); - } - - public KeyGen(int keySize) - { - super("Camellia", keySize, new CipherKeyGenerator()); - } - } - - public static class KeyGen128 - extends KeyGen - { - public KeyGen128() - { - super(128); - } - } - - public static class KeyGen192 - extends KeyGen - { - public KeyGen192() - { - super(192); - } - } - - public static class KeyGen256 - extends KeyGen - { - public KeyGen256() - { - super(256); - } - } - - public static class AlgParamGen - extends BaseAlgorithmParameterGenerator - { - protected void engineInit( - AlgorithmParameterSpec genParamSpec, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for Camellia parameter generation."); - } - - protected AlgorithmParameters engineGenerateParameters() - { - byte[] iv = new byte[16]; - - if (random == null) - { - random = new SecureRandom(); - } - - random.nextBytes(iv); - - AlgorithmParameters params; - - try - { - params = AlgorithmParameters.getInstance("Camellia", BouncyCastleProvider.PROVIDER_NAME); - params.init(new IvParameterSpec(iv)); - } - catch (Exception e) - { - throw new RuntimeException(e.getMessage()); - } - - return params; - } - } - - public static class AlgParams - extends IvAlgorithmParameters - { - protected String engineToString() - { - return "Camellia IV"; - } - } - - public static class Mappings - extends SymmetricAlgorithmProvider - { - private static final String PREFIX = Camellia.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - - provider.addAlgorithm("AlgorithmParameters.CAMELLIA", PREFIX + "$AlgParams"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NTTObjectIdentifiers.id_camellia128_cbc, "CAMELLIA"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NTTObjectIdentifiers.id_camellia192_cbc, "CAMELLIA"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NTTObjectIdentifiers.id_camellia256_cbc, "CAMELLIA"); - - provider.addAlgorithm("AlgorithmParameterGenerator.CAMELLIA", PREFIX + "$AlgParamGen"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NTTObjectIdentifiers.id_camellia128_cbc, "CAMELLIA"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NTTObjectIdentifiers.id_camellia192_cbc, "CAMELLIA"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NTTObjectIdentifiers.id_camellia256_cbc, "CAMELLIA"); - - provider.addAlgorithm("Cipher.CAMELLIA", PREFIX + "$ECB"); - provider.addAlgorithm("Cipher." + NTTObjectIdentifiers.id_camellia128_cbc, PREFIX + "$CBC"); - provider.addAlgorithm("Cipher." + NTTObjectIdentifiers.id_camellia192_cbc, PREFIX + "$CBC"); - provider.addAlgorithm("Cipher." + NTTObjectIdentifiers.id_camellia256_cbc, PREFIX + "$CBC"); - - provider.addAlgorithm("Cipher.CAMELLIARFC3211WRAP", PREFIX + "$RFC3211Wrap"); - provider.addAlgorithm("Cipher.CAMELLIAWRAP", PREFIX + "$Wrap"); - provider.addAlgorithm("Alg.Alias.Cipher." + NTTObjectIdentifiers.id_camellia128_wrap, "CAMELLIAWRAP"); - provider.addAlgorithm("Alg.Alias.Cipher." + NTTObjectIdentifiers.id_camellia192_wrap, "CAMELLIAWRAP"); - provider.addAlgorithm("Alg.Alias.Cipher." + NTTObjectIdentifiers.id_camellia256_wrap, "CAMELLIAWRAP"); - - provider.addAlgorithm("KeyGenerator.CAMELLIA", PREFIX + "$KeyGen"); - provider.addAlgorithm("KeyGenerator." + NTTObjectIdentifiers.id_camellia128_wrap, PREFIX + "$KeyGen128"); - provider.addAlgorithm("KeyGenerator." + NTTObjectIdentifiers.id_camellia192_wrap, PREFIX + "$KeyGen192"); - provider.addAlgorithm("KeyGenerator." + NTTObjectIdentifiers.id_camellia256_wrap, PREFIX + "$KeyGen256"); - provider.addAlgorithm("KeyGenerator." + NTTObjectIdentifiers.id_camellia128_cbc, PREFIX + "$KeyGen128"); - provider.addAlgorithm("KeyGenerator." + NTTObjectIdentifiers.id_camellia192_cbc, PREFIX + "$KeyGen192"); - provider.addAlgorithm("KeyGenerator." + NTTObjectIdentifiers.id_camellia256_cbc, PREFIX + "$KeyGen256"); - - addGMacAlgorithm(provider, "CAMELLIA", PREFIX + "$GMAC", PREFIX + "$KeyGen"); - addPoly1305Algorithm(provider, "CAMELLIA", PREFIX + "$Poly1305", PREFIX + "$Poly1305KeyGen"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/ChaCha.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/ChaCha.java deleted file mode 100644 index ff748ae4..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/ChaCha.java +++ /dev/null @@ -1,51 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric; - -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.engines.ChaChaEngine; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseStreamCipher; -import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; - -public final class ChaCha -{ - private ChaCha() - { - } - - public static class Base - extends BaseStreamCipher - { - public Base() - { - super(new ChaChaEngine(), 8); - } - } - - public static class KeyGen - extends BaseKeyGenerator - { - public KeyGen() - { - super("ChaCha", 128, new CipherKeyGenerator()); - } - } - - public static class Mappings - extends AlgorithmProvider - { - private static final String PREFIX = ChaCha.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - - provider.addAlgorithm("Cipher.CHACHA", PREFIX + "$Base"); - provider.addAlgorithm("KeyGenerator.CHACHA", PREFIX + "$KeyGen"); - - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DES.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DES.java deleted file mode 100644 index f3411950..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DES.java +++ /dev/null @@ -1,505 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric; - -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.KeySpec; - -import javax.crypto.SecretKey; -import javax.crypto.spec.DESKeySpec; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.PBEKeySpec; -import javax.crypto.spec.SecretKeySpec; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.KeyGenerationParameters; -import org.bouncycastle.crypto.engines.DESEngine; -import org.bouncycastle.crypto.engines.RFC3211WrapEngine; -import org.bouncycastle.crypto.generators.DESKeyGenerator; -import org.bouncycastle.crypto.macs.CBCBlockCipherMac; -import org.bouncycastle.crypto.macs.CFBBlockCipherMac; -import org.bouncycastle.crypto.macs.CMac; -import org.bouncycastle.crypto.macs.ISO9797Alg3Mac; -import org.bouncycastle.crypto.modes.CBCBlockCipher; -import org.bouncycastle.crypto.paddings.ISO7816d4Padding; -import org.bouncycastle.crypto.params.DESParameters; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseSecretKeyFactory; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher; -import org.bouncycastle.jcajce.provider.symmetric.util.PBE; -import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; -import org.bouncycastle.jce.provider.BouncyCastleProvider; - -public final class DES -{ - private DES() - { - } - - static public class ECB - extends BaseBlockCipher - { - public ECB() - { - super(new DESEngine()); - } - } - - static public class CBC - extends BaseBlockCipher - { - public CBC() - { - super(new CBCBlockCipher(new DESEngine()), 64); - } - } - - /** - * DES CFB8 - */ - public static class DESCFB8 - extends BaseMac - { - public DESCFB8() - { - super(new CFBBlockCipherMac(new DESEngine())); - } - } - - /** - * DES64 - */ - public static class DES64 - extends BaseMac - { - public DES64() - { - super(new CBCBlockCipherMac(new DESEngine(), 64)); - } - } - - /** - * DES64with7816-4Padding - */ - public static class DES64with7816d4 - extends BaseMac - { - public DES64with7816d4() - { - super(new CBCBlockCipherMac(new DESEngine(), 64, new ISO7816d4Padding())); - } - } - - public static class CBCMAC - extends BaseMac - { - public CBCMAC() - { - super(new CBCBlockCipherMac(new DESEngine())); - } - } - - static public class CMAC - extends BaseMac - { - public CMAC() - { - super(new CMac(new DESEngine())); - } - } - - /** - * DES9797Alg3with7816-4Padding - */ - public static class DES9797Alg3with7816d4 - extends BaseMac - { - public DES9797Alg3with7816d4() - { - super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding())); - } - } - - /** - * DES9797Alg3 - */ - public static class DES9797Alg3 - extends BaseMac - { - public DES9797Alg3() - { - super(new ISO9797Alg3Mac(new DESEngine())); - } - } - - public static class RFC3211 - extends BaseWrapCipher - { - public RFC3211() - { - super(new RFC3211WrapEngine(new DESEngine()), 8); - } - } - - public static class AlgParamGen - extends BaseAlgorithmParameterGenerator - { - protected void engineInit( - AlgorithmParameterSpec genParamSpec, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation."); - } - - protected AlgorithmParameters engineGenerateParameters() - { - byte[] iv = new byte[8]; - - if (random == null) - { - random = new SecureRandom(); - } - - random.nextBytes(iv); - - AlgorithmParameters params; - - try - { - params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME); - params.init(new IvParameterSpec(iv)); - } - catch (Exception e) - { - throw new RuntimeException(e.getMessage()); - } - - return params; - } - } - - /** - * DES - the default for this is to generate a key in - * a-b-a format that's 24 bytes long but has 16 bytes of - * key material (the first 8 bytes is repeated as the last - * 8 bytes). If you give it a size, you'll get just what you - * asked for. - */ - public static class KeyGenerator - extends BaseKeyGenerator - { - public KeyGenerator() - { - super("DES", 64, new DESKeyGenerator()); - } - - protected void engineInit( - int keySize, - SecureRandom random) - { - super.engineInit(keySize, random); - } - - protected SecretKey engineGenerateKey() - { - if (uninitialised) - { - engine.init(new KeyGenerationParameters(new SecureRandom(), defaultKeySize)); - uninitialised = false; - } - - return new SecretKeySpec(engine.generateKey(), algName); - } - } - - static public class KeyFactory - extends BaseSecretKeyFactory - { - public KeyFactory() - { - super("DES", null); - } - - protected KeySpec engineGetKeySpec( - SecretKey key, - Class keySpec) - throws InvalidKeySpecException - { - if (keySpec == null) - { - throw new InvalidKeySpecException("keySpec parameter is null"); - } - if (key == null) - { - throw new InvalidKeySpecException("key parameter is null"); - } - - if (SecretKeySpec.class.isAssignableFrom(keySpec)) - { - return new SecretKeySpec(key.getEncoded(), algName); - } - else if (DESKeySpec.class.isAssignableFrom(keySpec)) - { - byte[] bytes = key.getEncoded(); - - try - { - return new DESKeySpec(bytes); - } - catch (Exception e) - { - throw new InvalidKeySpecException(e.toString()); - } - } - - throw new InvalidKeySpecException("Invalid KeySpec"); - } - - protected SecretKey engineGenerateSecret( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof DESKeySpec) - { - DESKeySpec desKeySpec = (DESKeySpec)keySpec; - return new SecretKeySpec(desKeySpec.getKey(), "DES"); - } - - return super.engineGenerateSecret(keySpec); - } - } - - static public class DESPBEKeyFactory - extends BaseSecretKeyFactory - { - private boolean forCipher; - private int scheme; - private int digest; - private int keySize; - private int ivSize; - - public DESPBEKeyFactory( - String algorithm, - ASN1ObjectIdentifier oid, - boolean forCipher, - int scheme, - int digest, - int keySize, - int ivSize) - { - super(algorithm, oid); - - this.forCipher = forCipher; - this.scheme = scheme; - this.digest = digest; - this.keySize = keySize; - this.ivSize = ivSize; - } - - protected SecretKey engineGenerateSecret( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof PBEKeySpec) - { - PBEKeySpec pbeSpec = (PBEKeySpec)keySpec; - CipherParameters param; - - if (pbeSpec.getSalt() == null) - { - return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, null); - } - - if (forCipher) - { - param = PBE.Util.makePBEParameters(pbeSpec, scheme, digest, keySize, ivSize); - } - else - { - param = PBE.Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize); - } - - KeyParameter kParam; - if (param instanceof ParametersWithIV) - { - kParam = (KeyParameter)((ParametersWithIV)param).getParameters(); - } - else - { - kParam = (KeyParameter)param; - } - - DESParameters.setOddParity(kParam.getKey()); - - return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); - } - - throw new InvalidKeySpecException("Invalid KeySpec"); - } - } - - /** - * PBEWithMD2AndDES - */ - static public class PBEWithMD2KeyFactory - extends DESPBEKeyFactory - { - public PBEWithMD2KeyFactory() - { - super("PBEwithMD2andDES", PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, true, PKCS5S1, MD2, 64, 64); - } - } - - /** - * PBEWithMD5AndDES - */ - static public class PBEWithMD5KeyFactory - extends DESPBEKeyFactory - { - public PBEWithMD5KeyFactory() - { - super("PBEwithMD5andDES", PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, true, PKCS5S1, MD5, 64, 64); - } - } - - /** - * PBEWithSHA1AndDES - */ - static public class PBEWithSHA1KeyFactory - extends DESPBEKeyFactory - { - public PBEWithSHA1KeyFactory() - { - super("PBEwithSHA1andDES", PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, true, PKCS5S1, SHA1, 64, 64); - } - } - - /** - * PBEWithMD2AndDES - */ - static public class PBEWithMD2 - extends BaseBlockCipher - { - public PBEWithMD2() - { - super(new CBCBlockCipher(new DESEngine())); - } - } - - /** - * PBEWithMD5AndDES - */ - static public class PBEWithMD5 - extends BaseBlockCipher - { - public PBEWithMD5() - { - super(new CBCBlockCipher(new DESEngine())); - } - } - - /** - * PBEWithSHA1AndDES - */ - static public class PBEWithSHA1 - extends BaseBlockCipher - { - public PBEWithSHA1() - { - super(new CBCBlockCipher(new DESEngine())); - } - } - - public static class Mappings - extends AlgorithmProvider - { - private static final String PREFIX = DES.class.getName(); - private static final String PACKAGE = "org.bouncycastle.jcajce.provider.symmetric"; // JDK 1.2 - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - - provider.addAlgorithm("Cipher.DES", PREFIX + "$ECB"); - provider.addAlgorithm("Cipher." + OIWObjectIdentifiers.desCBC, PREFIX + "$CBC"); - - addAlias(provider, OIWObjectIdentifiers.desCBC, "DES"); - - provider.addAlgorithm("Cipher.DESRFC3211WRAP", PREFIX + "$RFC3211"); - - provider.addAlgorithm("KeyGenerator.DES", PREFIX + "$KeyGenerator"); - - provider.addAlgorithm("SecretKeyFactory.DES", PREFIX + "$KeyFactory"); - - provider.addAlgorithm("Mac.DESCMAC", PREFIX + "$CMAC"); - provider.addAlgorithm("Mac.DESMAC", PREFIX + "$CBCMAC"); - provider.addAlgorithm("Alg.Alias.Mac.DES", "DESMAC"); - - provider.addAlgorithm("Mac.DESMAC/CFB8", PREFIX + "$DESCFB8"); - provider.addAlgorithm("Alg.Alias.Mac.DES/CFB8", "DESMAC/CFB8"); - - provider.addAlgorithm("Mac.DESMAC64", PREFIX + "$DES64"); - provider.addAlgorithm("Alg.Alias.Mac.DES64", "DESMAC64"); - - provider.addAlgorithm("Mac.DESMAC64WITHISO7816-4PADDING", PREFIX + "$DES64with7816d4"); - provider.addAlgorithm("Alg.Alias.Mac.DES64WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); - provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1MACWITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); - provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING"); - - provider.addAlgorithm("Mac.DESWITHISO9797", PREFIX + "$DES9797Alg3"); - provider.addAlgorithm("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797"); - - provider.addAlgorithm("Mac.ISO9797ALG3MAC", PREFIX + "$DES9797Alg3"); - provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC"); - provider.addAlgorithm("Mac.ISO9797ALG3WITHISO7816-4PADDING", PREFIX + "$DES9797Alg3with7816d4"); - provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING"); - - provider.addAlgorithm("AlgorithmParameters.DES", PACKAGE + ".util.IvAlgorithmParameters"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + OIWObjectIdentifiers.desCBC, "DES"); - - provider.addAlgorithm("AlgorithmParameterGenerator.DES", PREFIX + "$AlgParamGen"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + OIWObjectIdentifiers.desCBC, "DES"); - - provider.addAlgorithm("Cipher.PBEWITHMD2ANDDES", PREFIX + "$PBEWithMD2"); - provider.addAlgorithm("Cipher.PBEWITHMD5ANDDES", PREFIX + "$PBEWithMD5"); - provider.addAlgorithm("Cipher.PBEWITHSHA1ANDDES", PREFIX + "$PBEWithSHA1"); - - provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); - provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES"); - provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES"); - - provider.addAlgorithm("SecretKeyFactory.PBEWITHMD2ANDDES", PREFIX + "$PBEWithMD2KeyFactory"); - provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5ANDDES", PREFIX + "$PBEWithMD5KeyFactory"); - provider.addAlgorithm("SecretKeyFactory.PBEWITHSHA1ANDDES", PREFIX + "$PBEWithSHA1KeyFactory"); - - provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDDES-CBC", "PBEWITHMD2ANDDES"); - provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDDES-CBC", "PBEWITHMD5ANDDES"); - provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDDES-CBC", "PBEWITHSHA1ANDDES"); - provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES"); - provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES"); - provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES"); - } - - private void addAlias(ConfigurableProvider provider, ASN1ObjectIdentifier oid, String name) - { - provider.addAlgorithm("Alg.Alias.KeyGenerator." + oid.getId(), name); - provider.addAlgorithm("Alg.Alias.KeyFactory." + oid.getId(), name); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DESede.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DESede.java deleted file mode 100644 index 0f53e504..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DESede.java +++ /dev/null @@ -1,435 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric; - -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.KeySpec; - -import javax.crypto.SecretKey; -import javax.crypto.spec.DESedeKeySpec; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.SecretKeySpec; - -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.crypto.KeyGenerationParameters; -import org.bouncycastle.crypto.engines.DESedeEngine; -import org.bouncycastle.crypto.engines.DESedeWrapEngine; -import org.bouncycastle.crypto.engines.RFC3211WrapEngine; -import org.bouncycastle.crypto.generators.DESedeKeyGenerator; -import org.bouncycastle.crypto.macs.CBCBlockCipherMac; -import org.bouncycastle.crypto.macs.CFBBlockCipherMac; -import org.bouncycastle.crypto.macs.CMac; -import org.bouncycastle.crypto.modes.CBCBlockCipher; -import org.bouncycastle.crypto.paddings.ISO7816d4Padding; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseSecretKeyFactory; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher; -import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; -import org.bouncycastle.jce.provider.BouncyCastleProvider; - -public final class DESede -{ - private DESede() - { - } - - static public class ECB - extends BaseBlockCipher - { - public ECB() - { - super(new DESedeEngine()); - } - } - - static public class CBC - extends BaseBlockCipher - { - public CBC() - { - super(new CBCBlockCipher(new DESedeEngine()), 64); - } - } - - /** - * DESede CFB8 - */ - public static class DESedeCFB8 - extends BaseMac - { - public DESedeCFB8() - { - super(new CFBBlockCipherMac(new DESedeEngine())); - } - } - - /** - * DESede64 - */ - public static class DESede64 - extends BaseMac - { - public DESede64() - { - super(new CBCBlockCipherMac(new DESedeEngine(), 64)); - } - } - - /** - * DESede64with7816-4Padding - */ - public static class DESede64with7816d4 - extends BaseMac - { - public DESede64with7816d4() - { - super(new CBCBlockCipherMac(new DESedeEngine(), 64, new ISO7816d4Padding())); - } - } - - public static class CBCMAC - extends BaseMac - { - public CBCMAC() - { - super(new CBCBlockCipherMac(new DESedeEngine())); - } - } - - static public class CMAC - extends BaseMac - { - public CMAC() - { - super(new CMac(new DESedeEngine())); - } - } - - public static class Wrap - extends BaseWrapCipher - { - public Wrap() - { - super(new DESedeWrapEngine()); - } - } - - public static class RFC3211 - extends BaseWrapCipher - { - public RFC3211() - { - super(new RFC3211WrapEngine(new DESedeEngine()), 8); - } - } - - /** - * DESede - the default for this is to generate a key in - * a-b-a format that's 24 bytes long but has 16 bytes of - * key material (the first 8 bytes is repeated as the last - * 8 bytes). If you give it a size, you'll get just what you - * asked for. - */ - public static class KeyGenerator - extends BaseKeyGenerator - { - private boolean keySizeSet = false; - - public KeyGenerator() - { - super("DESede", 192, new DESedeKeyGenerator()); - } - - protected void engineInit( - int keySize, - SecureRandom random) - { - super.engineInit(keySize, random); - keySizeSet = true; - } - - protected SecretKey engineGenerateKey() - { - if (uninitialised) - { - engine.init(new KeyGenerationParameters(new SecureRandom(), defaultKeySize)); - uninitialised = false; - } - - // - // if no key size has been defined generate a 24 byte key in - // the a-b-a format - // - if (!keySizeSet) - { - byte[] k = engine.generateKey(); - - System.arraycopy(k, 0, k, 16, 8); - - return new SecretKeySpec(k, algName); - } - else - { - return new SecretKeySpec(engine.generateKey(), algName); - } - } - } - - /** - * generate a desEDE key in the a-b-c format. - */ - public static class KeyGenerator3 - extends BaseKeyGenerator - { - public KeyGenerator3() - { - super("DESede3", 192, new DESedeKeyGenerator()); - } - } - - /** - * PBEWithSHAAnd3-KeyTripleDES-CBC - */ - static public class PBEWithSHAAndDES3Key - extends BaseBlockCipher - { - public PBEWithSHAAndDES3Key() - { - super(new CBCBlockCipher(new DESedeEngine())); - } - } - - /** - * PBEWithSHAAnd2-KeyTripleDES-CBC - */ - static public class PBEWithSHAAndDES2Key - extends BaseBlockCipher - { - public PBEWithSHAAndDES2Key() - { - super(new CBCBlockCipher(new DESedeEngine())); - } - } - - /** - * PBEWithSHAAnd3-KeyTripleDES-CBC - */ - static public class PBEWithSHAAndDES3KeyFactory - extends DES.DESPBEKeyFactory - { - public PBEWithSHAAndDES3KeyFactory() - { - super("PBEwithSHAandDES3Key-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, true, PKCS12, SHA1, 192, 64); - } - } - - /** - * PBEWithSHAAnd2-KeyTripleDES-CBC - */ - static public class PBEWithSHAAndDES2KeyFactory - extends DES.DESPBEKeyFactory - { - public PBEWithSHAAndDES2KeyFactory() - { - super("PBEwithSHAandDES2Key-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd2_KeyTripleDES_CBC, true, PKCS12, SHA1, 128, 64); - } - } - - public static class AlgParamGen - extends BaseAlgorithmParameterGenerator - { - protected void engineInit( - AlgorithmParameterSpec genParamSpec, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation."); - } - - protected AlgorithmParameters engineGenerateParameters() - { - byte[] iv = new byte[8]; - - if (random == null) - { - random = new SecureRandom(); - } - - random.nextBytes(iv); - - AlgorithmParameters params; - - try - { - params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME); - params.init(new IvParameterSpec(iv)); - } - catch (Exception e) - { - throw new RuntimeException(e.getMessage()); - } - - return params; - } - } - - static public class KeyFactory - extends BaseSecretKeyFactory - { - public KeyFactory() - { - super("DESede", null); - } - - protected KeySpec engineGetKeySpec( - SecretKey key, - Class keySpec) - throws InvalidKeySpecException - { - if (keySpec == null) - { - throw new InvalidKeySpecException("keySpec parameter is null"); - } - if (key == null) - { - throw new InvalidKeySpecException("key parameter is null"); - } - - if (SecretKeySpec.class.isAssignableFrom(keySpec)) - { - return new SecretKeySpec(key.getEncoded(), algName); - } - else if (DESedeKeySpec.class.isAssignableFrom(keySpec)) - { - byte[] bytes = key.getEncoded(); - - try - { - if (bytes.length == 16) - { - byte[] longKey = new byte[24]; - - System.arraycopy(bytes, 0, longKey, 0, 16); - System.arraycopy(bytes, 0, longKey, 16, 8); - - return new DESedeKeySpec(longKey); - } - else - { - return new DESedeKeySpec(bytes); - } - } - catch (Exception e) - { - throw new InvalidKeySpecException(e.toString()); - } - } - - throw new InvalidKeySpecException("Invalid KeySpec"); - } - - protected SecretKey engineGenerateSecret( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof DESedeKeySpec) - { - DESedeKeySpec desKeySpec = (DESedeKeySpec)keySpec; - return new SecretKeySpec(desKeySpec.getKey(), "DESede"); - } - - return super.engineGenerateSecret(keySpec); - } - } - - public static class Mappings - extends AlgorithmProvider - { - private static final String PREFIX = DESede.class.getName(); - private static final String PACKAGE = "org.bouncycastle.jcajce.provider.symmetric"; // JDK 1.2 - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("Cipher.DESEDE", PREFIX + "$ECB"); - provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$CBC"); - provider.addAlgorithm("Cipher.DESEDEWRAP", PREFIX + "$Wrap"); - provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.id_alg_CMS3DESwrap, PREFIX + "$Wrap"); - provider.addAlgorithm("Cipher.DESEDERFC3211WRAP", PREFIX + "$RFC3211"); - - provider.addAlgorithm("Alg.Alias.Cipher.TDEA", "DESEDE"); - provider.addAlgorithm("Alg.Alias.Cipher.TDEAWRAP", "DESEDEWRAP"); - provider.addAlgorithm("Alg.Alias.KeyGenerator.TDEA", "DESEDE"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.TDEA", "DESEDE"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator.TDEA", "DESEDE"); - provider.addAlgorithm("Alg.Alias.SecretKeyFactory.TDEA", "DESEDE"); - - if (provider.hasAlgorithm("MessageDigest", "SHA-1")) - { - provider.addAlgorithm("Cipher.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES3Key"); - provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES3Key"); - provider.addAlgorithm("Cipher.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$OldPBEWithSHAAndDES3Key"); - provider.addAlgorithm("Cipher.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES2Key"); - provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES2Key"); - provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); - provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHAAnd2_KeyTripleDES_CBC, "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); - provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1ANDDESEDE", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); - provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1AND3-KEYTRIPLEDES-CBC", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); - provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1AND2-KEYTRIPLEDES-CBC", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); - } - - provider.addAlgorithm("KeyGenerator.DESEDE", PREFIX + "$KeyGenerator"); - provider.addAlgorithm("KeyGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$KeyGenerator3"); - provider.addAlgorithm("KeyGenerator.DESEDEWRAP", PREFIX + "$KeyGenerator"); - - provider.addAlgorithm("SecretKeyFactory.DESEDE", PREFIX + "$KeyFactory"); - - provider.addAlgorithm("Mac.DESEDECMAC", PREFIX + "$CMAC"); - provider.addAlgorithm("Mac.DESEDEMAC", PREFIX + "$CBCMAC"); - provider.addAlgorithm("Alg.Alias.Mac.DESEDE", "DESEDEMAC"); - - provider.addAlgorithm("Mac.DESEDEMAC/CFB8", PREFIX + "$DESedeCFB8"); - provider.addAlgorithm("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8"); - - provider.addAlgorithm("Mac.DESEDEMAC64", PREFIX + "$DESede64"); - provider.addAlgorithm("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64"); - - provider.addAlgorithm("Mac.DESEDEMAC64WITHISO7816-4PADDING", PREFIX + "$DESede64with7816d4"); - provider.addAlgorithm("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); - provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); - provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING"); - - provider.addAlgorithm("AlgorithmParameters.DESEDE", PACKAGE + ".util.IvAlgorithmParameters"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE"); - - provider.addAlgorithm("AlgorithmParameterGenerator.DESEDE", PREFIX + "$AlgParamGen"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE"); - - provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES3KeyFactory"); - provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES2KeyFactory"); - - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND3-KEYTRIPLEDES", "PKCS12PBE"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND2-KEYTRIPLEDES", "PKCS12PBE"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PKCS12PBE"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", "PKCS12PBE"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDDES3KEY-CBC", "PKCS12PBE"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDDES2KEY-CBC", "PKCS12PBE"); - - provider.addAlgorithm("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.3", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); - provider.addAlgorithm("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.4", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); - provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWithSHAAnd3KeyTripleDES", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.3", "PKCS12PBE"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.4", "PKCS12PBE"); - provider.addAlgorithm("Alg.Alias.Cipher.PBEWithSHAAnd3KeyTripleDES", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/GOST28147.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/GOST28147.java deleted file mode 100644 index fcaea941..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/GOST28147.java +++ /dev/null @@ -1,157 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric; - -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.spec.IvParameterSpec; - -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.crypto.BufferedBlockCipher; -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.engines.GOST28147Engine; -import org.bouncycastle.crypto.macs.GOST28147Mac; -import org.bouncycastle.crypto.modes.CBCBlockCipher; -import org.bouncycastle.crypto.modes.GCFBBlockCipher; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; -import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters; -import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; -import org.bouncycastle.jce.provider.BouncyCastleProvider; - -public final class GOST28147 -{ - private GOST28147() - { - } - - public static class ECB - extends BaseBlockCipher - { - public ECB() - { - super(new GOST28147Engine()); - } - } - - public static class CBC - extends BaseBlockCipher - { - public CBC() - { - super(new CBCBlockCipher(new GOST28147Engine()), 64); - } - } - - public static class GCFB - extends BaseBlockCipher - { - public GCFB() - { - super(new BufferedBlockCipher(new GCFBBlockCipher(new GOST28147Engine())), 64); - } - } - - /** - * GOST28147 - */ - public static class Mac - extends BaseMac - { - public Mac() - { - super(new GOST28147Mac()); - } - } - - public static class KeyGen - extends BaseKeyGenerator - { - public KeyGen() - { - this(256); - } - - public KeyGen(int keySize) - { - super("GOST28147", keySize, new CipherKeyGenerator()); - } - } - - public static class AlgParamGen - extends BaseAlgorithmParameterGenerator - { - protected void engineInit( - AlgorithmParameterSpec genParamSpec, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for GOST28147 parameter generation."); - } - - protected AlgorithmParameters engineGenerateParameters() - { - byte[] iv = new byte[16]; - - if (random == null) - { - random = new SecureRandom(); - } - - random.nextBytes(iv); - - AlgorithmParameters params; - - try - { - params = AlgorithmParameters.getInstance("GOST28147", BouncyCastleProvider.PROVIDER_NAME); - params.init(new IvParameterSpec(iv)); - } - catch (Exception e) - { - throw new RuntimeException(e.getMessage()); - } - - return params; - } - } - - public static class AlgParams - extends IvAlgorithmParameters - { - protected String engineToString() - { - return "GOST IV"; - } - } - - public static class Mappings - extends AlgorithmProvider - { - private static final String PREFIX = GOST28147.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("Cipher.GOST28147", PREFIX + "$ECB"); - provider.addAlgorithm("Alg.Alias.Cipher.GOST", "GOST28147"); - provider.addAlgorithm("Alg.Alias.Cipher.GOST-28147", "GOST28147"); - provider.addAlgorithm("Cipher." + CryptoProObjectIdentifiers.gostR28147_gcfb, PREFIX + "$GCFB"); - - provider.addAlgorithm("KeyGenerator.GOST28147", PREFIX + "$KeyGen"); - provider.addAlgorithm("Alg.Alias.KeyGenerator.GOST", "GOST28147"); - provider.addAlgorithm("Alg.Alias.KeyGenerator.GOST-28147", "GOST28147"); - provider.addAlgorithm("Alg.Alias.KeyGenerator." + CryptoProObjectIdentifiers.gostR28147_gcfb, "GOST28147"); - - provider.addAlgorithm("Mac.GOST28147MAC", PREFIX + "$Mac"); - provider.addAlgorithm("Alg.Alias.Mac.GOST28147", "GOST28147MAC"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Grain128.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Grain128.java deleted file mode 100644 index d7232b11..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Grain128.java +++ /dev/null @@ -1,49 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric; - -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.engines.Grain128Engine; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseStreamCipher; -import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; - -public final class Grain128 -{ - private Grain128() - { - } - - public static class Base - extends BaseStreamCipher - { - public Base() - { - super(new Grain128Engine(), 12); - } - } - - public static class KeyGen - extends BaseKeyGenerator - { - public KeyGen() - { - super("Grain128", 128, new CipherKeyGenerator()); - } - } - - public static class Mappings - extends AlgorithmProvider - { - private static final String PREFIX = Grain128.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("Cipher.Grain128", PREFIX + "$Base"); - provider.addAlgorithm("KeyGenerator.Grain128", PREFIX + "$KeyGen"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Grainv1.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Grainv1.java deleted file mode 100644 index fce224d2..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Grainv1.java +++ /dev/null @@ -1,49 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric; - -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.engines.Grainv1Engine; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseStreamCipher; -import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; - -public final class Grainv1 -{ - private Grainv1() - { - } - - public static class Base - extends BaseStreamCipher - { - public Base() - { - super(new Grainv1Engine(), 8); - } - } - - public static class KeyGen - extends BaseKeyGenerator - { - public KeyGen() - { - super("Grainv1", 80, new CipherKeyGenerator()); - } - } - - public static class Mappings - extends AlgorithmProvider - { - private static final String PREFIX = Grainv1.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("Cipher.Grainv1", PREFIX + "$Base"); - provider.addAlgorithm("KeyGenerator.Grainv1", PREFIX + "$KeyGen"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/HC128.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/HC128.java deleted file mode 100644 index efe7ede1..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/HC128.java +++ /dev/null @@ -1,49 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric; - -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.engines.HC128Engine; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseStreamCipher; -import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; - -public final class HC128 -{ - private HC128() - { - } - - public static class Base - extends BaseStreamCipher - { - public Base() - { - super(new HC128Engine(), 16); - } - } - - public static class KeyGen - extends BaseKeyGenerator - { - public KeyGen() - { - super("HC128", 128, new CipherKeyGenerator()); - } - } - - public static class Mappings - extends AlgorithmProvider - { - private static final String PREFIX = HC128.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("Cipher.HC128", PREFIX + "$Base"); - provider.addAlgorithm("KeyGenerator.HC128", PREFIX + "$KeyGen"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/HC256.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/HC256.java deleted file mode 100644 index dd93445b..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/HC256.java +++ /dev/null @@ -1,49 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric; - -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.engines.HC256Engine; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseStreamCipher; -import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; - -public final class HC256 -{ - private HC256() - { - } - - public static class Base - extends BaseStreamCipher - { - public Base() - { - super(new HC256Engine(), 32); - } - } - - public static class KeyGen - extends BaseKeyGenerator - { - public KeyGen() - { - super("HC256", 256, new CipherKeyGenerator()); - } - } - - public static class Mappings - extends AlgorithmProvider - { - private static final String PREFIX = HC256.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("Cipher.HC256", PREFIX + "$Base"); - provider.addAlgorithm("KeyGenerator.HC256", PREFIX + "$KeyGen"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/IDEA.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/IDEA.java deleted file mode 100644 index 4248eb8d..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/IDEA.java +++ /dev/null @@ -1,258 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric; - -import java.io.IOException; -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.InvalidParameterSpecException; - -import javax.crypto.spec.IvParameterSpec; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.misc.IDEACBCPar; -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.engines.IDEAEngine; -import org.bouncycastle.crypto.macs.CBCBlockCipherMac; -import org.bouncycastle.crypto.macs.CFBBlockCipherMac; -import org.bouncycastle.crypto.modes.CBCBlockCipher; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameters; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; -import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory; -import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; -import org.bouncycastle.jce.provider.BouncyCastleProvider; - -public final class IDEA -{ - private IDEA() - { - } - - public static class ECB - extends BaseBlockCipher - { - public ECB() - { - super(new IDEAEngine()); - } - } - - public static class CBC - extends BaseBlockCipher - { - public CBC() - { - super(new CBCBlockCipher(new IDEAEngine()), 64); - } - } - - public static class KeyGen - extends BaseKeyGenerator - { - public KeyGen() - { - super("IDEA", 128, new CipherKeyGenerator()); - } - } - - public static class PBEWithSHAAndIDEAKeyGen - extends PBESecretKeyFactory - { - public PBEWithSHAAndIDEAKeyGen() - { - super("PBEwithSHAandIDEA-CBC", null, true, PKCS12, SHA1, 128, 64); - } - } - - static public class PBEWithSHAAndIDEA - extends BaseBlockCipher - { - public PBEWithSHAAndIDEA() - { - super(new CBCBlockCipher(new IDEAEngine())); - } - } - - public static class AlgParamGen - extends BaseAlgorithmParameterGenerator - { - protected void engineInit( - AlgorithmParameterSpec genParamSpec, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for IDEA parameter generation."); - } - - protected AlgorithmParameters engineGenerateParameters() - { - byte[] iv = new byte[8]; - - if (random == null) - { - random = new SecureRandom(); - } - - random.nextBytes(iv); - - AlgorithmParameters params; - - try - { - params = AlgorithmParameters.getInstance("IDEA", BouncyCastleProvider.PROVIDER_NAME); - params.init(new IvParameterSpec(iv)); - } - catch (Exception e) - { - throw new RuntimeException(e.getMessage()); - } - - return params; - } - } - - public static class AlgParams - extends BaseAlgorithmParameters - { - private byte[] iv; - - protected byte[] engineGetEncoded() - throws IOException - { - return engineGetEncoded("ASN.1"); - } - - protected byte[] engineGetEncoded( - String format) - throws IOException - { - if (this.isASN1FormatString(format)) - { - return new IDEACBCPar(engineGetEncoded("RAW")).getEncoded(); - } - - if (format.equals("RAW")) - { - byte[] tmp = new byte[iv.length]; - - System.arraycopy(iv, 0, tmp, 0, iv.length); - return tmp; - } - - return null; - } - - protected AlgorithmParameterSpec localEngineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == IvParameterSpec.class) - { - return new IvParameterSpec(iv); - } - - throw new InvalidParameterSpecException("unknown parameter spec passed to IV parameters object."); - } - - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (!(paramSpec instanceof IvParameterSpec)) - { - throw new InvalidParameterSpecException("IvParameterSpec required to initialise a IV parameters algorithm parameters object"); - } - - this.iv = ((IvParameterSpec)paramSpec).getIV(); - } - - protected void engineInit( - byte[] params) - throws IOException - { - this.iv = new byte[params.length]; - - System.arraycopy(params, 0, iv, 0, iv.length); - } - - protected void engineInit( - byte[] params, - String format) - throws IOException - { - if (format.equals("RAW")) - { - engineInit(params); - return; - } - if (format.equals("ASN.1")) - { - ASN1InputStream aIn = new ASN1InputStream(params); - IDEACBCPar oct = new IDEACBCPar((ASN1Sequence)aIn.readObject()); - - engineInit(oct.getIV()); - return; - } - - throw new IOException("Unknown parameters format in IV parameters object"); - } - - protected String engineToString() - { - return "IDEA Parameters"; - } - } - - public static class Mac - extends BaseMac - { - public Mac() - { - super(new CBCBlockCipherMac(new IDEAEngine())); - } - } - - public static class CFB8Mac - extends BaseMac - { - public CFB8Mac() - { - super(new CFBBlockCipherMac(new IDEAEngine())); - } - } - - public static class Mappings - extends AlgorithmProvider - { - private static final String PREFIX = IDEA.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("AlgorithmParameterGenerator.IDEA", PREFIX + "$AlgParamGen"); - provider.addAlgorithm("AlgorithmParameterGenerator.1.3.6.1.4.1.188.7.1.1.2", PREFIX + "$AlgParamGen"); - provider.addAlgorithm("AlgorithmParameters.IDEA", PREFIX + "$AlgParams"); - provider.addAlgorithm("AlgorithmParameters.1.3.6.1.4.1.188.7.1.1.2", PREFIX + "$AlgParams"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDIDEA", "PKCS12PBE"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDIDEA-CBC", "PKCS12PBE"); - provider.addAlgorithm("Cipher.IDEA", PREFIX + "$ECB"); - provider.addAlgorithm("Cipher.1.3.6.1.4.1.188.7.1.1.2", PREFIX + "$CBC"); - provider.addAlgorithm("Cipher.PBEWITHSHAANDIDEA-CBC", PREFIX + "$PBEWithSHAAndIDEA"); - provider.addAlgorithm("KeyGenerator.IDEA", PREFIX + "$KeyGen"); - provider.addAlgorithm("KeyGenerator.1.3.6.1.4.1.188.7.1.1.2", PREFIX + "$KeyGen"); - provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAANDIDEA-CBC", PREFIX + "$PBEWithSHAAndIDEAKeyGen"); - provider.addAlgorithm("Mac.IDEAMAC", PREFIX + "$Mac"); - provider.addAlgorithm("Alg.Alias.Mac.IDEA", "IDEAMAC"); - provider.addAlgorithm("Mac.IDEAMAC/CFB8", PREFIX + "$CFB8Mac"); - provider.addAlgorithm("Alg.Alias.Mac.IDEA/CFB8", "IDEAMAC/CFB8"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Noekeon.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Noekeon.java deleted file mode 100644 index a92f21dd..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Noekeon.java +++ /dev/null @@ -1,153 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric; - -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.spec.IvParameterSpec; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.engines.NoekeonEngine; -import org.bouncycastle.crypto.generators.Poly1305KeyGenerator; -import org.bouncycastle.crypto.macs.GMac; -import org.bouncycastle.crypto.modes.GCMBlockCipher; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; -import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters; -import org.bouncycastle.jce.provider.BouncyCastleProvider; - -public final class Noekeon -{ - private Noekeon() - { - } - - public static class ECB - extends BaseBlockCipher - { - public ECB() - { - super(new BlockCipherProvider() - { - public BlockCipher get() - { - return new NoekeonEngine(); - } - }); - } - } - - public static class KeyGen - extends BaseKeyGenerator - { - public KeyGen() - { - super("Noekeon", 128, new CipherKeyGenerator()); - } - } - - public static class GMAC - extends BaseMac - { - public GMAC() - { - super(new GMac(new GCMBlockCipher(new NoekeonEngine()))); - } - } - - public static class Poly1305 - extends BaseMac - { - public Poly1305() - { - super(new org.bouncycastle.crypto.macs.Poly1305(new NoekeonEngine())); - } - } - - public static class Poly1305KeyGen - extends BaseKeyGenerator - { - public Poly1305KeyGen() - { - super("Poly1305-Noekeon", 256, new Poly1305KeyGenerator()); - } - } - - public static class AlgParamGen - extends BaseAlgorithmParameterGenerator - { - protected void engineInit( - AlgorithmParameterSpec genParamSpec, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for Noekeon parameter generation."); - } - - protected AlgorithmParameters engineGenerateParameters() - { - byte[] iv = new byte[16]; - - if (random == null) - { - random = new SecureRandom(); - } - - random.nextBytes(iv); - - AlgorithmParameters params; - - try - { - params = AlgorithmParameters.getInstance("Noekeon", BouncyCastleProvider.PROVIDER_NAME); - params.init(new IvParameterSpec(iv)); - } - catch (Exception e) - { - throw new RuntimeException(e.getMessage()); - } - - return params; - } - } - - public static class AlgParams - extends IvAlgorithmParameters - { - protected String engineToString() - { - return "Noekeon IV"; - } - } - - public static class Mappings - extends SymmetricAlgorithmProvider - { - private static final String PREFIX = Noekeon.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - - provider.addAlgorithm("AlgorithmParameters.NOEKEON", PREFIX + "$AlgParams"); - - provider.addAlgorithm("AlgorithmParameterGenerator.NOEKEON", PREFIX + "$AlgParamGen"); - - provider.addAlgorithm("Cipher.NOEKEON", PREFIX + "$ECB"); - - provider.addAlgorithm("KeyGenerator.NOEKEON", PREFIX + "$KeyGen"); - - addGMacAlgorithm(provider, "NOEKEON", PREFIX + "$GMAC", PREFIX + "$KeyGen"); - addPoly1305Algorithm(provider, "NOEKEON", PREFIX + "$Poly1305", PREFIX + "$Poly1305KeyGen"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java deleted file mode 100644 index 4b0d8b97..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java +++ /dev/null @@ -1,228 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric; - -import java.io.IOException; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.InvalidParameterSpecException; -import java.security.spec.KeySpec; - -import javax.crypto.SecretKey; -import javax.crypto.spec.PBEKeySpec; -import javax.crypto.spec.PBEParameterSpec; - -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PBKDF2Params; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameters; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseSecretKeyFactory; -import org.bouncycastle.jcajce.provider.symmetric.util.PBE; -import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; -import org.bouncycastle.jcajce.spec.PBKDF2KeySpec; - -public class PBEPBKDF2 -{ - private PBEPBKDF2() - { - - } - - public static class AlgParams - extends BaseAlgorithmParameters - { - PBKDF2Params params; - - protected byte[] engineGetEncoded() - { - try - { - return params.getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - throw new RuntimeException("Oooops! " + e.toString()); - } - } - - protected byte[] engineGetEncoded( - String format) - { - if (this.isASN1FormatString(format)) - { - return engineGetEncoded(); - } - - return null; - } - - protected AlgorithmParameterSpec localEngineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == PBEParameterSpec.class) - { - return new PBEParameterSpec(params.getSalt(), - params.getIterationCount().intValue()); - } - - throw new InvalidParameterSpecException("unknown parameter spec passed to PBKDF2 PBE parameters object."); - } - - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (!(paramSpec instanceof PBEParameterSpec)) - { - throw new InvalidParameterSpecException("PBEParameterSpec required to initialise a PBKDF2 PBE parameters algorithm parameters object"); - } - - PBEParameterSpec pbeSpec = (PBEParameterSpec)paramSpec; - - this.params = new PBKDF2Params(pbeSpec.getSalt(), - pbeSpec.getIterationCount()); - } - - protected void engineInit( - byte[] params) - throws IOException - { - this.params = PBKDF2Params.getInstance(ASN1Primitive.fromByteArray(params)); - } - - protected void engineInit( - byte[] params, - String format) - throws IOException - { - if (this.isASN1FormatString(format)) - { - engineInit(params); - return; - } - - throw new IOException("Unknown parameters format in PBKDF2 parameters object"); - } - - protected String engineToString() - { - return "PBKDF2 Parameters"; - } - } - - public static class BasePBKDF2 - extends BaseSecretKeyFactory - { - private int scheme; - - public BasePBKDF2(String name, int scheme) - { - super(name, PKCSObjectIdentifiers.id_PBKDF2); - - this.scheme = scheme; - } - - protected SecretKey engineGenerateSecret( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof PBEKeySpec) - { - PBEKeySpec pbeSpec = (PBEKeySpec)keySpec; - - if (pbeSpec.getSalt() == null) - { - throw new InvalidKeySpecException("missing required salt"); - } - - if (pbeSpec.getIterationCount() <= 0) - { - throw new InvalidKeySpecException("positive iteration count required: " - + pbeSpec.getIterationCount()); - } - - if (pbeSpec.getKeyLength() <= 0) - { - throw new InvalidKeySpecException("positive key length required: " - + pbeSpec.getKeyLength()); - } - - if (pbeSpec.getPassword().length == 0) - { - throw new IllegalArgumentException("password empty"); - } - - if (pbeSpec instanceof PBKDF2KeySpec) - { - PBKDF2KeySpec spec = (PBKDF2KeySpec)pbeSpec; - - int digest = getDigestCode(spec.getPrf().getAlgorithm()); - int keySize = pbeSpec.getKeyLength(); - int ivSize = -1; // JDK 1,2 and earlier does not understand simplified version. - CipherParameters param = PBE.Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize); - - return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); - } - else - { - int digest = SHA1; - int keySize = pbeSpec.getKeyLength(); - int ivSize = -1; // JDK 1,2 and earlier does not understand simplified version. - CipherParameters param = PBE.Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize); - - return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); - } - } - - throw new InvalidKeySpecException("Invalid KeySpec"); - } - - - private int getDigestCode(ASN1ObjectIdentifier algorithm) - throws InvalidKeySpecException - { - if (algorithm.equals(CryptoProObjectIdentifiers.gostR3411Hmac)) - { - return GOST3411; - } - else if (algorithm.equals(PKCSObjectIdentifiers.id_hmacWithSHA1)) - { - return SHA1; - } - - throw new InvalidKeySpecException("Invalid KeySpec: unknown PRF algorithm " + algorithm); - } - } - - public static class PBKDF2withUTF8 - extends BasePBKDF2 - { - public PBKDF2withUTF8() - { - super("PBKDF2", PKCS5S2_UTF8); - } - } - - public static class Mappings - extends AlgorithmProvider - { - private static final String PREFIX = PBEPBKDF2.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("AlgorithmParameters.PBKDF2", PREFIX + "$AlgParams"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.id_PBKDF2, "PBKDF2"); - provider.addAlgorithm("SecretKeyFactory.PBKDF2", PREFIX + "$PBKDF2withUTF8"); - provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.id_PBKDF2, "PBKDF2"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/PBEPKCS12.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/PBEPKCS12.java deleted file mode 100644 index 9be3c997..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/PBEPKCS12.java +++ /dev/null @@ -1,120 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric; - -import java.io.IOException; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.InvalidParameterSpecException; - -import javax.crypto.spec.PBEParameterSpec; - -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameters; -import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; - -public class PBEPKCS12 -{ - private PBEPKCS12() - { - - } - - public static class AlgParams - extends BaseAlgorithmParameters - { - PKCS12PBEParams params; - - protected byte[] engineGetEncoded() - { - try - { - return params.getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - throw new RuntimeException("Oooops! " + e.toString()); - } - } - - protected byte[] engineGetEncoded( - String format) - { - if (this.isASN1FormatString(format)) - { - return engineGetEncoded(); - } - - return null; - } - - protected AlgorithmParameterSpec localEngineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == PBEParameterSpec.class) - { - return new PBEParameterSpec(params.getIV(), - params.getIterations().intValue()); - } - - throw new InvalidParameterSpecException("unknown parameter spec passed to PKCS12 PBE parameters object."); - } - - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (!(paramSpec instanceof PBEParameterSpec)) - { - throw new InvalidParameterSpecException("PBEParameterSpec required to initialise a PKCS12 PBE parameters algorithm parameters object"); - } - - PBEParameterSpec pbeSpec = (PBEParameterSpec)paramSpec; - - this.params = new PKCS12PBEParams(pbeSpec.getSalt(), - pbeSpec.getIterationCount()); - } - - protected void engineInit( - byte[] params) - throws IOException - { - this.params = PKCS12PBEParams.getInstance(ASN1Primitive.fromByteArray(params)); - } - - protected void engineInit( - byte[] params, - String format) - throws IOException - { - if (this.isASN1FormatString(format)) - { - engineInit(params); - return; - } - - throw new IOException("Unknown parameters format in PKCS12 PBE parameters object"); - } - - protected String engineToString() - { - return "PKCS12 PBE Parameters"; - } - } - - public static class Mappings - extends AlgorithmProvider - { - private static final String PREFIX = PBEPKCS12.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("AlgorithmParameters.PKCS12PBE", PREFIX + "$AlgParams"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC2.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC2.java deleted file mode 100644 index 4160999f..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC2.java +++ /dev/null @@ -1,523 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric; - -import java.io.IOException; -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.InvalidParameterSpecException; - -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.RC2ParameterSpec; - -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.RC2CBCParameter; -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.engines.RC2Engine; -import org.bouncycastle.crypto.engines.RC2WrapEngine; -import org.bouncycastle.crypto.macs.CBCBlockCipherMac; -import org.bouncycastle.crypto.macs.CFBBlockCipherMac; -import org.bouncycastle.crypto.modes.CBCBlockCipher; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameters; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher; -import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory; -import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.util.Arrays; - -public final class RC2 -{ - private RC2() - { - } - - /** - * RC2 - */ - static public class ECB - extends BaseBlockCipher - { - public ECB() - { - super(new RC2Engine()); - } - } - - /** - * RC2CBC - */ - static public class CBC - extends BaseBlockCipher - { - public CBC() - { - super(new CBCBlockCipher(new RC2Engine()), 64); - } - } - - public static class Wrap - extends BaseWrapCipher - { - public Wrap() - { - super(new RC2WrapEngine()); - } - } - - /** - * RC2 - */ - public static class CBCMAC - extends BaseMac - { - public CBCMAC() - { - super(new CBCBlockCipherMac(new RC2Engine())); - } - } - - public static class CFB8MAC - extends BaseMac - { - public CFB8MAC() - { - super(new CFBBlockCipherMac(new RC2Engine())); - } - } - - /** - * PBEWithSHA1AndRC2 - */ - static public class PBEWithSHA1KeyFactory - extends PBESecretKeyFactory - { - public PBEWithSHA1KeyFactory() - { - super("PBEwithSHA1andRC2", PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC, true, PKCS5S1, SHA1, 64, 64); - } - } - - /** - * PBEWithSHAAnd128BitRC2-CBC - */ - static public class PBEWithSHAAnd128BitKeyFactory - extends PBESecretKeyFactory - { - public PBEWithSHAAnd128BitKeyFactory() - { - super("PBEwithSHAand128BitRC2-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC2_CBC, true, PKCS12, SHA1, 128, 64); - } - } - - /** - * PBEWithSHAAnd40BitRC2-CBC - */ - static public class PBEWithSHAAnd40BitKeyFactory - extends PBESecretKeyFactory - { - public PBEWithSHAAnd40BitKeyFactory() - { - super("PBEwithSHAand40BitRC2-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC2_CBC, true, PKCS12, SHA1, 40, 64); - } - } - - /** - * PBEWithMD5AndRC2 - */ - static public class PBEWithMD5AndRC2 - extends BaseBlockCipher - { - public PBEWithMD5AndRC2() - { - super(new CBCBlockCipher(new RC2Engine())); - } - } - - /** - * PBEWithSHA1AndRC2 - */ - static public class PBEWithSHA1AndRC2 - extends BaseBlockCipher - { - public PBEWithSHA1AndRC2() - { - super(new CBCBlockCipher(new RC2Engine())); - } - } - - /** - * PBEWithSHAAnd128BitRC2-CBC - */ - static public class PBEWithSHAAnd128BitRC2 - extends BaseBlockCipher - { - public PBEWithSHAAnd128BitRC2() - { - super(new CBCBlockCipher(new RC2Engine())); - } - } - - /** - * PBEWithSHAAnd40BitRC2-CBC - */ - static public class PBEWithSHAAnd40BitRC2 - extends BaseBlockCipher - { - public PBEWithSHAAnd40BitRC2() - { - super(new CBCBlockCipher(new RC2Engine())); - } - } - - /** - * PBEWithMD2AndRC2 - */ - static public class PBEWithMD2KeyFactory - extends PBESecretKeyFactory - { - public PBEWithMD2KeyFactory() - { - super("PBEwithMD2andRC2", PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, true, PKCS5S1, MD2, 64, 64); - } - } - - /** - * PBEWithMD5AndRC2 - */ - static public class PBEWithMD5KeyFactory - extends PBESecretKeyFactory - { - public PBEWithMD5KeyFactory() - { - super("PBEwithMD5andRC2", PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, true, PKCS5S1, MD5, 64, 64); - } - } - - public static class AlgParamGen - extends BaseAlgorithmParameterGenerator - { - RC2ParameterSpec spec = null; - - protected void engineInit( - AlgorithmParameterSpec genParamSpec, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - if (genParamSpec instanceof RC2ParameterSpec) - { - spec = (RC2ParameterSpec)genParamSpec; - return; - } - - throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for RC2 parameter generation."); - } - - protected AlgorithmParameters engineGenerateParameters() - { - AlgorithmParameters params; - - if (spec == null) - { - byte[] iv = new byte[8]; - - if (random == null) - { - random = new SecureRandom(); - } - - random.nextBytes(iv); - - try - { - params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME); - params.init(new IvParameterSpec(iv)); - } - catch (Exception e) - { - throw new RuntimeException(e.getMessage()); - } - } - else - { - try - { - params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME); - params.init(spec); - } - catch (Exception e) - { - throw new RuntimeException(e.getMessage()); - } - } - - return params; - } - } - - public static class KeyGenerator - extends BaseKeyGenerator - { - public KeyGenerator() - { - super("RC2", 128, new CipherKeyGenerator()); - } - } - - public static class AlgParams - extends BaseAlgorithmParameters - { - private static final short[] table = { - 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, - 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, - 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, - 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, - 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, - 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, - 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, - 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, - 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, - 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, - 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, - 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, - 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, - 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, - 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, - 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab - }; - - private static final short[] ekb = { - 0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5, - 0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5, - 0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef, - 0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d, - 0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb, - 0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d, - 0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3, - 0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61, - 0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1, - 0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21, - 0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42, - 0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f, - 0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7, - 0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15, - 0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7, - 0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd - }; - - private byte[] iv; - private int parameterVersion = 58; - - protected byte[] engineGetEncoded() - { - return Arrays.clone(iv); - } - - protected byte[] engineGetEncoded( - String format) - throws IOException - { - if (this.isASN1FormatString(format)) - { - if (parameterVersion == -1) - { - return new RC2CBCParameter(engineGetEncoded()).getEncoded(); - } - else - { - return new RC2CBCParameter(parameterVersion, engineGetEncoded()).getEncoded(); - } - } - - if (format.equals("RAW")) - { - return engineGetEncoded(); - } - - return null; - } - - protected AlgorithmParameterSpec localEngineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == RC2ParameterSpec.class) - { - if (parameterVersion != -1) - { - if (parameterVersion < 256) - { - return new RC2ParameterSpec(ekb[parameterVersion], iv); - } - else - { - return new RC2ParameterSpec(parameterVersion, iv); - } - } - } - - if (paramSpec == IvParameterSpec.class) - { - return new IvParameterSpec(iv); - } - - throw new InvalidParameterSpecException("unknown parameter spec passed to RC2 parameters object."); - } - - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec instanceof IvParameterSpec) - { - this.iv = ((IvParameterSpec)paramSpec).getIV(); - } - else if (paramSpec instanceof RC2ParameterSpec) - { - int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits(); - if (effKeyBits != -1) - { - if (effKeyBits < 256) - { - parameterVersion = table[effKeyBits]; - } - else - { - parameterVersion = effKeyBits; - } - } - - this.iv = ((RC2ParameterSpec)paramSpec).getIV(); - } - else - { - throw new InvalidParameterSpecException("IvParameterSpec or RC2ParameterSpec required to initialise a RC2 parameters algorithm parameters object"); - } - } - - protected void engineInit( - byte[] params) - throws IOException - { - this.iv = Arrays.clone(params); - } - - protected void engineInit( - byte[] params, - String format) - throws IOException - { - if (this.isASN1FormatString(format)) - { - RC2CBCParameter p = RC2CBCParameter.getInstance(ASN1Primitive.fromByteArray(params)); - - if (p.getRC2ParameterVersion() != null) - { - parameterVersion = p.getRC2ParameterVersion().intValue(); - } - - iv = p.getIV(); - - return; - } - - if (format.equals("RAW")) - { - engineInit(params); - return; - } - - throw new IOException("Unknown parameters format in IV parameters object"); - } - - protected String engineToString() - { - return "RC2 Parameters"; - } - } - - public static class Mappings - extends AlgorithmProvider - { - private static final String PREFIX = RC2.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - - provider.addAlgorithm("AlgorithmParameterGenerator.RC2", PREFIX + "$AlgParamGen"); - provider.addAlgorithm("AlgorithmParameterGenerator.1.2.840.113549.3.2", PREFIX + "$AlgParamGen"); - - provider.addAlgorithm("KeyGenerator.RC2", PREFIX + "$KeyGenerator"); - provider.addAlgorithm("KeyGenerator.1.2.840.113549.3.2", PREFIX + "$KeyGenerator"); - - provider.addAlgorithm("AlgorithmParameters.RC2", PREFIX + "$AlgParams"); - provider.addAlgorithm("AlgorithmParameters.1.2.840.113549.3.2", PREFIX + "$AlgParams"); - - provider.addAlgorithm("Cipher.RC2", PREFIX + "$ECB"); - provider.addAlgorithm("Cipher.RC2WRAP", PREFIX + "$Wrap"); - provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.id_alg_CMSRC2wrap, "RC2WRAP"); - provider.addAlgorithm("Cipher.1.2.840.113549.3.2", PREFIX + "$CBC"); - - provider.addAlgorithm("Mac.RC2MAC", PREFIX + "$CBCMAC"); - provider.addAlgorithm("Alg.Alias.Mac.RC2", "RC2MAC"); - provider.addAlgorithm("Mac.RC2MAC/CFB8", PREFIX + "$CFB8MAC"); - provider.addAlgorithm("Alg.Alias.Mac.RC2/CFB8", "RC2MAC/CFB8"); - - provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDRC2-CBC", "PBEWITHMD2ANDRC2"); - - provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDRC2-CBC", "PBEWITHMD5ANDRC2"); - - provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDRC2-CBC", "PBEWITHSHA1ANDRC2"); - - provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); - - provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDRC2"); - - provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC, "PBEWITHSHA1ANDRC2"); - provider.addAlgorithm("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.5", "PBEWITHSHAAND128BITRC2-CBC"); - provider.addAlgorithm("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.6", "PBEWITHSHAAND40BITRC2-CBC"); - - provider.addAlgorithm("SecretKeyFactory.PBEWITHMD2ANDRC2", PREFIX + "$PBEWithMD2KeyFactory"); - provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5ANDRC2", PREFIX + "$PBEWithMD5KeyFactory"); - provider.addAlgorithm("SecretKeyFactory.PBEWITHSHA1ANDRC2", PREFIX + "$PBEWithSHA1KeyFactory"); - - provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND128BITRC2-CBC", PREFIX + "$PBEWithSHAAnd128BitKeyFactory"); - provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND40BITRC2-CBC", PREFIX + "$PBEWithSHAAnd40BitKeyFactory"); - - provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2"); - - provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDRC2"); - - provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC, "PBEWITHSHA1ANDRC2"); - - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.5", "PKCS12PBE"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.6", "PKCS12PBE"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWithSHAAnd3KeyTripleDES", "PKCS12PBE"); - - provider.addAlgorithm("Alg.Alias.Cipher.1.2.840.113549.1.12.1.5", "PBEWITHSHAAND128BITRC2-CBC"); - provider.addAlgorithm("Alg.Alias.Cipher.1.2.840.113549.1.12.1.6", "PBEWITHSHAAND40BITRC2-CBC"); - provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1AND128BITRC2-CBC", "PBEWITHSHAAND128BITRC2-CBC"); - provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1AND40BITRC2-CBC", "PBEWITHSHAAND40BITRC2-CBC"); - provider.addAlgorithm("Cipher.PBEWITHSHA1ANDRC2", PREFIX + "$PBEWithSHA1AndRC2"); - - provider.addAlgorithm("Cipher.PBEWITHSHAAND128BITRC2-CBC", PREFIX + "$PBEWithSHAAnd128BitRC2"); - provider.addAlgorithm("Cipher.PBEWITHSHAAND40BITRC2-CBC", PREFIX + "$PBEWithSHAAnd40BitRC2"); - provider.addAlgorithm("Cipher.PBEWITHMD5ANDRC2", PREFIX + "$PBEWithMD5AndRC2"); - - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA1ANDRC2", "PKCS12PBE"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDRC2", "PKCS12PBE"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHA1ANDRC2-CBC", "PKCS12PBE"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND40BITRC2-CBC", "PKCS12PBE"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITRC2-CBC", "PKCS12PBE"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC5.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC5.java deleted file mode 100644 index aa63a951..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC5.java +++ /dev/null @@ -1,177 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric; - -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.spec.IvParameterSpec; - -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.engines.RC532Engine; -import org.bouncycastle.crypto.engines.RC564Engine; -import org.bouncycastle.crypto.macs.CBCBlockCipherMac; -import org.bouncycastle.crypto.macs.CFBBlockCipherMac; -import org.bouncycastle.crypto.modes.CBCBlockCipher; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; -import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters; -import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; -import org.bouncycastle.jce.provider.BouncyCastleProvider; - -public final class RC5 -{ - private RC5() - { - } - - /** - * RC5 - */ - public static class ECB32 - extends BaseBlockCipher - { - public ECB32() - { - super(new RC532Engine()); - } - } - - /** - * RC564 - */ - public static class ECB64 - extends BaseBlockCipher - { - public ECB64() - { - super(new RC564Engine()); - } - } - - public static class CBC32 - extends BaseBlockCipher - { - public CBC32() - { - super(new CBCBlockCipher(new RC532Engine()), 64); - } - } - - public static class KeyGen32 - extends BaseKeyGenerator - { - public KeyGen32() - { - super("RC5", 128, new CipherKeyGenerator()); - } - } - - /** - * RC5 - */ - public static class KeyGen64 - extends BaseKeyGenerator - { - public KeyGen64() - { - super("RC5-64", 256, new CipherKeyGenerator()); - } - } - - public static class AlgParamGen - extends BaseAlgorithmParameterGenerator - { - protected void engineInit( - AlgorithmParameterSpec genParamSpec, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for RC5 parameter generation."); - } - - protected AlgorithmParameters engineGenerateParameters() - { - byte[] iv = new byte[8]; - - if (random == null) - { - random = new SecureRandom(); - } - - random.nextBytes(iv); - - AlgorithmParameters params; - - try - { - params = AlgorithmParameters.getInstance("RC5", BouncyCastleProvider.PROVIDER_NAME); - params.init(new IvParameterSpec(iv)); - } - catch (Exception e) - { - throw new RuntimeException(e.getMessage()); - } - - return params; - } - } - - public static class Mac32 - extends BaseMac - { - public Mac32() - { - super(new CBCBlockCipherMac(new RC532Engine())); - } - } - - public static class CFB8Mac32 - extends BaseMac - { - public CFB8Mac32() - { - super(new CFBBlockCipherMac(new RC532Engine())); - } - } - - public static class AlgParams - extends IvAlgorithmParameters - { - protected String engineToString() - { - return "RC5 IV"; - } - } - - public static class Mappings - extends AlgorithmProvider - { - private static final String PREFIX = RC5.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - - provider.addAlgorithm("Cipher.RC5", PREFIX + "$ECB32"); - provider.addAlgorithm("Alg.Alias.Cipher.RC5-32", "RC5"); - provider.addAlgorithm("Cipher.RC5-64", PREFIX + "$ECB64"); - provider.addAlgorithm("KeyGenerator.RC5", PREFIX + "$KeyGen32"); - provider.addAlgorithm("Alg.Alias.KeyGenerator.RC5-32", "RC5"); - provider.addAlgorithm("KeyGenerator.RC5-64", PREFIX + "$KeyGen64"); - provider.addAlgorithm("AlgorithmParameters.RC5", PREFIX + "$AlgParams"); - provider.addAlgorithm("AlgorithmParameters.RC5-64", PREFIX + "$AlgParams"); - provider.addAlgorithm("Mac.RC5MAC", PREFIX + "$Mac32"); - provider.addAlgorithm("Alg.Alias.Mac.RC5", "RC5MAC"); - provider.addAlgorithm("Mac.RC5MAC/CFB8", PREFIX + "$CFB8Mac32"); - provider.addAlgorithm("Alg.Alias.Mac.RC5/CFB8", "RC5MAC/CFB8"); - - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC6.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC6.java deleted file mode 100644 index 114c40b6..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC6.java +++ /dev/null @@ -1,180 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric; - -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.spec.IvParameterSpec; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.BufferedBlockCipher; -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.engines.RC6Engine; -import org.bouncycastle.crypto.generators.Poly1305KeyGenerator; -import org.bouncycastle.crypto.macs.GMac; -import org.bouncycastle.crypto.modes.CBCBlockCipher; -import org.bouncycastle.crypto.modes.CFBBlockCipher; -import org.bouncycastle.crypto.modes.GCMBlockCipher; -import org.bouncycastle.crypto.modes.OFBBlockCipher; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; -import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters; -import org.bouncycastle.jce.provider.BouncyCastleProvider; - -public final class RC6 -{ - private RC6() - { - } - - public static class ECB - extends BaseBlockCipher - { - public ECB() - { - super(new BlockCipherProvider() - { - public BlockCipher get() - { - return new RC6Engine(); - } - }); - } - } - - public static class CBC - extends BaseBlockCipher - { - public CBC() - { - super(new CBCBlockCipher(new RC6Engine()), 128); - } - } - - static public class CFB - extends BaseBlockCipher - { - public CFB() - { - super(new BufferedBlockCipher(new CFBBlockCipher(new RC6Engine(), 128)), 128); - } - } - - static public class OFB - extends BaseBlockCipher - { - public OFB() - { - super(new BufferedBlockCipher(new OFBBlockCipher(new RC6Engine(), 128)), 128); - } - } - - public static class GMAC - extends BaseMac - { - public GMAC() - { - super(new GMac(new GCMBlockCipher(new RC6Engine()))); - } - } - - public static class Poly1305 - extends BaseMac - { - public Poly1305() - { - super(new org.bouncycastle.crypto.macs.Poly1305(new RC6Engine())); - } - } - - public static class Poly1305KeyGen - extends BaseKeyGenerator - { - public Poly1305KeyGen() - { - super("Poly1305-RC6", 256, new Poly1305KeyGenerator()); - } - } - - public static class KeyGen - extends BaseKeyGenerator - { - public KeyGen() - { - super("RC6", 256, new CipherKeyGenerator()); - } - } - - public static class AlgParamGen - extends BaseAlgorithmParameterGenerator - { - protected void engineInit( - AlgorithmParameterSpec genParamSpec, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for RC6 parameter generation."); - } - - protected AlgorithmParameters engineGenerateParameters() - { - byte[] iv = new byte[16]; - - if (random == null) - { - random = new SecureRandom(); - } - - random.nextBytes(iv); - - AlgorithmParameters params; - - try - { - params = AlgorithmParameters.getInstance("RC6", BouncyCastleProvider.PROVIDER_NAME); - params.init(new IvParameterSpec(iv)); - } - catch (Exception e) - { - throw new RuntimeException(e.getMessage()); - } - - return params; - } - } - - public static class AlgParams - extends IvAlgorithmParameters - { - protected String engineToString() - { - return "RC6 IV"; - } - } - - public static class Mappings - extends SymmetricAlgorithmProvider - { - private static final String PREFIX = RC6.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - - provider.addAlgorithm("Cipher.RC6", PREFIX + "$ECB"); - provider.addAlgorithm("KeyGenerator.RC6", PREFIX + "$KeyGen"); - provider.addAlgorithm("AlgorithmParameters.RC6", PREFIX + "$AlgParams"); - - addGMacAlgorithm(provider, "RC6", PREFIX + "$GMAC", PREFIX + "$KeyGen"); - addPoly1305Algorithm(provider, "RC6", PREFIX + "$Poly1305", PREFIX + "$Poly1305KeyGen"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Rijndael.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Rijndael.java deleted file mode 100644 index b8c36b7b..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Rijndael.java +++ /dev/null @@ -1,70 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.engines.RijndaelEngine; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters; -import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; - -public final class Rijndael -{ - private Rijndael() - { - } - - public static class ECB - extends BaseBlockCipher - { - public ECB() - { - super(new BlockCipherProvider() - { - public BlockCipher get() - { - return new RijndaelEngine(); - } - }); - } - } - - public static class KeyGen - extends BaseKeyGenerator - { - public KeyGen() - { - super("Rijndael", 192, new CipherKeyGenerator()); - } - } - - public static class AlgParams - extends IvAlgorithmParameters - { - protected String engineToString() - { - return "Rijndael IV"; - } - } - - public static class Mappings - extends AlgorithmProvider - { - private static final String PREFIX = Rijndael.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - - provider.addAlgorithm("Cipher.RIJNDAEL", PREFIX + "$ECB"); - provider.addAlgorithm("KeyGenerator.RIJNDAEL", PREFIX + "$KeyGen"); - provider.addAlgorithm("AlgorithmParameters.RIJNDAEL", PREFIX + "$AlgParams"); - - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/SEED.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/SEED.java deleted file mode 100644 index e7e257c3..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/SEED.java +++ /dev/null @@ -1,183 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric; - -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.spec.IvParameterSpec; - -import org.bouncycastle.asn1.kisa.KISAObjectIdentifiers; -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.engines.SEEDEngine; -import org.bouncycastle.crypto.engines.SEEDWrapEngine; -import org.bouncycastle.crypto.generators.Poly1305KeyGenerator; -import org.bouncycastle.crypto.macs.GMac; -import org.bouncycastle.crypto.modes.CBCBlockCipher; -import org.bouncycastle.crypto.modes.GCMBlockCipher; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher; -import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters; -import org.bouncycastle.jce.provider.BouncyCastleProvider; - -public final class SEED -{ - private SEED() - { - } - - public static class ECB - extends BaseBlockCipher - { - public ECB() - { - super(new BlockCipherProvider() - { - public BlockCipher get() - { - return new SEEDEngine(); - } - }); - } - } - - public static class CBC - extends BaseBlockCipher - { - public CBC() - { - super(new CBCBlockCipher(new SEEDEngine()), 128); - } - } - - public static class Wrap - extends BaseWrapCipher - { - public Wrap() - { - super(new SEEDWrapEngine()); - } - } - - public static class KeyGen - extends BaseKeyGenerator - { - public KeyGen() - { - super("SEED", 128, new CipherKeyGenerator()); - } - } - - public static class GMAC - extends BaseMac - { - public GMAC() - { - super(new GMac(new GCMBlockCipher(new SEEDEngine()))); - } - } - - public static class Poly1305 - extends BaseMac - { - public Poly1305() - { - super(new org.bouncycastle.crypto.macs.Poly1305(new SEEDEngine())); - } - } - - public static class Poly1305KeyGen - extends BaseKeyGenerator - { - public Poly1305KeyGen() - { - super("Poly1305-SEED", 256, new Poly1305KeyGenerator()); - } - } - - public static class AlgParamGen - extends BaseAlgorithmParameterGenerator - { - protected void engineInit( - AlgorithmParameterSpec genParamSpec, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for SEED parameter generation."); - } - - protected AlgorithmParameters engineGenerateParameters() - { - byte[] iv = new byte[16]; - - if (random == null) - { - random = new SecureRandom(); - } - - random.nextBytes(iv); - - AlgorithmParameters params; - - try - { - params = AlgorithmParameters.getInstance("SEED", BouncyCastleProvider.PROVIDER_NAME); - params.init(new IvParameterSpec(iv)); - } - catch (Exception e) - { - throw new RuntimeException(e.getMessage()); - } - - return params; - } - } - - public static class AlgParams - extends IvAlgorithmParameters - { - protected String engineToString() - { - return "SEED IV"; - } - } - - public static class Mappings - extends SymmetricAlgorithmProvider - { - private static final String PREFIX = SEED.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - - provider.addAlgorithm("AlgorithmParameters.SEED", PREFIX + "$AlgParams"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + KISAObjectIdentifiers.id_seedCBC, "SEED"); - - provider.addAlgorithm("AlgorithmParameterGenerator.SEED", PREFIX + "$AlgParamGen"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + KISAObjectIdentifiers.id_seedCBC, "SEED"); - - provider.addAlgorithm("Cipher.SEED", PREFIX + "$ECB"); - provider.addAlgorithm("Cipher." + KISAObjectIdentifiers.id_seedCBC, PREFIX + "$CBC"); - - provider.addAlgorithm("Cipher.SEEDWRAP", PREFIX + "$Wrap"); - provider.addAlgorithm("Alg.Alias.Cipher." + KISAObjectIdentifiers.id_npki_app_cmsSeed_wrap, "SEEDWRAP"); - - provider.addAlgorithm("KeyGenerator.SEED", PREFIX + "$KeyGen"); - provider.addAlgorithm("KeyGenerator." + KISAObjectIdentifiers.id_seedCBC, PREFIX + "$KeyGen"); - provider.addAlgorithm("KeyGenerator." + KISAObjectIdentifiers.id_npki_app_cmsSeed_wrap, PREFIX + "$KeyGen"); - - addGMacAlgorithm(provider, "SEED", PREFIX + "$GMAC", PREFIX + "$KeyGen"); - addPoly1305Algorithm(provider, "SEED", PREFIX + "$Poly1305", PREFIX + "$Poly1305KeyGen"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Salsa20.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Salsa20.java deleted file mode 100644 index 88b27a6d..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Salsa20.java +++ /dev/null @@ -1,51 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric; - -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.engines.Salsa20Engine; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseStreamCipher; -import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; - -public final class Salsa20 -{ - private Salsa20() - { - } - - public static class Base - extends BaseStreamCipher - { - public Base() - { - super(new Salsa20Engine(), 8); - } - } - - public static class KeyGen - extends BaseKeyGenerator - { - public KeyGen() - { - super("Salsa20", 128, new CipherKeyGenerator()); - } - } - - public static class Mappings - extends AlgorithmProvider - { - private static final String PREFIX = Salsa20.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - - provider.addAlgorithm("Cipher.SALSA20", PREFIX + "$Base"); - provider.addAlgorithm("KeyGenerator.SALSA20", PREFIX + "$KeyGen"); - - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Serpent.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Serpent.java deleted file mode 100644 index ec21880c..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Serpent.java +++ /dev/null @@ -1,103 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.engines.SerpentEngine; -import org.bouncycastle.crypto.engines.TwofishEngine; -import org.bouncycastle.crypto.generators.Poly1305KeyGenerator; -import org.bouncycastle.crypto.macs.GMac; -import org.bouncycastle.crypto.modes.GCMBlockCipher; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; -import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters; - -public final class Serpent -{ - private Serpent() - { - } - - public static class ECB - extends BaseBlockCipher - { - public ECB() - { - super(new BlockCipherProvider() - { - public BlockCipher get() - { - return new SerpentEngine(); - } - }); - } - } - - public static class KeyGen - extends BaseKeyGenerator - { - public KeyGen() - { - super("Serpent", 192, new CipherKeyGenerator()); - } - } - - public static class SerpentGMAC - extends BaseMac - { - public SerpentGMAC() - { - super(new GMac(new GCMBlockCipher(new SerpentEngine()))); - } - } - - public static class Poly1305 - extends BaseMac - { - public Poly1305() - { - super(new org.bouncycastle.crypto.macs.Poly1305(new TwofishEngine())); - } - } - - public static class Poly1305KeyGen - extends BaseKeyGenerator - { - public Poly1305KeyGen() - { - super("Poly1305-Serpent", 256, new Poly1305KeyGenerator()); - } - } - - public static class AlgParams - extends IvAlgorithmParameters - { - protected String engineToString() - { - return "Serpent IV"; - } - } - - public static class Mappings - extends SymmetricAlgorithmProvider - { - private static final String PREFIX = Serpent.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - - provider.addAlgorithm("Cipher.Serpent", PREFIX + "$ECB"); - provider.addAlgorithm("KeyGenerator.Serpent", PREFIX + "$KeyGen"); - provider.addAlgorithm("AlgorithmParameters.Serpent", PREFIX + "$AlgParams"); - - addGMacAlgorithm(provider, "SERPENT", PREFIX + "$SerpentGMAC", PREFIX + "$KeyGen"); - addPoly1305Algorithm(provider, "SERPENT", PREFIX + "$Poly1305", PREFIX + "$Poly1305KeyGen"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Shacal2.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Shacal2.java deleted file mode 100644 index 81666af7..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Shacal2.java +++ /dev/null @@ -1,124 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric; - -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.spec.IvParameterSpec; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.engines.Shacal2Engine; -import org.bouncycastle.crypto.modes.CBCBlockCipher; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters; -import org.bouncycastle.jce.provider.BouncyCastleProvider; - -public final class Shacal2 -{ - private Shacal2() - { - } - - public static class ECB - extends BaseBlockCipher - { - public ECB() - { - super(new BlockCipherProvider() - { - public BlockCipher get() - { - return new Shacal2Engine(); - } - }); - } - } - - public static class CBC - extends BaseBlockCipher - { - public CBC() - { - super(new CBCBlockCipher(new Shacal2Engine()), 256);//block size - } - } - - public static class KeyGen - extends BaseKeyGenerator - { - public KeyGen() - { - super("Shacal2", 512, new CipherKeyGenerator());//key size - } - } - - public static class AlgParamGen - extends BaseAlgorithmParameterGenerator - { - protected void engineInit( - AlgorithmParameterSpec genParamSpec, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for Shacal2 parameter generation."); - } - - protected AlgorithmParameters engineGenerateParameters() - { - byte[] iv = new byte[32];// block size 256 - - if (random == null) - { - random = new SecureRandom(); - } - - random.nextBytes(iv); - - AlgorithmParameters params; - - try - { - params = AlgorithmParameters.getInstance("Shacal2", BouncyCastleProvider.PROVIDER_NAME); - params.init(new IvParameterSpec(iv)); - } - catch (Exception e) - { - throw new RuntimeException(e.getMessage()); - } - return params; - } - } - - public static class AlgParams - extends IvAlgorithmParameters - { - protected String engineToString() - { - return "Shacal2 IV"; - } - } - - public static class Mappings - extends SymmetricAlgorithmProvider - { - private static final String PREFIX = Shacal2.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("Cipher.Shacal2", PREFIX + "$ECB"); - provider.addAlgorithm("KeyGenerator.Shacal2", PREFIX + "$KeyGen"); - provider.addAlgorithm("AlgorithmParameterGenerator.Shacal2", PREFIX + "$AlgParamGen"); - provider.addAlgorithm("AlgorithmParameters.Shacal2", PREFIX + "$AlgParams"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/SipHash.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/SipHash.java deleted file mode 100644 index 5a115318..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/SipHash.java +++ /dev/null @@ -1,62 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric; - -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; -import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; - -public final class SipHash -{ - private SipHash() - { - } - - public static class Mac24 - extends BaseMac - { - public Mac24() - { - super(new org.bouncycastle.crypto.macs.SipHash()); - } - } - - public static class Mac48 - extends BaseMac - { - public Mac48() - { - super(new org.bouncycastle.crypto.macs.SipHash(4, 8)); - } - } - - public static class KeyGen - extends BaseKeyGenerator - { - public KeyGen() - { - super("SipHash", 128, new CipherKeyGenerator()); - } - } - - public static class Mappings - extends AlgorithmProvider - { - private static final String PREFIX = SipHash.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("Mac.SIPHASH-2-4", PREFIX + "$Mac24"); - provider.addAlgorithm("Alg.Alias.Mac.SIPHASH", "SIPHASH-2-4"); - provider.addAlgorithm("Mac.SIPHASH-4-8", PREFIX + "$Mac48"); - - provider.addAlgorithm("KeyGenerator.SIPHASH", PREFIX + "$KeyGen"); - provider.addAlgorithm("Alg.Alias.KeyGenerator.SIPHASH-2-4", "SIPHASH"); - provider.addAlgorithm("Alg.Alias.KeyGenerator.SIPHASH-4-8", "SIPHASH"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Skipjack.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Skipjack.java deleted file mode 100644 index ec75944c..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Skipjack.java +++ /dev/null @@ -1,87 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric; - -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.engines.SkipjackEngine; -import org.bouncycastle.crypto.macs.CBCBlockCipherMac; -import org.bouncycastle.crypto.macs.CFBBlockCipherMac; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; -import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters; -import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; - -public final class Skipjack -{ - private Skipjack() - { - } - - public static class ECB - extends BaseBlockCipher - { - public ECB() - { - super(new SkipjackEngine()); - } - } - - public static class KeyGen - extends BaseKeyGenerator - { - public KeyGen() - { - super("Skipjack", 80, new CipherKeyGenerator()); - } - } - - public static class AlgParams - extends IvAlgorithmParameters - { - protected String engineToString() - { - return "Skipjack IV"; - } - } - - public static class Mac - extends BaseMac - { - public Mac() - { - super(new CBCBlockCipherMac(new SkipjackEngine())); - } - } - - public static class MacCFB8 - extends BaseMac - { - public MacCFB8() - { - super(new CFBBlockCipherMac(new SkipjackEngine())); - } - } - - public static class Mappings - extends AlgorithmProvider - { - private static final String PREFIX = Skipjack.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - - provider.addAlgorithm("Cipher.SKIPJACK", PREFIX + "$ECB"); - provider.addAlgorithm("KeyGenerator.SKIPJACK", PREFIX + "$KeyGen"); - provider.addAlgorithm("AlgorithmParameters.SKIPJACK", PREFIX + "$AlgParams"); - provider.addAlgorithm("Mac.SKIPJACKMAC", PREFIX + "$Mac"); - provider.addAlgorithm("Alg.Alias.Mac.SKIPJACK", "SKIPJACKMAC"); - provider.addAlgorithm("Mac.SKIPJACKMAC/CFB8", PREFIX + "$MacCFB8"); - provider.addAlgorithm("Alg.Alias.Mac.SKIPJACK/CFB8", "SKIPJACKMAC/CFB8"); - - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java deleted file mode 100644 index c1b3d199..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java +++ /dev/null @@ -1,34 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric; - -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; - -abstract class SymmetricAlgorithmProvider - extends AlgorithmProvider -{ - protected void addGMacAlgorithm( - ConfigurableProvider provider, - String algorithm, - String algorithmClassName, - String keyGeneratorClassName) - { - provider.addAlgorithm("Mac." + algorithm + "-GMAC", algorithmClassName); - provider.addAlgorithm("Alg.Alias.Mac." + algorithm + "GMAC", algorithm + "-GMAC"); - - provider.addAlgorithm("KeyGenerator." + algorithm + "-GMAC", keyGeneratorClassName); - provider.addAlgorithm("Alg.Alias.KeyGenerator." + algorithm + "GMAC", algorithm + "-GMAC"); - } - - protected void addPoly1305Algorithm(ConfigurableProvider provider, - String algorithm, - String algorithmClassName, - String keyGeneratorClassName) - { - provider.addAlgorithm("Mac.POLY1305-" + algorithm, algorithmClassName); - provider.addAlgorithm("Alg.Alias.Mac.POLY1305" + algorithm, "POLY1305-" + algorithm); - - provider.addAlgorithm("KeyGenerator.POLY1305-" + algorithm, keyGeneratorClassName); - provider.addAlgorithm("Alg.Alias.KeyGenerator.POLY1305" + algorithm, "POLY1305-" + algorithm); - } - -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/TEA.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/TEA.java deleted file mode 100644 index 4bc12c9f..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/TEA.java +++ /dev/null @@ -1,62 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric; - -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.engines.TEAEngine; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters; -import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; - -public final class TEA -{ - private TEA() - { - } - - public static class ECB - extends BaseBlockCipher - { - public ECB() - { - super(new TEAEngine()); - } - } - - public static class KeyGen - extends BaseKeyGenerator - { - public KeyGen() - { - super("TEA", 128, new CipherKeyGenerator()); - } - } - - public static class AlgParams - extends IvAlgorithmParameters - { - protected String engineToString() - { - return "TEA IV"; - } - } - - public static class Mappings - extends AlgorithmProvider - { - private static final String PREFIX = TEA.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - - provider.addAlgorithm("Cipher.TEA", PREFIX + "$ECB"); - provider.addAlgorithm("KeyGenerator.TEA", PREFIX + "$KeyGen"); - provider.addAlgorithm("AlgorithmParameters.TEA", PREFIX + "$AlgParams"); - - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Threefish.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Threefish.java deleted file mode 100644 index 2970de6a..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Threefish.java +++ /dev/null @@ -1,120 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric; - -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.engines.ThreefishEngine; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters; -import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; - -public final class Threefish -{ - private Threefish() - { - } - - public static class ECB_256 - extends BaseBlockCipher - { - public ECB_256() - { - super(new ThreefishEngine(ThreefishEngine.BLOCKSIZE_256)); - } - } - - public static class ECB_512 - extends BaseBlockCipher - { - public ECB_512() - { - super(new ThreefishEngine(ThreefishEngine.BLOCKSIZE_512)); - } - } - - public static class ECB_1024 - extends BaseBlockCipher - { - public ECB_1024() - { - super(new ThreefishEngine(ThreefishEngine.BLOCKSIZE_1024)); - } - } - - public static class KeyGen_256 - extends BaseKeyGenerator - { - public KeyGen_256() - { - super("Threefish-256", 256, new CipherKeyGenerator()); - } - } - - public static class KeyGen_512 - extends BaseKeyGenerator - { - public KeyGen_512() - { - super("Threefish-512", 512, new CipherKeyGenerator()); - } - } - - public static class KeyGen_1024 - extends BaseKeyGenerator - { - public KeyGen_1024() - { - super("Threefish-1024", 1024, new CipherKeyGenerator()); - } - } - - public static class AlgParams_256 - extends IvAlgorithmParameters - { - protected String engineToString() - { - return "Threefish-256 IV"; - } - } - - public static class AlgParams_512 - extends IvAlgorithmParameters - { - protected String engineToString() - { - return "Threefish-512 IV"; - } - } - - public static class AlgParams_1024 - extends IvAlgorithmParameters - { - protected String engineToString() - { - return "Threefish-1024 IV"; - } - } - - public static class Mappings - extends AlgorithmProvider - { - private static final String PREFIX = Threefish.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("Cipher.Threefish-256", PREFIX + "$ECB_256"); - provider.addAlgorithm("Cipher.Threefish-512", PREFIX + "$ECB_512"); - provider.addAlgorithm("Cipher.Threefish-1024", PREFIX + "$ECB_1024"); - provider.addAlgorithm("KeyGenerator.Threefish-256", PREFIX + "$KeyGen_256"); - provider.addAlgorithm("KeyGenerator.Threefish-512", PREFIX + "$KeyGen_512"); - provider.addAlgorithm("KeyGenerator.Threefish-1024", PREFIX + "$KeyGen_1024"); - provider.addAlgorithm("AlgorithmParameters.Threefish-256", PREFIX + "$AlgParams_256"); - provider.addAlgorithm("AlgorithmParameters.Threefish-512", PREFIX + "$AlgParams_512"); - provider.addAlgorithm("AlgorithmParameters.Threefish-1024", PREFIX + "$AlgParams_1024"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Twofish.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Twofish.java deleted file mode 100644 index 4c3ab1c7..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Twofish.java +++ /dev/null @@ -1,132 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.engines.TwofishEngine; -import org.bouncycastle.crypto.generators.Poly1305KeyGenerator; -import org.bouncycastle.crypto.macs.GMac; -import org.bouncycastle.crypto.modes.CBCBlockCipher; -import org.bouncycastle.crypto.modes.GCMBlockCipher; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; -import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters; -import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory; - -public final class Twofish -{ - private Twofish() - { - } - - public static class ECB - extends BaseBlockCipher - { - public ECB() - { - super(new BlockCipherProvider() - { - public BlockCipher get() - { - return new TwofishEngine(); - } - }); - } - } - - public static class KeyGen - extends BaseKeyGenerator - { - public KeyGen() - { - super("Twofish", 256, new CipherKeyGenerator()); - } - } - - public static class GMAC - extends BaseMac - { - public GMAC() - { - super(new GMac(new GCMBlockCipher(new TwofishEngine()))); - } - } - - public static class Poly1305 - extends BaseMac - { - public Poly1305() - { - super(new org.bouncycastle.crypto.macs.Poly1305(new TwofishEngine())); - } - } - - public static class Poly1305KeyGen - extends BaseKeyGenerator - { - public Poly1305KeyGen() - { - super("Poly1305-Twofish", 256, new Poly1305KeyGenerator()); - } - } - - /** - * PBEWithSHAAndTwofish-CBC - */ - static public class PBEWithSHAKeyFactory - extends PBESecretKeyFactory - { - public PBEWithSHAKeyFactory() - { - super("PBEwithSHAandTwofish-CBC", null, true, PKCS12, SHA1, 256, 128); - } - } - - /** - * PBEWithSHAAndTwofish-CBC - */ - static public class PBEWithSHA - extends BaseBlockCipher - { - public PBEWithSHA() - { - super(new CBCBlockCipher(new TwofishEngine())); - } - } - - public static class AlgParams - extends IvAlgorithmParameters - { - protected String engineToString() - { - return "Twofish IV"; - } - } - - public static class Mappings - extends SymmetricAlgorithmProvider - { - private static final String PREFIX = Twofish.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("Cipher.Twofish", PREFIX + "$ECB"); - provider.addAlgorithm("KeyGenerator.Twofish", PREFIX + "$KeyGen"); - provider.addAlgorithm("AlgorithmParameters.Twofish", PREFIX + "$AlgParams"); - - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH", "PKCS12PBE"); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH-CBC", "PKCS12PBE"); - provider.addAlgorithm("Cipher.PBEWITHSHAANDTWOFISH-CBC", PREFIX + "$PBEWithSHA"); - provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAANDTWOFISH-CBC", PREFIX + "$PBEWithSHAKeyFactory"); - - addGMacAlgorithm(provider, "Twofish", PREFIX + "$GMAC", PREFIX + "$KeyGen"); - addPoly1305Algorithm(provider, "Twofish", PREFIX + "$Poly1305", PREFIX + "$Poly1305KeyGen"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/VMPC.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/VMPC.java deleted file mode 100644 index 1e59e078..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/VMPC.java +++ /dev/null @@ -1,65 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric; - -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.engines.VMPCEngine; -import org.bouncycastle.crypto.macs.VMPCMac; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseStreamCipher; -import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; - -public final class VMPC -{ - private VMPC() - { - } - - public static class Base - extends BaseStreamCipher - { - public Base() - { - super(new VMPCEngine(), 16); - } - } - - public static class KeyGen - extends BaseKeyGenerator - { - public KeyGen() - { - super("VMPC", 128, new CipherKeyGenerator()); - } - } - - public static class Mac - extends BaseMac - { - public Mac() - { - super(new VMPCMac()); - } - } - - public static class Mappings - extends AlgorithmProvider - { - private static final String PREFIX = VMPC.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - - provider.addAlgorithm("Cipher.VMPC", PREFIX + "$Base"); - provider.addAlgorithm("KeyGenerator.VMPC", PREFIX + "$KeyGen"); - provider.addAlgorithm("Mac.VMPCMAC", PREFIX + "$Mac"); - provider.addAlgorithm("Alg.Alias.Mac.VMPC", "VMPCMAC"); - provider.addAlgorithm("Alg.Alias.Mac.VMPC-MAC", "VMPCMAC"); - - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/VMPCKSA3.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/VMPCKSA3.java deleted file mode 100644 index b5d8814a..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/VMPCKSA3.java +++ /dev/null @@ -1,51 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric; - -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.engines.VMPCKSA3Engine; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseStreamCipher; -import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; - -public final class VMPCKSA3 -{ - private VMPCKSA3() - { - } - - public static class Base - extends BaseStreamCipher - { - public Base() - { - super(new VMPCKSA3Engine(), 16); - } - } - - public static class KeyGen - extends BaseKeyGenerator - { - public KeyGen() - { - super("VMPC-KSA3", 128, new CipherKeyGenerator()); - } - } - - public static class Mappings - extends AlgorithmProvider - { - private static final String PREFIX = VMPCKSA3.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - - provider.addAlgorithm("Cipher.VMPC-KSA3", PREFIX + "$Base"); - provider.addAlgorithm("KeyGenerator.VMPC-KSA3", PREFIX + "$KeyGen"); - - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/XSalsa20.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/XSalsa20.java deleted file mode 100644 index 5be06401..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/XSalsa20.java +++ /dev/null @@ -1,51 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric; - -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.engines.XSalsa20Engine; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseStreamCipher; -import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; - -public final class XSalsa20 -{ - private XSalsa20() - { - } - - public static class Base - extends BaseStreamCipher - { - public Base() - { - super(new XSalsa20Engine(), 24); - } - } - - public static class KeyGen - extends BaseKeyGenerator - { - public KeyGen() - { - super("XSalsa20", 256, new CipherKeyGenerator()); - } - } - - public static class Mappings - extends AlgorithmProvider - { - private static final String PREFIX = XSalsa20.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - - provider.addAlgorithm("Cipher.XSALSA20", PREFIX + "$Base"); - provider.addAlgorithm("KeyGenerator.XSALSA20", PREFIX + "$KeyGen"); - - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/XTEA.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/XTEA.java deleted file mode 100644 index 2e946de1..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/XTEA.java +++ /dev/null @@ -1,62 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric; - -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.engines.XTEAEngine; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher; -import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator; -import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters; -import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; - -public final class XTEA -{ - private XTEA() - { - } - - public static class ECB - extends BaseBlockCipher - { - public ECB() - { - super(new XTEAEngine()); - } - } - - public static class KeyGen - extends BaseKeyGenerator - { - public KeyGen() - { - super("XTEA", 128, new CipherKeyGenerator()); - } - } - - public static class AlgParams - extends IvAlgorithmParameters - { - protected String engineToString() - { - return "XTEA IV"; - } - } - - public static class Mappings - extends AlgorithmProvider - { - private static final String PREFIX = XTEA.class.getName(); - - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - - provider.addAlgorithm("Cipher.XTEA", PREFIX + "$ECB"); - provider.addAlgorithm("KeyGenerator.XTEA", PREFIX + "$KeyGen"); - provider.addAlgorithm("AlgorithmParameters.XTEA", PREFIX + "$AlgParams"); - - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java deleted file mode 100644 index a4719729..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java +++ /dev/null @@ -1,155 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric.util; - -import javax.crypto.interfaces.PBEKey; -import javax.crypto.spec.PBEKeySpec; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.PBEParametersGenerator; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; - -public class BCPBEKey - implements PBEKey -{ - String algorithm; - ASN1ObjectIdentifier oid; - int type; - int digest; - int keySize; - int ivSize; - CipherParameters param; - PBEKeySpec pbeKeySpec; - boolean tryWrong = false; - - /** - * @param param - */ - public BCPBEKey( - String algorithm, - ASN1ObjectIdentifier oid, - int type, - int digest, - int keySize, - int ivSize, - PBEKeySpec pbeKeySpec, - CipherParameters param) - { - this.algorithm = algorithm; - this.oid = oid; - this.type = type; - this.digest = digest; - this.keySize = keySize; - this.ivSize = ivSize; - this.pbeKeySpec = pbeKeySpec; - this.param = param; - } - - public String getAlgorithm() - { - return algorithm; - } - - public String getFormat() - { - return "RAW"; - } - - public byte[] getEncoded() - { - if (param != null) - { - KeyParameter kParam; - - if (param instanceof ParametersWithIV) - { - kParam = (KeyParameter)((ParametersWithIV)param).getParameters(); - } - else - { - kParam = (KeyParameter)param; - } - - return kParam.getKey(); - } - else - { - if (type == PBE.PKCS12) - { - return PBEParametersGenerator.PKCS12PasswordToBytes(pbeKeySpec.getPassword()); - } - else if (type == PBE.PKCS5S2_UTF8) - { - return PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(pbeKeySpec.getPassword()); - } - else - { - return PBEParametersGenerator.PKCS5PasswordToBytes(pbeKeySpec.getPassword()); - } - } - } - - int getType() - { - return type; - } - - int getDigest() - { - return digest; - } - - int getKeySize() - { - return keySize; - } - - public int getIvSize() - { - return ivSize; - } - - public CipherParameters getParam() - { - return param; - } - - /* (non-Javadoc) - * @see javax.crypto.interfaces.PBEKey#getPassword() - */ - public char[] getPassword() - { - return pbeKeySpec.getPassword(); - } - - /* (non-Javadoc) - * @see javax.crypto.interfaces.PBEKey#getSalt() - */ - public byte[] getSalt() - { - return pbeKeySpec.getSalt(); - } - - /* (non-Javadoc) - * @see javax.crypto.interfaces.PBEKey#getIterationCount() - */ - public int getIterationCount() - { - return pbeKeySpec.getIterationCount(); - } - - public ASN1ObjectIdentifier getOID() - { - return oid; - } - - public void setTryWrongPKCS12Zero(boolean tryWrong) - { - this.tryWrong = tryWrong; - } - - boolean shouldTryWrongPKCS12() - { - return tryWrong; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameterGenerator.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameterGenerator.java deleted file mode 100644 index 63d6548e..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameterGenerator.java +++ /dev/null @@ -1,19 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric.util; - -import java.security.AlgorithmParameterGeneratorSpi; -import java.security.SecureRandom; - -public abstract class BaseAlgorithmParameterGenerator - extends AlgorithmParameterGeneratorSpi -{ - protected SecureRandom random; - protected int strength = 1024; - - protected void engineInit( - int strength, - SecureRandom random) - { - this.strength = strength; - this.random = random; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java deleted file mode 100644 index ec723db6..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java +++ /dev/null @@ -1,29 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric.util; - -import java.security.AlgorithmParametersSpi; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.InvalidParameterSpecException; - -public abstract class BaseAlgorithmParameters - extends AlgorithmParametersSpi -{ - protected boolean isASN1FormatString(String format) - { - return format == null || format.equals("ASN.1"); - } - - protected AlgorithmParameterSpec engineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == null) - { - throw new NullPointerException("argument to getParameterSpec must not be null"); - } - - return localEngineGetParameterSpec(paramSpec); - } - - protected abstract AlgorithmParameterSpec localEngineGetParameterSpec(Class paramSpec) - throws InvalidParameterSpecException; -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java deleted file mode 100644 index 01fe466d..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java +++ /dev/null @@ -1,1095 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric.util; - -import java.lang.reflect.Constructor; -import java.lang.reflect.Method; -import java.nio.ByteBuffer; -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.InvalidParameterException; -import java.security.Key; -import java.security.NoSuchAlgorithmException; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.BadPaddingException; -import javax.crypto.Cipher; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.SecretKey; -import javax.crypto.ShortBufferException; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.PBEParameterSpec; -import javax.crypto.spec.RC2ParameterSpec; -import javax.crypto.spec.RC5ParameterSpec; - -import org.bouncycastle.asn1.cms.GCMParameters; -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.BufferedBlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.InvalidCipherTextException; -import org.bouncycastle.crypto.OutputLengthException; -import org.bouncycastle.crypto.modes.AEADBlockCipher; -import org.bouncycastle.crypto.modes.CBCBlockCipher; -import org.bouncycastle.crypto.modes.CCMBlockCipher; -import org.bouncycastle.crypto.modes.CFBBlockCipher; -import org.bouncycastle.crypto.modes.CTSBlockCipher; -import org.bouncycastle.crypto.modes.EAXBlockCipher; -import org.bouncycastle.crypto.modes.GCFBBlockCipher; -import org.bouncycastle.crypto.modes.GCMBlockCipher; -import org.bouncycastle.crypto.modes.GOFBBlockCipher; -import org.bouncycastle.crypto.modes.OCBBlockCipher; -import org.bouncycastle.crypto.modes.OFBBlockCipher; -import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher; -import org.bouncycastle.crypto.modes.PGPCFBBlockCipher; -import org.bouncycastle.crypto.modes.SICBlockCipher; -import org.bouncycastle.crypto.paddings.BlockCipherPadding; -import org.bouncycastle.crypto.paddings.ISO10126d2Padding; -import org.bouncycastle.crypto.paddings.ISO7816d4Padding; -import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher; -import org.bouncycastle.crypto.paddings.TBCPadding; -import org.bouncycastle.crypto.paddings.X923Padding; -import org.bouncycastle.crypto.paddings.ZeroBytePadding; -import org.bouncycastle.crypto.params.AEADParameters; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; -import org.bouncycastle.crypto.params.ParametersWithRandom; -import org.bouncycastle.crypto.params.ParametersWithSBox; -import org.bouncycastle.crypto.params.RC2Parameters; -import org.bouncycastle.crypto.params.RC5Parameters; -import org.bouncycastle.jcajce.spec.GOST28147ParameterSpec; -import org.bouncycastle.jcajce.spec.RepeatedSecretKeySpec; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.util.Strings; - -public class BaseBlockCipher - extends BaseWrapCipher - implements PBE -{ - private static final Class gcmSpecClass = lookup("javax.crypto.spec.GCMParameterSpec"); - - // - // specs we can handle. - // - private Class[] availableSpecs = - { - RC2ParameterSpec.class, - RC5ParameterSpec.class, - IvParameterSpec.class, - PBEParameterSpec.class, - GOST28147ParameterSpec.class, - gcmSpecClass - }; - - private BlockCipher baseEngine; - private BlockCipherProvider engineProvider; - private GenericBlockCipher cipher; - private ParametersWithIV ivParam; - private AEADParameters aeadParams; - - private int ivLength = 0; - - private boolean padded; - - private PBEParameterSpec pbeSpec = null; - private String pbeAlgorithm = null; - - private String modeName = null; - - private static Class lookup(String className) - { - try - { - Class def = BaseBlockCipher.class.getClassLoader().loadClass(className); - - return def; - } - catch (Exception e) - { - return null; - } - } - - protected BaseBlockCipher( - BlockCipher engine) - { - baseEngine = engine; - - cipher = new BufferedGenericBlockCipher(engine); - } - - protected BaseBlockCipher( - BlockCipherProvider provider) - { - baseEngine = provider.get(); - engineProvider = provider; - - cipher = new BufferedGenericBlockCipher(provider.get()); - } - - protected BaseBlockCipher( - AEADBlockCipher engine) - { - baseEngine = engine.getUnderlyingCipher(); - ivLength = baseEngine.getBlockSize(); - cipher = new AEADGenericBlockCipher(engine); - } - - protected BaseBlockCipher( - org.bouncycastle.crypto.BlockCipher engine, - int ivLength) - { - baseEngine = engine; - - this.cipher = new BufferedGenericBlockCipher(engine); - this.ivLength = ivLength / 8; - } - - protected BaseBlockCipher( - BufferedBlockCipher engine, - int ivLength) - { - baseEngine = engine.getUnderlyingCipher(); - - this.cipher = new BufferedGenericBlockCipher(engine); - this.ivLength = ivLength / 8; - } - - protected int engineGetBlockSize() - { - return baseEngine.getBlockSize(); - } - - protected byte[] engineGetIV() - { - if (aeadParams != null) - { - return aeadParams.getNonce(); - } - - return (ivParam != null) ? ivParam.getIV() : null; - } - - protected int engineGetKeySize( - Key key) - { - return key.getEncoded().length * 8; - } - - protected int engineGetOutputSize( - int inputLen) - { - return cipher.getOutputSize(inputLen); - } - - protected AlgorithmParameters engineGetParameters() - { - if (engineParams == null) - { - if (pbeSpec != null) - { - try - { - engineParams = AlgorithmParameters.getInstance(pbeAlgorithm, BouncyCastleProvider.PROVIDER_NAME); - engineParams.init(pbeSpec); - } - catch (Exception e) - { - return null; - } - } - else if (ivParam != null) - { - String name = cipher.getUnderlyingCipher().getAlgorithmName(); - - if (name.indexOf('/') >= 0) - { - name = name.substring(0, name.indexOf('/')); - } - - try - { - engineParams = AlgorithmParameters.getInstance(name, BouncyCastleProvider.PROVIDER_NAME); - engineParams.init(ivParam.getIV()); - } - catch (Exception e) - { - throw new RuntimeException(e.toString()); - } - } - else if (aeadParams != null) - { - try - { - engineParams = AlgorithmParameters.getInstance("GCM", BouncyCastleProvider.PROVIDER_NAME); - engineParams.init(new GCMParameters(aeadParams.getNonce(), aeadParams.getMacSize()).getEncoded()); - } - catch (Exception e) - { - throw new RuntimeException(e.toString()); - } - } - } - - return engineParams; - } - - protected void engineSetMode( - String mode) - throws NoSuchAlgorithmException - { - modeName = Strings.toUpperCase(mode); - - if (modeName.equals("ECB")) - { - ivLength = 0; - cipher = new BufferedGenericBlockCipher(baseEngine); - } - else if (modeName.equals("CBC")) - { - ivLength = baseEngine.getBlockSize(); - cipher = new BufferedGenericBlockCipher( - new CBCBlockCipher(baseEngine)); - } - else if (modeName.startsWith("OFB")) - { - ivLength = baseEngine.getBlockSize(); - if (modeName.length() != 3) - { - int wordSize = Integer.parseInt(modeName.substring(3)); - - cipher = new BufferedGenericBlockCipher( - new OFBBlockCipher(baseEngine, wordSize)); - } - else - { - cipher = new BufferedGenericBlockCipher( - new OFBBlockCipher(baseEngine, 8 * baseEngine.getBlockSize())); - } - } - else if (modeName.startsWith("CFB")) - { - ivLength = baseEngine.getBlockSize(); - if (modeName.length() != 3) - { - int wordSize = Integer.parseInt(modeName.substring(3)); - - cipher = new BufferedGenericBlockCipher( - new CFBBlockCipher(baseEngine, wordSize)); - } - else - { - cipher = new BufferedGenericBlockCipher( - new CFBBlockCipher(baseEngine, 8 * baseEngine.getBlockSize())); - } - } - else if (modeName.startsWith("PGP")) - { - boolean inlineIV = modeName.equalsIgnoreCase("PGPCFBwithIV"); - - ivLength = baseEngine.getBlockSize(); - cipher = new BufferedGenericBlockCipher( - new PGPCFBBlockCipher(baseEngine, inlineIV)); - } - else if (modeName.equalsIgnoreCase("OpenPGPCFB")) - { - ivLength = 0; - cipher = new BufferedGenericBlockCipher( - new OpenPGPCFBBlockCipher(baseEngine)); - } - else if (modeName.startsWith("SIC")) - { - ivLength = baseEngine.getBlockSize(); - if (ivLength < 16) - { - throw new IllegalArgumentException("Warning: SIC-Mode can become a twotime-pad if the blocksize of the cipher is too small. Use a cipher with a block size of at least 128 bits (e.g. AES)"); - } - cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( - new SICBlockCipher(baseEngine))); - } - else if (modeName.startsWith("CTR")) - { - ivLength = baseEngine.getBlockSize(); - cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( - new SICBlockCipher(baseEngine))); - } - else if (modeName.startsWith("GOFB")) - { - ivLength = baseEngine.getBlockSize(); - cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( - new GOFBBlockCipher(baseEngine))); - } - else if (modeName.startsWith("GCFB")) - { - ivLength = baseEngine.getBlockSize(); - cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher( - new GCFBBlockCipher(baseEngine))); - } - else if (modeName.startsWith("CTS")) - { - ivLength = baseEngine.getBlockSize(); - cipher = new BufferedGenericBlockCipher(new CTSBlockCipher(new CBCBlockCipher(baseEngine))); - } - else if (modeName.startsWith("CCM")) - { - ivLength = 13; // CCM nonce 7..13 bytes - cipher = new AEADGenericBlockCipher(new CCMBlockCipher(baseEngine)); - } - else if (modeName.startsWith("OCB")) - { - if (engineProvider != null) - { - /* - * RFC 7253 4.2. Nonce is a string of no more than 120 bits - */ - ivLength = 15; - cipher = new AEADGenericBlockCipher(new OCBBlockCipher(baseEngine, engineProvider.get())); - } - else - { - throw new NoSuchAlgorithmException("can't support mode " + mode); - } - } - else if (modeName.startsWith("EAX")) - { - ivLength = baseEngine.getBlockSize(); - cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine)); - } - else if (modeName.startsWith("GCM")) - { - ivLength = baseEngine.getBlockSize(); - cipher = new AEADGenericBlockCipher(new GCMBlockCipher(baseEngine)); - } - else - { - throw new NoSuchAlgorithmException("can't support mode " + mode); - } - } - - protected void engineSetPadding( - String padding) - throws NoSuchPaddingException - { - String paddingName = Strings.toUpperCase(padding); - - if (paddingName.equals("NOPADDING")) - { - if (cipher.wrapOnNoPadding()) - { - cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(cipher.getUnderlyingCipher())); - } - } - else if (paddingName.equals("WITHCTS")) - { - cipher = new BufferedGenericBlockCipher(new CTSBlockCipher(cipher.getUnderlyingCipher())); - } - else - { - padded = true; - - if (isAEADModeName(modeName)) - { - throw new NoSuchPaddingException("Only NoPadding can be used with AEAD modes."); - } - else if (paddingName.equals("PKCS5PADDING") || paddingName.equals("PKCS7PADDING")) - { - cipher = new BufferedGenericBlockCipher(cipher.getUnderlyingCipher()); - } - else if (paddingName.equals("ZEROBYTEPADDING")) - { - cipher = new BufferedGenericBlockCipher(cipher.getUnderlyingCipher(), new ZeroBytePadding()); - } - else if (paddingName.equals("ISO10126PADDING") || paddingName.equals("ISO10126-2PADDING")) - { - cipher = new BufferedGenericBlockCipher(cipher.getUnderlyingCipher(), new ISO10126d2Padding()); - } - else if (paddingName.equals("X9.23PADDING") || paddingName.equals("X923PADDING")) - { - cipher = new BufferedGenericBlockCipher(cipher.getUnderlyingCipher(), new X923Padding()); - } - else if (paddingName.equals("ISO7816-4PADDING") || paddingName.equals("ISO9797-1PADDING")) - { - cipher = new BufferedGenericBlockCipher(cipher.getUnderlyingCipher(), new ISO7816d4Padding()); - } - else if (paddingName.equals("TBCPADDING")) - { - cipher = new BufferedGenericBlockCipher(cipher.getUnderlyingCipher(), new TBCPadding()); - } - else - { - throw new NoSuchPaddingException("Padding " + padding + " unknown."); - } - } - } - - protected void engineInit( - int opmode, - Key key, - AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - CipherParameters param; - - this.pbeSpec = null; - this.pbeAlgorithm = null; - this.engineParams = null; - this.aeadParams = null; - - // - // basic key check - // - if (!(key instanceof SecretKey)) - { - throw new InvalidKeyException("Key for algorithm " + key.getAlgorithm() + " not suitable for symmetric enryption."); - } - - // - // for RC5-64 we must have some default parameters - // - if (params == null && baseEngine.getAlgorithmName().startsWith("RC5-64")) - { - throw new InvalidAlgorithmParameterException("RC5 requires an RC5ParametersSpec to be passed in."); - } - - // - // a note on iv's - if ivLength is zero the IV gets ignored (we don't use it). - // - if (key instanceof BCPBEKey) - { - BCPBEKey k = (BCPBEKey)key; - - if (k.getOID() != null) - { - pbeAlgorithm = k.getOID().getId(); - } - else - { - pbeAlgorithm = k.getAlgorithm(); - } - - if (k.getParam() != null) - { - param = k.getParam(); - if (params instanceof IvParameterSpec) - { - IvParameterSpec iv = (IvParameterSpec)params; - - param = new ParametersWithIV(param, iv.getIV()); - } - else if (params instanceof GOST28147ParameterSpec) - { - // need to pick up IV and SBox. - GOST28147ParameterSpec gost28147Param = (GOST28147ParameterSpec)params; - - param = new ParametersWithSBox(param, gost28147Param.getSbox()); - - if (gost28147Param.getIV() != null && ivLength != 0) - { - param = new ParametersWithIV(param, gost28147Param.getIV()); - } - } - } - else if (params instanceof PBEParameterSpec) - { - pbeSpec = (PBEParameterSpec)params; - param = PBE.Util.makePBEParameters(k, params, cipher.getUnderlyingCipher().getAlgorithmName()); - } - else - { - throw new InvalidAlgorithmParameterException("PBE requires PBE parameters to be set."); - } - - if (param instanceof ParametersWithIV) - { - ivParam = (ParametersWithIV)param; - } - } - else if (params == null) - { - param = new KeyParameter(key.getEncoded()); - } - else if (params instanceof IvParameterSpec) - { - if (ivLength != 0) - { - IvParameterSpec p = (IvParameterSpec)params; - - if (p.getIV().length != ivLength && !isAEADModeName(modeName)) - { - throw new InvalidAlgorithmParameterException("IV must be " + ivLength + " bytes long."); - } - - if (key instanceof RepeatedSecretKeySpec) - { - param = new ParametersWithIV(null, p.getIV()); - ivParam = (ParametersWithIV)param; - } - else - { - param = new ParametersWithIV(new KeyParameter(key.getEncoded()), p.getIV()); - ivParam = (ParametersWithIV)param; - } - } - else - { - if (modeName != null && modeName.equals("ECB")) - { - throw new InvalidAlgorithmParameterException("ECB mode does not use an IV"); - } - - param = new KeyParameter(key.getEncoded()); - } - } - else if (params instanceof GOST28147ParameterSpec) - { - GOST28147ParameterSpec gost28147Param = (GOST28147ParameterSpec)params; - - param = new ParametersWithSBox( - new KeyParameter(key.getEncoded()), ((GOST28147ParameterSpec)params).getSbox()); - - if (gost28147Param.getIV() != null && ivLength != 0) - { - param = new ParametersWithIV(param, gost28147Param.getIV()); - ivParam = (ParametersWithIV)param; - } - } - else if (params instanceof RC2ParameterSpec) - { - RC2ParameterSpec rc2Param = (RC2ParameterSpec)params; - - param = new RC2Parameters(key.getEncoded(), ((RC2ParameterSpec)params).getEffectiveKeyBits()); - - if (rc2Param.getIV() != null && ivLength != 0) - { - param = new ParametersWithIV(param, rc2Param.getIV()); - ivParam = (ParametersWithIV)param; - } - } - else if (params instanceof RC5ParameterSpec) - { - RC5ParameterSpec rc5Param = (RC5ParameterSpec)params; - - param = new RC5Parameters(key.getEncoded(), ((RC5ParameterSpec)params).getRounds()); - if (baseEngine.getAlgorithmName().startsWith("RC5")) - { - if (baseEngine.getAlgorithmName().equals("RC5-32")) - { - if (rc5Param.getWordSize() != 32) - { - throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 32 not " + rc5Param.getWordSize() + "."); - } - } - else if (baseEngine.getAlgorithmName().equals("RC5-64")) - { - if (rc5Param.getWordSize() != 64) - { - throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 64 not " + rc5Param.getWordSize() + "."); - } - } - } - else - { - throw new InvalidAlgorithmParameterException("RC5 parameters passed to a cipher that is not RC5."); - } - if ((rc5Param.getIV() != null) && (ivLength != 0)) - { - param = new ParametersWithIV(param, rc5Param.getIV()); - ivParam = (ParametersWithIV)param; - } - } - else if (gcmSpecClass != null && gcmSpecClass.isInstance(params)) - { - if (!isAEADModeName(modeName) && !(cipher instanceof AEADGenericBlockCipher)) - { - throw new InvalidAlgorithmParameterException("GCMParameterSpec can only be used with AEAD modes."); - } - - try - { - Method tLen = gcmSpecClass.getDeclaredMethod("getTLen", new Class[0]); - Method iv= gcmSpecClass.getDeclaredMethod("getIV", new Class[0]); - - if (key instanceof RepeatedSecretKeySpec) - { - param = aeadParams = new AEADParameters(null, ((Integer)tLen.invoke(params, new Object[0])).intValue(), (byte[])iv.invoke(params, new Object[0])); - } - else - { - param = aeadParams = new AEADParameters(new KeyParameter(key.getEncoded()), ((Integer)tLen.invoke(params, new Object[0])).intValue(), (byte[])iv.invoke(params, new Object[0])); - } - } - catch (Exception e) - { - throw new InvalidAlgorithmParameterException("Cannot process GCMParameterSpec."); - } - } - else - { - throw new InvalidAlgorithmParameterException("unknown parameter type."); - } - - if ((ivLength != 0) && !(param instanceof ParametersWithIV) && !(param instanceof AEADParameters)) - { - SecureRandom ivRandom = random; - - if (ivRandom == null) - { - ivRandom = new SecureRandom(); - } - - if ((opmode == Cipher.ENCRYPT_MODE) || (opmode == Cipher.WRAP_MODE)) - { - byte[] iv = new byte[ivLength]; - - ivRandom.nextBytes(iv); - param = new ParametersWithIV(param, iv); - ivParam = (ParametersWithIV)param; - } - else if (cipher.getUnderlyingCipher().getAlgorithmName().indexOf("PGPCFB") < 0) - { - throw new InvalidAlgorithmParameterException("no IV set when one expected"); - } - } - - if (random != null && padded) - { - param = new ParametersWithRandom(param, random); - } - - try - { - switch (opmode) - { - case Cipher.ENCRYPT_MODE: - case Cipher.WRAP_MODE: - cipher.init(true, param); - break; - case Cipher.DECRYPT_MODE: - case Cipher.UNWRAP_MODE: - cipher.init(false, param); - break; - default: - throw new InvalidParameterException("unknown opmode " + opmode + " passed"); - } - } - catch (Exception e) - { - throw new InvalidKeyException(e.getMessage()); - } - } - - protected void engineInit( - int opmode, - Key key, - AlgorithmParameters params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - AlgorithmParameterSpec paramSpec = null; - - if (params != null) - { - for (int i = 0; i != availableSpecs.length; i++) - { - if (availableSpecs[i] == null) - { - continue; - } - - try - { - paramSpec = params.getParameterSpec(availableSpecs[i]); - break; - } - catch (Exception e) - { - // try again if possible - } - } - - if (paramSpec == null) - { - throw new InvalidAlgorithmParameterException("can't handle parameter " + params.toString()); - } - } - - engineInit(opmode, key, paramSpec, random); - - engineParams = params; - } - - protected void engineInit( - int opmode, - Key key, - SecureRandom random) - throws InvalidKeyException - { - try - { - engineInit(opmode, key, (AlgorithmParameterSpec)null, random); - } - catch (InvalidAlgorithmParameterException e) - { - throw new InvalidKeyException(e.getMessage()); - } - } - - protected void engineUpdateAAD(byte[] input, int offset, int length) - { - cipher.updateAAD(input, offset, length); - } - - protected void engineUpdateAAD(ByteBuffer bytebuffer) - { - int offset = bytebuffer.arrayOffset() + bytebuffer.position(); - int length = bytebuffer.limit() - bytebuffer.position(); - engineUpdateAAD(bytebuffer.array(), offset, length); - } - - protected byte[] engineUpdate( - byte[] input, - int inputOffset, - int inputLen) - { - int length = cipher.getUpdateOutputSize(inputLen); - - if (length > 0) - { - byte[] out = new byte[length]; - - int len = cipher.processBytes(input, inputOffset, inputLen, out, 0); - - if (len == 0) - { - return null; - } - else if (len != out.length) - { - byte[] tmp = new byte[len]; - - System.arraycopy(out, 0, tmp, 0, len); - - return tmp; - } - - return out; - } - - cipher.processBytes(input, inputOffset, inputLen, null, 0); - - return null; - } - - protected int engineUpdate( - byte[] input, - int inputOffset, - int inputLen, - byte[] output, - int outputOffset) - throws ShortBufferException - { - try - { - return cipher.processBytes(input, inputOffset, inputLen, output, outputOffset); - } - catch (DataLengthException e) - { - throw new ShortBufferException(e.getMessage()); - } - } - - protected byte[] engineDoFinal( - byte[] input, - int inputOffset, - int inputLen) - throws IllegalBlockSizeException, BadPaddingException - { - int len = 0; - byte[] tmp = new byte[engineGetOutputSize(inputLen)]; - - if (inputLen != 0) - { - len = cipher.processBytes(input, inputOffset, inputLen, tmp, 0); - } - - try - { - len += cipher.doFinal(tmp, len); - } - catch (DataLengthException e) - { - throw new IllegalBlockSizeException(e.getMessage()); - } - - if (len == tmp.length) - { - return tmp; - } - - byte[] out = new byte[len]; - - System.arraycopy(tmp, 0, out, 0, len); - - return out; - } - - protected int engineDoFinal( - byte[] input, - int inputOffset, - int inputLen, - byte[] output, - int outputOffset) - throws IllegalBlockSizeException, BadPaddingException, ShortBufferException - { - try - { - int len = 0; - - if (inputLen != 0) - { - len = cipher.processBytes(input, inputOffset, inputLen, output, outputOffset); - } - - return (len + cipher.doFinal(output, outputOffset + len)); - } - catch (OutputLengthException e) - { - throw new ShortBufferException(e.getMessage()); - } - catch (DataLengthException e) - { - throw new IllegalBlockSizeException(e.getMessage()); - } - } - - private boolean isAEADModeName( - String modeName) - { - return "CCM".equals(modeName) || "EAX".equals(modeName) || "GCM".equals(modeName) || "OCB".equals(modeName); - } - - /* - * The ciphers that inherit from us. - */ - - static private interface GenericBlockCipher - { - public void init(boolean forEncryption, CipherParameters params) - throws IllegalArgumentException; - - public boolean wrapOnNoPadding(); - - public String getAlgorithmName(); - - public org.bouncycastle.crypto.BlockCipher getUnderlyingCipher(); - - public int getOutputSize(int len); - - public int getUpdateOutputSize(int len); - - public void updateAAD(byte[] input, int offset, int length); - - public int processByte(byte in, byte[] out, int outOff) - throws DataLengthException; - - public int processBytes(byte[] in, int inOff, int len, byte[] out, int outOff) - throws DataLengthException; - - public int doFinal(byte[] out, int outOff) - throws IllegalStateException, - BadPaddingException; - } - - private static class BufferedGenericBlockCipher - implements GenericBlockCipher - { - private BufferedBlockCipher cipher; - - BufferedGenericBlockCipher(BufferedBlockCipher cipher) - { - this.cipher = cipher; - } - - BufferedGenericBlockCipher(org.bouncycastle.crypto.BlockCipher cipher) - { - this.cipher = new PaddedBufferedBlockCipher(cipher); - } - - BufferedGenericBlockCipher(org.bouncycastle.crypto.BlockCipher cipher, BlockCipherPadding padding) - { - this.cipher = new PaddedBufferedBlockCipher(cipher, padding); - } - - public void init(boolean forEncryption, CipherParameters params) - throws IllegalArgumentException - { - cipher.init(forEncryption, params); - } - - public boolean wrapOnNoPadding() - { - return !(cipher instanceof CTSBlockCipher); - } - - public String getAlgorithmName() - { - return cipher.getUnderlyingCipher().getAlgorithmName(); - } - - public org.bouncycastle.crypto.BlockCipher getUnderlyingCipher() - { - return cipher.getUnderlyingCipher(); - } - - public int getOutputSize(int len) - { - return cipher.getOutputSize(len); - } - - public int getUpdateOutputSize(int len) - { - return cipher.getUpdateOutputSize(len); - } - - public void updateAAD(byte[] input, int offset, int length) - { - throw new UnsupportedOperationException("AAD is not supported in the current mode."); - } - - public int processByte(byte in, byte[] out, int outOff) throws DataLengthException - { - return cipher.processByte(in, out, outOff); - } - - public int processBytes(byte[] in, int inOff, int len, byte[] out, int outOff) throws DataLengthException - { - return cipher.processBytes(in, inOff, len, out, outOff); - } - - public int doFinal(byte[] out, int outOff) throws IllegalStateException, BadPaddingException - { - try - { - return cipher.doFinal(out, outOff); - } - catch (InvalidCipherTextException e) - { - throw new BadPaddingException(e.getMessage()); - } - } - } - - private static class AEADGenericBlockCipher - implements GenericBlockCipher - { - private static final Constructor aeadBadTagConstructor; - - static { - Class aeadBadTagClass = lookup("javax.crypto.AEADBadTagException"); - if (aeadBadTagClass != null) - { - aeadBadTagConstructor = findExceptionConstructor(aeadBadTagClass); - } - else - { - aeadBadTagConstructor = null; - } - } - - private static Constructor findExceptionConstructor(Class clazz) - { - try - { - return clazz.getConstructor(new Class[]{String.class}); - } - catch (Exception e) - { - return null; - } - } - - private AEADBlockCipher cipher; - - AEADGenericBlockCipher(AEADBlockCipher cipher) - { - this.cipher = cipher; - } - - public void init(boolean forEncryption, CipherParameters params) - throws IllegalArgumentException - { - cipher.init(forEncryption, params); - } - - public String getAlgorithmName() - { - return cipher.getUnderlyingCipher().getAlgorithmName(); - } - - public boolean wrapOnNoPadding() - { - return false; - } - - public org.bouncycastle.crypto.BlockCipher getUnderlyingCipher() - { - return cipher.getUnderlyingCipher(); - } - - public int getOutputSize(int len) - { - return cipher.getOutputSize(len); - } - - public int getUpdateOutputSize(int len) - { - return cipher.getUpdateOutputSize(len); - } - - public void updateAAD(byte[] input, int offset, int length) - { - cipher.processAADBytes(input, offset, length); - } - - public int processByte(byte in, byte[] out, int outOff) throws DataLengthException - { - return cipher.processByte(in, out, outOff); - } - - public int processBytes(byte[] in, int inOff, int len, byte[] out, int outOff) throws DataLengthException - { - return cipher.processBytes(in, inOff, len, out, outOff); - } - - public int doFinal(byte[] out, int outOff) throws IllegalStateException, BadPaddingException - { - try - { - return cipher.doFinal(out, outOff); - } - catch (InvalidCipherTextException e) - { - if (aeadBadTagConstructor != null) - { - BadPaddingException aeadBadTag = null; - try - { - aeadBadTag = (BadPaddingException)aeadBadTagConstructor - .newInstance(new Object[]{e.getMessage()}); - } - catch (Exception i) - { - // Shouldn't happen, but fall through to BadPaddingException - } - if (aeadBadTag != null) - { - throw aeadBadTag; - } - } - throw new BadPaddingException(e.getMessage()); - } - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseKeyGenerator.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseKeyGenerator.java deleted file mode 100644 index 12d2b851..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseKeyGenerator.java +++ /dev/null @@ -1,82 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric.util; - -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidParameterException; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.KeyGeneratorSpi; -import javax.crypto.SecretKey; -import javax.crypto.spec.SecretKeySpec; - -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.KeyGenerationParameters; - -public class BaseKeyGenerator - extends KeyGeneratorSpi -{ - protected String algName; - protected int keySize; - protected int defaultKeySize; - protected CipherKeyGenerator engine; - - protected boolean uninitialised = true; - - protected BaseKeyGenerator( - String algName, - int defaultKeySize, - CipherKeyGenerator engine) - { - this.algName = algName; - this.keySize = this.defaultKeySize = defaultKeySize; - this.engine = engine; - } - - protected void engineInit( - AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - throw new InvalidAlgorithmParameterException("Not Implemented"); - } - - protected void engineInit( - SecureRandom random) - { - if (random != null) - { - engine.init(new KeyGenerationParameters(random, defaultKeySize)); - uninitialised = false; - } - } - - protected void engineInit( - int keySize, - SecureRandom random) - { - try - { - if (random == null) - { - random = new SecureRandom(); - } - engine.init(new KeyGenerationParameters(random, keySize)); - uninitialised = false; - } - catch (IllegalArgumentException e) - { - throw new InvalidParameterException(e.getMessage()); - } - } - - protected SecretKey engineGenerateKey() - { - if (uninitialised) - { - engine.init(new KeyGenerationParameters(new SecureRandom(), defaultKeySize)); - uninitialised = false; - } - - return new SecretKeySpec(engine.generateKey(), algName); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java deleted file mode 100644 index 270d6486..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java +++ /dev/null @@ -1,144 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric.util; - -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.spec.AlgorithmParameterSpec; -import java.util.Hashtable; -import java.util.Iterator; -import java.util.Map; - -import javax.crypto.MacSpi; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.PBEParameterSpec; - -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.Mac; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; -import org.bouncycastle.crypto.params.SkeinParameters; -import org.bouncycastle.jcajce.spec.SkeinParameterSpec; - -public class BaseMac - extends MacSpi implements PBE -{ - private Mac macEngine; - - private int pbeType = PKCS12; - private int pbeHash = SHA1; - private int keySize = 160; - - protected BaseMac( - Mac macEngine) - { - this.macEngine = macEngine; - } - - protected BaseMac( - Mac macEngine, - int pbeType, - int pbeHash, - int keySize) - { - this.macEngine = macEngine; - this.pbeType = pbeType; - this.pbeHash = pbeHash; - this.keySize = keySize; - } - - protected void engineInit( - Key key, - AlgorithmParameterSpec params) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - CipherParameters param; - - if (key == null) - { - throw new InvalidKeyException("key is null"); - } - - if (key instanceof BCPBEKey) - { - BCPBEKey k = (BCPBEKey)key; - - if (k.getParam() != null) - { - param = k.getParam(); - } - else if (params instanceof PBEParameterSpec) - { - param = PBE.Util.makePBEMacParameters(k, params); - } - else - { - throw new InvalidAlgorithmParameterException("PBE requires PBE parameters to be set."); - } - } - else if (params instanceof IvParameterSpec) - { - param = new ParametersWithIV(new KeyParameter(key.getEncoded()), ((IvParameterSpec)params).getIV()); - } - else if (params instanceof SkeinParameterSpec) - { - param = new SkeinParameters.Builder(copyMap(((SkeinParameterSpec)params).getParameters())).setKey(key.getEncoded()).build(); - } - else if (params == null) - { - param = new KeyParameter(key.getEncoded()); - } - else - { - throw new InvalidAlgorithmParameterException("unknown parameter type."); - } - - macEngine.init(param); - } - - protected int engineGetMacLength() - { - return macEngine.getMacSize(); - } - - protected void engineReset() - { - macEngine.reset(); - } - - protected void engineUpdate( - byte input) - { - macEngine.update(input); - } - - protected void engineUpdate( - byte[] input, - int offset, - int len) - { - macEngine.update(input, offset, len); - } - - protected byte[] engineDoFinal() - { - byte[] out = new byte[engineGetMacLength()]; - - macEngine.doFinal(out, 0); - - return out; - } - - private static Hashtable copyMap(Map paramsMap) - { - Hashtable newTable = new Hashtable(); - - Iterator keys = paramsMap.keySet().iterator(); - while (keys.hasNext()) - { - Object key = keys.next(); - newTable.put(key, paramsMap.get(key)); - } - - return newTable; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseSecretKeyFactory.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseSecretKeyFactory.java deleted file mode 100644 index 31896cd2..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseSecretKeyFactory.java +++ /dev/null @@ -1,93 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric.util; - -import java.lang.reflect.Constructor; -import java.security.InvalidKeyException; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.KeySpec; - -import javax.crypto.SecretKey; -import javax.crypto.SecretKeyFactorySpi; -import javax.crypto.spec.SecretKeySpec; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; - -public class BaseSecretKeyFactory - extends SecretKeyFactorySpi - implements PBE -{ - protected String algName; - protected ASN1ObjectIdentifier algOid; - - protected BaseSecretKeyFactory( - String algName, - ASN1ObjectIdentifier algOid) - { - this.algName = algName; - this.algOid = algOid; - } - - protected SecretKey engineGenerateSecret( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof SecretKeySpec) - { - return (SecretKey)keySpec; - } - - throw new InvalidKeySpecException("Invalid KeySpec"); - } - - protected KeySpec engineGetKeySpec( - SecretKey key, - Class keySpec) - throws InvalidKeySpecException - { - if (keySpec == null) - { - throw new InvalidKeySpecException("keySpec parameter is null"); - } - if (key == null) - { - throw new InvalidKeySpecException("key parameter is null"); - } - - if (SecretKeySpec.class.isAssignableFrom(keySpec)) - { - return new SecretKeySpec(key.getEncoded(), algName); - } - - try - { - Class[] parameters = { byte[].class }; - - Constructor c = keySpec.getConstructor(parameters); - Object[] p = new Object[1]; - - p[0] = key.getEncoded(); - - return (KeySpec)c.newInstance(p); - } - catch (Exception e) - { - throw new InvalidKeySpecException(e.toString()); - } - } - - protected SecretKey engineTranslateKey( - SecretKey key) - throws InvalidKeyException - { - if (key == null) - { - throw new InvalidKeyException("key parameter is null"); - } - - if (!key.getAlgorithm().equalsIgnoreCase(algName)) - { - throw new InvalidKeyException("Key not of type " + algName + "."); - } - - return new SecretKeySpec(key.getEncoded(), algName); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java deleted file mode 100644 index f376aa2c..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java +++ /dev/null @@ -1,359 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric.util; - -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.InvalidParameterException; -import java.security.Key; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.Cipher; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.SecretKey; -import javax.crypto.ShortBufferException; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.PBEParameterSpec; -import javax.crypto.spec.RC2ParameterSpec; -import javax.crypto.spec.RC5ParameterSpec; - -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.StreamCipher; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; -import org.bouncycastle.jce.provider.BouncyCastleProvider; - -public class BaseStreamCipher - extends BaseWrapCipher - implements PBE -{ - // - // specs we can handle. - // - private Class[] availableSpecs = - { - RC2ParameterSpec.class, - RC5ParameterSpec.class, - IvParameterSpec.class, - PBEParameterSpec.class - }; - - private StreamCipher cipher; - private ParametersWithIV ivParam; - - private int ivLength = 0; - - private PBEParameterSpec pbeSpec = null; - private String pbeAlgorithm = null; - - protected BaseStreamCipher( - StreamCipher engine, - int ivLength) - { - cipher = engine; - this.ivLength = ivLength; - } - - protected int engineGetBlockSize() - { - return 0; - } - - protected byte[] engineGetIV() - { - return (ivParam != null) ? ivParam.getIV() : null; - } - - protected int engineGetKeySize( - Key key) - { - return key.getEncoded().length * 8; - } - - protected int engineGetOutputSize( - int inputLen) - { - return inputLen; - } - - protected AlgorithmParameters engineGetParameters() - { - if (engineParams == null) - { - if (pbeSpec != null) - { - try - { - AlgorithmParameters engineParams = AlgorithmParameters.getInstance(pbeAlgorithm, BouncyCastleProvider.PROVIDER_NAME); - engineParams.init(pbeSpec); - - return engineParams; - } - catch (Exception e) - { - return null; - } - } - } - - return engineParams; - } - - /** - * should never be called. - */ - protected void engineSetMode( - String mode) - { - if (!mode.equalsIgnoreCase("ECB")) - { - throw new IllegalArgumentException("can't support mode " + mode); - } - } - - /** - * should never be called. - */ - protected void engineSetPadding( - String padding) - throws NoSuchPaddingException - { - if (!padding.equalsIgnoreCase("NoPadding")) - { - throw new NoSuchPaddingException("Padding " + padding + " unknown."); - } - } - - protected void engineInit( - int opmode, - Key key, - AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - CipherParameters param; - - this.pbeSpec = null; - this.pbeAlgorithm = null; - - this.engineParams = null; - - // - // basic key check - // - if (!(key instanceof SecretKey)) - { - throw new InvalidKeyException("Key for algorithm " + key.getAlgorithm() + " not suitable for symmetric enryption."); - } - - if (key instanceof BCPBEKey) - { - BCPBEKey k = (BCPBEKey)key; - - if (k.getOID() != null) - { - pbeAlgorithm = k.getOID().getId(); - } - else - { - pbeAlgorithm = k.getAlgorithm(); - } - - if (k.getParam() != null) - { - param = k.getParam(); - pbeSpec = new PBEParameterSpec(k.getSalt(), k.getIterationCount()); - } - else if (params instanceof PBEParameterSpec) - { - param = PBE.Util.makePBEParameters(k, params, cipher.getAlgorithmName()); - pbeSpec = (PBEParameterSpec)params; - } - else - { - throw new InvalidAlgorithmParameterException("PBE requires PBE parameters to be set."); - } - - if (k.getIvSize() != 0) - { - ivParam = (ParametersWithIV)param; - } - } - else if (params == null) - { - param = new KeyParameter(key.getEncoded()); - } - else if (params instanceof IvParameterSpec) - { - param = new ParametersWithIV(new KeyParameter(key.getEncoded()), ((IvParameterSpec)params).getIV()); - ivParam = (ParametersWithIV)param; - } - else - { - throw new InvalidAlgorithmParameterException("unknown parameter type."); - } - - if ((ivLength != 0) && !(param instanceof ParametersWithIV)) - { - SecureRandom ivRandom = random; - - if (ivRandom == null) - { - ivRandom = new SecureRandom(); - } - - if ((opmode == Cipher.ENCRYPT_MODE) || (opmode == Cipher.WRAP_MODE)) - { - byte[] iv = new byte[ivLength]; - - ivRandom.nextBytes(iv); - param = new ParametersWithIV(param, iv); - ivParam = (ParametersWithIV)param; - } - else - { - throw new InvalidAlgorithmParameterException("no IV set when one expected"); - } - } - - try - { - switch (opmode) - { - case Cipher.ENCRYPT_MODE: - case Cipher.WRAP_MODE: - cipher.init(true, param); - break; - case Cipher.DECRYPT_MODE: - case Cipher.UNWRAP_MODE: - cipher.init(false, param); - break; - default: - throw new InvalidParameterException("unknown opmode " + opmode + " passed"); - } - } - catch (Exception e) - { - throw new InvalidKeyException(e.getMessage()); - } - } - - protected void engineInit( - int opmode, - Key key, - AlgorithmParameters params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - AlgorithmParameterSpec paramSpec = null; - - if (params != null) - { - for (int i = 0; i != availableSpecs.length; i++) - { - try - { - paramSpec = params.getParameterSpec(availableSpecs[i]); - break; - } - catch (Exception e) - { - continue; - } - } - - if (paramSpec == null) - { - throw new InvalidAlgorithmParameterException("can't handle parameter " + params.toString()); - } - } - - engineInit(opmode, key, paramSpec, random); - engineParams = params; - } - - protected void engineInit( - int opmode, - Key key, - SecureRandom random) - throws InvalidKeyException - { - try - { - engineInit(opmode, key, (AlgorithmParameterSpec)null, random); - } - catch (InvalidAlgorithmParameterException e) - { - throw new InvalidKeyException(e.getMessage()); - } - } - - protected byte[] engineUpdate( - byte[] input, - int inputOffset, - int inputLen) - { - byte[] out = new byte[inputLen]; - - cipher.processBytes(input, inputOffset, inputLen, out, 0); - - return out; - } - - protected int engineUpdate( - byte[] input, - int inputOffset, - int inputLen, - byte[] output, - int outputOffset) - throws ShortBufferException - { - try - { - cipher.processBytes(input, inputOffset, inputLen, output, outputOffset); - - return inputLen; - } - catch (DataLengthException e) - { - throw new ShortBufferException(e.getMessage()); - } - } - - protected byte[] engineDoFinal( - byte[] input, - int inputOffset, - int inputLen) - { - if (inputLen != 0) - { - byte[] out = engineUpdate(input, inputOffset, inputLen); - - cipher.reset(); - - return out; - } - - cipher.reset(); - - return new byte[0]; - } - - protected int engineDoFinal( - byte[] input, - int inputOffset, - int inputLen, - byte[] output, - int outputOffset) - { - if (inputLen != 0) - { - cipher.processBytes(input, inputOffset, inputLen, output, outputOffset); - } - - cipher.reset(); - - return inputLen; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java deleted file mode 100644 index 42ab6217..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java +++ /dev/null @@ -1,394 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric.util; - -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.KeyFactory; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.PKCS8EncodedKeySpec; -import java.security.spec.X509EncodedKeySpec; - -import javax.crypto.BadPaddingException; -import javax.crypto.Cipher; -import javax.crypto.CipherSpi; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.ShortBufferException; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.PBEParameterSpec; -import javax.crypto.spec.RC2ParameterSpec; -import javax.crypto.spec.RC5ParameterSpec; -import javax.crypto.spec.SecretKeySpec; - -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.InvalidCipherTextException; -import org.bouncycastle.crypto.Wrapper; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; -import org.bouncycastle.crypto.params.ParametersWithRandom; -import org.bouncycastle.jce.provider.BouncyCastleProvider; - -public abstract class BaseWrapCipher - extends CipherSpi - implements PBE -{ - // - // specs we can handle. - // - private Class[] availableSpecs = - { - IvParameterSpec.class, - PBEParameterSpec.class, - RC2ParameterSpec.class, - RC5ParameterSpec.class - }; - - protected int pbeType = PKCS12; - protected int pbeHash = SHA1; - protected int pbeKeySize; - protected int pbeIvSize; - - protected AlgorithmParameters engineParams = null; - - protected Wrapper wrapEngine = null; - - private int ivSize; - private byte[] iv; - - protected BaseWrapCipher() - { - } - - protected BaseWrapCipher( - Wrapper wrapEngine) - { - this(wrapEngine, 0); - } - - protected BaseWrapCipher( - Wrapper wrapEngine, - int ivSize) - { - this.wrapEngine = wrapEngine; - this.ivSize = ivSize; - } - - protected int engineGetBlockSize() - { - return 0; - } - - protected byte[] engineGetIV() - { - return (byte[])iv.clone(); - } - - protected int engineGetKeySize( - Key key) - { - return key.getEncoded().length; - } - - protected int engineGetOutputSize( - int inputLen) - { - return -1; - } - - protected AlgorithmParameters engineGetParameters() - { - return null; - } - - protected void engineSetMode( - String mode) - throws NoSuchAlgorithmException - { - throw new NoSuchAlgorithmException("can't support mode " + mode); - } - - protected void engineSetPadding( - String padding) - throws NoSuchPaddingException - { - throw new NoSuchPaddingException("Padding " + padding + " unknown."); - } - - protected void engineInit( - int opmode, - Key key, - AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - CipherParameters param; - - if (key instanceof BCPBEKey) - { - BCPBEKey k = (BCPBEKey)key; - - if (params instanceof PBEParameterSpec) - { - param = PBE.Util.makePBEParameters(k, params, wrapEngine.getAlgorithmName()); - } - else if (k.getParam() != null) - { - param = k.getParam(); - } - else - { - throw new InvalidAlgorithmParameterException("PBE requires PBE parameters to be set."); - } - } - else - { - param = new KeyParameter(key.getEncoded()); - } - - if (params instanceof IvParameterSpec) - { - IvParameterSpec iv = (IvParameterSpec) params; - param = new ParametersWithIV(param, iv.getIV()); - } - - if (param instanceof KeyParameter && ivSize != 0) - { - iv = new byte[ivSize]; - random.nextBytes(iv); - param = new ParametersWithIV(param, iv); - } - - if (random != null) - { - param = new ParametersWithRandom(param, random); - } - - switch (opmode) - { - case Cipher.WRAP_MODE: - wrapEngine.init(true, param); - break; - case Cipher.UNWRAP_MODE: - wrapEngine.init(false, param); - break; - case Cipher.ENCRYPT_MODE: - case Cipher.DECRYPT_MODE: - throw new IllegalArgumentException("engine only valid for wrapping"); - default: - System.out.println("eeek!"); - } - } - - protected void engineInit( - int opmode, - Key key, - AlgorithmParameters params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - AlgorithmParameterSpec paramSpec = null; - - if (params != null) - { - for (int i = 0; i != availableSpecs.length; i++) - { - try - { - paramSpec = params.getParameterSpec(availableSpecs[i]); - break; - } - catch (Exception e) - { - // try next spec - } - } - - if (paramSpec == null) - { - throw new InvalidAlgorithmParameterException("can't handle parameter " + params.toString()); - } - } - - engineParams = params; - engineInit(opmode, key, paramSpec, random); - } - - protected void engineInit( - int opmode, - Key key, - SecureRandom random) - throws InvalidKeyException - { - try - { - engineInit(opmode, key, (AlgorithmParameterSpec)null, random); - } - catch (InvalidAlgorithmParameterException e) - { - throw new IllegalArgumentException(e.getMessage()); - } - } - - protected byte[] engineUpdate( - byte[] input, - int inputOffset, - int inputLen) - { - throw new RuntimeException("not supported for wrapping"); - } - - protected int engineUpdate( - byte[] input, - int inputOffset, - int inputLen, - byte[] output, - int outputOffset) - throws ShortBufferException - { - throw new RuntimeException("not supported for wrapping"); - } - - protected byte[] engineDoFinal( - byte[] input, - int inputOffset, - int inputLen) - throws IllegalBlockSizeException, BadPaddingException - { - return null; - } - - protected int engineDoFinal( - byte[] input, - int inputOffset, - int inputLen, - byte[] output, - int outputOffset) - throws IllegalBlockSizeException, BadPaddingException, ShortBufferException - { - return 0; - } - - protected byte[] engineWrap( - Key key) - throws IllegalBlockSizeException, InvalidKeyException - { - byte[] encoded = key.getEncoded(); - if (encoded == null) - { - throw new InvalidKeyException("Cannot wrap key, null encoding."); - } - - try - { - if (wrapEngine == null) - { - return engineDoFinal(encoded, 0, encoded.length); - } - else - { - return wrapEngine.wrap(encoded, 0, encoded.length); - } - } - catch (BadPaddingException e) - { - throw new IllegalBlockSizeException(e.getMessage()); - } - } - - protected Key engineUnwrap( - byte[] wrappedKey, - String wrappedKeyAlgorithm, - int wrappedKeyType) - throws InvalidKeyException, NoSuchAlgorithmException - { - byte[] encoded; - try - { - if (wrapEngine == null) - { - encoded = engineDoFinal(wrappedKey, 0, wrappedKey.length); - } - else - { - encoded = wrapEngine.unwrap(wrappedKey, 0, wrappedKey.length); - } - } - catch (InvalidCipherTextException e) - { - throw new InvalidKeyException(e.getMessage()); - } - catch (BadPaddingException e) - { - throw new InvalidKeyException(e.getMessage()); - } - catch (IllegalBlockSizeException e2) - { - throw new InvalidKeyException(e2.getMessage()); - } - - if (wrappedKeyType == Cipher.SECRET_KEY) - { - return new SecretKeySpec(encoded, wrappedKeyAlgorithm); - } - else if (wrappedKeyAlgorithm.equals("") && wrappedKeyType == Cipher.PRIVATE_KEY) - { - /* - * The caller doesn't know the algorithm as it is part of - * the encrypted data. - */ - try - { - PrivateKeyInfo in = PrivateKeyInfo.getInstance(encoded); - - PrivateKey privKey = BouncyCastleProvider.getPrivateKey(in); - - if (privKey != null) - { - return privKey; - } - else - { - throw new InvalidKeyException("algorithm " + in.getPrivateKeyAlgorithm().getAlgorithm() + " not supported"); - } - } - catch (Exception e) - { - throw new InvalidKeyException("Invalid key encoding."); - } - } - else - { - try - { - KeyFactory kf = KeyFactory.getInstance(wrappedKeyAlgorithm, BouncyCastleProvider.PROVIDER_NAME); - - if (wrappedKeyType == Cipher.PUBLIC_KEY) - { - return kf.generatePublic(new X509EncodedKeySpec(encoded)); - } - else if (wrappedKeyType == Cipher.PRIVATE_KEY) - { - return kf.generatePrivate(new PKCS8EncodedKeySpec(encoded)); - } - } - catch (NoSuchProviderException e) - { - throw new InvalidKeyException("Unknown key type " + e.getMessage()); - } - catch (InvalidKeySpecException e2) - { - throw new InvalidKeyException("Unknown key type " + e2.getMessage()); - } - - throw new InvalidKeyException("Unknown key type " + wrappedKeyType); - } - } - -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BlockCipherProvider.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BlockCipherProvider.java deleted file mode 100644 index f5ab9ad0..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BlockCipherProvider.java +++ /dev/null @@ -1,8 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric.util; - -import org.bouncycastle.crypto.BlockCipher; - -public interface BlockCipherProvider -{ - BlockCipher get(); -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/IvAlgorithmParameters.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/IvAlgorithmParameters.java deleted file mode 100644 index b5a95526..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/IvAlgorithmParameters.java +++ /dev/null @@ -1,118 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric.util; - -import java.io.IOException; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.InvalidParameterSpecException; - -import javax.crypto.spec.IvParameterSpec; - -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.util.Arrays; - -public class IvAlgorithmParameters - extends BaseAlgorithmParameters -{ - private byte[] iv; - - protected byte[] engineGetEncoded() - throws IOException - { - return engineGetEncoded("ASN.1"); - } - - protected byte[] engineGetEncoded( - String format) - throws IOException - { - if (isASN1FormatString(format)) - { - return new DEROctetString(engineGetEncoded("RAW")).getEncoded(); - } - - if (format.equals("RAW")) - { - return Arrays.clone(iv); - } - - return null; - } - - protected AlgorithmParameterSpec localEngineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == IvParameterSpec.class) - { - return new IvParameterSpec(iv); - } - - throw new InvalidParameterSpecException("unknown parameter spec passed to IV parameters object."); - } - - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (!(paramSpec instanceof IvParameterSpec)) - { - throw new InvalidParameterSpecException("IvParameterSpec required to initialise a IV parameters algorithm parameters object"); - } - - this.iv = ((IvParameterSpec)paramSpec).getIV(); - } - - protected void engineInit( - byte[] params) - throws IOException - { - // - // check that we don't have a DER encoded octet string - // - if ((params.length % 8) != 0 - && params[0] == 0x04 && params[1] == params.length - 2) - { - ASN1OctetString oct = (ASN1OctetString)ASN1Primitive.fromByteArray(params); - - params = oct.getOctets(); - } - - this.iv = Arrays.clone(params); - } - - protected void engineInit( - byte[] params, - String format) - throws IOException - { - if (isASN1FormatString(format)) - { - try - { - ASN1OctetString oct = (ASN1OctetString)ASN1Primitive.fromByteArray(params); - - engineInit(oct.getOctets()); - } - catch (Exception e) - { - throw new IOException("Exception decoding: " + e); - } - - return; - } - - if (format.equals("RAW")) - { - engineInit(params); - return; - } - - throw new IOException("Unknown parameters format in IV parameters object"); - } - - protected String engineToString() - { - return "IV Parameters"; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java deleted file mode 100644 index fac3ead0..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java +++ /dev/null @@ -1,319 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric.util; - -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.spec.PBEKeySpec; -import javax.crypto.spec.PBEParameterSpec; - -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.PBEParametersGenerator; -import org.bouncycastle.crypto.digests.GOST3411Digest; -import org.bouncycastle.crypto.digests.MD2Digest; -import org.bouncycastle.crypto.digests.MD5Digest; -import org.bouncycastle.crypto.digests.RIPEMD160Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.digests.SHA256Digest; -import org.bouncycastle.crypto.digests.TigerDigest; -import org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator; -import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator; -import org.bouncycastle.crypto.generators.PKCS5S1ParametersGenerator; -import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator; -import org.bouncycastle.crypto.params.DESParameters; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; - -public interface PBE -{ - // - // PBE Based encryption constants - by default we do PKCS12 with SHA-1 - // - static final int MD5 = 0; - static final int SHA1 = 1; - static final int RIPEMD160 = 2; - static final int TIGER = 3; - static final int SHA256 = 4; - static final int MD2 = 5; - static final int GOST3411 = 6; - - static final int PKCS5S1 = 0; - static final int PKCS5S2 = 1; - static final int PKCS12 = 2; - static final int OPENSSL = 3; - static final int PKCS5S1_UTF8 = 4; - static final int PKCS5S2_UTF8 = 5; - - /** - * uses the appropriate mixer to generate the key and IV if necessary. - */ - static class Util - { - static private PBEParametersGenerator makePBEGenerator( - int type, - int hash) - { - PBEParametersGenerator generator; - - if (type == PKCS5S1 || type == PKCS5S1_UTF8) - { - switch (hash) - { - case MD2: - generator = new PKCS5S1ParametersGenerator(new MD2Digest()); - break; - case MD5: - generator = new PKCS5S1ParametersGenerator(new MD5Digest()); - break; - case SHA1: - generator = new PKCS5S1ParametersGenerator(new SHA1Digest()); - break; - default: - throw new IllegalStateException("PKCS5 scheme 1 only supports MD2, MD5 and SHA1."); - } - } - else if (type == PKCS5S2 || type == PKCS5S2_UTF8) - { - switch (hash) - { - case MD2: - generator = new PKCS5S2ParametersGenerator(new MD2Digest()); - break; - case MD5: - generator = new PKCS5S2ParametersGenerator(new MD5Digest()); - break; - case SHA1: - generator = new PKCS5S2ParametersGenerator(new SHA1Digest()); - break; - case RIPEMD160: - generator = new PKCS5S2ParametersGenerator(new RIPEMD160Digest()); - break; - case TIGER: - generator = new PKCS5S2ParametersGenerator(new TigerDigest()); - break; - case SHA256: - generator = new PKCS5S2ParametersGenerator(new SHA256Digest()); - break; - case GOST3411: - generator = new PKCS5S2ParametersGenerator(new GOST3411Digest()); - break; - default: - throw new IllegalStateException("unknown digest scheme for PBE PKCS5S2 encryption."); - } - } - else if (type == PKCS12) - { - switch (hash) - { - case MD2: - generator = new PKCS12ParametersGenerator(new MD2Digest()); - break; - case MD5: - generator = new PKCS12ParametersGenerator(new MD5Digest()); - break; - case SHA1: - generator = new PKCS12ParametersGenerator(new SHA1Digest()); - break; - case RIPEMD160: - generator = new PKCS12ParametersGenerator(new RIPEMD160Digest()); - break; - case TIGER: - generator = new PKCS12ParametersGenerator(new TigerDigest()); - break; - case SHA256: - generator = new PKCS12ParametersGenerator(new SHA256Digest()); - break; - case GOST3411: - generator = new PKCS12ParametersGenerator(new GOST3411Digest()); - break; - default: - throw new IllegalStateException("unknown digest scheme for PBE encryption."); - } - } - else - { - generator = new OpenSSLPBEParametersGenerator(); - } - - return generator; - } - - /** - * construct a key and iv (if necessary) suitable for use with a - * Cipher. - */ - public static CipherParameters makePBEParameters( - BCPBEKey pbeKey, - AlgorithmParameterSpec spec, - String targetAlgorithm) - { - if ((spec == null) || !(spec instanceof PBEParameterSpec)) - { - throw new IllegalArgumentException("Need a PBEParameter spec with a PBE key."); - } - - PBEParameterSpec pbeParam = (PBEParameterSpec)spec; - PBEParametersGenerator generator = makePBEGenerator(pbeKey.getType(), pbeKey.getDigest()); - byte[] key = pbeKey.getEncoded(); - CipherParameters param; - - if (pbeKey.shouldTryWrongPKCS12()) - { - key = new byte[2]; - } - - generator.init(key, pbeParam.getSalt(), pbeParam.getIterationCount()); - - if (pbeKey.getIvSize() != 0) - { - param = generator.generateDerivedParameters(pbeKey.getKeySize(), pbeKey.getIvSize()); - } - else - { - param = generator.generateDerivedParameters(pbeKey.getKeySize()); - } - - if (targetAlgorithm.startsWith("DES")) - { - if (param instanceof ParametersWithIV) - { - KeyParameter kParam = (KeyParameter)((ParametersWithIV)param).getParameters(); - - DESParameters.setOddParity(kParam.getKey()); - } - else - { - KeyParameter kParam = (KeyParameter)param; - - DESParameters.setOddParity(kParam.getKey()); - } - } - - for (int i = 0; i != key.length; i++) - { - key[i] = 0; - } - - return param; - } - - /** - * generate a PBE based key suitable for a MAC algorithm, the - * key size is chosen according the MAC size, or the hashing algorithm, - * whichever is greater. - */ - public static CipherParameters makePBEMacParameters( - BCPBEKey pbeKey, - AlgorithmParameterSpec spec) - { - if ((spec == null) || !(spec instanceof PBEParameterSpec)) - { - throw new IllegalArgumentException("Need a PBEParameter spec with a PBE key."); - } - - PBEParameterSpec pbeParam = (PBEParameterSpec)spec; - PBEParametersGenerator generator = makePBEGenerator(pbeKey.getType(), pbeKey.getDigest()); - byte[] key = pbeKey.getEncoded(); - CipherParameters param; - - if (pbeKey.shouldTryWrongPKCS12()) - { - key = new byte[2]; - } - - generator.init(key, pbeParam.getSalt(), pbeParam.getIterationCount()); - - param = generator.generateDerivedMacParameters(pbeKey.getKeySize()); - - for (int i = 0; i != key.length; i++) - { - key[i] = 0; - } - - return param; - } - - /** - * construct a key and iv (if necessary) suitable for use with a - * Cipher. - */ - public static CipherParameters makePBEParameters( - PBEKeySpec keySpec, - int type, - int hash, - int keySize, - int ivSize) - { - PBEParametersGenerator generator = makePBEGenerator(type, hash); - byte[] key; - CipherParameters param; - - key = convertPassword(type, keySpec); - - generator.init(key, keySpec.getSalt(), keySpec.getIterationCount()); - - if (ivSize != 0) - { - param = generator.generateDerivedParameters(keySize, ivSize); - } - else - { - param = generator.generateDerivedParameters(keySize); - } - - for (int i = 0; i != key.length; i++) - { - key[i] = 0; - } - - return param; - } - - - /** - * generate a PBE based key suitable for a MAC algorithm, the - * key size is chosen according the MAC size, or the hashing algorithm, - * whichever is greater. - */ - public static CipherParameters makePBEMacParameters( - PBEKeySpec keySpec, - int type, - int hash, - int keySize) - { - PBEParametersGenerator generator = makePBEGenerator(type, hash); - byte[] key; - CipherParameters param; - - key = convertPassword(type, keySpec); - - generator.init(key, keySpec.getSalt(), keySpec.getIterationCount()); - - param = generator.generateDerivedMacParameters(keySize); - - for (int i = 0; i != key.length; i++) - { - key[i] = 0; - } - - return param; - } - - private static byte[] convertPassword(int type, PBEKeySpec keySpec) - { - byte[] key; - - if (type == PKCS12) - { - key = PBEParametersGenerator.PKCS12PasswordToBytes(keySpec.getPassword()); - } - else if (type == PKCS5S2_UTF8 || type == PKCS5S1_UTF8) - { - key = PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(keySpec.getPassword()); - } - else - { - key = PBEParametersGenerator.PKCS5PasswordToBytes(keySpec.getPassword()); - } - return key; - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBESecretKeyFactory.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBESecretKeyFactory.java deleted file mode 100644 index 434f6bb8..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBESecretKeyFactory.java +++ /dev/null @@ -1,68 +0,0 @@ -package org.bouncycastle.jcajce.provider.symmetric.util; - -import java.security.spec.InvalidKeySpecException; -import java.security.spec.KeySpec; - -import javax.crypto.SecretKey; -import javax.crypto.spec.PBEKeySpec; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.crypto.CipherParameters; - -public class PBESecretKeyFactory - extends BaseSecretKeyFactory - implements PBE -{ - private boolean forCipher; - private int scheme; - private int digest; - private int keySize; - private int ivSize; - - public PBESecretKeyFactory( - String algorithm, - ASN1ObjectIdentifier oid, - boolean forCipher, - int scheme, - int digest, - int keySize, - int ivSize) - { - super(algorithm, oid); - - this.forCipher = forCipher; - this.scheme = scheme; - this.digest = digest; - this.keySize = keySize; - this.ivSize = ivSize; - } - - protected SecretKey engineGenerateSecret( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof PBEKeySpec) - { - PBEKeySpec pbeSpec = (PBEKeySpec)keySpec; - CipherParameters param; - - if (pbeSpec.getSalt() == null) - { - return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, null); - } - - if (forCipher) - { - param = PBE.Util.makePBEParameters(pbeSpec, scheme, digest, keySize, ivSize); - } - else - { - param = PBE.Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize); - } - - return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); - } - - throw new InvalidKeySpecException("Invalid KeySpec"); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/util/AlgorithmProvider.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/util/AlgorithmProvider.java deleted file mode 100644 index 50fe939c..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/util/AlgorithmProvider.java +++ /dev/null @@ -1,8 +0,0 @@ -package org.bouncycastle.jcajce.provider.util; - -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; - -public abstract class AlgorithmProvider -{ - public abstract void configure(ConfigurableProvider provider); -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/util/AsymmetricAlgorithmProvider.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/util/AsymmetricAlgorithmProvider.java deleted file mode 100644 index c4010844..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/util/AsymmetricAlgorithmProvider.java +++ /dev/null @@ -1,42 +0,0 @@ -package org.bouncycastle.jcajce.provider.util; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; - -public abstract class AsymmetricAlgorithmProvider - extends AlgorithmProvider -{ - protected void addSignatureAlgorithm( - ConfigurableProvider provider, - String digest, - String algorithm, - String className, - ASN1ObjectIdentifier oid) - { - String mainName = digest + "WITH" + algorithm; - String jdk11Variation1 = digest + "with" + algorithm; - String jdk11Variation2 = digest + "With" + algorithm; - String alias = digest + "/" + algorithm; - - provider.addAlgorithm("Signature." + mainName, className); - provider.addAlgorithm("Alg.Alias.Signature." + jdk11Variation1, mainName); - provider.addAlgorithm("Alg.Alias.Signature." + jdk11Variation2, mainName); - provider.addAlgorithm("Alg.Alias.Signature." + alias, mainName); - provider.addAlgorithm("Alg.Alias.Signature." + oid, mainName); - provider.addAlgorithm("Alg.Alias.Signature.OID." + oid, mainName); - } - - protected void registerOid(ConfigurableProvider provider, ASN1ObjectIdentifier oid, String name, AsymmetricKeyInfoConverter keyFactory) - { - provider.addAlgorithm("Alg.Alias.KeyFactory." + oid, name); - provider.addAlgorithm("Alg.Alias.KeyPairGenerator." + oid, name); - - provider.addKeyInfoConverter(oid, keyFactory); - } - - protected void registerOidAlgorithmParameters(ConfigurableProvider provider, ASN1ObjectIdentifier oid, String name) - { - provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + oid, name); - provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + oid, name); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/util/AsymmetricKeyInfoConverter.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/util/AsymmetricKeyInfoConverter.java deleted file mode 100644 index e2f4e4ae..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/util/AsymmetricKeyInfoConverter.java +++ /dev/null @@ -1,17 +0,0 @@ -package org.bouncycastle.jcajce.provider.util; - -import java.io.IOException; -import java.security.PrivateKey; -import java.security.PublicKey; - -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; - -public interface AsymmetricKeyInfoConverter -{ - PrivateKey generatePrivate(PrivateKeyInfo keyInfo) - throws IOException; - - PublicKey generatePublic(SubjectPublicKeyInfo keyInfo) - throws IOException; -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/util/DigestFactory.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/util/DigestFactory.java deleted file mode 100644 index f97e75f2..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/util/DigestFactory.java +++ /dev/null @@ -1,131 +0,0 @@ -package org.bouncycastle.jcajce.provider.util; - -import java.util.HashMap; -import java.util.HashSet; -import java.util.Map; -import java.util.Set; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.MD5Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.digests.SHA224Digest; -import org.bouncycastle.crypto.digests.SHA256Digest; -import org.bouncycastle.crypto.digests.SHA384Digest; -import org.bouncycastle.crypto.digests.SHA512Digest; -import org.bouncycastle.util.Strings; - -public class DigestFactory -{ - private static Set md5 = new HashSet(); - private static Set sha1 = new HashSet(); - private static Set sha224 = new HashSet(); - private static Set sha256 = new HashSet(); - private static Set sha384 = new HashSet(); - private static Set sha512 = new HashSet(); - - private static Map oids = new HashMap(); - - static - { - md5.add("MD5"); - md5.add(PKCSObjectIdentifiers.md5.getId()); - - sha1.add("SHA1"); - sha1.add("SHA-1"); - sha1.add(OIWObjectIdentifiers.idSHA1.getId()); - - sha224.add("SHA224"); - sha224.add("SHA-224"); - sha224.add(NISTObjectIdentifiers.id_sha224.getId()); - - sha256.add("SHA256"); - sha256.add("SHA-256"); - sha256.add(NISTObjectIdentifiers.id_sha256.getId()); - - sha384.add("SHA384"); - sha384.add("SHA-384"); - sha384.add(NISTObjectIdentifiers.id_sha384.getId()); - - sha512.add("SHA512"); - sha512.add("SHA-512"); - sha512.add(NISTObjectIdentifiers.id_sha512.getId()); - - oids.put("MD5", PKCSObjectIdentifiers.md5); - oids.put(PKCSObjectIdentifiers.md5.getId(), PKCSObjectIdentifiers.md5); - - oids.put("SHA1", OIWObjectIdentifiers.idSHA1); - oids.put("SHA-1", OIWObjectIdentifiers.idSHA1); - oids.put(OIWObjectIdentifiers.idSHA1.getId(), OIWObjectIdentifiers.idSHA1); - - oids.put("SHA224", NISTObjectIdentifiers.id_sha224); - oids.put("SHA-224", NISTObjectIdentifiers.id_sha224); - oids.put(NISTObjectIdentifiers.id_sha224.getId(), NISTObjectIdentifiers.id_sha224); - - oids.put("SHA256", NISTObjectIdentifiers.id_sha256); - oids.put("SHA-256", NISTObjectIdentifiers.id_sha256); - oids.put(NISTObjectIdentifiers.id_sha256.getId(), NISTObjectIdentifiers.id_sha256); - - oids.put("SHA384", NISTObjectIdentifiers.id_sha384); - oids.put("SHA-384", NISTObjectIdentifiers.id_sha384); - oids.put(NISTObjectIdentifiers.id_sha384.getId(), NISTObjectIdentifiers.id_sha384); - - oids.put("SHA512", NISTObjectIdentifiers.id_sha512); - oids.put("SHA-512", NISTObjectIdentifiers.id_sha512); - oids.put(NISTObjectIdentifiers.id_sha512.getId(), NISTObjectIdentifiers.id_sha512); - } - - public static Digest getDigest( - String digestName) - { - digestName = Strings.toUpperCase(digestName); - - if (sha1.contains(digestName)) - { - return new SHA1Digest(); - } - if (md5.contains(digestName)) - { - return new MD5Digest(); - } - if (sha224.contains(digestName)) - { - return new SHA224Digest(); - } - if (sha256.contains(digestName)) - { - return new SHA256Digest(); - } - if (sha384.contains(digestName)) - { - return new SHA384Digest(); - } - if (sha512.contains(digestName)) - { - return new SHA512Digest(); - } - - return null; - } - - public static boolean isSameDigest( - String digest1, - String digest2) - { - return (sha1.contains(digest1) && sha1.contains(digest2)) - || (sha224.contains(digest1) && sha224.contains(digest2)) - || (sha256.contains(digest1) && sha256.contains(digest2)) - || (sha384.contains(digest1) && sha384.contains(digest2)) - || (sha512.contains(digest1) && sha512.contains(digest2)) - || (md5.contains(digest1) && md5.contains(digest2)); - } - - public static ASN1ObjectIdentifier getOID( - String digestName) - { - return (ASN1ObjectIdentifier)oids.get(digestName); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/util/SecretKeyUtil.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/util/SecretKeyUtil.java deleted file mode 100644 index 56d6c5b3..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/util/SecretKeyUtil.java +++ /dev/null @@ -1,40 +0,0 @@ -package org.bouncycastle.jcajce.provider.util; - -import java.util.HashMap; -import java.util.Map; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.util.Integers; - -public class SecretKeyUtil -{ - private static Map keySizes = new HashMap(); - - static - { - keySizes.put(PKCSObjectIdentifiers.des_EDE3_CBC.getId(), Integers.valueOf(192)); - - keySizes.put(NISTObjectIdentifiers.id_aes128_CBC, Integers.valueOf(128)); - keySizes.put(NISTObjectIdentifiers.id_aes192_CBC, Integers.valueOf(192)); - keySizes.put(NISTObjectIdentifiers.id_aes256_CBC, Integers.valueOf(256)); - - keySizes.put(NTTObjectIdentifiers.id_camellia128_cbc, Integers.valueOf(128)); - keySizes.put(NTTObjectIdentifiers.id_camellia192_cbc, Integers.valueOf(192)); - keySizes.put(NTTObjectIdentifiers.id_camellia256_cbc, Integers.valueOf(256)); - } - - public static int getKeySize(ASN1ObjectIdentifier oid) - { - Integer size = (Integer)keySizes.get(oid); - - if (size != null) - { - return size.intValue(); - } - - return -1; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/spec/GOST28147ParameterSpec.java b/prov/src/main/java/org/bouncycastle/jcajce/spec/GOST28147ParameterSpec.java deleted file mode 100644 index be341c47..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/spec/GOST28147ParameterSpec.java +++ /dev/null @@ -1,108 +0,0 @@ -package org.bouncycastle.jcajce.spec; - -import java.security.spec.AlgorithmParameterSpec; -import java.util.HashMap; -import java.util.Map; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.crypto.engines.GOST28147Engine; -import org.bouncycastle.util.Arrays; - -/** - * A parameter spec for the GOST-28147 cipher. - */ -public class GOST28147ParameterSpec - implements AlgorithmParameterSpec -{ - private byte[] iv = null; - private byte[] sBox = null; - - public GOST28147ParameterSpec( - byte[] sBox) - { - this.sBox = new byte[sBox.length]; - - System.arraycopy(sBox, 0, this.sBox, 0, sBox.length); - } - - public GOST28147ParameterSpec( - byte[] sBox, - byte[] iv) - { - this(sBox); - this.iv = new byte[iv.length]; - - System.arraycopy(iv, 0, this.iv, 0, iv.length); - } - - public GOST28147ParameterSpec( - String sBoxName) - { - this.sBox = GOST28147Engine.getSBox(sBoxName); - } - - public GOST28147ParameterSpec( - String sBoxName, - byte[] iv) - { - this(sBoxName); - this.iv = new byte[iv.length]; - - System.arraycopy(iv, 0, this.iv, 0, iv.length); - } - - public GOST28147ParameterSpec( - ASN1ObjectIdentifier sBoxName, - byte[] iv) - { - this(getName(sBoxName)); - this.iv = Arrays.clone(iv); - } - - public byte[] getSbox() - { - return sBox; - } - - /** - * Returns the IV or null if this parameter set does not contain an IV. - * - * @return the IV or null if this parameter set does not contain an IV. - */ - public byte[] getIV() - { - if (iv == null) - { - return null; - } - - byte[] tmp = new byte[iv.length]; - - System.arraycopy(iv, 0, tmp, 0, tmp.length); - - return tmp; - } - - private static Map oidMappings = new HashMap(); - - static - { - oidMappings.put(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_A_ParamSet, "E-A"); - oidMappings.put(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_B_ParamSet, "E-B"); - oidMappings.put(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_C_ParamSet, "E-C"); - oidMappings.put(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_D_ParamSet, "E-D"); - } - - private static String getName(ASN1ObjectIdentifier sBoxOid) - { - String sBoxName = (String)oidMappings.get(sBoxOid); - - if (sBoxName == null) - { - throw new IllegalArgumentException("unknown OID: " + sBoxOid); - } - - return sBoxName; - } -}
\ No newline at end of file diff --git a/prov/src/main/java/org/bouncycastle/jcajce/spec/PBKDF2KeySpec.java b/prov/src/main/java/org/bouncycastle/jcajce/spec/PBKDF2KeySpec.java deleted file mode 100644 index 09a9bd0b..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/spec/PBKDF2KeySpec.java +++ /dev/null @@ -1,35 +0,0 @@ -package org.bouncycastle.jcajce.spec; - -import javax.crypto.spec.PBEKeySpec; - -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -/** - * Extension of PBEKeySpec which takes into account the PRF algorithm setting available in PKCS#5 PBKDF2. - */ -public class PBKDF2KeySpec - extends PBEKeySpec -{ - private AlgorithmIdentifier prf; - - /** - * Base constructor. - * - * @param password password to use as the seed of the PBE key generator. - * @param salt salt to use in the generator, - * @param iterationCount iteration count to use in the generator. - * @param keySize size of the key to be generated. - * @param prf identifier and parameters for the PRF algorithm to use. - */ - public PBKDF2KeySpec(char[] password, byte[] salt, int iterationCount, int keySize, AlgorithmIdentifier prf) - { - super(password, salt, iterationCount, keySize); - - this.prf = prf; - } - - public AlgorithmIdentifier getPrf() - { - return prf; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/spec/RepeatedSecretKeySpec.java b/prov/src/main/java/org/bouncycastle/jcajce/spec/RepeatedSecretKeySpec.java deleted file mode 100644 index 6af15db1..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/spec/RepeatedSecretKeySpec.java +++ /dev/null @@ -1,34 +0,0 @@ -package org.bouncycastle.jcajce.spec; - - -import javax.crypto.SecretKey; - -/** - * A simple object to indicate that a symmetric cipher should reuse the - * last key provided. - */ -public class RepeatedSecretKeySpec - implements SecretKey -{ - private String algorithm; - - public RepeatedSecretKeySpec(String algorithm) - { - this.algorithm = algorithm; - } - - public String getAlgorithm() - { - return algorithm; - } - - public String getFormat() - { - return null; - } - - public byte[] getEncoded() - { - return null; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/spec/SkeinParameterSpec.java b/prov/src/main/java/org/bouncycastle/jcajce/spec/SkeinParameterSpec.java deleted file mode 100644 index 084f0e88..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/spec/SkeinParameterSpec.java +++ /dev/null @@ -1,319 +0,0 @@ -package org.bouncycastle.jcajce.spec; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.OutputStreamWriter; -import java.security.spec.AlgorithmParameterSpec; -import java.text.DateFormat; -import java.text.SimpleDateFormat; -import java.util.Collections; -import java.util.Date; -import java.util.HashMap; -import java.util.Iterator; -import java.util.Locale; -import java.util.Map; - -import org.bouncycastle.util.Arrays; -import org.bouncycastle.util.Integers; - -/** - * Parameters for the Skein hash function - a series of byte[] strings identified by integer tags. - * <p/> - * Parameterised Skein can be used for: - * <ul> - * <li>MAC generation, by providing a {@link org.bouncycastle.jcajce.spec.SkeinParameterSpec.Builder#setKey(byte[]) key}.</li> - * <li>Randomised hashing, by providing a {@link org.bouncycastle.jcajce.spec.SkeinParameterSpec.Builder#setNonce(byte[]) nonce}.</li> - * <li>A hash function for digital signatures, associating a - * {@link org.bouncycastle.jcajce.spec.SkeinParameterSpec.Builder#setPublicKey(byte[]) public key} with the message digest.</li> - * <li>A key derivation function, by providing a - * {@link org.bouncycastle.jcajce.spec.SkeinParameterSpec.Builder#setKeyIdentifier(byte[]) key identifier}.</li> - * <li>Personalised hashing, by providing a - * {@link org.bouncycastle.jcajce.spec.SkeinParameterSpec.Builder#setPersonalisation(java.util.Date, String, String) recommended format} or - * {@link org.bouncycastle.jcajce.spec.SkeinParameterSpec.Builder#setPersonalisation(byte[]) arbitrary} personalisation string.</li> - * </ul> - * - * @see org.bouncycastle.crypto.digests.SkeinEngine - * @see org.bouncycastle.crypto.digests.SkeinDigest - * @see org.bouncycastle.crypto.macs.SkeinMac - */ -public class SkeinParameterSpec - implements AlgorithmParameterSpec -{ - /** - * The parameter type for a secret key, supporting MAC or KDF functions: {@value - * #PARAM_TYPE_KEY}. - */ - public static final int PARAM_TYPE_KEY = 0; - - /** - * The parameter type for the Skein configuration block: {@value #PARAM_TYPE_CONFIG}. - */ - public static final int PARAM_TYPE_CONFIG = 4; - - /** - * The parameter type for a personalisation string: {@value #PARAM_TYPE_PERSONALISATION}. - */ - public static final int PARAM_TYPE_PERSONALISATION = 8; - - /** - * The parameter type for a public key: {@value #PARAM_TYPE_PUBLIC_KEY}. - */ - public static final int PARAM_TYPE_PUBLIC_KEY = 12; - - /** - * The parameter type for a key identifier string: {@value #PARAM_TYPE_KEY_IDENTIFIER}. - */ - public static final int PARAM_TYPE_KEY_IDENTIFIER = 16; - - /** - * The parameter type for a nonce: {@value #PARAM_TYPE_NONCE}. - */ - public static final int PARAM_TYPE_NONCE = 20; - - /** - * The parameter type for the message: {@value #PARAM_TYPE_MESSAGE}. - */ - public static final int PARAM_TYPE_MESSAGE = 48; - - /** - * The parameter type for the output transformation: {@value #PARAM_TYPE_OUTPUT}. - */ - public static final int PARAM_TYPE_OUTPUT = 63; - - private Map parameters; - - public SkeinParameterSpec() - { - this(new HashMap()); - } - - private SkeinParameterSpec(Map parameters) - { - this.parameters = Collections.unmodifiableMap(parameters); - } - - /** - * Obtains a map of type (Integer) to value (byte[]) for the parameters tracked in this object. - */ - public Map getParameters() - { - return parameters; - } - - /** - * Obtains the value of the {@link #PARAM_TYPE_KEY key parameter}, or <code>null</code> if not - * set. - */ - public byte[] getKey() - { - return Arrays.clone((byte[])parameters.get(Integers.valueOf(PARAM_TYPE_KEY))); - } - - /** - * Obtains the value of the {@link #PARAM_TYPE_PERSONALISATION personalisation parameter}, or - * <code>null</code> if not set. - */ - public byte[] getPersonalisation() - { - return Arrays.clone((byte[])parameters.get(Integers.valueOf(PARAM_TYPE_PERSONALISATION))); - } - - /** - * Obtains the value of the {@link #PARAM_TYPE_PUBLIC_KEY public key parameter}, or - * <code>null</code> if not set. - */ - public byte[] getPublicKey() - { - return Arrays.clone((byte[])parameters.get(Integers.valueOf(PARAM_TYPE_PUBLIC_KEY))); - } - - /** - * Obtains the value of the {@link #PARAM_TYPE_KEY_IDENTIFIER key identifier parameter}, or - * <code>null</code> if not set. - */ - public byte[] getKeyIdentifier() - { - return Arrays.clone((byte[])parameters.get(Integers.valueOf(PARAM_TYPE_KEY_IDENTIFIER))); - } - - /** - * Obtains the value of the {@link #PARAM_TYPE_NONCE nonce parameter}, or <code>null</code> if - * not set. - */ - public byte[] getNonce() - { - return Arrays.clone((byte[])parameters.get(Integers.valueOf(PARAM_TYPE_NONCE))); - } - - /** - * A builder for {@link org.bouncycastle.jcajce.spec.SkeinParameterSpec}. - */ - public static class Builder - { - private Map parameters = new HashMap(); - - public Builder() - { - } - - public Builder(SkeinParameterSpec params) - { - Iterator keys = params.parameters.keySet().iterator(); - while (keys.hasNext()) - { - Integer key = (Integer)keys.next(); - parameters.put(key, params.parameters.get(key)); - } - } - - /** - * Sets a parameters to apply to the Skein hash function.<br> - * Parameter types must be in the range 0,5..62, and cannot use the value {@value - * org.bouncycastle.jcajce.spec.SkeinParameterSpec#PARAM_TYPE_MESSAGE} (reserved for message body). - * <p/> - * Parameters with type < {@value org.bouncycastle.jcajce.spec.SkeinParameterSpec#PARAM_TYPE_MESSAGE} are processed before - * the message content, parameters with type > {@value org.bouncycastle.jcajce.spec.SkeinParameterSpec#PARAM_TYPE_MESSAGE} - * are processed after the message and prior to output. - * - * @param type the type of the parameter, in the range 5..62. - * @param value the byte sequence of the parameter. - * @return - */ - public Builder set(int type, byte[] value) - { - if (value == null) - { - throw new IllegalArgumentException("Parameter value must not be null."); - } - if ((type != PARAM_TYPE_KEY) - && (type <= PARAM_TYPE_CONFIG || type >= PARAM_TYPE_OUTPUT || type == PARAM_TYPE_MESSAGE)) - { - throw new IllegalArgumentException("Parameter types must be in the range 0,5..47,49..62."); - } - if (type == PARAM_TYPE_CONFIG) - { - throw new IllegalArgumentException("Parameter type " + PARAM_TYPE_CONFIG - + " is reserved for internal use."); - } - this.parameters.put(Integers.valueOf(type), value); - return this; - } - - /** - * Sets the {@link org.bouncycastle.jcajce.spec.SkeinParameterSpec#PARAM_TYPE_KEY} parameter. - */ - public Builder setKey(byte[] key) - { - return set(PARAM_TYPE_KEY, key); - } - - /** - * Sets the {@link org.bouncycastle.jcajce.spec.SkeinParameterSpec#PARAM_TYPE_PERSONALISATION} parameter. - */ - public Builder setPersonalisation(byte[] personalisation) - { - return set(PARAM_TYPE_PERSONALISATION, personalisation); - } - - /** - * Implements the recommended personalisation format for Skein defined in Section 4.11 of - * the Skein 1.3 specification. - * <p/> - * The format is <code>YYYYMMDD email@address distinguisher</code>, encoded to a byte - * sequence using UTF-8 encoding. - * - * @param date the date the personalised application of the Skein was defined. - * @param emailAddress the email address of the creation of the personalised application. - * @param distinguisher an arbitrary personalisation string distinguishing the application. - * @return - */ - public Builder setPersonalisation(Date date, String emailAddress, String distinguisher) - { - try - { - final ByteArrayOutputStream bout = new ByteArrayOutputStream(); - final OutputStreamWriter out = new OutputStreamWriter(bout, "UTF-8"); - final DateFormat format = new SimpleDateFormat("YYYYMMDD"); - out.write(format.format(date)); - out.write(" "); - out.write(emailAddress); - out.write(" "); - out.write(distinguisher); - out.close(); - return set(PARAM_TYPE_PERSONALISATION, bout.toByteArray()); - } - catch (IOException e) - { - throw new IllegalStateException("Byte I/O failed: " + e); - } - } - - /** - * Implements the recommended personalisation format for Skein defined in Section 4.11 of - * the Skein 1.3 specification. You may need to use this method if the default locale - * doesn't use a Gregorian calender so that the GeneralizedTime produced is compatible implementations. - * <p> - * The format is <code>YYYYMMDD email@address distinguisher</code>, encoded to a byte - * sequence using UTF-8 encoding. - * - * @param date the date the personalised application of the Skein was defined. - * @param dateLocale locale to be used for date interpretation. - * @param emailAddress the email address of the creation of the personalised application. - * @param distinguisher an arbitrary personalisation string distinguishing the application. - * @return the current builder. - */ - public Builder setPersonalisation(Date date, Locale dateLocale, String emailAddress, String distinguisher) - { - try - { - final ByteArrayOutputStream bout = new ByteArrayOutputStream(); - final OutputStreamWriter out = new OutputStreamWriter(bout, "UTF-8"); - final DateFormat format = new SimpleDateFormat("YYYYMMDD", dateLocale); - out.write(format.format(date)); - out.write(" "); - out.write(emailAddress); - out.write(" "); - out.write(distinguisher); - out.close(); - return set(PARAM_TYPE_PERSONALISATION, bout.toByteArray()); - } - catch (IOException e) - { - throw new IllegalStateException("Byte I/O failed: " + e); - } - } - - /** - * Sets the {@link org.bouncycastle.jcajce.spec.SkeinParameterSpec#PARAM_TYPE_KEY_IDENTIFIER} parameter. - */ - public Builder setPublicKey(byte[] publicKey) - { - return set(PARAM_TYPE_PUBLIC_KEY, publicKey); - } - - /** - * Sets the {@link org.bouncycastle.jcajce.spec.SkeinParameterSpec#PARAM_TYPE_KEY_IDENTIFIER} parameter. - */ - public Builder setKeyIdentifier(byte[] keyIdentifier) - { - return set(PARAM_TYPE_KEY_IDENTIFIER, keyIdentifier); - } - - /** - * Sets the {@link org.bouncycastle.jcajce.spec.SkeinParameterSpec#PARAM_TYPE_NONCE} parameter. - */ - public Builder setNonce(byte[] nonce) - { - return set(PARAM_TYPE_NONCE, nonce); - } - - /** - * Constructs a new {@link org.bouncycastle.jcajce.spec.SkeinParameterSpec} instance with the parameters provided to this - * builder. - */ - public SkeinParameterSpec build() - { - return new SkeinParameterSpec(parameters); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/util/DefaultJcaJceHelper.java b/prov/src/main/java/org/bouncycastle/jcajce/util/DefaultJcaJceHelper.java deleted file mode 100644 index 43a97f30..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/util/DefaultJcaJceHelper.java +++ /dev/null @@ -1,99 +0,0 @@ -package org.bouncycastle.jcajce.util; - -import java.security.AlgorithmParameterGenerator; -import java.security.AlgorithmParameters; -import java.security.KeyFactory; -import java.security.KeyPairGenerator; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.security.Signature; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; - -import javax.crypto.Cipher; -import javax.crypto.KeyAgreement; -import javax.crypto.KeyGenerator; -import javax.crypto.Mac; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.SecretKeyFactory; - -/** - * {@link JcaJceHelper} that obtains all algorithms using the default JCA/JCE mechanism (i.e. - * without specifying a provider). - */ -public class DefaultJcaJceHelper - implements JcaJceHelper -{ - public Cipher createCipher( - String algorithm) - throws NoSuchAlgorithmException, NoSuchPaddingException - { - return Cipher.getInstance(algorithm); - } - - public Mac createMac(String algorithm) - throws NoSuchAlgorithmException - { - return Mac.getInstance(algorithm); - } - - public KeyAgreement createKeyAgreement(String algorithm) - throws NoSuchAlgorithmException - { - return KeyAgreement.getInstance(algorithm); - } - - public AlgorithmParameterGenerator createAlgorithmParameterGenerator(String algorithm) - throws NoSuchAlgorithmException - { - return AlgorithmParameterGenerator.getInstance(algorithm); - } - - public AlgorithmParameters createAlgorithmParameters(String algorithm) - throws NoSuchAlgorithmException - { - return AlgorithmParameters.getInstance(algorithm); - } - - public KeyGenerator createKeyGenerator(String algorithm) - throws NoSuchAlgorithmException - { - return KeyGenerator.getInstance(algorithm); - } - - public KeyFactory createKeyFactory(String algorithm) - throws NoSuchAlgorithmException - { - return KeyFactory.getInstance(algorithm); - } - - public SecretKeyFactory createSecretKeyFactory(String algorithm) - throws NoSuchAlgorithmException - { - return SecretKeyFactory.getInstance(algorithm); - } - - public KeyPairGenerator createKeyPairGenerator(String algorithm) - throws NoSuchAlgorithmException - { - return KeyPairGenerator.getInstance(algorithm); - } - - public MessageDigest createDigest(String algorithm) - throws NoSuchAlgorithmException - { - return MessageDigest.getInstance(algorithm); - } - - public Signature createSignature(String algorithm) - throws NoSuchAlgorithmException - { - return Signature.getInstance(algorithm); - } - - public CertificateFactory createCertificateFactory(String algorithm) - throws NoSuchAlgorithmException, CertificateException - { - return CertificateFactory.getInstance(algorithm); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/util/JcaJceHelper.java b/prov/src/main/java/org/bouncycastle/jcajce/util/JcaJceHelper.java deleted file mode 100644 index f5da3354..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/util/JcaJceHelper.java +++ /dev/null @@ -1,62 +0,0 @@ -package org.bouncycastle.jcajce.util; - -import java.security.AlgorithmParameterGenerator; -import java.security.AlgorithmParameters; -import java.security.KeyFactory; -import java.security.KeyPairGenerator; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.Signature; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; - -import javax.crypto.Cipher; -import javax.crypto.KeyAgreement; -import javax.crypto.KeyGenerator; -import javax.crypto.Mac; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.SecretKeyFactory; - -/** - * Factory interface for instantiating JCA/JCE primitives. - */ -public interface JcaJceHelper -{ - Cipher createCipher( - String algorithm) - throws NoSuchAlgorithmException, NoSuchPaddingException, NoSuchProviderException; - - Mac createMac(String algorithm) - throws NoSuchAlgorithmException, NoSuchProviderException; - - KeyAgreement createKeyAgreement(String algorithm) - throws NoSuchAlgorithmException, NoSuchProviderException; - - AlgorithmParameterGenerator createAlgorithmParameterGenerator(String algorithm) - throws NoSuchAlgorithmException, NoSuchProviderException; - - AlgorithmParameters createAlgorithmParameters(String algorithm) - throws NoSuchAlgorithmException, NoSuchProviderException; - - KeyGenerator createKeyGenerator(String algorithm) - throws NoSuchAlgorithmException, NoSuchProviderException; - - KeyFactory createKeyFactory(String algorithm) - throws NoSuchAlgorithmException, NoSuchProviderException; - - SecretKeyFactory createSecretKeyFactory(String algorithm) - throws NoSuchAlgorithmException, NoSuchProviderException; - - KeyPairGenerator createKeyPairGenerator(String algorithm) - throws NoSuchAlgorithmException, NoSuchProviderException; - - MessageDigest createDigest(String algorithm) - throws NoSuchAlgorithmException, NoSuchProviderException; - - Signature createSignature(String algorithm) - throws NoSuchAlgorithmException, NoSuchProviderException; - - CertificateFactory createCertificateFactory(String algorithm) - throws NoSuchAlgorithmException, NoSuchProviderException, CertificateException; -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/util/JcaJceUtils.java b/prov/src/main/java/org/bouncycastle/jcajce/util/JcaJceUtils.java deleted file mode 100644 index 9f62ced8..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/util/JcaJceUtils.java +++ /dev/null @@ -1,124 +0,0 @@ -package org.bouncycastle.jcajce.util; - -import java.io.IOException; -import java.security.AlgorithmParameters; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; - -/** - * General JCA/JCE utility methods. - */ -public class JcaJceUtils -{ - private JcaJceUtils() - { - - } - - /** - * Extract an ASN.1 encodable from an AlgorithmParameters object. - * - * @param params the object to get the encoding used to create the return value. - * @return an ASN.1 object representing the primitives making up the params parameter. - * @throws IOException if an encoding cannot be extracted. - */ - public static ASN1Encodable extractParameters(AlgorithmParameters params) - throws IOException - { - // we try ASN.1 explicitly first just in case and then role back to the default. - ASN1Encodable asn1Params; - try - { - asn1Params = ASN1Primitive.fromByteArray(params.getEncoded("ASN.1")); - } - catch (Exception ex) - { - asn1Params = ASN1Primitive.fromByteArray(params.getEncoded()); - } - - return asn1Params; - } - - /** - * Load an AlgorithmParameters object with the passed in ASN.1 encodable - if possible. - * - * @param params the AlgorithmParameters object to be initialised. - * @param sParams the ASN.1 encodable to initialise params with. - * @throws IOException if the parameters cannot be initialised. - */ - public static void loadParameters(AlgorithmParameters params, ASN1Encodable sParams) - throws IOException - { - // we try ASN.1 explicitly first just in case and then role back to the default. - try - { - params.init(sParams.toASN1Primitive().getEncoded(), "ASN.1"); - } - catch (Exception ex) - { - params.init(sParams.toASN1Primitive().getEncoded()); - } - } - - /** - * Attempt to find a standard JCA name for the digest represented by the past in OID. - * - * @param digestAlgOID the OID of the digest algorithm of interest. - * @return a string representing the standard name - the OID as a string if none available. - */ - public static String getDigestAlgName( - ASN1ObjectIdentifier digestAlgOID) - { - if (PKCSObjectIdentifiers.md5.equals(digestAlgOID)) - { - return "MD5"; - } - else if (OIWObjectIdentifiers.idSHA1.equals(digestAlgOID)) - { - return "SHA1"; - } - else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID)) - { - return "SHA224"; - } - else if (NISTObjectIdentifiers.id_sha256.equals(digestAlgOID)) - { - return "SHA256"; - } - else if (NISTObjectIdentifiers.id_sha384.equals(digestAlgOID)) - { - return "SHA384"; - } - else if (NISTObjectIdentifiers.id_sha512.equals(digestAlgOID)) - { - return "SHA512"; - } - else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID)) - { - return "RIPEMD128"; - } - else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID)) - { - return "RIPEMD160"; - } - else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID)) - { - return "RIPEMD256"; - } - else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID)) - { - return "GOST3411"; - } - else - { - return digestAlgOID.getId(); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/util/NamedJcaJceHelper.java b/prov/src/main/java/org/bouncycastle/jcajce/util/NamedJcaJceHelper.java deleted file mode 100644 index ebbfacc1..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/util/NamedJcaJceHelper.java +++ /dev/null @@ -1,106 +0,0 @@ -package org.bouncycastle.jcajce.util; - -import java.security.AlgorithmParameterGenerator; -import java.security.AlgorithmParameters; -import java.security.KeyFactory; -import java.security.KeyPairGenerator; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.Signature; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; - -import javax.crypto.Cipher; -import javax.crypto.KeyAgreement; -import javax.crypto.KeyGenerator; -import javax.crypto.Mac; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.SecretKeyFactory; - -/** - * {@link JcaJceHelper} that obtains all algorithms using a specific named provider. - */ -public class NamedJcaJceHelper - implements JcaJceHelper -{ - protected final String providerName; - - public NamedJcaJceHelper(String providerName) - { - this.providerName = providerName; - } - - public Cipher createCipher( - String algorithm) - throws NoSuchAlgorithmException, NoSuchPaddingException, NoSuchProviderException - { - return Cipher.getInstance(algorithm, providerName); - } - - public Mac createMac(String algorithm) - throws NoSuchAlgorithmException, NoSuchProviderException - { - return Mac.getInstance(algorithm, providerName); - } - - public KeyAgreement createKeyAgreement(String algorithm) - throws NoSuchAlgorithmException, NoSuchProviderException - { - return KeyAgreement.getInstance(algorithm, providerName); - } - - public AlgorithmParameterGenerator createAlgorithmParameterGenerator(String algorithm) - throws NoSuchAlgorithmException, NoSuchProviderException - { - return AlgorithmParameterGenerator.getInstance(algorithm, providerName); - } - - public AlgorithmParameters createAlgorithmParameters(String algorithm) - throws NoSuchAlgorithmException, NoSuchProviderException - { - return AlgorithmParameters.getInstance(algorithm, providerName); - } - - public KeyGenerator createKeyGenerator(String algorithm) - throws NoSuchAlgorithmException, NoSuchProviderException - { - return KeyGenerator.getInstance(algorithm, providerName); - } - - public KeyFactory createKeyFactory(String algorithm) - throws NoSuchAlgorithmException, NoSuchProviderException - { - return KeyFactory.getInstance(algorithm, providerName); - } - - public SecretKeyFactory createSecretKeyFactory(String algorithm) - throws NoSuchAlgorithmException, NoSuchProviderException - { - return SecretKeyFactory.getInstance(algorithm, providerName); - } - - public KeyPairGenerator createKeyPairGenerator(String algorithm) - throws NoSuchAlgorithmException, NoSuchProviderException - { - return KeyPairGenerator.getInstance(algorithm, providerName); - } - - public MessageDigest createDigest(String algorithm) - throws NoSuchAlgorithmException, NoSuchProviderException - { - return MessageDigest.getInstance(algorithm, providerName); - } - - public Signature createSignature(String algorithm) - throws NoSuchAlgorithmException, NoSuchProviderException - { - return Signature.getInstance(algorithm, providerName); - } - - public CertificateFactory createCertificateFactory(String algorithm) - throws NoSuchAlgorithmException, CertificateException, NoSuchProviderException - { - return CertificateFactory.getInstance(algorithm, providerName); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jcajce/util/ProviderJcaJceHelper.java b/prov/src/main/java/org/bouncycastle/jcajce/util/ProviderJcaJceHelper.java deleted file mode 100644 index fad10481..00000000 --- a/prov/src/main/java/org/bouncycastle/jcajce/util/ProviderJcaJceHelper.java +++ /dev/null @@ -1,106 +0,0 @@ -package org.bouncycastle.jcajce.util; - -import java.security.AlgorithmParameterGenerator; -import java.security.AlgorithmParameters; -import java.security.KeyFactory; -import java.security.KeyPairGenerator; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.security.Provider; -import java.security.Signature; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; - -import javax.crypto.Cipher; -import javax.crypto.KeyAgreement; -import javax.crypto.KeyGenerator; -import javax.crypto.Mac; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.SecretKeyFactory; - -/** - * {@link JcaJceHelper} that obtains all algorithms from a specific {@link Provider} instance. - */ -public class ProviderJcaJceHelper - implements JcaJceHelper -{ - protected final Provider provider; - - public ProviderJcaJceHelper(Provider provider) - { - this.provider = provider; - } - - public Cipher createCipher( - String algorithm) - throws NoSuchAlgorithmException, NoSuchPaddingException - { - return Cipher.getInstance(algorithm, provider); - } - - public Mac createMac(String algorithm) - throws NoSuchAlgorithmException - { - return Mac.getInstance(algorithm, provider); - } - - public KeyAgreement createKeyAgreement(String algorithm) - throws NoSuchAlgorithmException - { - return KeyAgreement.getInstance(algorithm, provider); - } - - public AlgorithmParameterGenerator createAlgorithmParameterGenerator(String algorithm) - throws NoSuchAlgorithmException - { - return AlgorithmParameterGenerator.getInstance(algorithm, provider); - } - - public AlgorithmParameters createAlgorithmParameters(String algorithm) - throws NoSuchAlgorithmException - { - return AlgorithmParameters.getInstance(algorithm, provider); - } - - public KeyGenerator createKeyGenerator(String algorithm) - throws NoSuchAlgorithmException - { - return KeyGenerator.getInstance(algorithm, provider); - } - - public KeyFactory createKeyFactory(String algorithm) - throws NoSuchAlgorithmException - { - return KeyFactory.getInstance(algorithm, provider); - } - - public SecretKeyFactory createSecretKeyFactory(String algorithm) - throws NoSuchAlgorithmException - { - return SecretKeyFactory.getInstance(algorithm, provider); - } - - public KeyPairGenerator createKeyPairGenerator(String algorithm) - throws NoSuchAlgorithmException - { - return KeyPairGenerator.getInstance(algorithm, provider); - } - - public MessageDigest createDigest(String algorithm) - throws NoSuchAlgorithmException - { - return MessageDigest.getInstance(algorithm, provider); - } - - public Signature createSignature(String algorithm) - throws NoSuchAlgorithmException - { - return Signature.getInstance(algorithm, provider); - } - - public CertificateFactory createCertificateFactory(String algorithm) - throws NoSuchAlgorithmException, CertificateException - { - return CertificateFactory.getInstance(algorithm, provider); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/ECGOST3410NamedCurveTable.java b/prov/src/main/java/org/bouncycastle/jce/ECGOST3410NamedCurveTable.java deleted file mode 100644 index 7843e0a5..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/ECGOST3410NamedCurveTable.java +++ /dev/null @@ -1,61 +0,0 @@ -package org.bouncycastle.jce; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; -import org.bouncycastle.crypto.params.ECDomainParameters; -import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec; - -/** - * a table of locally supported named curves. - */ -public class ECGOST3410NamedCurveTable -{ - /** - * return a parameter spec representing the passed in named - * curve. The routine returns null if the curve is not present. - * - * @param name the name of the curve requested - * @return a parameter spec for the curve, null if it is not available. - */ - public static ECNamedCurveParameterSpec getParameterSpec( - String name) - { - ECDomainParameters ecP = ECGOST3410NamedCurves.getByName(name); - if (ecP == null) - { - try - { - ecP = ECGOST3410NamedCurves.getByOID(new ASN1ObjectIdentifier(name)); - } - catch (IllegalArgumentException e) - { - return null; // not an oid. - } - } - - if (ecP == null) - { - return null; - } - - return new ECNamedCurveParameterSpec( - name, - ecP.getCurve(), - ecP.getG(), - ecP.getN(), - ecP.getH(), - ecP.getSeed()); - } - - /** - * return an enumeration of the names of the available curves. - * - * @return an enumeration of the names of the available curves. - */ - public static Enumeration getNames() - { - return ECGOST3410NamedCurves.getNames(); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/ECKeyUtil.java b/prov/src/main/java/org/bouncycastle/jce/ECKeyUtil.java deleted file mode 100644 index c4c72cf4..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/ECKeyUtil.java +++ /dev/null @@ -1,229 +0,0 @@ -package org.bouncycastle.jce; - -import java.io.UnsupportedEncodingException; -import java.security.KeyFactory; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.Provider; -import java.security.PublicKey; -import java.security.Security; -import java.security.spec.PKCS8EncodedKeySpec; -import java.security.spec.X509EncodedKeySpec; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x9.X962Parameters; -import org.bouncycastle.asn1.x9.X9ECParameters; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; -import org.bouncycastle.jce.provider.BouncyCastleProvider; - -/** - * Utility class to allow conversion of EC key parameters to explicit from named - * curves and back (where possible). - */ -public class ECKeyUtil -{ - /** - * Convert a passed in public EC key to have explicit parameters. If the key - * is already using explicit parameters it is returned. - * - * @param key key to be converted - * @param providerName provider name to be used. - * @return the equivalent key with explicit curve parameters - * @throws IllegalArgumentException - * @throws NoSuchAlgorithmException - * @throws NoSuchProviderException - */ - public static PublicKey publicToExplicitParameters(PublicKey key, String providerName) - throws IllegalArgumentException, NoSuchAlgorithmException, NoSuchProviderException - { - Provider provider = Security.getProvider(providerName); - - if (provider == null) - { - throw new NoSuchProviderException("cannot find provider: " + providerName); - } - - return publicToExplicitParameters(key, provider); - } - - /** - * Convert a passed in public EC key to have explicit parameters. If the key - * is already using explicit parameters it is returned. - * - * @param key key to be converted - * @param provider provider to be used. - * @return the equivalent key with explicit curve parameters - * @throws IllegalArgumentException - * @throws NoSuchAlgorithmException - */ - public static PublicKey publicToExplicitParameters(PublicKey key, Provider provider) - throws IllegalArgumentException, NoSuchAlgorithmException - { - try - { - SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(ASN1Primitive.fromByteArray(key.getEncoded())); - - if (info.getAlgorithmId().getObjectId().equals(CryptoProObjectIdentifiers.gostR3410_2001)) - { - throw new IllegalArgumentException("cannot convert GOST key to explicit parameters."); - } - else - { - X962Parameters params = X962Parameters.getInstance(info.getAlgorithmId().getParameters()); - X9ECParameters curveParams; - - if (params.isNamedCurve()) - { - ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(params.getParameters()); - - curveParams = ECUtil.getNamedCurveByOid(oid); - // ignore seed value due to JDK bug - curveParams = new X9ECParameters(curveParams.getCurve(), curveParams.getG(), curveParams.getN(), curveParams.getH()); - } - else if (params.isImplicitlyCA()) - { - curveParams = new X9ECParameters(BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa().getCurve(), BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa().getG(), BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa().getN(), BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa().getH()); - } - else - { - return key; // already explicit - } - - params = new X962Parameters(curveParams); - - info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params), info.getPublicKeyData().getBytes()); - - KeyFactory keyFact = KeyFactory.getInstance(key.getAlgorithm(), provider); - - return keyFact.generatePublic(new X509EncodedKeySpec(info.getEncoded())); - } - } - catch (IllegalArgumentException e) - { - throw e; - } - catch (NoSuchAlgorithmException e) - { - throw e; - } - catch (Exception e) - { // shouldn't really happen... - throw new UnexpectedException(e); - } - } - - /** - * Convert a passed in private EC key to have explicit parameters. If the key - * is already using explicit parameters it is returned. - * - * @param key key to be converted - * @param providerName provider name to be used. - * @return the equivalent key with explicit curve parameters - * @throws IllegalArgumentException - * @throws NoSuchAlgorithmException - * @throws NoSuchProviderException - */ - public static PrivateKey privateToExplicitParameters(PrivateKey key, String providerName) - throws IllegalArgumentException, NoSuchAlgorithmException, NoSuchProviderException - { - Provider provider = Security.getProvider(providerName); - - if (provider == null) - { - throw new NoSuchProviderException("cannot find provider: " + providerName); - } - - return privateToExplicitParameters(key, provider); - } - - /** - * Convert a passed in private EC key to have explicit parameters. If the key - * is already using explicit parameters it is returned. - * - * @param key key to be converted - * @param provider provider to be used. - * @return the equivalent key with explicit curve parameters - * @throws IllegalArgumentException - * @throws NoSuchAlgorithmException - */ - public static PrivateKey privateToExplicitParameters(PrivateKey key, Provider provider) - throws IllegalArgumentException, NoSuchAlgorithmException - { - try - { - PrivateKeyInfo info = PrivateKeyInfo.getInstance(ASN1Primitive.fromByteArray(key.getEncoded())); - - if (info.getAlgorithmId().getObjectId().equals(CryptoProObjectIdentifiers.gostR3410_2001)) - { - throw new UnsupportedEncodingException("cannot convert GOST key to explicit parameters."); - } - else - { - X962Parameters params = X962Parameters.getInstance(info.getAlgorithmId().getParameters()); - X9ECParameters curveParams; - - if (params.isNamedCurve()) - { - ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(params.getParameters()); - - curveParams = ECUtil.getNamedCurveByOid(oid); - // ignore seed value due to JDK bug - curveParams = new X9ECParameters(curveParams.getCurve(), curveParams.getG(), curveParams.getN(), curveParams.getH()); - } - else if (params.isImplicitlyCA()) - { - curveParams = new X9ECParameters(BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa().getCurve(), BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa().getG(), BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa().getN(), BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa().getH()); - } - else - { - return key; // already explicit - } - - params = new X962Parameters(curveParams); - - info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params), info.parsePrivateKey()); - - KeyFactory keyFact = KeyFactory.getInstance(key.getAlgorithm(), provider); - - return keyFact.generatePrivate(new PKCS8EncodedKeySpec(info.getEncoded())); - } - } - catch (IllegalArgumentException e) - { - throw e; - } - catch (NoSuchAlgorithmException e) - { - throw e; - } - catch (Exception e) - { // shouldn't really happen - throw new UnexpectedException(e); - } - } - - private static class UnexpectedException - extends RuntimeException - { - private Throwable cause; - - UnexpectedException(Throwable cause) - { - super(cause.toString()); - - this.cause = cause; - } - - public Throwable getCause() - { - return cause; - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/ECNamedCurveTable.java b/prov/src/main/java/org/bouncycastle/jce/ECNamedCurveTable.java deleted file mode 100644 index 5ad207ac..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/ECNamedCurveTable.java +++ /dev/null @@ -1,76 +0,0 @@ -package org.bouncycastle.jce; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.x9.X9ECParameters; -import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec; - -/** - * a table of locally supported named curves. - */ -public class ECNamedCurveTable -{ - /** - * return a parameter spec representing the passed in named - * curve. The routine returns null if the curve is not present. - * - * @param name the name of the curve requested - * @return a parameter spec for the curve, null if it is not available. - */ - public static ECNamedCurveParameterSpec getParameterSpec( - String name) - { - X9ECParameters ecP = org.bouncycastle.crypto.ec.CustomNamedCurves.getByName(name); - if (ecP == null) - { - try - { - ecP = org.bouncycastle.crypto.ec.CustomNamedCurves.getByOID(new ASN1ObjectIdentifier(name)); - } - catch (IllegalArgumentException e) - { - // ignore - not an oid - } - - if (ecP == null) - { - ecP = org.bouncycastle.asn1.x9.ECNamedCurveTable.getByName(name); - if (ecP == null) - { - try - { - ecP = org.bouncycastle.asn1.x9.ECNamedCurveTable.getByOID(new ASN1ObjectIdentifier(name)); - } - catch (IllegalArgumentException e) - { - // ignore - not an oid - } - } - } - } - - if (ecP == null) - { - return null; - } - - return new ECNamedCurveParameterSpec( - name, - ecP.getCurve(), - ecP.getG(), - ecP.getN(), - ecP.getH(), - ecP.getSeed()); - } - - /** - * return an enumeration of the names of the available curves. - * - * @return an enumeration of the names of the available curves. - */ - public static Enumeration getNames() - { - return org.bouncycastle.asn1.x9.ECNamedCurveTable.getNames(); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/ECPointUtil.java b/prov/src/main/java/org/bouncycastle/jce/ECPointUtil.java deleted file mode 100644 index 5ff966a2..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/ECPointUtil.java +++ /dev/null @@ -1,56 +0,0 @@ -package org.bouncycastle.jce; - -import java.security.spec.ECFieldF2m; -import java.security.spec.ECFieldFp; -import java.security.spec.ECPoint; -import java.security.spec.EllipticCurve; - -import org.bouncycastle.math.ec.ECCurve; - -/** - * Utility class for handling EC point decoding. - */ -public class ECPointUtil -{ - /** - * Decode a point on this curve which has been encoded using point - * compression (X9.62 s 4.2.1 and 4.2.2) or regular encoding. - * - * @param curve - * The elliptic curve. - * @param encoded - * The encoded point. - * @return the decoded point. - */ - public static ECPoint decodePoint( - EllipticCurve curve, - byte[] encoded) - { - ECCurve c = null; - - if (curve.getField() instanceof ECFieldFp) - { - c = new ECCurve.Fp( - ((ECFieldFp)curve.getField()).getP(), curve.getA(), curve.getB()); - } - else - { - int k[] = ((ECFieldF2m)curve.getField()).getMidTermsOfReductionPolynomial(); - - if (k.length == 3) - { - c = new ECCurve.F2m( - ((ECFieldF2m)curve.getField()).getM(), k[2], k[1], k[0], curve.getA(), curve.getB()); - } - else - { - c = new ECCurve.F2m( - ((ECFieldF2m)curve.getField()).getM(), k[0], curve.getA(), curve.getB()); - } - } - - org.bouncycastle.math.ec.ECPoint p = c.decodePoint(encoded); - - return new ECPoint(p.getAffineXCoord().toBigInteger(), p.getAffineYCoord().toBigInteger()); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/MultiCertStoreParameters.java b/prov/src/main/java/org/bouncycastle/jce/MultiCertStoreParameters.java deleted file mode 100644 index 2ffa031a..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/MultiCertStoreParameters.java +++ /dev/null @@ -1,51 +0,0 @@ -package org.bouncycastle.jce; - -import java.security.cert.CertStoreParameters; -import java.util.Collection; - -public class MultiCertStoreParameters - implements CertStoreParameters -{ - private Collection certStores; - private boolean searchAllStores; - - /** - * Create a parameters object which specifies searching of all the passed in stores. - * - * @param certStores CertStores making up the multi CertStore - */ - public MultiCertStoreParameters(Collection certStores) - { - this(certStores, true); - } - - /** - * Create a parameters object which can be to used to make a multi store made up - * of the passed in CertStores. If the searchAllStores parameter is false, any search on - * the multi-store will terminate as soon as a search query produces a result. - * - * @param certStores CertStores making up the multi CertStore - * @param searchAllStores true if all CertStores should be searched on request, false if a result - * should be returned on the first successful CertStore query. - */ - public MultiCertStoreParameters(Collection certStores, boolean searchAllStores) - { - this.certStores = certStores; - this.searchAllStores = searchAllStores; - } - - public Collection getCertStores() - { - return certStores; - } - - public boolean getSearchAllStores() - { - return searchAllStores; - } - - public Object clone() - { - return this; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java b/prov/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java deleted file mode 100644 index 13bed1a9..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java +++ /dev/null @@ -1,640 +0,0 @@ -package org.bouncycastle.jce; - -import java.io.IOException; -import java.security.AlgorithmParameters; -import java.security.GeneralSecurityException; -import java.security.InvalidKeyException; -import java.security.KeyFactory; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.Signature; -import java.security.SignatureException; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.PSSParameterSpec; -import java.security.spec.X509EncodedKeySpec; -import java.util.HashSet; -import java.util.Hashtable; -import java.util.Set; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.CertificationRequest; -import org.bouncycastle.asn1.pkcs.CertificationRequestInfo; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.RSASSAPSSparams; -import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x509.X509Name; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.util.Strings; - -/** - * A class for verifying and creating PKCS10 Certification requests. - * <pre> - * CertificationRequest ::= SEQUENCE { - * certificationRequestInfo CertificationRequestInfo, - * signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }}, - * signature BIT STRING - * } - * - * CertificationRequestInfo ::= SEQUENCE { - * version INTEGER { v1(0) } (v1,...), - * subject Name, - * subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }}, - * attributes [0] Attributes{{ CRIAttributes }} - * } - * - * Attributes { ATTRIBUTE:IOSet } ::= SET OF Attribute{{ IOSet }} - * - * Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE { - * type ATTRIBUTE.&id({IOSet}), - * values SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{\@type}) - * } - * </pre> - * @deprecated use classes in org.bouncycastle.pkcs. - */ -public class PKCS10CertificationRequest - extends CertificationRequest -{ - private static Hashtable algorithms = new Hashtable(); - private static Hashtable params = new Hashtable(); - private static Hashtable keyAlgorithms = new Hashtable(); - private static Hashtable oids = new Hashtable(); - private static Set noParams = new HashSet(); - - static - { - algorithms.put("MD2WITHRSAENCRYPTION", new ASN1ObjectIdentifier("1.2.840.113549.1.1.2")); - algorithms.put("MD2WITHRSA", new ASN1ObjectIdentifier("1.2.840.113549.1.1.2")); - algorithms.put("MD5WITHRSAENCRYPTION", new ASN1ObjectIdentifier("1.2.840.113549.1.1.4")); - algorithms.put("MD5WITHRSA", new ASN1ObjectIdentifier("1.2.840.113549.1.1.4")); - algorithms.put("RSAWITHMD5", new ASN1ObjectIdentifier("1.2.840.113549.1.1.4")); - algorithms.put("SHA1WITHRSAENCRYPTION", new ASN1ObjectIdentifier("1.2.840.113549.1.1.5")); - algorithms.put("SHA1WITHRSA", new ASN1ObjectIdentifier("1.2.840.113549.1.1.5")); - algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption); - algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption); - algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption); - algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption); - algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption); - algorithms.put("SHA384WITHRSA", PKCSObjectIdentifiers.sha384WithRSAEncryption); - algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption); - algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption); - algorithms.put("SHA1WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); - algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); - algorithms.put("SHA256WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); - algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); - algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); - algorithms.put("RSAWITHSHA1", new ASN1ObjectIdentifier("1.2.840.113549.1.1.5")); - algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); - algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); - algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); - algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); - algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); - algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); - algorithms.put("SHA1WITHDSA", new ASN1ObjectIdentifier("1.2.840.10040.4.3")); - algorithms.put("DSAWITHSHA1", new ASN1ObjectIdentifier("1.2.840.10040.4.3")); - algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224); - algorithms.put("SHA256WITHDSA", NISTObjectIdentifiers.dsa_with_sha256); - algorithms.put("SHA384WITHDSA", NISTObjectIdentifiers.dsa_with_sha384); - algorithms.put("SHA512WITHDSA", NISTObjectIdentifiers.dsa_with_sha512); - algorithms.put("SHA1WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1); - algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224); - algorithms.put("SHA256WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256); - algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384); - algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512); - algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1); - algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); - algorithms.put("GOST3410WITHGOST3411", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); - algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); - algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); - algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); - - // - // reverse mappings - // - oids.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.5"), "SHA1WITHRSA"); - oids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224WITHRSA"); - oids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256WITHRSA"); - oids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384WITHRSA"); - oids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512WITHRSA"); - oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410"); - oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410"); - - oids.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"), "MD5WITHRSA"); - oids.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA"); - oids.put(new ASN1ObjectIdentifier("1.2.840.10040.4.3"), "SHA1WITHDSA"); - oids.put(X9ObjectIdentifiers.ecdsa_with_SHA1, "SHA1WITHECDSA"); - oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA"); - oids.put(X9ObjectIdentifiers.ecdsa_with_SHA256, "SHA256WITHECDSA"); - oids.put(X9ObjectIdentifiers.ecdsa_with_SHA384, "SHA384WITHECDSA"); - oids.put(X9ObjectIdentifiers.ecdsa_with_SHA512, "SHA512WITHECDSA"); - oids.put(OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA"); - oids.put(OIWObjectIdentifiers.dsaWithSHA1, "SHA1WITHDSA"); - oids.put(NISTObjectIdentifiers.dsa_with_sha224, "SHA224WITHDSA"); - oids.put(NISTObjectIdentifiers.dsa_with_sha256, "SHA256WITHDSA"); - - // - // key types - // - keyAlgorithms.put(PKCSObjectIdentifiers.rsaEncryption, "RSA"); - keyAlgorithms.put(X9ObjectIdentifiers.id_dsa, "DSA"); - - // - // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field. - // The parameters field SHALL be NULL for RSA based signature algorithms. - // - noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA1); - noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224); - noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA256); - noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA384); - noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA512); - noParams.add(X9ObjectIdentifiers.id_dsa_with_sha1); - noParams.add(NISTObjectIdentifiers.dsa_with_sha224); - noParams.add(NISTObjectIdentifiers.dsa_with_sha256); - - // - // RFC 4491 - // - noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); - noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); - // - // explicit params - // - AlgorithmIdentifier sha1AlgId = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.INSTANCE); - params.put("SHA1WITHRSAANDMGF1", creatPSSParams(sha1AlgId, 20)); - - AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, DERNull.INSTANCE); - params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28)); - - AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, DERNull.INSTANCE); - params.put("SHA256WITHRSAANDMGF1", creatPSSParams(sha256AlgId, 32)); - - AlgorithmIdentifier sha384AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha384, DERNull.INSTANCE); - params.put("SHA384WITHRSAANDMGF1", creatPSSParams(sha384AlgId, 48)); - - AlgorithmIdentifier sha512AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha512, DERNull.INSTANCE); - params.put("SHA512WITHRSAANDMGF1", creatPSSParams(sha512AlgId, 64)); - } - - private static RSASSAPSSparams creatPSSParams(AlgorithmIdentifier hashAlgId, int saltSize) - { - return new RSASSAPSSparams( - hashAlgId, - new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, hashAlgId), - new ASN1Integer(saltSize), - new ASN1Integer(1)); - } - - private static ASN1Sequence toDERSequence( - byte[] bytes) - { - try - { - ASN1InputStream dIn = new ASN1InputStream(bytes); - - return (ASN1Sequence)dIn.readObject(); - } - catch (Exception e) - { - throw new IllegalArgumentException("badly encoded request"); - } - } - - /** - * construct a PKCS10 certification request from a DER encoded - * byte stream. - */ - public PKCS10CertificationRequest( - byte[] bytes) - { - super(toDERSequence(bytes)); - } - - public PKCS10CertificationRequest( - ASN1Sequence sequence) - { - super(sequence); - } - - /** - * create a PKCS10 certfication request using the BC provider. - */ - public PKCS10CertificationRequest( - String signatureAlgorithm, - X509Name subject, - PublicKey key, - ASN1Set attributes, - PrivateKey signingKey) - throws NoSuchAlgorithmException, NoSuchProviderException, - InvalidKeyException, SignatureException - { - this(signatureAlgorithm, subject, key, attributes, signingKey, BouncyCastleProvider.PROVIDER_NAME); - } - - private static X509Name convertName( - X500Principal name) - { - try - { - return new X509Principal(name.getEncoded()); - } - catch (IOException e) - { - throw new IllegalArgumentException("can't convert name"); - } - } - - /** - * create a PKCS10 certfication request using the BC provider. - */ - public PKCS10CertificationRequest( - String signatureAlgorithm, - X500Principal subject, - PublicKey key, - ASN1Set attributes, - PrivateKey signingKey) - throws NoSuchAlgorithmException, NoSuchProviderException, - InvalidKeyException, SignatureException - { - this(signatureAlgorithm, convertName(subject), key, attributes, signingKey, BouncyCastleProvider.PROVIDER_NAME); - } - - /** - * create a PKCS10 certfication request using the named provider. - */ - public PKCS10CertificationRequest( - String signatureAlgorithm, - X500Principal subject, - PublicKey key, - ASN1Set attributes, - PrivateKey signingKey, - String provider) - throws NoSuchAlgorithmException, NoSuchProviderException, - InvalidKeyException, SignatureException - { - this(signatureAlgorithm, convertName(subject), key, attributes, signingKey, provider); - } - - /** - * create a PKCS10 certfication request using the named provider. - */ - public PKCS10CertificationRequest( - String signatureAlgorithm, - X509Name subject, - PublicKey key, - ASN1Set attributes, - PrivateKey signingKey, - String provider) - throws NoSuchAlgorithmException, NoSuchProviderException, - InvalidKeyException, SignatureException - { - String algorithmName = Strings.toUpperCase(signatureAlgorithm); - ASN1ObjectIdentifier sigOID = (ASN1ObjectIdentifier)algorithms.get(algorithmName); - - if (sigOID == null) - { - try - { - sigOID = new ASN1ObjectIdentifier(algorithmName); - } - catch (Exception e) - { - throw new IllegalArgumentException("Unknown signature type requested"); - } - } - - if (subject == null) - { - throw new IllegalArgumentException("subject must not be null"); - } - - if (key == null) - { - throw new IllegalArgumentException("public key must not be null"); - } - - if (noParams.contains(sigOID)) - { - this.sigAlgId = new AlgorithmIdentifier(sigOID); - } - else if (params.containsKey(algorithmName)) - { - this.sigAlgId = new AlgorithmIdentifier(sigOID, (ASN1Encodable)params.get(algorithmName)); - } - else - { - this.sigAlgId = new AlgorithmIdentifier(sigOID, DERNull.INSTANCE); - } - - try - { - ASN1Sequence seq = (ASN1Sequence)ASN1Primitive.fromByteArray(key.getEncoded()); - this.reqInfo = new CertificationRequestInfo(subject, new SubjectPublicKeyInfo(seq), attributes); - } - catch (IOException e) - { - throw new IllegalArgumentException("can't encode public key"); - } - - Signature sig; - if (provider == null) - { - sig = Signature.getInstance(signatureAlgorithm); - } - else - { - sig = Signature.getInstance(signatureAlgorithm, provider); - } - - sig.initSign(signingKey); - - try - { - sig.update(reqInfo.getEncoded(ASN1Encoding.DER)); - } - catch (Exception e) - { - throw new IllegalArgumentException("exception encoding TBS cert request - " + e); - } - - this.sigBits = new DERBitString(sig.sign()); - } - - /** - * return the public key associated with the certification request - - * the public key is created using the BC provider. - */ - public PublicKey getPublicKey() - throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException - { - return getPublicKey(BouncyCastleProvider.PROVIDER_NAME); - } - - public PublicKey getPublicKey( - String provider) - throws NoSuchAlgorithmException, NoSuchProviderException, - InvalidKeyException - { - SubjectPublicKeyInfo subjectPKInfo = reqInfo.getSubjectPublicKeyInfo(); - - - try - { - X509EncodedKeySpec xspec = new X509EncodedKeySpec(new DERBitString(subjectPKInfo).getBytes()); - AlgorithmIdentifier keyAlg = subjectPKInfo.getAlgorithm(); - try - { - if (provider == null) - { - return KeyFactory.getInstance(keyAlg.getAlgorithm().getId()).generatePublic(xspec); - } - else - { - return KeyFactory.getInstance(keyAlg.getAlgorithm().getId(), provider).generatePublic(xspec); - } - } - catch (NoSuchAlgorithmException e) - { - // - // try an alternate - // - if (keyAlgorithms.get(keyAlg.getObjectId()) != null) - { - String keyAlgorithm = (String)keyAlgorithms.get(keyAlg.getObjectId()); - - if (provider == null) - { - return KeyFactory.getInstance(keyAlgorithm).generatePublic(xspec); - } - else - { - return KeyFactory.getInstance(keyAlgorithm, provider).generatePublic(xspec); - } - } - - throw e; - } - } - catch (InvalidKeySpecException e) - { - throw new InvalidKeyException("error decoding public key"); - } - catch (IOException e) - { - throw new InvalidKeyException("error decoding public key"); - } - } - - /** - * verify the request using the BC provider. - */ - public boolean verify() - throws NoSuchAlgorithmException, NoSuchProviderException, - InvalidKeyException, SignatureException - { - return verify(BouncyCastleProvider.PROVIDER_NAME); - } - - /** - * verify the request using the passed in provider. - */ - public boolean verify( - String provider) - throws NoSuchAlgorithmException, NoSuchProviderException, - InvalidKeyException, SignatureException - { - return verify(this.getPublicKey(provider), provider); - } - - /** - * verify the request using the passed in public key and the provider.. - */ - public boolean verify( - PublicKey pubKey, - String provider) - throws NoSuchAlgorithmException, NoSuchProviderException, - InvalidKeyException, SignatureException - { - Signature sig; - - try - { - if (provider == null) - { - sig = Signature.getInstance(getSignatureName(sigAlgId)); - } - else - { - sig = Signature.getInstance(getSignatureName(sigAlgId), provider); - } - } - catch (NoSuchAlgorithmException e) - { - // - // try an alternate - // - if (oids.get(sigAlgId.getObjectId()) != null) - { - String signatureAlgorithm = (String)oids.get(sigAlgId.getObjectId()); - - if (provider == null) - { - sig = Signature.getInstance(signatureAlgorithm); - } - else - { - sig = Signature.getInstance(signatureAlgorithm, provider); - } - } - else - { - throw e; - } - } - - setSignatureParameters(sig, sigAlgId.getParameters()); - - sig.initVerify(pubKey); - - try - { - sig.update(reqInfo.getEncoded(ASN1Encoding.DER)); - } - catch (Exception e) - { - throw new SignatureException("exception encoding TBS cert request - " + e); - } - - return sig.verify(sigBits.getBytes()); - } - - /** - * return a DER encoded byte array representing this object - */ - public byte[] getEncoded() - { - try - { - return this.getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - throw new RuntimeException(e.toString()); - } - } - - private void setSignatureParameters( - Signature signature, - ASN1Encodable params) - throws NoSuchAlgorithmException, SignatureException, InvalidKeyException - { - if (params != null && !DERNull.INSTANCE.equals(params)) - { - AlgorithmParameters sigParams = AlgorithmParameters.getInstance(signature.getAlgorithm(), signature.getProvider()); - - try - { - sigParams.init(params.toASN1Primitive().getEncoded(ASN1Encoding.DER)); - } - catch (IOException e) - { - throw new SignatureException("IOException decoding parameters: " + e.getMessage()); - } - - if (signature.getAlgorithm().endsWith("MGF1")) - { - try - { - signature.setParameter(sigParams.getParameterSpec(PSSParameterSpec.class)); - } - catch (GeneralSecurityException e) - { - throw new SignatureException("Exception extracting parameters: " + e.getMessage()); - } - } - } - } - - static String getSignatureName( - AlgorithmIdentifier sigAlgId) - { - ASN1Encodable params = sigAlgId.getParameters(); - - if (params != null && !DERNull.INSTANCE.equals(params)) - { - if (sigAlgId.getObjectId().equals(PKCSObjectIdentifiers.id_RSASSA_PSS)) - { - RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params); - return getDigestAlgName(rsaParams.getHashAlgorithm().getObjectId()) + "withRSAandMGF1"; - } - } - - return sigAlgId.getObjectId().getId(); - } - - private static String getDigestAlgName( - ASN1ObjectIdentifier digestAlgOID) - { - if (PKCSObjectIdentifiers.md5.equals(digestAlgOID)) - { - return "MD5"; - } - else if (OIWObjectIdentifiers.idSHA1.equals(digestAlgOID)) - { - return "SHA1"; - } - else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID)) - { - return "SHA224"; - } - else if (NISTObjectIdentifiers.id_sha256.equals(digestAlgOID)) - { - return "SHA256"; - } - else if (NISTObjectIdentifiers.id_sha384.equals(digestAlgOID)) - { - return "SHA384"; - } - else if (NISTObjectIdentifiers.id_sha512.equals(digestAlgOID)) - { - return "SHA512"; - } - else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID)) - { - return "RIPEMD128"; - } - else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID)) - { - return "RIPEMD160"; - } - else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID)) - { - return "RIPEMD256"; - } - else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID)) - { - return "GOST3411"; - } - else - { - return digestAlgOID.getId(); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/PKCS12Util.java b/prov/src/main/java/org/bouncycastle/jce/PKCS12Util.java deleted file mode 100644 index c7059b26..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/PKCS12Util.java +++ /dev/null @@ -1,126 +0,0 @@ -package org.bouncycastle.jce; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; - -import javax.crypto.Mac; -import javax.crypto.SecretKey; -import javax.crypto.SecretKeyFactory; -import javax.crypto.spec.PBEKeySpec; -import javax.crypto.spec.PBEParameterSpec; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DEROutputStream; -import org.bouncycastle.asn1.pkcs.ContentInfo; -import org.bouncycastle.asn1.pkcs.MacData; -import org.bouncycastle.asn1.pkcs.Pfx; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.DigestInfo; - -/** - * Utility class for reencoding PKCS#12 files to definite length. - */ -public class PKCS12Util -{ - /** - * Just re-encode the outer layer of the PKCS#12 file to definite length encoding. - * - * @param berPKCS12File - original PKCS#12 file - * @return a byte array representing the DER encoding of the PFX structure - * @throws IOException - */ - public static byte[] convertToDefiniteLength(byte[] berPKCS12File) - throws IOException - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - - Pfx pfx = Pfx.getInstance(berPKCS12File); - - bOut.reset(); - - dOut.writeObject(pfx); - - return bOut.toByteArray(); - } - - /** - * Re-encode the PKCS#12 structure to definite length encoding at the inner layer - * as well, recomputing the MAC accordingly. - * - * @param berPKCS12File - original PKCS12 file. - * @param provider - provider to use for MAC calculation. - * @return a byte array representing the DER encoding of the PFX structure. - * @throws IOException on parsing, encoding errors. - */ - public static byte[] convertToDefiniteLength(byte[] berPKCS12File, char[] passwd, String provider) - throws IOException - { - Pfx pfx = Pfx.getInstance(berPKCS12File); - - ContentInfo info = pfx.getAuthSafe(); - - ASN1OctetString content = ASN1OctetString.getInstance(info.getContent()); - - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - - ASN1InputStream contentIn = new ASN1InputStream(content.getOctets()); - ASN1Primitive obj = contentIn.readObject(); - - dOut.writeObject(obj); - - info = new ContentInfo(info.getContentType(), new DEROctetString(bOut.toByteArray())); - - MacData mData = pfx.getMacData(); - try - { - int itCount = mData.getIterationCount().intValue(); - byte[] data = ASN1OctetString.getInstance(info.getContent()).getOctets(); - byte[] res = calculatePbeMac(mData.getMac().getAlgorithmId().getObjectId(), mData.getSalt(), itCount, passwd, data, provider); - - AlgorithmIdentifier algId = new AlgorithmIdentifier(mData.getMac().getAlgorithmId().getObjectId(), DERNull.INSTANCE); - DigestInfo dInfo = new DigestInfo(algId, res); - - mData = new MacData(dInfo, mData.getSalt(), itCount); - } - catch (Exception e) - { - throw new IOException("error constructing MAC: " + e.toString()); - } - - pfx = new Pfx(info, mData); - - bOut.reset(); - - dOut.writeObject(pfx); - - return bOut.toByteArray(); - } - - private static byte[] calculatePbeMac( - ASN1ObjectIdentifier oid, - byte[] salt, - int itCount, - char[] password, - byte[] data, - String provider) - throws Exception - { - SecretKeyFactory keyFact = SecretKeyFactory.getInstance(oid.getId(), provider); - PBEParameterSpec defParams = new PBEParameterSpec(salt, itCount); - PBEKeySpec pbeSpec = new PBEKeySpec(password); - SecretKey key = keyFact.generateSecret(pbeSpec); - - Mac mac = Mac.getInstance(oid.getId(), provider); - mac.init(key, defParams); - mac.update(data); - - return mac.doFinal(); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/PrincipalUtil.java b/prov/src/main/java/org/bouncycastle/jce/PrincipalUtil.java deleted file mode 100644 index 4bf65a03..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/PrincipalUtil.java +++ /dev/null @@ -1,81 +0,0 @@ -package org.bouncycastle.jce; - -import java.io.IOException; -import java.security.cert.CRLException; -import java.security.cert.CertificateEncodingException; -import java.security.cert.X509CRL; -import java.security.cert.X509Certificate; - -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.x509.TBSCertList; -import org.bouncycastle.asn1.x509.TBSCertificateStructure; -import org.bouncycastle.asn1.x509.X509Name; - -/** - * a utility class that will extract X509Principal objects from X.509 certificates. - * <p> - * Use this in preference to trying to recreate a principal from a String, not all - * DNs are what they should be, so it's best to leave them encoded where they - * can be. - */ -public class PrincipalUtil -{ - /** - * return the issuer of the given cert as an X509PrincipalObject. - */ - public static X509Principal getIssuerX509Principal( - X509Certificate cert) - throws CertificateEncodingException - { - try - { - TBSCertificateStructure tbsCert = TBSCertificateStructure.getInstance( - ASN1Primitive.fromByteArray(cert.getTBSCertificate())); - - return new X509Principal(X509Name.getInstance(tbsCert.getIssuer())); - } - catch (IOException e) - { - throw new CertificateEncodingException(e.toString()); - } - } - - /** - * return the subject of the given cert as an X509PrincipalObject. - */ - public static X509Principal getSubjectX509Principal( - X509Certificate cert) - throws CertificateEncodingException - { - try - { - TBSCertificateStructure tbsCert = TBSCertificateStructure.getInstance( - ASN1Primitive.fromByteArray(cert.getTBSCertificate())); - return new X509Principal(X509Name.getInstance(tbsCert.getSubject())); - } - catch (IOException e) - { - throw new CertificateEncodingException(e.toString()); - } - } - - /** - * return the issuer of the given CRL as an X509PrincipalObject. - */ - public static X509Principal getIssuerX509Principal( - X509CRL crl) - throws CRLException - { - try - { - TBSCertList tbsCertList = TBSCertList.getInstance( - ASN1Primitive.fromByteArray(crl.getTBSCertList())); - - return new X509Principal(X509Name.getInstance(tbsCertList.getIssuer())); - } - catch (IOException e) - { - throw new CRLException(e.toString()); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/X509KeyUsage.java b/prov/src/main/java/org/bouncycastle/jce/X509KeyUsage.java deleted file mode 100644 index 163566a1..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/X509KeyUsage.java +++ /dev/null @@ -1,57 +0,0 @@ -package org.bouncycastle.jce; - -import org.bouncycastle.asn1.ASN1Object; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.x509.KeyUsage; - -/** - * A holding class for constructing an X509 Key Usage extension. - * - * <pre> - * id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } - * - * KeyUsage ::= BIT STRING { - * digitalSignature (0), - * nonRepudiation (1), - * keyEncipherment (2), - * dataEncipherment (3), - * keyAgreement (4), - * keyCertSign (5), - * cRLSign (6), - * encipherOnly (7), - * decipherOnly (8) } - * </pre> - */ -public class X509KeyUsage - extends ASN1Object -{ - public static final int digitalSignature = 1 << 7; - public static final int nonRepudiation = 1 << 6; - public static final int keyEncipherment = 1 << 5; - public static final int dataEncipherment = 1 << 4; - public static final int keyAgreement = 1 << 3; - public static final int keyCertSign = 1 << 2; - public static final int cRLSign = 1 << 1; - public static final int encipherOnly = 1 << 0; - public static final int decipherOnly = 1 << 15; - - private int usage = 0; - - /** - * Basic constructor. - * - * @param usage - the bitwise OR of the Key Usage flags giving the - * allowed uses for the key. - * e.g. (X509KeyUsage.keyEncipherment | X509KeyUsage.dataEncipherment) - */ - public X509KeyUsage( - int usage) - { - this.usage = usage; - } - - public ASN1Primitive toASN1Primitive() - { - return new KeyUsage(usage).toASN1Primitive(); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/X509LDAPCertStoreParameters.java b/prov/src/main/java/org/bouncycastle/jce/X509LDAPCertStoreParameters.java deleted file mode 100644 index 80532fac..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/X509LDAPCertStoreParameters.java +++ /dev/null @@ -1,1258 +0,0 @@ -package org.bouncycastle.jce; - -import org.bouncycastle.x509.X509StoreParameters; - -import java.security.cert.CertStoreParameters; -import java.security.cert.LDAPCertStoreParameters; - -/** - * An expanded set of parameters for an LDAPCertStore - */ -public class X509LDAPCertStoreParameters - implements X509StoreParameters, CertStoreParameters -{ - - private String ldapURL; - - private String baseDN; - - // LDAP attributes, where data is stored - - private String userCertificateAttribute; - - private String cACertificateAttribute; - - private String crossCertificateAttribute; - - private String certificateRevocationListAttribute; - - private String deltaRevocationListAttribute; - - private String authorityRevocationListAttribute; - - private String attributeCertificateAttributeAttribute; - - private String aACertificateAttribute; - - private String attributeDescriptorCertificateAttribute; - - private String attributeCertificateRevocationListAttribute; - - private String attributeAuthorityRevocationListAttribute; - - // LDAP attributes with which data can be found - - private String ldapUserCertificateAttributeName; - - private String ldapCACertificateAttributeName; - - private String ldapCrossCertificateAttributeName; - - private String ldapCertificateRevocationListAttributeName; - - private String ldapDeltaRevocationListAttributeName; - - private String ldapAuthorityRevocationListAttributeName; - - private String ldapAttributeCertificateAttributeAttributeName; - - private String ldapAACertificateAttributeName; - - private String ldapAttributeDescriptorCertificateAttributeName; - - private String ldapAttributeCertificateRevocationListAttributeName; - - private String ldapAttributeAuthorityRevocationListAttributeName; - - // certificates and CRLs subject or issuer DN attributes, which must be - // matched against ldap attribute names - - private String userCertificateSubjectAttributeName; - - private String cACertificateSubjectAttributeName; - - private String crossCertificateSubjectAttributeName; - - private String certificateRevocationListIssuerAttributeName; - - private String deltaRevocationListIssuerAttributeName; - - private String authorityRevocationListIssuerAttributeName; - - private String attributeCertificateAttributeSubjectAttributeName; - - private String aACertificateSubjectAttributeName; - - private String attributeDescriptorCertificateSubjectAttributeName; - - private String attributeCertificateRevocationListIssuerAttributeName; - - private String attributeAuthorityRevocationListIssuerAttributeName; - - private String searchForSerialNumberIn; - - public static class Builder - { - private String ldapURL; - - private String baseDN; - - // LDAP attributes, where data is stored - - private String userCertificateAttribute; - - private String cACertificateAttribute; - - private String crossCertificateAttribute; - - private String certificateRevocationListAttribute; - - private String deltaRevocationListAttribute; - - private String authorityRevocationListAttribute; - - private String attributeCertificateAttributeAttribute; - - private String aACertificateAttribute; - - private String attributeDescriptorCertificateAttribute; - - private String attributeCertificateRevocationListAttribute; - - private String attributeAuthorityRevocationListAttribute; - - // LDAP attributes with which data can be found - - private String ldapUserCertificateAttributeName; - - private String ldapCACertificateAttributeName; - - private String ldapCrossCertificateAttributeName; - - private String ldapCertificateRevocationListAttributeName; - - private String ldapDeltaRevocationListAttributeName; - - private String ldapAuthorityRevocationListAttributeName; - - private String ldapAttributeCertificateAttributeAttributeName; - - private String ldapAACertificateAttributeName; - - private String ldapAttributeDescriptorCertificateAttributeName; - - private String ldapAttributeCertificateRevocationListAttributeName; - - private String ldapAttributeAuthorityRevocationListAttributeName; - - // certificates and CRLs subject or issuer DN attributes, which must be - // matched against ldap attribute names - - private String userCertificateSubjectAttributeName; - - private String cACertificateSubjectAttributeName; - - private String crossCertificateSubjectAttributeName; - - private String certificateRevocationListIssuerAttributeName; - - private String deltaRevocationListIssuerAttributeName; - - private String authorityRevocationListIssuerAttributeName; - - private String attributeCertificateAttributeSubjectAttributeName; - - private String aACertificateSubjectAttributeName; - - private String attributeDescriptorCertificateSubjectAttributeName; - - private String attributeCertificateRevocationListIssuerAttributeName; - - private String attributeAuthorityRevocationListIssuerAttributeName; - - private String searchForSerialNumberIn; - - public Builder() - { - this("ldap://localhost:389", ""); - } - - public Builder(String ldapURL, String baseDN) - { - this.ldapURL = ldapURL; - if (baseDN == null) - { - this.baseDN = ""; - } - else - { - this.baseDN = baseDN; - } - - this.userCertificateAttribute = "userCertificate"; - this.cACertificateAttribute = "cACertificate"; - this.crossCertificateAttribute = "crossCertificatePair"; - this.certificateRevocationListAttribute = "certificateRevocationList"; - this.deltaRevocationListAttribute = "deltaRevocationList"; - this.authorityRevocationListAttribute = "authorityRevocationList"; - this.attributeCertificateAttributeAttribute = "attributeCertificateAttribute"; - this.aACertificateAttribute = "aACertificate"; - this.attributeDescriptorCertificateAttribute = "attributeDescriptorCertificate"; - this.attributeCertificateRevocationListAttribute = "attributeCertificateRevocationList"; - this.attributeAuthorityRevocationListAttribute = "attributeAuthorityRevocationList"; - this.ldapUserCertificateAttributeName = "cn"; - this.ldapCACertificateAttributeName = "cn ou o"; - this.ldapCrossCertificateAttributeName = "cn ou o"; - this.ldapCertificateRevocationListAttributeName = "cn ou o"; - this.ldapDeltaRevocationListAttributeName = "cn ou o"; - this.ldapAuthorityRevocationListAttributeName = "cn ou o"; - this.ldapAttributeCertificateAttributeAttributeName = "cn"; - this.ldapAACertificateAttributeName = "cn o ou"; - this.ldapAttributeDescriptorCertificateAttributeName = "cn o ou"; - this.ldapAttributeCertificateRevocationListAttributeName = "cn o ou"; - this.ldapAttributeAuthorityRevocationListAttributeName = "cn o ou"; - this.userCertificateSubjectAttributeName = "cn"; - this.cACertificateSubjectAttributeName = "o ou"; - this.crossCertificateSubjectAttributeName = "o ou"; - this.certificateRevocationListIssuerAttributeName = "o ou"; - this.deltaRevocationListIssuerAttributeName = "o ou"; - this.authorityRevocationListIssuerAttributeName = "o ou"; - this.attributeCertificateAttributeSubjectAttributeName = "cn"; - this.aACertificateSubjectAttributeName = "o ou"; - this.attributeDescriptorCertificateSubjectAttributeName = "o ou"; - this.attributeCertificateRevocationListIssuerAttributeName = "o ou"; - this.attributeAuthorityRevocationListIssuerAttributeName = "o ou"; - this.searchForSerialNumberIn = "uid serialNumber cn"; - } - - /** - * @param userCertificateAttribute Attribute name(s) in the LDAP directory where end certificates - * are stored. Separated by space. Defaults to "userCertificate" - * if <code>null</code>. - * @throws IllegalArgumentException if a necessary parameter is <code>null</code>. - * @return the builder - */ - public Builder setUserCertificateAttribute(String userCertificateAttribute) - { - this.userCertificateAttribute = userCertificateAttribute; - - return this; - } - - /** - * @param cACertificateAttribute Attribute name(s) in the LDAP directory where CA certificates - * are stored. Separated by space. Defaults to "cACertificate" if - * <code>null</code>. - * @throws IllegalArgumentException if a necessary parameter is <code>null</code>. - * @return the builder - */ - public Builder setCACertificateAttribute(String cACertificateAttribute) - { - this.cACertificateAttribute = cACertificateAttribute; - - return this; - } - - /** - * @param crossCertificateAttribute Attribute name(s), where the cross certificates are stored. - * Separated by space. Defaults to "crossCertificatePair" if - * <code>null</code> - * @throws IllegalArgumentException if a necessary parameter is <code>null</code>. - * @return the builder - */ - public Builder setCrossCertificateAttribute(String crossCertificateAttribute) - { - this.crossCertificateAttribute = crossCertificateAttribute; - - return this; - } - - /** - * @param certificateRevocationListAttribute - * Attribute name(s) in the LDAP directory where CRLs are stored. - * Separated by space. Defaults to "certificateRevocationList" if - * <code>null</code>. - * @throws IllegalArgumentException if a necessary parameter is <code>null</code>. - * @return the builder - */ - public Builder setCertificateRevocationListAttribute(String certificateRevocationListAttribute) - { - this.certificateRevocationListAttribute = certificateRevocationListAttribute; - - return this; - } - - /** - * @param deltaRevocationListAttribute Attribute name(s) in the LDAP directory where delta RLs are - * stored. Separated by space. Defaults to "deltaRevocationList" - * if <code>null</code>. - * @throws IllegalArgumentException if a necessary parameter is <code>null</code>. - * @return the builder - */ - public Builder setDeltaRevocationListAttribute(String deltaRevocationListAttribute) - { - this.deltaRevocationListAttribute = deltaRevocationListAttribute; - - return this; - } - - /** - * @param authorityRevocationListAttribute - * Attribute name(s) in the LDAP directory where CRLs for - * authorities are stored. Separated by space. Defaults to - * "authorityRevocationList" if <code>null</code>. - * @throws IllegalArgumentException if a necessary parameter is <code>null</code>. - * @return the builder - */ - public Builder setAuthorityRevocationListAttribute(String authorityRevocationListAttribute) - { - this.authorityRevocationListAttribute = authorityRevocationListAttribute; - - return this; - } - - /** - * @param attributeCertificateAttributeAttribute - * Attribute name(s) in the LDAP directory where end attribute - * certificates are stored. Separated by space. Defaults to - * "attributeCertificateAttribute" if <code>null</code>. - * @throws IllegalArgumentException if a necessary parameter is <code>null</code>. - * @return the builder - */ - public Builder setAttributeCertificateAttributeAttribute(String attributeCertificateAttributeAttribute) - { - this.attributeCertificateAttributeAttribute = attributeCertificateAttributeAttribute; - - return this; - } - - /** - * @param aACertificateAttribute Attribute name(s) in the LDAP directory where attribute - * certificates for attribute authorities are stored. Separated - * by space. Defaults to "aACertificate" if <code>null</code>. - * @throws IllegalArgumentException if a necessary parameter is <code>null</code>. - * @return the builder - */ - public Builder setAACertificateAttribute(String aACertificateAttribute) - { - this.aACertificateAttribute = aACertificateAttribute; - - return this; - } - - /** - * @param attributeDescriptorCertificateAttribute - * Attribute name(s) in the LDAP directory where self signed - * attribute certificates for attribute authorities are stored. - * Separated by space. Defaults to - * "attributeDescriptorCertificate" if <code>null</code>. - * @throws IllegalArgumentException if a necessary parameter is <code>null</code>. - * @return the builder - */ - public Builder setAttributeDescriptorCertificateAttribute(String attributeDescriptorCertificateAttribute) - { - this.attributeDescriptorCertificateAttribute = attributeDescriptorCertificateAttribute; - - return this; - } - - /** - * @param attributeCertificateRevocationListAttribute - * Attribute name(s) in the LDAP directory where CRLs for - * attribute certificates are stored. Separated by space. - * Defaults to "attributeCertificateRevocationList" if - * <code>null</code>. - * @throws IllegalArgumentException if a necessary parameter is <code>null</code>. - * @return the builder - */ - public Builder setAttributeCertificateRevocationListAttribute(String attributeCertificateRevocationListAttribute) - { - this.attributeCertificateRevocationListAttribute = attributeCertificateRevocationListAttribute; - - return this; - } - - /** - * @param attributeAuthorityRevocationListAttribute - * Attribute name(s) in the LDAP directory where RLs for - * attribute authority attribute certificates are stored. - * Separated by space. Defaults to - * "attributeAuthorityRevocationList" if <code>null</code>. - * @throws IllegalArgumentException if a necessary parameter is <code>null</code>. - * @return the builder - */ - public Builder setAttributeAuthorityRevocationListAttribute(String attributeAuthorityRevocationListAttribute) - { - this.attributeAuthorityRevocationListAttribute = attributeAuthorityRevocationListAttribute; - - return this; - } - - /** - * @param ldapUserCertificateAttributeName - * The attribute name(s) in the LDAP directory where to search - * for the attribute value of the specified - * <code>userCertificateSubjectAttributeName</code>. E.g. if - * "cn" is used to put information about the subject for end - * certificates, then specify "cn". - * @throws IllegalArgumentException if a necessary parameter is <code>null</code>. - * @return the builder - */ - public Builder setLdapUserCertificateAttributeName(String ldapUserCertificateAttributeName) - { - this.ldapUserCertificateAttributeName = ldapUserCertificateAttributeName; - - return this; - } - - /** - * @param ldapCACertificateAttributeName The attribute name(s) in the LDAP directory where to search - * for the attribute value of the specified - * <code>cACertificateSubjectAttributeName</code>. E.g. if - * "ou" is used to put information about the subject for CA - * certificates, then specify "ou". - * @throws IllegalArgumentException if a necessary parameter is <code>null</code>. - * @return the builder - */ - public Builder setLdapCACertificateAttributeName(String ldapCACertificateAttributeName) - { - this.ldapCACertificateAttributeName = ldapCACertificateAttributeName; - - return this; - } - - /** - * @param ldapCrossCertificateAttributeName - * The attribute name(s) in the LDAP directory where to search for - * the attribute value of the specified - * <code>crossCertificateSubjectAttributeName</code>. E.g. if - * "o" is used to put information about the subject for cross - * certificates, then specify "o". - * @throws IllegalArgumentException if a necessary parameter is <code>null</code>. - * @return the builder - */ - public Builder setLdapCrossCertificateAttributeName(String ldapCrossCertificateAttributeName) - { - this.ldapCrossCertificateAttributeName = ldapCrossCertificateAttributeName; - - return this; - } - - /** - * @param ldapCertificateRevocationListAttributeName - * The attribute name(s) in the LDAP directory where to search for - * the attribute value of the specified - * <code>certificateRevocationListIssuerAttributeName</code>. - * E.g. if "ou" is used to put information about the issuer of - * CRLs, specify "ou". - * @throws IllegalArgumentException if a necessary parameter is <code>null</code>. - * @return the builder - */ - public Builder setLdapCertificateRevocationListAttributeName(String ldapCertificateRevocationListAttributeName) - { - this.ldapCertificateRevocationListAttributeName = ldapCertificateRevocationListAttributeName; - - return this; - } - - /** - * @param ldapDeltaRevocationListAttributeName - * The attribute name(s) in the LDAP directory where to search for - * the attribute value of the specified - * <code>deltaRevocationListIssuerAttributeName</code>. E.g. - * if "ou" is used to put information about the issuer of CRLs, - * specify "ou". - * @throws IllegalArgumentException if a necessary parameter is <code>null</code>. - * @return the builder - */ - public Builder setLdapDeltaRevocationListAttributeName(String ldapDeltaRevocationListAttributeName) - { - this.ldapDeltaRevocationListAttributeName = ldapDeltaRevocationListAttributeName; - - return this; - } - - /** - * @param ldapAuthorityRevocationListAttributeName - * The attribute name(s) in the LDAP directory where to search for - * the attribute value of the specified - * <code>authorityRevocationListIssuerAttributeName</code>. - * E.g. if "ou" is used to put information about the issuer of - * CRLs, specify "ou". - * @throws IllegalArgumentException if a necessary parameter is <code>null</code>. - * @return the builder - */ - public Builder setLdapAuthorityRevocationListAttributeName(String ldapAuthorityRevocationListAttributeName) - { - this.ldapAuthorityRevocationListAttributeName = ldapAuthorityRevocationListAttributeName; - - return this; - } - - /** - * @param ldapAttributeCertificateAttributeAttributeName - * The attribute name(s) in the LDAP directory where to search for - * the attribute value of the specified - * <code>attributeCertificateAttributeSubjectAttributeName</code>. - * E.g. if "cn" is used to put information about the subject of - * end attribute certificates, specify "cn". - * @throws IllegalArgumentException if a necessary parameter is <code>null</code>. - * @return the builder - */ - public Builder setLdapAttributeCertificateAttributeAttributeName(String ldapAttributeCertificateAttributeAttributeName) - { - this.ldapAttributeCertificateAttributeAttributeName = ldapAttributeCertificateAttributeAttributeName; - - return this; - } - - /** - * @param ldapAACertificateAttributeName The attribute name(s) in the LDAP directory where to search for - * the attribute value of the specified - * <code>aACertificateSubjectAttributeName</code>. E.g. if - * "ou" is used to put information about the subject of attribute - * authority attribute certificates, specify "ou". - * @throws IllegalArgumentException if a necessary parameter is <code>null</code>. - * @return the builder - */ - public Builder setLdapAACertificateAttributeName(String ldapAACertificateAttributeName) - { - this.ldapAACertificateAttributeName = ldapAACertificateAttributeName; - - return this; - } - - /** - * @param ldapAttributeDescriptorCertificateAttributeName - * The attribute name(s) in the LDAP directory where to search for - * the attribute value of the specified - * <code>attributeDescriptorCertificateSubjectAttributeName</code>. - * E.g. if "o" is used to put information about the subject of - * self signed attribute authority attribute certificates, - * specify "o". - * @throws IllegalArgumentException if a necessary parameter is <code>null</code>. - * @return the builder - */ - public Builder setLdapAttributeDescriptorCertificateAttributeName(String ldapAttributeDescriptorCertificateAttributeName) - { - this.ldapAttributeDescriptorCertificateAttributeName = ldapAttributeDescriptorCertificateAttributeName; - - return this; - } - - /** - * @param ldapAttributeCertificateRevocationListAttributeName - * The attribute name(s) in the LDAP directory where to search for - * the attribute value of the specified - * <code>attributeCertificateRevocationListIssuerAttributeName</code>. - * E.g. if "ou" is used to put information about the issuer of - * CRLs, specify "ou". - * @throws IllegalArgumentException if a necessary parameter is <code>null</code>. - * @return the builder - */ - public Builder setLdapAttributeCertificateRevocationListAttributeName(String ldapAttributeCertificateRevocationListAttributeName) - { - this.ldapAttributeCertificateRevocationListAttributeName = ldapAttributeCertificateRevocationListAttributeName; - - return this; - } - - /** - * @param ldapAttributeAuthorityRevocationListAttributeName - * The attribute name(s) in the LDAP directory where to search for - * the attribute value of the specified - * <code>attributeAuthorityRevocationListIssuerAttributeName</code>. - * E.g. if "ou" is used to put information about the issuer of - * CRLs, specify "ou". - * @throws IllegalArgumentException if a necessary parameter is <code>null</code>. - * @return the builder - */ - public Builder setLdapAttributeAuthorityRevocationListAttributeName(String ldapAttributeAuthorityRevocationListAttributeName) - { - this.ldapAttributeAuthorityRevocationListAttributeName = ldapAttributeAuthorityRevocationListAttributeName; - - return this; - } - - /** - * @param userCertificateSubjectAttributeName - * Attribute(s) in the subject of the certificate which is used - * to be searched in the - * <code>ldapUserCertificateAttributeName</code>. E.g. the - * "cn" attribute of the DN could be used. - * @throws IllegalArgumentException if a necessary parameter is <code>null</code>. - * @return the builder - */ - public Builder setUserCertificateSubjectAttributeName(String userCertificateSubjectAttributeName) - { - this.userCertificateSubjectAttributeName = userCertificateSubjectAttributeName; - - return this; - } - - /** - * @param cACertificateSubjectAttributeName - * Attribute(s) in the subject of the certificate which is used - * to be searched in the - * <code>ldapCACertificateAttributeName</code>. E.g. the "ou" - * attribute of the DN could be used. - * @throws IllegalArgumentException if a necessary parameter is <code>null</code>. - * @return the builder - */ - public Builder setCACertificateSubjectAttributeName(String cACertificateSubjectAttributeName) - { - this.cACertificateSubjectAttributeName = cACertificateSubjectAttributeName; - - return this; - } - - /** - * @param crossCertificateSubjectAttributeName - * Attribute(s) in the subject of the cross certificate which is - * used to be searched in the - * <code>ldapCrossCertificateAttributeName</code>. E.g. the - * "o" attribute of the DN may be appropriate. - * @throws IllegalArgumentException if a necessary parameter is <code>null</code>. - * @return the builder - */ - public Builder setCrossCertificateSubjectAttributeName(String crossCertificateSubjectAttributeName) - { - this.crossCertificateSubjectAttributeName = crossCertificateSubjectAttributeName; - - return this; - } - - /** - * @param certificateRevocationListIssuerAttributeName - * Attribute(s) in the issuer of the CRL which is used to be - * searched in the - * <code>ldapCertificateRevocationListAttributeName</code>. - * E.g. the "o" or "ou" attribute may be used. - * @throws IllegalArgumentException if a necessary parameter is <code>null</code>. - * @return the builder - */ - public Builder setCertificateRevocationListIssuerAttributeName(String certificateRevocationListIssuerAttributeName) - { - this.certificateRevocationListIssuerAttributeName = certificateRevocationListIssuerAttributeName; - - return this; - } - - /** - * @param deltaRevocationListIssuerAttributeName - * Attribute(s) in the issuer of the CRL which is used to be - * searched in the - * <code>ldapDeltaRevocationListAttributeName</code>. E.g. the - * "o" or "ou" attribute may be used. - * @throws IllegalArgumentException if a necessary parameter is <code>null</code>. - * @return the builder - */ - public Builder setDeltaRevocationListIssuerAttributeName(String deltaRevocationListIssuerAttributeName) - { - this.deltaRevocationListIssuerAttributeName = deltaRevocationListIssuerAttributeName; - - return this; - } - - /** - * @param authorityRevocationListIssuerAttributeName - * Attribute(s) in the issuer of the CRL which is used to be - * searched in the - * <code>ldapAuthorityRevocationListAttributeName</code>. E.g. - * the "o" or "ou" attribute may be used. - * @throws IllegalArgumentException if a necessary parameter is <code>null</code>. - * @return the builder - */ - public Builder setAuthorityRevocationListIssuerAttributeName(String authorityRevocationListIssuerAttributeName) - { - this.authorityRevocationListIssuerAttributeName = authorityRevocationListIssuerAttributeName; - - return this; - } - - /** - * @param attributeCertificateAttributeSubjectAttributeName - * Attribute(s) in the subject of the attribute certificate which - * is used to be searched in the - * <code>ldapAttributeCertificateAttributeAttributeName</code>. - * E.g. the "cn" attribute of the DN could be used. - * @throws IllegalArgumentException if a necessary parameter is <code>null</code>. - * @return the builder - */ - public Builder setAttributeCertificateAttributeSubjectAttributeName(String attributeCertificateAttributeSubjectAttributeName) - { - this.attributeCertificateAttributeSubjectAttributeName = attributeCertificateAttributeSubjectAttributeName; - - return this; - } - - /** - * @param aACertificateSubjectAttributeName - * Attribute(s) in the subject of the attribute certificate which - * is used to be searched in the - * <code>ldapAACertificateAttributeName</code>. E.g. the "ou" - * attribute of the DN could be used. - * @throws IllegalArgumentException if a necessary parameter is <code>null</code>. - * @return the builder - */ - public Builder setAACertificateSubjectAttributeName(String aACertificateSubjectAttributeName) - { - this.aACertificateSubjectAttributeName = aACertificateSubjectAttributeName; - - return this; - } - - /** - * @param attributeDescriptorCertificateSubjectAttributeName - * Attribute(s) in the subject of the attribute certificate which - * is used to be searched in the - * <code>ldapAttributeDescriptorCertificateAttributeName</code>. - * E.g. the "o" attribute of the DN could be used. - * @throws IllegalArgumentException if a necessary parameter is <code>null</code>. - * @return the builder - */ - public Builder setAttributeDescriptorCertificateSubjectAttributeName(String attributeDescriptorCertificateSubjectAttributeName) - { - this.attributeDescriptorCertificateSubjectAttributeName = attributeDescriptorCertificateSubjectAttributeName; - - return this; - } - - /** - * @param attributeCertificateRevocationListIssuerAttributeName - * Attribute(s) in the issuer of the CRL which is used to be - * searched in the - * <code>ldapAttributeCertificateRevocationListAttributeName</code>. - * E.g. the "o" or "ou" attribute may be used - * certificate is searched in this LDAP attribute. - * @throws IllegalArgumentException if a necessary parameter is <code>null</code>. - * @return the builder - */ - public Builder setAttributeCertificateRevocationListIssuerAttributeName(String attributeCertificateRevocationListIssuerAttributeName) - { - this.attributeCertificateRevocationListIssuerAttributeName = attributeCertificateRevocationListIssuerAttributeName; - - return this; - } - - /** - * @param attributeAuthorityRevocationListIssuerAttributeName - * Anttribute(s) in the issuer of the CRL which is used to be - * searched in the - * <code>ldapAttributeAuthorityRevocationListAttributeName</code>. - * E.g. the "o" or "ou" attribute may be used. - * @throws IllegalArgumentException if a necessary parameter is <code>null</code>. - * @return the builder - */ - public Builder setAttributeAuthorityRevocationListIssuerAttributeName(String attributeAuthorityRevocationListIssuerAttributeName) - { - this.attributeAuthorityRevocationListIssuerAttributeName = attributeAuthorityRevocationListIssuerAttributeName; - - return this; - } - - /** - * - * @param searchForSerialNumberIn If not <code>null</code> the serial number of the - * certificate is searched in this LDAP attribute. - * @throws IllegalArgumentException if a necessary parameter is <code>null</code>. - * @return the builder - */ - public Builder setSearchForSerialNumberIn(String searchForSerialNumberIn) - { - this.searchForSerialNumberIn = searchForSerialNumberIn; - - return this; - } - - public X509LDAPCertStoreParameters build() - { - if (ldapUserCertificateAttributeName == null // migrate to setters - || ldapCACertificateAttributeName == null - || ldapCrossCertificateAttributeName == null - || ldapCertificateRevocationListAttributeName == null - || ldapDeltaRevocationListAttributeName == null - || ldapAuthorityRevocationListAttributeName == null - || ldapAttributeCertificateAttributeAttributeName == null - || ldapAACertificateAttributeName == null - || ldapAttributeDescriptorCertificateAttributeName == null - || ldapAttributeCertificateRevocationListAttributeName == null - || ldapAttributeAuthorityRevocationListAttributeName == null - || userCertificateSubjectAttributeName == null - || cACertificateSubjectAttributeName == null - || crossCertificateSubjectAttributeName == null - || certificateRevocationListIssuerAttributeName == null - || deltaRevocationListIssuerAttributeName == null - || authorityRevocationListIssuerAttributeName == null - || attributeCertificateAttributeSubjectAttributeName == null - || aACertificateSubjectAttributeName == null - || attributeDescriptorCertificateSubjectAttributeName == null - || attributeCertificateRevocationListIssuerAttributeName == null - || attributeAuthorityRevocationListIssuerAttributeName == null) - { - throw new IllegalArgumentException( - "Necessary parameters not specified."); - } - return new X509LDAPCertStoreParameters(this); - } - } - - - private X509LDAPCertStoreParameters(Builder builder) - { - this.ldapURL = builder.ldapURL; - this.baseDN = builder.baseDN; - - this.userCertificateAttribute = builder.userCertificateAttribute; - this.cACertificateAttribute = builder.cACertificateAttribute; - this.crossCertificateAttribute = builder.crossCertificateAttribute; - this.certificateRevocationListAttribute = builder.certificateRevocationListAttribute; - this.deltaRevocationListAttribute = builder.deltaRevocationListAttribute; - this.authorityRevocationListAttribute = builder.authorityRevocationListAttribute; - this.attributeCertificateAttributeAttribute = builder.attributeCertificateAttributeAttribute; - this.aACertificateAttribute = builder.aACertificateAttribute; - this.attributeDescriptorCertificateAttribute = builder.attributeDescriptorCertificateAttribute; - this.attributeCertificateRevocationListAttribute = builder.attributeCertificateRevocationListAttribute; - this.attributeAuthorityRevocationListAttribute = builder.attributeAuthorityRevocationListAttribute; - this.ldapUserCertificateAttributeName = builder.ldapUserCertificateAttributeName; - this.ldapCACertificateAttributeName = builder.ldapCACertificateAttributeName; - this.ldapCrossCertificateAttributeName = builder.ldapCrossCertificateAttributeName; - this.ldapCertificateRevocationListAttributeName = builder.ldapCertificateRevocationListAttributeName; - this.ldapDeltaRevocationListAttributeName = builder.ldapDeltaRevocationListAttributeName; - this.ldapAuthorityRevocationListAttributeName = builder.ldapAuthorityRevocationListAttributeName; - this.ldapAttributeCertificateAttributeAttributeName = builder.ldapAttributeCertificateAttributeAttributeName; - this.ldapAACertificateAttributeName = builder.ldapAACertificateAttributeName; - this.ldapAttributeDescriptorCertificateAttributeName = builder.ldapAttributeDescriptorCertificateAttributeName; - this.ldapAttributeCertificateRevocationListAttributeName = builder.ldapAttributeCertificateRevocationListAttributeName; - this.ldapAttributeAuthorityRevocationListAttributeName = builder.ldapAttributeAuthorityRevocationListAttributeName; - this.userCertificateSubjectAttributeName = builder.userCertificateSubjectAttributeName; - this.cACertificateSubjectAttributeName = builder.cACertificateSubjectAttributeName; - this.crossCertificateSubjectAttributeName = builder.crossCertificateSubjectAttributeName; - this.certificateRevocationListIssuerAttributeName = builder.certificateRevocationListIssuerAttributeName; - this.deltaRevocationListIssuerAttributeName = builder.deltaRevocationListIssuerAttributeName; - this.authorityRevocationListIssuerAttributeName = builder.authorityRevocationListIssuerAttributeName; - this.attributeCertificateAttributeSubjectAttributeName = builder.attributeCertificateAttributeSubjectAttributeName; - this.aACertificateSubjectAttributeName = builder.aACertificateSubjectAttributeName; - this.attributeDescriptorCertificateSubjectAttributeName = builder.attributeDescriptorCertificateSubjectAttributeName; - this.attributeCertificateRevocationListIssuerAttributeName = builder.attributeCertificateRevocationListIssuerAttributeName; - this.attributeAuthorityRevocationListIssuerAttributeName = builder.attributeAuthorityRevocationListIssuerAttributeName; - this.searchForSerialNumberIn = builder.searchForSerialNumberIn; - } - - /** - * Returns a clone of this object. - */ - public Object clone() - { - return this; - } - - public boolean equal(Object o) - { - if (o == this) - { - return true; - } - - if (!(o instanceof X509LDAPCertStoreParameters)) - { - return false; - } - - X509LDAPCertStoreParameters params = (X509LDAPCertStoreParameters)o; - return checkField(ldapURL, params.ldapURL) - && checkField(baseDN, params.baseDN) - && checkField(userCertificateAttribute, params.userCertificateAttribute) - && checkField(cACertificateAttribute, params.cACertificateAttribute) - && checkField(crossCertificateAttribute, params.crossCertificateAttribute) - && checkField(certificateRevocationListAttribute, params.certificateRevocationListAttribute) - && checkField(deltaRevocationListAttribute, params.deltaRevocationListAttribute) - && checkField(authorityRevocationListAttribute, params.authorityRevocationListAttribute) - && checkField(attributeCertificateAttributeAttribute, params.attributeCertificateAttributeAttribute) - && checkField(aACertificateAttribute, params.aACertificateAttribute) - && checkField(attributeDescriptorCertificateAttribute, params.attributeDescriptorCertificateAttribute) - && checkField(attributeCertificateRevocationListAttribute, params.attributeCertificateRevocationListAttribute) - && checkField(attributeAuthorityRevocationListAttribute, params.attributeAuthorityRevocationListAttribute) - && checkField(ldapUserCertificateAttributeName, params.ldapUserCertificateAttributeName) - && checkField(ldapCACertificateAttributeName, params.ldapCACertificateAttributeName) - && checkField(ldapCrossCertificateAttributeName, params.ldapCrossCertificateAttributeName) - && checkField(ldapCertificateRevocationListAttributeName, params.ldapCertificateRevocationListAttributeName) - && checkField(ldapDeltaRevocationListAttributeName, params.ldapDeltaRevocationListAttributeName) - && checkField(ldapAuthorityRevocationListAttributeName, params.ldapAuthorityRevocationListAttributeName) - && checkField(ldapAttributeCertificateAttributeAttributeName, params.ldapAttributeCertificateAttributeAttributeName) - && checkField(ldapAACertificateAttributeName, params.ldapAACertificateAttributeName) - && checkField(ldapAttributeDescriptorCertificateAttributeName, params.ldapAttributeDescriptorCertificateAttributeName) - && checkField(ldapAttributeCertificateRevocationListAttributeName, params.ldapAttributeCertificateRevocationListAttributeName) - && checkField(ldapAttributeAuthorityRevocationListAttributeName, params.ldapAttributeAuthorityRevocationListAttributeName) - && checkField(userCertificateSubjectAttributeName, params.userCertificateSubjectAttributeName) - && checkField(cACertificateSubjectAttributeName, params.cACertificateSubjectAttributeName) - && checkField(crossCertificateSubjectAttributeName, params.crossCertificateSubjectAttributeName) - && checkField(certificateRevocationListIssuerAttributeName, params.certificateRevocationListIssuerAttributeName) - && checkField(deltaRevocationListIssuerAttributeName, params.deltaRevocationListIssuerAttributeName) - && checkField(authorityRevocationListIssuerAttributeName, params.authorityRevocationListIssuerAttributeName) - && checkField(attributeCertificateAttributeSubjectAttributeName, params.attributeCertificateAttributeSubjectAttributeName) - && checkField(aACertificateSubjectAttributeName, params.aACertificateSubjectAttributeName) - && checkField(attributeDescriptorCertificateSubjectAttributeName, params.attributeDescriptorCertificateSubjectAttributeName) - && checkField(attributeCertificateRevocationListIssuerAttributeName, params.attributeCertificateRevocationListIssuerAttributeName) - && checkField(attributeAuthorityRevocationListIssuerAttributeName, params.attributeAuthorityRevocationListIssuerAttributeName) - && checkField(searchForSerialNumberIn, params.searchForSerialNumberIn); - } - - private boolean checkField(Object o1, Object o2) - { - if (o1 == o2) - { - return true; - } - - if (o1 == null) - { - return false; - } - - return o1.equals(o2); - } - - public int hashCode() - { - int hash = 0; - - hash = addHashCode(hash, userCertificateAttribute); - hash = addHashCode(hash, cACertificateAttribute); - hash = addHashCode(hash, crossCertificateAttribute); - hash = addHashCode(hash, certificateRevocationListAttribute); - hash = addHashCode(hash, deltaRevocationListAttribute); - hash = addHashCode(hash, authorityRevocationListAttribute); - hash = addHashCode(hash, attributeCertificateAttributeAttribute); - hash = addHashCode(hash, aACertificateAttribute); - hash = addHashCode(hash, attributeDescriptorCertificateAttribute); - hash = addHashCode(hash, attributeCertificateRevocationListAttribute); - hash = addHashCode(hash, attributeAuthorityRevocationListAttribute); - hash = addHashCode(hash, ldapUserCertificateAttributeName); - hash = addHashCode(hash, ldapCACertificateAttributeName); - hash = addHashCode(hash, ldapCrossCertificateAttributeName); - hash = addHashCode(hash, ldapCertificateRevocationListAttributeName); - hash = addHashCode(hash, ldapDeltaRevocationListAttributeName); - hash = addHashCode(hash, ldapAuthorityRevocationListAttributeName); - hash = addHashCode(hash, ldapAttributeCertificateAttributeAttributeName); - hash = addHashCode(hash, ldapAACertificateAttributeName); - hash = addHashCode(hash, ldapAttributeDescriptorCertificateAttributeName); - hash = addHashCode(hash, ldapAttributeCertificateRevocationListAttributeName); - hash = addHashCode(hash, ldapAttributeAuthorityRevocationListAttributeName); - hash = addHashCode(hash, userCertificateSubjectAttributeName); - hash = addHashCode(hash, cACertificateSubjectAttributeName); - hash = addHashCode(hash, crossCertificateSubjectAttributeName); - hash = addHashCode(hash, certificateRevocationListIssuerAttributeName); - hash = addHashCode(hash, deltaRevocationListIssuerAttributeName); - hash = addHashCode(hash, authorityRevocationListIssuerAttributeName); - hash = addHashCode(hash, attributeCertificateAttributeSubjectAttributeName); - hash = addHashCode(hash, aACertificateSubjectAttributeName); - hash = addHashCode(hash, attributeDescriptorCertificateSubjectAttributeName); - hash = addHashCode(hash, attributeCertificateRevocationListIssuerAttributeName); - hash = addHashCode(hash, attributeAuthorityRevocationListIssuerAttributeName); - hash = addHashCode(hash, searchForSerialNumberIn); - - return hash; - } - - private int addHashCode(int hashCode, Object o) - { - return (hashCode * 29) + (o == null ? 0 : o.hashCode()); - } - - /** - * @return Returns the aACertificateAttribute. - */ - public String getAACertificateAttribute() - { - return aACertificateAttribute; - } - - /** - * @return Returns the aACertificateSubjectAttributeName. - */ - public String getAACertificateSubjectAttributeName() - { - return aACertificateSubjectAttributeName; - } - - /** - * @return Returns the attributeAuthorityRevocationListAttribute. - */ - public String getAttributeAuthorityRevocationListAttribute() - { - return attributeAuthorityRevocationListAttribute; - } - - /** - * @return Returns the attributeAuthorityRevocationListIssuerAttributeName. - */ - public String getAttributeAuthorityRevocationListIssuerAttributeName() - { - return attributeAuthorityRevocationListIssuerAttributeName; - } - - /** - * @return Returns the attributeCertificateAttributeAttribute. - */ - public String getAttributeCertificateAttributeAttribute() - { - return attributeCertificateAttributeAttribute; - } - - /** - * @return Returns the attributeCertificateAttributeSubjectAttributeName. - */ - public String getAttributeCertificateAttributeSubjectAttributeName() - { - return attributeCertificateAttributeSubjectAttributeName; - } - - /** - * @return Returns the attributeCertificateRevocationListAttribute. - */ - public String getAttributeCertificateRevocationListAttribute() - { - return attributeCertificateRevocationListAttribute; - } - - /** - * @return Returns the - * attributeCertificateRevocationListIssuerAttributeName. - */ - public String getAttributeCertificateRevocationListIssuerAttributeName() - { - return attributeCertificateRevocationListIssuerAttributeName; - } - - /** - * @return Returns the attributeDescriptorCertificateAttribute. - */ - public String getAttributeDescriptorCertificateAttribute() - { - return attributeDescriptorCertificateAttribute; - } - - /** - * @return Returns the attributeDescriptorCertificateSubjectAttributeName. - */ - public String getAttributeDescriptorCertificateSubjectAttributeName() - { - return attributeDescriptorCertificateSubjectAttributeName; - } - - /** - * @return Returns the authorityRevocationListAttribute. - */ - public String getAuthorityRevocationListAttribute() - { - return authorityRevocationListAttribute; - } - - /** - * @return Returns the authorityRevocationListIssuerAttributeName. - */ - public String getAuthorityRevocationListIssuerAttributeName() - { - return authorityRevocationListIssuerAttributeName; - } - - /** - * @return Returns the baseDN. - */ - public String getBaseDN() - { - return baseDN; - } - - /** - * @return Returns the cACertificateAttribute. - */ - public String getCACertificateAttribute() - { - return cACertificateAttribute; - } - - /** - * @return Returns the cACertificateSubjectAttributeName. - */ - public String getCACertificateSubjectAttributeName() - { - return cACertificateSubjectAttributeName; - } - - /** - * @return Returns the certificateRevocationListAttribute. - */ - public String getCertificateRevocationListAttribute() - { - return certificateRevocationListAttribute; - } - - /** - * @return Returns the certificateRevocationListIssuerAttributeName. - */ - public String getCertificateRevocationListIssuerAttributeName() - { - return certificateRevocationListIssuerAttributeName; - } - - /** - * @return Returns the crossCertificateAttribute. - */ - public String getCrossCertificateAttribute() - { - return crossCertificateAttribute; - } - - /** - * @return Returns the crossCertificateSubjectAttributeName. - */ - public String getCrossCertificateSubjectAttributeName() - { - return crossCertificateSubjectAttributeName; - } - - /** - * @return Returns the deltaRevocationListAttribute. - */ - public String getDeltaRevocationListAttribute() - { - return deltaRevocationListAttribute; - } - - /** - * @return Returns the deltaRevocationListIssuerAttributeName. - */ - public String getDeltaRevocationListIssuerAttributeName() - { - return deltaRevocationListIssuerAttributeName; - } - - /** - * @return Returns the ldapAACertificateAttributeName. - */ - public String getLdapAACertificateAttributeName() - { - return ldapAACertificateAttributeName; - } - - /** - * @return Returns the ldapAttributeAuthorityRevocationListAttributeName. - */ - public String getLdapAttributeAuthorityRevocationListAttributeName() - { - return ldapAttributeAuthorityRevocationListAttributeName; - } - - /** - * @return Returns the ldapAttributeCertificateAttributeAttributeName. - */ - public String getLdapAttributeCertificateAttributeAttributeName() - { - return ldapAttributeCertificateAttributeAttributeName; - } - - /** - * @return Returns the ldapAttributeCertificateRevocationListAttributeName. - */ - public String getLdapAttributeCertificateRevocationListAttributeName() - { - return ldapAttributeCertificateRevocationListAttributeName; - } - - /** - * @return Returns the ldapAttributeDescriptorCertificateAttributeName. - */ - public String getLdapAttributeDescriptorCertificateAttributeName() - { - return ldapAttributeDescriptorCertificateAttributeName; - } - - /** - * @return Returns the ldapAuthorityRevocationListAttributeName. - */ - public String getLdapAuthorityRevocationListAttributeName() - { - return ldapAuthorityRevocationListAttributeName; - } - - /** - * @return Returns the ldapCACertificateAttributeName. - */ - public String getLdapCACertificateAttributeName() - { - return ldapCACertificateAttributeName; - } - - /** - * @return Returns the ldapCertificateRevocationListAttributeName. - */ - public String getLdapCertificateRevocationListAttributeName() - { - return ldapCertificateRevocationListAttributeName; - } - - /** - * @return Returns the ldapCrossCertificateAttributeName. - */ - public String getLdapCrossCertificateAttributeName() - { - return ldapCrossCertificateAttributeName; - } - - /** - * @return Returns the ldapDeltaRevocationListAttributeName. - */ - public String getLdapDeltaRevocationListAttributeName() - { - return ldapDeltaRevocationListAttributeName; - } - - /** - * @return Returns the ldapURL. - */ - public String getLdapURL() - { - return ldapURL; - } - - /** - * @return Returns the ldapUserCertificateAttributeName. - */ - public String getLdapUserCertificateAttributeName() - { - return ldapUserCertificateAttributeName; - } - - /** - * @return Returns the searchForSerialNumberIn. - */ - public String getSearchForSerialNumberIn() - { - return searchForSerialNumberIn; - } - - /** - * @return Returns the userCertificateAttribute. - */ - public String getUserCertificateAttribute() - { - return userCertificateAttribute; - } - - /** - * @return Returns the userCertificateSubjectAttributeName. - */ - public String getUserCertificateSubjectAttributeName() - { - return userCertificateSubjectAttributeName; - } - - public static X509LDAPCertStoreParameters getInstance(LDAPCertStoreParameters params) - { - String server = "ldap://" + params.getServerName() + ":" + params.getPort(); - X509LDAPCertStoreParameters _params = new Builder(server, "").build(); - return _params; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/X509Principal.java b/prov/src/main/java/org/bouncycastle/jce/X509Principal.java deleted file mode 100644 index b1daa98e..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/X509Principal.java +++ /dev/null @@ -1,165 +0,0 @@ -package org.bouncycastle.jce; - -import java.io.IOException; -import java.security.Principal; -import java.util.Hashtable; -import java.util.Vector; - -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x509.X509Name; - -/** - * a general extension of X509Name with a couple of extra methods and - * constructors. - * <p> - * Objects of this type can be created from certificates and CRLs using the - * PrincipalUtil class. - * </p> - * @see org.bouncycastle.jce.PrincipalUtil - * @deprecated use the X500Name class. - */ -public class X509Principal - extends X509Name - implements Principal -{ - private static ASN1Sequence readSequence( - ASN1InputStream aIn) - throws IOException - { - try - { - return ASN1Sequence.getInstance(aIn.readObject()); - } - catch (IllegalArgumentException e) - { - throw new IOException("not an ASN.1 Sequence: " + e); - } - } - - /** - * Constructor from an encoded byte array. - */ - public X509Principal( - byte[] bytes) - throws IOException - { - super(readSequence(new ASN1InputStream(bytes))); - } - - /** - * Constructor from an X509Name object. - */ - public X509Principal( - X509Name name) - { - super((ASN1Sequence)name.toASN1Primitive()); - } - - /** - * Constructor from an X509Name object. - */ - public X509Principal( - X500Name name) - { - super((ASN1Sequence)name.toASN1Primitive()); - } - - /** - * constructor from a table of attributes. - * <p> - * it's is assumed the table contains OID/String pairs. - */ - public X509Principal( - Hashtable attributes) - { - super(attributes); - } - - /** - * constructor from a table of attributes and a vector giving the - * specific ordering required for encoding or conversion to a string. - * <p> - * it's is assumed the table contains OID/String pairs. - */ - public X509Principal( - Vector ordering, - Hashtable attributes) - { - super(ordering, attributes); - } - - /** - * constructor from a vector of attribute values and a vector of OIDs. - */ - public X509Principal( - Vector oids, - Vector values) - { - super(oids, values); - } - - /** - * takes an X509 dir name as a string of the format "C=AU,ST=Victoria", or - * some such, converting it into an ordered set of name attributes. - */ - public X509Principal( - String dirName) - { - super(dirName); - } - - /** - * Takes an X509 dir name as a string of the format "C=AU,ST=Victoria", or - * some such, converting it into an ordered set of name attributes. If reverse - * is false the dir name will be encoded in the order of the (name, value) pairs - * presented, otherwise the encoding will start with the last (name, value) pair - * and work back. - */ - public X509Principal( - boolean reverse, - String dirName) - { - super(reverse, dirName); - } - - /** - * Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or - * some such, converting it into an ordered set of name attributes. lookUp - * should provide a table of lookups, indexed by lowercase only strings and - * yielding a ASN1ObjectIdentifier, other than that OID. and numeric oids - * will be processed automatically. - * <p> - * If reverse is true, create the encoded version of the sequence starting - * from the last element in the string. - */ - public X509Principal( - boolean reverse, - Hashtable lookUp, - String dirName) - { - super(reverse, lookUp, dirName); - } - - public String getName() - { - return this.toString(); - } - - /** - * return a DER encoded byte array representing this object - */ - public byte[] getEncoded() - { - try - { - return this.getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - throw new RuntimeException(e.toString()); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/exception/ExtCertPathBuilderException.java b/prov/src/main/java/org/bouncycastle/jce/exception/ExtCertPathBuilderException.java deleted file mode 100644 index a0b2d900..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/exception/ExtCertPathBuilderException.java +++ /dev/null @@ -1,29 +0,0 @@ -package org.bouncycastle.jce.exception; - -import java.security.cert.CertPath; -import java.security.cert.CertPathBuilderException; - -public class ExtCertPathBuilderException - extends CertPathBuilderException - implements ExtException -{ - private Throwable cause; - - public ExtCertPathBuilderException(String message, Throwable cause) - { - super(message); - this.cause = cause; - } - - public ExtCertPathBuilderException(String msg, Throwable cause, - CertPath certPath, int index) - { - super(msg, cause); - this.cause = cause; - } - - public Throwable getCause() - { - return cause; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/exception/ExtCertPathValidatorException.java b/prov/src/main/java/org/bouncycastle/jce/exception/ExtCertPathValidatorException.java deleted file mode 100644 index e36848f4..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/exception/ExtCertPathValidatorException.java +++ /dev/null @@ -1,30 +0,0 @@ -package org.bouncycastle.jce.exception; - -import java.security.cert.CertPath; -import java.security.cert.CertPathValidatorException; - -public class ExtCertPathValidatorException - extends CertPathValidatorException - implements ExtException -{ - - private Throwable cause; - - public ExtCertPathValidatorException(String message, Throwable cause) - { - super(message); - this.cause = cause; - } - - public ExtCertPathValidatorException(String msg, Throwable cause, - CertPath certPath, int index) - { - super(msg, cause, certPath, index); - this.cause = cause; - } - - public Throwable getCause() - { - return cause; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/exception/ExtCertificateEncodingException.java b/prov/src/main/java/org/bouncycastle/jce/exception/ExtCertificateEncodingException.java deleted file mode 100644 index e3c33d80..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/exception/ExtCertificateEncodingException.java +++ /dev/null @@ -1,21 +0,0 @@ -package org.bouncycastle.jce.exception; - -import java.security.cert.CertificateEncodingException; - -public class ExtCertificateEncodingException - extends CertificateEncodingException - implements ExtException -{ - private Throwable cause; - - public ExtCertificateEncodingException(String message, Throwable cause) - { - super(message); - this.cause = cause; - } - - public Throwable getCause() - { - return cause; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/exception/ExtException.java b/prov/src/main/java/org/bouncycastle/jce/exception/ExtException.java deleted file mode 100644 index 52c60ded..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/exception/ExtException.java +++ /dev/null @@ -1,21 +0,0 @@ -package org.bouncycastle.jce.exception; - -/** - * - * This is an extended exception. Java before version 1.4 did not offer the - * possibility the attach a cause to an exception. The cause of an exception is - * the <code>Throwable</code> object which was thrown and caused the - * exception. This interface must be implemented by all exceptions to accomplish - * this additional functionality. - * - */ -public interface ExtException -{ - - /** - * Returns the cause of the exception. - * - * @return The cause of the exception. - */ - Throwable getCause(); -} diff --git a/prov/src/main/java/org/bouncycastle/jce/exception/ExtIOException.java b/prov/src/main/java/org/bouncycastle/jce/exception/ExtIOException.java deleted file mode 100644 index 656e23ae..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/exception/ExtIOException.java +++ /dev/null @@ -1,21 +0,0 @@ -package org.bouncycastle.jce.exception; - -import java.io.IOException; - -public class ExtIOException - extends IOException - implements ExtException -{ - private Throwable cause; - - public ExtIOException(String message, Throwable cause) - { - super(message); - this.cause = cause; - } - - public Throwable getCause() - { - return cause; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/interfaces/BCKeyStore.java b/prov/src/main/java/org/bouncycastle/jce/interfaces/BCKeyStore.java deleted file mode 100644 index a36abbb2..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/interfaces/BCKeyStore.java +++ /dev/null @@ -1,14 +0,0 @@ -package org.bouncycastle.jce.interfaces; - -import java.security.SecureRandom; - -/** - * all BC provider keystores implement this interface. - */ -public interface BCKeyStore -{ - /** - * set the random source for the key store - */ - public void setRandom(SecureRandom random); -} diff --git a/prov/src/main/java/org/bouncycastle/jce/interfaces/ECKey.java b/prov/src/main/java/org/bouncycastle/jce/interfaces/ECKey.java deleted file mode 100644 index 0812c128..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/interfaces/ECKey.java +++ /dev/null @@ -1,15 +0,0 @@ -package org.bouncycastle.jce.interfaces; - -import org.bouncycastle.jce.spec.ECParameterSpec; - -/** - * generic interface for an Elliptic Curve Key. - */ -public interface ECKey -{ - /** - * return a parameter specification representing the EC domain parameters - * for the key. - */ - public ECParameterSpec getParameters(); -} diff --git a/prov/src/main/java/org/bouncycastle/jce/interfaces/ECPointEncoder.java b/prov/src/main/java/org/bouncycastle/jce/interfaces/ECPointEncoder.java deleted file mode 100644 index 001dab3e..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/interfaces/ECPointEncoder.java +++ /dev/null @@ -1,20 +0,0 @@ -package org.bouncycastle.jce.interfaces; - -/** - * All BC elliptic curve keys implement this interface. You need to - * cast the key to get access to it. - * <p> - * By default BC keys produce encodings without point compression, - * to turn this on call setPointFormat() with "COMPRESSED". - */ -public interface ECPointEncoder -{ - /** - * Set the formatting for encoding of points. If the String "UNCOMPRESSED" is passed - * in point compression will not be used. If the String "COMPRESSED" is passed point - * compression will be used. The default is "UNCOMPRESSED". - * - * @param style the style to use. - */ - public void setPointFormat(String style); -} diff --git a/prov/src/main/java/org/bouncycastle/jce/interfaces/ECPrivateKey.java b/prov/src/main/java/org/bouncycastle/jce/interfaces/ECPrivateKey.java deleted file mode 100644 index 39d80c3c..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/interfaces/ECPrivateKey.java +++ /dev/null @@ -1,16 +0,0 @@ -package org.bouncycastle.jce.interfaces; - -import java.math.BigInteger; -import java.security.PrivateKey; - -/** - * interface for Elliptic Curve Private keys. - */ -public interface ECPrivateKey - extends ECKey, PrivateKey -{ - /** - * return the private value D. - */ - public BigInteger getD(); -} diff --git a/prov/src/main/java/org/bouncycastle/jce/interfaces/ECPublicKey.java b/prov/src/main/java/org/bouncycastle/jce/interfaces/ECPublicKey.java deleted file mode 100644 index db2ecdce..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/interfaces/ECPublicKey.java +++ /dev/null @@ -1,17 +0,0 @@ -package org.bouncycastle.jce.interfaces; - -import java.security.PublicKey; - -import org.bouncycastle.math.ec.ECPoint; - -/** - * interface for elliptic curve public keys. - */ -public interface ECPublicKey - extends ECKey, PublicKey -{ - /** - * return the public point Q - */ - public ECPoint getQ(); -} diff --git a/prov/src/main/java/org/bouncycastle/jce/interfaces/ElGamalKey.java b/prov/src/main/java/org/bouncycastle/jce/interfaces/ElGamalKey.java deleted file mode 100644 index e6394836..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/interfaces/ElGamalKey.java +++ /dev/null @@ -1,8 +0,0 @@ -package org.bouncycastle.jce.interfaces; - -import org.bouncycastle.jce.spec.ElGamalParameterSpec; - -public interface ElGamalKey -{ - public ElGamalParameterSpec getParameters(); -} diff --git a/prov/src/main/java/org/bouncycastle/jce/interfaces/ElGamalPrivateKey.java b/prov/src/main/java/org/bouncycastle/jce/interfaces/ElGamalPrivateKey.java deleted file mode 100644 index 609a2a84..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/interfaces/ElGamalPrivateKey.java +++ /dev/null @@ -1,10 +0,0 @@ -package org.bouncycastle.jce.interfaces; - -import java.math.BigInteger; -import java.security.PrivateKey; - -public interface ElGamalPrivateKey - extends ElGamalKey, PrivateKey -{ - public BigInteger getX(); -} diff --git a/prov/src/main/java/org/bouncycastle/jce/interfaces/ElGamalPublicKey.java b/prov/src/main/java/org/bouncycastle/jce/interfaces/ElGamalPublicKey.java deleted file mode 100644 index c9fe35e6..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/interfaces/ElGamalPublicKey.java +++ /dev/null @@ -1,10 +0,0 @@ -package org.bouncycastle.jce.interfaces; - -import java.math.BigInteger; -import java.security.PublicKey; - -public interface ElGamalPublicKey - extends ElGamalKey, PublicKey -{ - public BigInteger getY(); -} diff --git a/prov/src/main/java/org/bouncycastle/jce/interfaces/GOST3410Key.java b/prov/src/main/java/org/bouncycastle/jce/interfaces/GOST3410Key.java deleted file mode 100644 index ad16ac3b..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/interfaces/GOST3410Key.java +++ /dev/null @@ -1,11 +0,0 @@ -package org.bouncycastle.jce.interfaces; - -/** - * Main interface for a GOST 3410-94 key. - */ -public interface GOST3410Key -{ - - public GOST3410Params getParameters(); - -} diff --git a/prov/src/main/java/org/bouncycastle/jce/interfaces/GOST3410Params.java b/prov/src/main/java/org/bouncycastle/jce/interfaces/GOST3410Params.java deleted file mode 100644 index 175913b0..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/interfaces/GOST3410Params.java +++ /dev/null @@ -1,15 +0,0 @@ -package org.bouncycastle.jce.interfaces; - -import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec; - -public interface GOST3410Params -{ - - public String getPublicKeyParamSetOID(); - - public String getDigestParamSetOID(); - - public String getEncryptionParamSetOID(); - - public GOST3410PublicKeyParameterSetSpec getPublicKeyParameters(); -} diff --git a/prov/src/main/java/org/bouncycastle/jce/interfaces/GOST3410PrivateKey.java b/prov/src/main/java/org/bouncycastle/jce/interfaces/GOST3410PrivateKey.java deleted file mode 100644 index dcb25fe7..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/interfaces/GOST3410PrivateKey.java +++ /dev/null @@ -1,9 +0,0 @@ -package org.bouncycastle.jce.interfaces; - -import java.math.BigInteger; - -public interface GOST3410PrivateKey extends GOST3410Key, java.security.PrivateKey -{ - - public BigInteger getX(); -} diff --git a/prov/src/main/java/org/bouncycastle/jce/interfaces/GOST3410PublicKey.java b/prov/src/main/java/org/bouncycastle/jce/interfaces/GOST3410PublicKey.java deleted file mode 100644 index 447cec2b..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/interfaces/GOST3410PublicKey.java +++ /dev/null @@ -1,10 +0,0 @@ -package org.bouncycastle.jce.interfaces; - -import java.security.PublicKey; -import java.math.BigInteger; - -public interface GOST3410PublicKey extends GOST3410Key, PublicKey -{ - - public BigInteger getY(); -} diff --git a/prov/src/main/java/org/bouncycastle/jce/interfaces/IESKey.java b/prov/src/main/java/org/bouncycastle/jce/interfaces/IESKey.java deleted file mode 100644 index f1d79013..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/interfaces/IESKey.java +++ /dev/null @@ -1,22 +0,0 @@ -package org.bouncycastle.jce.interfaces; - -import java.security.Key; -import java.security.PrivateKey; -import java.security.PublicKey; - -/** - * key pair for use with an integrated encryptor - */ -public interface IESKey - extends Key -{ - /** - * return the intended recipient's/sender's public key. - */ - public PublicKey getPublic(); - - /** - * return the local private key. - */ - public PrivateKey getPrivate(); -} diff --git a/prov/src/main/java/org/bouncycastle/jce/interfaces/MQVPrivateKey.java b/prov/src/main/java/org/bouncycastle/jce/interfaces/MQVPrivateKey.java deleted file mode 100644 index a8caffd5..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/interfaces/MQVPrivateKey.java +++ /dev/null @@ -1,27 +0,0 @@ -package org.bouncycastle.jce.interfaces; - -import java.security.PrivateKey; -import java.security.PublicKey; - -/** - * Static/ephemeral private key (pair) for use with ECMQV key agreement - * (Optionally provides the ephemeral public key) - */ -public interface MQVPrivateKey - extends PrivateKey -{ - /** - * return the static private key. - */ - PrivateKey getStaticPrivateKey(); - - /** - * return the ephemeral private key. - */ - PrivateKey getEphemeralPrivateKey(); - - /** - * return the ephemeral public key (may be null). - */ - PublicKey getEphemeralPublicKey(); -} diff --git a/prov/src/main/java/org/bouncycastle/jce/interfaces/MQVPublicKey.java b/prov/src/main/java/org/bouncycastle/jce/interfaces/MQVPublicKey.java deleted file mode 100644 index 1be14bd0..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/interfaces/MQVPublicKey.java +++ /dev/null @@ -1,20 +0,0 @@ -package org.bouncycastle.jce.interfaces; - -import java.security.PublicKey; - -/** - * Static/ephemeral public key pair for use with ECMQV key agreement - */ -public interface MQVPublicKey - extends PublicKey -{ - /** - * return the static public key. - */ - PublicKey getStaticKey(); - - /** - * return the ephemeral public key. - */ - PublicKey getEphemeralKey(); -} diff --git a/prov/src/main/java/org/bouncycastle/jce/interfaces/PKCS12BagAttributeCarrier.java b/prov/src/main/java/org/bouncycastle/jce/interfaces/PKCS12BagAttributeCarrier.java deleted file mode 100644 index b8ebee74..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/interfaces/PKCS12BagAttributeCarrier.java +++ /dev/null @@ -1,21 +0,0 @@ -package org.bouncycastle.jce.interfaces; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; - -/** - * allow us to set attributes on objects that can go into a PKCS12 store. - */ -public interface PKCS12BagAttributeCarrier -{ - void setBagAttribute( - ASN1ObjectIdentifier oid, - ASN1Encodable attribute); - - ASN1Encodable getBagAttribute( - ASN1ObjectIdentifier oid); - - Enumeration getBagAttributeKeys(); -} diff --git a/prov/src/main/java/org/bouncycastle/jce/netscape/NetscapeCertRequest.java b/prov/src/main/java/org/bouncycastle/jce/netscape/NetscapeCertRequest.java deleted file mode 100644 index 39dd35ad..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/netscape/NetscapeCertRequest.java +++ /dev/null @@ -1,303 +0,0 @@ -package org.bouncycastle.jce.netscape; - -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.security.InvalidKeyException; -import java.security.KeyFactory; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.Signature; -import java.security.SignatureException; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.X509EncodedKeySpec; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Object; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; - -/** - * - * - * Handles NetScape certificate request (KEYGEN), these are constructed as: - * <pre><code> - * SignedPublicKeyAndChallenge ::= SEQUENCE { - * publicKeyAndChallenge PublicKeyAndChallenge, - * signatureAlgorithm AlgorithmIdentifier, - * signature BIT STRING - * } - * </pre> - * - * PublicKey's encoded-format has to be X.509. - * - **/ -public class NetscapeCertRequest - extends ASN1Object -{ - AlgorithmIdentifier sigAlg; - AlgorithmIdentifier keyAlg; - byte sigBits []; - String challenge; - DERBitString content; - PublicKey pubkey ; - - private static ASN1Sequence getReq( - byte[] r) - throws IOException - { - ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(r)); - - return ASN1Sequence.getInstance(aIn.readObject()); - } - - public NetscapeCertRequest( - byte[] req) - throws IOException - { - this(getReq(req)); - } - - public NetscapeCertRequest (ASN1Sequence spkac) - { - try - { - - // - // SignedPublicKeyAndChallenge ::= SEQUENCE { - // publicKeyAndChallenge PublicKeyAndChallenge, - // signatureAlgorithm AlgorithmIdentifier, - // signature BIT STRING - // } - // - if (spkac.size() != 3) - { - throw new IllegalArgumentException("invalid SPKAC (size):" - + spkac.size()); - } - - sigAlg = new AlgorithmIdentifier((ASN1Sequence)spkac - .getObjectAt(1)); - sigBits = ((DERBitString)spkac.getObjectAt(2)).getBytes(); - - // - // PublicKeyAndChallenge ::= SEQUENCE { - // spki SubjectPublicKeyInfo, - // challenge IA5STRING - // } - // - ASN1Sequence pkac = (ASN1Sequence)spkac.getObjectAt(0); - - if (pkac.size() != 2) - { - throw new IllegalArgumentException("invalid PKAC (len): " - + pkac.size()); - } - - challenge = ((DERIA5String)pkac.getObjectAt(1)).getString(); - - //this could be dangerous, as ASN.1 decoding/encoding - //could potentially alter the bytes - content = new DERBitString(pkac); - - SubjectPublicKeyInfo pubkeyinfo = new SubjectPublicKeyInfo( - (ASN1Sequence)pkac.getObjectAt(0)); - - X509EncodedKeySpec xspec = new X509EncodedKeySpec(new DERBitString( - pubkeyinfo).getBytes()); - - keyAlg = pubkeyinfo.getAlgorithmId(); - pubkey = KeyFactory.getInstance(keyAlg.getObjectId().getId(), "BC") - .generatePublic(xspec); - - } - catch (Exception e) - { - throw new IllegalArgumentException(e.toString()); - } - } - - public NetscapeCertRequest( - String challenge, - AlgorithmIdentifier signing_alg, - PublicKey pub_key) throws NoSuchAlgorithmException, - InvalidKeySpecException, NoSuchProviderException - { - - this.challenge = challenge; - sigAlg = signing_alg; - pubkey = pub_key; - - ASN1EncodableVector content_der = new ASN1EncodableVector(); - content_der.add(getKeySpec()); - //content_der.add(new SubjectPublicKeyInfo(sigAlg, new RSAPublicKeyStructure(pubkey.getModulus(), pubkey.getPublicExponent()).getDERObject())); - content_der.add(new DERIA5String(challenge)); - - try - { - content = new DERBitString(new DERSequence(content_der)); - } - catch (IOException e) - { - throw new InvalidKeySpecException("exception encoding key: " + e.toString()); - } - } - - public String getChallenge() - { - return challenge; - } - - public void setChallenge(String value) - { - challenge = value; - } - - public AlgorithmIdentifier getSigningAlgorithm() - { - return sigAlg; - } - - public void setSigningAlgorithm(AlgorithmIdentifier value) - { - sigAlg = value; - } - - public AlgorithmIdentifier getKeyAlgorithm() - { - return keyAlg; - } - - public void setKeyAlgorithm(AlgorithmIdentifier value) - { - keyAlg = value; - } - - public PublicKey getPublicKey() - { - return pubkey; - } - - public void setPublicKey(PublicKey value) - { - pubkey = value; - } - - public boolean verify(String challenge) throws NoSuchAlgorithmException, - InvalidKeyException, SignatureException, NoSuchProviderException - { - if (!challenge.equals(this.challenge)) - { - return false; - } - - // - // Verify the signature .. shows the response was generated - // by someone who knew the associated private key - // - Signature sig = Signature.getInstance(sigAlg.getObjectId().getId(), - "BC"); - sig.initVerify(pubkey); - sig.update(content.getBytes()); - - return sig.verify(sigBits); - } - - public void sign(PrivateKey priv_key) throws NoSuchAlgorithmException, - InvalidKeyException, SignatureException, NoSuchProviderException, - InvalidKeySpecException - { - sign(priv_key, null); - } - - public void sign(PrivateKey priv_key, SecureRandom rand) - throws NoSuchAlgorithmException, InvalidKeyException, - SignatureException, NoSuchProviderException, - InvalidKeySpecException - { - Signature sig = Signature.getInstance(sigAlg.getAlgorithm().getId(), - "BC"); - - if (rand != null) - { - sig.initSign(priv_key, rand); - } - else - { - sig.initSign(priv_key); - } - - ASN1EncodableVector pkac = new ASN1EncodableVector(); - - pkac.add(getKeySpec()); - pkac.add(new DERIA5String(challenge)); - - try - { - sig.update(new DERSequence(pkac).getEncoded(ASN1Encoding.DER)); - } - catch (IOException ioe) - { - throw new SignatureException(ioe.getMessage()); - } - - sigBits = sig.sign(); - } - - private ASN1Primitive getKeySpec() throws NoSuchAlgorithmException, - InvalidKeySpecException, NoSuchProviderException - { - ByteArrayOutputStream baos = new ByteArrayOutputStream(); - - ASN1Primitive obj = null; - try - { - - baos.write(pubkey.getEncoded()); - baos.close(); - - ASN1InputStream derin = new ASN1InputStream( - new ByteArrayInputStream(baos.toByteArray())); - - obj = derin.readObject(); - } - catch (IOException ioe) - { - throw new InvalidKeySpecException(ioe.getMessage()); - } - return obj; - } - - public ASN1Primitive toASN1Primitive() - { - ASN1EncodableVector spkac = new ASN1EncodableVector(); - ASN1EncodableVector pkac = new ASN1EncodableVector(); - - try - { - pkac.add(getKeySpec()); - } - catch (Exception e) - { - //ignore - } - - pkac.add(new DERIA5String(challenge)); - - spkac.add(new DERSequence(pkac)); - spkac.add(sigAlg); - spkac.add(new DERBitString(sigBits)); - - return new DERSequence(spkac); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/AnnotatedException.java b/prov/src/main/java/org/bouncycastle/jce/provider/AnnotatedException.java deleted file mode 100644 index c9ac46ef..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/AnnotatedException.java +++ /dev/null @@ -1,32 +0,0 @@ -package org.bouncycastle.jce.provider; - -import org.bouncycastle.jce.exception.ExtException; - -public class AnnotatedException - extends Exception - implements ExtException -{ - private Throwable _underlyingException; - - AnnotatedException(String string, Throwable e) - { - super(string); - - _underlyingException = e; - } - - AnnotatedException(String string) - { - this(string, null); - } - - Throwable getUnderlyingException() - { - return _underlyingException; - } - - public Throwable getCause() - { - return _underlyingException; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java b/prov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java deleted file mode 100644 index 0e925f8f..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java +++ /dev/null @@ -1,283 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.IOException; -import java.security.AccessController; -import java.security.PrivateKey; -import java.security.PrivilegedAction; -import java.security.Provider; -import java.security.PublicKey; -import java.util.HashMap; -import java.util.Map; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.config.ProviderConfiguration; -import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; -import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter; - -/** - * To add the provider at runtime use: - * <pre> - * import java.security.Security; - * import org.bouncycastle.jce.provider.BouncyCastleProvider; - * - * Security.addProvider(new BouncyCastleProvider()); - * </pre> - * The provider can also be configured as part of your environment via - * static registration by adding an entry to the java.security properties - * file (found in $JAVA_HOME/jre/lib/security/java.security, where - * $JAVA_HOME is the location of your JDK/JRE distribution). You'll find - * detailed instructions in the file but basically it comes down to adding - * a line: - * <pre> - * <code> - * security.provider.<n>=org.bouncycastle.jce.provider.BouncyCastleProvider - * </code> - * </pre> - * Where <n> is the preference you want the provider at (1 being the - * most preferred). - * <p>Note: JCE algorithm names should be upper-case only so the case insensitive - * test for getInstance works. - */ -public final class BouncyCastleProvider extends Provider - implements ConfigurableProvider -{ - private static String info = "BouncyCastle Security Provider v1.51"; - - public static final String PROVIDER_NAME = "BC"; - - public static final ProviderConfiguration CONFIGURATION = new BouncyCastleProviderConfiguration(); - - private static final Map keyInfoConverters = new HashMap(); - - /* - * Configurable symmetric ciphers - */ - private static final String SYMMETRIC_PACKAGE = "org.bouncycastle.jcajce.provider.symmetric."; - - private static final String[] SYMMETRIC_GENERIC = - { - "PBEPBKDF2", "PBEPKCS12" - }; - - private static final String[] SYMMETRIC_MACS = - { - "SipHash" - }; - - private static final String[] SYMMETRIC_CIPHERS = - { - "AES", "ARC4", "Blowfish", "Camellia", "CAST5", "CAST6", "ChaCha", "DES", "DESede", - "GOST28147", "Grainv1", "Grain128", "HC128", "HC256", "IDEA", "Noekeon", "RC2", "RC5", - "RC6", "Rijndael", "Salsa20", "SEED", "Serpent", "Shacal2", "Skipjack", "TEA", "Twofish", "Threefish", - "VMPC", "VMPCKSA3", "XTEA", "XSalsa20" - }; - - /* - * Configurable asymmetric ciphers - */ - private static final String ASYMMETRIC_PACKAGE = "org.bouncycastle.jcajce.provider.asymmetric."; - - // this one is required for GNU class path - it needs to be loaded first as the - // later ones configure it. - private static final String[] ASYMMETRIC_GENERIC = - { - "X509", "IES" - }; - - private static final String[] ASYMMETRIC_CIPHERS = - { - "DSA", "DH", "EC", "RSA", "GOST", "ECGOST", "ElGamal", "DSTU4145" - }; - - /* - * Configurable digests - */ - private static final String DIGEST_PACKAGE = "org.bouncycastle.jcajce.provider.digest."; - private static final String[] DIGESTS = - { - "GOST3411", "MD2", "MD4", "MD5", "SHA1", "RIPEMD128", "RIPEMD160", "RIPEMD256", "RIPEMD320", "SHA224", "SHA256", "SHA384", "SHA512", "SHA3", "Skein", "SM3", "Tiger", "Whirlpool" - }; - - /* - * Configurable keystores - */ - private static final String KEYSTORE_PACKAGE = "org.bouncycastle.jcajce.provider.keystore."; - private static final String[] KEYSTORES = - { - "BC", "PKCS12" - }; - - /** - * Construct a new provider. This should only be required when - * using runtime registration of the provider using the - * <code>Security.addProvider()</code> mechanism. - */ - public BouncyCastleProvider() - { - super(PROVIDER_NAME, 1.51, info); - - AccessController.doPrivileged(new PrivilegedAction() - { - public Object run() - { - setup(); - return null; - } - }); - } - - private void setup() - { - loadAlgorithms(DIGEST_PACKAGE, DIGESTS); - - loadAlgorithms(SYMMETRIC_PACKAGE, SYMMETRIC_GENERIC); - - loadAlgorithms(SYMMETRIC_PACKAGE, SYMMETRIC_MACS); - - loadAlgorithms(SYMMETRIC_PACKAGE, SYMMETRIC_CIPHERS); - - loadAlgorithms(ASYMMETRIC_PACKAGE, ASYMMETRIC_GENERIC); - - loadAlgorithms(ASYMMETRIC_PACKAGE, ASYMMETRIC_CIPHERS); - - loadAlgorithms(KEYSTORE_PACKAGE, KEYSTORES); - - // - // X509Store - // - put("X509Store.CERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertCollection"); - put("X509Store.ATTRIBUTECERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreAttrCertCollection"); - put("X509Store.CRL/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCRLCollection"); - put("X509Store.CERTIFICATEPAIR/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertPairCollection"); - - put("X509Store.CERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCerts"); - put("X509Store.CRL/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCRLs"); - put("X509Store.ATTRIBUTECERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPAttrCerts"); - put("X509Store.CERTIFICATEPAIR/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCertPairs"); - - // - // X509StreamParser - // - put("X509StreamParser.CERTIFICATE", "org.bouncycastle.jce.provider.X509CertParser"); - put("X509StreamParser.ATTRIBUTECERTIFICATE", "org.bouncycastle.jce.provider.X509AttrCertParser"); - put("X509StreamParser.CRL", "org.bouncycastle.jce.provider.X509CRLParser"); - put("X509StreamParser.CERTIFICATEPAIR", "org.bouncycastle.jce.provider.X509CertPairParser"); - - // - // cipher engines - // - put("Cipher.BROKENPBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithMD5AndDES"); - - put("Cipher.BROKENPBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES"); - - - put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish"); - - // Certification Path API - put("CertPathValidator.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathValidatorSpi"); - put("CertPathBuilder.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathBuilderSpi"); - put("CertPathValidator.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi"); - put("CertPathBuilder.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi"); - put("CertPathValidator.PKIX", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi"); - put("CertPathBuilder.PKIX", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi"); - put("CertStore.Collection", "org.bouncycastle.jce.provider.CertStoreCollectionSpi"); - put("CertStore.LDAP", "org.bouncycastle.jce.provider.X509LDAPCertStoreSpi"); - put("CertStore.Multi", "org.bouncycastle.jce.provider.MultiCertStoreSpi"); - put("Alg.Alias.CertStore.X509LDAP", "LDAP"); - } - - private void loadAlgorithms(String packageName, String[] names) - { - for (int i = 0; i != names.length; i++) - { - Class clazz = null; - try - { - ClassLoader loader = this.getClass().getClassLoader(); - - if (loader != null) - { - clazz = loader.loadClass(packageName + names[i] + "$Mappings"); - } - else - { - clazz = Class.forName(packageName + names[i] + "$Mappings"); - } - } - catch (ClassNotFoundException e) - { - // ignore - } - - if (clazz != null) - { - try - { - ((AlgorithmProvider)clazz.newInstance()).configure(this); - } - catch (Exception e) - { // this should never ever happen!! - throw new InternalError("cannot create instance of " - + packageName + names[i] + "$Mappings : " + e); - } - } - } - } - - public void setParameter(String parameterName, Object parameter) - { - synchronized (CONFIGURATION) - { - ((BouncyCastleProviderConfiguration)CONFIGURATION).setParameter(parameterName, parameter); - } - } - - public boolean hasAlgorithm(String type, String name) - { - return containsKey(type + "." + name) || containsKey("Alg.Alias." + type + "." + name); - } - - public void addAlgorithm(String key, String value) - { - if (containsKey(key)) - { - throw new IllegalStateException("duplicate provider key (" + key + ") found"); - } - - put(key, value); - } - - public void addKeyInfoConverter(ASN1ObjectIdentifier oid, AsymmetricKeyInfoConverter keyInfoConverter) - { - keyInfoConverters.put(oid, keyInfoConverter); - } - - public static PublicKey getPublicKey(SubjectPublicKeyInfo publicKeyInfo) - throws IOException - { - AsymmetricKeyInfoConverter converter = (AsymmetricKeyInfoConverter)keyInfoConverters.get(publicKeyInfo.getAlgorithm().getAlgorithm()); - - if (converter == null) - { - return null; - } - - return converter.generatePublic(publicKeyInfo); - } - - public static PrivateKey getPrivateKey(PrivateKeyInfo privateKeyInfo) - throws IOException - { - AsymmetricKeyInfoConverter converter = (AsymmetricKeyInfoConverter)keyInfoConverters.get(privateKeyInfo.getPrivateKeyAlgorithm().getAlgorithm()); - - if (converter == null) - { - return null; - } - - return converter.generatePrivate(privateKeyInfo); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProviderConfiguration.java b/prov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProviderConfiguration.java deleted file mode 100644 index cda05e83..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProviderConfiguration.java +++ /dev/null @@ -1,167 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.Permission; - -import javax.crypto.spec.DHParameterSpec; - -import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.config.ProviderConfiguration; -import org.bouncycastle.jcajce.provider.config.ProviderConfigurationPermission; -import org.bouncycastle.jce.spec.ECParameterSpec; - -class BouncyCastleProviderConfiguration - implements ProviderConfiguration -{ - private static Permission BC_EC_LOCAL_PERMISSION = new ProviderConfigurationPermission( - BouncyCastleProvider.PROVIDER_NAME, ConfigurableProvider.THREAD_LOCAL_EC_IMPLICITLY_CA); - private static Permission BC_EC_PERMISSION = new ProviderConfigurationPermission( - BouncyCastleProvider.PROVIDER_NAME, ConfigurableProvider.EC_IMPLICITLY_CA); - private static Permission BC_DH_LOCAL_PERMISSION = new ProviderConfigurationPermission( - BouncyCastleProvider.PROVIDER_NAME, ConfigurableProvider.THREAD_LOCAL_DH_DEFAULT_PARAMS); - private static Permission BC_DH_PERMISSION = new ProviderConfigurationPermission( - BouncyCastleProvider.PROVIDER_NAME, ConfigurableProvider.DH_DEFAULT_PARAMS); - - private ThreadLocal ecThreadSpec = new ThreadLocal(); - private ThreadLocal dhThreadSpec = new ThreadLocal(); - - private volatile ECParameterSpec ecImplicitCaParams; - private volatile Object dhDefaultParams; - - void setParameter(String parameterName, Object parameter) - { - SecurityManager securityManager = System.getSecurityManager(); - - if (parameterName.equals(ConfigurableProvider.THREAD_LOCAL_EC_IMPLICITLY_CA)) - { - ECParameterSpec curveSpec; - - if (securityManager != null) - { - securityManager.checkPermission(BC_EC_LOCAL_PERMISSION); - } - - if (parameter instanceof ECParameterSpec || parameter == null) - { - curveSpec = (ECParameterSpec)parameter; - } - else // assume java.security.spec - { - curveSpec = EC5Util.convertSpec((java.security.spec.ECParameterSpec)parameter, false); - } - - if (curveSpec == null) - { - ecThreadSpec.remove(); - } - else - { - ecThreadSpec.set(curveSpec); - } - } - else if (parameterName.equals(ConfigurableProvider.EC_IMPLICITLY_CA)) - { - if (securityManager != null) - { - securityManager.checkPermission(BC_EC_PERMISSION); - } - - if (parameter instanceof ECParameterSpec || parameter == null) - { - ecImplicitCaParams = (ECParameterSpec)parameter; - } - else // assume java.security.spec - { - ecImplicitCaParams = EC5Util.convertSpec((java.security.spec.ECParameterSpec)parameter, false); - } - } - else if (parameterName.equals(ConfigurableProvider.THREAD_LOCAL_DH_DEFAULT_PARAMS)) - { - Object dhSpec; - - if (securityManager != null) - { - securityManager.checkPermission(BC_DH_LOCAL_PERMISSION); - } - - if (parameter instanceof DHParameterSpec || parameter instanceof DHParameterSpec[] || parameter == null) - { - dhSpec = parameter; - } - else - { - throw new IllegalArgumentException("not a valid DHParameterSpec"); - } - - if (dhSpec == null) - { - dhThreadSpec.remove(); - } - else - { - dhThreadSpec.set(dhSpec); - } - } - else if (parameterName.equals(ConfigurableProvider.DH_DEFAULT_PARAMS)) - { - if (securityManager != null) - { - securityManager.checkPermission(BC_DH_PERMISSION); - } - - if (parameter instanceof DHParameterSpec || parameter instanceof DHParameterSpec[] || parameter == null) - { - dhDefaultParams = parameter; - } - else - { - throw new IllegalArgumentException("not a valid DHParameterSpec or DHParameterSpec[]"); - } - } - } - - public ECParameterSpec getEcImplicitlyCa() - { - ECParameterSpec spec = (ECParameterSpec)ecThreadSpec.get(); - - if (spec != null) - { - return spec; - } - - return ecImplicitCaParams; - } - - public DHParameterSpec getDHDefaultParameters(int keySize) - { - Object params = dhThreadSpec.get(); - if (params == null) - { - params = dhDefaultParams; - } - - if (params instanceof DHParameterSpec) - { - DHParameterSpec spec = (DHParameterSpec)params; - - if (spec.getP().bitLength() == keySize) - { - return spec; - } - } - else if (params instanceof DHParameterSpec[]) - { - DHParameterSpec[] specs = (DHParameterSpec[])params; - - for (int i = 0; i != specs.length; i++) - { - if (specs[i].getP().bitLength() == keySize) - { - return specs[i]; - } - } - } - - return null; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/BrokenJCEBlockCipher.java b/prov/src/main/java/org/bouncycastle/jce/provider/BrokenJCEBlockCipher.java deleted file mode 100644 index cb88e208..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/BrokenJCEBlockCipher.java +++ /dev/null @@ -1,621 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.KeyFactory; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.PKCS8EncodedKeySpec; -import java.security.spec.X509EncodedKeySpec; - -import javax.crypto.BadPaddingException; -import javax.crypto.Cipher; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.PBEParameterSpec; -import javax.crypto.spec.RC2ParameterSpec; -import javax.crypto.spec.RC5ParameterSpec; -import javax.crypto.spec.SecretKeySpec; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.BufferedBlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.InvalidCipherTextException; -import org.bouncycastle.crypto.engines.DESEngine; -import org.bouncycastle.crypto.engines.DESedeEngine; -import org.bouncycastle.crypto.engines.TwofishEngine; -import org.bouncycastle.crypto.modes.CBCBlockCipher; -import org.bouncycastle.crypto.modes.CFBBlockCipher; -import org.bouncycastle.crypto.modes.CTSBlockCipher; -import org.bouncycastle.crypto.modes.OFBBlockCipher; -import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; -import org.bouncycastle.crypto.params.RC2Parameters; -import org.bouncycastle.crypto.params.RC5Parameters; -import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey; -import org.bouncycastle.util.Strings; - -public class BrokenJCEBlockCipher - implements BrokenPBE -{ - // - // specs we can handle. - // - private Class[] availableSpecs = - { - IvParameterSpec.class, - PBEParameterSpec.class, - RC2ParameterSpec.class, - RC5ParameterSpec.class - }; - - private BufferedBlockCipher cipher; - private ParametersWithIV ivParam; - - private int pbeType = PKCS12; - private int pbeHash = SHA1; - private int pbeKeySize; - private int pbeIvSize; - - private int ivLength = 0; - - private AlgorithmParameters engineParams = null; - - protected BrokenJCEBlockCipher( - BlockCipher engine) - { - cipher = new PaddedBufferedBlockCipher(engine); - } - - protected BrokenJCEBlockCipher( - BlockCipher engine, - int pbeType, - int pbeHash, - int pbeKeySize, - int pbeIvSize) - { - cipher = new PaddedBufferedBlockCipher(engine); - - this.pbeType = pbeType; - this.pbeHash = pbeHash; - this.pbeKeySize = pbeKeySize; - this.pbeIvSize = pbeIvSize; - } - - protected int engineGetBlockSize() - { - return cipher.getBlockSize(); - } - - protected byte[] engineGetIV() - { - return (ivParam != null) ? ivParam.getIV() : null; - } - - protected int engineGetKeySize( - Key key) - { - return key.getEncoded().length; - } - - protected int engineGetOutputSize( - int inputLen) - { - return cipher.getOutputSize(inputLen); - } - - protected AlgorithmParameters engineGetParameters() - { - if (engineParams == null) - { - if (ivParam != null) - { - String name = cipher.getUnderlyingCipher().getAlgorithmName(); - - if (name.indexOf('/') >= 0) - { - name = name.substring(0, name.indexOf('/')); - } - - try - { - engineParams = AlgorithmParameters.getInstance(name, BouncyCastleProvider.PROVIDER_NAME); - engineParams.init(ivParam.getIV()); - } - catch (Exception e) - { - throw new RuntimeException(e.toString()); - } - } - } - - return engineParams; - } - - protected void engineSetMode( - String mode) - { - String modeName = Strings.toUpperCase(mode); - - if (modeName.equals("ECB")) - { - ivLength = 0; - cipher = new PaddedBufferedBlockCipher(cipher.getUnderlyingCipher()); - } - else if (modeName.equals("CBC")) - { - ivLength = cipher.getUnderlyingCipher().getBlockSize(); - cipher = new PaddedBufferedBlockCipher( - new CBCBlockCipher(cipher.getUnderlyingCipher())); - } - else if (modeName.startsWith("OFB")) - { - ivLength = cipher.getUnderlyingCipher().getBlockSize(); - if (modeName.length() != 3) - { - int wordSize = Integer.parseInt(modeName.substring(3)); - - cipher = new PaddedBufferedBlockCipher( - new OFBBlockCipher(cipher.getUnderlyingCipher(), wordSize)); - } - else - { - cipher = new PaddedBufferedBlockCipher( - new OFBBlockCipher(cipher.getUnderlyingCipher(), 8 * cipher.getBlockSize())); - } - } - else if (modeName.startsWith("CFB")) - { - ivLength = cipher.getUnderlyingCipher().getBlockSize(); - if (modeName.length() != 3) - { - int wordSize = Integer.parseInt(modeName.substring(3)); - - cipher = new PaddedBufferedBlockCipher( - new CFBBlockCipher(cipher.getUnderlyingCipher(), wordSize)); - } - else - { - cipher = new PaddedBufferedBlockCipher( - new CFBBlockCipher(cipher.getUnderlyingCipher(), 8 * cipher.getBlockSize())); - } - } - else - { - throw new IllegalArgumentException("can't support mode " + mode); - } - } - - protected void engineSetPadding( - String padding) - throws NoSuchPaddingException - { - String paddingName = Strings.toUpperCase(padding); - - if (paddingName.equals("NOPADDING")) - { - cipher = new BufferedBlockCipher(cipher.getUnderlyingCipher()); - } - else if (paddingName.equals("PKCS5PADDING") || paddingName.equals("PKCS7PADDING") || paddingName.equals("ISO10126PADDING")) - { - cipher = new PaddedBufferedBlockCipher(cipher.getUnderlyingCipher()); - } - else if (paddingName.equals("WITHCTS")) - { - cipher = new CTSBlockCipher(cipher.getUnderlyingCipher()); - } - else - { - throw new NoSuchPaddingException("Padding " + padding + " unknown."); - } - } - - protected void engineInit( - int opmode, - Key key, - AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - CipherParameters param; - - // - // a note on iv's - if ivLength is zero the IV gets ignored (we don't use it). - // - if (key instanceof BCPBEKey) - { - param = BrokenPBE.Util.makePBEParameters((BCPBEKey)key, params, pbeType, pbeHash, - cipher.getUnderlyingCipher().getAlgorithmName(), pbeKeySize, pbeIvSize); - - if (pbeIvSize != 0) - { - ivParam = (ParametersWithIV)param; - } - } - else if (params == null) - { - param = new KeyParameter(key.getEncoded()); - } - else if (params instanceof IvParameterSpec) - { - if (ivLength != 0) - { - param = new ParametersWithIV(new KeyParameter(key.getEncoded()), ((IvParameterSpec)params).getIV()); - ivParam = (ParametersWithIV)param; - } - else - { - param = new KeyParameter(key.getEncoded()); - } - } - else if (params instanceof RC2ParameterSpec) - { - RC2ParameterSpec rc2Param = (RC2ParameterSpec)params; - - param = new RC2Parameters(key.getEncoded(), ((RC2ParameterSpec)params).getEffectiveKeyBits()); - - if (rc2Param.getIV() != null && ivLength != 0) - { - param = new ParametersWithIV(param, rc2Param.getIV()); - ivParam = (ParametersWithIV)param; - } - } - else if (params instanceof RC5ParameterSpec) - { - RC5ParameterSpec rc5Param = (RC5ParameterSpec)params; - - param = new RC5Parameters(key.getEncoded(), ((RC5ParameterSpec)params).getRounds()); - if (rc5Param.getWordSize() != 32) - { - throw new IllegalArgumentException("can only accept RC5 word size 32 (at the moment...)"); - } - if ((rc5Param.getIV() != null) && (ivLength != 0)) - { - param = new ParametersWithIV(param, rc5Param.getIV()); - ivParam = (ParametersWithIV)param; - } - } - else - { - throw new InvalidAlgorithmParameterException("unknown parameter type."); - } - - if ((ivLength != 0) && !(param instanceof ParametersWithIV)) - { - if (random == null) - { - random = new SecureRandom(); - } - - if ((opmode == Cipher.ENCRYPT_MODE) || (opmode == Cipher.WRAP_MODE)) - { - byte[] iv = new byte[ivLength]; - - random.nextBytes(iv); - param = new ParametersWithIV(param, iv); - ivParam = (ParametersWithIV)param; - } - else - { - throw new InvalidAlgorithmParameterException("no IV set when one expected"); - } - } - - switch (opmode) - { - case Cipher.ENCRYPT_MODE: - case Cipher.WRAP_MODE: - cipher.init(true, param); - break; - case Cipher.DECRYPT_MODE: - case Cipher.UNWRAP_MODE: - cipher.init(false, param); - break; - default: - System.out.println("eeek!"); - } - } - - protected void engineInit( - int opmode, - Key key, - AlgorithmParameters params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - AlgorithmParameterSpec paramSpec = null; - - if (params != null) - { - for (int i = 0; i != availableSpecs.length; i++) - { - try - { - paramSpec = params.getParameterSpec(availableSpecs[i]); - break; - } - catch (Exception e) - { - continue; - } - } - - if (paramSpec == null) - { - throw new InvalidAlgorithmParameterException("can't handle parameter " + params.toString()); - } - } - - engineParams = params; - engineInit(opmode, key, paramSpec, random); - } - - protected void engineInit( - int opmode, - Key key, - SecureRandom random) - throws InvalidKeyException - { - try - { - engineInit(opmode, key, (AlgorithmParameterSpec)null, random); - } - catch (InvalidAlgorithmParameterException e) - { - throw new IllegalArgumentException(e.getMessage()); - } - } - - protected byte[] engineUpdate( - byte[] input, - int inputOffset, - int inputLen) - { - int length = cipher.getUpdateOutputSize(inputLen); - - if (length > 0) - { - byte[] out = new byte[length]; - - cipher.processBytes(input, inputOffset, inputLen, out, 0); - return out; - } - - cipher.processBytes(input, inputOffset, inputLen, null, 0); - - return null; - } - - protected int engineUpdate( - byte[] input, - int inputOffset, - int inputLen, - byte[] output, - int outputOffset) - { - return cipher.processBytes(input, inputOffset, inputLen, output, outputOffset); - } - - protected byte[] engineDoFinal( - byte[] input, - int inputOffset, - int inputLen) - throws IllegalBlockSizeException, BadPaddingException - { - int len = 0; - byte[] tmp = new byte[engineGetOutputSize(inputLen)]; - - if (inputLen != 0) - { - len = cipher.processBytes(input, inputOffset, inputLen, tmp, 0); - } - - try - { - len += cipher.doFinal(tmp, len); - } - catch (DataLengthException e) - { - throw new IllegalBlockSizeException(e.getMessage()); - } - catch (InvalidCipherTextException e) - { - throw new BadPaddingException(e.getMessage()); - } - - byte[] out = new byte[len]; - - System.arraycopy(tmp, 0, out, 0, len); - - return out; - } - - protected int engineDoFinal( - byte[] input, - int inputOffset, - int inputLen, - byte[] output, - int outputOffset) - throws IllegalBlockSizeException, BadPaddingException - { - int len = 0; - - if (inputLen != 0) - { - len = cipher.processBytes(input, inputOffset, inputLen, output, outputOffset); - } - - try - { - return len + cipher.doFinal(output, outputOffset + len); - } - catch (DataLengthException e) - { - throw new IllegalBlockSizeException(e.getMessage()); - } - catch (InvalidCipherTextException e) - { - throw new BadPaddingException(e.getMessage()); - } - } - - protected byte[] engineWrap( - Key key) - throws IllegalBlockSizeException, java.security.InvalidKeyException - { - byte[] encoded = key.getEncoded(); - if (encoded == null) - { - throw new InvalidKeyException("Cannot wrap key, null encoding."); - } - - try - { - return engineDoFinal(encoded, 0, encoded.length); - } - catch (BadPaddingException e) - { - throw new IllegalBlockSizeException(e.getMessage()); - } - } - - protected Key engineUnwrap( - byte[] wrappedKey, - String wrappedKeyAlgorithm, - int wrappedKeyType) - throws InvalidKeyException - { - byte[] encoded = null; - try - { - encoded = engineDoFinal(wrappedKey, 0, wrappedKey.length); - } - catch (BadPaddingException e) - { - throw new InvalidKeyException(e.getMessage()); - } - catch (IllegalBlockSizeException e2) - { - throw new InvalidKeyException(e2.getMessage()); - } - - if (wrappedKeyType == Cipher.SECRET_KEY) - { - return new SecretKeySpec(encoded, wrappedKeyAlgorithm); - } - else - { - try - { - KeyFactory kf = KeyFactory.getInstance(wrappedKeyAlgorithm, BouncyCastleProvider.PROVIDER_NAME); - - if (wrappedKeyType == Cipher.PUBLIC_KEY) - { - return kf.generatePublic(new X509EncodedKeySpec(encoded)); - } - else if (wrappedKeyType == Cipher.PRIVATE_KEY) - { - return kf.generatePrivate(new PKCS8EncodedKeySpec(encoded)); - } - } - catch (NoSuchProviderException e) - { - throw new InvalidKeyException("Unknown key type " + e.getMessage()); - } - catch (NoSuchAlgorithmException e) - { - throw new InvalidKeyException("Unknown key type " + e.getMessage()); - } - catch (InvalidKeySpecException e2) - { - throw new InvalidKeyException("Unknown key type " + e2.getMessage()); - } - - throw new InvalidKeyException("Unknown key type " + wrappedKeyType); - } - } - - /* - * The ciphers that inherit from us. - */ - - /** - * PBEWithMD5AndDES - */ - static public class BrokePBEWithMD5AndDES - extends BrokenJCEBlockCipher - { - public BrokePBEWithMD5AndDES() - { - super(new CBCBlockCipher(new DESEngine()), PKCS5S1, MD5, 64, 64); - } - } - - /** - * PBEWithSHA1AndDES - */ - static public class BrokePBEWithSHA1AndDES - extends BrokenJCEBlockCipher - { - public BrokePBEWithSHA1AndDES() - { - super(new CBCBlockCipher(new DESEngine()), PKCS5S1, SHA1, 64, 64); - } - } - - /** - * PBEWithSHAAnd3-KeyTripleDES-CBC - */ - static public class BrokePBEWithSHAAndDES3Key - extends BrokenJCEBlockCipher - { - public BrokePBEWithSHAAndDES3Key() - { - super(new CBCBlockCipher(new DESedeEngine()), PKCS12, SHA1, 192, 64); - } - } - - /** - * OldPBEWithSHAAnd3-KeyTripleDES-CBC - */ - static public class OldPBEWithSHAAndDES3Key - extends BrokenJCEBlockCipher - { - public OldPBEWithSHAAndDES3Key() - { - super(new CBCBlockCipher(new DESedeEngine()), OLD_PKCS12, SHA1, 192, 64); - } - } - - /** - * PBEWithSHAAnd2-KeyTripleDES-CBC - */ - static public class BrokePBEWithSHAAndDES2Key - extends BrokenJCEBlockCipher - { - public BrokePBEWithSHAAndDES2Key() - { - super(new CBCBlockCipher(new DESedeEngine()), PKCS12, SHA1, 128, 64); - } - } - - /** - * OldPBEWithSHAAndTwofish-CBC - */ - static public class OldPBEWithSHAAndTwofish - extends BrokenJCEBlockCipher - { - public OldPBEWithSHAAndTwofish() - { - super(new CBCBlockCipher(new TwofishEngine()), OLD_PKCS12, SHA1, 256, 128); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/BrokenKDF2BytesGenerator.java b/prov/src/main/java/org/bouncycastle/jce/provider/BrokenKDF2BytesGenerator.java deleted file mode 100644 index e6186f67..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/BrokenKDF2BytesGenerator.java +++ /dev/null @@ -1,127 +0,0 @@ -package org.bouncycastle.jce.provider; - -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.DerivationFunction; -import org.bouncycastle.crypto.DerivationParameters; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.params.KDFParameters; - -/** - * Generator for PBE derived keys and ivs as defined by IEEE P1363a - * <br> - * This implementation is based on draft 9 of IEEE P1363a. <b>Note:</b> - * as this is still a draft the output of this generator may change, don't - * use it for anything that might be subject to long term storage. - */ -public class BrokenKDF2BytesGenerator - implements DerivationFunction -{ - private Digest digest; - private byte[] shared; - private byte[] iv; - - /** - * Construct a KDF2 Parameters generator. Generates key material - * according to IEEE P1363a - if you want orthodox results you should - * use a digest specified in the standard. - * <p> - * <b>Note:</b> IEEE P1363a standard is still a draft standard, if the standard - * changes this function, the output of this function will change as well. - * Don't use this routine for anything subject to long term storage. - * - * @param digest the digest to be used as the source of derived keys. - */ - public BrokenKDF2BytesGenerator( - Digest digest) - { - this.digest = digest; - } - - public void init( - DerivationParameters param) - { - if (!(param instanceof KDFParameters)) - { - throw new IllegalArgumentException("KDF parameters required for KDF2Generator"); - } - - KDFParameters p = (KDFParameters)param; - - shared = p.getSharedSecret(); - iv = p.getIV(); - } - - /** - * return the underlying digest. - */ - public Digest getDigest() - { - return digest; - } - - /** - * fill len bytes of the output buffer with bytes generated from - * the derivation function. - * - * @throws IllegalArgumentException if the size of the request will cause an overflow. - * @throws DataLengthException if the out buffer is too small. - */ - public int generateBytes( - byte[] out, - int outOff, - int len) - throws DataLengthException, IllegalArgumentException - { - if ((out.length - len) < outOff) - { - throw new DataLengthException("output buffer too small"); - } - - long oBits = len * 8; - - // - // this is at odds with the standard implementation, the - // maximum value should be hBits * (2^23 - 1) where hBits - // is the digest output size in bits. We can't have an - // array with a long index at the moment... - // - if (oBits > (digest.getDigestSize() * 8 * (2L^32 - 1))) - { - new IllegalArgumentException("Output length to large"); - } - - int cThreshold = (int)(oBits / digest.getDigestSize()); - - byte[] dig = null; - - dig = new byte[digest.getDigestSize()]; - - for (int counter = 1; counter <= cThreshold; counter++) - { - digest.update(shared, 0, shared.length); - - digest.update((byte)(counter & 0xff)); - digest.update((byte)((counter >> 8) & 0xff)); - digest.update((byte)((counter >> 16) & 0xff)); - digest.update((byte)((counter >> 24) & 0xff)); - - digest.update(iv, 0, iv.length); - - digest.doFinal(dig, 0); - - if ((len - outOff) > dig.length) - { - System.arraycopy(dig, 0, out, outOff, dig.length); - outOff += dig.length; - } - else - { - System.arraycopy(dig, 0, out, outOff, len - outOff); - } - } - - digest.reset(); - - return len; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/BrokenPBE.java b/prov/src/main/java/org/bouncycastle/jce/provider/BrokenPBE.java deleted file mode 100644 index a1736253..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/BrokenPBE.java +++ /dev/null @@ -1,441 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.spec.PBEParameterSpec; - -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.PBEParametersGenerator; -import org.bouncycastle.crypto.digests.MD5Digest; -import org.bouncycastle.crypto.digests.RIPEMD160Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator; -import org.bouncycastle.crypto.generators.PKCS5S1ParametersGenerator; -import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; -import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey; - -/** - * Generator for PBE derived keys and ivs as defined by PKCS 12 V1.0, - * with a bug affecting 180 bit plus keys - this class is only here to - * allow smooth migration of the version 0 keystore to version 1. Don't - * use it (it won't be staying around). - * <p> - * The document this implementation is based on can be found at - * <a href=http://www.rsasecurity.com/rsalabs/pkcs/pkcs-12/index.html> - * RSA's PKCS12 Page</a> - */ -class OldPKCS12ParametersGenerator - extends PBEParametersGenerator -{ - public static final int KEY_MATERIAL = 1; - public static final int IV_MATERIAL = 2; - public static final int MAC_MATERIAL = 3; - - private Digest digest; - - private int u; - private int v; - - /** - * Construct a PKCS 12 Parameters generator. This constructor will - * accept MD5, SHA1, and RIPEMD160. - * - * @param digest the digest to be used as the source of derived keys. - * @exception IllegalArgumentException if an unknown digest is passed in. - */ - public OldPKCS12ParametersGenerator( - Digest digest) - { - this.digest = digest; - if (digest instanceof MD5Digest) - { - u = 128 / 8; - v = 512 / 8; - } - else if (digest instanceof SHA1Digest) - { - u = 160 / 8; - v = 512 / 8; - } - else if (digest instanceof RIPEMD160Digest) - { - u = 160 / 8; - v = 512 / 8; - } - else - { - throw new IllegalArgumentException("Digest " + digest.getAlgorithmName() + " unsupported"); - } - } - - /** - * add a + b + 1, returning the result in a. The a value is treated - * as a BigInteger of length (b.length * 8) bits. The result is - * modulo 2^b.length in case of overflow. - */ - private void adjust( - byte[] a, - int aOff, - byte[] b) - { - int x = (b[b.length - 1] & 0xff) + (a[aOff + b.length - 1] & 0xff) + 1; - - a[aOff + b.length - 1] = (byte)x; - x >>>= 8; - - for (int i = b.length - 2; i >= 0; i--) - { - x += (b[i] & 0xff) + (a[aOff + i] & 0xff); - a[aOff + i] = (byte)x; - x >>>= 8; - } - } - - /** - * generation of a derived key ala PKCS12 V1.0. - */ - private byte[] generateDerivedKey( - int idByte, - int n) - { - byte[] D = new byte[v]; - byte[] dKey = new byte[n]; - - for (int i = 0; i != D.length; i++) - { - D[i] = (byte)idByte; - } - - byte[] S; - - if ((salt != null) && (salt.length != 0)) - { - S = new byte[v * ((salt.length + v - 1) / v)]; - - for (int i = 0; i != S.length; i++) - { - S[i] = salt[i % salt.length]; - } - } - else - { - S = new byte[0]; - } - - byte[] P; - - if ((password != null) && (password.length != 0)) - { - P = new byte[v * ((password.length + v - 1) / v)]; - - for (int i = 0; i != P.length; i++) - { - P[i] = password[i % password.length]; - } - } - else - { - P = new byte[0]; - } - - byte[] I = new byte[S.length + P.length]; - - System.arraycopy(S, 0, I, 0, S.length); - System.arraycopy(P, 0, I, S.length, P.length); - - byte[] B = new byte[v]; - int c = (n + u - 1) / u; - - for (int i = 1; i <= c; i++) - { - byte[] A = new byte[u]; - - digest.update(D, 0, D.length); - digest.update(I, 0, I.length); - digest.doFinal(A, 0); - for (int j = 1; j != iterationCount; j++) - { - digest.update(A, 0, A.length); - digest.doFinal(A, 0); - } - - for (int j = 0; j != B.length; j++) - { - B[i] = A[j % A.length]; - } - - for (int j = 0; j != I.length / v; j++) - { - adjust(I, j * v, B); - } - - if (i == c) - { - System.arraycopy(A, 0, dKey, (i - 1) * u, dKey.length - ((i - 1) * u)); - } - else - { - System.arraycopy(A, 0, dKey, (i - 1) * u, A.length); - } - } - - return dKey; - } - - /** - * Generate a key parameter derived from the password, salt, and iteration - * count we are currently initialised with. - * - * @param keySize the size of the key we want (in bits) - * @return a KeyParameter object. - */ - public CipherParameters generateDerivedParameters( - int keySize) - { - keySize = keySize / 8; - - byte[] dKey = generateDerivedKey(KEY_MATERIAL, keySize); - - return new KeyParameter(dKey, 0, keySize); - } - - /** - * Generate a key with initialisation vector parameter derived from - * the password, salt, and iteration count we are currently initialised - * with. - * - * @param keySize the size of the key we want (in bits) - * @param ivSize the size of the iv we want (in bits) - * @return a ParametersWithIV object. - */ - public CipherParameters generateDerivedParameters( - int keySize, - int ivSize) - { - keySize = keySize / 8; - ivSize = ivSize / 8; - - byte[] dKey = generateDerivedKey(KEY_MATERIAL, keySize); - - byte[] iv = generateDerivedKey(IV_MATERIAL, ivSize); - - return new ParametersWithIV(new KeyParameter(dKey, 0, keySize), iv, 0, ivSize); - } - - /** - * Generate a key parameter for use with a MAC derived from the password, - * salt, and iteration count we are currently initialised with. - * - * @param keySize the size of the key we want (in bits) - * @return a KeyParameter object. - */ - public CipherParameters generateDerivedMacParameters( - int keySize) - { - keySize = keySize / 8; - - byte[] dKey = generateDerivedKey(MAC_MATERIAL, keySize); - - return new KeyParameter(dKey, 0, keySize); - } -} - -public interface BrokenPBE -{ - // - // PBE Based encryption constants - by default we do PKCS12 with SHA-1 - // - static final int MD5 = 0; - static final int SHA1 = 1; - static final int RIPEMD160 = 2; - - static final int PKCS5S1 = 0; - static final int PKCS5S2 = 1; - static final int PKCS12 = 2; - static final int OLD_PKCS12 = 3; - - /** - * uses the appropriate mixer to generate the key and IV if neccessary. - */ - static class Util - { - /** - * a faulty parity routine... - * - * @param bytes the byte array to set the parity on. - */ - static private void setOddParity( - byte[] bytes) - { - for (int i = 0; i < bytes.length; i++) - { - int b = bytes[i]; - bytes[i] = (byte)((b & 0xfe) | - (((b >> 1) ^ - (b >> 2) ^ - (b >> 3) ^ - (b >> 4) ^ - (b >> 5) ^ - (b >> 6) ^ - (b >> 7)) ^ 0x01)); - } - } - - static private PBEParametersGenerator makePBEGenerator( - int type, - int hash) - { - PBEParametersGenerator generator; - - if (type == PKCS5S1) - { - switch (hash) - { - case MD5: - generator = new PKCS5S1ParametersGenerator(new MD5Digest()); - break; - case SHA1: - generator = new PKCS5S1ParametersGenerator(new SHA1Digest()); - break; - default: - throw new IllegalStateException("PKCS5 scheme 1 only supports only MD5 and SHA1."); - } - } - else if (type == PKCS5S2) - { - generator = new PKCS5S2ParametersGenerator(); - } - else if (type == OLD_PKCS12) - { - switch (hash) - { - case MD5: - generator = new OldPKCS12ParametersGenerator(new MD5Digest()); - break; - case SHA1: - generator = new OldPKCS12ParametersGenerator(new SHA1Digest()); - break; - case RIPEMD160: - generator = new OldPKCS12ParametersGenerator(new RIPEMD160Digest()); - break; - default: - throw new IllegalStateException("unknown digest scheme for PBE encryption."); - } - } - else - { - switch (hash) - { - case MD5: - generator = new PKCS12ParametersGenerator(new MD5Digest()); - break; - case SHA1: - generator = new PKCS12ParametersGenerator(new SHA1Digest()); - break; - case RIPEMD160: - generator = new PKCS12ParametersGenerator(new RIPEMD160Digest()); - break; - default: - throw new IllegalStateException("unknown digest scheme for PBE encryption."); - } - } - - return generator; - } - - /** - * construct a key and iv (if neccessary) suitable for use with a - * Cipher. - */ - static CipherParameters makePBEParameters( - BCPBEKey pbeKey, - AlgorithmParameterSpec spec, - int type, - int hash, - String targetAlgorithm, - int keySize, - int ivSize) - { - if ((spec == null) || !(spec instanceof PBEParameterSpec)) - { - throw new IllegalArgumentException("Need a PBEParameter spec with a PBE key."); - } - - PBEParameterSpec pbeParam = (PBEParameterSpec)spec; - PBEParametersGenerator generator = makePBEGenerator(type, hash); - byte[] key = pbeKey.getEncoded(); - CipherParameters param; - - generator.init(key, pbeParam.getSalt(), pbeParam.getIterationCount()); - - if (ivSize != 0) - { - param = generator.generateDerivedParameters(keySize, ivSize); - } - else - { - param = generator.generateDerivedParameters(keySize); - } - - if (targetAlgorithm.startsWith("DES")) - { - if (param instanceof ParametersWithIV) - { - KeyParameter kParam = (KeyParameter)((ParametersWithIV)param).getParameters(); - - setOddParity(kParam.getKey()); - } - else - { - KeyParameter kParam = (KeyParameter)param; - - setOddParity(kParam.getKey()); - } - } - - for (int i = 0; i != key.length; i++) - { - key[i] = 0; - } - - return param; - } - - /** - * generate a PBE based key suitable for a MAC algorithm, the - * key size is chosen according the MAC size, or the hashing algorithm, - * whichever is greater. - */ - static CipherParameters makePBEMacParameters( - BCPBEKey pbeKey, - AlgorithmParameterSpec spec, - int type, - int hash, - int keySize) - { - if ((spec == null) || !(spec instanceof PBEParameterSpec)) - { - throw new IllegalArgumentException("Need a PBEParameter spec with a PBE key."); - } - - PBEParameterSpec pbeParam = (PBEParameterSpec)spec; - PBEParametersGenerator generator = makePBEGenerator(type, hash); - byte[] key = pbeKey.getEncoded(); - CipherParameters param; - - generator.init(key, pbeParam.getSalt(), pbeParam.getIterationCount()); - - param = generator.generateDerivedMacParameters(keySize); - - for (int i = 0; i != key.length; i++) - { - key[i] = 0; - } - - return param; - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java b/prov/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java deleted file mode 100644 index 964d0394..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java +++ /dev/null @@ -1,1426 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.math.BigInteger; -import java.security.GeneralSecurityException; -import java.security.KeyFactory; -import java.security.PublicKey; -import java.security.cert.CRLException; -import java.security.cert.CertPath; -import java.security.cert.CertPathValidatorException; -import java.security.cert.CertStore; -import java.security.cert.CertStoreException; -import java.security.cert.Certificate; -import java.security.cert.CertificateParsingException; -import java.security.cert.PKIXParameters; -import java.security.cert.PolicyQualifierInfo; -import java.security.cert.TrustAnchor; -import java.security.cert.X509CRL; -import java.security.cert.X509CRLEntry; -import java.security.cert.X509CRLSelector; -import java.security.cert.X509CertSelector; -import java.security.cert.X509Certificate; -import java.security.interfaces.DSAParams; -import java.security.interfaces.DSAPublicKey; -import java.security.spec.DSAPublicKeySpec; -import java.text.ParseException; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Date; -import java.util.Enumeration; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; -import java.util.Map; -import java.util.Set; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Enumerated; -import org.bouncycastle.asn1.ASN1GeneralizedTime; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1OutputStream; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.isismtt.ISISMTTObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.CRLDistPoint; -import org.bouncycastle.asn1.x509.CRLReason; -import org.bouncycastle.asn1.x509.DistributionPoint; -import org.bouncycastle.asn1.x509.DistributionPointName; -import org.bouncycastle.asn1.x509.Extension; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.GeneralNames; -import org.bouncycastle.asn1.x509.PolicyInformation; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x509.X509Extension; -import org.bouncycastle.jce.X509LDAPCertStoreParameters; -import org.bouncycastle.jce.exception.ExtCertPathValidatorException; -import org.bouncycastle.util.Integers; -import org.bouncycastle.util.Selector; -import org.bouncycastle.util.StoreException; -import org.bouncycastle.x509.ExtendedPKIXBuilderParameters; -import org.bouncycastle.x509.ExtendedPKIXParameters; -import org.bouncycastle.x509.X509AttributeCertStoreSelector; -import org.bouncycastle.x509.X509AttributeCertificate; -import org.bouncycastle.x509.X509CRLStoreSelector; -import org.bouncycastle.x509.X509CertStoreSelector; -import org.bouncycastle.x509.X509Store; - -public class CertPathValidatorUtilities -{ - protected static final PKIXCRLUtil CRL_UTIL = new PKIXCRLUtil(); - - protected static final String CERTIFICATE_POLICIES = Extension.certificatePolicies.getId(); - protected static final String BASIC_CONSTRAINTS = Extension.basicConstraints.getId(); - protected static final String POLICY_MAPPINGS = Extension.policyMappings.getId(); - protected static final String SUBJECT_ALTERNATIVE_NAME = Extension.subjectAlternativeName.getId(); - protected static final String NAME_CONSTRAINTS = Extension.nameConstraints.getId(); - protected static final String KEY_USAGE = Extension.keyUsage.getId(); - protected static final String INHIBIT_ANY_POLICY = Extension.inhibitAnyPolicy.getId(); - protected static final String ISSUING_DISTRIBUTION_POINT = Extension.issuingDistributionPoint.getId(); - protected static final String DELTA_CRL_INDICATOR = Extension.deltaCRLIndicator.getId(); - protected static final String POLICY_CONSTRAINTS = Extension.policyConstraints.getId(); - protected static final String FRESHEST_CRL = Extension.freshestCRL.getId(); - protected static final String CRL_DISTRIBUTION_POINTS = Extension.cRLDistributionPoints.getId(); - protected static final String AUTHORITY_KEY_IDENTIFIER = Extension.authorityKeyIdentifier.getId(); - - protected static final String ANY_POLICY = "2.5.29.32.0"; - - protected static final String CRL_NUMBER = Extension.cRLNumber.getId(); - - /* - * key usage bits - */ - protected static final int KEY_CERT_SIGN = 5; - protected static final int CRL_SIGN = 6; - - protected static final String[] crlReasons = new String[]{ - "unspecified", - "keyCompromise", - "cACompromise", - "affiliationChanged", - "superseded", - "cessationOfOperation", - "certificateHold", - "unknown", - "removeFromCRL", - "privilegeWithdrawn", - "aACompromise"}; - - /** - * Search the given Set of TrustAnchor's for one that is the - * issuer of the given X509 certificate. Uses the default provider - * for signature verification. - * - * @param cert the X509 certificate - * @param trustAnchors a Set of TrustAnchor's - * @return the <code>TrustAnchor</code> object if found or - * <code>null</code> if not. - * @throws AnnotatedException if a TrustAnchor was found but the signature verification - * on the given certificate has thrown an exception. - */ - protected static TrustAnchor findTrustAnchor( - X509Certificate cert, - Set trustAnchors) - throws AnnotatedException - { - return findTrustAnchor(cert, trustAnchors, null); - } - - /** - * Search the given Set of TrustAnchor's for one that is the - * issuer of the given X509 certificate. Uses the specified - * provider for signature verification, or the default provider - * if null. - * - * @param cert the X509 certificate - * @param trustAnchors a Set of TrustAnchor's - * @param sigProvider the provider to use for signature verification - * @return the <code>TrustAnchor</code> object if found or - * <code>null</code> if not. - * @throws AnnotatedException if a TrustAnchor was found but the signature verification - * on the given certificate has thrown an exception. - */ - protected static TrustAnchor findTrustAnchor( - X509Certificate cert, - Set trustAnchors, - String sigProvider) - throws AnnotatedException - { - TrustAnchor trust = null; - PublicKey trustPublicKey = null; - Exception invalidKeyEx = null; - - X509CertSelector certSelectX509 = new X509CertSelector(); - X500Principal certIssuer = getEncodedIssuerPrincipal(cert); - - try - { - certSelectX509.setSubject(certIssuer.getEncoded()); - } - catch (IOException ex) - { - throw new AnnotatedException("Cannot set subject search criteria for trust anchor.", ex); - } - - Iterator iter = trustAnchors.iterator(); - while (iter.hasNext() && trust == null) - { - trust = (TrustAnchor)iter.next(); - if (trust.getTrustedCert() != null) - { - if (certSelectX509.match(trust.getTrustedCert())) - { - trustPublicKey = trust.getTrustedCert().getPublicKey(); - } - else - { - trust = null; - } - } - else if (trust.getCAName() != null - && trust.getCAPublicKey() != null) - { - try - { - X500Principal caName = new X500Principal(trust.getCAName()); - if (certIssuer.equals(caName)) - { - trustPublicKey = trust.getCAPublicKey(); - } - else - { - trust = null; - } - } - catch (IllegalArgumentException ex) - { - trust = null; - } - } - else - { - trust = null; - } - - if (trustPublicKey != null) - { - try - { - verifyX509Certificate(cert, trustPublicKey, sigProvider); - } - catch (Exception ex) - { - invalidKeyEx = ex; - trust = null; - trustPublicKey = null; - } - } - } - - if (trust == null && invalidKeyEx != null) - { - throw new AnnotatedException("TrustAnchor found but certificate validation failed.", invalidKeyEx); - } - - return trust; - } - - protected static void addAdditionalStoresFromAltNames( - X509Certificate cert, - ExtendedPKIXParameters pkixParams) - throws CertificateParsingException - { - // if in the IssuerAltName extension an URI - // is given, add an additinal X.509 store - if (cert.getIssuerAlternativeNames() != null) - { - Iterator it = cert.getIssuerAlternativeNames().iterator(); - while (it.hasNext()) - { - // look for URI - List list = (List)it.next(); - if (list.get(0).equals(Integers.valueOf(GeneralName.uniformResourceIdentifier))) - { - // found - String temp = (String)list.get(1); - CertPathValidatorUtilities.addAdditionalStoreFromLocation(temp, pkixParams); - } - } - } - } - - /** - * Returns the issuer of an attribute certificate or certificate. - * - * @param cert The attribute certificate or certificate. - * @return The issuer as <code>X500Principal</code>. - */ - protected static X500Principal getEncodedIssuerPrincipal( - Object cert) - { - if (cert instanceof X509Certificate) - { - return ((X509Certificate)cert).getIssuerX500Principal(); - } - else - { - return (X500Principal)((X509AttributeCertificate)cert).getIssuer().getPrincipals()[0]; - } - } - - protected static Date getValidDate(PKIXParameters paramsPKIX) - { - Date validDate = paramsPKIX.getDate(); - - if (validDate == null) - { - validDate = new Date(); - } - - return validDate; - } - - protected static X500Principal getSubjectPrincipal(X509Certificate cert) - { - return cert.getSubjectX500Principal(); - } - - protected static boolean isSelfIssued(X509Certificate cert) - { - return cert.getSubjectDN().equals(cert.getIssuerDN()); - } - - - /** - * Extract the value of the given extension, if it exists. - * - * @param ext The extension object. - * @param oid The object identifier to obtain. - * @throws AnnotatedException if the extension cannot be read. - */ - protected static ASN1Primitive getExtensionValue( - java.security.cert.X509Extension ext, - String oid) - throws AnnotatedException - { - byte[] bytes = ext.getExtensionValue(oid); - if (bytes == null) - { - return null; - } - - return getObject(oid, bytes); - } - - private static ASN1Primitive getObject( - String oid, - byte[] ext) - throws AnnotatedException - { - try - { - ASN1InputStream aIn = new ASN1InputStream(ext); - ASN1OctetString octs = (ASN1OctetString)aIn.readObject(); - - aIn = new ASN1InputStream(octs.getOctets()); - return aIn.readObject(); - } - catch (Exception e) - { - throw new AnnotatedException("exception processing extension " + oid, e); - } - } - - protected static X500Principal getIssuerPrincipal(X509CRL crl) - { - return crl.getIssuerX500Principal(); - } - - protected static AlgorithmIdentifier getAlgorithmIdentifier( - PublicKey key) - throws CertPathValidatorException - { - try - { - ASN1InputStream aIn = new ASN1InputStream(key.getEncoded()); - - SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(aIn.readObject()); - - return info.getAlgorithmId(); - } - catch (Exception e) - { - throw new ExtCertPathValidatorException("Subject public key cannot be decoded.", e); - } - } - - // crl checking - - - // - // policy checking - // - - protected static final Set getQualifierSet(ASN1Sequence qualifiers) - throws CertPathValidatorException - { - Set pq = new HashSet(); - - if (qualifiers == null) - { - return pq; - } - - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - ASN1OutputStream aOut = new ASN1OutputStream(bOut); - - Enumeration e = qualifiers.getObjects(); - - while (e.hasMoreElements()) - { - try - { - aOut.writeObject((ASN1Encodable)e.nextElement()); - - pq.add(new PolicyQualifierInfo(bOut.toByteArray())); - } - catch (IOException ex) - { - throw new ExtCertPathValidatorException("Policy qualifier info cannot be decoded.", ex); - } - - bOut.reset(); - } - - return pq; - } - - protected static PKIXPolicyNode removePolicyNode( - PKIXPolicyNode validPolicyTree, - List[] policyNodes, - PKIXPolicyNode _node) - { - PKIXPolicyNode _parent = (PKIXPolicyNode)_node.getParent(); - - if (validPolicyTree == null) - { - return null; - } - - if (_parent == null) - { - for (int j = 0; j < policyNodes.length; j++) - { - policyNodes[j] = new ArrayList(); - } - - return null; - } - else - { - _parent.removeChild(_node); - removePolicyNodeRecurse(policyNodes, _node); - - return validPolicyTree; - } - } - - private static void removePolicyNodeRecurse( - List[] policyNodes, - PKIXPolicyNode _node) - { - policyNodes[_node.getDepth()].remove(_node); - - if (_node.hasChildren()) - { - Iterator _iter = _node.getChildren(); - while (_iter.hasNext()) - { - PKIXPolicyNode _child = (PKIXPolicyNode)_iter.next(); - removePolicyNodeRecurse(policyNodes, _child); - } - } - } - - - protected static boolean processCertD1i( - int index, - List[] policyNodes, - ASN1ObjectIdentifier pOid, - Set pq) - { - List policyNodeVec = policyNodes[index - 1]; - - for (int j = 0; j < policyNodeVec.size(); j++) - { - PKIXPolicyNode node = (PKIXPolicyNode)policyNodeVec.get(j); - Set expectedPolicies = node.getExpectedPolicies(); - - if (expectedPolicies.contains(pOid.getId())) - { - Set childExpectedPolicies = new HashSet(); - childExpectedPolicies.add(pOid.getId()); - - PKIXPolicyNode child = new PKIXPolicyNode(new ArrayList(), - index, - childExpectedPolicies, - node, - pq, - pOid.getId(), - false); - node.addChild(child); - policyNodes[index].add(child); - - return true; - } - } - - return false; - } - - protected static void processCertD1ii( - int index, - List[] policyNodes, - ASN1ObjectIdentifier _poid, - Set _pq) - { - List policyNodeVec = policyNodes[index - 1]; - - for (int j = 0; j < policyNodeVec.size(); j++) - { - PKIXPolicyNode _node = (PKIXPolicyNode)policyNodeVec.get(j); - - if (ANY_POLICY.equals(_node.getValidPolicy())) - { - Set _childExpectedPolicies = new HashSet(); - _childExpectedPolicies.add(_poid.getId()); - - PKIXPolicyNode _child = new PKIXPolicyNode(new ArrayList(), - index, - _childExpectedPolicies, - _node, - _pq, - _poid.getId(), - false); - _node.addChild(_child); - policyNodes[index].add(_child); - return; - } - } - } - - protected static void prepareNextCertB1( - int i, - List[] policyNodes, - String id_p, - Map m_idp, - X509Certificate cert - ) - throws AnnotatedException, CertPathValidatorException - { - boolean idp_found = false; - Iterator nodes_i = policyNodes[i].iterator(); - while (nodes_i.hasNext()) - { - PKIXPolicyNode node = (PKIXPolicyNode)nodes_i.next(); - if (node.getValidPolicy().equals(id_p)) - { - idp_found = true; - node.expectedPolicies = (Set)m_idp.get(id_p); - break; - } - } - - if (!idp_found) - { - nodes_i = policyNodes[i].iterator(); - while (nodes_i.hasNext()) - { - PKIXPolicyNode node = (PKIXPolicyNode)nodes_i.next(); - if (ANY_POLICY.equals(node.getValidPolicy())) - { - Set pq = null; - ASN1Sequence policies = null; - try - { - policies = DERSequence.getInstance(getExtensionValue(cert, CERTIFICATE_POLICIES)); - } - catch (Exception e) - { - throw new AnnotatedException("Certificate policies cannot be decoded.", e); - } - Enumeration e = policies.getObjects(); - while (e.hasMoreElements()) - { - PolicyInformation pinfo = null; - - try - { - pinfo = PolicyInformation.getInstance(e.nextElement()); - } - catch (Exception ex) - { - throw new AnnotatedException("Policy information cannot be decoded.", ex); - } - if (ANY_POLICY.equals(pinfo.getPolicyIdentifier().getId())) - { - try - { - pq = getQualifierSet(pinfo.getPolicyQualifiers()); - } - catch (CertPathValidatorException ex) - { - throw new ExtCertPathValidatorException( - "Policy qualifier info set could not be built.", ex); - } - break; - } - } - boolean ci = false; - if (cert.getCriticalExtensionOIDs() != null) - { - ci = cert.getCriticalExtensionOIDs().contains(CERTIFICATE_POLICIES); - } - - PKIXPolicyNode p_node = (PKIXPolicyNode)node.getParent(); - if (ANY_POLICY.equals(p_node.getValidPolicy())) - { - PKIXPolicyNode c_node = new PKIXPolicyNode( - new ArrayList(), i, - (Set)m_idp.get(id_p), - p_node, pq, id_p, ci); - p_node.addChild(c_node); - policyNodes[i].add(c_node); - } - break; - } - } - } - } - - protected static PKIXPolicyNode prepareNextCertB2( - int i, - List[] policyNodes, - String id_p, - PKIXPolicyNode validPolicyTree) - { - Iterator nodes_i = policyNodes[i].iterator(); - while (nodes_i.hasNext()) - { - PKIXPolicyNode node = (PKIXPolicyNode)nodes_i.next(); - if (node.getValidPolicy().equals(id_p)) - { - PKIXPolicyNode p_node = (PKIXPolicyNode)node.getParent(); - p_node.removeChild(node); - nodes_i.remove(); - for (int k = (i - 1); k >= 0; k--) - { - List nodes = policyNodes[k]; - for (int l = 0; l < nodes.size(); l++) - { - PKIXPolicyNode node2 = (PKIXPolicyNode)nodes.get(l); - if (!node2.hasChildren()) - { - validPolicyTree = removePolicyNode(validPolicyTree, policyNodes, node2); - if (validPolicyTree == null) - { - break; - } - } - } - } - } - } - return validPolicyTree; - } - - protected static boolean isAnyPolicy( - Set policySet) - { - return policySet == null || policySet.contains(ANY_POLICY) || policySet.isEmpty(); - } - - protected static void addAdditionalStoreFromLocation(String location, - ExtendedPKIXParameters pkixParams) - { - if (pkixParams.isAdditionalLocationsEnabled()) - { - try - { - if (location.startsWith("ldap://")) - { - // ldap://directory.d-trust.net/CN=D-TRUST - // Qualified CA 2003 1:PN,O=D-Trust GmbH,C=DE - // skip "ldap://" - location = location.substring(7); - // after first / baseDN starts - String base = null; - String url = null; - if (location.indexOf("/") != -1) - { - base = location.substring(location.indexOf("/")); - // URL - url = "ldap://" - + location.substring(0, location.indexOf("/")); - } - else - { - url = "ldap://" + location; - } - // use all purpose parameters - X509LDAPCertStoreParameters params = new X509LDAPCertStoreParameters.Builder( - url, base).build(); - pkixParams.addAdditionalStore(X509Store.getInstance( - "CERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME)); - pkixParams.addAdditionalStore(X509Store.getInstance( - "CRL/LDAP", params, BouncyCastleProvider.PROVIDER_NAME)); - pkixParams.addAdditionalStore(X509Store.getInstance( - "ATTRIBUTECERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME)); - pkixParams.addAdditionalStore(X509Store.getInstance( - "CERTIFICATEPAIR/LDAP", params, BouncyCastleProvider.PROVIDER_NAME)); - } - } - catch (Exception e) - { - // cannot happen - throw new RuntimeException("Exception adding X.509 stores."); - } - } - } - - /** - * Return a Collection of all certificates or attribute certificates found - * in the X509Store's that are matching the certSelect criteriums. - * - * @param certSelect a {@link Selector} object that will be used to select - * the certificates - * @param certStores a List containing only {@link X509Store} objects. These - * are used to search for certificates. - * @return a Collection of all found {@link X509Certificate} or - * {@link org.bouncycastle.x509.X509AttributeCertificate} objects. - * May be empty but never <code>null</code>. - */ - protected static Collection findCertificates(X509CertStoreSelector certSelect, - List certStores) - throws AnnotatedException - { - Set certs = new HashSet(); - Iterator iter = certStores.iterator(); - - while (iter.hasNext()) - { - Object obj = iter.next(); - - if (obj instanceof X509Store) - { - X509Store certStore = (X509Store)obj; - try - { - certs.addAll(certStore.getMatches(certSelect)); - } - catch (StoreException e) - { - throw new AnnotatedException( - "Problem while picking certificates from X.509 store.", e); - } - } - else - { - CertStore certStore = (CertStore)obj; - - try - { - certs.addAll(certStore.getCertificates(certSelect)); - } - catch (CertStoreException e) - { - throw new AnnotatedException( - "Problem while picking certificates from certificate store.", - e); - } - } - } - return certs; - } - - protected static Collection findCertificates(X509AttributeCertStoreSelector certSelect, - List certStores) - throws AnnotatedException - { - Set certs = new HashSet(); - Iterator iter = certStores.iterator(); - - while (iter.hasNext()) - { - Object obj = iter.next(); - - if (obj instanceof X509Store) - { - X509Store certStore = (X509Store)obj; - try - { - certs.addAll(certStore.getMatches(certSelect)); - } - catch (StoreException e) - { - throw new AnnotatedException( - "Problem while picking certificates from X.509 store.", e); - } - } - } - return certs; - } - - protected static void addAdditionalStoresFromCRLDistributionPoint( - CRLDistPoint crldp, ExtendedPKIXParameters pkixParams) - throws AnnotatedException - { - if (crldp != null) - { - DistributionPoint dps[] = null; - try - { - dps = crldp.getDistributionPoints(); - } - catch (Exception e) - { - throw new AnnotatedException( - "Distribution points could not be read.", e); - } - for (int i = 0; i < dps.length; i++) - { - DistributionPointName dpn = dps[i].getDistributionPoint(); - // look for URIs in fullName - if (dpn != null) - { - if (dpn.getType() == DistributionPointName.FULL_NAME) - { - GeneralName[] genNames = GeneralNames.getInstance( - dpn.getName()).getNames(); - // look for an URI - for (int j = 0; j < genNames.length; j++) - { - if (genNames[j].getTagNo() == GeneralName.uniformResourceIdentifier) - { - String location = DERIA5String.getInstance( - genNames[j].getName()).getString(); - CertPathValidatorUtilities - .addAdditionalStoreFromLocation(location, - pkixParams); - } - } - } - } - } - } - } - - /** - * Add the CRL issuers from the cRLIssuer field of the distribution point or - * from the certificate if not given to the issuer criterion of the - * <code>selector</code>. - * <p/> - * The <code>issuerPrincipals</code> are a collection with a single - * <code>X500Principal</code> for <code>X509Certificate</code>s. For - * {@link X509AttributeCertificate}s the issuer may contain more than one - * <code>X500Principal</code>. - * - * @param dp The distribution point. - * @param issuerPrincipals The issuers of the certificate or attribute - * certificate which contains the distribution point. - * @param selector The CRL selector. - * @param pkixParams The PKIX parameters containing the cert stores. - * @throws AnnotatedException if an exception occurs while processing. - * @throws ClassCastException if <code>issuerPrincipals</code> does not - * contain only <code>X500Principal</code>s. - */ - protected static void getCRLIssuersFromDistributionPoint( - DistributionPoint dp, - Collection issuerPrincipals, - X509CRLSelector selector, - ExtendedPKIXParameters pkixParams) - throws AnnotatedException - { - List issuers = new ArrayList(); - // indirect CRL - if (dp.getCRLIssuer() != null) - { - GeneralName genNames[] = dp.getCRLIssuer().getNames(); - // look for a DN - for (int j = 0; j < genNames.length; j++) - { - if (genNames[j].getTagNo() == GeneralName.directoryName) - { - try - { - issuers.add(new X500Principal(genNames[j].getName() - .toASN1Primitive().getEncoded())); - } - catch (IOException e) - { - throw new AnnotatedException( - "CRL issuer information from distribution point cannot be decoded.", - e); - } - } - } - } - else - { - /* - * certificate issuer is CRL issuer, distributionPoint field MUST be - * present. - */ - if (dp.getDistributionPoint() == null) - { - throw new AnnotatedException( - "CRL issuer is omitted from distribution point but no distributionPoint field present."); - } - // add and check issuer principals - for (Iterator it = issuerPrincipals.iterator(); it.hasNext(); ) - { - issuers.add((X500Principal)it.next()); - } - } - // TODO: is not found although this should correctly add the rel name. selector of Sun is buggy here or PKI test case is invalid - // distributionPoint -// if (dp.getDistributionPoint() != null) -// { -// // look for nameRelativeToCRLIssuer -// if (dp.getDistributionPoint().getType() == DistributionPointName.NAME_RELATIVE_TO_CRL_ISSUER) -// { -// // append fragment to issuer, only one -// // issuer can be there, if this is given -// if (issuers.size() != 1) -// { -// throw new AnnotatedException( -// "nameRelativeToCRLIssuer field is given but more than one CRL issuer is given."); -// } -// ASN1Encodable relName = dp.getDistributionPoint().getName(); -// Iterator it = issuers.iterator(); -// List issuersTemp = new ArrayList(issuers.size()); -// while (it.hasNext()) -// { -// Enumeration e = null; -// try -// { -// e = ASN1Sequence.getInstance( -// new ASN1InputStream(((X500Principal) it.next()) -// .getEncoded()).readObject()).getObjects(); -// } -// catch (IOException ex) -// { -// throw new AnnotatedException( -// "Cannot decode CRL issuer information.", ex); -// } -// ASN1EncodableVector v = new ASN1EncodableVector(); -// while (e.hasMoreElements()) -// { -// v.add((ASN1Encodable) e.nextElement()); -// } -// v.add(relName); -// issuersTemp.add(new X500Principal(new DERSequence(v) -// .getDEREncoded())); -// } -// issuers.clear(); -// issuers.addAll(issuersTemp); -// } -// } - Iterator it = issuers.iterator(); - while (it.hasNext()) - { - try - { - selector.addIssuerName(((X500Principal)it.next()).getEncoded()); - } - catch (IOException ex) - { - throw new AnnotatedException( - "Cannot decode CRL issuer information.", ex); - } - } - } - - private static BigInteger getSerialNumber( - Object cert) - { - if (cert instanceof X509Certificate) - { - return ((X509Certificate)cert).getSerialNumber(); - } - else - { - return ((X509AttributeCertificate)cert).getSerialNumber(); - } - } - - protected static void getCertStatus( - Date validDate, - X509CRL crl, - Object cert, - CertStatus certStatus) - throws AnnotatedException - { - X509CRLEntry crl_entry = null; - - boolean isIndirect; - try - { - isIndirect = X509CRLObject.isIndirectCRL(crl); - } - catch (CRLException exception) - { - throw new AnnotatedException("Failed check for indirect CRL.", exception); - } - - if (isIndirect) - { - crl_entry = crl.getRevokedCertificate(getSerialNumber(cert)); - - if (crl_entry == null) - { - return; - } - - X500Principal certIssuer = crl_entry.getCertificateIssuer(); - - if (certIssuer == null) - { - certIssuer = getIssuerPrincipal(crl); - } - - if (!getEncodedIssuerPrincipal(cert).equals(certIssuer)) - { - return; - } - } - else if (!getEncodedIssuerPrincipal(cert).equals(getIssuerPrincipal(crl))) - { - return; // not for our issuer, ignore - } - else - { - crl_entry = crl.getRevokedCertificate(getSerialNumber(cert)); - - if (crl_entry == null) - { - return; - } - } - - ASN1Enumerated reasonCode = null; - if (crl_entry.hasExtensions()) - { - try - { - reasonCode = ASN1Enumerated - .getInstance(CertPathValidatorUtilities - .getExtensionValue(crl_entry, - X509Extension.reasonCode.getId())); - } - catch (Exception e) - { - throw new AnnotatedException( - "Reason code CRL entry extension could not be decoded.", - e); - } - } - - // for reason keyCompromise, caCompromise, aACompromise or - // unspecified - if (!(validDate.getTime() < crl_entry.getRevocationDate().getTime()) - || reasonCode == null - || reasonCode.getValue().intValue() == 0 - || reasonCode.getValue().intValue() == 1 - || reasonCode.getValue().intValue() == 2 - || reasonCode.getValue().intValue() == 8) - { - - // (i) or (j) (1) - if (reasonCode != null) - { - certStatus.setCertStatus(reasonCode.getValue().intValue()); - } - // (i) or (j) (2) - else - { - certStatus.setCertStatus(CRLReason.unspecified); - } - certStatus.setRevocationDate(crl_entry.getRevocationDate()); - } - } - - /** - * Fetches delta CRLs according to RFC 3280 section 5.2.4. - * - * @param currentDate The date for which the delta CRLs must be valid. - * @param paramsPKIX The extended PKIX parameters. - * @param completeCRL The complete CRL the delta CRL is for. - * @return A <code>Set</code> of <code>X509CRL</code>s with delta CRLs. - * @throws AnnotatedException if an exception occurs while picking the delta - * CRLs. - */ - protected static Set getDeltaCRLs(Date currentDate, - ExtendedPKIXParameters paramsPKIX, X509CRL completeCRL) - throws AnnotatedException - { - - X509CRLStoreSelector deltaSelect = new X509CRLStoreSelector(); - - // 5.2.4 (a) - try - { - deltaSelect.addIssuerName(CertPathValidatorUtilities - .getIssuerPrincipal(completeCRL).getEncoded()); - } - catch (IOException e) - { - throw new AnnotatedException("Cannot extract issuer from CRL.", e); - } - - BigInteger completeCRLNumber = null; - try - { - ASN1Primitive derObject = CertPathValidatorUtilities.getExtensionValue(completeCRL, - CRL_NUMBER); - if (derObject != null) - { - completeCRLNumber = ASN1Integer.getInstance(derObject).getPositiveValue(); - } - } - catch (Exception e) - { - throw new AnnotatedException( - "CRL number extension could not be extracted from CRL.", e); - } - - // 5.2.4 (b) - byte[] idp = null; - try - { - idp = completeCRL.getExtensionValue(ISSUING_DISTRIBUTION_POINT); - } - catch (Exception e) - { - throw new AnnotatedException( - "Issuing distribution point extension value could not be read.", - e); - } - - // 5.2.4 (d) - - deltaSelect.setMinCRLNumber(completeCRLNumber == null ? null : completeCRLNumber - .add(BigInteger.valueOf(1))); - - deltaSelect.setIssuingDistributionPoint(idp); - deltaSelect.setIssuingDistributionPointEnabled(true); - - // 5.2.4 (c) - deltaSelect.setMaxBaseCRLNumber(completeCRLNumber); - - // find delta CRLs - Set temp = CRL_UTIL.findCRLs(deltaSelect, paramsPKIX, currentDate); - - Set result = new HashSet(); - - for (Iterator it = temp.iterator(); it.hasNext(); ) - { - X509CRL crl = (X509CRL)it.next(); - - if (isDeltaCRL(crl)) - { - result.add(crl); - } - } - - return result; - } - - private static boolean isDeltaCRL(X509CRL crl) - { - Set critical = crl.getCriticalExtensionOIDs(); - - if (critical == null) - { - return false; - } - - return critical.contains(RFC3280CertPathUtilities.DELTA_CRL_INDICATOR); - } - - /** - * Fetches complete CRLs according to RFC 3280. - * - * @param dp The distribution point for which the complete CRL - * @param cert The <code>X509Certificate</code> or - * {@link org.bouncycastle.x509.X509AttributeCertificate} for - * which the CRL should be searched. - * @param currentDate The date for which the delta CRLs must be valid. - * @param paramsPKIX The extended PKIX parameters. - * @return A <code>Set</code> of <code>X509CRL</code>s with complete - * CRLs. - * @throws AnnotatedException if an exception occurs while picking the CRLs - * or no CRLs are found. - */ - protected static Set getCompleteCRLs(DistributionPoint dp, Object cert, - Date currentDate, ExtendedPKIXParameters paramsPKIX) - throws AnnotatedException - { - X509CRLStoreSelector crlselect = new X509CRLStoreSelector(); - try - { - Set issuers = new HashSet(); - if (cert instanceof X509AttributeCertificate) - { - issuers.add(((X509AttributeCertificate)cert) - .getIssuer().getPrincipals()[0]); - } - else - { - issuers.add(getEncodedIssuerPrincipal(cert)); - } - CertPathValidatorUtilities.getCRLIssuersFromDistributionPoint(dp, issuers, crlselect, paramsPKIX); - } - catch (AnnotatedException e) - { - throw new AnnotatedException( - "Could not get issuer information from distribution point.", e); - } - if (cert instanceof X509Certificate) - { - crlselect.setCertificateChecking((X509Certificate)cert); - } - else if (cert instanceof X509AttributeCertificate) - { - crlselect.setAttrCertificateChecking((X509AttributeCertificate)cert); - } - - - crlselect.setCompleteCRLEnabled(true); - - Set crls = CRL_UTIL.findCRLs(crlselect, paramsPKIX, currentDate); - - if (crls.isEmpty()) - { - if (cert instanceof X509AttributeCertificate) - { - X509AttributeCertificate aCert = (X509AttributeCertificate)cert; - - throw new AnnotatedException("No CRLs found for issuer \"" + aCert.getIssuer().getPrincipals()[0] + "\""); - } - else - { - X509Certificate xCert = (X509Certificate)cert; - - throw new AnnotatedException("No CRLs found for issuer \"" + xCert.getIssuerX500Principal() + "\""); - } - } - return crls; - } - - protected static Date getValidCertDateFromValidityModel( - ExtendedPKIXParameters paramsPKIX, CertPath certPath, int index) - throws AnnotatedException - { - if (paramsPKIX.getValidityModel() == ExtendedPKIXParameters.CHAIN_VALIDITY_MODEL) - { - // if end cert use given signing/encryption/... time - if (index <= 0) - { - return CertPathValidatorUtilities.getValidDate(paramsPKIX); - // else use time when previous cert was created - } - else - { - if (index - 1 == 0) - { - ASN1GeneralizedTime dateOfCertgen = null; - try - { - byte[] extBytes = ((X509Certificate)certPath.getCertificates().get(index - 1)).getExtensionValue(ISISMTTObjectIdentifiers.id_isismtt_at_dateOfCertGen.getId()); - if (extBytes != null) - { - dateOfCertgen = ASN1GeneralizedTime.getInstance(ASN1Primitive.fromByteArray(extBytes)); - } - } - catch (IOException e) - { - throw new AnnotatedException( - "Date of cert gen extension could not be read."); - } - catch (IllegalArgumentException e) - { - throw new AnnotatedException( - "Date of cert gen extension could not be read."); - } - if (dateOfCertgen != null) - { - try - { - return dateOfCertgen.getDate(); - } - catch (ParseException e) - { - throw new AnnotatedException( - "Date from date of cert gen extension could not be parsed.", - e); - } - } - return ((X509Certificate)certPath.getCertificates().get( - index - 1)).getNotBefore(); - } - else - { - return ((X509Certificate)certPath.getCertificates().get( - index - 1)).getNotBefore(); - } - } - } - else - { - return getValidDate(paramsPKIX); - } - } - - /** - * Return the next working key inheriting DSA parameters if necessary. - * <p> - * This methods inherits DSA parameters from the indexed certificate or - * previous certificates in the certificate chain to the returned - * <code>PublicKey</code>. The list is searched upwards, meaning the end - * certificate is at position 0 and previous certificates are following. - * </p> - * <p> - * If the indexed certificate does not contain a DSA key this method simply - * returns the public key. If the DSA key already contains DSA parameters - * the key is also only returned. - * </p> - * - * @param certs The certification path. - * @param index The index of the certificate which contains the public key - * which should be extended with DSA parameters. - * @return The public key of the certificate in list position - * <code>index</code> extended with DSA parameters if applicable. - * @throws AnnotatedException if DSA parameters cannot be inherited. - */ - protected static PublicKey getNextWorkingKey(List certs, int index) - throws CertPathValidatorException - { - Certificate cert = (Certificate)certs.get(index); - PublicKey pubKey = cert.getPublicKey(); - if (!(pubKey instanceof DSAPublicKey)) - { - return pubKey; - } - DSAPublicKey dsaPubKey = (DSAPublicKey)pubKey; - if (dsaPubKey.getParams() != null) - { - return dsaPubKey; - } - for (int i = index + 1; i < certs.size(); i++) - { - X509Certificate parentCert = (X509Certificate)certs.get(i); - pubKey = parentCert.getPublicKey(); - if (!(pubKey instanceof DSAPublicKey)) - { - throw new CertPathValidatorException( - "DSA parameters cannot be inherited from previous certificate."); - } - DSAPublicKey prevDSAPubKey = (DSAPublicKey)pubKey; - if (prevDSAPubKey.getParams() == null) - { - continue; - } - DSAParams dsaParams = prevDSAPubKey.getParams(); - DSAPublicKeySpec dsaPubKeySpec = new DSAPublicKeySpec( - dsaPubKey.getY(), dsaParams.getP(), dsaParams.getQ(), dsaParams.getG()); - try - { - KeyFactory keyFactory = KeyFactory.getInstance("DSA", BouncyCastleProvider.PROVIDER_NAME); - return keyFactory.generatePublic(dsaPubKeySpec); - } - catch (Exception exception) - { - throw new RuntimeException(exception.getMessage()); - } - } - throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate."); - } - - /** - * Find the issuer certificates of a given certificate. - * - * @param cert The certificate for which an issuer should be found. - * @param pkixParams - * @return A <code>Collection</code> object containing the issuer - * <code>X509Certificate</code>s. Never <code>null</code>. - * @throws AnnotatedException if an error occurs. - */ - protected static Collection findIssuerCerts( - X509Certificate cert, - ExtendedPKIXBuilderParameters pkixParams) - throws AnnotatedException - { - X509CertStoreSelector certSelect = new X509CertStoreSelector(); - Set certs = new HashSet(); - try - { - certSelect.setSubject(cert.getIssuerX500Principal().getEncoded()); - } - catch (IOException ex) - { - throw new AnnotatedException( - "Subject criteria for certificate selector to find issuer certificate could not be set.", ex); - } - - Iterator iter; - - try - { - List matches = new ArrayList(); - - matches.addAll(CertPathValidatorUtilities.findCertificates(certSelect, pkixParams.getCertStores())); - matches.addAll(CertPathValidatorUtilities.findCertificates(certSelect, pkixParams.getStores())); - matches.addAll(CertPathValidatorUtilities.findCertificates(certSelect, pkixParams.getAdditionalStores())); - - iter = matches.iterator(); - } - catch (AnnotatedException e) - { - throw new AnnotatedException("Issuer certificate cannot be searched.", e); - } - - X509Certificate issuer = null; - while (iter.hasNext()) - { - issuer = (X509Certificate)iter.next(); - // issuer cannot be verified because possible DSA inheritance - // parameters are missing - certs.add(issuer); - } - return certs; - } - - protected static void verifyX509Certificate(X509Certificate cert, PublicKey publicKey, - String sigProvider) - throws GeneralSecurityException - { - if (sigProvider == null) - { - cert.verify(publicKey); - } - else - { - cert.verify(publicKey, sigProvider); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/CertStatus.java b/prov/src/main/java/org/bouncycastle/jce/provider/CertStatus.java deleted file mode 100644 index ba3da165..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/CertStatus.java +++ /dev/null @@ -1,46 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.util.Date; - -class CertStatus -{ - public static final int UNREVOKED = 11; - - public static final int UNDETERMINED = 12; - - int certStatus = UNREVOKED; - - Date revocationDate = null; - - /** - * @return Returns the revocationDate. - */ - public Date getRevocationDate() - { - return revocationDate; - } - - /** - * @param revocationDate The revocationDate to set. - */ - public void setRevocationDate(Date revocationDate) - { - this.revocationDate = revocationDate; - } - - /** - * @return Returns the certStatus. - */ - public int getCertStatus() - { - return certStatus; - } - - /** - * @param certStatus The certStatus to set. - */ - public void setCertStatus(int certStatus) - { - this.certStatus = certStatus; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/CertStoreCollectionSpi.java b/prov/src/main/java/org/bouncycastle/jce/provider/CertStoreCollectionSpi.java deleted file mode 100644 index 210d986d..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/CertStoreCollectionSpi.java +++ /dev/null @@ -1,104 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.InvalidAlgorithmParameterException; -import java.security.cert.CRL; -import java.security.cert.CRLSelector; -import java.security.cert.CertSelector; -import java.security.cert.CertStoreException; -import java.security.cert.CertStoreParameters; -import java.security.cert.CertStoreSpi; -import java.security.cert.Certificate; -import java.security.cert.CollectionCertStoreParameters; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Iterator; -import java.util.List; - -public class CertStoreCollectionSpi extends CertStoreSpi -{ - private CollectionCertStoreParameters params; - - public CertStoreCollectionSpi(CertStoreParameters params) - throws InvalidAlgorithmParameterException - { - super(params); - - if (!(params instanceof CollectionCertStoreParameters)) - { - throw new InvalidAlgorithmParameterException("org.bouncycastle.jce.provider.CertStoreCollectionSpi: parameter must be a CollectionCertStoreParameters object\n" + params.toString()); - } - - this.params = (CollectionCertStoreParameters)params; - } - - public Collection engineGetCertificates( - CertSelector selector) - throws CertStoreException - { - List col = new ArrayList(); - Iterator iter = params.getCollection().iterator(); - - if (selector == null) - { - while (iter.hasNext()) - { - Object obj = iter.next(); - - if (obj instanceof Certificate) - { - col.add(obj); - } - } - } - else - { - while (iter.hasNext()) - { - Object obj = iter.next(); - - if ((obj instanceof Certificate) && selector.match((Certificate)obj)) - { - col.add(obj); - } - } - } - - return col; - } - - - public Collection engineGetCRLs( - CRLSelector selector) - throws CertStoreException - { - List col = new ArrayList(); - Iterator iter = params.getCollection().iterator(); - - if (selector == null) - { - while (iter.hasNext()) - { - Object obj = iter.next(); - - if (obj instanceof CRL) - { - col.add(obj); - } - } - } - else - { - while (iter.hasNext()) - { - Object obj = iter.next(); - - if ((obj instanceof CRL) && selector.match((CRL)obj)) - { - col.add(obj); - } - } - } - - return col; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/DHUtil.java b/prov/src/main/java/org/bouncycastle/jce/provider/DHUtil.java deleted file mode 100644 index 2470af99..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/DHUtil.java +++ /dev/null @@ -1,50 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.InvalidKeyException; -import java.security.PrivateKey; -import java.security.PublicKey; - -import javax.crypto.interfaces.DHPrivateKey; -import javax.crypto.interfaces.DHPublicKey; - -import org.bouncycastle.crypto.params.AsymmetricKeyParameter; -import org.bouncycastle.crypto.params.DHParameters; -import org.bouncycastle.crypto.params.DHPrivateKeyParameters; -import org.bouncycastle.crypto.params.DHPublicKeyParameters; - -/** - * utility class for converting jce/jca DH objects - * objects into their org.bouncycastle.crypto counterparts. - */ -public class DHUtil -{ - static public AsymmetricKeyParameter generatePublicKeyParameter( - PublicKey key) - throws InvalidKeyException - { - if (key instanceof DHPublicKey) - { - DHPublicKey k = (DHPublicKey)key; - - return new DHPublicKeyParameters(k.getY(), - new DHParameters(k.getParams().getP(), k.getParams().getG(), null, k.getParams().getL())); - } - - throw new InvalidKeyException("can't identify DH public key."); - } - - static public AsymmetricKeyParameter generatePrivateKeyParameter( - PrivateKey key) - throws InvalidKeyException - { - if (key instanceof DHPrivateKey) - { - DHPrivateKey k = (DHPrivateKey)key; - - return new DHPrivateKeyParameters(k.getX(), - new DHParameters(k.getParams().getP(), k.getParams().getG(), null, k.getParams().getL())); - } - - throw new InvalidKeyException("can't identify DH private key."); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/ExtCRLException.java b/prov/src/main/java/org/bouncycastle/jce/provider/ExtCRLException.java deleted file mode 100644 index 3bc820f3..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/ExtCRLException.java +++ /dev/null @@ -1,20 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.cert.CRLException; - -class ExtCRLException - extends CRLException -{ - Throwable cause; - - ExtCRLException(String message, Throwable cause) - { - super(message); - this.cause = cause; - } - - public Throwable getCause() - { - return cause; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/JCEDHPrivateKey.java b/prov/src/main/java/org/bouncycastle/jce/provider/JCEDHPrivateKey.java deleted file mode 100644 index a30b2df7..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/JCEDHPrivateKey.java +++ /dev/null @@ -1,187 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.IOException; -import java.io.ObjectInputStream; -import java.io.ObjectOutputStream; -import java.math.BigInteger; -import java.util.Enumeration; - -import javax.crypto.interfaces.DHPrivateKey; -import javax.crypto.spec.DHParameterSpec; -import javax.crypto.spec.DHPrivateKeySpec; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.pkcs.DHParameter; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x9.DHDomainParameters; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.crypto.params.DHPrivateKeyParameters; -import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl; -import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; - -public class JCEDHPrivateKey - implements DHPrivateKey, PKCS12BagAttributeCarrier -{ - static final long serialVersionUID = 311058815616901812L; - - BigInteger x; - - private DHParameterSpec dhSpec; - private PrivateKeyInfo info; - - private PKCS12BagAttributeCarrier attrCarrier = new PKCS12BagAttributeCarrierImpl(); - - protected JCEDHPrivateKey() - { - } - - JCEDHPrivateKey( - DHPrivateKey key) - { - this.x = key.getX(); - this.dhSpec = key.getParams(); - } - - JCEDHPrivateKey( - DHPrivateKeySpec spec) - { - this.x = spec.getX(); - this.dhSpec = new DHParameterSpec(spec.getP(), spec.getG()); - } - - JCEDHPrivateKey( - PrivateKeyInfo info) - throws IOException - { - ASN1Sequence seq = ASN1Sequence.getInstance(info.getAlgorithmId().getParameters()); - ASN1Integer derX = ASN1Integer.getInstance(info.parsePrivateKey()); - ASN1ObjectIdentifier id = info.getAlgorithmId().getAlgorithm(); - - this.info = info; - this.x = derX.getValue(); - - if (id.equals(PKCSObjectIdentifiers.dhKeyAgreement)) - { - DHParameter params = DHParameter.getInstance(seq); - - if (params.getL() != null) - { - this.dhSpec = new DHParameterSpec(params.getP(), params.getG(), params.getL().intValue()); - } - else - { - this.dhSpec = new DHParameterSpec(params.getP(), params.getG()); - } - } - else if (id.equals(X9ObjectIdentifiers.dhpublicnumber)) - { - DHDomainParameters params = DHDomainParameters.getInstance(seq); - - this.dhSpec = new DHParameterSpec(params.getP().getValue(), params.getG().getValue()); - } - else - { - throw new IllegalArgumentException("unknown algorithm type: " + id); - } - } - - JCEDHPrivateKey( - DHPrivateKeyParameters params) - { - this.x = params.getX(); - this.dhSpec = new DHParameterSpec(params.getParameters().getP(), params.getParameters().getG(), params.getParameters().getL()); - } - - public String getAlgorithm() - { - return "DH"; - } - - /** - * return the encoding format we produce in getEncoded(). - * - * @return the string "PKCS#8" - */ - public String getFormat() - { - return "PKCS#8"; - } - - /** - * Return a PKCS8 representation of the key. The sequence returned - * represents a full PrivateKeyInfo object. - * - * @return a PKCS8 representation of the key. - */ - public byte[] getEncoded() - { - try - { - if (info != null) - { - return info.getEncoded(ASN1Encoding.DER); - } - - PrivateKeyInfo info = new PrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.dhKeyAgreement, new DHParameter(dhSpec.getP(), dhSpec.getG(), dhSpec.getL())), new ASN1Integer(getX())); - - return info.getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - return null; - } - } - - public DHParameterSpec getParams() - { - return dhSpec; - } - - public BigInteger getX() - { - return x; - } - - private void readObject( - ObjectInputStream in) - throws IOException, ClassNotFoundException - { - x = (BigInteger)in.readObject(); - - this.dhSpec = new DHParameterSpec((BigInteger)in.readObject(), (BigInteger)in.readObject(), in.readInt()); - } - - private void writeObject( - ObjectOutputStream out) - throws IOException - { - out.writeObject(this.getX()); - out.writeObject(dhSpec.getP()); - out.writeObject(dhSpec.getG()); - out.writeInt(dhSpec.getL()); - } - - public void setBagAttribute( - ASN1ObjectIdentifier oid, - ASN1Encodable attribute) - { - attrCarrier.setBagAttribute(oid, attribute); - } - - public ASN1Encodable getBagAttribute( - ASN1ObjectIdentifier oid) - { - return attrCarrier.getBagAttribute(oid); - } - - public Enumeration getBagAttributeKeys() - { - return attrCarrier.getBagAttributeKeys(); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/JCEDHPublicKey.java b/prov/src/main/java/org/bouncycastle/jce/provider/JCEDHPublicKey.java deleted file mode 100644 index 3e6a09a6..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/JCEDHPublicKey.java +++ /dev/null @@ -1,178 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.IOException; -import java.io.ObjectInputStream; -import java.io.ObjectOutputStream; -import java.math.BigInteger; - -import javax.crypto.interfaces.DHPublicKey; -import javax.crypto.spec.DHParameterSpec; -import javax.crypto.spec.DHPublicKeySpec; - -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.pkcs.DHParameter; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x9.DHDomainParameters; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.crypto.params.DHPublicKeyParameters; -import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; - -public class JCEDHPublicKey - implements DHPublicKey -{ - static final long serialVersionUID = -216691575254424324L; - - private BigInteger y; - private DHParameterSpec dhSpec; - private SubjectPublicKeyInfo info; - - JCEDHPublicKey( - DHPublicKeySpec spec) - { - this.y = spec.getY(); - this.dhSpec = new DHParameterSpec(spec.getP(), spec.getG()); - } - - JCEDHPublicKey( - DHPublicKey key) - { - this.y = key.getY(); - this.dhSpec = key.getParams(); - } - - JCEDHPublicKey( - DHPublicKeyParameters params) - { - this.y = params.getY(); - this.dhSpec = new DHParameterSpec(params.getParameters().getP(), params.getParameters().getG(), params.getParameters().getL()); - } - - JCEDHPublicKey( - BigInteger y, - DHParameterSpec dhSpec) - { - this.y = y; - this.dhSpec = dhSpec; - } - - JCEDHPublicKey( - SubjectPublicKeyInfo info) - { - this.info = info; - - ASN1Integer derY; - try - { - derY = (ASN1Integer)info.parsePublicKey(); - } - catch (IOException e) - { - throw new IllegalArgumentException("invalid info structure in DH public key"); - } - - this.y = derY.getValue(); - - ASN1Sequence seq = ASN1Sequence.getInstance(info.getAlgorithmId().getParameters()); - ASN1ObjectIdentifier id = info.getAlgorithmId().getAlgorithm(); - - // we need the PKCS check to handle older keys marked with the X9 oid. - if (id.equals(PKCSObjectIdentifiers.dhKeyAgreement) || isPKCSParam(seq)) - { - DHParameter params = DHParameter.getInstance(seq); - - if (params.getL() != null) - { - this.dhSpec = new DHParameterSpec(params.getP(), params.getG(), params.getL().intValue()); - } - else - { - this.dhSpec = new DHParameterSpec(params.getP(), params.getG()); - } - } - else if (id.equals(X9ObjectIdentifiers.dhpublicnumber)) - { - DHDomainParameters params = DHDomainParameters.getInstance(seq); - - this.dhSpec = new DHParameterSpec(params.getP().getValue(), params.getG().getValue()); - } - else - { - throw new IllegalArgumentException("unknown algorithm type: " + id); - } - } - - public String getAlgorithm() - { - return "DH"; - } - - public String getFormat() - { - return "X.509"; - } - - public byte[] getEncoded() - { - if (info != null) - { - return KeyUtil.getEncodedSubjectPublicKeyInfo(info); - } - - return KeyUtil.getEncodedSubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.dhKeyAgreement, new DHParameter(dhSpec.getP(), dhSpec.getG(), dhSpec.getL())), new ASN1Integer(y)); - } - - public DHParameterSpec getParams() - { - return dhSpec; - } - - public BigInteger getY() - { - return y; - } - - private boolean isPKCSParam(ASN1Sequence seq) - { - if (seq.size() == 2) - { - return true; - } - - if (seq.size() > 3) - { - return false; - } - - ASN1Integer l = ASN1Integer.getInstance(seq.getObjectAt(2)); - ASN1Integer p = ASN1Integer.getInstance(seq.getObjectAt(0)); - - if (l.getValue().compareTo(BigInteger.valueOf(p.getValue().bitLength())) > 0) - { - return false; - } - - return true; - } - - private void readObject( - ObjectInputStream in) - throws IOException, ClassNotFoundException - { - this.y = (BigInteger)in.readObject(); - this.dhSpec = new DHParameterSpec((BigInteger)in.readObject(), (BigInteger)in.readObject(), in.readInt()); - } - - private void writeObject( - ObjectOutputStream out) - throws IOException - { - out.writeObject(this.getY()); - out.writeObject(dhSpec.getP()); - out.writeObject(dhSpec.getG()); - out.writeInt(dhSpec.getL()); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java b/prov/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java deleted file mode 100644 index 67e40b40..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java +++ /dev/null @@ -1,477 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.IOException; -import java.io.ObjectInputStream; -import java.io.ObjectOutputStream; -import java.math.BigInteger; -import java.security.interfaces.ECPrivateKey; -import java.security.spec.ECParameterSpec; -import java.security.spec.ECPoint; -import java.security.spec.ECPrivateKeySpec; -import java.security.spec.EllipticCurve; -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.sec.ECPrivateKeyStructure; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x9.X962Parameters; -import org.bouncycastle.asn1.x9.X9ECParameters; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.crypto.params.ECDomainParameters; -import org.bouncycastle.crypto.params.ECPrivateKeyParameters; -import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; -import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; -import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl; -import org.bouncycastle.jce.interfaces.ECPointEncoder; -import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; -import org.bouncycastle.jce.spec.ECNamedCurveSpec; -import org.bouncycastle.math.ec.ECCurve; - -public class JCEECPrivateKey - implements ECPrivateKey, org.bouncycastle.jce.interfaces.ECPrivateKey, PKCS12BagAttributeCarrier, ECPointEncoder -{ - private String algorithm = "EC"; - private BigInteger d; - private ECParameterSpec ecSpec; - private boolean withCompression; - - private DERBitString publicKey; - - private PKCS12BagAttributeCarrierImpl attrCarrier = new PKCS12BagAttributeCarrierImpl(); - - protected JCEECPrivateKey() - { - } - - public JCEECPrivateKey( - ECPrivateKey key) - { - this.d = key.getS(); - this.algorithm = key.getAlgorithm(); - this.ecSpec = key.getParams(); - } - - public JCEECPrivateKey( - String algorithm, - org.bouncycastle.jce.spec.ECPrivateKeySpec spec) - { - this.algorithm = algorithm; - this.d = spec.getD(); - - if (spec.getParams() != null) // can be null if implicitlyCA - { - ECCurve curve = spec.getParams().getCurve(); - EllipticCurve ellipticCurve; - - ellipticCurve = EC5Util.convertCurve(curve, spec.getParams().getSeed()); - - this.ecSpec = EC5Util.convertSpec(ellipticCurve, spec.getParams()); - } - else - { - this.ecSpec = null; - } - } - - - public JCEECPrivateKey( - String algorithm, - ECPrivateKeySpec spec) - { - this.algorithm = algorithm; - this.d = spec.getS(); - this.ecSpec = spec.getParams(); - } - - public JCEECPrivateKey( - String algorithm, - JCEECPrivateKey key) - { - this.algorithm = algorithm; - this.d = key.d; - this.ecSpec = key.ecSpec; - this.withCompression = key.withCompression; - this.attrCarrier = key.attrCarrier; - this.publicKey = key.publicKey; - } - - public JCEECPrivateKey( - String algorithm, - ECPrivateKeyParameters params, - JCEECPublicKey pubKey, - ECParameterSpec spec) - { - ECDomainParameters dp = params.getParameters(); - - this.algorithm = algorithm; - this.d = params.getD(); - - if (spec == null) - { - EllipticCurve ellipticCurve = EC5Util.convertCurve(dp.getCurve(), dp.getSeed()); - - this.ecSpec = new ECParameterSpec( - ellipticCurve, - new ECPoint( - dp.getG().getAffineXCoord().toBigInteger(), - dp.getG().getAffineYCoord().toBigInteger()), - dp.getN(), - dp.getH().intValue()); - } - else - { - this.ecSpec = spec; - } - - publicKey = getPublicKeyDetails(pubKey); - } - - public JCEECPrivateKey( - String algorithm, - ECPrivateKeyParameters params, - JCEECPublicKey pubKey, - org.bouncycastle.jce.spec.ECParameterSpec spec) - { - ECDomainParameters dp = params.getParameters(); - - this.algorithm = algorithm; - this.d = params.getD(); - - if (spec == null) - { - EllipticCurve ellipticCurve = EC5Util.convertCurve(dp.getCurve(), dp.getSeed()); - - this.ecSpec = new ECParameterSpec( - ellipticCurve, - new ECPoint( - dp.getG().getAffineXCoord().toBigInteger(), - dp.getG().getAffineYCoord().toBigInteger()), - dp.getN(), - dp.getH().intValue()); - } - else - { - EllipticCurve ellipticCurve = EC5Util.convertCurve(spec.getCurve(), spec.getSeed()); - - this.ecSpec = new ECParameterSpec( - ellipticCurve, - new ECPoint( - spec.getG().getAffineXCoord().toBigInteger(), - spec.getG().getAffineYCoord().toBigInteger()), - spec.getN(), - spec.getH().intValue()); - } - - publicKey = getPublicKeyDetails(pubKey); - } - - public JCEECPrivateKey( - String algorithm, - ECPrivateKeyParameters params) - { - this.algorithm = algorithm; - this.d = params.getD(); - this.ecSpec = null; - } - - JCEECPrivateKey( - PrivateKeyInfo info) - throws IOException - { - populateFromPrivKeyInfo(info); - } - - private void populateFromPrivKeyInfo(PrivateKeyInfo info) - throws IOException - { - X962Parameters params = new X962Parameters((ASN1Primitive)info.getPrivateKeyAlgorithm().getParameters()); - - if (params.isNamedCurve()) - { - ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(params.getParameters()); - X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid); - - if (ecP == null) // GOST Curve - { - ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid); - EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed()); - - ecSpec = new ECNamedCurveSpec( - ECGOST3410NamedCurves.getName(oid), - ellipticCurve, - new ECPoint( - gParam.getG().getAffineXCoord().toBigInteger(), - gParam.getG().getAffineYCoord().toBigInteger()), - gParam.getN(), - gParam.getH()); - } - else - { - EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed()); - - ecSpec = new ECNamedCurveSpec( - ECUtil.getCurveName(oid), - ellipticCurve, - new ECPoint( - ecP.getG().getAffineXCoord().toBigInteger(), - ecP.getG().getAffineYCoord().toBigInteger()), - ecP.getN(), - ecP.getH()); - } - } - else if (params.isImplicitlyCA()) - { - ecSpec = null; - } - else - { - X9ECParameters ecP = X9ECParameters.getInstance(params.getParameters()); - EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed()); - - this.ecSpec = new ECParameterSpec( - ellipticCurve, - new ECPoint( - ecP.getG().getAffineXCoord().toBigInteger(), - ecP.getG().getAffineYCoord().toBigInteger()), - ecP.getN(), - ecP.getH().intValue()); - } - - ASN1Encodable privKey = info.parsePrivateKey(); - if (privKey instanceof ASN1Integer) - { - ASN1Integer derD = ASN1Integer.getInstance(privKey); - - this.d = derD.getValue(); - } - else - { - ECPrivateKeyStructure ec = new ECPrivateKeyStructure((ASN1Sequence)privKey); - - this.d = ec.getKey(); - this.publicKey = ec.getPublicKey(); - } - } - - public String getAlgorithm() - { - return algorithm; - } - - /** - * return the encoding format we produce in getEncoded(). - * - * @return the string "PKCS#8" - */ - public String getFormat() - { - return "PKCS#8"; - } - - /** - * Return a PKCS8 representation of the key. The sequence returned - * represents a full PrivateKeyInfo object. - * - * @return a PKCS8 representation of the key. - */ - public byte[] getEncoded() - { - X962Parameters params; - - if (ecSpec instanceof ECNamedCurveSpec) - { - ASN1ObjectIdentifier curveOid = ECUtil.getNamedCurveOid(((ECNamedCurveSpec)ecSpec).getName()); - if (curveOid == null) // guess it's the OID - { - curveOid = new ASN1ObjectIdentifier(((ECNamedCurveSpec)ecSpec).getName()); - } - params = new X962Parameters(curveOid); - } - else if (ecSpec == null) - { - params = new X962Parameters(DERNull.INSTANCE); - } - else - { - ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve()); - - X9ECParameters ecP = new X9ECParameters( - curve, - EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression), - ecSpec.getOrder(), - BigInteger.valueOf(ecSpec.getCofactor()), - ecSpec.getCurve().getSeed()); - - params = new X962Parameters(ecP); - } - - PrivateKeyInfo info; - ECPrivateKeyStructure keyStructure; - - if (publicKey != null) - { - keyStructure = new ECPrivateKeyStructure(this.getS(), publicKey, params); - } - else - { - keyStructure = new ECPrivateKeyStructure(this.getS(), params); - } - - try - { - if (algorithm.equals("ECGOST3410")) - { - info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.toASN1Primitive()), keyStructure.toASN1Primitive()); - } - else - { - - info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.toASN1Primitive()), keyStructure.toASN1Primitive()); - } - - return info.getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - return null; - } - } - - public ECParameterSpec getParams() - { - return ecSpec; - } - - public org.bouncycastle.jce.spec.ECParameterSpec getParameters() - { - if (ecSpec == null) - { - return null; - } - - return EC5Util.convertSpec(ecSpec, withCompression); - } - - org.bouncycastle.jce.spec.ECParameterSpec engineGetSpec() - { - if (ecSpec != null) - { - return EC5Util.convertSpec(ecSpec, withCompression); - } - - return BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); - } - - public BigInteger getS() - { - return d; - } - - public BigInteger getD() - { - return d; - } - - public void setBagAttribute( - ASN1ObjectIdentifier oid, - ASN1Encodable attribute) - { - attrCarrier.setBagAttribute(oid, attribute); - } - - public ASN1Encodable getBagAttribute( - ASN1ObjectIdentifier oid) - { - return attrCarrier.getBagAttribute(oid); - } - - public Enumeration getBagAttributeKeys() - { - return attrCarrier.getBagAttributeKeys(); - } - - public void setPointFormat(String style) - { - withCompression = !("UNCOMPRESSED".equalsIgnoreCase(style)); - } - - public boolean equals(Object o) - { - if (!(o instanceof JCEECPrivateKey)) - { - return false; - } - - JCEECPrivateKey other = (JCEECPrivateKey)o; - - return getD().equals(other.getD()) && (engineGetSpec().equals(other.engineGetSpec())); - } - - public int hashCode() - { - return getD().hashCode() ^ engineGetSpec().hashCode(); - } - - public String toString() - { - StringBuffer buf = new StringBuffer(); - String nl = System.getProperty("line.separator"); - - buf.append("EC Private Key").append(nl); - buf.append(" S: ").append(this.d.toString(16)).append(nl); - - return buf.toString(); - - } - - private DERBitString getPublicKeyDetails(JCEECPublicKey pub) - { - try - { - SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(ASN1Primitive.fromByteArray(pub.getEncoded())); - - return info.getPublicKeyData(); - } - catch (IOException e) - { // should never happen - return null; - } - } - - private void readObject( - ObjectInputStream in) - throws IOException, ClassNotFoundException - { - byte[] enc = (byte[])in.readObject(); - - populateFromPrivKeyInfo(PrivateKeyInfo.getInstance(ASN1Primitive.fromByteArray(enc))); - - this.algorithm = (String)in.readObject(); - this.withCompression = in.readBoolean(); - this.attrCarrier = new PKCS12BagAttributeCarrierImpl(); - - attrCarrier.readObject(in); - } - - private void writeObject( - ObjectOutputStream out) - throws IOException - { - out.writeObject(this.getEncoded()); - out.writeObject(algorithm); - out.writeBoolean(withCompression); - - attrCarrier.writeObject(out); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java b/prov/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java deleted file mode 100644 index c82be8ca..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java +++ /dev/null @@ -1,520 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.IOException; -import java.io.ObjectInputStream; -import java.io.ObjectOutputStream; -import java.math.BigInteger; -import java.security.interfaces.ECPublicKey; -import java.security.spec.ECParameterSpec; -import java.security.spec.ECPoint; -import java.security.spec.ECPublicKeySpec; -import java.security.spec.EllipticCurve; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; -import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x9.X962Parameters; -import org.bouncycastle.asn1.x9.X9ECParameters; -import org.bouncycastle.asn1.x9.X9ECPoint; -import org.bouncycastle.asn1.x9.X9IntegerConverter; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.crypto.params.ECDomainParameters; -import org.bouncycastle.crypto.params.ECPublicKeyParameters; -import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util; -import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; -import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; -import org.bouncycastle.jce.ECGOST3410NamedCurveTable; -import org.bouncycastle.jce.interfaces.ECPointEncoder; -import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec; -import org.bouncycastle.jce.spec.ECNamedCurveSpec; -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.custom.sec.SecP256K1Point; -import org.bouncycastle.math.ec.custom.sec.SecP256R1Point; - -public class JCEECPublicKey - implements ECPublicKey, org.bouncycastle.jce.interfaces.ECPublicKey, ECPointEncoder -{ - private String algorithm = "EC"; - private org.bouncycastle.math.ec.ECPoint q; - private ECParameterSpec ecSpec; - private boolean withCompression; - private GOST3410PublicKeyAlgParameters gostParams; - - public JCEECPublicKey( - String algorithm, - JCEECPublicKey key) - { - this.algorithm = algorithm; - this.q = key.q; - this.ecSpec = key.ecSpec; - this.withCompression = key.withCompression; - this.gostParams = key.gostParams; - } - - public JCEECPublicKey( - String algorithm, - ECPublicKeySpec spec) - { - this.algorithm = algorithm; - this.ecSpec = spec.getParams(); - this.q = EC5Util.convertPoint(ecSpec, spec.getW(), false); - } - - public JCEECPublicKey( - String algorithm, - org.bouncycastle.jce.spec.ECPublicKeySpec spec) - { - this.algorithm = algorithm; - this.q = spec.getQ(); - - if (spec.getParams() != null) // can be null if implictlyCa - { - ECCurve curve = spec.getParams().getCurve(); - EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getParams().getSeed()); - - this.ecSpec = EC5Util.convertSpec(ellipticCurve, spec.getParams()); - } - else - { - if (q.getCurve() == null) - { - org.bouncycastle.jce.spec.ECParameterSpec s = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); - - q = s.getCurve().createPoint(q.getAffineXCoord().toBigInteger(), q.getAffineYCoord().toBigInteger(), false); - } - this.ecSpec = null; - } - } - - public JCEECPublicKey( - String algorithm, - ECPublicKeyParameters params, - ECParameterSpec spec) - { - ECDomainParameters dp = params.getParameters(); - - this.algorithm = algorithm; - this.q = params.getQ(); - - if (spec == null) - { - EllipticCurve ellipticCurve = EC5Util.convertCurve(dp.getCurve(), dp.getSeed()); - - this.ecSpec = createSpec(ellipticCurve, dp); - } - else - { - this.ecSpec = spec; - } - } - - public JCEECPublicKey( - String algorithm, - ECPublicKeyParameters params, - org.bouncycastle.jce.spec.ECParameterSpec spec) - { - ECDomainParameters dp = params.getParameters(); - - this.algorithm = algorithm; - this.q = params.getQ(); - - if (spec == null) - { - EllipticCurve ellipticCurve = EC5Util.convertCurve(dp.getCurve(), dp.getSeed()); - - this.ecSpec = createSpec(ellipticCurve, dp); - } - else - { - EllipticCurve ellipticCurve = EC5Util.convertCurve(spec.getCurve(), spec.getSeed()); - - this.ecSpec = EC5Util.convertSpec(ellipticCurve, spec); - } - } - - /* - * called for implicitCA - */ - public JCEECPublicKey( - String algorithm, - ECPublicKeyParameters params) - { - this.algorithm = algorithm; - this.q = params.getQ(); - this.ecSpec = null; - } - - private ECParameterSpec createSpec(EllipticCurve ellipticCurve, ECDomainParameters dp) - { - return new ECParameterSpec( - ellipticCurve, - new ECPoint( - dp.getG().getAffineXCoord().toBigInteger(), - dp.getG().getAffineYCoord().toBigInteger()), - dp.getN(), - dp.getH().intValue()); - } - - public JCEECPublicKey( - ECPublicKey key) - { - this.algorithm = key.getAlgorithm(); - this.ecSpec = key.getParams(); - this.q = EC5Util.convertPoint(this.ecSpec, key.getW(), false); - } - - JCEECPublicKey( - SubjectPublicKeyInfo info) - { - populateFromPubKeyInfo(info); - } - - private void populateFromPubKeyInfo(SubjectPublicKeyInfo info) - { - if (info.getAlgorithmId().getObjectId().equals(CryptoProObjectIdentifiers.gostR3410_2001)) - { - DERBitString bits = info.getPublicKeyData(); - ASN1OctetString key; - this.algorithm = "ECGOST3410"; - - try - { - key = (ASN1OctetString) ASN1Primitive.fromByteArray(bits.getBytes()); - } - catch (IOException ex) - { - throw new IllegalArgumentException("error recovering public key"); - } - - byte[] keyEnc = key.getOctets(); - byte[] x = new byte[32]; - byte[] y = new byte[32]; - - for (int i = 0; i != x.length; i++) - { - x[i] = keyEnc[32 - 1 - i]; - } - - for (int i = 0; i != y.length; i++) - { - y[i] = keyEnc[64 - 1 - i]; - } - - gostParams = new GOST3410PublicKeyAlgParameters((ASN1Sequence)info.getAlgorithmId().getParameters()); - - ECNamedCurveParameterSpec spec = ECGOST3410NamedCurveTable.getParameterSpec(ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet())); - - ECCurve curve = spec.getCurve(); - EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getSeed()); - - this.q = curve.createPoint(new BigInteger(1, x), new BigInteger(1, y), false); - - ecSpec = new ECNamedCurveSpec( - ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()), - ellipticCurve, - new ECPoint( - spec.getG().getAffineXCoord().toBigInteger(), - spec.getG().getAffineYCoord().toBigInteger()), - spec.getN(), spec.getH()); - - } - else - { - X962Parameters params = new X962Parameters((ASN1Primitive)info.getAlgorithmId().getParameters()); - ECCurve curve; - EllipticCurve ellipticCurve; - - if (params.isNamedCurve()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)params.getParameters(); - X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid); - - curve = ecP.getCurve(); - ellipticCurve = EC5Util.convertCurve(curve, ecP.getSeed()); - - ecSpec = new ECNamedCurveSpec( - ECUtil.getCurveName(oid), - ellipticCurve, - new ECPoint( - ecP.getG().getAffineXCoord().toBigInteger(), - ecP.getG().getAffineYCoord().toBigInteger()), - ecP.getN(), - ecP.getH()); - } - else if (params.isImplicitlyCA()) - { - ecSpec = null; - curve = BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa().getCurve(); - } - else - { - X9ECParameters ecP = X9ECParameters.getInstance(params.getParameters()); - - curve = ecP.getCurve(); - ellipticCurve = EC5Util.convertCurve(curve, ecP.getSeed()); - - this.ecSpec = new ECParameterSpec( - ellipticCurve, - new ECPoint( - ecP.getG().getAffineXCoord().toBigInteger(), - ecP.getG().getAffineYCoord().toBigInteger()), - ecP.getN(), - ecP.getH().intValue()); - } - - DERBitString bits = info.getPublicKeyData(); - byte[] data = bits.getBytes(); - ASN1OctetString key = new DEROctetString(data); - - // - // extra octet string - one of our old certs... - // - if (data[0] == 0x04 && data[1] == data.length - 2 - && (data[2] == 0x02 || data[2] == 0x03)) - { - int qLength = new X9IntegerConverter().getByteLength(curve); - - if (qLength >= data.length - 3) - { - try - { - key = (ASN1OctetString) ASN1Primitive.fromByteArray(data); - } - catch (IOException ex) - { - throw new IllegalArgumentException("error recovering public key"); - } - } - } - X9ECPoint derQ = new X9ECPoint(curve, key); - - this.q = derQ.getPoint(); - } - } - - public String getAlgorithm() - { - return algorithm; - } - - public String getFormat() - { - return "X.509"; - } - - public byte[] getEncoded() - { - ASN1Encodable params; - SubjectPublicKeyInfo info; - - if (algorithm.equals("ECGOST3410")) - { - if (gostParams != null) - { - params = gostParams; - } - else - { - if (ecSpec instanceof ECNamedCurveSpec) - { - params = new GOST3410PublicKeyAlgParameters( - ECGOST3410NamedCurves.getOID(((ECNamedCurveSpec)ecSpec).getName()), - CryptoProObjectIdentifiers.gostR3411_94_CryptoProParamSet); - } - else - { // strictly speaking this may not be applicable... - ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve()); - - X9ECParameters ecP = new X9ECParameters( - curve, - EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression), - ecSpec.getOrder(), - BigInteger.valueOf(ecSpec.getCofactor()), - ecSpec.getCurve().getSeed()); - - params = new X962Parameters(ecP); - } - } - - BigInteger bX = this.q.getAffineXCoord().toBigInteger(); - BigInteger bY = this.q.getAffineYCoord().toBigInteger(); - byte[] encKey = new byte[64]; - - extractBytes(encKey, 0, bX); - extractBytes(encKey, 32, bY); - - try - { - info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params), new DEROctetString(encKey)); - } - catch (IOException e) - { - return null; - } - } - else - { - if (ecSpec instanceof ECNamedCurveSpec) - { - ASN1ObjectIdentifier curveOid = ECUtil.getNamedCurveOid(((ECNamedCurveSpec)ecSpec).getName()); - if (curveOid == null) - { - curveOid = new ASN1ObjectIdentifier(((ECNamedCurveSpec)ecSpec).getName()); - } - params = new X962Parameters(curveOid); - } - else if (ecSpec == null) - { - params = new X962Parameters(DERNull.INSTANCE); - } - else - { - ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve()); - - X9ECParameters ecP = new X9ECParameters( - curve, - EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression), - ecSpec.getOrder(), - BigInteger.valueOf(ecSpec.getCofactor()), - ecSpec.getCurve().getSeed()); - - params = new X962Parameters(ecP); - } - - ECCurve curve = this.engineGetQ().getCurve(); - ASN1OctetString p = (ASN1OctetString) - new X9ECPoint(curve.createPoint(this.getQ().getAffineXCoord().toBigInteger(), this.getQ().getAffineYCoord().toBigInteger(), withCompression)).toASN1Primitive(); - - info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params), p.getOctets()); - } - - return KeyUtil.getEncodedSubjectPublicKeyInfo(info); - } - - private void extractBytes(byte[] encKey, int offSet, BigInteger bI) - { - byte[] val = bI.toByteArray(); - if (val.length < 32) - { - byte[] tmp = new byte[32]; - System.arraycopy(val, 0, tmp, tmp.length - val.length, val.length); - val = tmp; - } - - for (int i = 0; i != 32; i++) - { - encKey[offSet + i] = val[val.length - 1 - i]; - } - } - - public ECParameterSpec getParams() - { - return ecSpec; - } - - public org.bouncycastle.jce.spec.ECParameterSpec getParameters() - { - if (ecSpec == null) // implictlyCA - { - return null; - } - - return EC5Util.convertSpec(ecSpec, withCompression); - } - - public ECPoint getW() - { - return new ECPoint(q.getAffineXCoord().toBigInteger(), q.getAffineYCoord().toBigInteger()); - } - - public org.bouncycastle.math.ec.ECPoint getQ() - { - if (ecSpec == null) - { - return q.getDetachedPoint(); - } - - return q; - } - - public org.bouncycastle.math.ec.ECPoint engineGetQ() - { - return q; - } - - org.bouncycastle.jce.spec.ECParameterSpec engineGetSpec() - { - if (ecSpec != null) - { - return EC5Util.convertSpec(ecSpec, withCompression); - } - - return BouncyCastleProvider.CONFIGURATION.getEcImplicitlyCa(); - } - - public String toString() - { - StringBuffer buf = new StringBuffer(); - String nl = System.getProperty("line.separator"); - - buf.append("EC Public Key").append(nl); - buf.append(" X: ").append(this.q.getAffineXCoord().toBigInteger().toString(16)).append(nl); - buf.append(" Y: ").append(this.q.getAffineYCoord().toBigInteger().toString(16)).append(nl); - - return buf.toString(); - - } - - public void setPointFormat(String style) - { - withCompression = !("UNCOMPRESSED".equalsIgnoreCase(style)); - } - - public boolean equals(Object o) - { - if (!(o instanceof JCEECPublicKey)) - { - return false; - } - - JCEECPublicKey other = (JCEECPublicKey)o; - - return engineGetQ().equals(other.engineGetQ()) && (engineGetSpec().equals(other.engineGetSpec())); - } - - public int hashCode() - { - return engineGetQ().hashCode() ^ engineGetSpec().hashCode(); - } - - private void readObject( - ObjectInputStream in) - throws IOException, ClassNotFoundException - { - byte[] enc = (byte[])in.readObject(); - - populateFromPubKeyInfo(SubjectPublicKeyInfo.getInstance(ASN1Primitive.fromByteArray(enc))); - - this.algorithm = (String)in.readObject(); - this.withCompression = in.readBoolean(); - } - - private void writeObject( - ObjectOutputStream out) - throws IOException - { - out.writeObject(this.getEncoded()); - out.writeObject(algorithm); - out.writeBoolean(withCompression); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/JCEElGamalPrivateKey.java b/prov/src/main/java/org/bouncycastle/jce/provider/JCEElGamalPrivateKey.java deleted file mode 100644 index 6c21f876..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/JCEElGamalPrivateKey.java +++ /dev/null @@ -1,165 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.IOException; -import java.io.ObjectInputStream; -import java.io.ObjectOutputStream; -import java.math.BigInteger; -import java.util.Enumeration; - -import javax.crypto.interfaces.DHPrivateKey; -import javax.crypto.spec.DHParameterSpec; -import javax.crypto.spec.DHPrivateKeySpec; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.oiw.ElGamalParameter; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.crypto.params.ElGamalPrivateKeyParameters; -import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; -import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl; -import org.bouncycastle.jce.interfaces.ElGamalPrivateKey; -import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; -import org.bouncycastle.jce.spec.ElGamalParameterSpec; -import org.bouncycastle.jce.spec.ElGamalPrivateKeySpec; - -public class JCEElGamalPrivateKey - implements ElGamalPrivateKey, DHPrivateKey, PKCS12BagAttributeCarrier -{ - static final long serialVersionUID = 4819350091141529678L; - - BigInteger x; - - ElGamalParameterSpec elSpec; - - private PKCS12BagAttributeCarrierImpl attrCarrier = new PKCS12BagAttributeCarrierImpl(); - - protected JCEElGamalPrivateKey() - { - } - - JCEElGamalPrivateKey( - ElGamalPrivateKey key) - { - this.x = key.getX(); - this.elSpec = key.getParameters(); - } - - JCEElGamalPrivateKey( - DHPrivateKey key) - { - this.x = key.getX(); - this.elSpec = new ElGamalParameterSpec(key.getParams().getP(), key.getParams().getG()); - } - - JCEElGamalPrivateKey( - ElGamalPrivateKeySpec spec) - { - this.x = spec.getX(); - this.elSpec = new ElGamalParameterSpec(spec.getParams().getP(), spec.getParams().getG()); - } - - JCEElGamalPrivateKey( - DHPrivateKeySpec spec) - { - this.x = spec.getX(); - this.elSpec = new ElGamalParameterSpec(spec.getP(), spec.getG()); - } - - JCEElGamalPrivateKey( - PrivateKeyInfo info) - throws IOException - { - ElGamalParameter params = ElGamalParameter.getInstance(info.getPrivateKeyAlgorithm().getParameters()); - ASN1Integer derX = ASN1Integer.getInstance(info.parsePrivateKey()); - - this.x = derX.getValue(); - this.elSpec = new ElGamalParameterSpec(params.getP(), params.getG()); - } - - JCEElGamalPrivateKey( - ElGamalPrivateKeyParameters params) - { - this.x = params.getX(); - this.elSpec = new ElGamalParameterSpec(params.getParameters().getP(), params.getParameters().getG()); - } - - public String getAlgorithm() - { - return "ElGamal"; - } - - /** - * return the encoding format we produce in getEncoded(). - * - * @return the string "PKCS#8" - */ - public String getFormat() - { - return "PKCS#8"; - } - - /** - * Return a PKCS8 representation of the key. The sequence returned - * represents a full PrivateKeyInfo object. - * - * @return a PKCS8 representation of the key. - */ - public byte[] getEncoded() - { - return KeyUtil.getEncodedPrivateKeyInfo(new AlgorithmIdentifier(OIWObjectIdentifiers.elGamalAlgorithm, new ElGamalParameter(elSpec.getP(), elSpec.getG())), new ASN1Integer(getX())); - } - - public ElGamalParameterSpec getParameters() - { - return elSpec; - } - - public DHParameterSpec getParams() - { - return new DHParameterSpec(elSpec.getP(), elSpec.getG()); - } - - public BigInteger getX() - { - return x; - } - - private void readObject( - ObjectInputStream in) - throws IOException, ClassNotFoundException - { - x = (BigInteger)in.readObject(); - - this.elSpec = new ElGamalParameterSpec((BigInteger)in.readObject(), (BigInteger)in.readObject()); - } - - private void writeObject( - ObjectOutputStream out) - throws IOException - { - out.writeObject(this.getX()); - out.writeObject(elSpec.getP()); - out.writeObject(elSpec.getG()); - } - - public void setBagAttribute( - ASN1ObjectIdentifier oid, - ASN1Encodable attribute) - { - attrCarrier.setBagAttribute(oid, attribute); - } - - public ASN1Encodable getBagAttribute( - ASN1ObjectIdentifier oid) - { - return attrCarrier.getBagAttribute(oid); - } - - public Enumeration getBagAttributeKeys() - { - return attrCarrier.getBagAttributeKeys(); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/JCEElGamalPublicKey.java b/prov/src/main/java/org/bouncycastle/jce/provider/JCEElGamalPublicKey.java deleted file mode 100644 index 30780c85..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/JCEElGamalPublicKey.java +++ /dev/null @@ -1,139 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.IOException; -import java.io.ObjectInputStream; -import java.io.ObjectOutputStream; -import java.math.BigInteger; - -import javax.crypto.interfaces.DHPublicKey; -import javax.crypto.spec.DHParameterSpec; -import javax.crypto.spec.DHPublicKeySpec; - -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.oiw.ElGamalParameter; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.crypto.params.ElGamalPublicKeyParameters; -import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; -import org.bouncycastle.jce.interfaces.ElGamalPublicKey; -import org.bouncycastle.jce.spec.ElGamalParameterSpec; -import org.bouncycastle.jce.spec.ElGamalPublicKeySpec; - -public class JCEElGamalPublicKey - implements ElGamalPublicKey, DHPublicKey -{ - static final long serialVersionUID = 8712728417091216948L; - - private BigInteger y; - private ElGamalParameterSpec elSpec; - - JCEElGamalPublicKey( - ElGamalPublicKeySpec spec) - { - this.y = spec.getY(); - this.elSpec = new ElGamalParameterSpec(spec.getParams().getP(), spec.getParams().getG()); - } - - JCEElGamalPublicKey( - DHPublicKeySpec spec) - { - this.y = spec.getY(); - this.elSpec = new ElGamalParameterSpec(spec.getP(), spec.getG()); - } - - JCEElGamalPublicKey( - ElGamalPublicKey key) - { - this.y = key.getY(); - this.elSpec = key.getParameters(); - } - - JCEElGamalPublicKey( - DHPublicKey key) - { - this.y = key.getY(); - this.elSpec = new ElGamalParameterSpec(key.getParams().getP(), key.getParams().getG()); - } - - JCEElGamalPublicKey( - ElGamalPublicKeyParameters params) - { - this.y = params.getY(); - this.elSpec = new ElGamalParameterSpec(params.getParameters().getP(), params.getParameters().getG()); - } - - JCEElGamalPublicKey( - BigInteger y, - ElGamalParameterSpec elSpec) - { - this.y = y; - this.elSpec = elSpec; - } - - JCEElGamalPublicKey( - SubjectPublicKeyInfo info) - { - ElGamalParameter params = ElGamalParameter.getInstance(info.getAlgorithm().getParameters()); - ASN1Integer derY = null; - - try - { - derY = (ASN1Integer)info.parsePublicKey(); - } - catch (IOException e) - { - throw new IllegalArgumentException("invalid info structure in DSA public key"); - } - - this.y = derY.getValue(); - this.elSpec = new ElGamalParameterSpec(params.getP(), params.getG()); - } - - public String getAlgorithm() - { - return "ElGamal"; - } - - public String getFormat() - { - return "X.509"; - } - - public byte[] getEncoded() - { - return KeyUtil.getEncodedSubjectPublicKeyInfo(new AlgorithmIdentifier(OIWObjectIdentifiers.elGamalAlgorithm, new ElGamalParameter(elSpec.getP(), elSpec.getG())), new ASN1Integer(y)); - } - - public ElGamalParameterSpec getParameters() - { - return elSpec; - } - - public DHParameterSpec getParams() - { - return new DHParameterSpec(elSpec.getP(), elSpec.getG()); - } - - public BigInteger getY() - { - return y; - } - - private void readObject( - ObjectInputStream in) - throws IOException, ClassNotFoundException - { - this.y = (BigInteger)in.readObject(); - this.elSpec = new ElGamalParameterSpec((BigInteger)in.readObject(), (BigInteger)in.readObject()); - } - - private void writeObject( - ObjectOutputStream out) - throws IOException - { - out.writeObject(this.getY()); - out.writeObject(elSpec.getP()); - out.writeObject(elSpec.getG()); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java b/prov/src/main/java/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java deleted file mode 100644 index f9bb5dd3..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java +++ /dev/null @@ -1,241 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.IOException; -import java.math.BigInteger; -import java.security.interfaces.RSAPrivateCrtKey; -import java.security.spec.RSAPrivateCrtKeySpec; - -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.pkcs.RSAPrivateKey; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters; -import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; - -/** - * A provider representation for a RSA private key, with CRT factors included. - */ -public class JCERSAPrivateCrtKey - extends JCERSAPrivateKey - implements RSAPrivateCrtKey -{ - static final long serialVersionUID = 7834723820638524718L; - - private BigInteger publicExponent; - private BigInteger primeP; - private BigInteger primeQ; - private BigInteger primeExponentP; - private BigInteger primeExponentQ; - private BigInteger crtCoefficient; - - /** - * construct a private key from it's org.bouncycastle.crypto equivalent. - * - * @param key the parameters object representing the private key. - */ - JCERSAPrivateCrtKey( - RSAPrivateCrtKeyParameters key) - { - super(key); - - this.publicExponent = key.getPublicExponent(); - this.primeP = key.getP(); - this.primeQ = key.getQ(); - this.primeExponentP = key.getDP(); - this.primeExponentQ = key.getDQ(); - this.crtCoefficient = key.getQInv(); - } - - /** - * construct a private key from an RSAPrivateCrtKeySpec - * - * @param spec the spec to be used in construction. - */ - JCERSAPrivateCrtKey( - RSAPrivateCrtKeySpec spec) - { - this.modulus = spec.getModulus(); - this.publicExponent = spec.getPublicExponent(); - this.privateExponent = spec.getPrivateExponent(); - this.primeP = spec.getPrimeP(); - this.primeQ = spec.getPrimeQ(); - this.primeExponentP = spec.getPrimeExponentP(); - this.primeExponentQ = spec.getPrimeExponentQ(); - this.crtCoefficient = spec.getCrtCoefficient(); - } - - /** - * construct a private key from another RSAPrivateCrtKey. - * - * @param key the object implementing the RSAPrivateCrtKey interface. - */ - JCERSAPrivateCrtKey( - RSAPrivateCrtKey key) - { - this.modulus = key.getModulus(); - this.publicExponent = key.getPublicExponent(); - this.privateExponent = key.getPrivateExponent(); - this.primeP = key.getPrimeP(); - this.primeQ = key.getPrimeQ(); - this.primeExponentP = key.getPrimeExponentP(); - this.primeExponentQ = key.getPrimeExponentQ(); - this.crtCoefficient = key.getCrtCoefficient(); - } - - /** - * construct an RSA key from a private key info object. - */ - JCERSAPrivateCrtKey( - PrivateKeyInfo info) - throws IOException - { - this(org.bouncycastle.asn1.pkcs.RSAPrivateKey.getInstance(info.parsePrivateKey())); - } - - /** - * construct an RSA key from a ASN.1 RSA private key object. - */ - JCERSAPrivateCrtKey( - RSAPrivateKey key) - { - this.modulus = key.getModulus(); - this.publicExponent = key.getPublicExponent(); - this.privateExponent = key.getPrivateExponent(); - this.primeP = key.getPrime1(); - this.primeQ = key.getPrime2(); - this.primeExponentP = key.getExponent1(); - this.primeExponentQ = key.getExponent2(); - this.crtCoefficient = key.getCoefficient(); - } - - /** - * return the encoding format we produce in getEncoded(). - * - * @return the encoding format we produce in getEncoded(). - */ - public String getFormat() - { - return "PKCS#8"; - } - - /** - * Return a PKCS8 representation of the key. The sequence returned - * represents a full PrivateKeyInfo object. - * - * @return a PKCS8 representation of the key. - */ - public byte[] getEncoded() - { - return KeyUtil.getEncodedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new RSAPrivateKey(getModulus(), getPublicExponent(), getPrivateExponent(), getPrimeP(), getPrimeQ(), getPrimeExponentP(), getPrimeExponentQ(), getCrtCoefficient())); - } - - /** - * return the public exponent. - * - * @return the public exponent. - */ - public BigInteger getPublicExponent() - { - return publicExponent; - } - - /** - * return the prime P. - * - * @return the prime P. - */ - public BigInteger getPrimeP() - { - return primeP; - } - - /** - * return the prime Q. - * - * @return the prime Q. - */ - public BigInteger getPrimeQ() - { - return primeQ; - } - - /** - * return the prime exponent for P. - * - * @return the prime exponent for P. - */ - public BigInteger getPrimeExponentP() - { - return primeExponentP; - } - - /** - * return the prime exponent for Q. - * - * @return the prime exponent for Q. - */ - public BigInteger getPrimeExponentQ() - { - return primeExponentQ; - } - - /** - * return the CRT coefficient. - * - * @return the CRT coefficient. - */ - public BigInteger getCrtCoefficient() - { - return crtCoefficient; - } - - public int hashCode() - { - return this.getModulus().hashCode() - ^ this.getPublicExponent().hashCode() - ^ this.getPrivateExponent().hashCode(); - } - - public boolean equals(Object o) - { - if (o == this) - { - return true; - } - - if (!(o instanceof RSAPrivateCrtKey)) - { - return false; - } - - RSAPrivateCrtKey key = (RSAPrivateCrtKey)o; - - return this.getModulus().equals(key.getModulus()) - && this.getPublicExponent().equals(key.getPublicExponent()) - && this.getPrivateExponent().equals(key.getPrivateExponent()) - && this.getPrimeP().equals(key.getPrimeP()) - && this.getPrimeQ().equals(key.getPrimeQ()) - && this.getPrimeExponentP().equals(key.getPrimeExponentP()) - && this.getPrimeExponentQ().equals(key.getPrimeExponentQ()) - && this.getCrtCoefficient().equals(key.getCrtCoefficient()); - } - - public String toString() - { - StringBuffer buf = new StringBuffer(); - String nl = System.getProperty("line.separator"); - - buf.append("RSA Private CRT Key").append(nl); - buf.append(" modulus: ").append(this.getModulus().toString(16)).append(nl); - buf.append(" public exponent: ").append(this.getPublicExponent().toString(16)).append(nl); - buf.append(" private exponent: ").append(this.getPrivateExponent().toString(16)).append(nl); - buf.append(" primeP: ").append(this.getPrimeP().toString(16)).append(nl); - buf.append(" primeQ: ").append(this.getPrimeQ().toString(16)).append(nl); - buf.append(" primeExponentP: ").append(this.getPrimeExponentP().toString(16)).append(nl); - buf.append(" primeExponentQ: ").append(this.getPrimeExponentQ().toString(16)).append(nl); - buf.append(" crtCoefficient: ").append(this.getCrtCoefficient().toString(16)).append(nl); - - return buf.toString(); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/JCERSAPrivateKey.java b/prov/src/main/java/org/bouncycastle/jce/provider/JCERSAPrivateKey.java deleted file mode 100644 index cacedd4b..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/JCERSAPrivateKey.java +++ /dev/null @@ -1,146 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.IOException; -import java.io.ObjectInputStream; -import java.io.ObjectOutputStream; -import java.math.BigInteger; -import java.security.interfaces.RSAPrivateKey; -import java.security.spec.RSAPrivateKeySpec; -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.crypto.params.RSAKeyParameters; -import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; -import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl; -import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; - -public class JCERSAPrivateKey - implements RSAPrivateKey, PKCS12BagAttributeCarrier -{ - static final long serialVersionUID = 5110188922551353628L; - - private static BigInteger ZERO = BigInteger.valueOf(0); - - protected BigInteger modulus; - protected BigInteger privateExponent; - - private PKCS12BagAttributeCarrierImpl attrCarrier = new PKCS12BagAttributeCarrierImpl(); - - protected JCERSAPrivateKey() - { - } - - JCERSAPrivateKey( - RSAKeyParameters key) - { - this.modulus = key.getModulus(); - this.privateExponent = key.getExponent(); - } - - JCERSAPrivateKey( - RSAPrivateKeySpec spec) - { - this.modulus = spec.getModulus(); - this.privateExponent = spec.getPrivateExponent(); - } - - JCERSAPrivateKey( - RSAPrivateKey key) - { - this.modulus = key.getModulus(); - this.privateExponent = key.getPrivateExponent(); - } - - public BigInteger getModulus() - { - return modulus; - } - - public BigInteger getPrivateExponent() - { - return privateExponent; - } - - public String getAlgorithm() - { - return "RSA"; - } - - public String getFormat() - { - return "PKCS#8"; - } - - public byte[] getEncoded() - { - return KeyUtil.getEncodedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new org.bouncycastle.asn1.pkcs.RSAPrivateKey(getModulus(), ZERO, getPrivateExponent(), ZERO, ZERO, ZERO, ZERO, ZERO)); - } - - public boolean equals(Object o) - { - if (!(o instanceof RSAPrivateKey)) - { - return false; - } - - if (o == this) - { - return true; - } - - RSAPrivateKey key = (RSAPrivateKey)o; - - return getModulus().equals(key.getModulus()) - && getPrivateExponent().equals(key.getPrivateExponent()); - } - - public int hashCode() - { - return getModulus().hashCode() ^ getPrivateExponent().hashCode(); - } - - public void setBagAttribute( - ASN1ObjectIdentifier oid, - ASN1Encodable attribute) - { - attrCarrier.setBagAttribute(oid, attribute); - } - - public ASN1Encodable getBagAttribute( - ASN1ObjectIdentifier oid) - { - return attrCarrier.getBagAttribute(oid); - } - - public Enumeration getBagAttributeKeys() - { - return attrCarrier.getBagAttributeKeys(); - } - - private void readObject( - ObjectInputStream in) - throws IOException, ClassNotFoundException - { - this.modulus = (BigInteger)in.readObject(); - this.attrCarrier = new PKCS12BagAttributeCarrierImpl(); - - attrCarrier.readObject(in); - - this.privateExponent = (BigInteger)in.readObject(); - } - - private void writeObject( - ObjectOutputStream out) - throws IOException - { - out.writeObject(modulus); - - attrCarrier.writeObject(out); - - out.writeObject(privateExponent); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/JCERSAPublicKey.java b/prov/src/main/java/org/bouncycastle/jce/provider/JCERSAPublicKey.java deleted file mode 100644 index a09295d5..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/JCERSAPublicKey.java +++ /dev/null @@ -1,131 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.IOException; -import java.math.BigInteger; -import java.security.interfaces.RSAPublicKey; -import java.security.spec.RSAPublicKeySpec; - -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.RSAPublicKeyStructure; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.crypto.params.RSAKeyParameters; -import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil; - -public class JCERSAPublicKey - implements RSAPublicKey -{ - static final long serialVersionUID = 2675817738516720772L; - - private BigInteger modulus; - private BigInteger publicExponent; - - JCERSAPublicKey( - RSAKeyParameters key) - { - this.modulus = key.getModulus(); - this.publicExponent = key.getExponent(); - } - - JCERSAPublicKey( - RSAPublicKeySpec spec) - { - this.modulus = spec.getModulus(); - this.publicExponent = spec.getPublicExponent(); - } - - JCERSAPublicKey( - RSAPublicKey key) - { - this.modulus = key.getModulus(); - this.publicExponent = key.getPublicExponent(); - } - - JCERSAPublicKey( - SubjectPublicKeyInfo info) - { - try - { - RSAPublicKeyStructure pubKey = new RSAPublicKeyStructure((ASN1Sequence)info.parsePublicKey()); - - this.modulus = pubKey.getModulus(); - this.publicExponent = pubKey.getPublicExponent(); - } - catch (IOException e) - { - throw new IllegalArgumentException("invalid info structure in RSA public key"); - } - } - - /** - * return the modulus. - * - * @return the modulus. - */ - public BigInteger getModulus() - { - return modulus; - } - - /** - * return the public exponent. - * - * @return the public exponent. - */ - public BigInteger getPublicExponent() - { - return publicExponent; - } - - public String getAlgorithm() - { - return "RSA"; - } - - public String getFormat() - { - return "X.509"; - } - - public byte[] getEncoded() - { - return KeyUtil.getEncodedSubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new RSAPublicKeyStructure(getModulus(), getPublicExponent())); - } - - public int hashCode() - { - return this.getModulus().hashCode() ^ this.getPublicExponent().hashCode(); - } - - public boolean equals(Object o) - { - if (o == this) - { - return true; - } - - if (!(o instanceof RSAPublicKey)) - { - return false; - } - - RSAPublicKey key = (RSAPublicKey)o; - - return getModulus().equals(key.getModulus()) - && getPublicExponent().equals(key.getPublicExponent()); - } - - public String toString() - { - StringBuffer buf = new StringBuffer(); - String nl = System.getProperty("line.separator"); - - buf.append("RSA Public Key").append(nl); - buf.append(" modulus: ").append(this.getModulus().toString(16)).append(nl); - buf.append(" public exponent: ").append(this.getPublicExponent().toString(16)).append(nl); - - return buf.toString(); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/JCEStreamCipher.java b/prov/src/main/java/org/bouncycastle/jce/provider/JCEStreamCipher.java deleted file mode 100644 index 68ef472d..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/JCEStreamCipher.java +++ /dev/null @@ -1,601 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.KeyFactory; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.PKCS8EncodedKeySpec; -import java.security.spec.X509EncodedKeySpec; - -import javax.crypto.BadPaddingException; -import javax.crypto.Cipher; -import javax.crypto.CipherSpi; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.SecretKey; -import javax.crypto.ShortBufferException; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.PBEParameterSpec; -import javax.crypto.spec.RC2ParameterSpec; -import javax.crypto.spec.RC5ParameterSpec; -import javax.crypto.spec.SecretKeySpec; - -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.StreamCipher; -import org.bouncycastle.crypto.engines.BlowfishEngine; -import org.bouncycastle.crypto.engines.DESEngine; -import org.bouncycastle.crypto.engines.DESedeEngine; -import org.bouncycastle.crypto.engines.SkipjackEngine; -import org.bouncycastle.crypto.engines.TwofishEngine; -import org.bouncycastle.crypto.modes.CFBBlockCipher; -import org.bouncycastle.crypto.modes.OFBBlockCipher; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; -import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey; -import org.bouncycastle.jcajce.provider.symmetric.util.PBE; - -public class JCEStreamCipher - extends CipherSpi - implements PBE -{ - // - // specs we can handle. - // - private Class[] availableSpecs = - { - RC2ParameterSpec.class, - RC5ParameterSpec.class, - IvParameterSpec.class, - PBEParameterSpec.class - }; - - private StreamCipher cipher; - private ParametersWithIV ivParam; - - private int ivLength = 0; - - private PBEParameterSpec pbeSpec = null; - private String pbeAlgorithm = null; - - private AlgorithmParameters engineParams; - - protected JCEStreamCipher( - StreamCipher engine, - int ivLength) - { - cipher = engine; - this.ivLength = ivLength; - } - - protected int engineGetBlockSize() - { - return 0; - } - - protected byte[] engineGetIV() - { - return (ivParam != null) ? ivParam.getIV() : null; - } - - protected int engineGetKeySize( - Key key) - { - return key.getEncoded().length * 8; - } - - protected int engineGetOutputSize( - int inputLen) - { - return inputLen; - } - - protected AlgorithmParameters engineGetParameters() - { - if (engineParams == null) - { - if (pbeSpec != null) - { - try - { - AlgorithmParameters engineParams = AlgorithmParameters.getInstance(pbeAlgorithm, BouncyCastleProvider.PROVIDER_NAME); - engineParams.init(pbeSpec); - - return engineParams; - } - catch (Exception e) - { - return null; - } - } - } - - return engineParams; - } - - /** - * should never be called. - */ - protected void engineSetMode( - String mode) - { - if (!mode.equalsIgnoreCase("ECB")) - { - throw new IllegalArgumentException("can't support mode " + mode); - } - } - - /** - * should never be called. - */ - protected void engineSetPadding( - String padding) - throws NoSuchPaddingException - { - if (!padding.equalsIgnoreCase("NoPadding")) - { - throw new NoSuchPaddingException("Padding " + padding + " unknown."); - } - } - - protected void engineInit( - int opmode, - Key key, - AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - CipherParameters param; - - this.pbeSpec = null; - this.pbeAlgorithm = null; - - this.engineParams = null; - - // - // basic key check - // - if (!(key instanceof SecretKey)) - { - throw new InvalidKeyException("Key for algorithm " + key.getAlgorithm() + " not suitable for symmetric enryption."); - } - - if (key instanceof BCPBEKey) - { - BCPBEKey k = (BCPBEKey)key; - - if (k.getOID() != null) - { - pbeAlgorithm = k.getOID().getId(); - } - else - { - pbeAlgorithm = k.getAlgorithm(); - } - - if (k.getParam() != null) - { - param = k.getParam(); - pbeSpec = new PBEParameterSpec(k.getSalt(), k.getIterationCount()); - } - else if (params instanceof PBEParameterSpec) - { - param = PBE.Util.makePBEParameters(k, params, cipher.getAlgorithmName()); - pbeSpec = (PBEParameterSpec)params; - } - else - { - throw new InvalidAlgorithmParameterException("PBE requires PBE parameters to be set."); - } - - if (k.getIvSize() != 0) - { - ivParam = (ParametersWithIV)param; - } - } - else if (params == null) - { - param = new KeyParameter(key.getEncoded()); - } - else if (params instanceof IvParameterSpec) - { - param = new ParametersWithIV(new KeyParameter(key.getEncoded()), ((IvParameterSpec)params).getIV()); - ivParam = (ParametersWithIV)param; - } - else - { - throw new IllegalArgumentException("unknown parameter type."); - } - - if ((ivLength != 0) && !(param instanceof ParametersWithIV)) - { - SecureRandom ivRandom = random; - - if (ivRandom == null) - { - ivRandom = new SecureRandom(); - } - - if ((opmode == Cipher.ENCRYPT_MODE) || (opmode == Cipher.WRAP_MODE)) - { - byte[] iv = new byte[ivLength]; - - ivRandom.nextBytes(iv); - param = new ParametersWithIV(param, iv); - ivParam = (ParametersWithIV)param; - } - else - { - throw new InvalidAlgorithmParameterException("no IV set when one expected"); - } - } - - switch (opmode) - { - case Cipher.ENCRYPT_MODE: - case Cipher.WRAP_MODE: - cipher.init(true, param); - break; - case Cipher.DECRYPT_MODE: - case Cipher.UNWRAP_MODE: - cipher.init(false, param); - break; - default: - System.out.println("eeek!"); - } - } - - protected void engineInit( - int opmode, - Key key, - AlgorithmParameters params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - AlgorithmParameterSpec paramSpec = null; - - if (params != null) - { - for (int i = 0; i != availableSpecs.length; i++) - { - try - { - paramSpec = params.getParameterSpec(availableSpecs[i]); - break; - } - catch (Exception e) - { - continue; - } - } - - if (paramSpec == null) - { - throw new InvalidAlgorithmParameterException("can't handle parameter " + params.toString()); - } - } - - engineInit(opmode, key, paramSpec, random); - engineParams = params; - } - - protected void engineInit( - int opmode, - Key key, - SecureRandom random) - throws InvalidKeyException - { - try - { - engineInit(opmode, key, (AlgorithmParameterSpec)null, random); - } - catch (InvalidAlgorithmParameterException e) - { - throw new InvalidKeyException(e.getMessage()); - } - } - - protected byte[] engineUpdate( - byte[] input, - int inputOffset, - int inputLen) - { - byte[] out = new byte[inputLen]; - - cipher.processBytes(input, inputOffset, inputLen, out, 0); - - return out; - } - - protected int engineUpdate( - byte[] input, - int inputOffset, - int inputLen, - byte[] output, - int outputOffset) - throws ShortBufferException - { - try - { - cipher.processBytes(input, inputOffset, inputLen, output, outputOffset); - - return inputLen; - } - catch (DataLengthException e) - { - throw new ShortBufferException(e.getMessage()); - } - } - - protected byte[] engineDoFinal( - byte[] input, - int inputOffset, - int inputLen) - throws BadPaddingException, IllegalBlockSizeException - { - if (inputLen != 0) - { - byte[] out = engineUpdate(input, inputOffset, inputLen); - - cipher.reset(); - - return out; - } - - cipher.reset(); - - return new byte[0]; - } - - protected int engineDoFinal( - byte[] input, - int inputOffset, - int inputLen, - byte[] output, - int outputOffset) - throws BadPaddingException - { - if (inputLen != 0) - { - cipher.processBytes(input, inputOffset, inputLen, output, outputOffset); - } - - cipher.reset(); - - return inputLen; - } - - protected byte[] engineWrap( - Key key) - throws IllegalBlockSizeException, InvalidKeyException - { - byte[] encoded = key.getEncoded(); - if (encoded == null) - { - throw new InvalidKeyException("Cannot wrap key, null encoding."); - } - - try - { - return engineDoFinal(encoded, 0, encoded.length); - } - catch (BadPaddingException e) - { - throw new IllegalBlockSizeException(e.getMessage()); - } - } - - protected Key engineUnwrap( - byte[] wrappedKey, - String wrappedKeyAlgorithm, - int wrappedKeyType) - throws InvalidKeyException - { - byte[] encoded; - try - { - encoded = engineDoFinal(wrappedKey, 0, wrappedKey.length); - } - catch (BadPaddingException e) - { - throw new InvalidKeyException(e.getMessage()); - } - catch (IllegalBlockSizeException e2) - { - throw new InvalidKeyException(e2.getMessage()); - } - - if (wrappedKeyType == Cipher.SECRET_KEY) - { - return new SecretKeySpec(encoded, wrappedKeyAlgorithm); - } - else if (wrappedKeyAlgorithm.equals("") && wrappedKeyType == Cipher.PRIVATE_KEY) - { - /* - * The caller doesn't know the algorithm as it is part of - * the encrypted data. - */ - try - { - PrivateKeyInfo in = PrivateKeyInfo.getInstance(encoded); - - PrivateKey privKey = BouncyCastleProvider.getPrivateKey(in); - - if (privKey != null) - { - return privKey; - } - else - { - throw new InvalidKeyException("algorithm " + in.getPrivateKeyAlgorithm().getAlgorithm() + " not supported"); - } - } - catch (Exception e) - { - throw new InvalidKeyException("Invalid key encoding."); - } - } - else - { - try - { - KeyFactory kf = KeyFactory.getInstance(wrappedKeyAlgorithm, BouncyCastleProvider.PROVIDER_NAME); - - if (wrappedKeyType == Cipher.PUBLIC_KEY) - { - return kf.generatePublic(new X509EncodedKeySpec(encoded)); - } - else if (wrappedKeyType == Cipher.PRIVATE_KEY) - { - return kf.generatePrivate(new PKCS8EncodedKeySpec(encoded)); - } - } - catch (NoSuchProviderException e) - { - throw new InvalidKeyException("Unknown key type " + e.getMessage()); - } - catch (NoSuchAlgorithmException e) - { - throw new InvalidKeyException("Unknown key type " + e.getMessage()); - } - catch (InvalidKeySpecException e2) - { - throw new InvalidKeyException("Unknown key type " + e2.getMessage()); - } - - throw new InvalidKeyException("Unknown key type " + wrappedKeyType); - } - } - - /* - * The ciphers that inherit from us. - */ - - /** - * DES - */ - static public class DES_CFB8 - extends JCEStreamCipher - { - public DES_CFB8() - { - super(new CFBBlockCipher(new DESEngine(), 8), 64); - } - } - - /** - * DESede - */ - static public class DESede_CFB8 - extends JCEStreamCipher - { - public DESede_CFB8() - { - super(new CFBBlockCipher(new DESedeEngine(), 8), 64); - } - } - - /** - * SKIPJACK - */ - static public class Skipjack_CFB8 - extends JCEStreamCipher - { - public Skipjack_CFB8() - { - super(new CFBBlockCipher(new SkipjackEngine(), 8), 64); - } - } - - /** - * Blowfish - */ - static public class Blowfish_CFB8 - extends JCEStreamCipher - { - public Blowfish_CFB8() - { - super(new CFBBlockCipher(new BlowfishEngine(), 8), 64); - } - } - - /** - * Twofish - */ - static public class Twofish_CFB8 - extends JCEStreamCipher - { - public Twofish_CFB8() - { - super(new CFBBlockCipher(new TwofishEngine(), 8), 128); - } - } - - /** - * DES - */ - static public class DES_OFB8 - extends JCEStreamCipher - { - public DES_OFB8() - { - super(new OFBBlockCipher(new DESEngine(), 8), 64); - } - } - - /** - * DESede - */ - static public class DESede_OFB8 - extends JCEStreamCipher - { - public DESede_OFB8() - { - super(new OFBBlockCipher(new DESedeEngine(), 8), 64); - } - } - - /** - * SKIPJACK - */ - static public class Skipjack_OFB8 - extends JCEStreamCipher - { - public Skipjack_OFB8() - { - super(new OFBBlockCipher(new SkipjackEngine(), 8), 64); - } - } - - /** - * Blowfish - */ - static public class Blowfish_OFB8 - extends JCEStreamCipher - { - public Blowfish_OFB8() - { - super(new OFBBlockCipher(new BlowfishEngine(), 8), 64); - } - } - - /** - * Twofish - */ - static public class Twofish_OFB8 - extends JCEStreamCipher - { - public Twofish_OFB8() - { - super(new OFBBlockCipher(new TwofishEngine(), 8), 128); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/JDKDSAPrivateKey.java b/prov/src/main/java/org/bouncycastle/jce/provider/JDKDSAPrivateKey.java deleted file mode 100644 index 3bd6d307..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/JDKDSAPrivateKey.java +++ /dev/null @@ -1,178 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.IOException; -import java.io.ObjectInputStream; -import java.io.ObjectOutputStream; -import java.math.BigInteger; -import java.security.interfaces.DSAParams; -import java.security.interfaces.DSAPrivateKey; -import java.security.spec.DSAParameterSpec; -import java.security.spec.DSAPrivateKeySpec; -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.DSAParameter; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.crypto.params.DSAPrivateKeyParameters; -import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl; -import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; - -public class JDKDSAPrivateKey - implements DSAPrivateKey, PKCS12BagAttributeCarrier -{ - private static final long serialVersionUID = -4677259546958385734L; - - BigInteger x; - DSAParams dsaSpec; - - private PKCS12BagAttributeCarrierImpl attrCarrier = new PKCS12BagAttributeCarrierImpl(); - - protected JDKDSAPrivateKey() - { - } - - JDKDSAPrivateKey( - DSAPrivateKey key) - { - this.x = key.getX(); - this.dsaSpec = key.getParams(); - } - - JDKDSAPrivateKey( - DSAPrivateKeySpec spec) - { - this.x = spec.getX(); - this.dsaSpec = new DSAParameterSpec(spec.getP(), spec.getQ(), spec.getG()); - } - - JDKDSAPrivateKey( - PrivateKeyInfo info) - throws IOException - { - DSAParameter params = DSAParameter.getInstance(info.getPrivateKeyAlgorithm().getParameters()); - ASN1Integer derX = ASN1Integer.getInstance(info.parsePrivateKey()); - - this.x = derX.getValue(); - this.dsaSpec = new DSAParameterSpec(params.getP(), params.getQ(), params.getG()); - } - - JDKDSAPrivateKey( - DSAPrivateKeyParameters params) - { - this.x = params.getX(); - this.dsaSpec = new DSAParameterSpec(params.getParameters().getP(), params.getParameters().getQ(), params.getParameters().getG()); - } - - public String getAlgorithm() - { - return "DSA"; - } - - /** - * return the encoding format we produce in getEncoded(). - * - * @return the string "PKCS#8" - */ - public String getFormat() - { - return "PKCS#8"; - } - - /** - * Return a PKCS8 representation of the key. The sequence returned - * represents a full PrivateKeyInfo object. - * - * @return a PKCS8 representation of the key. - */ - public byte[] getEncoded() - { - try - { - PrivateKeyInfo info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa, new DSAParameter(dsaSpec.getP(), dsaSpec.getQ(), dsaSpec.getG())), new ASN1Integer(getX())); - - return info.getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - return null; - } - } - - public DSAParams getParams() - { - return dsaSpec; - } - - public BigInteger getX() - { - return x; - } - - public boolean equals( - Object o) - { - if (!(o instanceof DSAPrivateKey)) - { - return false; - } - - DSAPrivateKey other = (DSAPrivateKey)o; - - return this.getX().equals(other.getX()) - && this.getParams().getG().equals(other.getParams().getG()) - && this.getParams().getP().equals(other.getParams().getP()) - && this.getParams().getQ().equals(other.getParams().getQ()); - } - - public int hashCode() - { - return this.getX().hashCode() ^ this.getParams().getG().hashCode() - ^ this.getParams().getP().hashCode() ^ this.getParams().getQ().hashCode(); - } - - public void setBagAttribute( - ASN1ObjectIdentifier oid, - ASN1Encodable attribute) - { - attrCarrier.setBagAttribute(oid, attribute); - } - - public ASN1Encodable getBagAttribute( - ASN1ObjectIdentifier oid) - { - return attrCarrier.getBagAttribute(oid); - } - - public Enumeration getBagAttributeKeys() - { - return attrCarrier.getBagAttributeKeys(); - } - - private void readObject( - ObjectInputStream in) - throws IOException, ClassNotFoundException - { - this.x = (BigInteger)in.readObject(); - this.dsaSpec = new DSAParameterSpec((BigInteger)in.readObject(), (BigInteger)in.readObject(), (BigInteger)in.readObject()); - this.attrCarrier = new PKCS12BagAttributeCarrierImpl(); - - attrCarrier.readObject(in); - } - - private void writeObject( - ObjectOutputStream out) - throws IOException - { - out.writeObject(x); - out.writeObject(dsaSpec.getP()); - out.writeObject(dsaSpec.getQ()); - out.writeObject(dsaSpec.getG()); - - attrCarrier.writeObject(out); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/JDKDSAPublicKey.java b/prov/src/main/java/org/bouncycastle/jce/provider/JDKDSAPublicKey.java deleted file mode 100644 index 80bbf3c5..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/JDKDSAPublicKey.java +++ /dev/null @@ -1,176 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.IOException; -import java.io.ObjectInputStream; -import java.io.ObjectOutputStream; -import java.math.BigInteger; -import java.security.interfaces.DSAParams; -import java.security.interfaces.DSAPublicKey; -import java.security.spec.DSAParameterSpec; -import java.security.spec.DSAPublicKeySpec; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.DSAParameter; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.crypto.params.DSAPublicKeyParameters; - -public class JDKDSAPublicKey - implements DSAPublicKey -{ - private static final long serialVersionUID = 1752452449903495175L; - - private BigInteger y; - private DSAParams dsaSpec; - - JDKDSAPublicKey( - DSAPublicKeySpec spec) - { - this.y = spec.getY(); - this.dsaSpec = new DSAParameterSpec(spec.getP(), spec.getQ(), spec.getG()); - } - - JDKDSAPublicKey( - DSAPublicKey key) - { - this.y = key.getY(); - this.dsaSpec = key.getParams(); - } - - JDKDSAPublicKey( - DSAPublicKeyParameters params) - { - this.y = params.getY(); - this.dsaSpec = new DSAParameterSpec(params.getParameters().getP(), params.getParameters().getQ(), params.getParameters().getG()); - } - - JDKDSAPublicKey( - BigInteger y, - DSAParameterSpec dsaSpec) - { - this.y = y; - this.dsaSpec = dsaSpec; - } - - JDKDSAPublicKey( - SubjectPublicKeyInfo info) - { - - ASN1Integer derY; - - try - { - derY = (ASN1Integer)info.parsePublicKey(); - } - catch (IOException e) - { - throw new IllegalArgumentException("invalid info structure in DSA public key"); - } - - this.y = derY.getValue(); - - if (isNotNull(info.getAlgorithm().getParameters())) - { - DSAParameter params = DSAParameter.getInstance(info.getAlgorithm().getParameters()); - - this.dsaSpec = new DSAParameterSpec(params.getP(), params.getQ(), params.getG()); - } - } - - private boolean isNotNull(ASN1Encodable parameters) - { - return parameters != null && !DERNull.INSTANCE.equals(parameters); - } - - public String getAlgorithm() - { - return "DSA"; - } - - public String getFormat() - { - return "X.509"; - } - - public byte[] getEncoded() - { - try - { - if (dsaSpec == null) - { - return new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa), new ASN1Integer(y)).getEncoded(ASN1Encoding.DER); - } - - return new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa, new DSAParameter(dsaSpec.getP(), dsaSpec.getQ(), dsaSpec.getG())), new ASN1Integer(y)).getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - return null; - } - } - - public DSAParams getParams() - { - return dsaSpec; - } - - public BigInteger getY() - { - return y; - } - - public String toString() - { - StringBuffer buf = new StringBuffer(); - String nl = System.getProperty("line.separator"); - - buf.append("DSA Public Key").append(nl); - buf.append(" y: ").append(this.getY().toString(16)).append(nl); - - return buf.toString(); - } - - public int hashCode() - { - return this.getY().hashCode() ^ this.getParams().getG().hashCode() - ^ this.getParams().getP().hashCode() ^ this.getParams().getQ().hashCode(); - } - - public boolean equals( - Object o) - { - if (!(o instanceof DSAPublicKey)) - { - return false; - } - - DSAPublicKey other = (DSAPublicKey)o; - - return this.getY().equals(other.getY()) - && this.getParams().getG().equals(other.getParams().getG()) - && this.getParams().getP().equals(other.getParams().getP()) - && this.getParams().getQ().equals(other.getParams().getQ()); - } - - private void readObject( - ObjectInputStream in) - throws IOException, ClassNotFoundException - { - this.y = (BigInteger)in.readObject(); - this.dsaSpec = new DSAParameterSpec((BigInteger)in.readObject(), (BigInteger)in.readObject(), (BigInteger)in.readObject()); - } - - private void writeObject( - ObjectOutputStream out) - throws IOException - { - out.writeObject(y); - out.writeObject(dsaSpec.getP()); - out.writeObject(dsaSpec.getQ()); - out.writeObject(dsaSpec.getG()); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12StoreParameter.java b/prov/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12StoreParameter.java deleted file mode 100644 index 7e8340aa..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12StoreParameter.java +++ /dev/null @@ -1,51 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.OutputStream; -import java.security.KeyStore; -import java.security.KeyStore.LoadStoreParameter; -import java.security.KeyStore.ProtectionParameter; - -/** - * @deprecated use org.bouncycastle.jcajce.config.PKCS12StoreParameter - */ -public class JDKPKCS12StoreParameter implements LoadStoreParameter -{ - private OutputStream outputStream; - private ProtectionParameter protectionParameter; - private boolean useDEREncoding; - - public OutputStream getOutputStream() - { - return outputStream; - } - - public ProtectionParameter getProtectionParameter() - { - return protectionParameter; - } - - public boolean isUseDEREncoding() - { - return useDEREncoding; - } - - public void setOutputStream(OutputStream outputStream) - { - this.outputStream = outputStream; - } - - public void setPassword(char[] password) - { - this.protectionParameter = new KeyStore.PasswordProtection(password); - } - - public void setProtectionParameter(ProtectionParameter protectionParameter) - { - this.protectionParameter = protectionParameter; - } - - public void setUseDEREncoding(boolean useDEREncoding) - { - this.useDEREncoding = useDEREncoding; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/MultiCertStoreSpi.java b/prov/src/main/java/org/bouncycastle/jce/provider/MultiCertStoreSpi.java deleted file mode 100644 index cf3d15d7..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/MultiCertStoreSpi.java +++ /dev/null @@ -1,85 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.InvalidAlgorithmParameterException; -import java.security.cert.CRLSelector; -import java.security.cert.CertSelector; -import java.security.cert.CertStore; -import java.security.cert.CertStoreException; -import java.security.cert.CertStoreParameters; -import java.security.cert.CertStoreSpi; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Collections; -import java.util.Iterator; -import java.util.List; - -import org.bouncycastle.jce.MultiCertStoreParameters; - -public class MultiCertStoreSpi - extends CertStoreSpi -{ - private MultiCertStoreParameters params; - - public MultiCertStoreSpi(CertStoreParameters params) - throws InvalidAlgorithmParameterException - { - super(params); - - if (!(params instanceof MultiCertStoreParameters)) - { - throw new InvalidAlgorithmParameterException("org.bouncycastle.jce.provider.MultiCertStoreSpi: parameter must be a MultiCertStoreParameters object\n" + params.toString()); - } - - this.params = (MultiCertStoreParameters)params; - } - - public Collection engineGetCertificates(CertSelector certSelector) - throws CertStoreException - { - boolean searchAllStores = params.getSearchAllStores(); - Iterator iter = params.getCertStores().iterator(); - List allCerts = searchAllStores ? new ArrayList() : Collections.EMPTY_LIST; - - while (iter.hasNext()) - { - CertStore store = (CertStore)iter.next(); - Collection certs = store.getCertificates(certSelector); - - if (searchAllStores) - { - allCerts.addAll(certs); - } - else if (!certs.isEmpty()) - { - return certs; - } - } - - return allCerts; - } - - public Collection engineGetCRLs(CRLSelector crlSelector) - throws CertStoreException - { - boolean searchAllStores = params.getSearchAllStores(); - Iterator iter = params.getCertStores().iterator(); - List allCRLs = searchAllStores ? new ArrayList() : Collections.EMPTY_LIST; - - while (iter.hasNext()) - { - CertStore store = (CertStore)iter.next(); - Collection crls = store.getCRLs(crlSelector); - - if (searchAllStores) - { - allCRLs.addAll(crls); - } - else if (!crls.isEmpty()) - { - return crls; - } - } - - return allCRLs; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/PEMUtil.java b/prov/src/main/java/org/bouncycastle/jce/provider/PEMUtil.java deleted file mode 100644 index 04718efc..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/PEMUtil.java +++ /dev/null @@ -1,94 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.IOException; -import java.io.InputStream; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.util.encoders.Base64; - -public class PEMUtil -{ - private final String _header1; - private final String _header2; - private final String _footer1; - private final String _footer2; - - PEMUtil( - String type) - { - _header1 = "-----BEGIN " + type + "-----"; - _header2 = "-----BEGIN X509 " + type + "-----"; - _footer1 = "-----END " + type + "-----"; - _footer2 = "-----END X509 " + type + "-----"; - } - - private String readLine( - InputStream in) - throws IOException - { - int c; - StringBuffer l = new StringBuffer(); - - do - { - while (((c = in.read()) != '\r') && c != '\n' && (c >= 0)) - { - if (c == '\r') - { - continue; - } - - l.append((char)c); - } - } - while (c >= 0 && l.length() == 0); - - if (c < 0) - { - return null; - } - - return l.toString(); - } - - ASN1Sequence readPEMObject( - InputStream in) - throws IOException - { - String line; - StringBuffer pemBuf = new StringBuffer(); - - while ((line = readLine(in)) != null) - { - if (line.startsWith(_header1) || line.startsWith(_header2)) - { - break; - } - } - - while ((line = readLine(in)) != null) - { - if (line.startsWith(_footer1) || line.startsWith(_footer2)) - { - break; - } - - pemBuf.append(line); - } - - if (pemBuf.length() != 0) - { - ASN1Primitive o = new ASN1InputStream(Base64.decode(pemBuf.toString())).readObject(); - if (!(o instanceof ASN1Sequence)) - { - throw new IOException("malformed PEM data encountered"); - } - - return (ASN1Sequence)o; - } - - return null; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/PKIXAttrCertPathBuilderSpi.java b/prov/src/main/java/org/bouncycastle/jce/provider/PKIXAttrCertPathBuilderSpi.java deleted file mode 100644 index 14aef43e..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/PKIXAttrCertPathBuilderSpi.java +++ /dev/null @@ -1,303 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.IOException; -import java.security.InvalidAlgorithmParameterException; -import java.security.Principal; -import java.security.cert.CertPath; -import java.security.cert.CertPathBuilderException; -import java.security.cert.CertPathBuilderResult; -import java.security.cert.CertPathBuilderSpi; -import java.security.cert.CertPathParameters; -import java.security.cert.CertPathValidator; -import java.security.cert.CertificateFactory; -import java.security.cert.CertificateParsingException; -import java.security.cert.PKIXBuilderParameters; -import java.security.cert.PKIXCertPathBuilderResult; -import java.security.cert.PKIXCertPathValidatorResult; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Collection; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; -import java.util.Set; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.jce.exception.ExtCertPathBuilderException; -import org.bouncycastle.util.Selector; -import org.bouncycastle.x509.ExtendedPKIXBuilderParameters; -import org.bouncycastle.x509.X509AttributeCertStoreSelector; -import org.bouncycastle.x509.X509AttributeCertificate; -import org.bouncycastle.x509.X509CertStoreSelector; - -public class PKIXAttrCertPathBuilderSpi - extends CertPathBuilderSpi -{ - - /** - * Build and validate a CertPath using the given parameter. - * - * @param params PKIXBuilderParameters object containing all information to - * build the CertPath - */ - public CertPathBuilderResult engineBuild(CertPathParameters params) - throws CertPathBuilderException, InvalidAlgorithmParameterException - { - if (!(params instanceof PKIXBuilderParameters) - && !(params instanceof ExtendedPKIXBuilderParameters)) - { - throw new InvalidAlgorithmParameterException( - "Parameters must be an instance of " - + PKIXBuilderParameters.class.getName() + " or " - + ExtendedPKIXBuilderParameters.class.getName() - + "."); - } - - ExtendedPKIXBuilderParameters pkixParams; - if (params instanceof ExtendedPKIXBuilderParameters) - { - pkixParams = (ExtendedPKIXBuilderParameters) params; - } - else - { - pkixParams = (ExtendedPKIXBuilderParameters) ExtendedPKIXBuilderParameters - .getInstance((PKIXBuilderParameters) params); - } - - Collection targets; - Iterator targetIter; - List certPathList = new ArrayList(); - X509AttributeCertificate cert; - - // search target certificates - - Selector certSelect = pkixParams.getTargetConstraints(); - if (!(certSelect instanceof X509AttributeCertStoreSelector)) - { - throw new CertPathBuilderException( - "TargetConstraints must be an instance of " - + X509AttributeCertStoreSelector.class.getName() - + " for "+this.getClass().getName()+" class."); - } - - try - { - targets = CertPathValidatorUtilities.findCertificates((X509AttributeCertStoreSelector)certSelect, pkixParams.getStores()); - } - catch (AnnotatedException e) - { - throw new ExtCertPathBuilderException("Error finding target attribute certificate.", e); - } - - if (targets.isEmpty()) - { - throw new CertPathBuilderException( - "No attribute certificate found matching targetContraints."); - } - - CertPathBuilderResult result = null; - - // check all potential target certificates - targetIter = targets.iterator(); - while (targetIter.hasNext() && result == null) - { - cert = (X509AttributeCertificate) targetIter.next(); - - X509CertStoreSelector selector = new X509CertStoreSelector(); - Principal[] principals = cert.getIssuer().getPrincipals(); - Set issuers = new HashSet(); - for (int i = 0; i < principals.length; i++) - { - try - { - if (principals[i] instanceof X500Principal) - { - selector.setSubject(((X500Principal)principals[i]).getEncoded()); - } - issuers.addAll(CertPathValidatorUtilities.findCertificates(selector, pkixParams.getStores())); - issuers.addAll(CertPathValidatorUtilities.findCertificates(selector, pkixParams.getCertStores())); - } - catch (AnnotatedException e) - { - throw new ExtCertPathBuilderException( - "Public key certificate for attribute certificate cannot be searched.", - e); - } - catch (IOException e) - { - throw new ExtCertPathBuilderException( - "cannot encode X500Principal.", - e); - } - } - if (issuers.isEmpty()) - { - throw new CertPathBuilderException( - "Public key certificate for attribute certificate cannot be found."); - } - Iterator it = issuers.iterator(); - while (it.hasNext() && result == null) - { - result = build(cert, (X509Certificate)it.next(), pkixParams, certPathList); - } - } - - if (result == null && certPathException != null) - { - throw new ExtCertPathBuilderException( - "Possible certificate chain could not be validated.", - certPathException); - } - - if (result == null && certPathException == null) - { - throw new CertPathBuilderException( - "Unable to find certificate chain."); - } - - return result; - } - - private Exception certPathException; - - private CertPathBuilderResult build(X509AttributeCertificate attrCert, X509Certificate tbvCert, - ExtendedPKIXBuilderParameters pkixParams, List tbvPath) - - { - // If tbvCert is readily present in tbvPath, it indicates having run - // into a cycle in the - // PKI graph. - if (tbvPath.contains(tbvCert)) - { - return null; - } - // step out, the certificate is not allowed to appear in a certification - // chain - if (pkixParams.getExcludedCerts().contains(tbvCert)) - { - return null; - } - // test if certificate path exceeds maximum length - if (pkixParams.getMaxPathLength() != -1) - { - if (tbvPath.size() - 1 > pkixParams.getMaxPathLength()) - { - return null; - } - } - - tbvPath.add(tbvCert); - - CertificateFactory cFact; - CertPathValidator validator; - CertPathBuilderResult builderResult = null; - - try - { - cFact = CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME); - validator = CertPathValidator.getInstance("RFC3281", BouncyCastleProvider.PROVIDER_NAME); - } - catch (Exception e) - { - // cannot happen - throw new RuntimeException( - "Exception creating support classes."); - } - - try - { - // check whether the issuer of <tbvCert> is a TrustAnchor - if (CertPathValidatorUtilities.findTrustAnchor(tbvCert, pkixParams.getTrustAnchors(), - pkixParams.getSigProvider()) != null) - { - CertPath certPath; - PKIXCertPathValidatorResult result; - try - { - certPath = cFact.generateCertPath(tbvPath); - } - catch (Exception e) - { - throw new AnnotatedException( - "Certification path could not be constructed from certificate list.", - e); - } - - try - { - result = (PKIXCertPathValidatorResult) validator.validate( - certPath, pkixParams); - } - catch (Exception e) - { - throw new AnnotatedException( - "Certification path could not be validated.", - e); - } - - return new PKIXCertPathBuilderResult(certPath, result - .getTrustAnchor(), result.getPolicyTree(), result - .getPublicKey()); - - } - else - { - // add additional X.509 stores from locations in certificate - try - { - CertPathValidatorUtilities.addAdditionalStoresFromAltNames(tbvCert, pkixParams); - } - catch (CertificateParsingException e) - { - throw new AnnotatedException( - "No additional X.509 stores can be added from certificate locations.", - e); - } - Collection issuers = new HashSet(); - // try to get the issuer certificate from one - // of the stores - try - { - issuers.addAll(CertPathValidatorUtilities.findIssuerCerts(tbvCert, pkixParams)); - } - catch (AnnotatedException e) - { - throw new AnnotatedException( - "Cannot find issuer certificate for certificate in certification path.", - e); - } - if (issuers.isEmpty()) - { - throw new AnnotatedException( - "No issuer certificate for certificate in certification path found."); - } - Iterator it = issuers.iterator(); - - while (it.hasNext() && builderResult == null) - { - X509Certificate issuer = (X509Certificate) it.next(); - // TODO Use CertPathValidatorUtilities.isSelfIssued(issuer)? - // if untrusted self signed certificate continue - if (issuer.getIssuerX500Principal().equals( - issuer.getSubjectX500Principal())) - { - continue; - } - builderResult = build(attrCert, issuer, pkixParams, tbvPath); - } - } - } - catch (AnnotatedException e) - { - certPathException = new AnnotatedException( - "No valid certification path could be build.", e); - } - if (builderResult == null) - { - tbvPath.remove(tbvCert); - } - return builderResult; - } - -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/PKIXAttrCertPathValidatorSpi.java b/prov/src/main/java/org/bouncycastle/jce/provider/PKIXAttrCertPathValidatorSpi.java deleted file mode 100644 index c1759bac..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/PKIXAttrCertPathValidatorSpi.java +++ /dev/null @@ -1,99 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.InvalidAlgorithmParameterException; -import java.security.cert.CertPath; -import java.security.cert.CertPathParameters; -import java.security.cert.CertPathValidatorException; -import java.security.cert.CertPathValidatorResult; -import java.security.cert.CertPathValidatorSpi; -import java.security.cert.X509Certificate; -import java.util.Date; -import java.util.Set; - -import org.bouncycastle.jce.exception.ExtCertPathValidatorException; -import org.bouncycastle.util.Selector; -import org.bouncycastle.x509.ExtendedPKIXParameters; -import org.bouncycastle.x509.X509AttributeCertStoreSelector; -import org.bouncycastle.x509.X509AttributeCertificate; - -/** - * CertPathValidatorSpi implementation for X.509 Attribute Certificates la RFC 3281. - * - * @see org.bouncycastle.x509.ExtendedPKIXParameters - */ -public class PKIXAttrCertPathValidatorSpi - extends CertPathValidatorSpi -{ - - /** - * Validates an attribute certificate with the given certificate path. - * - * <p> - * <code>params</code> must be an instance of - * <code>ExtendedPKIXParameters</code>. - * <p> - * The target constraints in the <code>params</code> must be an - * <code>X509AttributeCertStoreSelector</code> with at least the attribute - * certificate criterion set. Obey that also target informations may be - * necessary to correctly validate this attribute certificate. - * <p> - * The attribute certificate issuer must be added to the trusted attribute - * issuers with {@link ExtendedPKIXParameters#setTrustedACIssuers(Set)}. - * - * @param certPath The certificate path which belongs to the attribute - * certificate issuer public key certificate. - * @param params The PKIX parameters. - * @return A <code>PKIXCertPathValidatorResult</code> of the result of - * validating the <code>certPath</code>. - * @throws InvalidAlgorithmParameterException if <code>params</code> is - * inappropriate for this validator. - * @throws CertPathValidatorException if the verification fails. - */ - public CertPathValidatorResult engineValidate(CertPath certPath, - CertPathParameters params) throws CertPathValidatorException, - InvalidAlgorithmParameterException - { - if (!(params instanceof ExtendedPKIXParameters)) - { - throw new InvalidAlgorithmParameterException( - "Parameters must be a " - + ExtendedPKIXParameters.class.getName() + " instance."); - } - ExtendedPKIXParameters pkixParams = (ExtendedPKIXParameters) params; - - Selector certSelect = pkixParams.getTargetConstraints(); - if (!(certSelect instanceof X509AttributeCertStoreSelector)) - { - throw new InvalidAlgorithmParameterException( - "TargetConstraints must be an instance of " - + X509AttributeCertStoreSelector.class.getName() + " for " - + this.getClass().getName() + " class."); - } - X509AttributeCertificate attrCert = ((X509AttributeCertStoreSelector) certSelect) - .getAttributeCert(); - - CertPath holderCertPath = RFC3281CertPathUtilities.processAttrCert1(attrCert, pkixParams); - CertPathValidatorResult result = RFC3281CertPathUtilities.processAttrCert2(certPath, pkixParams); - X509Certificate issuerCert = (X509Certificate) certPath - .getCertificates().get(0); - RFC3281CertPathUtilities.processAttrCert3(issuerCert, pkixParams); - RFC3281CertPathUtilities.processAttrCert4(issuerCert, pkixParams); - RFC3281CertPathUtilities.processAttrCert5(attrCert, pkixParams); - // 6 already done in X509AttributeCertStoreSelector - RFC3281CertPathUtilities.processAttrCert7(attrCert, certPath, holderCertPath, pkixParams); - RFC3281CertPathUtilities.additionalChecks(attrCert, pkixParams); - Date date = null; - try - { - date = CertPathValidatorUtilities - .getValidCertDateFromValidityModel(pkixParams, null, -1); - } - catch (AnnotatedException e) - { - throw new ExtCertPathValidatorException( - "Could not get validity date from attribute certificate.", e); - } - RFC3281CertPathUtilities.checkCRLs(attrCert, pkixParams, issuerCert, date, certPath.getCertificates()); - return result; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/PKIXCRLUtil.java b/prov/src/main/java/org/bouncycastle/jce/provider/PKIXCRLUtil.java deleted file mode 100644 index c94016d7..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/PKIXCRLUtil.java +++ /dev/null @@ -1,155 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.cert.CertStore; -import java.security.cert.CertStoreException; -import java.security.cert.PKIXParameters; -import java.security.cert.X509CRL; -import java.security.cert.X509Certificate; -import java.util.Collection; -import java.util.Date; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; -import java.util.Set; - -import org.bouncycastle.util.StoreException; -import org.bouncycastle.x509.ExtendedPKIXParameters; -import org.bouncycastle.x509.X509CRLStoreSelector; -import org.bouncycastle.x509.X509Store; - -public class PKIXCRLUtil -{ - public Set findCRLs(X509CRLStoreSelector crlselect, ExtendedPKIXParameters paramsPKIX, Date currentDate) - throws AnnotatedException - { - Set initialSet = new HashSet(); - - // get complete CRL(s) - try - { - initialSet.addAll(findCRLs(crlselect, paramsPKIX.getAdditionalStores())); - initialSet.addAll(findCRLs(crlselect, paramsPKIX.getStores())); - initialSet.addAll(findCRLs(crlselect, paramsPKIX.getCertStores())); - } - catch (AnnotatedException e) - { - throw new AnnotatedException("Exception obtaining complete CRLs.", e); - } - - Set finalSet = new HashSet(); - Date validityDate = currentDate; - - if (paramsPKIX.getDate() != null) - { - validityDate = paramsPKIX.getDate(); - } - - // based on RFC 5280 6.3.3 - for (Iterator it = initialSet.iterator(); it.hasNext();) - { - X509CRL crl = (X509CRL)it.next(); - - if (crl.getNextUpdate().after(validityDate)) - { - X509Certificate cert = crlselect.getCertificateChecking(); - - if (cert != null) - { - if (crl.getThisUpdate().before(cert.getNotAfter())) - { - finalSet.add(crl); - } - } - else - { - finalSet.add(crl); - } - } - } - - return finalSet; - } - - public Set findCRLs(X509CRLStoreSelector crlselect, PKIXParameters paramsPKIX) - throws AnnotatedException - { - Set completeSet = new HashSet(); - - // get complete CRL(s) - try - { - completeSet.addAll(findCRLs(crlselect, paramsPKIX.getCertStores())); - } - catch (AnnotatedException e) - { - throw new AnnotatedException("Exception obtaining complete CRLs.", e); - } - - return completeSet; - } - -/** - * Return a Collection of all CRLs found in the X509Store's that are - * matching the crlSelect criteriums. - * - * @param crlSelect a {@link X509CRLStoreSelector} object that will be used - * to select the CRLs - * @param crlStores a List containing only - * {@link org.bouncycastle.x509.X509Store X509Store} objects. - * These are used to search for CRLs - * - * @return a Collection of all found {@link java.security.cert.X509CRL X509CRL} objects. May be - * empty but never <code>null</code>. - */ - private final Collection findCRLs(X509CRLStoreSelector crlSelect, - List crlStores) throws AnnotatedException - { - Set crls = new HashSet(); - Iterator iter = crlStores.iterator(); - - AnnotatedException lastException = null; - boolean foundValidStore = false; - - while (iter.hasNext()) - { - Object obj = iter.next(); - - if (obj instanceof X509Store) - { - X509Store store = (X509Store)obj; - - try - { - crls.addAll(store.getMatches(crlSelect)); - foundValidStore = true; - } - catch (StoreException e) - { - lastException = new AnnotatedException( - "Exception searching in X.509 CRL store.", e); - } - } - else - { - CertStore store = (CertStore)obj; - - try - { - crls.addAll(store.getCRLs(crlSelect)); - foundValidStore = true; - } - catch (CertStoreException e) - { - lastException = new AnnotatedException( - "Exception searching in X.509 CRL store.", e); - } - } - } - if (!foundValidStore && lastException != null) - { - throw lastException; - } - return crls; - } - -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java b/prov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java deleted file mode 100644 index 384eb861..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java +++ /dev/null @@ -1,261 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.InvalidAlgorithmParameterException; -import java.security.cert.CertPath; -import java.security.cert.CertPathBuilderException; -import java.security.cert.CertPathBuilderResult; -import java.security.cert.CertPathBuilderSpi; -import java.security.cert.CertPathParameters; -import java.security.cert.CertPathValidator; -import java.security.cert.CertificateFactory; -import java.security.cert.CertificateParsingException; -import java.security.cert.PKIXBuilderParameters; -import java.security.cert.PKIXCertPathBuilderResult; -import java.security.cert.PKIXCertPathValidatorResult; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Collection; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; - -import org.bouncycastle.jce.exception.ExtCertPathBuilderException; -import org.bouncycastle.util.Selector; -import org.bouncycastle.x509.ExtendedPKIXBuilderParameters; -import org.bouncycastle.x509.X509CertStoreSelector; - -/** - * Implements the PKIX CertPathBuilding algorithm for BouncyCastle. - * - * @see CertPathBuilderSpi - */ -public class PKIXCertPathBuilderSpi - extends CertPathBuilderSpi -{ - /** - * Build and validate a CertPath using the given parameter. - * - * @param params PKIXBuilderParameters object containing all information to - * build the CertPath - */ - public CertPathBuilderResult engineBuild(CertPathParameters params) - throws CertPathBuilderException, InvalidAlgorithmParameterException - { - if (!(params instanceof PKIXBuilderParameters) - && !(params instanceof ExtendedPKIXBuilderParameters)) - { - throw new InvalidAlgorithmParameterException( - "Parameters must be an instance of " - + PKIXBuilderParameters.class.getName() + " or " - + ExtendedPKIXBuilderParameters.class.getName() + "."); - } - - ExtendedPKIXBuilderParameters pkixParams = null; - if (params instanceof ExtendedPKIXBuilderParameters) - { - pkixParams = (ExtendedPKIXBuilderParameters) params; - } - else - { - pkixParams = (ExtendedPKIXBuilderParameters) ExtendedPKIXBuilderParameters - .getInstance((PKIXBuilderParameters) params); - } - - Collection targets; - Iterator targetIter; - List certPathList = new ArrayList(); - X509Certificate cert; - - // search target certificates - - Selector certSelect = pkixParams.getTargetConstraints(); - if (!(certSelect instanceof X509CertStoreSelector)) - { - throw new CertPathBuilderException( - "TargetConstraints must be an instance of " - + X509CertStoreSelector.class.getName() + " for " - + this.getClass().getName() + " class."); - } - - try - { - targets = CertPathValidatorUtilities.findCertificates((X509CertStoreSelector)certSelect, pkixParams.getStores()); - targets.addAll(CertPathValidatorUtilities.findCertificates((X509CertStoreSelector)certSelect, pkixParams.getCertStores())); - } - catch (AnnotatedException e) - { - throw new ExtCertPathBuilderException( - "Error finding target certificate.", e); - } - - if (targets.isEmpty()) - { - - throw new CertPathBuilderException( - "No certificate found matching targetContraints."); - } - - CertPathBuilderResult result = null; - - // check all potential target certificates - targetIter = targets.iterator(); - while (targetIter.hasNext() && result == null) - { - cert = (X509Certificate) targetIter.next(); - result = build(cert, pkixParams, certPathList); - } - - if (result == null && certPathException != null) - { - if (certPathException instanceof AnnotatedException) - { - throw new CertPathBuilderException(certPathException.getMessage(), certPathException.getCause()); - } - throw new CertPathBuilderException( - "Possible certificate chain could not be validated.", - certPathException); - } - - if (result == null && certPathException == null) - { - throw new CertPathBuilderException( - "Unable to find certificate chain."); - } - - return result; - } - - private Exception certPathException; - - protected CertPathBuilderResult build(X509Certificate tbvCert, - ExtendedPKIXBuilderParameters pkixParams, List tbvPath) - { - // If tbvCert is readily present in tbvPath, it indicates having run - // into a cycle in the - // PKI graph. - if (tbvPath.contains(tbvCert)) - { - return null; - } - // step out, the certificate is not allowed to appear in a certification - // chain. - if (pkixParams.getExcludedCerts().contains(tbvCert)) - { - return null; - } - // test if certificate path exceeds maximum length - if (pkixParams.getMaxPathLength() != -1) - { - if (tbvPath.size() - 1 > pkixParams.getMaxPathLength()) - { - return null; - } - } - - tbvPath.add(tbvCert); - - CertificateFactory cFact; - CertPathValidator validator; - CertPathBuilderResult builderResult = null; - - try - { - cFact = CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME); - validator = CertPathValidator.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME); - } - catch (Exception e) - { - // cannot happen - throw new RuntimeException("Exception creating support classes."); - } - - try - { - // check whether the issuer of <tbvCert> is a TrustAnchor - if (CertPathValidatorUtilities.findTrustAnchor(tbvCert, pkixParams.getTrustAnchors(), - pkixParams.getSigProvider()) != null) - { - // exception message from possibly later tried certification - // chains - CertPath certPath = null; - PKIXCertPathValidatorResult result = null; - try - { - certPath = cFact.generateCertPath(tbvPath); - } - catch (Exception e) - { - throw new AnnotatedException( - "Certification path could not be constructed from certificate list.", - e); - } - - try - { - result = (PKIXCertPathValidatorResult) validator.validate( - certPath, pkixParams); - } - catch (Exception e) - { - throw new AnnotatedException( - "Certification path could not be validated.", e); - } - - return new PKIXCertPathBuilderResult(certPath, result - .getTrustAnchor(), result.getPolicyTree(), result - .getPublicKey()); - - } - else - { - // add additional X.509 stores from locations in certificate - try - { - CertPathValidatorUtilities.addAdditionalStoresFromAltNames( - tbvCert, pkixParams); - } - catch (CertificateParsingException e) - { - throw new AnnotatedException( - "No additiontal X.509 stores can be added from certificate locations.", - e); - } - Collection issuers = new HashSet(); - // try to get the issuer certificate from one - // of the stores - try - { - issuers.addAll(CertPathValidatorUtilities.findIssuerCerts(tbvCert, pkixParams)); - } - catch (AnnotatedException e) - { - throw new AnnotatedException( - "Cannot find issuer certificate for certificate in certification path.", - e); - } - if (issuers.isEmpty()) - { - throw new AnnotatedException( - "No issuer certificate for certificate in certification path found."); - } - Iterator it = issuers.iterator(); - - while (it.hasNext() && builderResult == null) - { - X509Certificate issuer = (X509Certificate) it.next(); - builderResult = build(issuer, pkixParams, tbvPath); - } - } - } - catch (AnnotatedException e) - { - certPathException = e; - } - if (builderResult == null) - { - tbvPath.remove(tbvCert); - } - return builderResult; - } - -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java b/prov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java deleted file mode 100644 index 0e62bfc6..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java +++ /dev/null @@ -1,431 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.InvalidAlgorithmParameterException; -import java.security.PublicKey; -import java.security.cert.CertPath; -import java.security.cert.CertPathParameters; -import java.security.cert.CertPathValidatorException; -import java.security.cert.CertPathValidatorResult; -import java.security.cert.CertPathValidatorSpi; -import java.security.cert.PKIXCertPathChecker; -import java.security.cert.PKIXCertPathValidatorResult; -import java.security.cert.PKIXParameters; -import java.security.cert.TrustAnchor; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; -import java.util.Set; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.jce.exception.ExtCertPathValidatorException; -import org.bouncycastle.x509.ExtendedPKIXParameters; - -/** - * CertPathValidatorSpi implementation for X.509 Certificate validation � la RFC - * 3280. - */ -public class PKIXCertPathValidatorSpi - extends CertPathValidatorSpi -{ - - public CertPathValidatorResult engineValidate( - CertPath certPath, - CertPathParameters params) - throws CertPathValidatorException, - InvalidAlgorithmParameterException - { - if (!(params instanceof PKIXParameters)) - { - throw new InvalidAlgorithmParameterException("Parameters must be a " + PKIXParameters.class.getName() - + " instance."); - } - - ExtendedPKIXParameters paramsPKIX; - if (params instanceof ExtendedPKIXParameters) - { - paramsPKIX = (ExtendedPKIXParameters)params; - } - else - { - paramsPKIX = ExtendedPKIXParameters.getInstance((PKIXParameters)params); - } - if (paramsPKIX.getTrustAnchors() == null) - { - throw new InvalidAlgorithmParameterException( - "trustAnchors is null, this is not allowed for certification path validation."); - } - - // - // 6.1.1 - inputs - // - - // - // (a) - // - List certs = certPath.getCertificates(); - int n = certs.size(); - - if (certs.isEmpty()) - { - throw new CertPathValidatorException("Certification path is empty.", null, certPath, 0); - } - - // - // (b) - // - // Date validDate = CertPathValidatorUtilities.getValidDate(paramsPKIX); - - // - // (c) - // - Set userInitialPolicySet = paramsPKIX.getInitialPolicies(); - - // - // (d) - // - TrustAnchor trust; - try - { - trust = CertPathValidatorUtilities.findTrustAnchor((X509Certificate) certs.get(certs.size() - 1), - paramsPKIX.getTrustAnchors(), paramsPKIX.getSigProvider()); - } - catch (AnnotatedException e) - { - throw new CertPathValidatorException(e.getMessage(), e, certPath, certs.size() - 1); - } - - if (trust == null) - { - throw new CertPathValidatorException("Trust anchor for certification path not found.", null, certPath, -1); - } - - // - // (e), (f), (g) are part of the paramsPKIX object. - // - Iterator certIter; - int index = 0; - int i; - // Certificate for each interation of the validation loop - // Signature information for each iteration of the validation loop - // - // 6.1.2 - setup - // - - // - // (a) - // - List[] policyNodes = new ArrayList[n + 1]; - for (int j = 0; j < policyNodes.length; j++) - { - policyNodes[j] = new ArrayList(); - } - - Set policySet = new HashSet(); - - policySet.add(RFC3280CertPathUtilities.ANY_POLICY); - - PKIXPolicyNode validPolicyTree = new PKIXPolicyNode(new ArrayList(), 0, policySet, null, new HashSet(), - RFC3280CertPathUtilities.ANY_POLICY, false); - - policyNodes[0].add(validPolicyTree); - - // - // (b) and (c) - // - PKIXNameConstraintValidator nameConstraintValidator = new PKIXNameConstraintValidator(); - - // (d) - // - int explicitPolicy; - Set acceptablePolicies = new HashSet(); - - if (paramsPKIX.isExplicitPolicyRequired()) - { - explicitPolicy = 0; - } - else - { - explicitPolicy = n + 1; - } - - // - // (e) - // - int inhibitAnyPolicy; - - if (paramsPKIX.isAnyPolicyInhibited()) - { - inhibitAnyPolicy = 0; - } - else - { - inhibitAnyPolicy = n + 1; - } - - // - // (f) - // - int policyMapping; - - if (paramsPKIX.isPolicyMappingInhibited()) - { - policyMapping = 0; - } - else - { - policyMapping = n + 1; - } - - // - // (g), (h), (i), (j) - // - PublicKey workingPublicKey; - X500Principal workingIssuerName; - - X509Certificate sign = trust.getTrustedCert(); - try - { - if (sign != null) - { - workingIssuerName = CertPathValidatorUtilities.getSubjectPrincipal(sign); - workingPublicKey = sign.getPublicKey(); - } - else - { - workingIssuerName = new X500Principal(trust.getCAName()); - workingPublicKey = trust.getCAPublicKey(); - } - } - catch (IllegalArgumentException ex) - { - throw new ExtCertPathValidatorException("Subject of trust anchor could not be (re)encoded.", ex, certPath, - -1); - } - - AlgorithmIdentifier workingAlgId = null; - try - { - workingAlgId = CertPathValidatorUtilities.getAlgorithmIdentifier(workingPublicKey); - } - catch (CertPathValidatorException e) - { - throw new ExtCertPathValidatorException( - "Algorithm identifier of public key of trust anchor could not be read.", e, certPath, -1); - } - ASN1ObjectIdentifier workingPublicKeyAlgorithm = workingAlgId.getAlgorithm(); - ASN1Encodable workingPublicKeyParameters = workingAlgId.getParameters(); - - // - // (k) - // - int maxPathLength = n; - - // - // 6.1.3 - // - - if (paramsPKIX.getTargetConstraints() != null - && !paramsPKIX.getTargetConstraints().match((X509Certificate) certs.get(0))) - { - throw new ExtCertPathValidatorException( - "Target certificate in certification path does not match targetConstraints.", null, certPath, 0); - } - - // - // initialize CertPathChecker's - // - List pathCheckers = paramsPKIX.getCertPathCheckers(); - certIter = pathCheckers.iterator(); - while (certIter.hasNext()) - { - ((PKIXCertPathChecker) certIter.next()).init(false); - } - - X509Certificate cert = null; - - for (index = certs.size() - 1; index >= 0; index--) - { - // try - // { - // - // i as defined in the algorithm description - // - i = n - index; - - // - // set certificate to be checked in this round - // sign and workingPublicKey and workingIssuerName are set - // at the end of the for loop and initialized the - // first time from the TrustAnchor - // - cert = (X509Certificate) certs.get(index); - boolean verificationAlreadyPerformed = (index == certs.size() - 1); - - // - // 6.1.3 - // - - RFC3280CertPathUtilities.processCertA(certPath, paramsPKIX, index, workingPublicKey, - verificationAlreadyPerformed, workingIssuerName, sign); - - RFC3280CertPathUtilities.processCertBC(certPath, index, nameConstraintValidator); - - validPolicyTree = RFC3280CertPathUtilities.processCertD(certPath, index, acceptablePolicies, - validPolicyTree, policyNodes, inhibitAnyPolicy); - - validPolicyTree = RFC3280CertPathUtilities.processCertE(certPath, index, validPolicyTree); - - RFC3280CertPathUtilities.processCertF(certPath, index, validPolicyTree, explicitPolicy); - - // - // 6.1.4 - // - - if (i != n) - { - if (cert != null && cert.getVersion() == 1) - { - throw new CertPathValidatorException("Version 1 certificates can't be used as CA ones.", null, - certPath, index); - } - - RFC3280CertPathUtilities.prepareNextCertA(certPath, index); - - validPolicyTree = RFC3280CertPathUtilities.prepareCertB(certPath, index, policyNodes, validPolicyTree, - policyMapping); - - RFC3280CertPathUtilities.prepareNextCertG(certPath, index, nameConstraintValidator); - - // (h) - explicitPolicy = RFC3280CertPathUtilities.prepareNextCertH1(certPath, index, explicitPolicy); - policyMapping = RFC3280CertPathUtilities.prepareNextCertH2(certPath, index, policyMapping); - inhibitAnyPolicy = RFC3280CertPathUtilities.prepareNextCertH3(certPath, index, inhibitAnyPolicy); - - // - // (i) - // - explicitPolicy = RFC3280CertPathUtilities.prepareNextCertI1(certPath, index, explicitPolicy); - policyMapping = RFC3280CertPathUtilities.prepareNextCertI2(certPath, index, policyMapping); - - // (j) - inhibitAnyPolicy = RFC3280CertPathUtilities.prepareNextCertJ(certPath, index, inhibitAnyPolicy); - - // (k) - RFC3280CertPathUtilities.prepareNextCertK(certPath, index); - - // (l) - maxPathLength = RFC3280CertPathUtilities.prepareNextCertL(certPath, index, maxPathLength); - - // (m) - maxPathLength = RFC3280CertPathUtilities.prepareNextCertM(certPath, index, maxPathLength); - - // (n) - RFC3280CertPathUtilities.prepareNextCertN(certPath, index); - - Set criticalExtensions = cert.getCriticalExtensionOIDs(); - if (criticalExtensions != null) - { - criticalExtensions = new HashSet(criticalExtensions); - - // these extensions are handled by the algorithm - criticalExtensions.remove(RFC3280CertPathUtilities.KEY_USAGE); - criticalExtensions.remove(RFC3280CertPathUtilities.CERTIFICATE_POLICIES); - criticalExtensions.remove(RFC3280CertPathUtilities.POLICY_MAPPINGS); - criticalExtensions.remove(RFC3280CertPathUtilities.INHIBIT_ANY_POLICY); - criticalExtensions.remove(RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT); - criticalExtensions.remove(RFC3280CertPathUtilities.DELTA_CRL_INDICATOR); - criticalExtensions.remove(RFC3280CertPathUtilities.POLICY_CONSTRAINTS); - criticalExtensions.remove(RFC3280CertPathUtilities.BASIC_CONSTRAINTS); - criticalExtensions.remove(RFC3280CertPathUtilities.SUBJECT_ALTERNATIVE_NAME); - criticalExtensions.remove(RFC3280CertPathUtilities.NAME_CONSTRAINTS); - } - else - { - criticalExtensions = new HashSet(); - } - - // (o) - RFC3280CertPathUtilities.prepareNextCertO(certPath, index, criticalExtensions, pathCheckers); - - // set signing certificate for next round - sign = cert; - - // (c) - workingIssuerName = CertPathValidatorUtilities.getSubjectPrincipal(sign); - - // (d) - try - { - workingPublicKey = CertPathValidatorUtilities.getNextWorkingKey(certPath.getCertificates(), index); - } - catch (CertPathValidatorException e) - { - throw new CertPathValidatorException("Next working key could not be retrieved.", e, certPath, index); - } - - workingAlgId = CertPathValidatorUtilities.getAlgorithmIdentifier(workingPublicKey); - // (f) - workingPublicKeyAlgorithm = workingAlgId.getAlgorithm(); - // (e) - workingPublicKeyParameters = workingAlgId.getParameters(); - } - } - - // - // 6.1.5 Wrap-up procedure - // - - explicitPolicy = RFC3280CertPathUtilities.wrapupCertA(explicitPolicy, cert); - - explicitPolicy = RFC3280CertPathUtilities.wrapupCertB(certPath, index + 1, explicitPolicy); - - // - // (c) (d) and (e) are already done - // - - // - // (f) - // - Set criticalExtensions = cert.getCriticalExtensionOIDs(); - - if (criticalExtensions != null) - { - criticalExtensions = new HashSet(criticalExtensions); - // these extensions are handled by the algorithm - criticalExtensions.remove(RFC3280CertPathUtilities.KEY_USAGE); - criticalExtensions.remove(RFC3280CertPathUtilities.CERTIFICATE_POLICIES); - criticalExtensions.remove(RFC3280CertPathUtilities.POLICY_MAPPINGS); - criticalExtensions.remove(RFC3280CertPathUtilities.INHIBIT_ANY_POLICY); - criticalExtensions.remove(RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT); - criticalExtensions.remove(RFC3280CertPathUtilities.DELTA_CRL_INDICATOR); - criticalExtensions.remove(RFC3280CertPathUtilities.POLICY_CONSTRAINTS); - criticalExtensions.remove(RFC3280CertPathUtilities.BASIC_CONSTRAINTS); - criticalExtensions.remove(RFC3280CertPathUtilities.SUBJECT_ALTERNATIVE_NAME); - criticalExtensions.remove(RFC3280CertPathUtilities.NAME_CONSTRAINTS); - criticalExtensions.remove(RFC3280CertPathUtilities.CRL_DISTRIBUTION_POINTS); - } - else - { - criticalExtensions = new HashSet(); - } - - RFC3280CertPathUtilities.wrapupCertF(certPath, index + 1, pathCheckers, criticalExtensions); - - PKIXPolicyNode intersection = RFC3280CertPathUtilities.wrapupCertG(certPath, paramsPKIX, userInitialPolicySet, - index + 1, policyNodes, validPolicyTree, acceptablePolicies); - - if ((explicitPolicy > 0) || (intersection != null)) - { - return new PKIXCertPathValidatorResult(trust, intersection, cert.getPublicKey()); - } - - throw new CertPathValidatorException("Path processing failed on policy.", null, certPath, index); - } - -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java b/prov/src/main/java/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java deleted file mode 100644 index 7ecc4860..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java +++ /dev/null @@ -1,1927 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.util.Collection; -import java.util.Collections; -import java.util.HashMap; -import java.util.HashSet; -import java.util.Iterator; -import java.util.Map; -import java.util.Set; - -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.GeneralSubtree; -import org.bouncycastle.util.Arrays; -import org.bouncycastle.util.Integers; -import org.bouncycastle.util.Strings; - -public class PKIXNameConstraintValidator -{ - private Set excludedSubtreesDN = new HashSet(); - - private Set excludedSubtreesDNS = new HashSet(); - - private Set excludedSubtreesEmail = new HashSet(); - - private Set excludedSubtreesURI = new HashSet(); - - private Set excludedSubtreesIP = new HashSet(); - - private Set permittedSubtreesDN; - - private Set permittedSubtreesDNS; - - private Set permittedSubtreesEmail; - - private Set permittedSubtreesURI; - - private Set permittedSubtreesIP; - - public PKIXNameConstraintValidator() - { - } - - private static boolean withinDNSubtree( - ASN1Sequence dns, - ASN1Sequence subtree) - { - if (subtree.size() < 1) - { - return false; - } - - if (subtree.size() > dns.size()) - { - return false; - } - - for (int j = subtree.size() - 1; j >= 0; j--) - { - if (!subtree.getObjectAt(j).equals(dns.getObjectAt(j))) - { - return false; - } - } - - return true; - } - - public void checkPermittedDN(ASN1Sequence dns) - throws PKIXNameConstraintValidatorException - { - checkPermittedDN(permittedSubtreesDN, dns); - } - - public void checkExcludedDN(ASN1Sequence dns) - throws PKIXNameConstraintValidatorException - { - checkExcludedDN(excludedSubtreesDN, dns); - } - - private void checkPermittedDN(Set permitted, ASN1Sequence dns) - throws PKIXNameConstraintValidatorException - { - if (permitted == null) - { - return; - } - - if (permitted.isEmpty() && dns.size() == 0) - { - return; - } - Iterator it = permitted.iterator(); - - while (it.hasNext()) - { - ASN1Sequence subtree = (ASN1Sequence)it.next(); - - if (withinDNSubtree(dns, subtree)) - { - return; - } - } - - throw new PKIXNameConstraintValidatorException( - "Subject distinguished name is not from a permitted subtree"); - } - - private void checkExcludedDN(Set excluded, ASN1Sequence dns) - throws PKIXNameConstraintValidatorException - { - if (excluded.isEmpty()) - { - return; - } - - Iterator it = excluded.iterator(); - - while (it.hasNext()) - { - ASN1Sequence subtree = (ASN1Sequence)it.next(); - - if (withinDNSubtree(dns, subtree)) - { - throw new PKIXNameConstraintValidatorException( - "Subject distinguished name is from an excluded subtree"); - } - } - } - - private Set intersectDN(Set permitted, Set dns) - { - Set intersect = new HashSet(); - for (Iterator it = dns.iterator(); it.hasNext();) - { - ASN1Sequence dn = ASN1Sequence.getInstance(((GeneralSubtree)it - .next()).getBase().getName().toASN1Primitive()); - if (permitted == null) - { - if (dn != null) - { - intersect.add(dn); - } - } - else - { - Iterator _iter = permitted.iterator(); - while (_iter.hasNext()) - { - ASN1Sequence subtree = (ASN1Sequence)_iter.next(); - - if (withinDNSubtree(dn, subtree)) - { - intersect.add(dn); - } - else if (withinDNSubtree(subtree, dn)) - { - intersect.add(subtree); - } - } - } - } - return intersect; - } - - private Set unionDN(Set excluded, ASN1Sequence dn) - { - if (excluded.isEmpty()) - { - if (dn == null) - { - return excluded; - } - excluded.add(dn); - - return excluded; - } - else - { - Set intersect = new HashSet(); - - Iterator it = excluded.iterator(); - while (it.hasNext()) - { - ASN1Sequence subtree = (ASN1Sequence)it.next(); - - if (withinDNSubtree(dn, subtree)) - { - intersect.add(subtree); - } - else if (withinDNSubtree(subtree, dn)) - { - intersect.add(dn); - } - else - { - intersect.add(subtree); - intersect.add(dn); - } - } - - return intersect; - } - } - - private Set intersectEmail(Set permitted, Set emails) - { - Set intersect = new HashSet(); - for (Iterator it = emails.iterator(); it.hasNext();) - { - String email = extractNameAsString(((GeneralSubtree)it.next()) - .getBase()); - - if (permitted == null) - { - if (email != null) - { - intersect.add(email); - } - } - else - { - Iterator it2 = permitted.iterator(); - while (it2.hasNext()) - { - String _permitted = (String)it2.next(); - - intersectEmail(email, _permitted, intersect); - } - } - } - return intersect; - } - - private Set unionEmail(Set excluded, String email) - { - if (excluded.isEmpty()) - { - if (email == null) - { - return excluded; - } - excluded.add(email); - return excluded; - } - else - { - Set union = new HashSet(); - - Iterator it = excluded.iterator(); - while (it.hasNext()) - { - String _excluded = (String)it.next(); - - unionEmail(_excluded, email, union); - } - - return union; - } - } - - /** - * Returns the intersection of the permitted IP ranges in - * <code>permitted</code> with <code>ip</code>. - * - * @param permitted A <code>Set</code> of permitted IP addresses with - * their subnet mask as byte arrays. - * @param ips The IP address with its subnet mask. - * @return The <code>Set</code> of permitted IP ranges intersected with - * <code>ip</code>. - */ - private Set intersectIP(Set permitted, Set ips) - { - Set intersect = new HashSet(); - for (Iterator it = ips.iterator(); it.hasNext();) - { - byte[] ip = ASN1OctetString.getInstance( - ((GeneralSubtree)it.next()).getBase().getName()).getOctets(); - if (permitted == null) - { - if (ip != null) - { - intersect.add(ip); - } - } - else - { - Iterator it2 = permitted.iterator(); - while (it2.hasNext()) - { - byte[] _permitted = (byte[])it2.next(); - intersect.addAll(intersectIPRange(_permitted, ip)); - } - } - } - return intersect; - } - - /** - * Returns the union of the excluded IP ranges in <code>excluded</code> - * with <code>ip</code>. - * - * @param excluded A <code>Set</code> of excluded IP addresses with their - * subnet mask as byte arrays. - * @param ip The IP address with its subnet mask. - * @return The <code>Set</code> of excluded IP ranges unified with - * <code>ip</code> as byte arrays. - */ - private Set unionIP(Set excluded, byte[] ip) - { - if (excluded.isEmpty()) - { - if (ip == null) - { - return excluded; - } - excluded.add(ip); - - return excluded; - } - else - { - Set union = new HashSet(); - - Iterator it = excluded.iterator(); - while (it.hasNext()) - { - byte[] _excluded = (byte[])it.next(); - union.addAll(unionIPRange(_excluded, ip)); - } - - return union; - } - } - - /** - * Calculates the union if two IP ranges. - * - * @param ipWithSubmask1 The first IP address with its subnet mask. - * @param ipWithSubmask2 The second IP address with its subnet mask. - * @return A <code>Set</code> with the union of both addresses. - */ - private Set unionIPRange(byte[] ipWithSubmask1, byte[] ipWithSubmask2) - { - Set set = new HashSet(); - - // difficult, adding always all IPs is not wrong - if (Arrays.areEqual(ipWithSubmask1, ipWithSubmask2)) - { - set.add(ipWithSubmask1); - } - else - { - set.add(ipWithSubmask1); - set.add(ipWithSubmask2); - } - return set; - } - - /** - * Calculates the interesction if two IP ranges. - * - * @param ipWithSubmask1 The first IP address with its subnet mask. - * @param ipWithSubmask2 The second IP address with its subnet mask. - * @return A <code>Set</code> with the single IP address with its subnet - * mask as a byte array or an empty <code>Set</code>. - */ - private Set intersectIPRange(byte[] ipWithSubmask1, byte[] ipWithSubmask2) - { - if (ipWithSubmask1.length != ipWithSubmask2.length) - { - return Collections.EMPTY_SET; - } - byte[][] temp = extractIPsAndSubnetMasks(ipWithSubmask1, ipWithSubmask2); - byte ip1[] = temp[0]; - byte subnetmask1[] = temp[1]; - byte ip2[] = temp[2]; - byte subnetmask2[] = temp[3]; - - byte minMax[][] = minMaxIPs(ip1, subnetmask1, ip2, subnetmask2); - byte[] min; - byte[] max; - max = min(minMax[1], minMax[3]); - min = max(minMax[0], minMax[2]); - - // minimum IP address must be bigger than max - if (compareTo(min, max) == 1) - { - return Collections.EMPTY_SET; - } - // OR keeps all significant bits - byte[] ip = or(minMax[0], minMax[2]); - byte[] subnetmask = or(subnetmask1, subnetmask2); - return Collections.singleton(ipWithSubnetMask(ip, subnetmask)); - } - - /** - * Concatenates the IP address with its subnet mask. - * - * @param ip The IP address. - * @param subnetMask Its subnet mask. - * @return The concatenated IP address with its subnet mask. - */ - private byte[] ipWithSubnetMask(byte[] ip, byte[] subnetMask) - { - int ipLength = ip.length; - byte[] temp = new byte[ipLength * 2]; - System.arraycopy(ip, 0, temp, 0, ipLength); - System.arraycopy(subnetMask, 0, temp, ipLength, ipLength); - return temp; - } - - /** - * Splits the IP addresses and their subnet mask. - * - * @param ipWithSubmask1 The first IP address with the subnet mask. - * @param ipWithSubmask2 The second IP address with the subnet mask. - * @return An array with two elements. Each element contains the IP address - * and the subnet mask in this order. - */ - private byte[][] extractIPsAndSubnetMasks( - byte[] ipWithSubmask1, - byte[] ipWithSubmask2) - { - int ipLength = ipWithSubmask1.length / 2; - byte ip1[] = new byte[ipLength]; - byte subnetmask1[] = new byte[ipLength]; - System.arraycopy(ipWithSubmask1, 0, ip1, 0, ipLength); - System.arraycopy(ipWithSubmask1, ipLength, subnetmask1, 0, ipLength); - - byte ip2[] = new byte[ipLength]; - byte subnetmask2[] = new byte[ipLength]; - System.arraycopy(ipWithSubmask2, 0, ip2, 0, ipLength); - System.arraycopy(ipWithSubmask2, ipLength, subnetmask2, 0, ipLength); - return new byte[][] - {ip1, subnetmask1, ip2, subnetmask2}; - } - - /** - * Based on the two IP addresses and their subnet masks the IP range is - * computed for each IP address - subnet mask pair and returned as the - * minimum IP address and the maximum address of the range. - * - * @param ip1 The first IP address. - * @param subnetmask1 The subnet mask of the first IP address. - * @param ip2 The second IP address. - * @param subnetmask2 The subnet mask of the second IP address. - * @return A array with two elements. The first/second element contains the - * min and max IP address of the first/second IP address and its - * subnet mask. - */ - private byte[][] minMaxIPs( - byte[] ip1, - byte[] subnetmask1, - byte[] ip2, - byte[] subnetmask2) - { - int ipLength = ip1.length; - byte[] min1 = new byte[ipLength]; - byte[] max1 = new byte[ipLength]; - - byte[] min2 = new byte[ipLength]; - byte[] max2 = new byte[ipLength]; - - for (int i = 0; i < ipLength; i++) - { - min1[i] = (byte)(ip1[i] & subnetmask1[i]); - max1[i] = (byte)(ip1[i] & subnetmask1[i] | ~subnetmask1[i]); - - min2[i] = (byte)(ip2[i] & subnetmask2[i]); - max2[i] = (byte)(ip2[i] & subnetmask2[i] | ~subnetmask2[i]); - } - - return new byte[][]{min1, max1, min2, max2}; - } - - private void checkPermittedEmail(Set permitted, String email) - throws PKIXNameConstraintValidatorException - { - if (permitted == null) - { - return; - } - - Iterator it = permitted.iterator(); - - while (it.hasNext()) - { - String str = ((String)it.next()); - - if (emailIsConstrained(email, str)) - { - return; - } - } - - if (email.length() == 0 && permitted.size() == 0) - { - return; - } - - throw new PKIXNameConstraintValidatorException( - "Subject email address is not from a permitted subtree."); - } - - private void checkExcludedEmail(Set excluded, String email) - throws PKIXNameConstraintValidatorException - { - if (excluded.isEmpty()) - { - return; - } - - Iterator it = excluded.iterator(); - - while (it.hasNext()) - { - String str = (String)it.next(); - - if (emailIsConstrained(email, str)) - { - throw new PKIXNameConstraintValidatorException( - "Email address is from an excluded subtree."); - } - } - } - - /** - * Checks if the IP <code>ip</code> is included in the permitted set - * <code>permitted</code>. - * - * @param permitted A <code>Set</code> of permitted IP addresses with - * their subnet mask as byte arrays. - * @param ip The IP address. - * @throws PKIXNameConstraintValidatorException - * if the IP is not permitted. - */ - private void checkPermittedIP(Set permitted, byte[] ip) - throws PKIXNameConstraintValidatorException - { - if (permitted == null) - { - return; - } - - Iterator it = permitted.iterator(); - - while (it.hasNext()) - { - byte[] ipWithSubnet = (byte[])it.next(); - - if (isIPConstrained(ip, ipWithSubnet)) - { - return; - } - } - if (ip.length == 0 && permitted.size() == 0) - { - return; - } - throw new PKIXNameConstraintValidatorException( - "IP is not from a permitted subtree."); - } - - /** - * Checks if the IP <code>ip</code> is included in the excluded set - * <code>excluded</code>. - * - * @param excluded A <code>Set</code> of excluded IP addresses with their - * subnet mask as byte arrays. - * @param ip The IP address. - * @throws PKIXNameConstraintValidatorException - * if the IP is excluded. - */ - private void checkExcludedIP(Set excluded, byte[] ip) - throws PKIXNameConstraintValidatorException - { - if (excluded.isEmpty()) - { - return; - } - - Iterator it = excluded.iterator(); - - while (it.hasNext()) - { - byte[] ipWithSubnet = (byte[])it.next(); - - if (isIPConstrained(ip, ipWithSubnet)) - { - throw new PKIXNameConstraintValidatorException( - "IP is from an excluded subtree."); - } - } - } - - /** - * Checks if the IP address <code>ip</code> is constrained by - * <code>constraint</code>. - * - * @param ip The IP address. - * @param constraint The constraint. This is an IP address concatenated with - * its subnetmask. - * @return <code>true</code> if constrained, <code>false</code> - * otherwise. - */ - private boolean isIPConstrained(byte ip[], byte[] constraint) - { - int ipLength = ip.length; - - if (ipLength != (constraint.length / 2)) - { - return false; - } - - byte[] subnetMask = new byte[ipLength]; - System.arraycopy(constraint, ipLength, subnetMask, 0, ipLength); - - byte[] permittedSubnetAddress = new byte[ipLength]; - - byte[] ipSubnetAddress = new byte[ipLength]; - - // the resulting IP address by applying the subnet mask - for (int i = 0; i < ipLength; i++) - { - permittedSubnetAddress[i] = (byte)(constraint[i] & subnetMask[i]); - ipSubnetAddress[i] = (byte)(ip[i] & subnetMask[i]); - } - - return Arrays.areEqual(permittedSubnetAddress, ipSubnetAddress); - } - - private boolean emailIsConstrained(String email, String constraint) - { - String sub = email.substring(email.indexOf('@') + 1); - // a particular mailbox - if (constraint.indexOf('@') != -1) - { - if (email.equalsIgnoreCase(constraint)) - { - return true; - } - } - // on particular host - else if (!(constraint.charAt(0) == '.')) - { - if (sub.equalsIgnoreCase(constraint)) - { - return true; - } - } - // address in sub domain - else if (withinDomain(sub, constraint)) - { - return true; - } - return false; - } - - private boolean withinDomain(String testDomain, String domain) - { - String tempDomain = domain; - if (tempDomain.startsWith(".")) - { - tempDomain = tempDomain.substring(1); - } - String[] domainParts = Strings.split(tempDomain, '.'); - String[] testDomainParts = Strings.split(testDomain, '.'); - // must have at least one subdomain - if (testDomainParts.length <= domainParts.length) - { - return false; - } - int d = testDomainParts.length - domainParts.length; - for (int i = -1; i < domainParts.length; i++) - { - if (i == -1) - { - if (testDomainParts[i + d].equals("")) - { - return false; - } - } - else if (!domainParts[i].equalsIgnoreCase(testDomainParts[i + d])) - { - return false; - } - } - return true; - } - - private void checkPermittedDNS(Set permitted, String dns) - throws PKIXNameConstraintValidatorException - { - if (permitted == null) - { - return; - } - - Iterator it = permitted.iterator(); - - while (it.hasNext()) - { - String str = ((String)it.next()); - - // is sub domain - if (withinDomain(dns, str) || dns.equalsIgnoreCase(str)) - { - return; - } - } - if (dns.length() == 0 && permitted.size() == 0) - { - return; - } - throw new PKIXNameConstraintValidatorException( - "DNS is not from a permitted subtree."); - } - - private void checkExcludedDNS(Set excluded, String dns) - throws PKIXNameConstraintValidatorException - { - if (excluded.isEmpty()) - { - return; - } - - Iterator it = excluded.iterator(); - - while (it.hasNext()) - { - String str = ((String)it.next()); - - // is sub domain or the same - if (withinDomain(dns, str) || dns.equalsIgnoreCase(str)) - { - throw new PKIXNameConstraintValidatorException( - "DNS is from an excluded subtree."); - } - } - } - - /** - * The common part of <code>email1</code> and <code>email2</code> is - * added to the union <code>union</code>. If <code>email1</code> and - * <code>email2</code> have nothing in common they are added both. - * - * @param email1 Email address constraint 1. - * @param email2 Email address constraint 2. - * @param union The union. - */ - private void unionEmail(String email1, String email2, Set union) - { - // email1 is a particular address - if (email1.indexOf('@') != -1) - { - String _sub = email1.substring(email1.indexOf('@') + 1); - // both are a particular mailbox - if (email2.indexOf('@') != -1) - { - if (email1.equalsIgnoreCase(email2)) - { - union.add(email1); - } - else - { - union.add(email1); - union.add(email2); - } - } - // email2 specifies a domain - else if (email2.startsWith(".")) - { - if (withinDomain(_sub, email2)) - { - union.add(email2); - } - else - { - union.add(email1); - union.add(email2); - } - } - // email2 specifies a particular host - else - { - if (_sub.equalsIgnoreCase(email2)) - { - union.add(email2); - } - else - { - union.add(email1); - union.add(email2); - } - } - } - // email1 specifies a domain - else if (email1.startsWith(".")) - { - if (email2.indexOf('@') != -1) - { - String _sub = email2.substring(email1.indexOf('@') + 1); - if (withinDomain(_sub, email1)) - { - union.add(email1); - } - else - { - union.add(email1); - union.add(email2); - } - } - // email2 specifies a domain - else if (email2.startsWith(".")) - { - if (withinDomain(email1, email2) - || email1.equalsIgnoreCase(email2)) - { - union.add(email2); - } - else if (withinDomain(email2, email1)) - { - union.add(email1); - } - else - { - union.add(email1); - union.add(email2); - } - } - else - { - if (withinDomain(email2, email1)) - { - union.add(email1); - } - else - { - union.add(email1); - union.add(email2); - } - } - } - // email specifies a host - else - { - if (email2.indexOf('@') != -1) - { - String _sub = email2.substring(email1.indexOf('@') + 1); - if (_sub.equalsIgnoreCase(email1)) - { - union.add(email1); - } - else - { - union.add(email1); - union.add(email2); - } - } - // email2 specifies a domain - else if (email2.startsWith(".")) - { - if (withinDomain(email1, email2)) - { - union.add(email2); - } - else - { - union.add(email1); - union.add(email2); - } - } - // email2 specifies a particular host - else - { - if (email1.equalsIgnoreCase(email2)) - { - union.add(email1); - } - else - { - union.add(email1); - union.add(email2); - } - } - } - } - - private void unionURI(String email1, String email2, Set union) - { - // email1 is a particular address - if (email1.indexOf('@') != -1) - { - String _sub = email1.substring(email1.indexOf('@') + 1); - // both are a particular mailbox - if (email2.indexOf('@') != -1) - { - if (email1.equalsIgnoreCase(email2)) - { - union.add(email1); - } - else - { - union.add(email1); - union.add(email2); - } - } - // email2 specifies a domain - else if (email2.startsWith(".")) - { - if (withinDomain(_sub, email2)) - { - union.add(email2); - } - else - { - union.add(email1); - union.add(email2); - } - } - // email2 specifies a particular host - else - { - if (_sub.equalsIgnoreCase(email2)) - { - union.add(email2); - } - else - { - union.add(email1); - union.add(email2); - } - } - } - // email1 specifies a domain - else if (email1.startsWith(".")) - { - if (email2.indexOf('@') != -1) - { - String _sub = email2.substring(email1.indexOf('@') + 1); - if (withinDomain(_sub, email1)) - { - union.add(email1); - } - else - { - union.add(email1); - union.add(email2); - } - } - // email2 specifies a domain - else if (email2.startsWith(".")) - { - if (withinDomain(email1, email2) - || email1.equalsIgnoreCase(email2)) - { - union.add(email2); - } - else if (withinDomain(email2, email1)) - { - union.add(email1); - } - else - { - union.add(email1); - union.add(email2); - } - } - else - { - if (withinDomain(email2, email1)) - { - union.add(email1); - } - else - { - union.add(email1); - union.add(email2); - } - } - } - // email specifies a host - else - { - if (email2.indexOf('@') != -1) - { - String _sub = email2.substring(email1.indexOf('@') + 1); - if (_sub.equalsIgnoreCase(email1)) - { - union.add(email1); - } - else - { - union.add(email1); - union.add(email2); - } - } - // email2 specifies a domain - else if (email2.startsWith(".")) - { - if (withinDomain(email1, email2)) - { - union.add(email2); - } - else - { - union.add(email1); - union.add(email2); - } - } - // email2 specifies a particular host - else - { - if (email1.equalsIgnoreCase(email2)) - { - union.add(email1); - } - else - { - union.add(email1); - union.add(email2); - } - } - } - } - - private Set intersectDNS(Set permitted, Set dnss) - { - Set intersect = new HashSet(); - for (Iterator it = dnss.iterator(); it.hasNext();) - { - String dns = extractNameAsString(((GeneralSubtree)it.next()) - .getBase()); - if (permitted == null) - { - if (dns != null) - { - intersect.add(dns); - } - } - else - { - Iterator _iter = permitted.iterator(); - while (_iter.hasNext()) - { - String _permitted = (String)_iter.next(); - - if (withinDomain(_permitted, dns)) - { - intersect.add(_permitted); - } - else if (withinDomain(dns, _permitted)) - { - intersect.add(dns); - } - } - } - } - - return intersect; - } - - protected Set unionDNS(Set excluded, String dns) - { - if (excluded.isEmpty()) - { - if (dns == null) - { - return excluded; - } - excluded.add(dns); - - return excluded; - } - else - { - Set union = new HashSet(); - - Iterator _iter = excluded.iterator(); - while (_iter.hasNext()) - { - String _permitted = (String)_iter.next(); - - if (withinDomain(_permitted, dns)) - { - union.add(dns); - } - else if (withinDomain(dns, _permitted)) - { - union.add(_permitted); - } - else - { - union.add(_permitted); - union.add(dns); - } - } - - return union; - } - } - - /** - * The most restricting part from <code>email1</code> and - * <code>email2</code> is added to the intersection <code>intersect</code>. - * - * @param email1 Email address constraint 1. - * @param email2 Email address constraint 2. - * @param intersect The intersection. - */ - private void intersectEmail(String email1, String email2, Set intersect) - { - // email1 is a particular address - if (email1.indexOf('@') != -1) - { - String _sub = email1.substring(email1.indexOf('@') + 1); - // both are a particular mailbox - if (email2.indexOf('@') != -1) - { - if (email1.equalsIgnoreCase(email2)) - { - intersect.add(email1); - } - } - // email2 specifies a domain - else if (email2.startsWith(".")) - { - if (withinDomain(_sub, email2)) - { - intersect.add(email1); - } - } - // email2 specifies a particular host - else - { - if (_sub.equalsIgnoreCase(email2)) - { - intersect.add(email1); - } - } - } - // email specifies a domain - else if (email1.startsWith(".")) - { - if (email2.indexOf('@') != -1) - { - String _sub = email2.substring(email1.indexOf('@') + 1); - if (withinDomain(_sub, email1)) - { - intersect.add(email2); - } - } - // email2 specifies a domain - else if (email2.startsWith(".")) - { - if (withinDomain(email1, email2) - || email1.equalsIgnoreCase(email2)) - { - intersect.add(email1); - } - else if (withinDomain(email2, email1)) - { - intersect.add(email2); - } - } - else - { - if (withinDomain(email2, email1)) - { - intersect.add(email2); - } - } - } - // email1 specifies a host - else - { - if (email2.indexOf('@') != -1) - { - String _sub = email2.substring(email2.indexOf('@') + 1); - if (_sub.equalsIgnoreCase(email1)) - { - intersect.add(email2); - } - } - // email2 specifies a domain - else if (email2.startsWith(".")) - { - if (withinDomain(email1, email2)) - { - intersect.add(email1); - } - } - // email2 specifies a particular host - else - { - if (email1.equalsIgnoreCase(email2)) - { - intersect.add(email1); - } - } - } - } - - private void checkExcludedURI(Set excluded, String uri) - throws PKIXNameConstraintValidatorException - { - if (excluded.isEmpty()) - { - return; - } - - Iterator it = excluded.iterator(); - - while (it.hasNext()) - { - String str = ((String)it.next()); - - if (isUriConstrained(uri, str)) - { - throw new PKIXNameConstraintValidatorException( - "URI is from an excluded subtree."); - } - } - } - - private Set intersectURI(Set permitted, Set uris) - { - Set intersect = new HashSet(); - for (Iterator it = uris.iterator(); it.hasNext();) - { - String uri = extractNameAsString(((GeneralSubtree)it.next()) - .getBase()); - if (permitted == null) - { - if (uri != null) - { - intersect.add(uri); - } - } - else - { - Iterator _iter = permitted.iterator(); - while (_iter.hasNext()) - { - String _permitted = (String)_iter.next(); - intersectURI(_permitted, uri, intersect); - } - } - } - return intersect; - } - - private Set unionURI(Set excluded, String uri) - { - if (excluded.isEmpty()) - { - if (uri == null) - { - return excluded; - } - excluded.add(uri); - - return excluded; - } - else - { - Set union = new HashSet(); - - Iterator _iter = excluded.iterator(); - while (_iter.hasNext()) - { - String _excluded = (String)_iter.next(); - - unionURI(_excluded, uri, union); - } - - return union; - } - } - - private void intersectURI(String email1, String email2, Set intersect) - { - // email1 is a particular address - if (email1.indexOf('@') != -1) - { - String _sub = email1.substring(email1.indexOf('@') + 1); - // both are a particular mailbox - if (email2.indexOf('@') != -1) - { - if (email1.equalsIgnoreCase(email2)) - { - intersect.add(email1); - } - } - // email2 specifies a domain - else if (email2.startsWith(".")) - { - if (withinDomain(_sub, email2)) - { - intersect.add(email1); - } - } - // email2 specifies a particular host - else - { - if (_sub.equalsIgnoreCase(email2)) - { - intersect.add(email1); - } - } - } - // email specifies a domain - else if (email1.startsWith(".")) - { - if (email2.indexOf('@') != -1) - { - String _sub = email2.substring(email1.indexOf('@') + 1); - if (withinDomain(_sub, email1)) - { - intersect.add(email2); - } - } - // email2 specifies a domain - else if (email2.startsWith(".")) - { - if (withinDomain(email1, email2) - || email1.equalsIgnoreCase(email2)) - { - intersect.add(email1); - } - else if (withinDomain(email2, email1)) - { - intersect.add(email2); - } - } - else - { - if (withinDomain(email2, email1)) - { - intersect.add(email2); - } - } - } - // email1 specifies a host - else - { - if (email2.indexOf('@') != -1) - { - String _sub = email2.substring(email2.indexOf('@') + 1); - if (_sub.equalsIgnoreCase(email1)) - { - intersect.add(email2); - } - } - // email2 specifies a domain - else if (email2.startsWith(".")) - { - if (withinDomain(email1, email2)) - { - intersect.add(email1); - } - } - // email2 specifies a particular host - else - { - if (email1.equalsIgnoreCase(email2)) - { - intersect.add(email1); - } - } - } - } - - private void checkPermittedURI(Set permitted, String uri) - throws PKIXNameConstraintValidatorException - { - if (permitted == null) - { - return; - } - - Iterator it = permitted.iterator(); - - while (it.hasNext()) - { - String str = ((String)it.next()); - - if (isUriConstrained(uri, str)) - { - return; - } - } - if (uri.length() == 0 && permitted.size() == 0) - { - return; - } - throw new PKIXNameConstraintValidatorException( - "URI is not from a permitted subtree."); - } - - private boolean isUriConstrained(String uri, String constraint) - { - String host = extractHostFromURL(uri); - // a host - if (!constraint.startsWith(".")) - { - if (host.equalsIgnoreCase(constraint)) - { - return true; - } - } - - // in sub domain or domain - else if (withinDomain(host, constraint)) - { - return true; - } - - return false; - } - - private static String extractHostFromURL(String url) - { - // see RFC 1738 - // remove ':' after protocol, e.g. http: - String sub = url.substring(url.indexOf(':') + 1); - // extract host from Common Internet Scheme Syntax, e.g. http:// - if (sub.indexOf("//") != -1) - { - sub = sub.substring(sub.indexOf("//") + 2); - } - // first remove port, e.g. http://test.com:21 - if (sub.lastIndexOf(':') != -1) - { - sub = sub.substring(0, sub.lastIndexOf(':')); - } - // remove user and password, e.g. http://john:password@test.com - sub = sub.substring(sub.indexOf(':') + 1); - sub = sub.substring(sub.indexOf('@') + 1); - // remove local parts, e.g. http://test.com/bla - if (sub.indexOf('/') != -1) - { - sub = sub.substring(0, sub.indexOf('/')); - } - return sub; - } - - /** - * Checks if the given GeneralName is in the permitted set. - * - * @param name The GeneralName - * @throws PKIXNameConstraintValidatorException - * If the <code>name</code> - */ - public void checkPermitted(GeneralName name) - throws PKIXNameConstraintValidatorException - { - switch (name.getTagNo()) - { - case 1: - checkPermittedEmail(permittedSubtreesEmail, - extractNameAsString(name)); - break; - case 2: - checkPermittedDNS(permittedSubtreesDNS, DERIA5String.getInstance( - name.getName()).getString()); - break; - case 4: - checkPermittedDN(ASN1Sequence.getInstance(name.getName() - .toASN1Primitive())); - break; - case 6: - checkPermittedURI(permittedSubtreesURI, DERIA5String.getInstance( - name.getName()).getString()); - break; - case 7: - byte[] ip = ASN1OctetString.getInstance(name.getName()).getOctets(); - - checkPermittedIP(permittedSubtreesIP, ip); - } - } - - /** - * Check if the given GeneralName is contained in the excluded set. - * - * @param name The GeneralName. - * @throws PKIXNameConstraintValidatorException - * If the <code>name</code> is - * excluded. - */ - public void checkExcluded(GeneralName name) - throws PKIXNameConstraintValidatorException - { - switch (name.getTagNo()) - { - case 1: - checkExcludedEmail(excludedSubtreesEmail, extractNameAsString(name)); - break; - case 2: - checkExcludedDNS(excludedSubtreesDNS, DERIA5String.getInstance( - name.getName()).getString()); - break; - case 4: - checkExcludedDN(ASN1Sequence.getInstance(name.getName() - .toASN1Primitive())); - break; - case 6: - checkExcludedURI(excludedSubtreesURI, DERIA5String.getInstance( - name.getName()).getString()); - break; - case 7: - byte[] ip = ASN1OctetString.getInstance(name.getName()).getOctets(); - - checkExcludedIP(excludedSubtreesIP, ip); - } - } - - public void intersectPermittedSubtree(GeneralSubtree permitted) - { - intersectPermittedSubtree(new GeneralSubtree[] { permitted }); - } - - /** - * Updates the permitted set of these name constraints with the intersection - * with the given subtree. - * - * @param permitted The permitted subtrees - */ - - public void intersectPermittedSubtree(GeneralSubtree[] permitted) - { - Map subtreesMap = new HashMap(); - - // group in sets in a map ordered by tag no. - for (int i = 0; i != permitted.length; i++) - { - GeneralSubtree subtree = permitted[i]; - Integer tagNo = Integers.valueOf(subtree.getBase().getTagNo()); - if (subtreesMap.get(tagNo) == null) - { - subtreesMap.put(tagNo, new HashSet()); - } - ((Set)subtreesMap.get(tagNo)).add(subtree); - } - - for (Iterator it = subtreesMap.entrySet().iterator(); it.hasNext();) - { - Map.Entry entry = (Map.Entry)it.next(); - - // go through all subtree groups - switch (((Integer)entry.getKey()).intValue()) - { - case 1: - permittedSubtreesEmail = intersectEmail(permittedSubtreesEmail, - (Set)entry.getValue()); - break; - case 2: - permittedSubtreesDNS = intersectDNS(permittedSubtreesDNS, - (Set)entry.getValue()); - break; - case 4: - permittedSubtreesDN = intersectDN(permittedSubtreesDN, - (Set)entry.getValue()); - break; - case 6: - permittedSubtreesURI = intersectURI(permittedSubtreesURI, - (Set)entry.getValue()); - break; - case 7: - permittedSubtreesIP = intersectIP(permittedSubtreesIP, - (Set)entry.getValue()); - } - } - } - - private String extractNameAsString(GeneralName name) - { - return DERIA5String.getInstance(name.getName()).getString(); - } - - public void intersectEmptyPermittedSubtree(int nameType) - { - switch (nameType) - { - case 1: - permittedSubtreesEmail = new HashSet(); - break; - case 2: - permittedSubtreesDNS = new HashSet(); - break; - case 4: - permittedSubtreesDN = new HashSet(); - break; - case 6: - permittedSubtreesURI = new HashSet(); - break; - case 7: - permittedSubtreesIP = new HashSet(); - } - } - - /** - * Adds a subtree to the excluded set of these name constraints. - * - * @param subtree A subtree with an excluded GeneralName. - */ - public void addExcludedSubtree(GeneralSubtree subtree) - { - GeneralName base = subtree.getBase(); - - switch (base.getTagNo()) - { - case 1: - excludedSubtreesEmail = unionEmail(excludedSubtreesEmail, - extractNameAsString(base)); - break; - case 2: - excludedSubtreesDNS = unionDNS(excludedSubtreesDNS, - extractNameAsString(base)); - break; - case 4: - excludedSubtreesDN = unionDN(excludedSubtreesDN, - (ASN1Sequence)base.getName().toASN1Primitive()); - break; - case 6: - excludedSubtreesURI = unionURI(excludedSubtreesURI, - extractNameAsString(base)); - break; - case 7: - excludedSubtreesIP = unionIP(excludedSubtreesIP, ASN1OctetString - .getInstance(base.getName()).getOctets()); - break; - } - } - - /** - * Returns the maximum IP address. - * - * @param ip1 The first IP address. - * @param ip2 The second IP address. - * @return The maximum IP address. - */ - private static byte[] max(byte[] ip1, byte[] ip2) - { - for (int i = 0; i < ip1.length; i++) - { - if ((ip1[i] & 0xFFFF) > (ip2[i] & 0xFFFF)) - { - return ip1; - } - } - return ip2; - } - - /** - * Returns the minimum IP address. - * - * @param ip1 The first IP address. - * @param ip2 The second IP address. - * @return The minimum IP address. - */ - private static byte[] min(byte[] ip1, byte[] ip2) - { - for (int i = 0; i < ip1.length; i++) - { - if ((ip1[i] & 0xFFFF) < (ip2[i] & 0xFFFF)) - { - return ip1; - } - } - return ip2; - } - - /** - * Compares IP address <code>ip1</code> with <code>ip2</code>. If ip1 - * is equal to ip2 0 is returned. If ip1 is bigger 1 is returned, -1 - * otherwise. - * - * @param ip1 The first IP address. - * @param ip2 The second IP address. - * @return 0 if ip1 is equal to ip2, 1 if ip1 is bigger, -1 otherwise. - */ - private static int compareTo(byte[] ip1, byte[] ip2) - { - if (Arrays.areEqual(ip1, ip2)) - { - return 0; - } - if (Arrays.areEqual(max(ip1, ip2), ip1)) - { - return 1; - } - return -1; - } - - /** - * Returns the logical OR of the IP addresses <code>ip1</code> and - * <code>ip2</code>. - * - * @param ip1 The first IP address. - * @param ip2 The second IP address. - * @return The OR of <code>ip1</code> and <code>ip2</code>. - */ - private static byte[] or(byte[] ip1, byte[] ip2) - { - byte[] temp = new byte[ip1.length]; - for (int i = 0; i < ip1.length; i++) - { - temp[i] = (byte)(ip1[i] | ip2[i]); - } - return temp; - } - - public int hashCode() - { - return hashCollection(excludedSubtreesDN) - + hashCollection(excludedSubtreesDNS) - + hashCollection(excludedSubtreesEmail) - + hashCollection(excludedSubtreesIP) - + hashCollection(excludedSubtreesURI) - + hashCollection(permittedSubtreesDN) - + hashCollection(permittedSubtreesDNS) - + hashCollection(permittedSubtreesEmail) - + hashCollection(permittedSubtreesIP) - + hashCollection(permittedSubtreesURI); - } - - private int hashCollection(Collection coll) - { - if (coll == null) - { - return 0; - } - int hash = 0; - Iterator it1 = coll.iterator(); - while (it1.hasNext()) - { - Object o = it1.next(); - if (o instanceof byte[]) - { - hash += Arrays.hashCode((byte[])o); - } - else - { - hash += o.hashCode(); - } - } - return hash; - } - - public boolean equals(Object o) - { - if (!(o instanceof PKIXNameConstraintValidator)) - { - return false; - } - PKIXNameConstraintValidator constraintValidator = (PKIXNameConstraintValidator)o; - return collectionsAreEqual(constraintValidator.excludedSubtreesDN, excludedSubtreesDN) - && collectionsAreEqual(constraintValidator.excludedSubtreesDNS, excludedSubtreesDNS) - && collectionsAreEqual(constraintValidator.excludedSubtreesEmail, excludedSubtreesEmail) - && collectionsAreEqual(constraintValidator.excludedSubtreesIP, excludedSubtreesIP) - && collectionsAreEqual(constraintValidator.excludedSubtreesURI, excludedSubtreesURI) - && collectionsAreEqual(constraintValidator.permittedSubtreesDN, permittedSubtreesDN) - && collectionsAreEqual(constraintValidator.permittedSubtreesDNS, permittedSubtreesDNS) - && collectionsAreEqual(constraintValidator.permittedSubtreesEmail, permittedSubtreesEmail) - && collectionsAreEqual(constraintValidator.permittedSubtreesIP, permittedSubtreesIP) - && collectionsAreEqual(constraintValidator.permittedSubtreesURI, permittedSubtreesURI); - } - - private boolean collectionsAreEqual(Collection coll1, Collection coll2) - { - if (coll1 == coll2) - { - return true; - } - if (coll1 == null || coll2 == null) - { - return false; - } - if (coll1.size() != coll2.size()) - { - return false; - } - Iterator it1 = coll1.iterator(); - - while (it1.hasNext()) - { - Object a = it1.next(); - Iterator it2 = coll2.iterator(); - boolean found = false; - while (it2.hasNext()) - { - Object b = it2.next(); - if (equals(a, b)) - { - found = true; - break; - } - } - if (!found) - { - return false; - } - } - return true; - } - - private boolean equals(Object o1, Object o2) - { - if (o1 == o2) - { - return true; - } - if (o1 == null || o2 == null) - { - return false; - } - if (o1 instanceof byte[] && o2 instanceof byte[]) - { - return Arrays.areEqual((byte[])o1, (byte[])o2); - } - else - { - return o1.equals(o2); - } - } - - /** - * Stringifies an IPv4 or v6 address with subnet mask. - * - * @param ip The IP with subnet mask. - * @return The stringified IP address. - */ - private String stringifyIP(byte[] ip) - { - String temp = ""; - for (int i = 0; i < ip.length / 2; i++) - { - temp += Integer.toString(ip[i] & 0x00FF) + "."; - } - temp = temp.substring(0, temp.length() - 1); - temp += "/"; - for (int i = ip.length / 2; i < ip.length; i++) - { - temp += Integer.toString(ip[i] & 0x00FF) + "."; - } - temp = temp.substring(0, temp.length() - 1); - return temp; - } - - private String stringifyIPCollection(Set ips) - { - String temp = ""; - temp += "["; - for (Iterator it = ips.iterator(); it.hasNext();) - { - temp += stringifyIP((byte[])it.next()) + ","; - } - if (temp.length() > 1) - { - temp = temp.substring(0, temp.length() - 1); - } - temp += "]"; - return temp; - } - - public String toString() - { - String temp = ""; - temp += "permitted:\n"; - if (permittedSubtreesDN != null) - { - temp += "DN:\n"; - temp += permittedSubtreesDN.toString() + "\n"; - } - if (permittedSubtreesDNS != null) - { - temp += "DNS:\n"; - temp += permittedSubtreesDNS.toString() + "\n"; - } - if (permittedSubtreesEmail != null) - { - temp += "Email:\n"; - temp += permittedSubtreesEmail.toString() + "\n"; - } - if (permittedSubtreesURI != null) - { - temp += "URI:\n"; - temp += permittedSubtreesURI.toString() + "\n"; - } - if (permittedSubtreesIP != null) - { - temp += "IP:\n"; - temp += stringifyIPCollection(permittedSubtreesIP) + "\n"; - } - temp += "excluded:\n"; - if (!excludedSubtreesDN.isEmpty()) - { - temp += "DN:\n"; - temp += excludedSubtreesDN.toString() + "\n"; - } - if (!excludedSubtreesDNS.isEmpty()) - { - temp += "DNS:\n"; - temp += excludedSubtreesDNS.toString() + "\n"; - } - if (!excludedSubtreesEmail.isEmpty()) - { - temp += "Email:\n"; - temp += excludedSubtreesEmail.toString() + "\n"; - } - if (!excludedSubtreesURI.isEmpty()) - { - temp += "URI:\n"; - temp += excludedSubtreesURI.toString() + "\n"; - } - if (!excludedSubtreesIP.isEmpty()) - { - temp += "IP:\n"; - temp += stringifyIPCollection(excludedSubtreesIP) + "\n"; - } - return temp; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/PKIXNameConstraintValidatorException.java b/prov/src/main/java/org/bouncycastle/jce/provider/PKIXNameConstraintValidatorException.java deleted file mode 100644 index b06d5e5b..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/PKIXNameConstraintValidatorException.java +++ /dev/null @@ -1,10 +0,0 @@ -package org.bouncycastle.jce.provider; - -public class PKIXNameConstraintValidatorException - extends Exception -{ - public PKIXNameConstraintValidatorException(String msg) - { - super(msg); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/PKIXPolicyNode.java b/prov/src/main/java/org/bouncycastle/jce/provider/PKIXPolicyNode.java deleted file mode 100644 index 34376055..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/PKIXPolicyNode.java +++ /dev/null @@ -1,168 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.cert.PolicyNode; -import java.util.ArrayList; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; -import java.util.Set; - -public class PKIXPolicyNode - implements PolicyNode -{ - protected List children; - protected int depth; - protected Set expectedPolicies; - protected PolicyNode parent; - protected Set policyQualifiers; - protected String validPolicy; - protected boolean critical; - - /* - * - * CONSTRUCTORS - * - */ - - public PKIXPolicyNode( - List _children, - int _depth, - Set _expectedPolicies, - PolicyNode _parent, - Set _policyQualifiers, - String _validPolicy, - boolean _critical) - { - children = _children; - depth = _depth; - expectedPolicies = _expectedPolicies; - parent = _parent; - policyQualifiers = _policyQualifiers; - validPolicy = _validPolicy; - critical = _critical; - } - - public void addChild( - PKIXPolicyNode _child) - { - children.add(_child); - _child.setParent(this); - } - - public Iterator getChildren() - { - return children.iterator(); - } - - public int getDepth() - { - return depth; - } - - public Set getExpectedPolicies() - { - return expectedPolicies; - } - - public PolicyNode getParent() - { - return parent; - } - - public Set getPolicyQualifiers() - { - return policyQualifiers; - } - - public String getValidPolicy() - { - return validPolicy; - } - - public boolean hasChildren() - { - return !children.isEmpty(); - } - - public boolean isCritical() - { - return critical; - } - - public void removeChild(PKIXPolicyNode _child) - { - children.remove(_child); - } - - public void setCritical(boolean _critical) - { - critical = _critical; - } - - public void setParent(PKIXPolicyNode _parent) - { - parent = _parent; - } - - public String toString() - { - return toString(""); - } - - public String toString(String _indent) - { - StringBuffer _buf = new StringBuffer(); - _buf.append(_indent); - _buf.append(validPolicy); - _buf.append(" {\n"); - - for(int i = 0; i < children.size(); i++) - { - _buf.append(((PKIXPolicyNode)children.get(i)).toString(_indent + " ")); - } - - _buf.append(_indent); - _buf.append("}\n"); - return _buf.toString(); - } - - public Object clone() - { - return copy(); - } - - public PKIXPolicyNode copy() - { - Set _expectedPolicies = new HashSet(); - Iterator _iter = expectedPolicies.iterator(); - while (_iter.hasNext()) - { - _expectedPolicies.add(new String((String)_iter.next())); - } - - Set _policyQualifiers = new HashSet(); - _iter = policyQualifiers.iterator(); - while (_iter.hasNext()) - { - _policyQualifiers.add(new String((String)_iter.next())); - } - - PKIXPolicyNode _node = new PKIXPolicyNode(new ArrayList(), - depth, - _expectedPolicies, - null, - _policyQualifiers, - new String(validPolicy), - critical); - - _iter = children.iterator(); - while (_iter.hasNext()) - { - PKIXPolicyNode _child = ((PKIXPolicyNode)_iter.next()).copy(); - _child.setParent(_node); - _node.addChild(_child); - } - - return _node; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java b/prov/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java deleted file mode 100644 index 881ceeb9..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java +++ /dev/null @@ -1,2569 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.IOException; -import java.math.BigInteger; -import java.security.GeneralSecurityException; -import java.security.PublicKey; -import java.security.cert.CertPath; -import java.security.cert.CertPathBuilder; -import java.security.cert.CertPathBuilderException; -import java.security.cert.CertPathValidatorException; -import java.security.cert.CertificateExpiredException; -import java.security.cert.CertificateNotYetValidException; -import java.security.cert.PKIXCertPathChecker; -import java.security.cert.X509CRL; -import java.security.cert.X509Certificate; -import java.security.cert.X509Extension; -import java.text.SimpleDateFormat; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Date; -import java.util.Enumeration; -import java.util.HashMap; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; -import java.util.Map; -import java.util.Set; -import java.util.TimeZone; -import java.util.Vector; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.BasicConstraints; -import org.bouncycastle.asn1.x509.CRLDistPoint; -import org.bouncycastle.asn1.x509.CRLReason; -import org.bouncycastle.asn1.x509.DistributionPoint; -import org.bouncycastle.asn1.x509.DistributionPointName; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.GeneralNames; -import org.bouncycastle.asn1.x509.GeneralSubtree; -import org.bouncycastle.asn1.x509.IssuingDistributionPoint; -import org.bouncycastle.asn1.x509.NameConstraints; -import org.bouncycastle.asn1.x509.PolicyInformation; -import org.bouncycastle.asn1.x509.X509Extensions; -import org.bouncycastle.asn1.x509.X509Name; -import org.bouncycastle.jce.exception.ExtCertPathValidatorException; -import org.bouncycastle.util.Arrays; -import org.bouncycastle.x509.ExtendedPKIXBuilderParameters; -import org.bouncycastle.x509.ExtendedPKIXParameters; -import org.bouncycastle.x509.X509CRLStoreSelector; -import org.bouncycastle.x509.X509CertStoreSelector; - -public class RFC3280CertPathUtilities -{ - private static final PKIXCRLUtil CRL_UTIL = new PKIXCRLUtil(); - - /** - * If the complete CRL includes an issuing distribution point (IDP) CRL - * extension check the following: - * <p/> - * (i) If the distribution point name is present in the IDP CRL extension - * and the distribution field is present in the DP, then verify that one of - * the names in the IDP matches one of the names in the DP. If the - * distribution point name is present in the IDP CRL extension and the - * distribution field is omitted from the DP, then verify that one of the - * names in the IDP matches one of the names in the cRLIssuer field of the - * DP. - * </p> - * <p/> - * (ii) If the onlyContainsUserCerts boolean is asserted in the IDP CRL - * extension, verify that the certificate does not include the basic - * constraints extension with the cA boolean asserted. - * </p> - * <p/> - * (iii) If the onlyContainsCACerts boolean is asserted in the IDP CRL - * extension, verify that the certificate includes the basic constraints - * extension with the cA boolean asserted. - * </p> - * <p/> - * (iv) Verify that the onlyContainsAttributeCerts boolean is not asserted. - * </p> - * - * @param dp The distribution point. - * @param cert The certificate. - * @param crl The CRL. - * @throws AnnotatedException if one of the conditions is not met or an error occurs. - */ - protected static void processCRLB2( - DistributionPoint dp, - Object cert, - X509CRL crl) - throws AnnotatedException - { - IssuingDistributionPoint idp = null; - try - { - idp = IssuingDistributionPoint.getInstance(CertPathValidatorUtilities.getExtensionValue(crl, - RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT)); - } - catch (Exception e) - { - throw new AnnotatedException("Issuing distribution point extension could not be decoded.", e); - } - // (b) (2) (i) - // distribution point name is present - if (idp != null) - { - if (idp.getDistributionPoint() != null) - { - // make list of names - DistributionPointName dpName = IssuingDistributionPoint.getInstance(idp).getDistributionPoint(); - List names = new ArrayList(); - - if (dpName.getType() == DistributionPointName.FULL_NAME) - { - GeneralName[] genNames = GeneralNames.getInstance(dpName.getName()).getNames(); - for (int j = 0; j < genNames.length; j++) - { - names.add(genNames[j]); - } - } - if (dpName.getType() == DistributionPointName.NAME_RELATIVE_TO_CRL_ISSUER) - { - ASN1EncodableVector vec = new ASN1EncodableVector(); - try - { - Enumeration e = ASN1Sequence.getInstance( - ASN1Sequence.fromByteArray(CertPathValidatorUtilities.getIssuerPrincipal(crl) - .getEncoded())).getObjects(); - while (e.hasMoreElements()) - { - vec.add((ASN1Encodable)e.nextElement()); - } - } - catch (IOException e) - { - throw new AnnotatedException("Could not read CRL issuer.", e); - } - vec.add(dpName.getName()); - names.add(new GeneralName(X509Name.getInstance(new DERSequence(vec)))); - } - boolean matches = false; - // verify that one of the names in the IDP matches one - // of the names in the DP. - if (dp.getDistributionPoint() != null) - { - dpName = dp.getDistributionPoint(); - GeneralName[] genNames = null; - if (dpName.getType() == DistributionPointName.FULL_NAME) - { - genNames = GeneralNames.getInstance(dpName.getName()).getNames(); - } - if (dpName.getType() == DistributionPointName.NAME_RELATIVE_TO_CRL_ISSUER) - { - if (dp.getCRLIssuer() != null) - { - genNames = dp.getCRLIssuer().getNames(); - } - else - { - genNames = new GeneralName[1]; - try - { - genNames[0] = new GeneralName(new X509Name( - (ASN1Sequence)ASN1Sequence.fromByteArray(CertPathValidatorUtilities - .getEncodedIssuerPrincipal(cert).getEncoded()))); - } - catch (IOException e) - { - throw new AnnotatedException("Could not read certificate issuer.", e); - } - } - for (int j = 0; j < genNames.length; j++) - { - Enumeration e = ASN1Sequence.getInstance(genNames[j].getName().toASN1Primitive()).getObjects(); - ASN1EncodableVector vec = new ASN1EncodableVector(); - while (e.hasMoreElements()) - { - vec.add((ASN1Encodable)e.nextElement()); - } - vec.add(dpName.getName()); - genNames[j] = new GeneralName(new X509Name(new DERSequence(vec))); - } - } - if (genNames != null) - { - for (int j = 0; j < genNames.length; j++) - { - if (names.contains(genNames[j])) - { - matches = true; - break; - } - } - } - if (!matches) - { - throw new AnnotatedException( - "No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point."); - } - } - // verify that one of the names in - // the IDP matches one of the names in the cRLIssuer field of - // the DP - else - { - if (dp.getCRLIssuer() == null) - { - throw new AnnotatedException("Either the cRLIssuer or the distributionPoint field must " - + "be contained in DistributionPoint."); - } - GeneralName[] genNames = dp.getCRLIssuer().getNames(); - for (int j = 0; j < genNames.length; j++) - { - if (names.contains(genNames[j])) - { - matches = true; - break; - } - } - if (!matches) - { - throw new AnnotatedException( - "No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point."); - } - } - } - BasicConstraints bc = null; - try - { - bc = BasicConstraints.getInstance(CertPathValidatorUtilities.getExtensionValue((X509Extension)cert, - BASIC_CONSTRAINTS)); - } - catch (Exception e) - { - throw new AnnotatedException("Basic constraints extension could not be decoded.", e); - } - - if (cert instanceof X509Certificate) - { - // (b) (2) (ii) - if (idp.onlyContainsUserCerts() && (bc != null && bc.isCA())) - { - throw new AnnotatedException("CA Cert CRL only contains user certificates."); - } - - // (b) (2) (iii) - if (idp.onlyContainsCACerts() && (bc == null || !bc.isCA())) - { - throw new AnnotatedException("End CRL only contains CA certificates."); - } - } - - // (b) (2) (iv) - if (idp.onlyContainsAttributeCerts()) - { - throw new AnnotatedException("onlyContainsAttributeCerts boolean is asserted."); - } - } - } - - /** - * If the DP includes cRLIssuer, then verify that the issuer field in the - * complete CRL matches cRLIssuer in the DP and that the complete CRL - * contains an issuing distribution point extension with the indirectCRL - * boolean asserted. Otherwise, verify that the CRL issuer matches the - * certificate issuer. - * - * @param dp The distribution point. - * @param cert The certificate ot attribute certificate. - * @param crl The CRL for <code>cert</code>. - * @throws AnnotatedException if one of the above conditions does not apply or an error - * occurs. - */ - protected static void processCRLB1( - DistributionPoint dp, - Object cert, - X509CRL crl) - throws AnnotatedException - { - ASN1Primitive idp = CertPathValidatorUtilities.getExtensionValue(crl, ISSUING_DISTRIBUTION_POINT); - boolean isIndirect = false; - if (idp != null) - { - if (IssuingDistributionPoint.getInstance(idp).isIndirectCRL()) - { - isIndirect = true; - } - } - byte[] issuerBytes = CertPathValidatorUtilities.getIssuerPrincipal(crl).getEncoded(); - - boolean matchIssuer = false; - if (dp.getCRLIssuer() != null) - { - GeneralName genNames[] = dp.getCRLIssuer().getNames(); - for (int j = 0; j < genNames.length; j++) - { - if (genNames[j].getTagNo() == GeneralName.directoryName) - { - try - { - if (Arrays.areEqual(genNames[j].getName().toASN1Primitive().getEncoded(), issuerBytes)) - { - matchIssuer = true; - } - } - catch (IOException e) - { - throw new AnnotatedException( - "CRL issuer information from distribution point cannot be decoded.", e); - } - } - } - if (matchIssuer && !isIndirect) - { - throw new AnnotatedException("Distribution point contains cRLIssuer field but CRL is not indirect."); - } - if (!matchIssuer) - { - throw new AnnotatedException("CRL issuer of CRL does not match CRL issuer of distribution point."); - } - } - else - { - if (CertPathValidatorUtilities.getIssuerPrincipal(crl).equals( - CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert))) - { - matchIssuer = true; - } - } - if (!matchIssuer) - { - throw new AnnotatedException("Cannot find matching CRL issuer for certificate."); - } - } - - protected static ReasonsMask processCRLD( - X509CRL crl, - DistributionPoint dp) - throws AnnotatedException - { - IssuingDistributionPoint idp = null; - try - { - idp = IssuingDistributionPoint.getInstance(CertPathValidatorUtilities.getExtensionValue(crl, - RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT)); - } - catch (Exception e) - { - throw new AnnotatedException("Issuing distribution point extension could not be decoded.", e); - } - // (d) (1) - if (idp != null && idp.getOnlySomeReasons() != null && dp.getReasons() != null) - { - return new ReasonsMask(dp.getReasons()).intersect(new ReasonsMask(idp.getOnlySomeReasons())); - } - // (d) (4) - if ((idp == null || idp.getOnlySomeReasons() == null) && dp.getReasons() == null) - { - return ReasonsMask.allReasons; - } - // (d) (2) and (d)(3) - return (dp.getReasons() == null - ? ReasonsMask.allReasons - : new ReasonsMask(dp.getReasons())).intersect(idp == null - ? ReasonsMask.allReasons - : new ReasonsMask(idp.getOnlySomeReasons())); - - } - - public static final String CERTIFICATE_POLICIES = X509Extensions.CertificatePolicies.getId(); - - public static final String POLICY_MAPPINGS = X509Extensions.PolicyMappings.getId(); - - public static final String INHIBIT_ANY_POLICY = X509Extensions.InhibitAnyPolicy.getId(); - - public static final String ISSUING_DISTRIBUTION_POINT = X509Extensions.IssuingDistributionPoint.getId(); - - public static final String FRESHEST_CRL = X509Extensions.FreshestCRL.getId(); - - public static final String DELTA_CRL_INDICATOR = X509Extensions.DeltaCRLIndicator.getId(); - - public static final String POLICY_CONSTRAINTS = X509Extensions.PolicyConstraints.getId(); - - public static final String BASIC_CONSTRAINTS = X509Extensions.BasicConstraints.getId(); - - public static final String CRL_DISTRIBUTION_POINTS = X509Extensions.CRLDistributionPoints.getId(); - - public static final String SUBJECT_ALTERNATIVE_NAME = X509Extensions.SubjectAlternativeName.getId(); - - public static final String NAME_CONSTRAINTS = X509Extensions.NameConstraints.getId(); - - public static final String AUTHORITY_KEY_IDENTIFIER = X509Extensions.AuthorityKeyIdentifier.getId(); - - public static final String KEY_USAGE = X509Extensions.KeyUsage.getId(); - - public static final String CRL_NUMBER = X509Extensions.CRLNumber.getId(); - - public static final String ANY_POLICY = "2.5.29.32.0"; - - /* - * key usage bits - */ - protected static final int KEY_CERT_SIGN = 5; - - protected static final int CRL_SIGN = 6; - - /** - * Obtain and validate the certification path for the complete CRL issuer. - * If a key usage extension is present in the CRL issuer's certificate, - * verify that the cRLSign bit is set. - * - * @param crl CRL which contains revocation information for the certificate - * <code>cert</code>. - * @param cert The attribute certificate or certificate to check if it is - * revoked. - * @param defaultCRLSignCert The issuer certificate of the certificate <code>cert</code>. - * @param defaultCRLSignKey The public key of the issuer certificate - * <code>defaultCRLSignCert</code>. - * @param paramsPKIX paramsPKIX PKIX parameters. - * @param certPathCerts The certificates on the certification path. - * @return A <code>Set</code> with all keys of possible CRL issuer - * certificates. - * @throws AnnotatedException if the CRL is not valid or the status cannot be checked or - * some error occurs. - */ - protected static Set processCRLF( - X509CRL crl, - Object cert, - X509Certificate defaultCRLSignCert, - PublicKey defaultCRLSignKey, - ExtendedPKIXParameters paramsPKIX, - List certPathCerts) - throws AnnotatedException - { - // (f) - - // get issuer from CRL - X509CertStoreSelector selector = new X509CertStoreSelector(); - try - { - byte[] issuerPrincipal = CertPathValidatorUtilities.getIssuerPrincipal(crl).getEncoded(); - selector.setSubject(issuerPrincipal); - } - catch (IOException e) - { - throw new AnnotatedException( - "Subject criteria for certificate selector to find issuer certificate for CRL could not be set.", e); - } - - // get CRL signing certs - Collection coll; - try - { - coll = CertPathValidatorUtilities.findCertificates(selector, paramsPKIX.getStores()); - coll.addAll(CertPathValidatorUtilities.findCertificates(selector, paramsPKIX.getAdditionalStores())); - coll.addAll(CertPathValidatorUtilities.findCertificates(selector, paramsPKIX.getCertStores())); - } - catch (AnnotatedException e) - { - throw new AnnotatedException("Issuer certificate for CRL cannot be searched.", e); - } - - coll.add(defaultCRLSignCert); - - Iterator cert_it = coll.iterator(); - - List validCerts = new ArrayList(); - List validKeys = new ArrayList(); - - while (cert_it.hasNext()) - { - X509Certificate signingCert = (X509Certificate)cert_it.next(); - - /* - * CA of the certificate, for which this CRL is checked, has also - * signed CRL, so skip the path validation, because is already done - */ - if (signingCert.equals(defaultCRLSignCert)) - { - validCerts.add(signingCert); - validKeys.add(defaultCRLSignKey); - continue; - } - try - { - CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME); - selector = new X509CertStoreSelector(); - selector.setCertificate(signingCert); - ExtendedPKIXParameters temp = (ExtendedPKIXParameters)paramsPKIX.clone(); - temp.setTargetCertConstraints(selector); - ExtendedPKIXBuilderParameters params = (ExtendedPKIXBuilderParameters)ExtendedPKIXBuilderParameters - .getInstance(temp); - /* - * if signingCert is placed not higher on the cert path a - * dependency loop results. CRL for cert is checked, but - * signingCert is needed for checking the CRL which is dependent - * on checking cert because it is higher in the cert path and so - * signing signingCert transitively. so, revocation is disabled, - * forgery attacks of the CRL are detected in this outer loop - * for all other it must be enabled to prevent forgery attacks - */ - if (certPathCerts.contains(signingCert)) - { - params.setRevocationEnabled(false); - } - else - { - params.setRevocationEnabled(true); - } - List certs = builder.build(params).getCertPath().getCertificates(); - validCerts.add(signingCert); - validKeys.add(CertPathValidatorUtilities.getNextWorkingKey(certs, 0)); - } - catch (CertPathBuilderException e) - { - throw new AnnotatedException("Internal error.", e); - } - catch (CertPathValidatorException e) - { - throw new AnnotatedException("Public key of issuer certificate of CRL could not be retrieved.", e); - } - catch (Exception e) - { - throw new RuntimeException(e.getMessage()); - } - } - - Set checkKeys = new HashSet(); - - AnnotatedException lastException = null; - for (int i = 0; i < validCerts.size(); i++) - { - X509Certificate signCert = (X509Certificate)validCerts.get(i); - boolean[] keyusage = signCert.getKeyUsage(); - - if (keyusage != null && (keyusage.length < 7 || !keyusage[CRL_SIGN])) - { - lastException = new AnnotatedException( - "Issuer certificate key usage extension does not permit CRL signing."); - } - else - { - checkKeys.add(validKeys.get(i)); - } - } - - if (checkKeys.isEmpty() && lastException == null) - { - throw new AnnotatedException("Cannot find a valid issuer certificate."); - } - if (checkKeys.isEmpty() && lastException != null) - { - throw lastException; - } - - return checkKeys; - } - - protected static PublicKey processCRLG( - X509CRL crl, - Set keys) - throws AnnotatedException - { - Exception lastException = null; - for (Iterator it = keys.iterator(); it.hasNext();) - { - PublicKey key = (PublicKey)it.next(); - try - { - crl.verify(key); - return key; - } - catch (Exception e) - { - lastException = e; - } - } - throw new AnnotatedException("Cannot verify CRL.", lastException); - } - - protected static X509CRL processCRLH( - Set deltacrls, - PublicKey key) - throws AnnotatedException - { - Exception lastException = null; - - for (Iterator it = deltacrls.iterator(); it.hasNext();) - { - X509CRL crl = (X509CRL)it.next(); - try - { - crl.verify(key); - return crl; - } - catch (Exception e) - { - lastException = e; - } - } - - if (lastException != null) - { - throw new AnnotatedException("Cannot verify delta CRL.", lastException); - } - return null; - } - - protected static Set processCRLA1i( - Date currentDate, - ExtendedPKIXParameters paramsPKIX, - X509Certificate cert, - X509CRL crl) - throws AnnotatedException - { - Set set = new HashSet(); - if (paramsPKIX.isUseDeltasEnabled()) - { - CRLDistPoint freshestCRL = null; - try - { - freshestCRL = CRLDistPoint - .getInstance(CertPathValidatorUtilities.getExtensionValue(cert, FRESHEST_CRL)); - } - catch (AnnotatedException e) - { - throw new AnnotatedException("Freshest CRL extension could not be decoded from certificate.", e); - } - if (freshestCRL == null) - { - try - { - freshestCRL = CRLDistPoint.getInstance(CertPathValidatorUtilities.getExtensionValue(crl, - FRESHEST_CRL)); - } - catch (AnnotatedException e) - { - throw new AnnotatedException("Freshest CRL extension could not be decoded from CRL.", e); - } - } - if (freshestCRL != null) - { - try - { - CertPathValidatorUtilities.addAdditionalStoresFromCRLDistributionPoint(freshestCRL, paramsPKIX); - } - catch (AnnotatedException e) - { - throw new AnnotatedException( - "No new delta CRL locations could be added from Freshest CRL extension.", e); - } - // get delta CRL(s) - try - { - set.addAll(CertPathValidatorUtilities.getDeltaCRLs(currentDate, paramsPKIX, crl)); - } - catch (AnnotatedException e) - { - throw new AnnotatedException("Exception obtaining delta CRLs.", e); - } - } - } - return set; - } - - protected static Set[] processCRLA1ii( - Date currentDate, - ExtendedPKIXParameters paramsPKIX, - X509Certificate cert, - X509CRL crl) - throws AnnotatedException - { - Set deltaSet = new HashSet(); - X509CRLStoreSelector crlselect = new X509CRLStoreSelector(); - crlselect.setCertificateChecking(cert); - - try - { - crlselect.addIssuerName(crl.getIssuerX500Principal().getEncoded()); - } - catch (IOException e) - { - throw new AnnotatedException("Cannot extract issuer from CRL." + e, e); - } - - crlselect.setCompleteCRLEnabled(true); - Set completeSet = CRL_UTIL.findCRLs(crlselect, paramsPKIX, currentDate); - - if (paramsPKIX.isUseDeltasEnabled()) - { - // get delta CRL(s) - try - { - deltaSet.addAll(CertPathValidatorUtilities.getDeltaCRLs(currentDate, paramsPKIX, crl)); - } - catch (AnnotatedException e) - { - throw new AnnotatedException("Exception obtaining delta CRLs.", e); - } - } - return new Set[] - { - completeSet, - deltaSet}; - } - - - - /** - * If use-deltas is set, verify the issuer and scope of the delta CRL. - * - * @param deltaCRL The delta CRL. - * @param completeCRL The complete CRL. - * @param pkixParams The PKIX paramaters. - * @throws AnnotatedException if an exception occurs. - */ - protected static void processCRLC( - X509CRL deltaCRL, - X509CRL completeCRL, - ExtendedPKIXParameters pkixParams) - throws AnnotatedException - { - if (deltaCRL == null) - { - return; - } - IssuingDistributionPoint completeidp = null; - try - { - completeidp = IssuingDistributionPoint.getInstance(CertPathValidatorUtilities.getExtensionValue( - completeCRL, RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT)); - } - catch (Exception e) - { - throw new AnnotatedException("Issuing distribution point extension could not be decoded.", e); - } - - if (pkixParams.isUseDeltasEnabled()) - { - // (c) (1) - if (!deltaCRL.getIssuerX500Principal().equals(completeCRL.getIssuerX500Principal())) - { - throw new AnnotatedException("Complete CRL issuer does not match delta CRL issuer."); - } - - // (c) (2) - IssuingDistributionPoint deltaidp = null; - try - { - deltaidp = IssuingDistributionPoint.getInstance(CertPathValidatorUtilities.getExtensionValue( - deltaCRL, ISSUING_DISTRIBUTION_POINT)); - } - catch (Exception e) - { - throw new AnnotatedException( - "Issuing distribution point extension from delta CRL could not be decoded.", e); - } - - boolean match = false; - if (completeidp == null) - { - if (deltaidp == null) - { - match = true; - } - } - else - { - if (completeidp.equals(deltaidp)) - { - match = true; - } - } - if (!match) - { - throw new AnnotatedException( - "Issuing distribution point extension from delta CRL and complete CRL does not match."); - } - - // (c) (3) - ASN1Primitive completeKeyIdentifier = null; - try - { - completeKeyIdentifier = CertPathValidatorUtilities.getExtensionValue( - completeCRL, AUTHORITY_KEY_IDENTIFIER); - } - catch (AnnotatedException e) - { - throw new AnnotatedException( - "Authority key identifier extension could not be extracted from complete CRL.", e); - } - - ASN1Primitive deltaKeyIdentifier = null; - try - { - deltaKeyIdentifier = CertPathValidatorUtilities.getExtensionValue( - deltaCRL, AUTHORITY_KEY_IDENTIFIER); - } - catch (AnnotatedException e) - { - throw new AnnotatedException( - "Authority key identifier extension could not be extracted from delta CRL.", e); - } - - if (completeKeyIdentifier == null) - { - throw new AnnotatedException("CRL authority key identifier is null."); - } - - if (deltaKeyIdentifier == null) - { - throw new AnnotatedException("Delta CRL authority key identifier is null."); - } - - if (!completeKeyIdentifier.equals(deltaKeyIdentifier)) - { - throw new AnnotatedException( - "Delta CRL authority key identifier does not match complete CRL authority key identifier."); - } - } - } - - protected static void processCRLI( - Date validDate, - X509CRL deltacrl, - Object cert, - CertStatus certStatus, - ExtendedPKIXParameters pkixParams) - throws AnnotatedException - { - if (pkixParams.isUseDeltasEnabled() && deltacrl != null) - { - CertPathValidatorUtilities.getCertStatus(validDate, deltacrl, cert, certStatus); - } - } - - protected static void processCRLJ( - Date validDate, - X509CRL completecrl, - Object cert, - CertStatus certStatus) - throws AnnotatedException - { - if (certStatus.getCertStatus() == CertStatus.UNREVOKED) - { - CertPathValidatorUtilities.getCertStatus(validDate, completecrl, cert, certStatus); - } - } - - protected static PKIXPolicyNode prepareCertB( - CertPath certPath, - int index, - List[] policyNodes, - PKIXPolicyNode validPolicyTree, - int policyMapping) - throws CertPathValidatorException - { - List certs = certPath.getCertificates(); - X509Certificate cert = (X509Certificate)certs.get(index); - int n = certs.size(); - // i as defined in the algorithm description - int i = n - index; - // (b) - // - ASN1Sequence pm = null; - try - { - pm = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, - RFC3280CertPathUtilities.POLICY_MAPPINGS)); - } - catch (AnnotatedException ex) - { - throw new ExtCertPathValidatorException("Policy mappings extension could not be decoded.", ex, certPath, - index); - } - PKIXPolicyNode _validPolicyTree = validPolicyTree; - if (pm != null) - { - ASN1Sequence mappings = (ASN1Sequence)pm; - Map m_idp = new HashMap(); - Set s_idp = new HashSet(); - - for (int j = 0; j < mappings.size(); j++) - { - ASN1Sequence mapping = (ASN1Sequence)mappings.getObjectAt(j); - String id_p = ((ASN1ObjectIdentifier)mapping.getObjectAt(0)).getId(); - String sd_p = ((ASN1ObjectIdentifier)mapping.getObjectAt(1)).getId(); - Set tmp; - - if (!m_idp.containsKey(id_p)) - { - tmp = new HashSet(); - tmp.add(sd_p); - m_idp.put(id_p, tmp); - s_idp.add(id_p); - } - else - { - tmp = (Set)m_idp.get(id_p); - tmp.add(sd_p); - } - } - - Iterator it_idp = s_idp.iterator(); - while (it_idp.hasNext()) - { - String id_p = (String)it_idp.next(); - - // - // (1) - // - if (policyMapping > 0) - { - boolean idp_found = false; - Iterator nodes_i = policyNodes[i].iterator(); - while (nodes_i.hasNext()) - { - PKIXPolicyNode node = (PKIXPolicyNode)nodes_i.next(); - if (node.getValidPolicy().equals(id_p)) - { - idp_found = true; - node.expectedPolicies = (Set)m_idp.get(id_p); - break; - } - } - - if (!idp_found) - { - nodes_i = policyNodes[i].iterator(); - while (nodes_i.hasNext()) - { - PKIXPolicyNode node = (PKIXPolicyNode)nodes_i.next(); - if (RFC3280CertPathUtilities.ANY_POLICY.equals(node.getValidPolicy())) - { - Set pq = null; - ASN1Sequence policies = null; - try - { - policies = (ASN1Sequence)CertPathValidatorUtilities.getExtensionValue(cert, - RFC3280CertPathUtilities.CERTIFICATE_POLICIES); - } - catch (AnnotatedException e) - { - throw new ExtCertPathValidatorException( - "Certificate policies extension could not be decoded.", e, certPath, index); - } - Enumeration e = policies.getObjects(); - while (e.hasMoreElements()) - { - PolicyInformation pinfo = null; - try - { - pinfo = PolicyInformation.getInstance(e.nextElement()); - } - catch (Exception ex) - { - throw new CertPathValidatorException( - "Policy information could not be decoded.", ex, certPath, index); - } - if (RFC3280CertPathUtilities.ANY_POLICY.equals(pinfo.getPolicyIdentifier().getId())) - { - try - { - pq = CertPathValidatorUtilities - .getQualifierSet(pinfo.getPolicyQualifiers()); - } - catch (CertPathValidatorException ex) - { - - throw new ExtCertPathValidatorException( - "Policy qualifier info set could not be decoded.", ex, certPath, - index); - } - break; - } - } - boolean ci = false; - if (cert.getCriticalExtensionOIDs() != null) - { - ci = cert.getCriticalExtensionOIDs().contains( - RFC3280CertPathUtilities.CERTIFICATE_POLICIES); - } - - PKIXPolicyNode p_node = (PKIXPolicyNode)node.getParent(); - if (RFC3280CertPathUtilities.ANY_POLICY.equals(p_node.getValidPolicy())) - { - PKIXPolicyNode c_node = new PKIXPolicyNode(new ArrayList(), i, (Set)m_idp - .get(id_p), p_node, pq, id_p, ci); - p_node.addChild(c_node); - policyNodes[i].add(c_node); - } - break; - } - } - } - - // - // (2) - // - } - else if (policyMapping <= 0) - { - Iterator nodes_i = policyNodes[i].iterator(); - while (nodes_i.hasNext()) - { - PKIXPolicyNode node = (PKIXPolicyNode)nodes_i.next(); - if (node.getValidPolicy().equals(id_p)) - { - PKIXPolicyNode p_node = (PKIXPolicyNode)node.getParent(); - p_node.removeChild(node); - nodes_i.remove(); - for (int k = (i - 1); k >= 0; k--) - { - List nodes = policyNodes[k]; - for (int l = 0; l < nodes.size(); l++) - { - PKIXPolicyNode node2 = (PKIXPolicyNode)nodes.get(l); - if (!node2.hasChildren()) - { - _validPolicyTree = CertPathValidatorUtilities.removePolicyNode( - _validPolicyTree, policyNodes, node2); - if (_validPolicyTree == null) - { - break; - } - } - } - } - } - } - } - } - } - return _validPolicyTree; - } - - protected static void prepareNextCertA( - CertPath certPath, - int index) - throws CertPathValidatorException - { - List certs = certPath.getCertificates(); - X509Certificate cert = (X509Certificate)certs.get(index); - // - // - // (a) check the policy mappings - // - ASN1Sequence pm = null; - try - { - pm = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, - RFC3280CertPathUtilities.POLICY_MAPPINGS)); - } - catch (AnnotatedException ex) - { - throw new ExtCertPathValidatorException("Policy mappings extension could not be decoded.", ex, certPath, - index); - } - if (pm != null) - { - ASN1Sequence mappings = pm; - - for (int j = 0; j < mappings.size(); j++) - { - ASN1ObjectIdentifier issuerDomainPolicy = null; - ASN1ObjectIdentifier subjectDomainPolicy = null; - try - { - ASN1Sequence mapping = DERSequence.getInstance(mappings.getObjectAt(j)); - - issuerDomainPolicy = ASN1ObjectIdentifier.getInstance(mapping.getObjectAt(0)); - subjectDomainPolicy = ASN1ObjectIdentifier.getInstance(mapping.getObjectAt(1)); - } - catch (Exception e) - { - throw new ExtCertPathValidatorException("Policy mappings extension contents could not be decoded.", - e, certPath, index); - } - - if (RFC3280CertPathUtilities.ANY_POLICY.equals(issuerDomainPolicy.getId())) - { - - throw new CertPathValidatorException("IssuerDomainPolicy is anyPolicy", null, certPath, index); - } - - if (RFC3280CertPathUtilities.ANY_POLICY.equals(subjectDomainPolicy.getId())) - { - - throw new CertPathValidatorException("SubjectDomainPolicy is anyPolicy,", null, certPath, index); - } - } - } - } - - protected static void processCertF( - CertPath certPath, - int index, - PKIXPolicyNode validPolicyTree, - int explicitPolicy) - throws CertPathValidatorException - { - // - // (f) - // - if (explicitPolicy <= 0 && validPolicyTree == null) - { - throw new ExtCertPathValidatorException("No valid policy tree found when one expected.", null, certPath, - index); - } - } - - protected static PKIXPolicyNode processCertE( - CertPath certPath, - int index, - PKIXPolicyNode validPolicyTree) - throws CertPathValidatorException - { - List certs = certPath.getCertificates(); - X509Certificate cert = (X509Certificate)certs.get(index); - // - // (e) - // - ASN1Sequence certPolicies = null; - try - { - certPolicies = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, - RFC3280CertPathUtilities.CERTIFICATE_POLICIES)); - } - catch (AnnotatedException e) - { - throw new ExtCertPathValidatorException("Could not read certificate policies extension from certificate.", - e, certPath, index); - } - if (certPolicies == null) - { - validPolicyTree = null; - } - return validPolicyTree; - } - - protected static void processCertBC( - CertPath certPath, - int index, - PKIXNameConstraintValidator nameConstraintValidator) - throws CertPathValidatorException - { - List certs = certPath.getCertificates(); - X509Certificate cert = (X509Certificate)certs.get(index); - int n = certs.size(); - // i as defined in the algorithm description - int i = n - index; - // - // (b), (c) permitted and excluded subtree checking. - // - if (!(CertPathValidatorUtilities.isSelfIssued(cert) && (i < n))) - { - X500Principal principal = CertPathValidatorUtilities.getSubjectPrincipal(cert); - ASN1InputStream aIn = new ASN1InputStream(principal.getEncoded()); - ASN1Sequence dns; - - try - { - dns = DERSequence.getInstance(aIn.readObject()); - } - catch (Exception e) - { - throw new CertPathValidatorException("Exception extracting subject name when checking subtrees.", e, - certPath, index); - } - - try - { - nameConstraintValidator.checkPermittedDN(dns); - nameConstraintValidator.checkExcludedDN(dns); - } - catch (PKIXNameConstraintValidatorException e) - { - throw new CertPathValidatorException("Subtree check for certificate subject failed.", e, certPath, - index); - } - - GeneralNames altName = null; - try - { - altName = GeneralNames.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, - RFC3280CertPathUtilities.SUBJECT_ALTERNATIVE_NAME)); - } - catch (Exception e) - { - throw new CertPathValidatorException("Subject alternative name extension could not be decoded.", e, - certPath, index); - } - Vector emails = new X509Name(dns).getValues(X509Name.EmailAddress); - for (Enumeration e = emails.elements(); e.hasMoreElements();) - { - String email = (String)e.nextElement(); - GeneralName emailAsGeneralName = new GeneralName(GeneralName.rfc822Name, email); - try - { - nameConstraintValidator.checkPermitted(emailAsGeneralName); - nameConstraintValidator.checkExcluded(emailAsGeneralName); - } - catch (PKIXNameConstraintValidatorException ex) - { - throw new CertPathValidatorException( - "Subtree check for certificate subject alternative email failed.", ex, certPath, index); - } - } - if (altName != null) - { - GeneralName[] genNames = null; - try - { - genNames = altName.getNames(); - } - catch (Exception e) - { - throw new CertPathValidatorException("Subject alternative name contents could not be decoded.", e, - certPath, index); - } - for (int j = 0; j < genNames.length; j++) - { - - try - { - nameConstraintValidator.checkPermitted(genNames[j]); - nameConstraintValidator.checkExcluded(genNames[j]); - } - catch (PKIXNameConstraintValidatorException e) - { - throw new CertPathValidatorException( - "Subtree check for certificate subject alternative name failed.", e, certPath, index); - } - } - } - } - } - - protected static PKIXPolicyNode processCertD( - CertPath certPath, - int index, - Set acceptablePolicies, - PKIXPolicyNode validPolicyTree, - List[] policyNodes, - int inhibitAnyPolicy) - throws CertPathValidatorException - { - List certs = certPath.getCertificates(); - X509Certificate cert = (X509Certificate)certs.get(index); - int n = certs.size(); - // i as defined in the algorithm description - int i = n - index; - // - // (d) policy Information checking against initial policy and - // policy mapping - // - ASN1Sequence certPolicies = null; - try - { - certPolicies = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, - RFC3280CertPathUtilities.CERTIFICATE_POLICIES)); - } - catch (AnnotatedException e) - { - throw new ExtCertPathValidatorException("Could not read certificate policies extension from certificate.", - e, certPath, index); - } - if (certPolicies != null && validPolicyTree != null) - { - // - // (d) (1) - // - Enumeration e = certPolicies.getObjects(); - Set pols = new HashSet(); - - while (e.hasMoreElements()) - { - PolicyInformation pInfo = PolicyInformation.getInstance(e.nextElement()); - ASN1ObjectIdentifier pOid = pInfo.getPolicyIdentifier(); - - pols.add(pOid.getId()); - - if (!RFC3280CertPathUtilities.ANY_POLICY.equals(pOid.getId())) - { - Set pq = null; - try - { - pq = CertPathValidatorUtilities.getQualifierSet(pInfo.getPolicyQualifiers()); - } - catch (CertPathValidatorException ex) - { - throw new ExtCertPathValidatorException("Policy qualifier info set could not be build.", ex, - certPath, index); - } - - boolean match = CertPathValidatorUtilities.processCertD1i(i, policyNodes, pOid, pq); - - if (!match) - { - CertPathValidatorUtilities.processCertD1ii(i, policyNodes, pOid, pq); - } - } - } - - if (acceptablePolicies.isEmpty() || acceptablePolicies.contains(RFC3280CertPathUtilities.ANY_POLICY)) - { - acceptablePolicies.clear(); - acceptablePolicies.addAll(pols); - } - else - { - Iterator it = acceptablePolicies.iterator(); - Set t1 = new HashSet(); - - while (it.hasNext()) - { - Object o = it.next(); - - if (pols.contains(o)) - { - t1.add(o); - } - } - acceptablePolicies.clear(); - acceptablePolicies.addAll(t1); - } - - // - // (d) (2) - // - if ((inhibitAnyPolicy > 0) || ((i < n) && CertPathValidatorUtilities.isSelfIssued(cert))) - { - e = certPolicies.getObjects(); - - while (e.hasMoreElements()) - { - PolicyInformation pInfo = PolicyInformation.getInstance(e.nextElement()); - - if (RFC3280CertPathUtilities.ANY_POLICY.equals(pInfo.getPolicyIdentifier().getId())) - { - Set _apq = CertPathValidatorUtilities.getQualifierSet(pInfo.getPolicyQualifiers()); - List _nodes = policyNodes[i - 1]; - - for (int k = 0; k < _nodes.size(); k++) - { - PKIXPolicyNode _node = (PKIXPolicyNode)_nodes.get(k); - - Iterator _policySetIter = _node.getExpectedPolicies().iterator(); - while (_policySetIter.hasNext()) - { - Object _tmp = _policySetIter.next(); - - String _policy; - if (_tmp instanceof String) - { - _policy = (String)_tmp; - } - else if (_tmp instanceof ASN1ObjectIdentifier) - { - _policy = ((ASN1ObjectIdentifier)_tmp).getId(); - } - else - { - continue; - } - - boolean _found = false; - Iterator _childrenIter = _node.getChildren(); - - while (_childrenIter.hasNext()) - { - PKIXPolicyNode _child = (PKIXPolicyNode)_childrenIter.next(); - - if (_policy.equals(_child.getValidPolicy())) - { - _found = true; - } - } - - if (!_found) - { - Set _newChildExpectedPolicies = new HashSet(); - _newChildExpectedPolicies.add(_policy); - - PKIXPolicyNode _newChild = new PKIXPolicyNode(new ArrayList(), i, - _newChildExpectedPolicies, _node, _apq, _policy, false); - _node.addChild(_newChild); - policyNodes[i].add(_newChild); - } - } - } - break; - } - } - } - - PKIXPolicyNode _validPolicyTree = validPolicyTree; - // - // (d) (3) - // - for (int j = (i - 1); j >= 0; j--) - { - List nodes = policyNodes[j]; - - for (int k = 0; k < nodes.size(); k++) - { - PKIXPolicyNode node = (PKIXPolicyNode)nodes.get(k); - if (!node.hasChildren()) - { - _validPolicyTree = CertPathValidatorUtilities.removePolicyNode(_validPolicyTree, policyNodes, - node); - if (_validPolicyTree == null) - { - break; - } - } - } - } - - // - // d (4) - // - Set criticalExtensionOids = cert.getCriticalExtensionOIDs(); - - if (criticalExtensionOids != null) - { - boolean critical = criticalExtensionOids.contains(RFC3280CertPathUtilities.CERTIFICATE_POLICIES); - - List nodes = policyNodes[i]; - for (int j = 0; j < nodes.size(); j++) - { - PKIXPolicyNode node = (PKIXPolicyNode)nodes.get(j); - node.setCritical(critical); - } - } - return _validPolicyTree; - } - return null; - } - - protected static void processCertA( - CertPath certPath, - ExtendedPKIXParameters paramsPKIX, - int index, - PublicKey workingPublicKey, - boolean verificationAlreadyPerformed, - X500Principal workingIssuerName, - X509Certificate sign) - throws ExtCertPathValidatorException - { - List certs = certPath.getCertificates(); - X509Certificate cert = (X509Certificate)certs.get(index); - // - // (a) verify - // - if (!verificationAlreadyPerformed) - { - try - { - // (a) (1) - // - CertPathValidatorUtilities.verifyX509Certificate(cert, workingPublicKey, - paramsPKIX.getSigProvider()); - } - catch (GeneralSecurityException e) - { - throw new ExtCertPathValidatorException("Could not validate certificate signature.", e, certPath, index); - } - } - - try - { - // (a) (2) - // - cert.checkValidity(CertPathValidatorUtilities - .getValidCertDateFromValidityModel(paramsPKIX, certPath, index)); - } - catch (CertificateExpiredException e) - { - throw new ExtCertPathValidatorException("Could not validate certificate: " + e.getMessage(), e, certPath, index); - } - catch (CertificateNotYetValidException e) - { - throw new ExtCertPathValidatorException("Could not validate certificate: " + e.getMessage(), e, certPath, index); - } - catch (AnnotatedException e) - { - throw new ExtCertPathValidatorException("Could not validate time of certificate.", e, certPath, index); - } - - // - // (a) (3) - // - if (paramsPKIX.isRevocationEnabled()) - { - try - { - checkCRLs(paramsPKIX, cert, CertPathValidatorUtilities.getValidCertDateFromValidityModel(paramsPKIX, - certPath, index), sign, workingPublicKey, certs); - } - catch (AnnotatedException e) - { - Throwable cause = e; - if (null != e.getCause()) - { - cause = e.getCause(); - } - throw new ExtCertPathValidatorException(e.getMessage(), cause, certPath, index); - } - } - - // - // (a) (4) name chaining - // - if (!CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert).equals(workingIssuerName)) - { - throw new ExtCertPathValidatorException("IssuerName(" + CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert) - + ") does not match SubjectName(" + workingIssuerName + ") of signing certificate.", null, - certPath, index); - } - } - - protected static int prepareNextCertI1( - CertPath certPath, - int index, - int explicitPolicy) - throws CertPathValidatorException - { - List certs = certPath.getCertificates(); - X509Certificate cert = (X509Certificate)certs.get(index); - // - // (i) - // - ASN1Sequence pc = null; - try - { - pc = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, - RFC3280CertPathUtilities.POLICY_CONSTRAINTS)); - } - catch (Exception e) - { - throw new ExtCertPathValidatorException("Policy constraints extension cannot be decoded.", e, certPath, - index); - } - - int tmpInt; - - if (pc != null) - { - Enumeration policyConstraints = pc.getObjects(); - - while (policyConstraints.hasMoreElements()) - { - try - { - - ASN1TaggedObject constraint = ASN1TaggedObject.getInstance(policyConstraints.nextElement()); - if (constraint.getTagNo() == 0) - { - tmpInt = ASN1Integer.getInstance(constraint, false).getValue().intValue(); - if (tmpInt < explicitPolicy) - { - return tmpInt; - } - break; - } - } - catch (IllegalArgumentException e) - { - throw new ExtCertPathValidatorException("Policy constraints extension contents cannot be decoded.", - e, certPath, index); - } - } - } - return explicitPolicy; - } - - protected static int prepareNextCertI2( - CertPath certPath, - int index, - int policyMapping) - throws CertPathValidatorException - { - List certs = certPath.getCertificates(); - X509Certificate cert = (X509Certificate)certs.get(index); - // - // (i) - // - ASN1Sequence pc = null; - try - { - pc = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, - RFC3280CertPathUtilities.POLICY_CONSTRAINTS)); - } - catch (Exception e) - { - throw new ExtCertPathValidatorException("Policy constraints extension cannot be decoded.", e, certPath, - index); - } - - int tmpInt; - - if (pc != null) - { - Enumeration policyConstraints = pc.getObjects(); - - while (policyConstraints.hasMoreElements()) - { - try - { - ASN1TaggedObject constraint = ASN1TaggedObject.getInstance(policyConstraints.nextElement()); - if (constraint.getTagNo() == 1) - { - tmpInt = ASN1Integer.getInstance(constraint, false).getValue().intValue(); - if (tmpInt < policyMapping) - { - return tmpInt; - } - break; - } - } - catch (IllegalArgumentException e) - { - throw new ExtCertPathValidatorException("Policy constraints extension contents cannot be decoded.", - e, certPath, index); - } - } - } - return policyMapping; - } - - protected static void prepareNextCertG( - CertPath certPath, - int index, - PKIXNameConstraintValidator nameConstraintValidator) - throws CertPathValidatorException - { - List certs = certPath.getCertificates(); - X509Certificate cert = (X509Certificate)certs.get(index); - // - // (g) handle the name constraints extension - // - NameConstraints nc = null; - try - { - ASN1Sequence ncSeq = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, - RFC3280CertPathUtilities.NAME_CONSTRAINTS)); - if (ncSeq != null) - { - nc = NameConstraints.getInstance(ncSeq); - } - } - catch (Exception e) - { - throw new ExtCertPathValidatorException("Name constraints extension could not be decoded.", e, certPath, - index); - } - if (nc != null) - { - - // - // (g) (1) permitted subtrees - // - GeneralSubtree[] permitted = nc.getPermittedSubtrees(); - if (permitted != null) - { - try - { - nameConstraintValidator.intersectPermittedSubtree(permitted); - } - catch (Exception ex) - { - throw new ExtCertPathValidatorException( - "Permitted subtrees cannot be build from name constraints extension.", ex, certPath, index); - } - } - - // - // (g) (2) excluded subtrees - // - GeneralSubtree[] excluded = nc.getExcludedSubtrees(); - if (excluded != null) - { - for (int i = 0; i != excluded.length; i++) - try - { - nameConstraintValidator.addExcludedSubtree(excluded[i]); - } - catch (Exception ex) - { - throw new ExtCertPathValidatorException( - "Excluded subtrees cannot be build from name constraints extension.", ex, certPath, index); - } - } - } - } - - /** - * Checks a distribution point for revocation information for the - * certificate <code>cert</code>. - * - * @param dp The distribution point to consider. - * @param paramsPKIX PKIX parameters. - * @param cert Certificate to check if it is revoked. - * @param validDate The date when the certificate revocation status should be - * checked. - * @param defaultCRLSignCert The issuer certificate of the certificate <code>cert</code>. - * @param defaultCRLSignKey The public key of the issuer certificate - * <code>defaultCRLSignCert</code>. - * @param certStatus The current certificate revocation status. - * @param reasonMask The reasons mask which is already checked. - * @param certPathCerts The certificates of the certification path. - * @throws AnnotatedException if the certificate is revoked or the status cannot be checked - * or some error occurs. - */ - private static void checkCRL( - DistributionPoint dp, - ExtendedPKIXParameters paramsPKIX, - X509Certificate cert, - Date validDate, - X509Certificate defaultCRLSignCert, - PublicKey defaultCRLSignKey, - CertStatus certStatus, - ReasonsMask reasonMask, - List certPathCerts) - throws AnnotatedException - { - Date currentDate = new Date(System.currentTimeMillis()); - if (validDate.getTime() > currentDate.getTime()) - { - throw new AnnotatedException("Validation time is in future."); - } - - // (a) - /* - * We always get timely valid CRLs, so there is no step (a) (1). - * "locally cached" CRLs are assumed to be in getStore(), additional - * CRLs must be enabled in the ExtendedPKIXParameters and are in - * getAdditionalStore() - */ - - Set crls = CertPathValidatorUtilities.getCompleteCRLs(dp, cert, currentDate, paramsPKIX); - boolean validCrlFound = false; - AnnotatedException lastException = null; - Iterator crl_iter = crls.iterator(); - - while (crl_iter.hasNext() && certStatus.getCertStatus() == CertStatus.UNREVOKED && !reasonMask.isAllReasons()) - { - try - { - X509CRL crl = (X509CRL)crl_iter.next(); - - // (d) - ReasonsMask interimReasonsMask = RFC3280CertPathUtilities.processCRLD(crl, dp); - - // (e) - /* - * The reasons mask is updated at the end, so only valid CRLs - * can update it. If this CRL does not contain new reasons it - * must be ignored. - */ - if (!interimReasonsMask.hasNewReasons(reasonMask)) - { - continue; - } - - // (f) - Set keys = RFC3280CertPathUtilities.processCRLF(crl, cert, defaultCRLSignCert, defaultCRLSignKey, - paramsPKIX, certPathCerts); - // (g) - PublicKey key = RFC3280CertPathUtilities.processCRLG(crl, keys); - - X509CRL deltaCRL = null; - - if (paramsPKIX.isUseDeltasEnabled()) - { - // get delta CRLs - Set deltaCRLs = CertPathValidatorUtilities.getDeltaCRLs(currentDate, paramsPKIX, crl); - // we only want one valid delta CRL - // (h) - deltaCRL = RFC3280CertPathUtilities.processCRLH(deltaCRLs, key); - } - - /* - * CRL must be be valid at the current time, not the validation - * time. If a certificate is revoked with reason keyCompromise, - * cACompromise, it can be used for forgery, also for the past. - * This reason may not be contained in older CRLs. - */ - - /* - * in the chain model signatures stay valid also after the - * certificate has been expired, so they do not have to be in - * the CRL validity time - */ - - if (paramsPKIX.getValidityModel() != ExtendedPKIXParameters.CHAIN_VALIDITY_MODEL) - { - /* - * if a certificate has expired, but was revoked, it is not - * more in the CRL, so it would be regarded as valid if the - * first check is not done - */ - if (cert.getNotAfter().getTime() < crl.getThisUpdate().getTime()) - { - throw new AnnotatedException("No valid CRL for current time found."); - } - } - - RFC3280CertPathUtilities.processCRLB1(dp, cert, crl); - - // (b) (2) - RFC3280CertPathUtilities.processCRLB2(dp, cert, crl); - - // (c) - RFC3280CertPathUtilities.processCRLC(deltaCRL, crl, paramsPKIX); - - // (i) - RFC3280CertPathUtilities.processCRLI(validDate, deltaCRL, cert, certStatus, paramsPKIX); - - // (j) - RFC3280CertPathUtilities.processCRLJ(validDate, crl, cert, certStatus); - - // (k) - if (certStatus.getCertStatus() == CRLReason.removeFromCRL) - { - certStatus.setCertStatus(CertStatus.UNREVOKED); - } - - // update reasons mask - reasonMask.addReasons(interimReasonsMask); - - Set criticalExtensions = crl.getCriticalExtensionOIDs(); - if (criticalExtensions != null) - { - criticalExtensions = new HashSet(criticalExtensions); - criticalExtensions.remove(X509Extensions.IssuingDistributionPoint.getId()); - criticalExtensions.remove(X509Extensions.DeltaCRLIndicator.getId()); - - if (!criticalExtensions.isEmpty()) - { - throw new AnnotatedException("CRL contains unsupported critical extensions."); - } - } - - if (deltaCRL != null) - { - criticalExtensions = deltaCRL.getCriticalExtensionOIDs(); - if (criticalExtensions != null) - { - criticalExtensions = new HashSet(criticalExtensions); - criticalExtensions.remove(X509Extensions.IssuingDistributionPoint.getId()); - criticalExtensions.remove(X509Extensions.DeltaCRLIndicator.getId()); - if (!criticalExtensions.isEmpty()) - { - throw new AnnotatedException("Delta CRL contains unsupported critical extension."); - } - } - } - - validCrlFound = true; - } - catch (AnnotatedException e) - { - lastException = e; - } - } - if (!validCrlFound) - { - throw lastException; - } - } - - /** - * Checks a certificate if it is revoked. - * - * @param paramsPKIX PKIX parameters. - * @param cert Certificate to check if it is revoked. - * @param validDate The date when the certificate revocation status should be - * checked. - * @param sign The issuer certificate of the certificate <code>cert</code>. - * @param workingPublicKey The public key of the issuer certificate <code>sign</code>. - * @param certPathCerts The certificates of the certification path. - * @throws AnnotatedException if the certificate is revoked or the status cannot be checked - * or some error occurs. - */ - protected static void checkCRLs( - ExtendedPKIXParameters paramsPKIX, - X509Certificate cert, - Date validDate, - X509Certificate sign, - PublicKey workingPublicKey, - List certPathCerts) - throws AnnotatedException - { - AnnotatedException lastException = null; - CRLDistPoint crldp = null; - try - { - crldp = CRLDistPoint.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, - RFC3280CertPathUtilities.CRL_DISTRIBUTION_POINTS)); - } - catch (Exception e) - { - throw new AnnotatedException("CRL distribution point extension could not be read.", e); - } - try - { - CertPathValidatorUtilities.addAdditionalStoresFromCRLDistributionPoint(crldp, paramsPKIX); - } - catch (AnnotatedException e) - { - throw new AnnotatedException( - "No additional CRL locations could be decoded from CRL distribution point extension.", e); - } - CertStatus certStatus = new CertStatus(); - ReasonsMask reasonsMask = new ReasonsMask(); - - boolean validCrlFound = false; - // for each distribution point - if (crldp != null) - { - DistributionPoint dps[] = null; - try - { - dps = crldp.getDistributionPoints(); - } - catch (Exception e) - { - throw new AnnotatedException("Distribution points could not be read.", e); - } - if (dps != null) - { - for (int i = 0; i < dps.length && certStatus.getCertStatus() == CertStatus.UNREVOKED && !reasonsMask.isAllReasons(); i++) - { - ExtendedPKIXParameters paramsPKIXClone = (ExtendedPKIXParameters)paramsPKIX.clone(); - try - { - checkCRL(dps[i], paramsPKIXClone, cert, validDate, sign, workingPublicKey, certStatus, reasonsMask, certPathCerts); - validCrlFound = true; - } - catch (AnnotatedException e) - { - lastException = e; - } - } - } - } - - /* - * If the revocation status has not been determined, repeat the process - * above with any available CRLs not specified in a distribution point - * but issued by the certificate issuer. - */ - - if (certStatus.getCertStatus() == CertStatus.UNREVOKED && !reasonsMask.isAllReasons()) - { - try - { - /* - * assume a DP with both the reasons and the cRLIssuer fields - * omitted and a distribution point name of the certificate - * issuer. - */ - ASN1Primitive issuer = null; - try - { - issuer = new ASN1InputStream(CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert).getEncoded()) - .readObject(); - } - catch (Exception e) - { - throw new AnnotatedException("Issuer from certificate for CRL could not be reencoded.", e); - } - DistributionPoint dp = new DistributionPoint(new DistributionPointName(0, new GeneralNames( - new GeneralName(GeneralName.directoryName, issuer))), null, null); - ExtendedPKIXParameters paramsPKIXClone = (ExtendedPKIXParameters)paramsPKIX.clone(); - checkCRL(dp, paramsPKIXClone, cert, validDate, sign, workingPublicKey, certStatus, reasonsMask, - certPathCerts); - validCrlFound = true; - } - catch (AnnotatedException e) - { - lastException = e; - } - } - - if (!validCrlFound) - { - if (lastException instanceof AnnotatedException) - { - throw lastException; - } - - throw new AnnotatedException("No valid CRL found.", lastException); - } - if (certStatus.getCertStatus() != CertStatus.UNREVOKED) - { - SimpleDateFormat df = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss Z"); - df.setTimeZone(TimeZone.getTimeZone("UTC")); - String message = "Certificate revocation after " + df.format(certStatus.getRevocationDate()); - message += ", reason: " + crlReasons[certStatus.getCertStatus()]; - throw new AnnotatedException(message); - } - if (!reasonsMask.isAllReasons() && certStatus.getCertStatus() == CertStatus.UNREVOKED) - { - certStatus.setCertStatus(CertStatus.UNDETERMINED); - } - if (certStatus.getCertStatus() == CertStatus.UNDETERMINED) - { - throw new AnnotatedException("Certificate status could not be determined."); - } - } - - protected static int prepareNextCertJ( - CertPath certPath, - int index, - int inhibitAnyPolicy) - throws CertPathValidatorException - { - List certs = certPath.getCertificates(); - X509Certificate cert = (X509Certificate)certs.get(index); - // - // (j) - // - ASN1Integer iap = null; - try - { - iap = ASN1Integer.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, - RFC3280CertPathUtilities.INHIBIT_ANY_POLICY)); - } - catch (Exception e) - { - throw new ExtCertPathValidatorException("Inhibit any-policy extension cannot be decoded.", e, certPath, - index); - } - - if (iap != null) - { - int _inhibitAnyPolicy = iap.getValue().intValue(); - - if (_inhibitAnyPolicy < inhibitAnyPolicy) - { - return _inhibitAnyPolicy; - } - } - return inhibitAnyPolicy; - } - - protected static void prepareNextCertK( - CertPath certPath, - int index) - throws CertPathValidatorException - { - List certs = certPath.getCertificates(); - X509Certificate cert = (X509Certificate)certs.get(index); - // - // (k) - // - BasicConstraints bc = null; - try - { - bc = BasicConstraints.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, - RFC3280CertPathUtilities.BASIC_CONSTRAINTS)); - } - catch (Exception e) - { - throw new ExtCertPathValidatorException("Basic constraints extension cannot be decoded.", e, certPath, - index); - } - if (bc != null) - { - if (!(bc.isCA())) - { - throw new CertPathValidatorException("Not a CA certificate"); - } - } - else - { - throw new CertPathValidatorException("Intermediate certificate lacks BasicConstraints"); - } - } - - protected static int prepareNextCertL( - CertPath certPath, - int index, - int maxPathLength) - throws CertPathValidatorException - { - List certs = certPath.getCertificates(); - X509Certificate cert = (X509Certificate)certs.get(index); - // - // (l) - // - if (!CertPathValidatorUtilities.isSelfIssued(cert)) - { - if (maxPathLength <= 0) - { - throw new ExtCertPathValidatorException("Max path length not greater than zero", null, certPath, index); - } - - return maxPathLength - 1; - } - return maxPathLength; - } - - protected static int prepareNextCertM( - CertPath certPath, - int index, - int maxPathLength) - throws CertPathValidatorException - { - List certs = certPath.getCertificates(); - X509Certificate cert = (X509Certificate)certs.get(index); - - // - // (m) - // - BasicConstraints bc = null; - try - { - bc = BasicConstraints.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, - RFC3280CertPathUtilities.BASIC_CONSTRAINTS)); - } - catch (Exception e) - { - throw new ExtCertPathValidatorException("Basic constraints extension cannot be decoded.", e, certPath, - index); - } - if (bc != null) - { - BigInteger _pathLengthConstraint = bc.getPathLenConstraint(); - - if (_pathLengthConstraint != null) - { - int _plc = _pathLengthConstraint.intValue(); - - if (_plc < maxPathLength) - { - return _plc; - } - } - } - return maxPathLength; - } - - protected static void prepareNextCertN( - CertPath certPath, - int index) - throws CertPathValidatorException - { - List certs = certPath.getCertificates(); - X509Certificate cert = (X509Certificate)certs.get(index); - - // - // (n) - // - boolean[] _usage = cert.getKeyUsage(); - - if ((_usage != null) && !_usage[RFC3280CertPathUtilities.KEY_CERT_SIGN]) - { - throw new ExtCertPathValidatorException( - "Issuer certificate keyusage extension is critical and does not permit key signing.", null, - certPath, index); - } - } - - protected static void prepareNextCertO( - CertPath certPath, - int index, - Set criticalExtensions, - List pathCheckers) - throws CertPathValidatorException - { - List certs = certPath.getCertificates(); - X509Certificate cert = (X509Certificate)certs.get(index); - // - // (o) - // - - Iterator tmpIter; - tmpIter = pathCheckers.iterator(); - while (tmpIter.hasNext()) - { - try - { - ((PKIXCertPathChecker)tmpIter.next()).check(cert, criticalExtensions); - } - catch (CertPathValidatorException e) - { - throw new CertPathValidatorException(e.getMessage(), e.getCause(), certPath, index); - } - } - if (!criticalExtensions.isEmpty()) - { - throw new ExtCertPathValidatorException("Certificate has unsupported critical extension: " + criticalExtensions, null, certPath, - index); - } - } - - protected static int prepareNextCertH1( - CertPath certPath, - int index, - int explicitPolicy) - { - List certs = certPath.getCertificates(); - X509Certificate cert = (X509Certificate)certs.get(index); - // - // (h) - // - if (!CertPathValidatorUtilities.isSelfIssued(cert)) - { - // - // (1) - // - if (explicitPolicy != 0) - { - return explicitPolicy - 1; - } - } - return explicitPolicy; - } - - protected static int prepareNextCertH2( - CertPath certPath, - int index, - int policyMapping) - { - List certs = certPath.getCertificates(); - X509Certificate cert = (X509Certificate)certs.get(index); - // - // (h) - // - if (!CertPathValidatorUtilities.isSelfIssued(cert)) - { - // - // (2) - // - if (policyMapping != 0) - { - return policyMapping - 1; - } - } - return policyMapping; - } - - protected static int prepareNextCertH3( - CertPath certPath, - int index, - int inhibitAnyPolicy) - { - List certs = certPath.getCertificates(); - X509Certificate cert = (X509Certificate)certs.get(index); - // - // (h) - // - if (!CertPathValidatorUtilities.isSelfIssued(cert)) - { - // - // (3) - // - if (inhibitAnyPolicy != 0) - { - return inhibitAnyPolicy - 1; - } - } - return inhibitAnyPolicy; - } - - protected static final String[] crlReasons = new String[] - { - "unspecified", - "keyCompromise", - "cACompromise", - "affiliationChanged", - "superseded", - "cessationOfOperation", - "certificateHold", - "unknown", - "removeFromCRL", - "privilegeWithdrawn", - "aACompromise"}; - - protected static int wrapupCertA( - int explicitPolicy, - X509Certificate cert) - { - // - // (a) - // - if (!CertPathValidatorUtilities.isSelfIssued(cert) && (explicitPolicy != 0)) - { - explicitPolicy--; - } - return explicitPolicy; - } - - protected static int wrapupCertB( - CertPath certPath, - int index, - int explicitPolicy) - throws CertPathValidatorException - { - List certs = certPath.getCertificates(); - X509Certificate cert = (X509Certificate)certs.get(index); - // - // (b) - // - int tmpInt; - ASN1Sequence pc = null; - try - { - pc = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, - RFC3280CertPathUtilities.POLICY_CONSTRAINTS)); - } - catch (AnnotatedException e) - { - throw new ExtCertPathValidatorException("Policy constraints could not be decoded.", e, certPath, index); - } - if (pc != null) - { - Enumeration policyConstraints = pc.getObjects(); - - while (policyConstraints.hasMoreElements()) - { - ASN1TaggedObject constraint = (ASN1TaggedObject)policyConstraints.nextElement(); - switch (constraint.getTagNo()) - { - case 0: - try - { - tmpInt = ASN1Integer.getInstance(constraint, false).getValue().intValue(); - } - catch (Exception e) - { - throw new ExtCertPathValidatorException( - "Policy constraints requireExplicitPolicy field could not be decoded.", e, certPath, - index); - } - if (tmpInt == 0) - { - return 0; - } - break; - } - } - } - return explicitPolicy; - } - - protected static void wrapupCertF( - CertPath certPath, - int index, - List pathCheckers, - Set criticalExtensions) - throws CertPathValidatorException - { - List certs = certPath.getCertificates(); - X509Certificate cert = (X509Certificate)certs.get(index); - Iterator tmpIter; - tmpIter = pathCheckers.iterator(); - while (tmpIter.hasNext()) - { - try - { - ((PKIXCertPathChecker)tmpIter.next()).check(cert, criticalExtensions); - } - catch (CertPathValidatorException e) - { - throw new ExtCertPathValidatorException("Additional certificate path checker failed.", e, certPath, - index); - } - } - - if (!criticalExtensions.isEmpty()) - { - throw new ExtCertPathValidatorException("Certificate has unsupported critical extension: " + criticalExtensions, null, certPath, - index); - } - } - - protected static PKIXPolicyNode wrapupCertG( - CertPath certPath, - ExtendedPKIXParameters paramsPKIX, - Set userInitialPolicySet, - int index, - List[] policyNodes, - PKIXPolicyNode validPolicyTree, - Set acceptablePolicies) - throws CertPathValidatorException - { - int n = certPath.getCertificates().size(); - // - // (g) - // - PKIXPolicyNode intersection; - - // - // (g) (i) - // - if (validPolicyTree == null) - { - if (paramsPKIX.isExplicitPolicyRequired()) - { - throw new ExtCertPathValidatorException("Explicit policy requested but none available.", null, - certPath, index); - } - intersection = null; - } - else if (CertPathValidatorUtilities.isAnyPolicy(userInitialPolicySet)) // (g) - // (ii) - { - if (paramsPKIX.isExplicitPolicyRequired()) - { - if (acceptablePolicies.isEmpty()) - { - throw new ExtCertPathValidatorException("Explicit policy requested but none available.", null, - certPath, index); - } - else - { - Set _validPolicyNodeSet = new HashSet(); - - for (int j = 0; j < policyNodes.length; j++) - { - List _nodeDepth = policyNodes[j]; - - for (int k = 0; k < _nodeDepth.size(); k++) - { - PKIXPolicyNode _node = (PKIXPolicyNode)_nodeDepth.get(k); - - if (RFC3280CertPathUtilities.ANY_POLICY.equals(_node.getValidPolicy())) - { - Iterator _iter = _node.getChildren(); - while (_iter.hasNext()) - { - _validPolicyNodeSet.add(_iter.next()); - } - } - } - } - - Iterator _vpnsIter = _validPolicyNodeSet.iterator(); - while (_vpnsIter.hasNext()) - { - PKIXPolicyNode _node = (PKIXPolicyNode)_vpnsIter.next(); - String _validPolicy = _node.getValidPolicy(); - - if (!acceptablePolicies.contains(_validPolicy)) - { - // validPolicyTree = - // removePolicyNode(validPolicyTree, policyNodes, - // _node); - } - } - if (validPolicyTree != null) - { - for (int j = (n - 1); j >= 0; j--) - { - List nodes = policyNodes[j]; - - for (int k = 0; k < nodes.size(); k++) - { - PKIXPolicyNode node = (PKIXPolicyNode)nodes.get(k); - if (!node.hasChildren()) - { - validPolicyTree = CertPathValidatorUtilities.removePolicyNode(validPolicyTree, - policyNodes, node); - } - } - } - } - } - } - - intersection = validPolicyTree; - } - else - { - // - // (g) (iii) - // - // This implementation is not exactly same as the one described in - // RFC3280. - // However, as far as the validation result is concerned, both - // produce - // adequate result. The only difference is whether AnyPolicy is - // remain - // in the policy tree or not. - // - // (g) (iii) 1 - // - Set _validPolicyNodeSet = new HashSet(); - - for (int j = 0; j < policyNodes.length; j++) - { - List _nodeDepth = policyNodes[j]; - - for (int k = 0; k < _nodeDepth.size(); k++) - { - PKIXPolicyNode _node = (PKIXPolicyNode)_nodeDepth.get(k); - - if (RFC3280CertPathUtilities.ANY_POLICY.equals(_node.getValidPolicy())) - { - Iterator _iter = _node.getChildren(); - while (_iter.hasNext()) - { - PKIXPolicyNode _c_node = (PKIXPolicyNode)_iter.next(); - if (!RFC3280CertPathUtilities.ANY_POLICY.equals(_c_node.getValidPolicy())) - { - _validPolicyNodeSet.add(_c_node); - } - } - } - } - } - - // - // (g) (iii) 2 - // - Iterator _vpnsIter = _validPolicyNodeSet.iterator(); - while (_vpnsIter.hasNext()) - { - PKIXPolicyNode _node = (PKIXPolicyNode)_vpnsIter.next(); - String _validPolicy = _node.getValidPolicy(); - - if (!userInitialPolicySet.contains(_validPolicy)) - { - validPolicyTree = CertPathValidatorUtilities.removePolicyNode(validPolicyTree, policyNodes, _node); - } - } - - // - // (g) (iii) 4 - // - if (validPolicyTree != null) - { - for (int j = (n - 1); j >= 0; j--) - { - List nodes = policyNodes[j]; - - for (int k = 0; k < nodes.size(); k++) - { - PKIXPolicyNode node = (PKIXPolicyNode)nodes.get(k); - if (!node.hasChildren()) - { - validPolicyTree = CertPathValidatorUtilities.removePolicyNode(validPolicyTree, policyNodes, - node); - } - } - } - } - - intersection = validPolicyTree; - } - return intersection; - } - -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/RFC3281CertPathUtilities.java b/prov/src/main/java/org/bouncycastle/jce/provider/RFC3281CertPathUtilities.java deleted file mode 100644 index 19dbae1d..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/RFC3281CertPathUtilities.java +++ /dev/null @@ -1,703 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.IOException; -import java.security.InvalidAlgorithmParameterException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.Principal; -import java.security.PublicKey; -import java.security.cert.CertPath; -import java.security.cert.CertPathBuilder; -import java.security.cert.CertPathBuilderException; -import java.security.cert.CertPathBuilderResult; -import java.security.cert.CertPathValidator; -import java.security.cert.CertPathValidatorException; -import java.security.cert.CertPathValidatorResult; -import java.security.cert.CertificateExpiredException; -import java.security.cert.CertificateNotYetValidException; -import java.security.cert.TrustAnchor; -import java.security.cert.X509CRL; -import java.security.cert.X509Certificate; -import java.util.Date; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; -import java.util.Set; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.x509.CRLDistPoint; -import org.bouncycastle.asn1.x509.CRLReason; -import org.bouncycastle.asn1.x509.DistributionPoint; -import org.bouncycastle.asn1.x509.DistributionPointName; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.GeneralNames; -import org.bouncycastle.asn1.x509.TargetInformation; -import org.bouncycastle.asn1.x509.X509Extensions; -import org.bouncycastle.jce.exception.ExtCertPathValidatorException; -import org.bouncycastle.x509.ExtendedPKIXBuilderParameters; -import org.bouncycastle.x509.ExtendedPKIXParameters; -import org.bouncycastle.x509.PKIXAttrCertChecker; -import org.bouncycastle.x509.X509AttributeCertificate; -import org.bouncycastle.x509.X509CertStoreSelector; - -class RFC3281CertPathUtilities -{ - - private static final String TARGET_INFORMATION = X509Extensions.TargetInformation - .getId(); - - private static final String NO_REV_AVAIL = X509Extensions.NoRevAvail - .getId(); - - private static final String CRL_DISTRIBUTION_POINTS = X509Extensions.CRLDistributionPoints - .getId(); - - private static final String AUTHORITY_INFO_ACCESS = X509Extensions.AuthorityInfoAccess - .getId(); - - protected static void processAttrCert7(X509AttributeCertificate attrCert, - CertPath certPath, CertPath holderCertPath, - ExtendedPKIXParameters pkixParams) throws CertPathValidatorException - { - // TODO: - // AA Controls - // Attribute encryption - // Proxy - Set set = attrCert.getCriticalExtensionOIDs(); - // 7.1 - // process extensions - - // target information checked in step 6 / X509AttributeCertStoreSelector - if (set.contains(TARGET_INFORMATION)) - { - try - { - TargetInformation.getInstance(CertPathValidatorUtilities - .getExtensionValue(attrCert, TARGET_INFORMATION)); - } - catch (AnnotatedException e) - { - throw new ExtCertPathValidatorException( - "Target information extension could not be read.", e); - } - catch (IllegalArgumentException e) - { - throw new ExtCertPathValidatorException( - "Target information extension could not be read.", e); - } - } - set.remove(TARGET_INFORMATION); - for (Iterator it = pkixParams.getAttrCertCheckers().iterator(); it - .hasNext();) - { - ((PKIXAttrCertChecker) it.next()).check(attrCert, certPath, - holderCertPath, set); - } - if (!set.isEmpty()) - { - throw new CertPathValidatorException( - "Attribute certificate contains unsupported critical extensions: " - + set); - } - } - - /** - * Checks if an attribute certificate is revoked. - * - * @param attrCert Attribute certificate to check if it is revoked. - * @param paramsPKIX PKIX parameters. - * @param issuerCert The issuer certificate of the attribute certificate - * <code>attrCert</code>. - * @param validDate The date when the certificate revocation status should - * be checked. - * @param certPathCerts The certificates of the certification path to be - * checked. - * - * @throws CertPathValidatorException if the certificate is revoked or the - * status cannot be checked or some error occurs. - */ - protected static void checkCRLs(X509AttributeCertificate attrCert, - ExtendedPKIXParameters paramsPKIX, X509Certificate issuerCert, - Date validDate, List certPathCerts) throws CertPathValidatorException - { - if (paramsPKIX.isRevocationEnabled()) - { - // check if revocation is available - if (attrCert.getExtensionValue(NO_REV_AVAIL) == null) - { - CRLDistPoint crldp = null; - try - { - crldp = CRLDistPoint.getInstance(CertPathValidatorUtilities - .getExtensionValue(attrCert, CRL_DISTRIBUTION_POINTS)); - } - catch (AnnotatedException e) - { - throw new CertPathValidatorException( - "CRL distribution point extension could not be read.", - e); - } - try - { - CertPathValidatorUtilities - .addAdditionalStoresFromCRLDistributionPoint(crldp, - paramsPKIX); - } - catch (AnnotatedException e) - { - throw new CertPathValidatorException( - "No additional CRL locations could be decoded from CRL distribution point extension.", - e); - } - CertStatus certStatus = new CertStatus(); - ReasonsMask reasonsMask = new ReasonsMask(); - - AnnotatedException lastException = null; - boolean validCrlFound = false; - // for each distribution point - if (crldp != null) - { - DistributionPoint dps[] = null; - try - { - dps = crldp.getDistributionPoints(); - } - catch (Exception e) - { - throw new ExtCertPathValidatorException( - "Distribution points could not be read.", e); - } - try - { - for (int i = 0; i < dps.length - && certStatus.getCertStatus() == CertStatus.UNREVOKED - && !reasonsMask.isAllReasons(); i++) - { - ExtendedPKIXParameters paramsPKIXClone = (ExtendedPKIXParameters) paramsPKIX - .clone(); - checkCRL(dps[i], attrCert, paramsPKIXClone, - validDate, issuerCert, certStatus, reasonsMask, - certPathCerts); - validCrlFound = true; - } - } - catch (AnnotatedException e) - { - lastException = new AnnotatedException( - "No valid CRL for distribution point found.", e); - } - } - - /* - * If the revocation status has not been determined, repeat the - * process above with any available CRLs not specified in a - * distribution point but issued by the certificate issuer. - */ - - if (certStatus.getCertStatus() == CertStatus.UNREVOKED - && !reasonsMask.isAllReasons()) - { - try - { - /* - * assume a DP with both the reasons and the cRLIssuer - * fields omitted and a distribution point name of the - * certificate issuer. - */ - ASN1Primitive issuer = null; - try - { - - issuer = new ASN1InputStream( - ((X500Principal) attrCert.getIssuer() - .getPrincipals()[0]).getEncoded()) - .readObject(); - } - catch (Exception e) - { - throw new AnnotatedException( - "Issuer from certificate for CRL could not be reencoded.", - e); - } - DistributionPoint dp = new DistributionPoint( - new DistributionPointName(0, new GeneralNames( - new GeneralName(GeneralName.directoryName, - issuer))), null, null); - ExtendedPKIXParameters paramsPKIXClone = (ExtendedPKIXParameters) paramsPKIX - .clone(); - checkCRL(dp, attrCert, paramsPKIXClone, validDate, - issuerCert, certStatus, reasonsMask, certPathCerts); - validCrlFound = true; - } - catch (AnnotatedException e) - { - lastException = new AnnotatedException( - "No valid CRL for distribution point found.", e); - } - } - - if (!validCrlFound) - { - throw new ExtCertPathValidatorException( - "No valid CRL found.", lastException); - } - if (certStatus.getCertStatus() != CertStatus.UNREVOKED) - { - String message = "Attribute certificate revocation after " - + certStatus.getRevocationDate(); - message += ", reason: " - + RFC3280CertPathUtilities.crlReasons[certStatus - .getCertStatus()]; - throw new CertPathValidatorException(message); - } - if (!reasonsMask.isAllReasons() - && certStatus.getCertStatus() == CertStatus.UNREVOKED) - { - certStatus.setCertStatus(CertStatus.UNDETERMINED); - } - if (certStatus.getCertStatus() == CertStatus.UNDETERMINED) - { - throw new CertPathValidatorException( - "Attribute certificate status could not be determined."); - } - - } - else - { - if (attrCert.getExtensionValue(CRL_DISTRIBUTION_POINTS) != null - || attrCert.getExtensionValue(AUTHORITY_INFO_ACCESS) != null) - { - throw new CertPathValidatorException( - "No rev avail extension is set, but also an AC revocation pointer."); - } - } - } - } - - protected static void additionalChecks(X509AttributeCertificate attrCert, - ExtendedPKIXParameters pkixParams) throws CertPathValidatorException - { - // 1 - for (Iterator it = pkixParams.getProhibitedACAttributes().iterator(); it - .hasNext();) - { - String oid = (String) it.next(); - if (attrCert.getAttributes(oid) != null) - { - throw new CertPathValidatorException( - "Attribute certificate contains prohibited attribute: " - + oid + "."); - } - } - for (Iterator it = pkixParams.getNecessaryACAttributes().iterator(); it - .hasNext();) - { - String oid = (String) it.next(); - if (attrCert.getAttributes(oid) == null) - { - throw new CertPathValidatorException( - "Attribute certificate does not contain necessary attribute: " - + oid + "."); - } - } - } - - protected static void processAttrCert5(X509AttributeCertificate attrCert, - ExtendedPKIXParameters pkixParams) throws CertPathValidatorException - { - try - { - attrCert.checkValidity(CertPathValidatorUtilities - .getValidDate(pkixParams)); - } - catch (CertificateExpiredException e) - { - throw new ExtCertPathValidatorException( - "Attribute certificate is not valid.", e); - } - catch (CertificateNotYetValidException e) - { - throw new ExtCertPathValidatorException( - "Attribute certificate is not valid.", e); - } - } - - protected static void processAttrCert4(X509Certificate acIssuerCert, - ExtendedPKIXParameters pkixParams) throws CertPathValidatorException - { - Set set = pkixParams.getTrustedACIssuers(); - boolean trusted = false; - for (Iterator it = set.iterator(); it.hasNext();) - { - TrustAnchor anchor = (TrustAnchor) it.next(); - if (acIssuerCert.getSubjectX500Principal().getName("RFC2253") - .equals(anchor.getCAName()) - || acIssuerCert.equals(anchor.getTrustedCert())) - { - trusted = true; - } - } - if (!trusted) - { - throw new CertPathValidatorException( - "Attribute certificate issuer is not directly trusted."); - } - } - - protected static void processAttrCert3(X509Certificate acIssuerCert, - ExtendedPKIXParameters pkixParams) throws CertPathValidatorException - { - if (acIssuerCert.getKeyUsage() != null - && (!acIssuerCert.getKeyUsage()[0] && !acIssuerCert.getKeyUsage()[1])) - { - throw new CertPathValidatorException( - "Attribute certificate issuer public key cannot be used to validate digital signatures."); - } - if (acIssuerCert.getBasicConstraints() != -1) - { - throw new CertPathValidatorException( - "Attribute certificate issuer is also a public key certificate issuer."); - } - } - - protected static CertPathValidatorResult processAttrCert2( - CertPath certPath, ExtendedPKIXParameters pkixParams) - throws CertPathValidatorException - { - CertPathValidator validator = null; - try - { - validator = CertPathValidator.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME); - } - catch (NoSuchProviderException e) - { - throw new ExtCertPathValidatorException( - "Support class could not be created.", e); - } - catch (NoSuchAlgorithmException e) - { - throw new ExtCertPathValidatorException( - "Support class could not be created.", e); - } - try - { - return validator.validate(certPath, pkixParams); - } - catch (CertPathValidatorException e) - { - throw new ExtCertPathValidatorException( - "Certification path for issuer certificate of attribute certificate could not be validated.", - e); - } - catch (InvalidAlgorithmParameterException e) - { - // must be a programming error - throw new RuntimeException(e.getMessage()); - } - } - - /** - * Searches for a holder public key certificate and verifies its - * certification path. - * - * @param attrCert the attribute certificate. - * @param pkixParams The PKIX parameters. - * @return The certificate path of the holder certificate. - * @throws AnnotatedException if - * <ul> - * <li>no public key certificate can be found although holder - * information is given by an entity name or a base certificate - * ID - * <li>support classes cannot be created - * <li>no certification path for the public key certificate can - * be built - * </ul> - */ - protected static CertPath processAttrCert1( - X509AttributeCertificate attrCert, ExtendedPKIXParameters pkixParams) - throws CertPathValidatorException - { - CertPathBuilderResult result = null; - // find holder PKCs - Set holderPKCs = new HashSet(); - if (attrCert.getHolder().getIssuer() != null) - { - X509CertStoreSelector selector = new X509CertStoreSelector(); - selector.setSerialNumber(attrCert.getHolder().getSerialNumber()); - Principal[] principals = attrCert.getHolder().getIssuer(); - for (int i = 0; i < principals.length; i++) - { - try - { - if (principals[i] instanceof X500Principal) - { - selector.setIssuer(((X500Principal)principals[i]) - .getEncoded()); - } - holderPKCs.addAll(CertPathValidatorUtilities - .findCertificates(selector, pkixParams.getStores())); - } - catch (AnnotatedException e) - { - throw new ExtCertPathValidatorException( - "Public key certificate for attribute certificate cannot be searched.", - e); - } - catch (IOException e) - { - throw new ExtCertPathValidatorException( - "Unable to encode X500 principal.", e); - } - } - if (holderPKCs.isEmpty()) - { - throw new CertPathValidatorException( - "Public key certificate specified in base certificate ID for attribute certificate cannot be found."); - } - } - if (attrCert.getHolder().getEntityNames() != null) - { - X509CertStoreSelector selector = new X509CertStoreSelector(); - Principal[] principals = attrCert.getHolder().getEntityNames(); - for (int i = 0; i < principals.length; i++) - { - try - { - if (principals[i] instanceof X500Principal) - { - selector.setIssuer(((X500Principal) principals[i]) - .getEncoded()); - } - holderPKCs.addAll(CertPathValidatorUtilities - .findCertificates(selector, pkixParams.getStores())); - } - catch (AnnotatedException e) - { - throw new ExtCertPathValidatorException( - "Public key certificate for attribute certificate cannot be searched.", - e); - } - catch (IOException e) - { - throw new ExtCertPathValidatorException( - "Unable to encode X500 principal.", e); - } - } - if (holderPKCs.isEmpty()) - { - throw new CertPathValidatorException( - "Public key certificate specified in entity name for attribute certificate cannot be found."); - } - } - // verify cert paths for PKCs - ExtendedPKIXBuilderParameters params = (ExtendedPKIXBuilderParameters) ExtendedPKIXBuilderParameters - .getInstance(pkixParams); - CertPathValidatorException lastException = null; - for (Iterator it = holderPKCs.iterator(); it.hasNext();) - { - X509CertStoreSelector selector = new X509CertStoreSelector(); - selector.setCertificate((X509Certificate) it.next()); - params.setTargetConstraints(selector); - CertPathBuilder builder = null; - try - { - builder = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME); - } - catch (NoSuchProviderException e) - { - throw new ExtCertPathValidatorException( - "Support class could not be created.", e); - } - catch (NoSuchAlgorithmException e) - { - throw new ExtCertPathValidatorException( - "Support class could not be created.", e); - } - try - { - result = builder.build(ExtendedPKIXBuilderParameters - .getInstance(params)); - } - catch (CertPathBuilderException e) - { - lastException = new ExtCertPathValidatorException( - "Certification path for public key certificate of attribute certificate could not be build.", - e); - } - catch (InvalidAlgorithmParameterException e) - { - // must be a programming error - throw new RuntimeException(e.getMessage()); - } - } - if (lastException != null) - { - throw lastException; - } - return result.getCertPath(); - } - - /** - * - * Checks a distribution point for revocation information for the - * certificate <code>attrCert</code>. - * - * @param dp The distribution point to consider. - * @param attrCert The attribute certificate which should be checked. - * @param paramsPKIX PKIX parameters. - * @param validDate The date when the certificate revocation status should - * be checked. - * @param issuerCert Certificate to check if it is revoked. - * @param reasonMask The reasons mask which is already checked. - * @param certPathCerts The certificates of the certification path to be - * checked. - * @throws AnnotatedException if the certificate is revoked or the status - * cannot be checked or some error occurs. - */ - private static void checkCRL(DistributionPoint dp, - X509AttributeCertificate attrCert, ExtendedPKIXParameters paramsPKIX, - Date validDate, X509Certificate issuerCert, CertStatus certStatus, - ReasonsMask reasonMask, List certPathCerts) throws AnnotatedException - { - - /* - * 4.3.6 No Revocation Available - * - * The noRevAvail extension, defined in [X.509-2000], allows an AC - * issuer to indicate that no revocation information will be made - * available for this AC. - */ - if (attrCert.getExtensionValue(X509Extensions.NoRevAvail.getId()) != null) - { - return; - } - Date currentDate = new Date(System.currentTimeMillis()); - if (validDate.getTime() > currentDate.getTime()) - { - throw new AnnotatedException("Validation time is in future."); - } - - // (a) - /* - * We always get timely valid CRLs, so there is no step (a) (1). - * "locally cached" CRLs are assumed to be in getStore(), additional - * CRLs must be enabled in the ExtendedPKIXParameters and are in - * getAdditionalStore() - */ - - Set crls = CertPathValidatorUtilities.getCompleteCRLs(dp, attrCert, - currentDate, paramsPKIX); - boolean validCrlFound = false; - AnnotatedException lastException = null; - Iterator crl_iter = crls.iterator(); - - while (crl_iter.hasNext() - && certStatus.getCertStatus() == CertStatus.UNREVOKED - && !reasonMask.isAllReasons()) - { - try - { - X509CRL crl = (X509CRL) crl_iter.next(); - - // (d) - ReasonsMask interimReasonsMask = RFC3280CertPathUtilities - .processCRLD(crl, dp); - - // (e) - /* - * The reasons mask is updated at the end, so only valid CRLs - * can update it. If this CRL does not contain new reasons it - * must be ignored. - */ - if (!interimReasonsMask.hasNewReasons(reasonMask)) - { - continue; - } - - // (f) - Set keys = RFC3280CertPathUtilities.processCRLF(crl, attrCert, - null, null, paramsPKIX, certPathCerts); - // (g) - PublicKey key = RFC3280CertPathUtilities.processCRLG(crl, keys); - - X509CRL deltaCRL = null; - - if (paramsPKIX.isUseDeltasEnabled()) - { - // get delta CRLs - Set deltaCRLs = CertPathValidatorUtilities.getDeltaCRLs( - currentDate, paramsPKIX, crl); - // we only want one valid delta CRL - // (h) - deltaCRL = RFC3280CertPathUtilities.processCRLH(deltaCRLs, - key); - } - - /* - * CRL must be be valid at the current time, not the validation - * time. If a certificate is revoked with reason keyCompromise, - * cACompromise, it can be used for forgery, also for the past. - * This reason may not be contained in older CRLs. - */ - - /* - * in the chain model signatures stay valid also after the - * certificate has been expired, so they do not have to be in - * the CRL vality time - */ - - if (paramsPKIX.getValidityModel() != ExtendedPKIXParameters.CHAIN_VALIDITY_MODEL) - { - /* - * if a certificate has expired, but was revoked, it is not - * more in the CRL, so it would be regarded as valid if the - * first check is not done - */ - if (attrCert.getNotAfter().getTime() < crl.getThisUpdate() - .getTime()) - { - throw new AnnotatedException( - "No valid CRL for current time found."); - } - } - - RFC3280CertPathUtilities.processCRLB1(dp, attrCert, crl); - - // (b) (2) - RFC3280CertPathUtilities.processCRLB2(dp, attrCert, crl); - - // (c) - RFC3280CertPathUtilities.processCRLC(deltaCRL, crl, paramsPKIX); - - // (i) - RFC3280CertPathUtilities.processCRLI(validDate, deltaCRL, - attrCert, certStatus, paramsPKIX); - - // (j) - RFC3280CertPathUtilities.processCRLJ(validDate, crl, attrCert, - certStatus); - - // (k) - if (certStatus.getCertStatus() == CRLReason.removeFromCRL) - { - certStatus.setCertStatus(CertStatus.UNREVOKED); - } - - // update reasons mask - reasonMask.addReasons(interimReasonsMask); - validCrlFound = true; - } - catch (AnnotatedException e) - { - lastException = e; - } - } - if (!validCrlFound) - { - throw lastException; - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/ReasonsMask.java b/prov/src/main/java/org/bouncycastle/jce/provider/ReasonsMask.java deleted file mode 100644 index 04f5a063..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/ReasonsMask.java +++ /dev/null @@ -1,101 +0,0 @@ -package org.bouncycastle.jce.provider; - -import org.bouncycastle.asn1.x509.ReasonFlags; - -/** - * This class helps to handle CRL revocation reasons mask. Each CRL handles a - * certain set of revocation reasons. - */ -class ReasonsMask -{ - private int _reasons; - - /** - * Constructs are reason mask with the reasons. - * - * @param reasons The reasons. - */ - ReasonsMask(ReasonFlags reasons) - { - _reasons = reasons.intValue(); - } - - private ReasonsMask(int reasons) - { - _reasons = reasons; - } - - /** - * A reason mask with no reason. - * - */ - ReasonsMask() - { - this(0); - } - - /** - * A mask with all revocation reasons. - */ - static final ReasonsMask allReasons = new ReasonsMask(ReasonFlags.aACompromise - | ReasonFlags.affiliationChanged | ReasonFlags.cACompromise - | ReasonFlags.certificateHold | ReasonFlags.cessationOfOperation - | ReasonFlags.keyCompromise | ReasonFlags.privilegeWithdrawn - | ReasonFlags.unused | ReasonFlags.superseded); - - /** - * Adds all reasons from the reasons mask to this mask. - * - * @param mask The reasons mask to add. - */ - void addReasons(ReasonsMask mask) - { - _reasons = _reasons | mask.getReasons(); - } - - /** - * Returns <code>true</code> if this reasons mask contains all possible - * reasons. - * - * @return <code>true</code> if this reasons mask contains all possible - * reasons. - */ - boolean isAllReasons() - { - return _reasons == allReasons._reasons ? true : false; - } - - /** - * Intersects this mask with the given reasons mask. - * - * @param mask The mask to intersect with. - * @return The intersection of this and teh given mask. - */ - ReasonsMask intersect(ReasonsMask mask) - { - ReasonsMask _mask = new ReasonsMask(); - _mask.addReasons(new ReasonsMask(_reasons & mask.getReasons())); - return _mask; - } - - /** - * Returns <code>true</code> if the passed reasons mask has new reasons. - * - * @param mask The reasons mask which should be tested for new reasons. - * @return <code>true</code> if the passed reasons mask has new reasons. - */ - boolean hasNewReasons(ReasonsMask mask) - { - return ((_reasons | mask.getReasons() ^ _reasons) != 0); - } - - /** - * Returns the reasons in this mask. - * - * @return Returns the reasons. - */ - int getReasons() - { - return _reasons; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/X509AttrCertParser.java b/prov/src/main/java/org/bouncycastle/jce/provider/X509AttrCertParser.java deleted file mode 100644 index 08f61c2b..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/X509AttrCertParser.java +++ /dev/null @@ -1,156 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.BufferedInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.util.ArrayList; -import java.util.Collection; -import java.util.List; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.SignedData; -import org.bouncycastle.x509.X509AttributeCertificate; -import org.bouncycastle.x509.X509StreamParserSpi; -import org.bouncycastle.x509.X509V2AttributeCertificate; -import org.bouncycastle.x509.util.StreamParsingException; - -public class X509AttrCertParser - extends X509StreamParserSpi -{ - private static final PEMUtil PEM_PARSER = new PEMUtil("ATTRIBUTE CERTIFICATE"); - - private ASN1Set sData = null; - private int sDataObjectCount = 0; - private InputStream currentStream = null; - - private X509AttributeCertificate readDERCertificate( - InputStream in) - throws IOException - { - ASN1InputStream dIn = new ASN1InputStream(in); - ASN1Sequence seq = (ASN1Sequence)dIn.readObject(); - - if (seq.size() > 1 - && seq.getObjectAt(0) instanceof ASN1ObjectIdentifier) - { - if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData)) - { - sData = new SignedData(ASN1Sequence.getInstance( - (ASN1TaggedObject)seq.getObjectAt(1), true)).getCertificates(); - - return getCertificate(); - } - } - - return new X509V2AttributeCertificate(seq.getEncoded()); - } - - private X509AttributeCertificate getCertificate() - throws IOException - { - if (sData != null) - { - while (sDataObjectCount < sData.size()) - { - Object obj = sData.getObjectAt(sDataObjectCount++); - - if (obj instanceof ASN1TaggedObject && ((ASN1TaggedObject)obj).getTagNo() == 2) - { - return new X509V2AttributeCertificate( - ASN1Sequence.getInstance((ASN1TaggedObject)obj, false).getEncoded()); - } - } - } - - return null; - } - - private X509AttributeCertificate readPEMCertificate( - InputStream in) - throws IOException - { - ASN1Sequence seq = PEM_PARSER.readPEMObject(in); - - if (seq != null) - { - return new X509V2AttributeCertificate(seq.getEncoded()); - } - - return null; - } - - public void engineInit(InputStream in) - { - currentStream = in; - sData = null; - sDataObjectCount = 0; - - if (!currentStream.markSupported()) - { - currentStream = new BufferedInputStream(currentStream); - } - } - - public Object engineRead() - throws StreamParsingException - { - try - { - if (sData != null) - { - if (sDataObjectCount != sData.size()) - { - return getCertificate(); - } - else - { - sData = null; - sDataObjectCount = 0; - return null; - } - } - - currentStream.mark(10); - int tag = currentStream.read(); - - if (tag == -1) - { - return null; - } - - if (tag != 0x30) // assume ascii PEM encoded. - { - currentStream.reset(); - return readPEMCertificate(currentStream); - } - else - { - currentStream.reset(); - return readDERCertificate(currentStream); - } - } - catch (Exception e) - { - throw new StreamParsingException(e.toString(), e); - } - } - - public Collection engineReadAll() - throws StreamParsingException - { - X509AttributeCertificate cert; - List certs = new ArrayList(); - - while ((cert = (X509AttributeCertificate)engineRead()) != null) - { - certs.add(cert); - } - - return certs; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/X509CRLEntryObject.java b/prov/src/main/java/org/bouncycastle/jce/provider/X509CRLEntryObject.java deleted file mode 100644 index 7e76a897..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/X509CRLEntryObject.java +++ /dev/null @@ -1,318 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.IOException; -import java.math.BigInteger; -import java.security.cert.CRLException; -import java.security.cert.X509CRLEntry; -import java.util.Date; -import java.util.Enumeration; -import java.util.HashSet; -import java.util.Set; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1Enumerated; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.util.ASN1Dump; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x509.CRLReason; -import org.bouncycastle.asn1.x509.Extension; -import org.bouncycastle.asn1.x509.Extensions; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.GeneralNames; -import org.bouncycastle.asn1.x509.TBSCertList; -import org.bouncycastle.asn1.x509.X509Extension; - -/** - * The following extensions are listed in RFC 2459 as relevant to CRL Entries - * - * ReasonCode Hode Instruction Code Invalidity Date Certificate Issuer - * (critical) - */ -public class X509CRLEntryObject extends X509CRLEntry -{ - private TBSCertList.CRLEntry c; - - private X500Name certificateIssuer; - private int hashValue; - private boolean isHashValueSet; - - public X509CRLEntryObject(TBSCertList.CRLEntry c) - { - this.c = c; - this.certificateIssuer = null; - } - - /** - * Constructor for CRLEntries of indirect CRLs. If <code>isIndirect</code> - * is <code>false</code> {@link #getCertificateIssuer()} will always - * return <code>null</code>, <code>previousCertificateIssuer</code> is - * ignored. If this <code>isIndirect</code> is specified and this CRLEntry - * has no certificate issuer CRL entry extension - * <code>previousCertificateIssuer</code> is returned by - * {@link #getCertificateIssuer()}. - * - * @param c - * TBSCertList.CRLEntry object. - * @param isIndirect - * <code>true</code> if the corresponding CRL is a indirect - * CRL. - * @param previousCertificateIssuer - * Certificate issuer of the previous CRLEntry. - */ - public X509CRLEntryObject( - TBSCertList.CRLEntry c, - boolean isIndirect, - X500Name previousCertificateIssuer) - { - this.c = c; - this.certificateIssuer = loadCertificateIssuer(isIndirect, previousCertificateIssuer); - } - - /** - * Will return true if any extensions are present and marked as critical as - * we currently don't handle any extensions! - */ - public boolean hasUnsupportedCriticalExtension() - { - Set extns = getCriticalExtensionOIDs(); - - return extns != null && !extns.isEmpty(); - } - - private X500Name loadCertificateIssuer(boolean isIndirect, X500Name previousCertificateIssuer) - { - if (!isIndirect) - { - return null; - } - - Extension ext = getExtension(Extension.certificateIssuer); - if (ext == null) - { - return previousCertificateIssuer; - } - - try - { - GeneralName[] names = GeneralNames.getInstance(ext.getParsedValue()).getNames(); - for (int i = 0; i < names.length; i++) - { - if (names[i].getTagNo() == GeneralName.directoryName) - { - return X500Name.getInstance(names[i].getName()); - } - } - return null; - } - catch (Exception e) - { - return null; - } - } - - public X500Principal getCertificateIssuer() - { - if (certificateIssuer == null) - { - return null; - } - try - { - return new X500Principal(certificateIssuer.getEncoded()); - } - catch (IOException e) - { - return null; - } - } - - private Set getExtensionOIDs(boolean critical) - { - Extensions extensions = c.getExtensions(); - - if (extensions != null) - { - Set set = new HashSet(); - Enumeration e = extensions.oids(); - - while (e.hasMoreElements()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement(); - Extension ext = extensions.getExtension(oid); - - if (critical == ext.isCritical()) - { - set.add(oid.getId()); - } - } - - return set; - } - - return null; - } - - public Set getCriticalExtensionOIDs() - { - return getExtensionOIDs(true); - } - - public Set getNonCriticalExtensionOIDs() - { - return getExtensionOIDs(false); - } - - private Extension getExtension(ASN1ObjectIdentifier oid) - { - Extensions exts = c.getExtensions(); - - if (exts != null) - { - return exts.getExtension(oid); - } - - return null; - } - - public byte[] getExtensionValue(String oid) - { - Extension ext = getExtension(new ASN1ObjectIdentifier(oid)); - - if (ext != null) - { - try - { - return ext.getExtnValue().getEncoded(); - } - catch (Exception e) - { - throw new RuntimeException("error encoding " + e.toString()); - } - } - - return null; - } - - /** - * Cache the hashCode value - calculating it with the standard method. - * @return calculated hashCode. - */ - public int hashCode() - { - if (!isHashValueSet) - { - hashValue = super.hashCode(); - isHashValueSet = true; - } - - return hashValue; - } - - public boolean equals(Object o) - { - if (o == this) - { - return true; - } - - if (o instanceof X509CRLEntryObject) - { - X509CRLEntryObject other = (X509CRLEntryObject)o; - - return this.c.equals(other.c); - } - - return super.equals(this); - } - - public byte[] getEncoded() - throws CRLException - { - try - { - return c.getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - throw new CRLException(e.toString()); - } - } - - public BigInteger getSerialNumber() - { - return c.getUserCertificate().getValue(); - } - - public Date getRevocationDate() - { - return c.getRevocationDate().getDate(); - } - - public boolean hasExtensions() - { - return c.getExtensions() != null; - } - - public String toString() - { - StringBuffer buf = new StringBuffer(); - String nl = System.getProperty("line.separator"); - - buf.append(" userCertificate: ").append(this.getSerialNumber()).append(nl); - buf.append(" revocationDate: ").append(this.getRevocationDate()).append(nl); - buf.append(" certificateIssuer: ").append(this.getCertificateIssuer()).append(nl); - - Extensions extensions = c.getExtensions(); - - if (extensions != null) - { - Enumeration e = extensions.oids(); - if (e.hasMoreElements()) - { - buf.append(" crlEntryExtensions:").append(nl); - - while (e.hasMoreElements()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); - Extension ext = extensions.getExtension(oid); - if (ext.getExtnValue() != null) - { - byte[] octs = ext.getExtnValue().getOctets(); - ASN1InputStream dIn = new ASN1InputStream(octs); - buf.append(" critical(").append(ext.isCritical()).append(") "); - try - { - if (oid.equals(X509Extension.reasonCode)) - { - buf.append(CRLReason.getInstance(ASN1Enumerated.getInstance(dIn.readObject()))).append(nl); - } - else if (oid.equals(X509Extension.certificateIssuer)) - { - buf.append("Certificate issuer: ").append(GeneralNames.getInstance(dIn.readObject())).append(nl); - } - else - { - buf.append(oid.getId()); - buf.append(" value = ").append(ASN1Dump.dumpAsString(dIn.readObject())).append(nl); - } - } - catch (Exception ex) - { - buf.append(oid.getId()); - buf.append(" value = ").append("*****").append(nl); - } - } - else - { - buf.append(nl); - } - } - } - } - - return buf.toString(); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/X509CRLObject.java b/prov/src/main/java/org/bouncycastle/jce/provider/X509CRLObject.java deleted file mode 100644 index b5b4f13a..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/X509CRLObject.java +++ /dev/null @@ -1,625 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.IOException; -import java.math.BigInteger; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.Principal; -import java.security.PublicKey; -import java.security.Signature; -import java.security.SignatureException; -import java.security.cert.CRLException; -import java.security.cert.Certificate; -import java.security.cert.CertificateEncodingException; -import java.security.cert.X509CRL; -import java.security.cert.X509CRLEntry; -import java.security.cert.X509Certificate; -import java.util.Collections; -import java.util.Date; -import java.util.Enumeration; -import java.util.HashSet; -import java.util.Iterator; -import java.util.Set; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.util.ASN1Dump; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x509.CRLDistPoint; -import org.bouncycastle.asn1.x509.CRLNumber; -import org.bouncycastle.asn1.x509.CertificateList; -import org.bouncycastle.asn1.x509.Extension; -import org.bouncycastle.asn1.x509.Extensions; -import org.bouncycastle.asn1.x509.GeneralNames; -import org.bouncycastle.asn1.x509.IssuingDistributionPoint; -import org.bouncycastle.asn1.x509.TBSCertList; -import org.bouncycastle.jce.X509Principal; -import org.bouncycastle.util.encoders.Hex; - -/** - * The following extensions are listed in RFC 2459 as relevant to CRLs - * - * Authority Key Identifier - * Issuer Alternative Name - * CRL Number - * Delta CRL Indicator (critical) - * Issuing Distribution Point (critical) - */ -public class X509CRLObject - extends X509CRL -{ - private CertificateList c; - private String sigAlgName; - private byte[] sigAlgParams; - private boolean isIndirect; - private boolean isHashCodeSet = false; - private int hashCodeValue; - - static boolean isIndirectCRL(X509CRL crl) - throws CRLException - { - try - { - byte[] idp = crl.getExtensionValue(Extension.issuingDistributionPoint.getId()); - return idp != null - && IssuingDistributionPoint.getInstance(ASN1OctetString.getInstance(idp).getOctets()).isIndirectCRL(); - } - catch (Exception e) - { - throw new ExtCRLException( - "Exception reading IssuingDistributionPoint", e); - } - } - - public X509CRLObject( - CertificateList c) - throws CRLException - { - this.c = c; - - try - { - this.sigAlgName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm()); - - if (c.getSignatureAlgorithm().getParameters() != null) - { - this.sigAlgParams = ((ASN1Encodable)c.getSignatureAlgorithm().getParameters()).toASN1Primitive().getEncoded(ASN1Encoding.DER); - } - else - { - this.sigAlgParams = null; - } - - this.isIndirect = isIndirectCRL(this); - } - catch (Exception e) - { - throw new CRLException("CRL contents invalid: " + e); - } - } - - /** - * Will return true if any extensions are present and marked - * as critical as we currently dont handle any extensions! - */ - public boolean hasUnsupportedCriticalExtension() - { - Set extns = getCriticalExtensionOIDs(); - - if (extns == null) - { - return false; - } - - extns.remove(RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT); - extns.remove(RFC3280CertPathUtilities.DELTA_CRL_INDICATOR); - - return !extns.isEmpty(); - } - - private Set getExtensionOIDs(boolean critical) - { - if (this.getVersion() == 2) - { - Extensions extensions = c.getTBSCertList().getExtensions(); - - if (extensions != null) - { - Set set = new HashSet(); - Enumeration e = extensions.oids(); - - while (e.hasMoreElements()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); - Extension ext = extensions.getExtension(oid); - - if (critical == ext.isCritical()) - { - set.add(oid.getId()); - } - } - - return set; - } - } - - return null; - } - - public Set getCriticalExtensionOIDs() - { - return getExtensionOIDs(true); - } - - public Set getNonCriticalExtensionOIDs() - { - return getExtensionOIDs(false); - } - - public byte[] getExtensionValue(String oid) - { - Extensions exts = c.getTBSCertList().getExtensions(); - - if (exts != null) - { - Extension ext = exts.getExtension(new ASN1ObjectIdentifier(oid)); - - if (ext != null) - { - try - { - return ext.getExtnValue().getEncoded(); - } - catch (Exception e) - { - throw new IllegalStateException("error parsing " + e.toString()); - } - } - } - - return null; - } - - public byte[] getEncoded() - throws CRLException - { - try - { - return c.getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - throw new CRLException(e.toString()); - } - } - - public void verify(PublicKey key) - throws CRLException, NoSuchAlgorithmException, - InvalidKeyException, NoSuchProviderException, SignatureException - { - verify(key, BouncyCastleProvider.PROVIDER_NAME); - } - - public void verify(PublicKey key, String sigProvider) - throws CRLException, NoSuchAlgorithmException, - InvalidKeyException, NoSuchProviderException, SignatureException - { - if (!c.getSignatureAlgorithm().equals(c.getTBSCertList().getSignature())) - { - throw new CRLException("Signature algorithm on CertificateList does not match TBSCertList."); - } - - Signature sig; - - if (sigProvider != null) - { - sig = Signature.getInstance(getSigAlgName(), sigProvider); - } - else - { - sig = Signature.getInstance(getSigAlgName()); - } - - sig.initVerify(key); - sig.update(this.getTBSCertList()); - - if (!sig.verify(this.getSignature())) - { - throw new SignatureException("CRL does not verify with supplied public key."); - } - } - - public int getVersion() - { - return c.getVersionNumber(); - } - - public Principal getIssuerDN() - { - return new X509Principal(X500Name.getInstance(c.getIssuer().toASN1Primitive())); - } - - public X500Principal getIssuerX500Principal() - { - try - { - return new X500Principal(c.getIssuer().getEncoded()); - } - catch (IOException e) - { - throw new IllegalStateException("can't encode issuer DN"); - } - } - - public Date getThisUpdate() - { - return c.getThisUpdate().getDate(); - } - - public Date getNextUpdate() - { - if (c.getNextUpdate() != null) - { - return c.getNextUpdate().getDate(); - } - - return null; - } - - private Set loadCRLEntries() - { - Set entrySet = new HashSet(); - Enumeration certs = c.getRevokedCertificateEnumeration(); - - X500Name previousCertificateIssuer = null; // the issuer - while (certs.hasMoreElements()) - { - TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry)certs.nextElement(); - X509CRLEntryObject crlEntry = new X509CRLEntryObject(entry, isIndirect, previousCertificateIssuer); - entrySet.add(crlEntry); - if (isIndirect && entry.hasExtensions()) - { - Extension currentCaName = entry.getExtensions().getExtension(Extension.certificateIssuer); - - if (currentCaName != null) - { - previousCertificateIssuer = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName()); - } - } - } - - return entrySet; - } - - public X509CRLEntry getRevokedCertificate(BigInteger serialNumber) - { - Enumeration certs = c.getRevokedCertificateEnumeration(); - - X500Name previousCertificateIssuer = null; // the issuer - while (certs.hasMoreElements()) - { - TBSCertList.CRLEntry entry = (TBSCertList.CRLEntry)certs.nextElement(); - - if (serialNumber.equals(entry.getUserCertificate().getValue())) - { - return new X509CRLEntryObject(entry, isIndirect, previousCertificateIssuer); - } - - if (isIndirect && entry.hasExtensions()) - { - Extension currentCaName = entry.getExtensions().getExtension(Extension.certificateIssuer); - - if (currentCaName != null) - { - previousCertificateIssuer = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName()); - } - } - } - - return null; - } - - public Set getRevokedCertificates() - { - Set entrySet = loadCRLEntries(); - - if (!entrySet.isEmpty()) - { - return Collections.unmodifiableSet(entrySet); - } - - return null; - } - - public byte[] getTBSCertList() - throws CRLException - { - try - { - return c.getTBSCertList().getEncoded("DER"); - } - catch (IOException e) - { - throw new CRLException(e.toString()); - } - } - - public byte[] getSignature() - { - return c.getSignature().getBytes(); - } - - public String getSigAlgName() - { - return sigAlgName; - } - - public String getSigAlgOID() - { - return c.getSignatureAlgorithm().getAlgorithm().getId(); - } - - public byte[] getSigAlgParams() - { - if (sigAlgParams != null) - { - byte[] tmp = new byte[sigAlgParams.length]; - - System.arraycopy(sigAlgParams, 0, tmp, 0, tmp.length); - - return tmp; - } - - return null; - } - - /** - * Returns a string representation of this CRL. - * - * @return a string representation of this CRL. - */ - public String toString() - { - StringBuffer buf = new StringBuffer(); - String nl = System.getProperty("line.separator"); - - buf.append(" Version: ").append(this.getVersion()).append( - nl); - buf.append(" IssuerDN: ").append(this.getIssuerDN()) - .append(nl); - buf.append(" This update: ").append(this.getThisUpdate()) - .append(nl); - buf.append(" Next update: ").append(this.getNextUpdate()) - .append(nl); - buf.append(" Signature Algorithm: ").append(this.getSigAlgName()) - .append(nl); - - byte[] sig = this.getSignature(); - - buf.append(" Signature: ").append( - new String(Hex.encode(sig, 0, 20))).append(nl); - for (int i = 20; i < sig.length; i += 20) - { - if (i < sig.length - 20) - { - buf.append(" ").append( - new String(Hex.encode(sig, i, 20))).append(nl); - } - else - { - buf.append(" ").append( - new String(Hex.encode(sig, i, sig.length - i))).append(nl); - } - } - - Extensions extensions = c.getTBSCertList().getExtensions(); - - if (extensions != null) - { - Enumeration e = extensions.oids(); - - if (e.hasMoreElements()) - { - buf.append(" Extensions: ").append(nl); - } - - while (e.hasMoreElements()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement(); - Extension ext = extensions.getExtension(oid); - - if (ext.getExtnValue() != null) - { - byte[] octs = ext.getExtnValue().getOctets(); - ASN1InputStream dIn = new ASN1InputStream(octs); - buf.append(" critical(").append( - ext.isCritical()).append(") "); - try - { - if (oid.equals(Extension.cRLNumber)) - { - buf.append( - new CRLNumber(ASN1Integer.getInstance( - dIn.readObject()).getPositiveValue())) - .append(nl); - } - else if (oid.equals(Extension.deltaCRLIndicator)) - { - buf.append( - "Base CRL: " - + new CRLNumber(ASN1Integer.getInstance( - dIn.readObject()).getPositiveValue())) - .append(nl); - } - else if (oid - .equals(Extension.issuingDistributionPoint)) - { - buf.append( - IssuingDistributionPoint.getInstance(dIn.readObject())).append(nl); - } - else if (oid - .equals(Extension.cRLDistributionPoints)) - { - buf.append( - CRLDistPoint.getInstance(dIn.readObject())).append(nl); - } - else if (oid.equals(Extension.freshestCRL)) - { - buf.append( - CRLDistPoint.getInstance(dIn.readObject())).append(nl); - } - else - { - buf.append(oid.getId()); - buf.append(" value = ").append( - ASN1Dump.dumpAsString(dIn.readObject())) - .append(nl); - } - } - catch (Exception ex) - { - buf.append(oid.getId()); - buf.append(" value = ").append("*****").append(nl); - } - } - else - { - buf.append(nl); - } - } - } - Set set = getRevokedCertificates(); - if (set != null) - { - Iterator it = set.iterator(); - while (it.hasNext()) - { - buf.append(it.next()); - buf.append(nl); - } - } - return buf.toString(); - } - - /** - * Checks whether the given certificate is on this CRL. - * - * @param cert the certificate to check for. - * @return true if the given certificate is on this CRL, - * false otherwise. - */ - public boolean isRevoked(Certificate cert) - { - if (!cert.getType().equals("X.509")) - { - throw new RuntimeException("X.509 CRL used with non X.509 Cert"); - } - - Enumeration certs = c.getRevokedCertificateEnumeration(); - - X500Name caName = c.getIssuer(); - - if (certs != null) - { - BigInteger serial = ((X509Certificate)cert).getSerialNumber(); - - while (certs.hasMoreElements()) - { - TBSCertList.CRLEntry entry = TBSCertList.CRLEntry.getInstance(certs.nextElement()); - - if (isIndirect && entry.hasExtensions()) - { - Extension currentCaName = entry.getExtensions().getExtension(Extension.certificateIssuer); - - if (currentCaName != null) - { - caName = X500Name.getInstance(GeneralNames.getInstance(currentCaName.getParsedValue()).getNames()[0].getName()); - } - } - - if (entry.getUserCertificate().getValue().equals(serial)) - { - X500Name issuer; - - if (cert instanceof X509Certificate) - { - issuer = X500Name.getInstance(((X509Certificate)cert).getIssuerX500Principal().getEncoded()); - } - else - { - try - { - issuer = org.bouncycastle.asn1.x509.Certificate.getInstance(cert.getEncoded()).getIssuer(); - } - catch (CertificateEncodingException e) - { - throw new RuntimeException("Cannot process certificate"); - } - } - - if (!caName.equals(issuer)) - { - return false; - } - - return true; - } - } - } - - return false; - } - - public boolean equals(Object other) - { - if (this == other) - { - return true; - } - - if (!(other instanceof X509CRL)) - { - return false; - } - - if (other instanceof X509CRLObject) - { - X509CRLObject crlObject = (X509CRLObject)other; - - if (isHashCodeSet) - { - boolean otherIsHashCodeSet = crlObject.isHashCodeSet; - if (otherIsHashCodeSet) - { - if (crlObject.hashCodeValue != hashCodeValue) - { - return false; - } - } - } - - return this.c.equals(crlObject.c); - } - - return super.equals(other); - } - - public int hashCode() - { - if (!isHashCodeSet) - { - isHashCodeSet = true; - hashCodeValue = super.hashCode(); - } - - return hashCodeValue; - } -} - diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/X509CRLParser.java b/prov/src/main/java/org/bouncycastle/jce/provider/X509CRLParser.java deleted file mode 100644 index 0d1eca72..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/X509CRLParser.java +++ /dev/null @@ -1,150 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.BufferedInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.security.cert.CRL; -import java.security.cert.CRLException; -import java.util.ArrayList; -import java.util.Collection; -import java.util.List; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.SignedData; -import org.bouncycastle.asn1.x509.CertificateList; -import org.bouncycastle.x509.X509StreamParserSpi; -import org.bouncycastle.x509.util.StreamParsingException; - -public class X509CRLParser - extends X509StreamParserSpi -{ - private static final PEMUtil PEM_PARSER = new PEMUtil("CRL"); - - private ASN1Set sData = null; - private int sDataObjectCount = 0; - private InputStream currentStream = null; - - private CRL readDERCRL( - InputStream in) - throws IOException, CRLException - { - ASN1InputStream dIn = new ASN1InputStream(in); - ASN1Sequence seq = (ASN1Sequence)dIn.readObject(); - - if (seq.size() > 1 - && seq.getObjectAt(0) instanceof ASN1ObjectIdentifier) - { - if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData)) - { - sData = new SignedData(ASN1Sequence.getInstance( - (ASN1TaggedObject)seq.getObjectAt(1), true)).getCRLs(); - - return getCRL(); - } - } - - return new X509CRLObject(CertificateList.getInstance(seq)); - } - - private CRL getCRL() - throws CRLException - { - if (sData == null || sDataObjectCount >= sData.size()) - { - return null; - } - - return new X509CRLObject( - CertificateList.getInstance( - sData.getObjectAt(sDataObjectCount++))); - } - - private CRL readPEMCRL( - InputStream in) - throws IOException, CRLException - { - ASN1Sequence seq = PEM_PARSER.readPEMObject(in); - - if (seq != null) - { - return new X509CRLObject(CertificateList.getInstance(seq)); - } - - return null; - } - - public void engineInit(InputStream in) - { - currentStream = in; - sData = null; - sDataObjectCount = 0; - - if (!currentStream.markSupported()) - { - currentStream = new BufferedInputStream(currentStream); - } - } - - public Object engineRead() - throws StreamParsingException - { - try - { - if (sData != null) - { - if (sDataObjectCount != sData.size()) - { - return getCRL(); - } - else - { - sData = null; - sDataObjectCount = 0; - return null; - } - } - - currentStream.mark(10); - int tag = currentStream.read(); - - if (tag == -1) - { - return null; - } - - if (tag != 0x30) // assume ascii PEM encoded. - { - currentStream.reset(); - return readPEMCRL(currentStream); - } - else - { - currentStream.reset(); - return readDERCRL(currentStream); - } - } - catch (Exception e) - { - throw new StreamParsingException(e.toString(), e); - } - } - - public Collection engineReadAll() - throws StreamParsingException - { - CRL crl; - List certs = new ArrayList(); - - while ((crl = (CRL)engineRead()) != null) - { - certs.add(crl); - } - - return certs; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/X509CertPairParser.java b/prov/src/main/java/org/bouncycastle/jce/provider/X509CertPairParser.java deleted file mode 100644 index 41d64480..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/X509CertPairParser.java +++ /dev/null @@ -1,77 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.BufferedInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.security.cert.CertificateParsingException; -import java.util.ArrayList; -import java.util.Collection; -import java.util.List; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.x509.CertificatePair; -import org.bouncycastle.x509.X509CertificatePair; -import org.bouncycastle.x509.X509StreamParserSpi; -import org.bouncycastle.x509.util.StreamParsingException; - -public class X509CertPairParser - extends X509StreamParserSpi -{ - private InputStream currentStream = null; - - private X509CertificatePair readDERCrossCertificatePair( - InputStream in) - throws IOException, CertificateParsingException - { - ASN1InputStream dIn = new ASN1InputStream(in); - ASN1Sequence seq = (ASN1Sequence)dIn.readObject(); - CertificatePair pair = CertificatePair.getInstance(seq); - return new X509CertificatePair(pair); - } - - public void engineInit(InputStream in) - { - currentStream = in; - - if (!currentStream.markSupported()) - { - currentStream = new BufferedInputStream(currentStream); - } - } - - public Object engineRead() throws StreamParsingException - { - try - { - - currentStream.mark(10); - int tag = currentStream.read(); - - if (tag == -1) - { - return null; - } - - currentStream.reset(); - return readDERCrossCertificatePair(currentStream); - } - catch (Exception e) - { - throw new StreamParsingException(e.toString(), e); - } - } - - public Collection engineReadAll() throws StreamParsingException - { - X509CertificatePair pair; - List certs = new ArrayList(); - - while ((pair = (X509CertificatePair)engineRead()) != null) - { - certs.add(pair); - } - - return certs; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/X509CertParser.java b/prov/src/main/java/org/bouncycastle/jce/provider/X509CertParser.java deleted file mode 100644 index 0663735b..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/X509CertParser.java +++ /dev/null @@ -1,158 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.BufferedInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.security.cert.Certificate; -import java.security.cert.CertificateParsingException; -import java.util.ArrayList; -import java.util.Collection; -import java.util.List; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.SignedData; -import org.bouncycastle.x509.X509StreamParserSpi; -import org.bouncycastle.x509.util.StreamParsingException; - -public class X509CertParser - extends X509StreamParserSpi -{ - private static final PEMUtil PEM_PARSER = new PEMUtil("CERTIFICATE"); - - private ASN1Set sData = null; - private int sDataObjectCount = 0; - private InputStream currentStream = null; - - private Certificate readDERCertificate( - InputStream in) - throws IOException, CertificateParsingException - { - ASN1InputStream dIn = new ASN1InputStream(in); - ASN1Sequence seq = (ASN1Sequence)dIn.readObject(); - - if (seq.size() > 1 - && seq.getObjectAt(0) instanceof ASN1ObjectIdentifier) - { - if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData)) - { - sData = new SignedData(ASN1Sequence.getInstance( - (ASN1TaggedObject)seq.getObjectAt(1), true)).getCertificates(); - - return getCertificate(); - } - } - - return new X509CertificateObject( - org.bouncycastle.asn1.x509.Certificate.getInstance(seq)); - } - - private Certificate getCertificate() - throws CertificateParsingException - { - if (sData != null) - { - while (sDataObjectCount < sData.size()) - { - Object obj = sData.getObjectAt(sDataObjectCount++); - - if (obj instanceof ASN1Sequence) - { - return new X509CertificateObject( - org.bouncycastle.asn1.x509.Certificate.getInstance(obj)); - } - } - } - - return null; - } - - private Certificate readPEMCertificate( - InputStream in) - throws IOException, CertificateParsingException - { - ASN1Sequence seq = PEM_PARSER.readPEMObject(in); - - if (seq != null) - { - return new X509CertificateObject( - org.bouncycastle.asn1.x509.Certificate.getInstance(seq)); - } - - return null; - } - - public void engineInit(InputStream in) - { - currentStream = in; - sData = null; - sDataObjectCount = 0; - - if (!currentStream.markSupported()) - { - currentStream = new BufferedInputStream(currentStream); - } - } - - public Object engineRead() - throws StreamParsingException - { - try - { - if (sData != null) - { - if (sDataObjectCount != sData.size()) - { - return getCertificate(); - } - else - { - sData = null; - sDataObjectCount = 0; - return null; - } - } - - currentStream.mark(10); - int tag = currentStream.read(); - - if (tag == -1) - { - return null; - } - - if (tag != 0x30) // assume ascii PEM encoded. - { - currentStream.reset(); - return readPEMCertificate(currentStream); - } - else - { - currentStream.reset(); - return readDERCertificate(currentStream); - } - } - catch (Exception e) - { - throw new StreamParsingException(e.toString(), e); - } - } - - public Collection engineReadAll() - throws StreamParsingException - { - Certificate cert; - List certs = new ArrayList(); - - while ((cert = (Certificate)engineRead()) != null) - { - certs.add(cert); - } - - return certs; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java b/prov/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java deleted file mode 100644 index 97ff6f98..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java +++ /dev/null @@ -1,901 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.math.BigInteger; -import java.net.InetAddress; -import java.net.UnknownHostException; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.Principal; -import java.security.Provider; -import java.security.PublicKey; -import java.security.Security; -import java.security.Signature; -import java.security.SignatureException; -import java.security.cert.Certificate; -import java.security.cert.CertificateEncodingException; -import java.security.cert.CertificateException; -import java.security.cert.CertificateExpiredException; -import java.security.cert.CertificateNotYetValidException; -import java.security.cert.CertificateParsingException; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Collections; -import java.util.Date; -import java.util.Enumeration; -import java.util.HashSet; -import java.util.List; -import java.util.Set; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OutputStream; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1String; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.misc.MiscObjectIdentifiers; -import org.bouncycastle.asn1.misc.NetscapeCertType; -import org.bouncycastle.asn1.misc.NetscapeRevocationURL; -import org.bouncycastle.asn1.misc.VerisignCzagExtension; -import org.bouncycastle.asn1.util.ASN1Dump; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x500.style.RFC4519Style; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.BasicConstraints; -import org.bouncycastle.asn1.x509.Extension; -import org.bouncycastle.asn1.x509.Extensions; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.KeyUsage; -import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl; -import org.bouncycastle.jce.X509Principal; -import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; -import org.bouncycastle.util.Arrays; -import org.bouncycastle.util.Integers; -import org.bouncycastle.util.encoders.Hex; - -public class X509CertificateObject - extends X509Certificate - implements PKCS12BagAttributeCarrier -{ - private org.bouncycastle.asn1.x509.Certificate c; - private BasicConstraints basicConstraints; - private boolean[] keyUsage; - private boolean hashValueSet; - private int hashValue; - - private PKCS12BagAttributeCarrier attrCarrier = new PKCS12BagAttributeCarrierImpl(); - - public X509CertificateObject( - org.bouncycastle.asn1.x509.Certificate c) - throws CertificateParsingException - { - this.c = c; - - try - { - byte[] bytes = this.getExtensionBytes("2.5.29.19"); - - if (bytes != null) - { - basicConstraints = BasicConstraints.getInstance(ASN1Primitive.fromByteArray(bytes)); - } - } - catch (Exception e) - { - throw new CertificateParsingException("cannot construct BasicConstraints: " + e); - } - - try - { - byte[] bytes = this.getExtensionBytes("2.5.29.15"); - if (bytes != null) - { - DERBitString bits = DERBitString.getInstance(ASN1Primitive.fromByteArray(bytes)); - - bytes = bits.getBytes(); - int length = (bytes.length * 8) - bits.getPadBits(); - - keyUsage = new boolean[(length < 9) ? 9 : length]; - - for (int i = 0; i != length; i++) - { - keyUsage[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0; - } - } - else - { - keyUsage = null; - } - } - catch (Exception e) - { - throw new CertificateParsingException("cannot construct KeyUsage: " + e); - } - } - - public void checkValidity() - throws CertificateExpiredException, CertificateNotYetValidException - { - this.checkValidity(new Date()); - } - - public void checkValidity( - Date date) - throws CertificateExpiredException, CertificateNotYetValidException - { - if (date.getTime() > this.getNotAfter().getTime()) // for other VM compatibility - { - throw new CertificateExpiredException("certificate expired on " + c.getEndDate().getTime()); - } - - if (date.getTime() < this.getNotBefore().getTime()) - { - throw new CertificateNotYetValidException("certificate not valid till " + c.getStartDate().getTime()); - } - } - - public int getVersion() - { - return c.getVersionNumber(); - } - - public BigInteger getSerialNumber() - { - return c.getSerialNumber().getValue(); - } - - public Principal getIssuerDN() - { - try - { - return new X509Principal(X500Name.getInstance(c.getIssuer().getEncoded())); - } - catch (IOException e) - { - return null; - } - } - - public X500Principal getIssuerX500Principal() - { - try - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - ASN1OutputStream aOut = new ASN1OutputStream(bOut); - - aOut.writeObject(c.getIssuer()); - - return new X500Principal(bOut.toByteArray()); - } - catch (IOException e) - { - throw new IllegalStateException("can't encode issuer DN"); - } - } - - public Principal getSubjectDN() - { - return new X509Principal(X500Name.getInstance(c.getSubject().toASN1Primitive())); - } - - public X500Principal getSubjectX500Principal() - { - try - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - ASN1OutputStream aOut = new ASN1OutputStream(bOut); - - aOut.writeObject(c.getSubject()); - - return new X500Principal(bOut.toByteArray()); - } - catch (IOException e) - { - throw new IllegalStateException("can't encode issuer DN"); - } - } - - public Date getNotBefore() - { - return c.getStartDate().getDate(); - } - - public Date getNotAfter() - { - return c.getEndDate().getDate(); - } - - public byte[] getTBSCertificate() - throws CertificateEncodingException - { - try - { - return c.getTBSCertificate().getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - throw new CertificateEncodingException(e.toString()); - } - } - - public byte[] getSignature() - { - return c.getSignature().getBytes(); - } - - /** - * return a more "meaningful" representation for the signature algorithm used in - * the certficate. - */ - public String getSigAlgName() - { - Provider prov = Security.getProvider(BouncyCastleProvider.PROVIDER_NAME); - - if (prov != null) - { - String algName = prov.getProperty("Alg.Alias.Signature." + this.getSigAlgOID()); - - if (algName != null) - { - return algName; - } - } - - Provider[] provs = Security.getProviders(); - - // - // search every provider looking for a real algorithm - // - for (int i = 0; i != provs.length; i++) - { - String algName = provs[i].getProperty("Alg.Alias.Signature." + this.getSigAlgOID()); - if (algName != null) - { - return algName; - } - } - - return this.getSigAlgOID(); - } - - /** - * return the object identifier for the signature. - */ - public String getSigAlgOID() - { - return c.getSignatureAlgorithm().getAlgorithm().getId(); - } - - /** - * return the signature parameters, or null if there aren't any. - */ - public byte[] getSigAlgParams() - { - if (c.getSignatureAlgorithm().getParameters() != null) - { - try - { - return c.getSignatureAlgorithm().getParameters().toASN1Primitive().getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - return null; - } - } - else - { - return null; - } - } - - public boolean[] getIssuerUniqueID() - { - DERBitString id = c.getTBSCertificate().getIssuerUniqueId(); - - if (id != null) - { - byte[] bytes = id.getBytes(); - boolean[] boolId = new boolean[bytes.length * 8 - id.getPadBits()]; - - for (int i = 0; i != boolId.length; i++) - { - boolId[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0; - } - - return boolId; - } - - return null; - } - - public boolean[] getSubjectUniqueID() - { - DERBitString id = c.getTBSCertificate().getSubjectUniqueId(); - - if (id != null) - { - byte[] bytes = id.getBytes(); - boolean[] boolId = new boolean[bytes.length * 8 - id.getPadBits()]; - - for (int i = 0; i != boolId.length; i++) - { - boolId[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0; - } - - return boolId; - } - - return null; - } - - public boolean[] getKeyUsage() - { - return keyUsage; - } - - public List getExtendedKeyUsage() - throws CertificateParsingException - { - byte[] bytes = this.getExtensionBytes("2.5.29.37"); - - if (bytes != null) - { - try - { - ASN1InputStream dIn = new ASN1InputStream(bytes); - ASN1Sequence seq = (ASN1Sequence)dIn.readObject(); - List list = new ArrayList(); - - for (int i = 0; i != seq.size(); i++) - { - list.add(((ASN1ObjectIdentifier)seq.getObjectAt(i)).getId()); - } - - return Collections.unmodifiableList(list); - } - catch (Exception e) - { - throw new CertificateParsingException("error processing extended key usage extension"); - } - } - - return null; - } - - public int getBasicConstraints() - { - if (basicConstraints != null) - { - if (basicConstraints.isCA()) - { - if (basicConstraints.getPathLenConstraint() == null) - { - return Integer.MAX_VALUE; - } - else - { - return basicConstraints.getPathLenConstraint().intValue(); - } - } - else - { - return -1; - } - } - - return -1; - } - - public Collection getSubjectAlternativeNames() - throws CertificateParsingException - { - return getAlternativeNames(getExtensionBytes(Extension.subjectAlternativeName.getId())); - } - - public Collection getIssuerAlternativeNames() - throws CertificateParsingException - { - return getAlternativeNames(getExtensionBytes(Extension.issuerAlternativeName.getId())); - } - - public Set getCriticalExtensionOIDs() - { - if (this.getVersion() == 3) - { - Set set = new HashSet(); - Extensions extensions = c.getTBSCertificate().getExtensions(); - - if (extensions != null) - { - Enumeration e = extensions.oids(); - - while (e.hasMoreElements()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); - Extension ext = extensions.getExtension(oid); - - if (ext.isCritical()) - { - set.add(oid.getId()); - } - } - - return set; - } - } - - return null; - } - - private byte[] getExtensionBytes(String oid) - { - Extensions exts = c.getTBSCertificate().getExtensions(); - - if (exts != null) - { - Extension ext = exts.getExtension(new ASN1ObjectIdentifier(oid)); - if (ext != null) - { - return ext.getExtnValue().getOctets(); - } - } - - return null; - } - - public byte[] getExtensionValue(String oid) - { - Extensions exts = c.getTBSCertificate().getExtensions(); - - if (exts != null) - { - Extension ext = exts.getExtension(new ASN1ObjectIdentifier(oid)); - - if (ext != null) - { - try - { - return ext.getExtnValue().getEncoded(); - } - catch (Exception e) - { - throw new IllegalStateException("error parsing " + e.toString()); - } - } - } - - return null; - } - - public Set getNonCriticalExtensionOIDs() - { - if (this.getVersion() == 3) - { - Set set = new HashSet(); - Extensions extensions = c.getTBSCertificate().getExtensions(); - - if (extensions != null) - { - Enumeration e = extensions.oids(); - - while (e.hasMoreElements()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); - Extension ext = extensions.getExtension(oid); - - if (!ext.isCritical()) - { - set.add(oid.getId()); - } - } - - return set; - } - } - - return null; - } - - public boolean hasUnsupportedCriticalExtension() - { - if (this.getVersion() == 3) - { - Extensions extensions = c.getTBSCertificate().getExtensions(); - - if (extensions != null) - { - Enumeration e = extensions.oids(); - - while (e.hasMoreElements()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); - String oidId = oid.getId(); - - if (oidId.equals(RFC3280CertPathUtilities.KEY_USAGE) - || oidId.equals(RFC3280CertPathUtilities.CERTIFICATE_POLICIES) - || oidId.equals(RFC3280CertPathUtilities.POLICY_MAPPINGS) - || oidId.equals(RFC3280CertPathUtilities.INHIBIT_ANY_POLICY) - || oidId.equals(RFC3280CertPathUtilities.CRL_DISTRIBUTION_POINTS) - || oidId.equals(RFC3280CertPathUtilities.ISSUING_DISTRIBUTION_POINT) - || oidId.equals(RFC3280CertPathUtilities.DELTA_CRL_INDICATOR) - || oidId.equals(RFC3280CertPathUtilities.POLICY_CONSTRAINTS) - || oidId.equals(RFC3280CertPathUtilities.BASIC_CONSTRAINTS) - || oidId.equals(RFC3280CertPathUtilities.SUBJECT_ALTERNATIVE_NAME) - || oidId.equals(RFC3280CertPathUtilities.NAME_CONSTRAINTS)) - { - continue; - } - - Extension ext = extensions.getExtension(oid); - - if (ext.isCritical()) - { - return true; - } - } - } - } - - return false; - } - - public PublicKey getPublicKey() - { - try - { - return BouncyCastleProvider.getPublicKey(c.getSubjectPublicKeyInfo()); - } - catch (IOException e) - { - return null; // should never happen... - } - } - - public byte[] getEncoded() - throws CertificateEncodingException - { - try - { - return c.getEncoded(ASN1Encoding.DER); - } - catch (IOException e) - { - throw new CertificateEncodingException(e.toString()); - } - } - - public boolean equals( - Object o) - { - if (o == this) - { - return true; - } - - if (!(o instanceof Certificate)) - { - return false; - } - - Certificate other = (Certificate)o; - - try - { - byte[] b1 = this.getEncoded(); - byte[] b2 = other.getEncoded(); - - return Arrays.areEqual(b1, b2); - } - catch (CertificateEncodingException e) - { - return false; - } - } - - public synchronized int hashCode() - { - if (!hashValueSet) - { - hashValue = calculateHashCode(); - hashValueSet = true; - } - - return hashValue; - } - - private int calculateHashCode() - { - try - { - int hashCode = 0; - byte[] certData = this.getEncoded(); - for (int i = 1; i < certData.length; i++) - { - hashCode += certData[i] * i; - } - return hashCode; - } - catch (CertificateEncodingException e) - { - return 0; - } - } - - public void setBagAttribute( - ASN1ObjectIdentifier oid, - ASN1Encodable attribute) - { - attrCarrier.setBagAttribute(oid, attribute); - } - - public ASN1Encodable getBagAttribute( - ASN1ObjectIdentifier oid) - { - return attrCarrier.getBagAttribute(oid); - } - - public Enumeration getBagAttributeKeys() - { - return attrCarrier.getBagAttributeKeys(); - } - - public String toString() - { - StringBuffer buf = new StringBuffer(); - String nl = System.getProperty("line.separator"); - - buf.append(" [0] Version: ").append(this.getVersion()).append(nl); - buf.append(" SerialNumber: ").append(this.getSerialNumber()).append(nl); - buf.append(" IssuerDN: ").append(this.getIssuerDN()).append(nl); - buf.append(" Start Date: ").append(this.getNotBefore()).append(nl); - buf.append(" Final Date: ").append(this.getNotAfter()).append(nl); - buf.append(" SubjectDN: ").append(this.getSubjectDN()).append(nl); - buf.append(" Public Key: ").append(this.getPublicKey()).append(nl); - buf.append(" Signature Algorithm: ").append(this.getSigAlgName()).append(nl); - - byte[] sig = this.getSignature(); - - buf.append(" Signature: ").append(new String(Hex.encode(sig, 0, 20))).append(nl); - for (int i = 20; i < sig.length; i += 20) - { - if (i < sig.length - 20) - { - buf.append(" ").append(new String(Hex.encode(sig, i, 20))).append(nl); - } - else - { - buf.append(" ").append(new String(Hex.encode(sig, i, sig.length - i))).append(nl); - } - } - - Extensions extensions = c.getTBSCertificate().getExtensions(); - - if (extensions != null) - { - Enumeration e = extensions.oids(); - - if (e.hasMoreElements()) - { - buf.append(" Extensions: \n"); - } - - while (e.hasMoreElements()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); - Extension ext = extensions.getExtension(oid); - - if (ext.getExtnValue() != null) - { - byte[] octs = ext.getExtnValue().getOctets(); - ASN1InputStream dIn = new ASN1InputStream(octs); - buf.append(" critical(").append(ext.isCritical()).append(") "); - try - { - if (oid.equals(Extension.basicConstraints)) - { - buf.append(BasicConstraints.getInstance(dIn.readObject())).append(nl); - } - else if (oid.equals(Extension.keyUsage)) - { - buf.append(KeyUsage.getInstance(dIn.readObject())).append(nl); - } - else if (oid.equals(MiscObjectIdentifiers.netscapeCertType)) - { - buf.append(new NetscapeCertType((DERBitString)dIn.readObject())).append(nl); - } - else if (oid.equals(MiscObjectIdentifiers.netscapeRevocationURL)) - { - buf.append(new NetscapeRevocationURL((DERIA5String)dIn.readObject())).append(nl); - } - else if (oid.equals(MiscObjectIdentifiers.verisignCzagExtension)) - { - buf.append(new VerisignCzagExtension((DERIA5String)dIn.readObject())).append(nl); - } - else - { - buf.append(oid.getId()); - buf.append(" value = ").append(ASN1Dump.dumpAsString(dIn.readObject())).append(nl); - //buf.append(" value = ").append("*****").append(nl); - } - } - catch (Exception ex) - { - buf.append(oid.getId()); - // buf.append(" value = ").append(new String(Hex.encode(ext.getExtnValue().getOctets()))).append(nl); - buf.append(" value = ").append("*****").append(nl); - } - } - else - { - buf.append(nl); - } - } - } - - return buf.toString(); - } - - public final void verify( - PublicKey key) - throws CertificateException, NoSuchAlgorithmException, - InvalidKeyException, NoSuchProviderException, SignatureException - { - Signature signature; - String sigName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm()); - - try - { - signature = Signature.getInstance(sigName, BouncyCastleProvider.PROVIDER_NAME); - } - catch (Exception e) - { - signature = Signature.getInstance(sigName); - } - - checkSignature(key, signature); - } - - public final void verify( - PublicKey key, - String sigProvider) - throws CertificateException, NoSuchAlgorithmException, - InvalidKeyException, NoSuchProviderException, SignatureException - { - String sigName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm()); - Signature signature = Signature.getInstance(sigName, sigProvider); - - checkSignature(key, signature); - } - - private void checkSignature( - PublicKey key, - Signature signature) - throws CertificateException, NoSuchAlgorithmException, - SignatureException, InvalidKeyException - { - if (!isAlgIdEqual(c.getSignatureAlgorithm(), c.getTBSCertificate().getSignature())) - { - throw new CertificateException("signature algorithm in TBS cert not same as outer cert"); - } - - ASN1Encodable params = c.getSignatureAlgorithm().getParameters(); - - // TODO This should go after the initVerify? - X509SignatureUtil.setSignatureParameters(signature, params); - - signature.initVerify(key); - - signature.update(this.getTBSCertificate()); - - if (!signature.verify(this.getSignature())) - { - throw new SignatureException("certificate does not verify with supplied key"); - } - } - - private boolean isAlgIdEqual(AlgorithmIdentifier id1, AlgorithmIdentifier id2) - { - if (!id1.getAlgorithm().equals(id2.getAlgorithm())) - { - return false; - } - - if (id1.getParameters() == null) - { - if (id2.getParameters() != null && !id2.getParameters().equals(DERNull.INSTANCE)) - { - return false; - } - - return true; - } - - if (id2.getParameters() == null) - { - if (id1.getParameters() != null && !id1.getParameters().equals(DERNull.INSTANCE)) - { - return false; - } - - return true; - } - - return id1.getParameters().equals(id2.getParameters()); - } - - private static Collection getAlternativeNames(byte[] extVal) - throws CertificateParsingException - { - if (extVal == null) - { - return null; - } - try - { - Collection temp = new ArrayList(); - Enumeration it = ASN1Sequence.getInstance(extVal).getObjects(); - while (it.hasMoreElements()) - { - GeneralName genName = GeneralName.getInstance(it.nextElement()); - List list = new ArrayList(); - list.add(Integers.valueOf(genName.getTagNo())); - switch (genName.getTagNo()) - { - case GeneralName.ediPartyName: - case GeneralName.x400Address: - case GeneralName.otherName: - list.add(genName.getEncoded()); - break; - case GeneralName.directoryName: - list.add(X500Name.getInstance(RFC4519Style.INSTANCE, genName.getName()).toString()); - break; - case GeneralName.dNSName: - case GeneralName.rfc822Name: - case GeneralName.uniformResourceIdentifier: - list.add(((ASN1String)genName.getName()).getString()); - break; - case GeneralName.registeredID: - list.add(ASN1ObjectIdentifier.getInstance(genName.getName()).getId()); - break; - case GeneralName.iPAddress: - byte[] addrBytes = DEROctetString.getInstance(genName.getName()).getOctets(); - final String addr; - try - { - addr = InetAddress.getByAddress(addrBytes).getHostAddress(); - } - catch (UnknownHostException e) - { - continue; - } - list.add(addr); - break; - default: - throw new IOException("Bad tag number: " + genName.getTagNo()); - } - - temp.add(Collections.unmodifiableList(list)); - } - if (temp.size() == 0) - { - return null; - } - return Collections.unmodifiableCollection(temp); - } - catch (Exception e) - { - throw new CertificateParsingException(e.getMessage()); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.java b/prov/src/main/java/org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.java deleted file mode 100644 index 3797607c..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.java +++ /dev/null @@ -1,477 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.security.InvalidAlgorithmParameterException; -import java.security.cert.CRL; -import java.security.cert.CRLSelector; -import java.security.cert.CertSelector; -import java.security.cert.CertStoreException; -import java.security.cert.CertStoreParameters; -import java.security.cert.CertStoreSpi; -import java.security.cert.Certificate; -import java.security.cert.CertificateFactory; -import java.security.cert.X509CRLSelector; -import java.security.cert.X509CertSelector; -import java.util.ArrayList; -import java.util.Collection; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; -import java.util.Properties; -import java.util.Set; - -import javax.naming.Context; -import javax.naming.NamingEnumeration; -import javax.naming.NamingException; -import javax.naming.directory.Attribute; -import javax.naming.directory.DirContext; -import javax.naming.directory.InitialDirContext; -import javax.naming.directory.SearchControls; -import javax.naming.directory.SearchResult; -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.x509.CertificatePair; -import org.bouncycastle.jce.X509LDAPCertStoreParameters; - -/** - * - * This is a general purpose implementation to get X.509 certificates and CRLs - * from a LDAP location. - * <p> - * At first a search is performed in the ldap*AttributeNames of the - * {@link org.bouncycastle.jce.X509LDAPCertStoreParameters} with the given - * information of the subject (for all kind of certificates) or issuer (for - * CRLs), respectively, if a X509CertSelector is given with that details. For - * CRLs, CA certificates and cross certificates a coarse search is made only for - * entries with that content to get more possibly matchign results. - */ -public class X509LDAPCertStoreSpi - extends CertStoreSpi -{ - private X509LDAPCertStoreParameters params; - - public X509LDAPCertStoreSpi(CertStoreParameters params) - throws InvalidAlgorithmParameterException - { - super(params); - - if (!(params instanceof X509LDAPCertStoreParameters)) - { - throw new InvalidAlgorithmParameterException( - X509LDAPCertStoreSpi.class.getName() + ": parameter must be a " + X509LDAPCertStoreParameters.class.getName() + " object\n" - + params.toString()); - } - - this.params = (X509LDAPCertStoreParameters)params; - } - - /** - * Initial Context Factory. - */ - private static String LDAP_PROVIDER = "com.sun.jndi.ldap.LdapCtxFactory"; - - /** - * Processing referrals.. - */ - private static String REFERRALS_IGNORE = "ignore"; - - /** - * Security level to be used for LDAP connections. - */ - private static final String SEARCH_SECURITY_LEVEL = "none"; - - /** - * Package Prefix for loading URL context factories. - */ - private static final String URL_CONTEXT_PREFIX = "com.sun.jndi.url"; - - private DirContext connectLDAP() throws NamingException - { - Properties props = new Properties(); - props.setProperty(Context.INITIAL_CONTEXT_FACTORY, LDAP_PROVIDER); - props.setProperty(Context.BATCHSIZE, "0"); - - props.setProperty(Context.PROVIDER_URL, params.getLdapURL()); - props.setProperty(Context.URL_PKG_PREFIXES, URL_CONTEXT_PREFIX); - props.setProperty(Context.REFERRAL, REFERRALS_IGNORE); - props.setProperty(Context.SECURITY_AUTHENTICATION, - SEARCH_SECURITY_LEVEL); - - DirContext ctx = new InitialDirContext(props); - return ctx; - } - - private String parseDN(String subject, String subjectAttributeName) - { - String temp = subject; - int begin = temp.toLowerCase().indexOf( - subjectAttributeName.toLowerCase()); - temp = temp.substring(begin + subjectAttributeName.length()); - int end = temp.indexOf(','); - if (end == -1) - { - end = temp.length(); - } - while (temp.charAt(end - 1) == '\\') - { - end = temp.indexOf(',', end + 1); - if (end == -1) - { - end = temp.length(); - } - } - temp = temp.substring(0, end); - begin = temp.indexOf('='); - temp = temp.substring(begin + 1); - if (temp.charAt(0) == ' ') - { - temp = temp.substring(1); - } - if (temp.startsWith("\"")) - { - temp = temp.substring(1); - } - if (temp.endsWith("\"")) - { - temp = temp.substring(0, temp.length() - 1); - } - return temp; - } - - public Collection engineGetCertificates(CertSelector selector) - throws CertStoreException - { - if (!(selector instanceof X509CertSelector)) - { - throw new CertStoreException("selector is not a X509CertSelector"); - } - X509CertSelector xselector = (X509CertSelector)selector; - - Set certSet = new HashSet(); - - Set set = getEndCertificates(xselector); - set.addAll(getCACertificates(xselector)); - set.addAll(getCrossCertificates(xselector)); - - Iterator it = set.iterator(); - - try - { - CertificateFactory cf = CertificateFactory.getInstance("X.509", - BouncyCastleProvider.PROVIDER_NAME); - while (it.hasNext()) - { - byte[] bytes = (byte[])it.next(); - if (bytes == null || bytes.length == 0) - { - continue; - } - - List bytesList = new ArrayList(); - bytesList.add(bytes); - - try - { - CertificatePair pair = CertificatePair - .getInstance(new ASN1InputStream(bytes) - .readObject()); - bytesList.clear(); - if (pair.getForward() != null) - { - bytesList.add(pair.getForward().getEncoded()); - } - if (pair.getReverse() != null) - { - bytesList.add(pair.getReverse().getEncoded()); - } - } - catch (IOException e) - { - - } - catch (IllegalArgumentException e) - { - - } - for (Iterator it2 = bytesList.iterator(); it2.hasNext();) - { - ByteArrayInputStream bIn = new ByteArrayInputStream( - (byte[])it2.next()); - try - { - Certificate cert = cf.generateCertificate(bIn); - // System.out.println(((X509Certificate) - // cert).getSubjectX500Principal()); - if (xselector.match(cert)) - { - certSet.add(cert); - } - } - catch (Exception e) - { - - } - } - } - } - catch (Exception e) - { - throw new CertStoreException( - "certificate cannot be constructed from LDAP result: " + e); - } - - return certSet; - } - - private Set certSubjectSerialSearch(X509CertSelector xselector, - String[] attrs, String attrName, String subjectAttributeName) - throws CertStoreException - { - Set set = new HashSet(); - try - { - if (xselector.getSubjectAsBytes() != null - || xselector.getSubjectAsString() != null - || xselector.getCertificate() != null) - { - String subject = null; - String serial = null; - if (xselector.getCertificate() != null) - { - subject = xselector.getCertificate() - .getSubjectX500Principal().getName("RFC1779"); - serial = xselector.getCertificate().getSerialNumber() - .toString(); - } - else - { - if (xselector.getSubjectAsBytes() != null) - { - subject = new X500Principal(xselector - .getSubjectAsBytes()).getName("RFC1779"); - } - else - { - subject = xselector.getSubjectAsString(); - } - } - String attrValue = parseDN(subject, subjectAttributeName); - set.addAll(search(attrName, "*" + attrValue + "*", attrs)); - if (serial != null - && params.getSearchForSerialNumberIn() != null) - { - attrValue = serial; - attrName = params.getSearchForSerialNumberIn(); - set.addAll(search(attrName, "*" + attrValue + "*", attrs)); - } - } - else - { - set.addAll(search(attrName, "*", attrs)); - } - } - catch (IOException e) - { - throw new CertStoreException("exception processing selector: " + e); - } - - return set; - } - - private Set getEndCertificates(X509CertSelector xselector) - throws CertStoreException - { - String[] attrs = {params.getUserCertificateAttribute()}; - String attrName = params.getLdapUserCertificateAttributeName(); - String subjectAttributeName = params.getUserCertificateSubjectAttributeName(); - - Set set = certSubjectSerialSearch(xselector, attrs, attrName, - subjectAttributeName); - return set; - } - - private Set getCACertificates(X509CertSelector xselector) - throws CertStoreException - { - String[] attrs = {params.getCACertificateAttribute()}; - String attrName = params.getLdapCACertificateAttributeName(); - String subjectAttributeName = params - .getCACertificateSubjectAttributeName(); - Set set = certSubjectSerialSearch(xselector, attrs, attrName, - subjectAttributeName); - - if (set.isEmpty()) - { - set.addAll(search(null, "*", attrs)); - } - - return set; - } - - private Set getCrossCertificates(X509CertSelector xselector) - throws CertStoreException - { - String[] attrs = {params.getCrossCertificateAttribute()}; - String attrName = params.getLdapCrossCertificateAttributeName(); - String subjectAttributeName = params - .getCrossCertificateSubjectAttributeName(); - Set set = certSubjectSerialSearch(xselector, attrs, attrName, - subjectAttributeName); - - if (set.isEmpty()) - { - set.addAll(search(null, "*", attrs)); - } - - return set; - } - - public Collection engineGetCRLs(CRLSelector selector) - throws CertStoreException - { - String[] attrs = {params.getCertificateRevocationListAttribute()}; - if (!(selector instanceof X509CRLSelector)) - { - throw new CertStoreException("selector is not a X509CRLSelector"); - } - X509CRLSelector xselector = (X509CRLSelector)selector; - - Set crlSet = new HashSet(); - - String attrName = params.getLdapCertificateRevocationListAttributeName(); - Set set = new HashSet(); - - if (xselector.getIssuerNames() != null) - { - for (Iterator it = xselector.getIssuerNames().iterator(); it - .hasNext();) - { - Object o = it.next(); - String attrValue = null; - if (o instanceof String) - { - String issuerAttributeName = params - .getCertificateRevocationListIssuerAttributeName(); - attrValue = parseDN((String)o, issuerAttributeName); - } - else - { - String issuerAttributeName = params - .getCertificateRevocationListIssuerAttributeName(); - attrValue = parseDN(new X500Principal((byte[])o) - .getName("RFC1779"), issuerAttributeName); - } - set.addAll(search(attrName, "*" + attrValue + "*", attrs)); - } - } - else - { - set.addAll(search(attrName, "*", attrs)); - } - set.addAll(search(null, "*", attrs)); - Iterator it = set.iterator(); - - try - { - CertificateFactory cf = CertificateFactory.getInstance("X.509", - BouncyCastleProvider.PROVIDER_NAME); - while (it.hasNext()) - { - CRL crl = cf.generateCRL(new ByteArrayInputStream((byte[])it - .next())); - if (xselector.match(crl)) - { - crlSet.add(crl); - } - } - } - catch (Exception e) - { - throw new CertStoreException( - "CRL cannot be constructed from LDAP result " + e); - } - - return crlSet; - } - - /** - * Returns a Set of byte arrays with the certificate or CRL encodings. - * - * @param attributeName The attribute name to look for in the LDAP. - * @param attributeValue The value the attribute name must have. - * @param attrs The attributes in the LDAP which hold the certificate, - * certificate pair or CRL in a found entry. - * @return Set of byte arrays with the certificate encodings. - */ - private Set search(String attributeName, String attributeValue, - String[] attrs) throws CertStoreException - { - String filter = attributeName + "=" + attributeValue; - if (attributeName == null) - { - filter = null; - } - DirContext ctx = null; - Set set = new HashSet(); - try - { - - ctx = connectLDAP(); - - SearchControls constraints = new SearchControls(); - constraints.setSearchScope(SearchControls.SUBTREE_SCOPE); - constraints.setCountLimit(0); - for (int i = 0; i < attrs.length; i++) - { - String temp[] = new String[1]; - temp[0] = attrs[i]; - constraints.setReturningAttributes(temp); - - String filter2 = "(&(" + filter + ")(" + temp[0] + "=*))"; - if (filter == null) - { - filter2 = "(" + temp[0] + "=*)"; - } - NamingEnumeration results = ctx.search(params.getBaseDN(), - filter2, constraints); - while (results.hasMoreElements()) - { - SearchResult sr = (SearchResult)results.next(); - // should only be one attribute in the attribute set with - // one - // attribute value as byte array - NamingEnumeration enumeration = ((Attribute)(sr - .getAttributes().getAll().next())).getAll(); - while (enumeration.hasMore()) - { - Object o = enumeration.next(); - set.add(o); - } - } - } - } - catch (Exception e) - { - throw new CertStoreException( - "Error getting results from LDAP directory " + e); - - } - finally - { - try - { - if (null != ctx) - { - ctx.close(); - } - } - catch (Exception e) - { - } - } - return set; - } - -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/X509SignatureUtil.java b/prov/src/main/java/org/bouncycastle/jce/provider/X509SignatureUtil.java deleted file mode 100644 index eb1e556e..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/X509SignatureUtil.java +++ /dev/null @@ -1,138 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.IOException; -import java.security.AlgorithmParameters; -import java.security.GeneralSecurityException; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.Signature; -import java.security.SignatureException; -import java.security.spec.PSSParameterSpec; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Null; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.RSASSAPSSparams; -import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; - -class X509SignatureUtil -{ - private static final ASN1Null derNull = DERNull.INSTANCE; - - static void setSignatureParameters( - Signature signature, - ASN1Encodable params) - throws NoSuchAlgorithmException, SignatureException, InvalidKeyException - { - if (params != null && !derNull.equals(params)) - { - AlgorithmParameters sigParams = AlgorithmParameters.getInstance(signature.getAlgorithm(), signature.getProvider()); - - try - { - sigParams.init(params.toASN1Primitive().getEncoded()); - } - catch (IOException e) - { - throw new SignatureException("IOException decoding parameters: " + e.getMessage()); - } - - if (signature.getAlgorithm().endsWith("MGF1")) - { - try - { - signature.setParameter(sigParams.getParameterSpec(PSSParameterSpec.class)); - } - catch (GeneralSecurityException e) - { - throw new SignatureException("Exception extracting parameters: " + e.getMessage()); - } - } - } - } - - static String getSignatureName( - AlgorithmIdentifier sigAlgId) - { - ASN1Encodable params = sigAlgId.getParameters(); - - if (params != null && !derNull.equals(params)) - { - if (sigAlgId.getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS)) - { - RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params); - - return getDigestAlgName(rsaParams.getHashAlgorithm().getAlgorithm()) + "withRSAandMGF1"; - } - if (sigAlgId.getAlgorithm().equals(X9ObjectIdentifiers.ecdsa_with_SHA2)) - { - ASN1Sequence ecDsaParams = ASN1Sequence.getInstance(params); - - return getDigestAlgName(ASN1ObjectIdentifier.getInstance(ecDsaParams.getObjectAt(0))) + "withECDSA"; - } - } - - return sigAlgId.getAlgorithm().getId(); - } - - /** - * Return the digest algorithm using one of the standard JCA string - * representations rather the the algorithm identifier (if possible). - */ - private static String getDigestAlgName( - ASN1ObjectIdentifier digestAlgOID) - { - if (PKCSObjectIdentifiers.md5.equals(digestAlgOID)) - { - return "MD5"; - } - else if (OIWObjectIdentifiers.idSHA1.equals(digestAlgOID)) - { - return "SHA1"; - } - else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID)) - { - return "SHA224"; - } - else if (NISTObjectIdentifiers.id_sha256.equals(digestAlgOID)) - { - return "SHA256"; - } - else if (NISTObjectIdentifiers.id_sha384.equals(digestAlgOID)) - { - return "SHA384"; - } - else if (NISTObjectIdentifiers.id_sha512.equals(digestAlgOID)) - { - return "SHA512"; - } - else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID)) - { - return "RIPEMD128"; - } - else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID)) - { - return "RIPEMD160"; - } - else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID)) - { - return "RIPEMD256"; - } - else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID)) - { - return "GOST3411"; - } - else - { - return digestAlgOID.getId(); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/X509StoreAttrCertCollection.java b/prov/src/main/java/org/bouncycastle/jce/provider/X509StoreAttrCertCollection.java deleted file mode 100644 index 7e2dc6a3..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/X509StoreAttrCertCollection.java +++ /dev/null @@ -1,34 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.util.Collection; - -import org.bouncycastle.util.CollectionStore; -import org.bouncycastle.util.Selector; -import org.bouncycastle.x509.X509CollectionStoreParameters; -import org.bouncycastle.x509.X509StoreParameters; -import org.bouncycastle.x509.X509StoreSpi; - -public class X509StoreAttrCertCollection - extends X509StoreSpi -{ - private CollectionStore _store; - - public X509StoreAttrCertCollection() - { - } - - public void engineInit(X509StoreParameters params) - { - if (!(params instanceof X509CollectionStoreParameters)) - { - throw new IllegalArgumentException(params.toString()); - } - - _store = new CollectionStore(((X509CollectionStoreParameters)params).getCollection()); - } - - public Collection engineGetMatches(Selector selector) - { - return _store.getMatches(selector); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/X509StoreCRLCollection.java b/prov/src/main/java/org/bouncycastle/jce/provider/X509StoreCRLCollection.java deleted file mode 100644 index b914f171..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/X509StoreCRLCollection.java +++ /dev/null @@ -1,34 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.util.Collection; - -import org.bouncycastle.util.CollectionStore; -import org.bouncycastle.util.Selector; -import org.bouncycastle.x509.X509CollectionStoreParameters; -import org.bouncycastle.x509.X509StoreParameters; -import org.bouncycastle.x509.X509StoreSpi; - -public class X509StoreCRLCollection - extends X509StoreSpi -{ - private CollectionStore _store; - - public X509StoreCRLCollection() - { - } - - public void engineInit(X509StoreParameters params) - { - if (!(params instanceof X509CollectionStoreParameters)) - { - throw new IllegalArgumentException(params.toString()); - } - - _store = new CollectionStore(((X509CollectionStoreParameters)params).getCollection()); - } - - public Collection engineGetMatches(Selector selector) - { - return _store.getMatches(selector); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/X509StoreCertCollection.java b/prov/src/main/java/org/bouncycastle/jce/provider/X509StoreCertCollection.java deleted file mode 100644 index db88f316..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/X509StoreCertCollection.java +++ /dev/null @@ -1,34 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.util.Collection; - -import org.bouncycastle.util.CollectionStore; -import org.bouncycastle.util.Selector; -import org.bouncycastle.x509.X509CollectionStoreParameters; -import org.bouncycastle.x509.X509StoreParameters; -import org.bouncycastle.x509.X509StoreSpi; - -public class X509StoreCertCollection - extends X509StoreSpi -{ - private CollectionStore _store; - - public X509StoreCertCollection() - { - } - - public void engineInit(X509StoreParameters params) - { - if (!(params instanceof X509CollectionStoreParameters)) - { - throw new IllegalArgumentException(params.toString()); - } - - _store = new CollectionStore(((X509CollectionStoreParameters)params).getCollection()); - } - - public Collection engineGetMatches(Selector selector) - { - return _store.getMatches(selector); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/X509StoreCertPairCollection.java b/prov/src/main/java/org/bouncycastle/jce/provider/X509StoreCertPairCollection.java deleted file mode 100644 index e67c25ba..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/X509StoreCertPairCollection.java +++ /dev/null @@ -1,64 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.util.Collection; - -import org.bouncycastle.util.CollectionStore; -import org.bouncycastle.util.Selector; -import org.bouncycastle.x509.X509CollectionStoreParameters; -import org.bouncycastle.x509.X509StoreParameters; -import org.bouncycastle.x509.X509StoreSpi; - -/** - * This class is a collection based Bouncy Castle - * {@link org.bouncycastle.x509.X509Store} SPI implementation for certificate - * pairs. - * - * @see org.bouncycastle.x509.X509Store - * @see org.bouncycastle.x509.X509CertificatePair - */ -public class X509StoreCertPairCollection extends X509StoreSpi -{ - - private CollectionStore _store; - - public X509StoreCertPairCollection() - { - } - - /** - * Initializes this store. - * - * @param params The {@link X509CollectionStoreParameters}s for this store. - * @throws IllegalArgumentException if <code>params</code> is no instance of - * <code>X509CollectionStoreParameters</code>. - */ - public void engineInit(X509StoreParameters params) - { - if (!(params instanceof X509CollectionStoreParameters)) - { - throw new IllegalArgumentException( - "Initialization parameters must be an instance of " - + X509CollectionStoreParameters.class.getName() - + "."); - } - - _store = new CollectionStore(((X509CollectionStoreParameters)params) - .getCollection()); - } - - /** - * Returns a colelction of certificate pairs which match the given - * <code>selector</code>. - * <p/> - * The returned collection contains - * {@link org.bouncycastle.x509.X509CertificatePair}s. The selector must be - * a {@link org.bouncycastle.x509.X509CertPairStoreSelector} to select - * certificate pairs. - * - * @return A collection with matching certificate pairs. - */ - public Collection engineGetMatches(Selector selector) - { - return _store.getMatches(selector); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPAttrCerts.java b/prov/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPAttrCerts.java deleted file mode 100644 index 96baa129..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPAttrCerts.java +++ /dev/null @@ -1,79 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.util.Collection; -import java.util.Collections; -import java.util.HashSet; -import java.util.Set; - -import org.bouncycastle.jce.X509LDAPCertStoreParameters; -import org.bouncycastle.util.Selector; -import org.bouncycastle.util.StoreException; -import org.bouncycastle.x509.X509AttributeCertStoreSelector; -import org.bouncycastle.x509.X509StoreParameters; -import org.bouncycastle.x509.X509StoreSpi; -import org.bouncycastle.x509.util.LDAPStoreHelper; - -/** - * A SPI implementation of Bouncy Castle <code>X509Store</code> for getting - * attribute certificates from an LDAP directory. - * - * @see org.bouncycastle.x509.X509Store - */ -public class X509StoreLDAPAttrCerts extends X509StoreSpi -{ - - private LDAPStoreHelper helper; - - public X509StoreLDAPAttrCerts() - { - } - - /** - * Initializes this LDAP attribute cert store implementation. - * - * @param parameters <code>X509LDAPCertStoreParameters</code>. - * @throws IllegalArgumentException if <code>params</code> is not an instance of - * <code>X509LDAPCertStoreParameters</code>. - */ - public void engineInit(X509StoreParameters parameters) - { - if (!(parameters instanceof X509LDAPCertStoreParameters)) - { - throw new IllegalArgumentException( - "Initialization parameters must be an instance of " - + X509LDAPCertStoreParameters.class.getName() + "."); - } - helper = new LDAPStoreHelper((X509LDAPCertStoreParameters)parameters); - } - - /** - * Returns a collection of matching attribute certificates from the LDAP - * location. - * <p/> - * The selector must be a of type - * <code>X509AttributeCertStoreSelector</code>. If it is not an empty - * collection is returned. - * <p/> - * <p/> - * The subject and the serial number should be reasonable criterias for a - * selector. - * - * @param selector The selector to use for finding. - * @return A collection with the matches. - * @throws StoreException if an exception occurs while searching. - */ - public Collection engineGetMatches(Selector selector) throws StoreException - { - if (!(selector instanceof X509AttributeCertStoreSelector)) - { - return Collections.EMPTY_SET; - } - X509AttributeCertStoreSelector xselector = (X509AttributeCertStoreSelector)selector; - Set set = new HashSet(); - set.addAll(helper.getAACertificates(xselector)); - set.addAll(helper.getAttributeCertificateAttributes(xselector)); - set.addAll(helper.getAttributeDescriptorCertificates(xselector)); - return set; - } - -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPCRLs.java b/prov/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPCRLs.java deleted file mode 100644 index 5f4dfb48..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPCRLs.java +++ /dev/null @@ -1,87 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.util.Collection; -import java.util.Collections; -import java.util.HashSet; -import java.util.Set; - -import org.bouncycastle.jce.X509LDAPCertStoreParameters; -import org.bouncycastle.util.Selector; -import org.bouncycastle.util.StoreException; -import org.bouncycastle.x509.X509CRLStoreSelector; -import org.bouncycastle.x509.X509StoreParameters; -import org.bouncycastle.x509.X509StoreSpi; -import org.bouncycastle.x509.util.LDAPStoreHelper; - -/** - * A SPI implementation of Bouncy Castle <code>X509Store</code> for getting - * certificate revocation lists from an LDAP directory. - * - * @see org.bouncycastle.x509.X509Store - */ -public class X509StoreLDAPCRLs extends X509StoreSpi -{ - - private LDAPStoreHelper helper; - - public X509StoreLDAPCRLs() - { - } - - /** - * Initializes this LDAP CRL store implementation. - * - * @param params <code>X509LDAPCertStoreParameters</code>. - * @throws IllegalArgumentException if <code>params</code> is not an instance of - * <code>X509LDAPCertStoreParameters</code>. - */ - public void engineInit(X509StoreParameters params) - { - if (!(params instanceof X509LDAPCertStoreParameters)) - { - throw new IllegalArgumentException( - "Initialization parameters must be an instance of " - + X509LDAPCertStoreParameters.class.getName() + "."); - } - helper = new LDAPStoreHelper((X509LDAPCertStoreParameters)params); - } - - /** - * Returns a collection of matching CRLs from the LDAP location. - * <p/> - * The selector must be a of type <code>X509CRLStoreSelector</code>. If - * it is not an empty collection is returned. - * <p/> - * The issuer should be a reasonable criteria for a selector. - * - * @param selector The selector to use for finding. - * @return A collection with the matches. - * @throws StoreException if an exception occurs while searching. - */ - public Collection engineGetMatches(Selector selector) throws StoreException - { - if (!(selector instanceof X509CRLStoreSelector)) - { - return Collections.EMPTY_SET; - } - X509CRLStoreSelector xselector = (X509CRLStoreSelector)selector; - Set set = new HashSet(); - // test only delta CRLs should be selected - if (xselector.isDeltaCRLIndicatorEnabled()) - { - set.addAll(helper.getDeltaCertificateRevocationLists(xselector)); - } - // nothing specified - else - { - set.addAll(helper.getDeltaCertificateRevocationLists(xselector)); - set.addAll(helper.getAttributeAuthorityRevocationLists(xselector)); - set - .addAll(helper - .getAttributeCertificateRevocationLists(xselector)); - set.addAll(helper.getAuthorityRevocationLists(xselector)); - set.addAll(helper.getCertificateRevocationLists(xselector)); - } - return set; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPCertPairs.java b/prov/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPCertPairs.java deleted file mode 100644 index f5687d8c..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPCertPairs.java +++ /dev/null @@ -1,75 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.util.Collection; -import java.util.Collections; -import java.util.HashSet; -import java.util.Set; - -import org.bouncycastle.jce.X509LDAPCertStoreParameters; -import org.bouncycastle.util.Selector; -import org.bouncycastle.util.StoreException; -import org.bouncycastle.x509.X509CertPairStoreSelector; -import org.bouncycastle.x509.X509StoreParameters; -import org.bouncycastle.x509.X509StoreSpi; -import org.bouncycastle.x509.util.LDAPStoreHelper; - -/** - * A SPI implementation of Bouncy Castle <code>X509Store</code> for getting - * cross certificates pairs from an LDAP directory. - * - * @see org.bouncycastle.x509.X509Store - */ -public class X509StoreLDAPCertPairs extends X509StoreSpi -{ - - private LDAPStoreHelper helper; - - public X509StoreLDAPCertPairs() - { - } - - /** - * Initializes this LDAP cross certificate pair store implementation. - * - * @param parameters <code>X509LDAPCertStoreParameters</code>. - * @throws IllegalArgumentException if <code>params</code> is not an instance of - * <code>X509LDAPCertStoreParameters</code>. - */ - public void engineInit(X509StoreParameters parameters) - { - if (!(parameters instanceof X509LDAPCertStoreParameters)) - { - throw new IllegalArgumentException( - "Initialization parameters must be an instance of " - + X509LDAPCertStoreParameters.class.getName() + "."); - } - helper = new LDAPStoreHelper((X509LDAPCertStoreParameters)parameters); - } - - /** - * Returns a collection of matching cross certificate pairs from the LDAP - * location. - * <p/> - * The selector must be a of type <code>X509CertPairStoreSelector</code>. - * If it is not an empty collection is returned. - * <p/> - * <p/> - * The subject should be a reasonable criteria for a selector. - * - * @param selector The selector to use for finding. - * @return A collection with the matches. - * @throws StoreException if an exception occurs while searching. - */ - public Collection engineGetMatches(Selector selector) throws StoreException - { - if (!(selector instanceof X509CertPairStoreSelector)) - { - return Collections.EMPTY_SET; - } - X509CertPairStoreSelector xselector = (X509CertPairStoreSelector)selector; - Set set = new HashSet(); - set.addAll(helper.getCrossCertificatePairs(xselector)); - return set; - } - -} diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPCerts.java b/prov/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPCerts.java deleted file mode 100644 index dd811a17..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/provider/X509StoreLDAPCerts.java +++ /dev/null @@ -1,128 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.util.Collection; -import java.util.Collections; -import java.util.HashSet; -import java.util.Iterator; -import java.util.Set; - -import org.bouncycastle.jce.X509LDAPCertStoreParameters; -import org.bouncycastle.util.Selector; -import org.bouncycastle.util.StoreException; -import org.bouncycastle.x509.X509CertPairStoreSelector; -import org.bouncycastle.x509.X509CertStoreSelector; -import org.bouncycastle.x509.X509CertificatePair; -import org.bouncycastle.x509.X509StoreParameters; -import org.bouncycastle.x509.X509StoreSpi; -import org.bouncycastle.x509.util.LDAPStoreHelper; - -/** - * A SPI implementation of Bouncy Castle <code>X509Store</code> for getting - * certificates form a LDAP directory. - * - * @see org.bouncycastle.x509.X509Store - */ -public class X509StoreLDAPCerts - extends X509StoreSpi -{ - - private LDAPStoreHelper helper; - - public X509StoreLDAPCerts() - { - } - - /** - * Initializes this LDAP cert store implementation. - * - * @param params <code>X509LDAPCertStoreParameters</code>. - * @throws IllegalArgumentException if <code>params</code> is not an instance of - * <code>X509LDAPCertStoreParameters</code>. - */ - public void engineInit(X509StoreParameters params) - { - if (!(params instanceof X509LDAPCertStoreParameters)) - { - throw new IllegalArgumentException( - "Initialization parameters must be an instance of " - + X509LDAPCertStoreParameters.class.getName() + "."); - } - helper = new LDAPStoreHelper((X509LDAPCertStoreParameters)params); - } - - /** - * Returns a collection of matching certificates from the LDAP location. - * <p/> - * The selector must be a of type <code>X509CertStoreSelector</code>. If - * it is not an empty collection is returned. - * <p/> - * The implementation searches only for CA certificates, if the method - * {@link java.security.cert.X509CertSelector#getBasicConstraints()} is - * greater or equal to 0. If it is -2 only end certificates are searched. - * <p/> - * The subject and the serial number for end certificates should be - * reasonable criterias for a selector. - * - * @param selector The selector to use for finding. - * @return A collection with the matches. - * @throws StoreException if an exception occurs while searching. - */ - public Collection engineGetMatches(Selector selector) throws StoreException - { - if (!(selector instanceof X509CertStoreSelector)) - { - return Collections.EMPTY_SET; - } - X509CertStoreSelector xselector = (X509CertStoreSelector)selector; - Set set = new HashSet(); - // test if only CA certificates should be selected - if (xselector.getBasicConstraints() > 0) - { - set.addAll(helper.getCACertificates(xselector)); - set.addAll(getCertificatesFromCrossCertificatePairs(xselector)); - } - // only end certificates should be selected - else if (xselector.getBasicConstraints() == -2) - { - set.addAll(helper.getUserCertificates(xselector)); - } - // nothing specified - else - { - set.addAll(helper.getUserCertificates(xselector)); - set.addAll(helper.getCACertificates(xselector)); - set.addAll(getCertificatesFromCrossCertificatePairs(xselector)); - } - return set; - } - - private Collection getCertificatesFromCrossCertificatePairs( - X509CertStoreSelector xselector) throws StoreException - { - Set set = new HashSet(); - X509CertPairStoreSelector ps = new X509CertPairStoreSelector(); - - ps.setForwardSelector(xselector); - ps.setReverseSelector(new X509CertStoreSelector()); - - Set crossCerts = new HashSet(helper.getCrossCertificatePairs(ps)); - Set forward = new HashSet(); - Set reverse = new HashSet(); - Iterator it = crossCerts.iterator(); - while (it.hasNext()) - { - X509CertificatePair pair = (X509CertificatePair)it.next(); - if (pair.getForward() != null) - { - forward.add(pair.getForward()); - } - if (pair.getReverse() != null) - { - reverse.add(pair.getReverse()); - } - } - set.addAll(forward); - set.addAll(reverse); - return set; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/spec/ECKeySpec.java b/prov/src/main/java/org/bouncycastle/jce/spec/ECKeySpec.java deleted file mode 100644 index 12157844..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/spec/ECKeySpec.java +++ /dev/null @@ -1,26 +0,0 @@ -package org.bouncycastle.jce.spec; - -import java.security.spec.KeySpec; - -/** - * base class for an Elliptic Curve Key Spec - */ -public class ECKeySpec - implements KeySpec -{ - private ECParameterSpec spec; - - protected ECKeySpec( - ECParameterSpec spec) - { - this.spec = spec; - } - - /** - * return the domain parameters for the curve - */ - public ECParameterSpec getParams() - { - return spec; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveGenParameterSpec.java b/prov/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveGenParameterSpec.java deleted file mode 100644 index a5dd319c..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveGenParameterSpec.java +++ /dev/null @@ -1,28 +0,0 @@ -package org.bouncycastle.jce.spec; - -import java.security.spec.AlgorithmParameterSpec; - -/** - * Named curve generation spec - * <p> - * If you are using JDK 1.5 you should be looking at ECGenParameterSpec. - */ -public class ECNamedCurveGenParameterSpec - implements AlgorithmParameterSpec -{ - private String name; - - public ECNamedCurveGenParameterSpec( - String name) - { - this.name = name; - } - - /** - * return the name of the curve the EC domain parameters belong to. - */ - public String getName() - { - return name; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveParameterSpec.java b/prov/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveParameterSpec.java deleted file mode 100644 index 4e749a58..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveParameterSpec.java +++ /dev/null @@ -1,62 +0,0 @@ -package org.bouncycastle.jce.spec; - -import java.math.BigInteger; - -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECPoint; - -/** - * specification signifying that the curve parameters can also be - * referred to by name. - * <p> - * If you are using JDK 1.5 you should be looking at {@link ECNamedCurveSpec}. - */ -public class ECNamedCurveParameterSpec - extends ECParameterSpec -{ - private String name; - - public ECNamedCurveParameterSpec( - String name, - ECCurve curve, - ECPoint G, - BigInteger n) - { - super(curve, G, n); - - this.name = name; - } - - public ECNamedCurveParameterSpec( - String name, - ECCurve curve, - ECPoint G, - BigInteger n, - BigInteger h) - { - super(curve, G, n, h); - - this.name = name; - } - - public ECNamedCurveParameterSpec( - String name, - ECCurve curve, - ECPoint G, - BigInteger n, - BigInteger h, - byte[] seed) - { - super(curve, G, n, h, seed); - - this.name = name; - } - - /** - * return the name of the curve the EC domain parameters belong to. - */ - public String getName() - { - return name; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveSpec.java b/prov/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveSpec.java deleted file mode 100644 index c1b5ccc6..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/spec/ECNamedCurveSpec.java +++ /dev/null @@ -1,123 +0,0 @@ -package org.bouncycastle.jce.spec; - -import java.math.BigInteger; -import java.security.spec.ECFieldF2m; -import java.security.spec.ECFieldFp; -import java.security.spec.ECPoint; -import java.security.spec.EllipticCurve; - -import org.bouncycastle.math.ec.ECAlgorithms; -import org.bouncycastle.math.ec.ECCurve; - -/** - * specification signifying that the curve parameters can also be - * referred to by name. - */ -public class ECNamedCurveSpec - extends java.security.spec.ECParameterSpec -{ - private String name; - - private static EllipticCurve convertCurve( - ECCurve curve, - byte[] seed) - { - if (ECAlgorithms.isFpCurve(curve)) - { - return new EllipticCurve(new ECFieldFp(curve.getField().getCharacteristic()), curve.getA().toBigInteger(), curve.getB().toBigInteger(), seed); - } - else - { - ECCurve.F2m curveF2m = (ECCurve.F2m)curve; - int ks[]; - - if (curveF2m.isTrinomial()) - { - ks = new int[] { curveF2m.getK1() }; - - return new EllipticCurve(new ECFieldF2m(curveF2m.getM(), ks), curve.getA().toBigInteger(), curve.getB().toBigInteger(), seed); - } - else - { - ks = new int[] { curveF2m.getK3(), curveF2m.getK2(), curveF2m.getK1() }; - - return new EllipticCurve(new ECFieldF2m(curveF2m.getM(), ks), curve.getA().toBigInteger(), curve.getB().toBigInteger(), seed); - } - } - - } - - private static ECPoint convertPoint( - org.bouncycastle.math.ec.ECPoint g) - { - g = g.normalize(); - return new ECPoint(g.getAffineXCoord().toBigInteger(), g.getAffineYCoord().toBigInteger()); - } - - public ECNamedCurveSpec( - String name, - ECCurve curve, - org.bouncycastle.math.ec.ECPoint g, - BigInteger n) - { - super(convertCurve(curve, null), convertPoint(g), n, 1); - - this.name = name; - } - - public ECNamedCurveSpec( - String name, - EllipticCurve curve, - ECPoint g, - BigInteger n) - { - super(curve, g, n, 1); - - this.name = name; - } - - public ECNamedCurveSpec( - String name, - ECCurve curve, - org.bouncycastle.math.ec.ECPoint g, - BigInteger n, - BigInteger h) - { - super(convertCurve(curve, null), convertPoint(g), n, h.intValue()); - - this.name = name; - } - - public ECNamedCurveSpec( - String name, - EllipticCurve curve, - ECPoint g, - BigInteger n, - BigInteger h) - { - super(curve, g, n, h.intValue()); - - this.name = name; - } - - public ECNamedCurveSpec( - String name, - ECCurve curve, - org.bouncycastle.math.ec.ECPoint g, - BigInteger n, - BigInteger h, - byte[] seed) - { - super(convertCurve(curve, seed), convertPoint(g), n, h.intValue()); - - this.name = name; - } - - /** - * return the name of the curve the EC domain parameters belong to. - */ - public String getName() - { - return name; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/spec/ECParameterSpec.java b/prov/src/main/java/org/bouncycastle/jce/spec/ECParameterSpec.java deleted file mode 100644 index df91412c..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/spec/ECParameterSpec.java +++ /dev/null @@ -1,121 +0,0 @@ -package org.bouncycastle.jce.spec; - -import org.bouncycastle.math.ec.ECCurve; -import org.bouncycastle.math.ec.ECPoint; - -import java.math.BigInteger; -import java.security.spec.AlgorithmParameterSpec; - -/** - * basic domain parameters for an Elliptic Curve public or private key. - */ -public class ECParameterSpec - implements AlgorithmParameterSpec -{ - private ECCurve curve; - private byte[] seed; - private ECPoint G; - private BigInteger n; - private BigInteger h; - - public ECParameterSpec( - ECCurve curve, - ECPoint G, - BigInteger n) - { - this.curve = curve; - this.G = G.normalize(); - this.n = n; - this.h = BigInteger.valueOf(1); - this.seed = null; - } - - public ECParameterSpec( - ECCurve curve, - ECPoint G, - BigInteger n, - BigInteger h) - { - this.curve = curve; - this.G = G.normalize(); - this.n = n; - this.h = h; - this.seed = null; - } - - public ECParameterSpec( - ECCurve curve, - ECPoint G, - BigInteger n, - BigInteger h, - byte[] seed) - { - this.curve = curve; - this.G = G.normalize(); - this.n = n; - this.h = h; - this.seed = seed; - } - - /** - * return the curve along which the base point lies. - * @return the curve - */ - public ECCurve getCurve() - { - return curve; - } - - /** - * return the base point we are using for these domain parameters. - * @return the base point. - */ - public ECPoint getG() - { - return G; - } - - /** - * return the order N of G - * @return the order - */ - public BigInteger getN() - { - return n; - } - - /** - * return the cofactor H to the order of G. - * @return the cofactor - */ - public BigInteger getH() - { - return h; - } - - /** - * return the seed used to generate this curve (if available). - * @return the random seed - */ - public byte[] getSeed() - { - return seed; - } - - public boolean equals(Object o) - { - if (!(o instanceof ECParameterSpec)) - { - return false; - } - - ECParameterSpec other = (ECParameterSpec)o; - - return this.getCurve().equals(other.getCurve()) && this.getG().equals(other.getG()); - } - - public int hashCode() - { - return this.getCurve().hashCode() ^ this.getG().hashCode(); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/spec/ECPrivateKeySpec.java b/prov/src/main/java/org/bouncycastle/jce/spec/ECPrivateKeySpec.java deleted file mode 100644 index 27885c40..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/spec/ECPrivateKeySpec.java +++ /dev/null @@ -1,35 +0,0 @@ -package org.bouncycastle.jce.spec; - -import java.math.BigInteger; - -/** - * Elliptic Curve private key specification. - */ -public class ECPrivateKeySpec - extends ECKeySpec -{ - private BigInteger d; - - /** - * base constructor - * - * @param d the private number for the key. - * @param spec the domain parameters for the curve being used. - */ - public ECPrivateKeySpec( - BigInteger d, - ECParameterSpec spec) - { - super(spec); - - this.d = d; - } - - /** - * return the private number D - */ - public BigInteger getD() - { - return d; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/spec/ECPublicKeySpec.java b/prov/src/main/java/org/bouncycastle/jce/spec/ECPublicKeySpec.java deleted file mode 100644 index 0e21a5bc..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/spec/ECPublicKeySpec.java +++ /dev/null @@ -1,42 +0,0 @@ -package org.bouncycastle.jce.spec; - -import org.bouncycastle.math.ec.ECPoint; - -/** - * Elliptic Curve public key specification - */ -public class ECPublicKeySpec - extends ECKeySpec -{ - private ECPoint q; - - /** - * base constructor - * - * @param q the public point on the curve. - * @param spec the domain parameters for the curve. - */ - public ECPublicKeySpec( - ECPoint q, - ECParameterSpec spec) - { - super(spec); - - if (q.getCurve() != null) - { - this.q = q.normalize(); - } - else - { - this.q = q; - } - } - - /** - * return the public point q - */ - public ECPoint getQ() - { - return q; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/spec/ElGamalGenParameterSpec.java b/prov/src/main/java/org/bouncycastle/jce/spec/ElGamalGenParameterSpec.java deleted file mode 100644 index 200d2b4d..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/spec/ElGamalGenParameterSpec.java +++ /dev/null @@ -1,28 +0,0 @@ -package org.bouncycastle.jce.spec; - -import java.security.spec.AlgorithmParameterSpec; - -public class ElGamalGenParameterSpec - implements AlgorithmParameterSpec -{ - private int primeSize; - - /* - * @param primeSize the size (in bits) of the prime modulus. - */ - public ElGamalGenParameterSpec( - int primeSize) - { - this.primeSize = primeSize; - } - - /** - * Returns the size in bits of the prime modulus. - * - * @return the size in bits of the prime modulus - */ - public int getPrimeSize() - { - return primeSize; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/spec/ElGamalKeySpec.java b/prov/src/main/java/org/bouncycastle/jce/spec/ElGamalKeySpec.java deleted file mode 100644 index 5e3eb663..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/spec/ElGamalKeySpec.java +++ /dev/null @@ -1,20 +0,0 @@ -package org.bouncycastle.jce.spec; - -import java.security.spec.KeySpec; - -public class ElGamalKeySpec - implements KeySpec -{ - private ElGamalParameterSpec spec; - - public ElGamalKeySpec( - ElGamalParameterSpec spec) - { - this.spec = spec; - } - - public ElGamalParameterSpec getParams() - { - return spec; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/spec/ElGamalParameterSpec.java b/prov/src/main/java/org/bouncycastle/jce/spec/ElGamalParameterSpec.java deleted file mode 100644 index 10ed1c5d..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/spec/ElGamalParameterSpec.java +++ /dev/null @@ -1,46 +0,0 @@ -package org.bouncycastle.jce.spec; - -import java.math.BigInteger; -import java.security.spec.AlgorithmParameterSpec; - -public class ElGamalParameterSpec - implements AlgorithmParameterSpec -{ - private BigInteger p; - private BigInteger g; - - /** - * Constructs a parameter set for Diffie-Hellman, using a prime modulus - * <code>p</code> and a base generator <code>g</code>. - * - * @param p the prime modulus - * @param g the base generator - */ - public ElGamalParameterSpec( - BigInteger p, - BigInteger g) - { - this.p = p; - this.g = g; - } - - /** - * Returns the prime modulus <code>p</code>. - * - * @return the prime modulus <code>p</code> - */ - public BigInteger getP() - { - return p; - } - - /** - * Returns the base generator <code>g</code>. - * - * @return the base generator <code>g</code> - */ - public BigInteger getG() - { - return g; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/spec/ElGamalPrivateKeySpec.java b/prov/src/main/java/org/bouncycastle/jce/spec/ElGamalPrivateKeySpec.java deleted file mode 100644 index 3a3c6e48..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/spec/ElGamalPrivateKeySpec.java +++ /dev/null @@ -1,33 +0,0 @@ -package org.bouncycastle.jce.spec; - -import java.math.BigInteger; - -/** - * This class specifies an ElGamal private key with its associated parameters. - * - * @see ElGamalPublicKeySpec - */ -public class ElGamalPrivateKeySpec - extends ElGamalKeySpec -{ - private BigInteger x; - - public ElGamalPrivateKeySpec( - BigInteger x, - ElGamalParameterSpec spec) - { - super(spec); - - this.x = x; - } - - /** - * Returns the private value <code>x</code>. - * - * @return the private value <code>x</code> - */ - public BigInteger getX() - { - return x; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/spec/ElGamalPublicKeySpec.java b/prov/src/main/java/org/bouncycastle/jce/spec/ElGamalPublicKeySpec.java deleted file mode 100644 index c0e6dba1..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/spec/ElGamalPublicKeySpec.java +++ /dev/null @@ -1,33 +0,0 @@ -package org.bouncycastle.jce.spec; - -import java.math.BigInteger; - -/** - * This class specifies an ElGamal public key with its associated parameters. - * - * @see ElGamalPrivateKeySpec - */ -public class ElGamalPublicKeySpec - extends ElGamalKeySpec -{ - private BigInteger y; - - public ElGamalPublicKeySpec( - BigInteger y, - ElGamalParameterSpec spec) - { - super(spec); - - this.y = y; - } - - /** - * Returns the public value <code>y</code>. - * - * @return the public value <code>y</code> - */ - public BigInteger getY() - { - return y; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/spec/GOST28147ParameterSpec.java b/prov/src/main/java/org/bouncycastle/jce/spec/GOST28147ParameterSpec.java deleted file mode 100644 index d03fbfe7..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/spec/GOST28147ParameterSpec.java +++ /dev/null @@ -1,48 +0,0 @@ -package org.bouncycastle.jce.spec; - -/** - * A parameter spec for the GOST-28147 cipher. - * @deprecated use org.bouncycastle.jcajce.spec.GOST28147ParameterSpec - */ -public class GOST28147ParameterSpec - extends org.bouncycastle.jcajce.spec.GOST28147ParameterSpec -{ - /** - * @deprecated - */ - public GOST28147ParameterSpec( - byte[] sBox) - { - super(sBox); - } - - /** - * @deprecated - */ - public GOST28147ParameterSpec( - byte[] sBox, - byte[] iv) - { - super(sBox, iv); - - } - - /** - * @deprecated - */ - public GOST28147ParameterSpec( - String sBoxName) - { - super(sBoxName); - } - - /** - * @deprecated - */ - public GOST28147ParameterSpec( - String sBoxName, - byte[] iv) - { - super(sBoxName, iv); - } -}
\ No newline at end of file diff --git a/prov/src/main/java/org/bouncycastle/jce/spec/GOST3410ParameterSpec.java b/prov/src/main/java/org/bouncycastle/jce/spec/GOST3410ParameterSpec.java deleted file mode 100644 index 6e0980db..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/spec/GOST3410ParameterSpec.java +++ /dev/null @@ -1,133 +0,0 @@ -package org.bouncycastle.jce.spec; - -import java.security.spec.AlgorithmParameterSpec; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.cryptopro.GOST3410NamedParameters; -import org.bouncycastle.asn1.cryptopro.GOST3410ParamSetParameters; -import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters; -import org.bouncycastle.jce.interfaces.GOST3410Params; - -/** - * ParameterSpec for a GOST 3410-94 key. - */ -public class GOST3410ParameterSpec - implements AlgorithmParameterSpec, GOST3410Params -{ - private GOST3410PublicKeyParameterSetSpec keyParameters; - private String keyParamSetOID; - private String digestParamSetOID; - private String encryptionParamSetOID; - - public GOST3410ParameterSpec( - String keyParamSetID, - String digestParamSetOID, - String encryptionParamSetOID) - { - GOST3410ParamSetParameters ecP = null; - - try - { - ecP = GOST3410NamedParameters.getByOID(new ASN1ObjectIdentifier(keyParamSetID)); - } - catch (IllegalArgumentException e) - { - ASN1ObjectIdentifier oid = GOST3410NamedParameters.getOID(keyParamSetID); - if (oid != null) - { - keyParamSetID = oid.getId(); - ecP = GOST3410NamedParameters.getByOID(oid); - } - } - - if (ecP == null) - { - throw new IllegalArgumentException("no key parameter set for passed in name/OID."); - } - - this.keyParameters = new GOST3410PublicKeyParameterSetSpec( - ecP.getP(), - ecP.getQ(), - ecP.getA()); - - this.keyParamSetOID = keyParamSetID; - this.digestParamSetOID = digestParamSetOID; - this.encryptionParamSetOID = encryptionParamSetOID; - } - - public GOST3410ParameterSpec( - String keyParamSetID, - String digestParamSetOID) - { - this(keyParamSetID, digestParamSetOID, null); - } - - public GOST3410ParameterSpec( - String keyParamSetID) - { - this(keyParamSetID, CryptoProObjectIdentifiers.gostR3411_94_CryptoProParamSet.getId(), null); - } - - public GOST3410ParameterSpec( - GOST3410PublicKeyParameterSetSpec spec) - { - this.keyParameters = spec; - this.digestParamSetOID = CryptoProObjectIdentifiers.gostR3411_94_CryptoProParamSet.getId(); - this.encryptionParamSetOID = null; - } - - public String getPublicKeyParamSetOID() - { - return this.keyParamSetOID; - } - - public GOST3410PublicKeyParameterSetSpec getPublicKeyParameters() - { - return keyParameters; - } - - public String getDigestParamSetOID() - { - return this.digestParamSetOID; - } - - public String getEncryptionParamSetOID() - { - return this.encryptionParamSetOID; - } - - public boolean equals(Object o) - { - if (o instanceof GOST3410ParameterSpec) - { - GOST3410ParameterSpec other = (GOST3410ParameterSpec)o; - - return this.keyParameters.equals(other.keyParameters) - && this.digestParamSetOID.equals(other.digestParamSetOID) - && (this.encryptionParamSetOID == other.encryptionParamSetOID - || (this.encryptionParamSetOID != null && this.encryptionParamSetOID.equals(other.encryptionParamSetOID))); - } - - return false; - } - - public int hashCode() - { - return this.keyParameters.hashCode() ^ this.digestParamSetOID.hashCode() - ^ (this.encryptionParamSetOID != null ? this.encryptionParamSetOID.hashCode() : 0); - } - - public static GOST3410ParameterSpec fromPublicKeyAlg( - GOST3410PublicKeyAlgParameters params) - { - if (params.getEncryptionParamSet() != null) - { - return new GOST3410ParameterSpec(params.getPublicKeyParamSet().getId(), params.getDigestParamSet().getId(), params.getEncryptionParamSet().getId()); - } - else - { - return new GOST3410ParameterSpec(params.getPublicKeyParamSet().getId(), params.getDigestParamSet().getId()); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/spec/GOST3410PrivateKeySpec.java b/prov/src/main/java/org/bouncycastle/jce/spec/GOST3410PrivateKeySpec.java deleted file mode 100644 index 5ea13856..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/spec/GOST3410PrivateKeySpec.java +++ /dev/null @@ -1,70 +0,0 @@ -package org.bouncycastle.jce.spec; - -import java.math.BigInteger; -import java.security.spec.KeySpec; - -/** - * This class specifies a GOST3410-94 private key with its associated parameters. - */ - -public class GOST3410PrivateKeySpec - implements KeySpec -{ - private BigInteger x; - private BigInteger p; - private BigInteger q; - private BigInteger a; - - /** - * Creates a new GOST3410PrivateKeySpec with the specified parameter values. - * - * @param x the private key. - * @param p the prime. - * @param q the sub-prime. - * @param a the base. - */ - public GOST3410PrivateKeySpec(BigInteger x, BigInteger p, BigInteger q, - BigInteger a) - { - this.x = x; - this.p = p; - this.q = q; - this.a = a; - } - - /** - * Returns the private key <code>x</code>. - * @return the private key <code>x</code>. - */ - public BigInteger getX() - { - return this.x; - } - - /** - * Returns the prime <code>p</code>. - * @return the prime <code>p</code>. - */ - public BigInteger getP() - { - return this.p; - } - - /** - * Returns the sub-prime <code>q</code>. - * @return the sub-prime <code>q</code>. - */ - public BigInteger getQ() - { - return this.q; - } - - /** - * Returns the base <code>a</code>. - * @return the base <code>a</code>. - */ - public BigInteger getA() - { - return this.a; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/spec/GOST3410PublicKeyParameterSetSpec.java b/prov/src/main/java/org/bouncycastle/jce/spec/GOST3410PublicKeyParameterSetSpec.java deleted file mode 100644 index 9e4e650a..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/spec/GOST3410PublicKeyParameterSetSpec.java +++ /dev/null @@ -1,78 +0,0 @@ -package org.bouncycastle.jce.spec; - -import java.math.BigInteger; - -/** - * ParameterSpec for a GOST 3410-94 key parameters. - */ -public class GOST3410PublicKeyParameterSetSpec -{ - private BigInteger p; - private BigInteger q; - private BigInteger a; - - /** - * Creates a new GOST3410ParameterSpec with the specified parameter values. - * - * @param p the prime. - * @param q the sub-prime. - * @param a the base. - */ - public GOST3410PublicKeyParameterSetSpec( - BigInteger p, - BigInteger q, - BigInteger a) - { - this.p = p; - this.q = q; - this.a = a; - } - - /** - * Returns the prime <code>p</code>. - * - * @return the prime <code>p</code>. - */ - public BigInteger getP() - { - return this.p; - } - - /** - * Returns the sub-prime <code>q</code>. - * - * @return the sub-prime <code>q</code>. - */ - public BigInteger getQ() - { - return this.q; - } - - /** - * Returns the base <code>a</code>. - * - * @return the base <code>a</code>. - */ - public BigInteger getA() - { - return this.a; - } - - public boolean equals( - Object o) - { - if (o instanceof GOST3410PublicKeyParameterSetSpec) - { - GOST3410PublicKeyParameterSetSpec other = (GOST3410PublicKeyParameterSetSpec)o; - - return this.a.equals(other.a) && this.p.equals(other.p) && this.q.equals(other.q); - } - - return false; - } - - public int hashCode() - { - return a.hashCode() ^ p.hashCode() ^ q.hashCode(); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/spec/GOST3410PublicKeySpec.java b/prov/src/main/java/org/bouncycastle/jce/spec/GOST3410PublicKeySpec.java deleted file mode 100644 index 7b65c064..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/spec/GOST3410PublicKeySpec.java +++ /dev/null @@ -1,78 +0,0 @@ -package org.bouncycastle.jce.spec; - -import java.math.BigInteger; -import java.security.spec.KeySpec; - -/** - * This class specifies a GOST3410-94 public key with its associated parameters. - */ - -public class GOST3410PublicKeySpec - implements KeySpec -{ - - private BigInteger y; - private BigInteger p; - private BigInteger q; - private BigInteger a; - - /** - * Creates a new GOST3410PublicKeySpec with the specified parameter values. - * - * @param y the public key. - * @param p the prime. - * @param q the sub-prime. - * @param a the base. - */ - public GOST3410PublicKeySpec( - BigInteger y, - BigInteger p, - BigInteger q, - BigInteger a) - { - this.y = y; - this.p = p; - this.q = q; - this.a = a; - } - - /** - * Returns the public key <code>y</code>. - * - * @return the public key <code>y</code>. - */ - public BigInteger getY() - { - return this.y; - } - - /** - * Returns the prime <code>p</code>. - * - * @return the prime <code>p</code>. - */ - public BigInteger getP() - { - return this.p; - } - - /** - * Returns the sub-prime <code>q</code>. - * - * @return the sub-prime <code>q</code>. - */ - public BigInteger getQ() - { - return this.q; - } - - /** - * Returns the base <code>g</code>. - * - * @return the base <code>g</code>. - */ - public BigInteger getA() - { - return this.a; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/spec/IEKeySpec.java b/prov/src/main/java/org/bouncycastle/jce/spec/IEKeySpec.java deleted file mode 100644 index 9859a22b..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/spec/IEKeySpec.java +++ /dev/null @@ -1,70 +0,0 @@ -package org.bouncycastle.jce.spec; - -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.spec.KeySpec; - -import org.bouncycastle.jce.interfaces.IESKey; - -/** - * key pair for use with an integrated encryptor - together - * they provide what's required to generate the message. - */ -public class IEKeySpec - implements KeySpec, IESKey -{ - private PublicKey pubKey; - private PrivateKey privKey; - - /** - * @param privKey our private key. - * @param pubKey the public key of the sender/recipient. - */ - public IEKeySpec( - PrivateKey privKey, - PublicKey pubKey) - { - this.privKey = privKey; - this.pubKey = pubKey; - } - - /** - * return the intended recipient's/sender's public key. - */ - public PublicKey getPublic() - { - return pubKey; - } - - /** - * return the local private key. - */ - public PrivateKey getPrivate() - { - return privKey; - } - - /** - * return "IES" - */ - public String getAlgorithm() - { - return "IES"; - } - - /** - * return null - */ - public String getFormat() - { - return null; - } - - /** - * returns null - */ - public byte[] getEncoded() - { - return null; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/spec/IESParameterSpec.java b/prov/src/main/java/org/bouncycastle/jce/spec/IESParameterSpec.java deleted file mode 100644 index 16a5fa2f..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/spec/IESParameterSpec.java +++ /dev/null @@ -1,135 +0,0 @@ -package org.bouncycastle.jce.spec; - -import java.security.spec.AlgorithmParameterSpec; - -import org.bouncycastle.util.Arrays; - -/** - * Parameter spec for an integrated encryptor, as in IEEE P1363a - */ -public class IESParameterSpec - implements AlgorithmParameterSpec -{ - private byte[] derivation; - private byte[] encoding; - private int macKeySize; - private int cipherKeySize; - private byte[] nonce; - - - /** - * Set the IES engine parameters. - * - * @param derivation the optional derivation vector for the KDF. - * @param encoding the optional encoding vector for the KDF. - * @param macKeySize the key size (in bits) for the MAC. - */ - public IESParameterSpec( - byte[] derivation, - byte[] encoding, - int macKeySize) - { - this(derivation, encoding, macKeySize, -1); - } - - - /** - * Set the IES engine parameters. - * - * @param derivation the optional derivation vector for the KDF. - * @param encoding the optional encoding vector for the KDF. - * @param macKeySize the key size (in bits) for the MAC. - * @param cipherKeySize the key size (in bits) for the block cipher. - */ - public IESParameterSpec( - byte[] derivation, - byte[] encoding, - int macKeySize, - int cipherKeySize) - { - this(derivation, encoding, macKeySize, cipherKeySize, null); - } - - /** - * Set the IES engine parameters. - * - * @param derivation the optional derivation vector for the KDF. - * @param encoding the optional encoding vector for the KDF. - * @param macKeySize the key size (in bits) for the MAC. - * @param cipherKeySize the key size (in bits) for the block cipher. - * @param nonce an IV to use initialising the block cipher. - */ - public IESParameterSpec( - byte[] derivation, - byte[] encoding, - int macKeySize, - int cipherKeySize, - byte[] nonce) - { - if (derivation != null) - { - this.derivation = new byte[derivation.length]; - System.arraycopy(derivation, 0, this.derivation, 0, derivation.length); - } - else - { - this.derivation = null; - } - - if (encoding != null) - { - this.encoding = new byte[encoding.length]; - System.arraycopy(encoding, 0, this.encoding, 0, encoding.length); - } - else - { - this.encoding = null; - } - - this.macKeySize = macKeySize; - this.cipherKeySize = cipherKeySize; - this.nonce = Arrays.clone(nonce); - } - - /** - * return the derivation vector. - */ - public byte[] getDerivationV() - { - return Arrays.clone(derivation); - } - - /** - * return the encoding vector. - */ - public byte[] getEncodingV() - { - return Arrays.clone(encoding); - } - - /** - * return the key size in bits for the MAC used with the message - */ - public int getMacKeySize() - { - return macKeySize; - } - - /** - * return the key size in bits for the block cipher used with the message - */ - public int getCipherKeySize() - { - return cipherKeySize; - } - - /** - * Return the nonce (IV) value to be associated with message. - * - * @return block cipher IV for message. - */ - public byte[] getNonce() - { - return Arrays.clone(nonce); - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/spec/MQVPrivateKeySpec.java b/prov/src/main/java/org/bouncycastle/jce/spec/MQVPrivateKeySpec.java deleted file mode 100644 index bdd988d0..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/spec/MQVPrivateKeySpec.java +++ /dev/null @@ -1,93 +0,0 @@ -package org.bouncycastle.jce.spec; - -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.spec.KeySpec; - -import org.bouncycastle.jce.interfaces.MQVPrivateKey; - -/** - * Static/ephemeral private key (pair) for use with ECMQV key agreement - * (Optionally provides the ephemeral public key) - */ -public class MQVPrivateKeySpec - implements KeySpec, MQVPrivateKey -{ - private PrivateKey staticPrivateKey; - private PrivateKey ephemeralPrivateKey; - private PublicKey ephemeralPublicKey; - - /** - * @param staticPrivateKey the static private key. - * @param ephemeralPrivateKey the ephemeral private key. - */ - public MQVPrivateKeySpec( - PrivateKey staticPrivateKey, - PrivateKey ephemeralPrivateKey) - { - this(staticPrivateKey, ephemeralPrivateKey, null); - } - - /** - * @param staticPrivateKey the static private key. - * @param ephemeralPrivateKey the ephemeral private key. - * @param ephemeralPublicKey the ephemeral public key (may be null). - */ - public MQVPrivateKeySpec( - PrivateKey staticPrivateKey, - PrivateKey ephemeralPrivateKey, - PublicKey ephemeralPublicKey) - { - this.staticPrivateKey = staticPrivateKey; - this.ephemeralPrivateKey = ephemeralPrivateKey; - this.ephemeralPublicKey = ephemeralPublicKey; - } - - /** - * return the static private key - */ - public PrivateKey getStaticPrivateKey() - { - return staticPrivateKey; - } - - /** - * return the ephemeral private key - */ - public PrivateKey getEphemeralPrivateKey() - { - return ephemeralPrivateKey; - } - - /** - * return the ephemeral public key (may be null) - */ - public PublicKey getEphemeralPublicKey() - { - return ephemeralPublicKey; - } - - /** - * return "ECMQV" - */ - public String getAlgorithm() - { - return "ECMQV"; - } - - /** - * return null - */ - public String getFormat() - { - return null; - } - - /** - * returns null - */ - public byte[] getEncoded() - { - return null; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/spec/MQVPublicKeySpec.java b/prov/src/main/java/org/bouncycastle/jce/spec/MQVPublicKeySpec.java deleted file mode 100644 index 8b50d05f..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/spec/MQVPublicKeySpec.java +++ /dev/null @@ -1,68 +0,0 @@ -package org.bouncycastle.jce.spec; - -import java.security.PublicKey; -import java.security.spec.KeySpec; - -import org.bouncycastle.jce.interfaces.MQVPublicKey; - -/** - * Static/ephemeral public key pair for use with ECMQV key agreement - */ -public class MQVPublicKeySpec - implements KeySpec, MQVPublicKey -{ - private PublicKey staticKey; - private PublicKey ephemeralKey; - - /** - * @param staticKey the static public key. - * @param ephemeralKey the ephemeral public key. - */ - public MQVPublicKeySpec( - PublicKey staticKey, - PublicKey ephemeralKey) - { - this.staticKey = staticKey; - this.ephemeralKey = ephemeralKey; - } - - /** - * return the static public key - */ - public PublicKey getStaticKey() - { - return staticKey; - } - - /** - * return the ephemeral public key - */ - public PublicKey getEphemeralKey() - { - return ephemeralKey; - } - - /** - * return "ECMQV" - */ - public String getAlgorithm() - { - return "ECMQV"; - } - - /** - * return null - */ - public String getFormat() - { - return null; - } - - /** - * returns null - */ - public byte[] getEncoded() - { - return null; - } -} diff --git a/prov/src/main/java/org/bouncycastle/jce/spec/RepeatedSecretKeySpec.java b/prov/src/main/java/org/bouncycastle/jce/spec/RepeatedSecretKeySpec.java deleted file mode 100644 index 41110728..00000000 --- a/prov/src/main/java/org/bouncycastle/jce/spec/RepeatedSecretKeySpec.java +++ /dev/null @@ -1,17 +0,0 @@ -package org.bouncycastle.jce.spec; - -/** - * A simple object to indicate that a symmetric cipher should reuse the - * last key provided. - * @deprecated use super class org.bouncycastle.jcajce.spec.RepeatedSecretKeySpec - */ -public class RepeatedSecretKeySpec - extends org.bouncycastle.jcajce.spec.RepeatedSecretKeySpec -{ - private String algorithm; - - public RepeatedSecretKeySpec(String algorithm) - { - super(algorithm); - } -} diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/BouncyCastlePQCProvider.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/BouncyCastlePQCProvider.java deleted file mode 100644 index 340f0325..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/BouncyCastlePQCProvider.java +++ /dev/null @@ -1,157 +0,0 @@ -package org.bouncycastle.pqc.jcajce.provider; - -import java.io.IOException; -import java.security.AccessController; -import java.security.PrivateKey; -import java.security.PrivilegedAction; -import java.security.Provider; -import java.security.PublicKey; -import java.util.HashMap; -import java.util.Map; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.config.ProviderConfiguration; -import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; -import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter; - -public class BouncyCastlePQCProvider - extends Provider - implements ConfigurableProvider -{ - private static String info = "BouncyCastle Post-Quantum Security Provider v1.50"; - - public static String PROVIDER_NAME = "BCPQC"; - - public static final ProviderConfiguration CONFIGURATION = null; - - - private static final Map keyInfoConverters = new HashMap(); - - /* - * Configurable symmetric ciphers - */ - private static final String ALGORITHM_PACKAGE = "org.bouncycastle.pqc.jcajce.provider."; - private static final String[] ALGORITHMS = - { - "Rainbow", "McEliece" - }; - - /** - * Construct a new provider. This should only be required when - * using runtime registration of the provider using the - * <code>Security.addProvider()</code> mechanism. - */ - public BouncyCastlePQCProvider() - { - super(PROVIDER_NAME, 1.50, info); - - AccessController.doPrivileged(new PrivilegedAction() - { - public Object run() - { - setup(); - return null; - } - }); - } - - private void setup() - { - loadAlgorithms(ALGORITHM_PACKAGE, ALGORITHMS); - } - - private void loadAlgorithms(String packageName, String[] names) - { - for (int i = 0; i != names.length; i++) - { - Class clazz = null; - try - { - ClassLoader loader = this.getClass().getClassLoader(); - - if (loader != null) - { - clazz = loader.loadClass(packageName + names[i] + "$Mappings"); - } - else - { - clazz = Class.forName(packageName + names[i] + "$Mappings"); - } - } - catch (ClassNotFoundException e) - { - // ignore - } - - if (clazz != null) - { - try - { - ((AlgorithmProvider)clazz.newInstance()).configure(this); - } - catch (Exception e) - { // this should never ever happen!! - throw new InternalError("cannot create instance of " - + packageName + names[i] + "$Mappings : " + e); - } - } - } - } - - public void setParameter(String parameterName, Object parameter) - { - synchronized (CONFIGURATION) - { - //((BouncyCastleProviderConfiguration)CONFIGURATION).setParameter(parameterName, parameter); - } - } - - public boolean hasAlgorithm(String type, String name) - { - return containsKey(type + "." + name) || containsKey("Alg.Alias." + type + "." + name); - } - - public void addAlgorithm(String key, String value) - { - if (containsKey(key)) - { - throw new IllegalStateException("duplicate provider key (" + key + ") found"); - } - - put(key, value); - } - - public void addKeyInfoConverter(ASN1ObjectIdentifier oid, AsymmetricKeyInfoConverter keyInfoConverter) - { - keyInfoConverters.put(oid, keyInfoConverter); - } - - public static PublicKey getPublicKey(SubjectPublicKeyInfo publicKeyInfo) - throws IOException - { - AsymmetricKeyInfoConverter converter = (AsymmetricKeyInfoConverter)keyInfoConverters.get(publicKeyInfo.getAlgorithm().getAlgorithm()); - - if (converter == null) - { - return null; - } - - return converter.generatePublic(publicKeyInfo); - } - - public static PrivateKey getPrivateKey(PrivateKeyInfo privateKeyInfo) - throws IOException - { - AsymmetricKeyInfoConverter converter = (AsymmetricKeyInfoConverter)keyInfoConverters.get(privateKeyInfo.getPrivateKeyAlgorithm().getAlgorithm()); - - if (converter == null) - { - return null; - } - - return converter.generatePrivate(privateKeyInfo); - } -} diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/McEliece.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/McEliece.java deleted file mode 100644 index cb5f648b..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/McEliece.java +++ /dev/null @@ -1,62 +0,0 @@ -package org.bouncycastle.pqc.jcajce.provider; - -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider; -import org.bouncycastle.pqc.asn1.PQCObjectIdentifiers; - -public class McEliece -{ - private static final String PREFIX = "org.bouncycastle.pqc.jcajce.provider" + ".mceliece."; - - public static class Mappings - extends AsymmetricAlgorithmProvider - { - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - // McElieceKobaraImai - provider.addAlgorithm("KeyPairGenerator.McElieceKobaraImai", PREFIX + "McElieceKeyPairGeneratorSpi$McElieceCCA2"); - // McEliecePointcheval - provider.addAlgorithm("KeyPairGenerator.McEliecePointcheval", PREFIX + "McElieceKeyPairGeneratorSpi$McElieceCCA2"); - // McElieceFujisaki - provider.addAlgorithm("KeyPairGenerator.McElieceFujisaki", PREFIX + "McElieceKeyPairGeneratorSpi$McElieceCCA2"); - // McEliecePKCS - provider.addAlgorithm("KeyPairGenerator.McEliecePKCS", PREFIX + "McElieceKeyPairGeneratorSpi$McEliece"); - - provider.addAlgorithm("KeyPairGenerator." + PQCObjectIdentifiers.mcEliece, PREFIX + "McElieceKeyPairGeneratorSpi$McEliece"); - provider.addAlgorithm("KeyPairGenerator." + PQCObjectIdentifiers.mcElieceCca2, PREFIX + "McElieceKeyPairGeneratorSpi$McElieceCCA2"); - - provider.addAlgorithm("Cipher.McEliecePointcheval", PREFIX + "McEliecePointchevalCipherSpi$McEliecePointcheval"); - provider.addAlgorithm("Cipher.McEliecePointchevalWithSHA1", PREFIX + "McEliecePointchevalCipherSpi$McEliecePointcheval"); - provider.addAlgorithm("Cipher.McEliecePointchevalWithSHA224", PREFIX + "McEliecePointchevalCipherSpi$McEliecePointcheval224"); - provider.addAlgorithm("Cipher.McEliecePointchevalWithSHA256", PREFIX + "McEliecePointchevalCipherSpi$McEliecePointcheval256"); - provider.addAlgorithm("Cipher.McEliecePointchevalWithSHA384", PREFIX + "McEliecePointchevalCipherSpi$McEliecePointcheval384"); - provider.addAlgorithm("Cipher.McEliecePointchevalWithSHA512", PREFIX + "McEliecePointchevalCipherSpi$McEliecePointcheval512"); - - provider.addAlgorithm("Cipher.McEliecePKCS", PREFIX + "McEliecePKCSCipherSpi$McEliecePKCS"); - provider.addAlgorithm("Cipher.McEliecePKCSWithSHA1", PREFIX + "McEliecePKCSCipherSpi$McEliecePKCS"); - provider.addAlgorithm("Cipher.McEliecePKCSWithSHA224", PREFIX + "McEliecePKCSCipherSpi$McEliecePKCS224"); - provider.addAlgorithm("Cipher.McEliecePKCSWithSHA256", PREFIX + "McEliecePKCSCipherSpi$McEliecePKCS256"); - provider.addAlgorithm("Cipher.McEliecePKCSWithSHA384", PREFIX + "McEliecePKCSCipherSpi$McEliecePKCS384"); - provider.addAlgorithm("Cipher.McEliecePKCSWithSHA512", PREFIX + "McEliecePKCSCipherSpi$McEliecePKCS512"); - - provider.addAlgorithm("Cipher.McElieceKobaraImai", PREFIX + "McElieceKobaraImaiCipherSpi$McElieceKobaraImai"); - provider.addAlgorithm("Cipher.McElieceKobaraImaiWithSHA1", PREFIX + "McElieceKobaraImaiCipherSpi$McElieceKobaraImai"); - provider.addAlgorithm("Cipher.McElieceKobaraImaiWithSHA224", PREFIX + "McElieceKobaraImaiCipherSpi$McElieceKobaraImai224"); - provider.addAlgorithm("Cipher.McElieceKobaraImaiWithSHA256", PREFIX + "McElieceKobaraImaiCipherSpi$McElieceKobaraImai256"); - provider.addAlgorithm("Cipher.McElieceKobaraImaiWithSHA384", PREFIX + "McElieceKobaraImaiCipherSpi$McElieceKobaraImai384"); - provider.addAlgorithm("Cipher.McElieceKobaraImaiWithSHA512", PREFIX + "McElieceKobaraImaiCipherSpi$McElieceKobaraImai512"); - - provider.addAlgorithm("Cipher.McElieceFujisaki", PREFIX + "McElieceFujisakiCipherSpi$McElieceFujisaki"); - provider.addAlgorithm("Cipher.McElieceFujisakiWithSHA1", PREFIX + "McElieceFujisakiCipherSpi$McElieceFujisaki"); - provider.addAlgorithm("Cipher.McElieceFujisakiWithSHA224", PREFIX + "McElieceFujisakiCipherSpi$McElieceFujisaki224"); - provider.addAlgorithm("Cipher.McElieceFujisakiWithSHA256", PREFIX + "McElieceFujisakiCipherSpi$McElieceFujisaki256"); - provider.addAlgorithm("Cipher.McElieceFujisakiWithSHA384", PREFIX + "McElieceFujisakiCipherSpi$McElieceFujisaki384"); - provider.addAlgorithm("Cipher.McElieceFujisakiWithSHA512", PREFIX + "McElieceFujisakiCipherSpi$McElieceFujisaki512"); - - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/Rainbow.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/Rainbow.java deleted file mode 100644 index 2a660285..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/Rainbow.java +++ /dev/null @@ -1,36 +0,0 @@ -package org.bouncycastle.pqc.jcajce.provider; - -import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; -import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider; -import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter; -import org.bouncycastle.pqc.asn1.PQCObjectIdentifiers; -import org.bouncycastle.pqc.jcajce.provider.rainbow.RainbowKeyFactorySpi; - -public class Rainbow -{ - private static final String PREFIX = "org.bouncycastle.pqc.jcajce.provider" + ".rainbow."; - - public static class Mappings - extends AsymmetricAlgorithmProvider - { - public Mappings() - { - } - - public void configure(ConfigurableProvider provider) - { - provider.addAlgorithm("KeyFactory.Rainbow", PREFIX + "RainbowKeyFactorySpi"); - provider.addAlgorithm("KeyPairGenerator.Rainbow", PREFIX + "RainbowKeyPairGeneratorSpi"); - - addSignatureAlgorithm(provider, "SHA224", "Rainbow", PREFIX + "SignatureSpi$withSha224", PQCObjectIdentifiers.rainbowWithSha224); - addSignatureAlgorithm(provider, "SHA256", "Rainbow", PREFIX + "SignatureSpi$withSha256", PQCObjectIdentifiers.rainbowWithSha256); - addSignatureAlgorithm(provider, "SHA384", "Rainbow", PREFIX + "SignatureSpi$withSha384", PQCObjectIdentifiers.rainbowWithSha384); - addSignatureAlgorithm(provider, "SHA512", "Rainbow", PREFIX + "SignatureSpi$withSha512", PQCObjectIdentifiers.rainbowWithSha512); - - AsymmetricKeyInfoConverter keyFact = new RainbowKeyFactorySpi(); - - registerOid(provider, PQCObjectIdentifiers.rainbow, "Rainbow", keyFact); - registerOidAlgorithmParameters(provider, PQCObjectIdentifiers.rainbow, "Rainbow"); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/gmss/BCGMSSPublicKey.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/gmss/BCGMSSPublicKey.java deleted file mode 100644 index eacefaba..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/gmss/BCGMSSPublicKey.java +++ /dev/null @@ -1,131 +0,0 @@ -package org.bouncycastle.pqc.jcajce.provider.gmss; - -import java.security.PublicKey; - -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.pqc.asn1.GMSSPublicKey; -import org.bouncycastle.pqc.asn1.PQCObjectIdentifiers; -import org.bouncycastle.pqc.asn1.ParSet; -import org.bouncycastle.pqc.crypto.gmss.GMSSParameters; -import org.bouncycastle.pqc.crypto.gmss.GMSSPublicKeyParameters; -import org.bouncycastle.pqc.jcajce.provider.util.KeyUtil; -import org.bouncycastle.pqc.jcajce.spec.GMSSPublicKeySpec; -import org.bouncycastle.util.encoders.Hex; - -/** - * This class implements the GMSS public key and is usually initiated by the <a - * href="GMSSKeyPairGenerator">GMSSKeyPairGenerator</a>. - * - * @see org.bouncycastle.pqc.crypto.gmss.GMSSKeyPairGenerator - * @see org.bouncycastle.pqc.jcajce.spec.GMSSPublicKeySpec - */ -public class BCGMSSPublicKey - implements CipherParameters, PublicKey -{ - - /** - * - */ - private static final long serialVersionUID = 1L; - - /** - * The GMSS public key - */ - private byte[] publicKeyBytes; - - /** - * The GMSSParameterSet - */ - private GMSSParameters gmssParameterSet; - - - private GMSSParameters gmssParams; - - /** - * The constructor - * - * @param pub a raw GMSS public key - * @param gmssParameterSet an instance of GMSS Parameterset - * @see org.bouncycastle.pqc.crypto.gmss.GMSSKeyPairGenerator - */ - public BCGMSSPublicKey(byte[] pub, GMSSParameters gmssParameterSet) - { - this.gmssParameterSet = gmssParameterSet; - this.publicKeyBytes = pub; - } - - /** - * The constructor - * - * @param keySpec a GMSS key specification - */ - protected BCGMSSPublicKey(GMSSPublicKeySpec keySpec) - { - this(keySpec.getPublicKey(), keySpec.getParameters()); - } - - public BCGMSSPublicKey( - GMSSPublicKeyParameters params) - { - this(params.getPublicKey(), params.getParameters()); - } - - /** - * Returns the name of the algorithm - * - * @return "GMSS" - */ - public String getAlgorithm() - { - return "GMSS"; - } - - /** - * @return The GMSS public key byte array - */ - public byte[] getPublicKeyBytes() - { - return publicKeyBytes; - } - - /** - * @return The GMSS Parameterset - */ - public GMSSParameters getParameterSet() - { - return gmssParameterSet; - } - - /** - * Returns a human readable form of the GMSS public key - * - * @return A human readable form of the GMSS public key - */ - public String toString() - { - String out = "GMSS public key : " - + new String(Hex.encode(publicKeyBytes)) + "\n" - + "Height of Trees: \n"; - - for (int i = 0; i < gmssParameterSet.getHeightOfTrees().length; i++) - { - out = out + "Layer " + i + " : " - + gmssParameterSet.getHeightOfTrees()[i] - + " WinternitzParameter: " - + gmssParameterSet.getWinternitzParameter()[i] + " K: " - + gmssParameterSet.getK()[i] + "\n"; - } - return out; - } - - public byte[] getEncoded() - { - return KeyUtil.getEncodedSubjectPublicKeyInfo(new AlgorithmIdentifier(PQCObjectIdentifiers.gmss, new ParSet(gmssParameterSet.getNumOfLayers(), gmssParameterSet.getHeightOfTrees(), gmssParameterSet.getWinternitzParameter(), gmssParameterSet.getK()).toASN1Primitive()), new GMSSPublicKey(publicKeyBytes)); - } - - public String getFormat() - { - return "X.509"; - } -} diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/BCMcElieceCCA2PrivateKey.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/BCMcElieceCCA2PrivateKey.java deleted file mode 100644 index 72400de3..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/BCMcElieceCCA2PrivateKey.java +++ /dev/null @@ -1,307 +0,0 @@ -package org.bouncycastle.pqc.jcajce.provider.mceliece; - -import java.io.IOException; -import java.security.PrivateKey; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.pqc.asn1.McElieceCCA2PrivateKey; -import org.bouncycastle.pqc.crypto.mceliece.McElieceCCA2KeyPairGenerator; -import org.bouncycastle.pqc.crypto.mceliece.McElieceCCA2Parameters; -import org.bouncycastle.pqc.crypto.mceliece.McElieceCCA2PrivateKeyParameters; -import org.bouncycastle.pqc.jcajce.spec.McElieceCCA2PrivateKeySpec; -import org.bouncycastle.pqc.math.linearalgebra.GF2Matrix; -import org.bouncycastle.pqc.math.linearalgebra.GF2mField; -import org.bouncycastle.pqc.math.linearalgebra.Permutation; -import org.bouncycastle.pqc.math.linearalgebra.PolynomialGF2mSmallM; - -/** - * This class implements a McEliece CCA2 private key and is usually instantiated - * by the {@link McElieceCCA2KeyPairGenerator} or {@link McElieceCCA2KeyFactorySpi}. - * - * @see McElieceCCA2KeyPairGenerator - */ -public class BCMcElieceCCA2PrivateKey - implements CipherParameters, PrivateKey -{ - - - /** - * - */ - private static final long serialVersionUID = 1L; - - // the OID of the algorithm - private String oid; - - // the length of the code - private int n; - - // the dimension of the code, k>=n-mt - private int k; - - // the finte field GF(2^m) - private GF2mField field; - - // the irreducible Goppa polynomial - private PolynomialGF2mSmallM goppaPoly; - - // the permutation - private Permutation p; - - // the canonical check matrix - private GF2Matrix h; - - // the matrix used to compute square roots in (GF(2^m))^t - private PolynomialGF2mSmallM[] qInv; - - private McElieceCCA2Parameters mcElieceCCA2Params; - - /** - * Constructor (used by the {@link McElieceCCA2KeyPairGenerator}). - * - * @param n the length of the code - * @param k the dimension of the code - * @param field the field polynomial - * @param gp the irreducible Goppa polynomial - * @param p the permutation - * @param h the canonical check matrix - * @param qInv the matrix used to compute square roots in - * <tt>(GF(2^m))^t</tt> - */ - public BCMcElieceCCA2PrivateKey(String oid, int n, int k, GF2mField field, - PolynomialGF2mSmallM gp, Permutation p, GF2Matrix h, - PolynomialGF2mSmallM[] qInv) - { - this.oid = oid; - this.n = n; - this.k = k; - this.field = field; - this.goppaPoly = gp; - this.p = p; - this.h = h; - this.qInv = qInv; - } - - /** - * Constructor (used by the {@link McElieceCCA2KeyFactorySpi}). - * - * @param keySpec a {@link McElieceCCA2PrivateKeySpec} - */ - public BCMcElieceCCA2PrivateKey(McElieceCCA2PrivateKeySpec keySpec) - { - this(keySpec.getOIDString(), keySpec.getN(), keySpec.getK(), keySpec.getField(), keySpec - .getGoppaPoly(), keySpec.getP(), keySpec.getH(), keySpec - .getQInv()); - } - - public BCMcElieceCCA2PrivateKey(McElieceCCA2PrivateKeyParameters params) - { - this(params.getOIDString(), params.getN(), params.getK(), params.getField(), params.getGoppaPoly(), - params.getP(), params.getH(), params.getQInv()); - this.mcElieceCCA2Params = params.getParameters(); - } - - /** - * Return the name of the algorithm. - * - * @return "McEliece" - */ - public String getAlgorithm() - { - return "McEliece"; - } - - /** - * @return the length of the code - */ - public int getN() - { - return n; - } - - /** - * @return the dimension of the code - */ - public int getK() - { - return k; - } - - /** - * @return the degree of the Goppa polynomial (error correcting capability) - */ - public int getT() - { - return goppaPoly.getDegree(); - } - - /** - * @return the finite field - */ - public GF2mField getField() - { - return field; - } - - /** - * @return the irreducible Goppa polynomial - */ - public PolynomialGF2mSmallM getGoppaPoly() - { - return goppaPoly; - } - - /** - * @return the permutation vector - */ - public Permutation getP() - { - return p; - } - - /** - * @return the canonical check matrix - */ - public GF2Matrix getH() - { - return h; - } - - /** - * @return the matrix used to compute square roots in <tt>(GF(2^m))^t</tt> - */ - public PolynomialGF2mSmallM[] getQInv() - { - return qInv; - } - - /** - * @return a human readable form of the key - */ - public String toString() - { - String result = ""; - result += " extension degree of the field : " + n + "\n"; - result += " dimension of the code : " + k + "\n"; - result += " irreducible Goppa polynomial : " + goppaPoly + "\n"; - return result; - } - - /** - * Compare this key with another object. - * - * @param other the other object - * @return the result of the comparison - */ - public boolean equals(Object other) - { - if (other == null || !(other instanceof BCMcElieceCCA2PrivateKey)) - { - return false; - } - - BCMcElieceCCA2PrivateKey otherKey = (BCMcElieceCCA2PrivateKey)other; - - return (n == otherKey.n) && (k == otherKey.k) - && field.equals(otherKey.field) - && goppaPoly.equals(otherKey.goppaPoly) && p.equals(otherKey.p) - && h.equals(otherKey.h); - } - - /** - * @return the hash code of this key - */ - public int hashCode() - { - return k + n + field.hashCode() + goppaPoly.hashCode() + p.hashCode() - + h.hashCode(); - } - - /** - * @return the OID of the algorithm - */ - public String getOIDString() - { - return oid; - } - - /** - * @return the OID to encode in the SubjectPublicKeyInfo structure - */ - protected ASN1ObjectIdentifier getOID() - { - return new ASN1ObjectIdentifier(McElieceCCA2KeyFactorySpi.OID); - } - - /** - * @return the algorithm parameters to encode in the SubjectPublicKeyInfo - * structure - */ - protected ASN1Primitive getAlgParams() - { - return null; // FIXME: needed at all? - } - - - /** - * Return the keyData to encode in the SubjectPublicKeyInfo structure. - * <p/> - * The ASN.1 definition of the key structure is - * <p/> - * <pre> - * McEliecePrivateKey ::= SEQUENCE { - * m INTEGER -- extension degree of the field - * k INTEGER -- dimension of the code - * field OCTET STRING -- field polynomial - * goppaPoly OCTET STRING -- irreducible Goppa polynomial - * p OCTET STRING -- permutation vector - * matrixH OCTET STRING -- canonical check matrix - * sqRootMatrix SEQUENCE OF OCTET STRING -- square root matrix - * } - * </pre> - * - * @return the keyData to encode in the SubjectPublicKeyInfo structure - */ - public byte[] getEncoded() - { - McElieceCCA2PrivateKey privateKey = new McElieceCCA2PrivateKey(new ASN1ObjectIdentifier(oid), n, k, field, goppaPoly, p, h, qInv); - PrivateKeyInfo pki; - try - { - AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(this.getOID(), DERNull.INSTANCE); - pki = new PrivateKeyInfo(algorithmIdentifier, privateKey); - } - catch (IOException e) - { - e.printStackTrace(); - return null; - } - try - { - byte[] encoded = pki.getEncoded(); - return encoded; - } - catch (IOException e) - { - e.printStackTrace(); - return null; - } - } - - public String getFormat() - { - // TODO Auto-generated method stub - return null; - } - - public McElieceCCA2Parameters getMcElieceCCA2Parameters() - { - return mcElieceCCA2Params; - } - -} diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/BCMcElieceCCA2PublicKey.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/BCMcElieceCCA2PublicKey.java deleted file mode 100644 index 3646933c..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/BCMcElieceCCA2PublicKey.java +++ /dev/null @@ -1,227 +0,0 @@ -package org.bouncycastle.pqc.jcajce.provider.mceliece; - - -import java.io.IOException; -import java.security.PublicKey; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.pqc.asn1.McElieceCCA2PublicKey; -import org.bouncycastle.pqc.crypto.mceliece.McElieceCCA2KeyPairGenerator; -import org.bouncycastle.pqc.crypto.mceliece.McElieceCCA2Parameters; -import org.bouncycastle.pqc.crypto.mceliece.McElieceCCA2PublicKeyParameters; -import org.bouncycastle.pqc.jcajce.spec.McElieceCCA2PublicKeySpec; -import org.bouncycastle.pqc.math.linearalgebra.GF2Matrix; - -/** - * This class implements a McEliece CCA2 public key and is usually instantiated - * by the {@link McElieceCCA2KeyPairGenerator} or {@link McElieceCCA2KeyFactorySpi}. - */ -public class BCMcElieceCCA2PublicKey - implements CipherParameters, PublicKey -{ - - /** - * - */ - private static final long serialVersionUID = 1L; - - // the OID of the algorithm - private String oid; - - // the length of the code - private int n; - - // the error correction capability of the code - private int t; - - // the generator matrix - private GF2Matrix g; - - private McElieceCCA2Parameters McElieceCCA2Params; - - /** - * Constructor (used by the {@link McElieceCCA2KeyPairGenerator}). - * - * @param n the length of the code - * @param t the error correction capability of the code - * @param g the generator matrix - */ - public BCMcElieceCCA2PublicKey(String oid, int n, int t, GF2Matrix g) - { - this.oid = oid; - this.n = n; - this.t = t; - this.g = g; - } - - /** - * Constructor (used by the {@link McElieceCCA2KeyFactorySpi}). - * - * @param keySpec a {@link McElieceCCA2PublicKeySpec} - */ - public BCMcElieceCCA2PublicKey(McElieceCCA2PublicKeySpec keySpec) - { - this(keySpec.getOIDString(), keySpec.getN(), keySpec.getT(), keySpec.getMatrixG()); - } - - public BCMcElieceCCA2PublicKey(McElieceCCA2PublicKeyParameters params) - { - this(params.getOIDString(), params.getN(), params.getT(), params.getMatrixG()); - this.McElieceCCA2Params = params.getParameters(); - } - - /** - * Return the name of the algorithm. - * - * @return "McEliece" - */ - public String getAlgorithm() - { - return "McEliece"; - } - - /** - * @return the length of the code - */ - public int getN() - { - return n; - } - - /** - * @return the dimension of the code - */ - public int getK() - { - return g.getNumRows(); - } - - /** - * @return the error correction capability of the code - */ - public int getT() - { - return t; - } - - /** - * @return the generator matrix - */ - public GF2Matrix getG() - { - return g; - } - - /** - * @return a human readable form of the key - */ - public String toString() - { - String result = "McEliecePublicKey:\n"; - result += " length of the code : " + n + "\n"; - result += " error correction capability: " + t + "\n"; - result += " generator matrix : " + g.toString(); - return result; - } - - /** - * Compare this key with another object. - * - * @param other the other object - * @return the result of the comparison - */ - public boolean equals(Object other) - { - if (other == null || !(other instanceof BCMcElieceCCA2PublicKey)) - { - return false; - } - - BCMcElieceCCA2PublicKey otherKey = (BCMcElieceCCA2PublicKey)other; - - return (n == otherKey.n) && (t == otherKey.t) && (g.equals(otherKey.g)); - } - - /** - * @return the hash code of this key - */ - public int hashCode() - { - return n + t + g.hashCode(); - } - - /** - * @return the OID of the algorithm - */ - public String getOIDString() - { - return oid; - } - - /** - * @return the OID to encode in the SubjectPublicKeyInfo structure - */ - protected ASN1ObjectIdentifier getOID() - { - return new ASN1ObjectIdentifier(McElieceCCA2KeyFactorySpi.OID); - } - - /** - * @return the algorithm parameters to encode in the SubjectPublicKeyInfo - * structure - */ - protected ASN1Primitive getAlgParams() - { - return null; // FIXME: needed at all? - } - - /** - * Return the keyData to encode in the SubjectPublicKeyInfo structure. - * <p/> - * The ASN.1 definition of the key structure is - * <p/> - * <pre> - * McEliecePublicKey ::= SEQUENCE { - * n Integer -- length of the code - * t Integer -- error correcting capability - * matrixG OctetString -- generator matrix as octet string - * } - * </pre> - * - * @return the keyData to encode in the SubjectPublicKeyInfo structure - */ - public byte[] getEncoded() - { - McElieceCCA2PublicKey key = new McElieceCCA2PublicKey(new ASN1ObjectIdentifier(oid), n, t, g); - AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(this.getOID(), DERNull.INSTANCE); - - try - { - SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(algorithmIdentifier, key); - - return subjectPublicKeyInfo.getEncoded(); - } - catch (IOException e) - { - return null; - } - - } - - public String getFormat() - { - // TODO Auto-generated method stub - return null; - } - - public McElieceCCA2Parameters getMcElieceCCA2Parameters() - { - return McElieceCCA2Params; - } - -} diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/BCMcEliecePrivateKey.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/BCMcEliecePrivateKey.java deleted file mode 100644 index be93b311..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/BCMcEliecePrivateKey.java +++ /dev/null @@ -1,334 +0,0 @@ -package org.bouncycastle.pqc.jcajce.provider.mceliece; - -import java.io.IOException; -import java.security.PrivateKey; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.pqc.asn1.McEliecePrivateKey; -import org.bouncycastle.pqc.crypto.mceliece.McElieceKeyPairGenerator; -import org.bouncycastle.pqc.crypto.mceliece.McElieceParameters; -import org.bouncycastle.pqc.crypto.mceliece.McEliecePrivateKeyParameters; -import org.bouncycastle.pqc.jcajce.spec.McEliecePrivateKeySpec; -import org.bouncycastle.pqc.math.linearalgebra.GF2Matrix; -import org.bouncycastle.pqc.math.linearalgebra.GF2mField; -import org.bouncycastle.pqc.math.linearalgebra.Permutation; -import org.bouncycastle.pqc.math.linearalgebra.PolynomialGF2mSmallM; - -/** - * This class implements a McEliece private key and is usually instantiated by - * the {@link McElieceKeyPairGenerator} or {@link McElieceKeyFactorySpi}. - */ -public class BCMcEliecePrivateKey - implements CipherParameters, PrivateKey -{ - - /** - * - */ - private static final long serialVersionUID = 1L; - - // the OID of the algorithm - private String oid; - - // the length of the code - private int n; - - // the dimension of the code, where <tt>k >= n - mt</tt> - private int k; - - // the underlying finite field - private GF2mField field; - - // the irreducible Goppa polynomial - private PolynomialGF2mSmallM goppaPoly; - - // the matrix S^-1 - private GF2Matrix sInv; - - // the permutation P1 used to generate the systematic check matrix - private Permutation p1; - - // the permutation P2 used to compute the public generator matrix - private Permutation p2; - - // the canonical check matrix of the code - private GF2Matrix h; - - // the matrix used to compute square roots in <tt>(GF(2^m))^t</tt> - private PolynomialGF2mSmallM[] qInv; - - private McElieceParameters mcElieceParams; - - - /** - * Constructor (used by the {@link McElieceKeyPairGenerator}). - * - * @param oid - * @param n the length of the code - * @param k the dimension of the code - * @param field the field polynomial defining the finite field - * <tt>GF(2<sup>m</sup>)</tt> - * @param goppaPoly the irreducible Goppa polynomial - * @param sInv the matrix <tt>S<sup>-1</sup></tt> - * @param p1 the permutation used to generate the systematic check - * matrix - * @param p2 the permutation used to compute the public generator - * matrix - * @param h the canonical check matrix - * @param qInv the matrix used to compute square roots in - * <tt>(GF(2<sup>m</sup>))<sup>t</sup></tt> - */ - public BCMcEliecePrivateKey(String oid, int n, int k, GF2mField field, - PolynomialGF2mSmallM goppaPoly, GF2Matrix sInv, Permutation p1, - Permutation p2, GF2Matrix h, PolynomialGF2mSmallM[] qInv) - { - this.oid = oid; - this.n = n; - this.k = k; - this.field = field; - this.goppaPoly = goppaPoly; - this.sInv = sInv; - this.p1 = p1; - this.p2 = p2; - this.h = h; - this.qInv = qInv; - } - - /** - * Constructor (used by the {@link McElieceKeyFactorySpi}). - * - * @param keySpec a {@link McEliecePrivateKeySpec} - */ - public BCMcEliecePrivateKey(McEliecePrivateKeySpec keySpec) - { - this(keySpec.getOIDString(), keySpec.getN(), keySpec.getK(), keySpec.getField(), keySpec - .getGoppaPoly(), keySpec.getSInv(), keySpec.getP1(), keySpec - .getP2(), keySpec.getH(), keySpec.getQInv()); - } - - public BCMcEliecePrivateKey(McEliecePrivateKeyParameters params) - { - this(params.getOIDString(), params.getN(), params.getK(), params.getField(), params.getGoppaPoly(), - params.getSInv(), params.getP1(), params.getP2(), params.getH(), params.getQInv()); - - this.mcElieceParams = params.getParameters(); - } - - - /** - * Return the name of the algorithm. - * - * @return "McEliece" - */ - public String getAlgorithm() - { - return "McEliece"; - } - - /** - * @return the length of the code - */ - public int getN() - { - return n; - } - - /** - * @return the dimension of the code - */ - public int getK() - { - return k; - } - - /** - * @return the finite field - */ - public GF2mField getField() - { - return field; - } - - /** - * @return the irreducible Goppa polynomial - */ - public PolynomialGF2mSmallM getGoppaPoly() - { - return goppaPoly; - } - - /** - * @return the k x k random binary non-singular matrix S - */ - public GF2Matrix getSInv() - { - return sInv; - } - - /** - * @return the permutation used to generate the systematic check matrix - */ - public Permutation getP1() - { - return p1; - } - - /** - * @return the permutation used to compute the public generator matrix - */ - public Permutation getP2() - { - return p2; - } - - /** - * @return the canonical check matrix - */ - public GF2Matrix getH() - { - return h; - } - - /** - * @return the matrix for computing square roots in <tt>(GF(2^m))^t</tt> - */ - public PolynomialGF2mSmallM[] getQInv() - { - return qInv; - } - - /** - * @return the OID of the algorithm - */ - public String getOIDString() - { - return oid; - } - - /** - * @return a human readable form of the key - */ - public String toString() - { - String result = " length of the code : " + n + "\n"; - result += " dimension of the code : " + k + "\n"; - result += " irreducible Goppa polynomial: " + goppaPoly + "\n"; - result += " (k x k)-matrix S^-1 : " + sInv + "\n"; - result += " permutation P1 : " + p1 + "\n"; - result += " permutation P2 : " + p2; - return result; - } - - /** - * Compare this key with another object. - * - * @param other the other object - * @return the result of the comparison - */ - public boolean equals(Object other) - { - if (!(other instanceof BCMcEliecePrivateKey)) - { - return false; - } - BCMcEliecePrivateKey otherKey = (BCMcEliecePrivateKey)other; - - return (n == otherKey.n) && (k == otherKey.k) - && field.equals(otherKey.field) - && goppaPoly.equals(otherKey.goppaPoly) - && sInv.equals(otherKey.sInv) && p1.equals(otherKey.p1) - && p2.equals(otherKey.p2) && h.equals(otherKey.h); - } - - /** - * @return the hash code of this key - */ - public int hashCode() - { - return k + n + field.hashCode() + goppaPoly.hashCode() - + sInv.hashCode() + p1.hashCode() + p2.hashCode() - + h.hashCode(); - } - - /** - * @return the OID to encode in the SubjectPublicKeyInfo structure - */ - protected ASN1ObjectIdentifier getOID() - { - return new ASN1ObjectIdentifier(McElieceKeyFactorySpi.OID); - } - - /** - * @return the algorithm parameters to encode in the SubjectPublicKeyInfo - * structure - */ - protected ASN1Primitive getAlgParams() - { - return null; // FIXME: needed at all? - } - - /** - * Return the key data to encode in the SubjectPublicKeyInfo structure. - * <p/> - * The ASN.1 definition of the key structure is - * <p/> - * <pre> - * McEliecePrivateKey ::= SEQUENCE { - * n INTEGER -- length of the code - * k INTEGER -- dimension of the code - * fieldPoly OCTET STRING -- field polynomial defining GF(2ˆm) - * goppaPoly OCTET STRING -- irreducible Goppa polynomial - * sInv OCTET STRING -- matrix Sˆ-1 - * p1 OCTET STRING -- permutation P1 - * p2 OCTET STRING -- permutation P2 - * h OCTET STRING -- canonical check matrix - * qInv SEQUENCE OF OCTET STRING -- matrix used to compute square roots - * } - * </pre> - * - * @return the key data to encode in the SubjectPublicKeyInfo structure - */ - public byte[] getEncoded() - { - McEliecePrivateKey privateKey = new McEliecePrivateKey(new ASN1ObjectIdentifier(oid), n, k, field, goppaPoly, sInv, p1, p2, h, qInv); - PrivateKeyInfo pki; - try - { - AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(this.getOID(), DERNull.INSTANCE); - pki = new PrivateKeyInfo(algorithmIdentifier, privateKey); - } - catch (IOException e) - { - e.printStackTrace(); - return null; - } - try - { - byte[] encoded = pki.getEncoded(); - return encoded; - } - catch (IOException e) - { - e.printStackTrace(); - return null; - } - } - - public String getFormat() - { - // TODO Auto-generated method stub - return null; - } - - public McElieceParameters getMcElieceParameters() - { - return mcElieceParams; - } - - -} diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/BCMcEliecePublicKey.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/BCMcEliecePublicKey.java deleted file mode 100644 index 4e278c9d..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/BCMcEliecePublicKey.java +++ /dev/null @@ -1,231 +0,0 @@ -package org.bouncycastle.pqc.jcajce.provider.mceliece; - -import java.io.IOException; -import java.security.PublicKey; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.pqc.asn1.McEliecePublicKey; -import org.bouncycastle.pqc.crypto.mceliece.McElieceKeyPairGenerator; -import org.bouncycastle.pqc.crypto.mceliece.McElieceParameters; -import org.bouncycastle.pqc.crypto.mceliece.McEliecePublicKeyParameters; -import org.bouncycastle.pqc.jcajce.spec.McEliecePublicKeySpec; -import org.bouncycastle.pqc.math.linearalgebra.GF2Matrix; - -/** - * This class implements a McEliece public key and is usually instantiated by - * the {@link McElieceKeyPairGenerator} or {@link McElieceKeyFactorySpi}. - */ -public class BCMcEliecePublicKey - implements CipherParameters, PublicKey -{ - - /** - * - */ - private static final long serialVersionUID = 1L; - - // the OID of the algorithm - private String oid; - - /** - * the length of the code - */ - private int n; - - /** - * the error correction capability of the code - */ - private int t; - - /** - * the generator matrix - */ - private GF2Matrix g; - - private McElieceParameters McElieceParams; - - /** - * Constructor (used by the {@link McElieceKeyPairGenerator}). - * - * @param oid - * @param n the length of the code - * @param t the error correction capability of the code - * @param g the generator matrix - */ - public BCMcEliecePublicKey(String oid, int n, int t, GF2Matrix g) - { - this.oid = oid; - this.n = n; - this.t = t; - this.g = g; - } - - /** - * Constructor (used by the {@link McElieceKeyFactorySpi}). - * - * @param keySpec a {@link McEliecePublicKeySpec} - */ - public BCMcEliecePublicKey(McEliecePublicKeySpec keySpec) - { - this(keySpec.getOIDString(), keySpec.getN(), keySpec.getT(), keySpec.getG()); - } - - public BCMcEliecePublicKey(McEliecePublicKeyParameters params) - { - this(params.getOIDString(), params.getN(), params.getT(), params.getG()); - this.McElieceParams = params.getParameters(); - } - - /** - * Return the name of the algorithm. - * - * @return "McEliece" - */ - public String getAlgorithm() - { - return "McEliece"; - } - - /** - * @return the length of the code - */ - public int getN() - { - return n; - } - - /** - * @return the dimension of the code - */ - public int getK() - { - return g.getNumRows(); - } - - /** - * @return the error correction capability of the code - */ - public int getT() - { - return t; - } - - /** - * @return the generator matrix - */ - public GF2Matrix getG() - { - return g; - } - - /** - * @return a human readable form of the key - */ - public String toString() - { - String result = "McEliecePublicKey:\n"; - result += " length of the code : " + n + "\n"; - result += " error correction capability: " + t + "\n"; - result += " generator matrix : " + g.toString(); - return result; - } - - /** - * Compare this key with another object. - * - * @param other the other object - * @return the result of the comparison - */ - public boolean equals(Object other) - { - if (!(other instanceof BCMcEliecePublicKey)) - { - return false; - } - BCMcEliecePublicKey otherKey = (BCMcEliecePublicKey)other; - - return (n == otherKey.n) && (t == otherKey.t) && g.equals(otherKey.g); - } - - /** - * @return the hash code of this key - */ - public int hashCode() - { - return n + t + g.hashCode(); - } - - - /** - * @return the OID of the algorithm - */ - public String getOIDString() - { - return oid; - } - - /** - * @return the OID to encode in the SubjectPublicKeyInfo structure - */ - protected ASN1ObjectIdentifier getOID() - { - return new ASN1ObjectIdentifier(McElieceKeyFactorySpi.OID); - } - - /** - * @return the algorithm parameters to encode in the SubjectPublicKeyInfo - * structure - */ - protected ASN1Primitive getAlgParams() - { - return null; // FIXME: needed at all? - } - - - /** - * Return the keyData to encode in the SubjectPublicKeyInfo structure. - * <p/> - * The ASN.1 definition of the key structure is - * <p/> - * <pre> - * McEliecePublicKey ::= SEQUENCE { - * n Integer -- length of the code - * t Integer -- error correcting capability - * matrixG OctetString -- generator matrix as octet string - * } - * </pre> - * - * @return the keyData to encode in the SubjectPublicKeyInfo structure - */ - public byte[] getEncoded() - { - McEliecePublicKey key = new McEliecePublicKey(new ASN1ObjectIdentifier(oid), n, t, g); - AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(this.getOID(), DERNull.INSTANCE); - - try - { - SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(algorithmIdentifier, key); - - return subjectPublicKeyInfo.getEncoded(); - } - catch (IOException e) - { - return null; - } - } - - public String getFormat() - { - return null; - } - - public McElieceParameters getMcElieceParameters() - { - return McElieceParams; - } -} diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceCCA2KeyFactorySpi.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceCCA2KeyFactorySpi.java deleted file mode 100644 index c6ca7c2b..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceCCA2KeyFactorySpi.java +++ /dev/null @@ -1,346 +0,0 @@ -package org.bouncycastle.pqc.jcajce.provider.mceliece; - -import java.io.IOException; -import java.math.BigInteger; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.KeyFactorySpi; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.KeySpec; -import java.security.spec.PKCS8EncodedKeySpec; -import java.security.spec.X509EncodedKeySpec; - -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.pqc.asn1.McElieceCCA2PrivateKey; -import org.bouncycastle.pqc.asn1.McElieceCCA2PublicKey; -import org.bouncycastle.pqc.jcajce.spec.McElieceCCA2PrivateKeySpec; -import org.bouncycastle.pqc.jcajce.spec.McElieceCCA2PublicKeySpec; - -/** - * This class is used to translate between McEliece CCA2 keys and key - * specifications. - * - * @see BCMcElieceCCA2PrivateKey - * @see McElieceCCA2PrivateKeySpec - * @see BCMcElieceCCA2PublicKey - * @see McElieceCCA2PublicKeySpec - */ -public class McElieceCCA2KeyFactorySpi - extends KeyFactorySpi -{ - - /** - * The OID of the algorithm. - */ - public static final String OID = "1.3.6.1.4.1.8301.3.1.3.4.2"; - - /** - * Converts, if possible, a key specification into a - * {@link BCMcElieceCCA2PublicKey}. Currently, the following key - * specifications are supported: {@link McElieceCCA2PublicKeySpec}, - * {@link X509EncodedKeySpec}. - * - * @param keySpec the key specification - * @return the McEliece CCA2 public key - * @throws InvalidKeySpecException if the key specification is not supported. - */ - public PublicKey generatePublic(KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof McElieceCCA2PublicKeySpec) - { - return new BCMcElieceCCA2PublicKey( - (McElieceCCA2PublicKeySpec)keySpec); - } - else if (keySpec instanceof X509EncodedKeySpec) - { - // get the DER-encoded Key according to X.509 from the spec - byte[] encKey = ((X509EncodedKeySpec)keySpec).getEncoded(); - - // decode the SubjectPublicKeyInfo data structure to the pki object - SubjectPublicKeyInfo pki; - try - { - pki = SubjectPublicKeyInfo.getInstance(ASN1Primitive.fromByteArray(encKey)); - } - catch (IOException e) - { - throw new InvalidKeySpecException(e.toString()); - } - - - try - { - // --- Build and return the actual key. - ASN1Primitive innerType = pki.parsePublicKey(); - ASN1Sequence publicKey = (ASN1Sequence)innerType; - - // decode oidString (but we don't need it right now) - String oidString = ((ASN1ObjectIdentifier)publicKey.getObjectAt(0)) - .toString(); - - // decode <n> - BigInteger bigN = ((ASN1Integer)publicKey.getObjectAt(1)).getValue(); - int n = bigN.intValue(); - - // decode <t> - BigInteger bigT = ((ASN1Integer)publicKey.getObjectAt(2)).getValue(); - int t = bigT.intValue(); - - // decode <matrixG> - byte[] matrixG = ((ASN1OctetString)publicKey.getObjectAt(3)).getOctets(); - - return new BCMcElieceCCA2PublicKey(new McElieceCCA2PublicKeySpec( - OID, n, t, matrixG)); - } - catch (IOException cce) - { - throw new InvalidKeySpecException( - "Unable to decode X509EncodedKeySpec: " - + cce.getMessage()); - } - } - - throw new InvalidKeySpecException("Unsupported key specification: " - + keySpec.getClass() + "."); - } - - /** - * Converts, if possible, a key specification into a - * {@link BCMcElieceCCA2PrivateKey}. Currently, the following key - * specifications are supported: {@link McElieceCCA2PrivateKeySpec}, - * {@link PKCS8EncodedKeySpec}. - * - * @param keySpec the key specification - * @return the McEliece CCA2 private key - * @throws InvalidKeySpecException if the KeySpec is not supported. - */ - public PrivateKey generatePrivate(KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof McElieceCCA2PrivateKeySpec) - { - return new BCMcElieceCCA2PrivateKey( - (McElieceCCA2PrivateKeySpec)keySpec); - } - else if (keySpec instanceof PKCS8EncodedKeySpec) - { - // get the DER-encoded Key according to PKCS#8 from the spec - byte[] encKey = ((PKCS8EncodedKeySpec)keySpec).getEncoded(); - - // decode the PKCS#8 data structure to the pki object - PrivateKeyInfo pki; - - try - { - pki = PrivateKeyInfo.getInstance(ASN1Primitive.fromByteArray(encKey)); - } - catch (IOException e) - { - throw new InvalidKeySpecException("Unable to decode PKCS8EncodedKeySpec: " + e); - } - - try - { - // get the inner type inside the BIT STRING - ASN1Primitive innerType = pki.parsePrivateKey().toASN1Primitive(); - - // build and return the actual key - ASN1Sequence privKey = (ASN1Sequence)innerType; - - // decode oidString (but we don't need it right now) - String oidString = ((ASN1ObjectIdentifier)privKey.getObjectAt(0)) - .toString(); - - // decode <n> - BigInteger bigN = ((ASN1Integer)privKey.getObjectAt(1)).getValue(); - int n = bigN.intValue(); - - // decode <k> - BigInteger bigK = ((ASN1Integer)privKey.getObjectAt(2)).getValue(); - int k = bigK.intValue(); - - - // decode <fieldPoly> - byte[] encFieldPoly = ((ASN1OctetString)privKey.getObjectAt(3)) - .getOctets(); - // decode <goppaPoly> - byte[] encGoppaPoly = ((ASN1OctetString)privKey.getObjectAt(4)) - .getOctets(); - // decode <p> - byte[] encP = ((ASN1OctetString)privKey.getObjectAt(5)).getOctets(); - // decode <h> - byte[] encH = ((ASN1OctetString)privKey.getObjectAt(6)).getOctets(); - // decode <qInv> - ASN1Sequence qSeq = (ASN1Sequence)privKey.getObjectAt(7); - byte[][] encQInv = new byte[qSeq.size()][]; - for (int i = 0; i < qSeq.size(); i++) - { - encQInv[i] = ((ASN1OctetString)qSeq.getObjectAt(i)).getOctets(); - } - - return new BCMcElieceCCA2PrivateKey( - new McElieceCCA2PrivateKeySpec(OID, n, k, encFieldPoly, - encGoppaPoly, encP, encH, encQInv)); - - } - catch (IOException cce) - { - throw new InvalidKeySpecException( - "Unable to decode PKCS8EncodedKeySpec."); - } - } - - throw new InvalidKeySpecException("Unsupported key specification: " - + keySpec.getClass() + "."); - } - - /** - * Converts, if possible, a given key into a key specification. Currently, - * the following key specifications are supported: - * <ul> - * <li>for McElieceCCA2PublicKey: {@link X509EncodedKeySpec}, - * {@link McElieceCCA2PublicKeySpec}</li> - * <li>for McElieceCCA2PrivateKey: {@link PKCS8EncodedKeySpec}, - * {@link McElieceCCA2PrivateKeySpec}</li>. - * </ul> - * - * @param key the key - * @param keySpec the key specification - * @return the specification of the McEliece CCA2 key - * @throws InvalidKeySpecException if the key type or the key specification is not - * supported. - * @see BCMcElieceCCA2PrivateKey - * @see McElieceCCA2PrivateKeySpec - * @see BCMcElieceCCA2PublicKey - * @see McElieceCCA2PublicKeySpec - */ - public KeySpec getKeySpec(Key key, Class keySpec) - throws InvalidKeySpecException - { - if (key instanceof BCMcElieceCCA2PrivateKey) - { - if (PKCS8EncodedKeySpec.class.isAssignableFrom(keySpec)) - { - return new PKCS8EncodedKeySpec(key.getEncoded()); - } - else if (McElieceCCA2PrivateKeySpec.class - .isAssignableFrom(keySpec)) - { - BCMcElieceCCA2PrivateKey privKey = (BCMcElieceCCA2PrivateKey)key; - return new McElieceCCA2PrivateKeySpec(OID, privKey.getN(), privKey - .getK(), privKey.getField(), privKey.getGoppaPoly(), - privKey.getP(), privKey.getH(), privKey.getQInv()); - } - } - else if (key instanceof BCMcElieceCCA2PublicKey) - { - if (X509EncodedKeySpec.class.isAssignableFrom(keySpec)) - { - return new X509EncodedKeySpec(key.getEncoded()); - } - else if (McElieceCCA2PublicKeySpec.class - .isAssignableFrom(keySpec)) - { - BCMcElieceCCA2PublicKey pubKey = (BCMcElieceCCA2PublicKey)key; - return new McElieceCCA2PublicKeySpec(OID, pubKey.getN(), pubKey - .getT(), pubKey.getG()); - } - } - else - { - throw new InvalidKeySpecException("Unsupported key type: " - + key.getClass() + "."); - } - - throw new InvalidKeySpecException("Unknown key specification: " - + keySpec + "."); - } - - /** - * Translates a key into a form known by the FlexiProvider. Currently, only - * the following "source" keys are supported: {@link BCMcElieceCCA2PrivateKey}, - * {@link BCMcElieceCCA2PublicKey}. - * - * @param key the key - * @return a key of a known key type - * @throws InvalidKeyException if the key type is not supported. - */ - public Key translateKey(Key key) - throws InvalidKeyException - { - if ((key instanceof BCMcElieceCCA2PrivateKey) - || (key instanceof BCMcElieceCCA2PublicKey)) - { - return key; - } - throw new InvalidKeyException("Unsupported key type."); - - } - - - public PublicKey generatePublic(SubjectPublicKeyInfo pki) - throws InvalidKeySpecException - { - // get the inner type inside the BIT STRING - try - { - ASN1Primitive innerType = pki.parsePublicKey(); - McElieceCCA2PublicKey key = McElieceCCA2PublicKey.getInstance((ASN1Sequence)innerType); - return new BCMcElieceCCA2PublicKey(key.getOID().getId(), key.getN(), key.getT(), key.getG()); - } - catch (IOException cce) - { - throw new InvalidKeySpecException("Unable to decode X509EncodedKeySpec"); - } - } - - - public PrivateKey generatePrivate(PrivateKeyInfo pki) - throws InvalidKeySpecException - { - // get the inner type inside the BIT STRING - try - { - ASN1Primitive innerType = pki.parsePrivateKey().toASN1Primitive(); - McElieceCCA2PrivateKey key = McElieceCCA2PrivateKey.getInstance(innerType); - return new BCMcElieceCCA2PrivateKey(key.getOID().getId(), key.getN(), key.getK(), key.getField(), key.getGoppaPoly(), key.getP(), key.getH(), key.getQInv()); - } - catch (IOException cce) - { - throw new InvalidKeySpecException("Unable to decode PKCS8EncodedKeySpec"); - } - } - - protected PublicKey engineGeneratePublic(KeySpec keySpec) - throws InvalidKeySpecException - { - return null; //To change body of implemented methods use File | Settings | File Templates. - } - - protected PrivateKey engineGeneratePrivate(KeySpec keySpec) - throws InvalidKeySpecException - { - return null; //To change body of implemented methods use File | Settings | File Templates. - } - - protected KeySpec engineGetKeySpec(Key key, Class tClass) - throws InvalidKeySpecException - { - return null; //To change body of implemented methods use File | Settings | File Templates. - } - - protected Key engineTranslateKey(Key key) - throws InvalidKeyException - { - return null; //To change body of implemented methods use File | Settings | File Templates. - } -} diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceCCA2KeysToParams.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceCCA2KeysToParams.java deleted file mode 100644 index 03e7c1b9..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceCCA2KeysToParams.java +++ /dev/null @@ -1,47 +0,0 @@ -package org.bouncycastle.pqc.jcajce.provider.mceliece; - -import java.security.InvalidKeyException; -import java.security.PrivateKey; -import java.security.PublicKey; - -import org.bouncycastle.crypto.params.AsymmetricKeyParameter; -import org.bouncycastle.pqc.crypto.mceliece.McElieceCCA2PrivateKeyParameters; -import org.bouncycastle.pqc.crypto.mceliece.McElieceCCA2PublicKeyParameters; - -/** - * utility class for converting jce/jca McElieceCCA2 objects - * objects into their org.bouncycastle.crypto counterparts. - */ -public class McElieceCCA2KeysToParams -{ - - - static public AsymmetricKeyParameter generatePublicKeyParameter( - PublicKey key) - throws InvalidKeyException - { - if (key instanceof BCMcElieceCCA2PublicKey) - { - BCMcElieceCCA2PublicKey k = (BCMcElieceCCA2PublicKey)key; - - return new McElieceCCA2PublicKeyParameters(k.getOIDString(), k.getN(), k.getT(), k.getG(), k.getMcElieceCCA2Parameters()); - } - - throw new InvalidKeyException("can't identify McElieceCCA2 public key: " + key.getClass().getName()); - } - - - static public AsymmetricKeyParameter generatePrivateKeyParameter( - PrivateKey key) - throws InvalidKeyException - { - if (key instanceof BCMcElieceCCA2PrivateKey) - { - BCMcElieceCCA2PrivateKey k = (BCMcElieceCCA2PrivateKey)key; - return new McElieceCCA2PrivateKeyParameters(k.getOIDString(), k.getN(), k.getK(), k.getField(), k.getGoppaPoly(), - k.getP(), k.getH(), k.getQInv(), k.getMcElieceCCA2Parameters()); - } - - throw new InvalidKeyException("can't identify McElieceCCA2 private key."); - } -} diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceCCA2Primitives.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceCCA2Primitives.java deleted file mode 100644 index 2650fffe..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceCCA2Primitives.java +++ /dev/null @@ -1,131 +0,0 @@ -package org.bouncycastle.pqc.jcajce.provider.mceliece; - -import org.bouncycastle.pqc.crypto.mceliece.McElieceCCA2PrivateKeyParameters; -import org.bouncycastle.pqc.crypto.mceliece.McElieceCCA2PublicKeyParameters; -import org.bouncycastle.pqc.math.linearalgebra.GF2Matrix; -import org.bouncycastle.pqc.math.linearalgebra.GF2Vector; -import org.bouncycastle.pqc.math.linearalgebra.GF2mField; -import org.bouncycastle.pqc.math.linearalgebra.GoppaCode; -import org.bouncycastle.pqc.math.linearalgebra.Permutation; -import org.bouncycastle.pqc.math.linearalgebra.PolynomialGF2mSmallM; -import org.bouncycastle.pqc.math.linearalgebra.Vector; - -/** - * Core operations for the CCA-secure variants of McEliece. - */ -public final class McElieceCCA2Primitives -{ - - /** - * Default constructor (private). - */ - private McElieceCCA2Primitives() - { - } - - /** - * The McEliece encryption primitive. - * - * @param pubKey the public key - * @param m the message vector - * @param z the error vector - * @return <tt>m*G + z</tt> - */ - public static GF2Vector encryptionPrimitive(BCMcElieceCCA2PublicKey pubKey, - GF2Vector m, GF2Vector z) - { - - GF2Matrix matrixG = pubKey.getG(); - Vector mG = matrixG.leftMultiplyLeftCompactForm(m); - return (GF2Vector)mG.add(z); - } - - public static GF2Vector encryptionPrimitive(McElieceCCA2PublicKeyParameters pubKey, - GF2Vector m, GF2Vector z) - { - - GF2Matrix matrixG = pubKey.getMatrixG(); - Vector mG = matrixG.leftMultiplyLeftCompactForm(m); - return (GF2Vector)mG.add(z); - } - - /** - * The McEliece decryption primitive. - * - * @param privKey the private key - * @param c the ciphertext vector <tt>c = m*G + z</tt> - * @return the message vector <tt>m</tt> and the error vector <tt>z</tt> - */ - public static GF2Vector[] decryptionPrimitive( - BCMcElieceCCA2PrivateKey privKey, GF2Vector c) - { - - // obtain values from private key - int k = privKey.getK(); - Permutation p = privKey.getP(); - GF2mField field = privKey.getField(); - PolynomialGF2mSmallM gp = privKey.getGoppaPoly(); - GF2Matrix h = privKey.getH(); - PolynomialGF2mSmallM[] q = privKey.getQInv(); - - // compute inverse permutation P^-1 - Permutation pInv = p.computeInverse(); - - // multiply c with permutation P^-1 - GF2Vector cPInv = (GF2Vector)c.multiply(pInv); - - // compute syndrome of cP^-1 - GF2Vector syndVec = (GF2Vector)h.rightMultiply(cPInv); - - // decode syndrome - GF2Vector errors = GoppaCode.syndromeDecode(syndVec, field, gp, q); - GF2Vector mG = (GF2Vector)cPInv.add(errors); - - // multiply codeword and error vector with P - mG = (GF2Vector)mG.multiply(p); - errors = (GF2Vector)errors.multiply(p); - - // extract plaintext vector (last k columns of mG) - GF2Vector m = mG.extractRightVector(k); - - // return vectors - return new GF2Vector[]{m, errors}; - } - - public static GF2Vector[] decryptionPrimitive( - McElieceCCA2PrivateKeyParameters privKey, GF2Vector c) - { - - // obtain values from private key - int k = privKey.getK(); - Permutation p = privKey.getP(); - GF2mField field = privKey.getField(); - PolynomialGF2mSmallM gp = privKey.getGoppaPoly(); - GF2Matrix h = privKey.getH(); - PolynomialGF2mSmallM[] q = privKey.getQInv(); - - // compute inverse permutation P^-1 - Permutation pInv = p.computeInverse(); - - // multiply c with permutation P^-1 - GF2Vector cPInv = (GF2Vector)c.multiply(pInv); - - // compute syndrome of cP^-1 - GF2Vector syndVec = (GF2Vector)h.rightMultiply(cPInv); - - // decode syndrome - GF2Vector errors = GoppaCode.syndromeDecode(syndVec, field, gp, q); - GF2Vector mG = (GF2Vector)cPInv.add(errors); - - // multiply codeword and error vector with P - mG = (GF2Vector)mG.multiply(p); - errors = (GF2Vector)errors.multiply(p); - - // extract plaintext vector (last k columns of mG) - GF2Vector m = mG.extractRightVector(k); - - // return vectors - return new GF2Vector[]{m, errors}; - } - -} diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceFujisakiCipherSpi.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceFujisakiCipherSpi.java deleted file mode 100644 index 5320c220..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceFujisakiCipherSpi.java +++ /dev/null @@ -1,253 +0,0 @@ -package org.bouncycastle.pqc.jcajce.provider.mceliece; - -import java.io.ByteArrayOutputStream; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.BadPaddingException; -import javax.crypto.IllegalBlockSizeException; - -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.digests.SHA224Digest; -import org.bouncycastle.crypto.digests.SHA256Digest; -import org.bouncycastle.crypto.digests.SHA384Digest; -import org.bouncycastle.crypto.digests.SHA512Digest; -import org.bouncycastle.crypto.params.ParametersWithRandom; -import org.bouncycastle.pqc.crypto.mceliece.McElieceCCA2KeyParameters; -import org.bouncycastle.pqc.crypto.mceliece.McElieceFujisakiCipher; -import org.bouncycastle.pqc.jcajce.provider.util.AsymmetricHybridCipher; - -public class McElieceFujisakiCipherSpi - extends AsymmetricHybridCipher - implements PKCSObjectIdentifiers, X509ObjectIdentifiers -{ - // TODO digest needed? - private Digest digest; - private McElieceFujisakiCipher cipher; - - /** - * buffer to store the input data - */ - private ByteArrayOutputStream buf; - - - protected McElieceFujisakiCipherSpi(Digest digest, McElieceFujisakiCipher cipher) - { - this.digest = digest; - this.cipher = cipher; - buf = new ByteArrayOutputStream(); - - } - - /** - * Continue a multiple-part encryption or decryption operation. - * - * @param input byte array containing the next part of the input - * @param inOff index in the array where the input starts - * @param inLen length of the input - * @return the processed byte array. - */ - public byte[] update(byte[] input, int inOff, int inLen) - { - buf.write(input, inOff, inLen); - return new byte[0]; - } - - - /** - * Encrypts or decrypts data in a single-part operation, or finishes a - * multiple-part operation. The data is encrypted or decrypted, depending on - * how this cipher was initialized. - * - * @param input the input buffer - * @param inOff the offset in input where the input starts - * @param inLen the input length - * @return the new buffer with the result - * @throws BadPaddingException on deryption errors. - */ - public byte[] doFinal(byte[] input, int inOff, int inLen) - throws BadPaddingException - { - update(input, inOff, inLen); - byte[] data = buf.toByteArray(); - buf.reset(); - if (opMode == ENCRYPT_MODE) - { - - try - { - return cipher.messageEncrypt(data); - } - catch (Exception e) - { - e.printStackTrace(); - } - - } - else if (opMode == DECRYPT_MODE) - { - - try - { - return cipher.messageDecrypt(data); - } - catch (Exception e) - { - e.printStackTrace(); - } - - } - return null; - } - - - protected int encryptOutputSize(int inLen) - { - return 0; - } - - protected int decryptOutputSize(int inLen) - { - return 0; - } - - protected void initCipherEncrypt(Key key, AlgorithmParameterSpec params, - SecureRandom sr) - throws InvalidKeyException, - InvalidAlgorithmParameterException - { - - CipherParameters param; - param = McElieceCCA2KeysToParams.generatePublicKeyParameter((PublicKey)key); - - param = new ParametersWithRandom(param, sr); - digest.reset(); - cipher.init(true, param); - - } - - protected void initCipherDecrypt(Key key, AlgorithmParameterSpec params) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - - CipherParameters param; - param = McElieceCCA2KeysToParams.generatePrivateKeyParameter((PrivateKey)key); - - digest.reset(); - cipher.init(false, param); - } - - public String getName() - { - return "McElieceFujisakiCipher"; - } - - public int getKeySize(Key key) - throws InvalidKeyException - { - McElieceCCA2KeyParameters mcElieceCCA2KeyParameters; - if (key instanceof PublicKey) - { - mcElieceCCA2KeyParameters = (McElieceCCA2KeyParameters)McElieceCCA2KeysToParams.generatePublicKeyParameter((PublicKey)key); - } - else - { - mcElieceCCA2KeyParameters = (McElieceCCA2KeyParameters)McElieceCCA2KeysToParams.generatePrivateKeyParameter((PrivateKey)key); - - } - - - return cipher.getKeySize(mcElieceCCA2KeyParameters); - } - - public byte[] messageEncrypt(byte[] input) - throws IllegalBlockSizeException, BadPaddingException, NoSuchAlgorithmException - { - byte[] output = null; - try - { - output = cipher.messageEncrypt(input); - } - catch (Exception e) - { - e.printStackTrace(); - } - return output; - } - - - public byte[] messageDecrypt(byte[] input) - throws IllegalBlockSizeException, BadPaddingException, NoSuchAlgorithmException - { - byte[] output = null; - try - { - output = cipher.messageDecrypt(input); - } - catch (Exception e) - { - e.printStackTrace(); - } - return output; - } - - - ////////////////////////////////////////////////////////////////////////////////// - - static public class McElieceFujisaki - extends McElieceFujisakiCipherSpi - { - public McElieceFujisaki() - { - super(new SHA1Digest(), new McElieceFujisakiCipher()); - } - } - - static public class McElieceFujisaki224 - extends McElieceFujisakiCipherSpi - { - public McElieceFujisaki224() - { - super(new SHA224Digest(), new McElieceFujisakiCipher()); - } - } - - static public class McElieceFujisaki256 - extends McElieceFujisakiCipherSpi - { - public McElieceFujisaki256() - { - super(new SHA256Digest(), new McElieceFujisakiCipher()); - } - } - - static public class McElieceFujisaki384 - extends McElieceFujisakiCipherSpi - { - public McElieceFujisaki384() - { - super(new SHA384Digest(), new McElieceFujisakiCipher()); - } - } - - static public class McElieceFujisaki512 - extends McElieceFujisakiCipherSpi - { - public McElieceFujisaki512() - { - super(new SHA512Digest(), new McElieceFujisakiCipher()); - } - } - - -} diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceKeyFactorySpi.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceKeyFactorySpi.java deleted file mode 100644 index c1df9e94..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceKeyFactorySpi.java +++ /dev/null @@ -1,343 +0,0 @@ -package org.bouncycastle.pqc.jcajce.provider.mceliece; - -import java.io.IOException; -import java.math.BigInteger; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.KeyFactorySpi; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.KeySpec; -import java.security.spec.PKCS8EncodedKeySpec; -import java.security.spec.X509EncodedKeySpec; - -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.pqc.asn1.McEliecePrivateKey; -import org.bouncycastle.pqc.asn1.McEliecePublicKey; -import org.bouncycastle.pqc.jcajce.spec.McEliecePrivateKeySpec; -import org.bouncycastle.pqc.jcajce.spec.McEliecePublicKeySpec; - -/** - * This class is used to translate between McEliece keys and key specifications. - * - * @see BCMcEliecePrivateKey - * @see McEliecePrivateKeySpec - * @see BCMcEliecePublicKey - * @see McEliecePublicKeySpec - */ -public class McElieceKeyFactorySpi - extends KeyFactorySpi -{ - /** - * The OID of the algorithm. - */ - public static final String OID = "1.3.6.1.4.1.8301.3.1.3.4.1"; - - /** - * Converts, if possible, a key specification into a - * {@link BCMcEliecePublicKey}. Currently, the following key specifications - * are supported: {@link McEliecePublicKeySpec}, {@link X509EncodedKeySpec}. - * - * @param keySpec the key specification - * @return the McEliece public key - * @throws InvalidKeySpecException if the key specification is not supported. - */ - public PublicKey generatePublic(KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof McEliecePublicKeySpec) - { - return new BCMcEliecePublicKey((McEliecePublicKeySpec)keySpec); - } - else if (keySpec instanceof X509EncodedKeySpec) - { - // get the DER-encoded Key according to X.509 from the spec - byte[] encKey = ((X509EncodedKeySpec)keySpec).getEncoded(); - - // decode the SubjectPublicKeyInfo data structure to the pki object - SubjectPublicKeyInfo pki; - try - { - pki = SubjectPublicKeyInfo.getInstance(ASN1Primitive.fromByteArray(encKey)); - } - catch (IOException e) - { - throw new InvalidKeySpecException(e.toString()); - } - - try - { - // --- Build and return the actual key. - ASN1Primitive innerType = pki.parsePublicKey(); - ASN1Sequence publicKey = (ASN1Sequence)innerType; - - // decode oidString (but we don't need it right now) - String oidString = ((ASN1ObjectIdentifier)publicKey.getObjectAt(0)) - .toString(); - - // decode <n> - BigInteger bigN = ((ASN1Integer)publicKey.getObjectAt(1)).getValue(); - int n = bigN.intValue(); - - // decode <t> - BigInteger bigT = ((ASN1Integer)publicKey.getObjectAt(2)).getValue(); - int t = bigT.intValue(); - - // decode <matrixG> - byte[] matrixG = ((ASN1OctetString)publicKey.getObjectAt(3)).getOctets(); - - - return new BCMcEliecePublicKey(new McEliecePublicKeySpec(OID, t, n, - matrixG)); - } - catch (IOException cce) - { - throw new InvalidKeySpecException( - "Unable to decode X509EncodedKeySpec: " - + cce.getMessage()); - } - } - - throw new InvalidKeySpecException("Unsupported key specification: " - + keySpec.getClass() + "."); - } - - /** - * Converts, if possible, a key specification into a - * {@link BCMcEliecePrivateKey}. Currently, the following key specifications - * are supported: {@link McEliecePrivateKeySpec}, - * {@link PKCS8EncodedKeySpec}. - * - * @param keySpec the key specification - * @return the McEliece private key - * @throws InvalidKeySpecException if the KeySpec is not supported. - */ - public PrivateKey generatePrivate(KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof McEliecePrivateKeySpec) - { - return new BCMcEliecePrivateKey((McEliecePrivateKeySpec)keySpec); - } - else if (keySpec instanceof PKCS8EncodedKeySpec) - { - // get the DER-encoded Key according to PKCS#8 from the spec - byte[] encKey = ((PKCS8EncodedKeySpec)keySpec).getEncoded(); - - // decode the PKCS#8 data structure to the pki object - PrivateKeyInfo pki; - - try - { - pki = PrivateKeyInfo.getInstance(ASN1Primitive.fromByteArray(encKey)); - } - catch (IOException e) - { - throw new InvalidKeySpecException("Unable to decode PKCS8EncodedKeySpec: " + e); - } - - try - { - ASN1Primitive innerType = pki.parsePrivateKey().toASN1Primitive(); - - // build and return the actual key - ASN1Sequence privKey = (ASN1Sequence)innerType; - - // decode oidString (but we don't need it right now) - String oidString = ((ASN1ObjectIdentifier)privKey.getObjectAt(0)) - .toString(); - - // decode <n> - BigInteger bigN = ((ASN1Integer)privKey.getObjectAt(1)).getValue(); - int n = bigN.intValue(); - - // decode <k> - BigInteger bigK = ((ASN1Integer)privKey.getObjectAt(2)).getValue(); - int k = bigK.intValue(); - - // decode <fieldPoly> - byte[] encFieldPoly = ((ASN1OctetString)privKey.getObjectAt(3)) - .getOctets(); - // decode <goppaPoly> - byte[] encGoppaPoly = ((ASN1OctetString)privKey.getObjectAt(4)) - .getOctets(); - - // decode <sInv> - byte[] encSInv = ((ASN1OctetString)privKey.getObjectAt(5)).getOctets(); - // decode <p1> - byte[] encP1 = ((ASN1OctetString)privKey.getObjectAt(6)).getOctets(); - // decode <p2> - byte[] encP2 = ((ASN1OctetString)privKey.getObjectAt(7)).getOctets(); - - //decode <h> - byte[] encH = ((ASN1OctetString)privKey.getObjectAt(8)).getOctets(); - - // decode <qInv> - ASN1Sequence qSeq = (ASN1Sequence)privKey.getObjectAt(9); - byte[][] encQInv = new byte[qSeq.size()][]; - for (int i = 0; i < qSeq.size(); i++) - { - encQInv[i] = ((ASN1OctetString)qSeq.getObjectAt(i)).getOctets(); - } - - return new BCMcEliecePrivateKey(new McEliecePrivateKeySpec(OID, n, k, - encFieldPoly, encGoppaPoly, encSInv, encP1, encP2, - encH, encQInv)); - - } - catch (IOException cce) - { - throw new InvalidKeySpecException( - "Unable to decode PKCS8EncodedKeySpec."); - } - } - - throw new InvalidKeySpecException("Unsupported key specification: " - + keySpec.getClass() + "."); - } - - /** - * Converts, if possible, a given key into a key specification. Currently, - * the following key specifications are supported: - * <ul> - * <li>for McEliecePublicKey: {@link X509EncodedKeySpec}, - * {@link McEliecePublicKeySpec}</li> - * <li>for McEliecePrivateKey: {@link PKCS8EncodedKeySpec}, - * {@link McEliecePrivateKeySpec}</li>. - * </ul> - * - * @param key the key - * @param keySpec the key specification - * @return the specification of the McEliece key - * @throws InvalidKeySpecException if the key type or the key specification is not - * supported. - * @see BCMcEliecePrivateKey - * @see McEliecePrivateKeySpec - * @see BCMcEliecePublicKey - * @see McEliecePublicKeySpec - */ - public KeySpec getKeySpec(Key key, Class keySpec) - throws InvalidKeySpecException - { - if (key instanceof BCMcEliecePrivateKey) - { - if (PKCS8EncodedKeySpec.class.isAssignableFrom(keySpec)) - { - return new PKCS8EncodedKeySpec(key.getEncoded()); - } - else if (McEliecePrivateKeySpec.class.isAssignableFrom(keySpec)) - { - BCMcEliecePrivateKey privKey = (BCMcEliecePrivateKey)key; - return new McEliecePrivateKeySpec(OID, privKey.getN(), privKey - .getK(), privKey.getField(), privKey.getGoppaPoly(), - privKey.getSInv(), privKey.getP1(), privKey.getP2(), - privKey.getH(), privKey.getQInv()); - } - } - else if (key instanceof BCMcEliecePublicKey) - { - if (X509EncodedKeySpec.class.isAssignableFrom(keySpec)) - { - return new X509EncodedKeySpec(key.getEncoded()); - } - else if (McEliecePublicKeySpec.class.isAssignableFrom(keySpec)) - { - BCMcEliecePublicKey pubKey = (BCMcEliecePublicKey)key; - return new McEliecePublicKeySpec(OID, pubKey.getN(), pubKey.getT(), - pubKey.getG()); - } - } - else - { - throw new InvalidKeySpecException("Unsupported key type: " - + key.getClass() + "."); - } - - throw new InvalidKeySpecException("Unknown key specification: " - + keySpec + "."); - } - - /** - * Translates a key into a form known by the FlexiProvider. Currently, only - * the following "source" keys are supported: {@link BCMcEliecePrivateKey}, - * {@link BCMcEliecePublicKey}. - * - * @param key the key - * @return a key of a known key type - * @throws InvalidKeyException if the key type is not supported. - */ - public Key translateKey(Key key) - throws InvalidKeyException - { - if ((key instanceof BCMcEliecePrivateKey) - || (key instanceof BCMcEliecePublicKey)) - { - return key; - } - throw new InvalidKeyException("Unsupported key type."); - - } - - public PublicKey generatePublic(SubjectPublicKeyInfo pki) - throws InvalidKeySpecException - { - // get the inner type inside the BIT STRING - try - { - ASN1Primitive innerType = pki.parsePublicKey(); - McEliecePublicKey key = McEliecePublicKey.getInstance(innerType); - return new BCMcEliecePublicKey(key.getOID().getId(), key.getN(), key.getT(), key.getG()); - } - catch (IOException cce) - { - throw new InvalidKeySpecException("Unable to decode X509EncodedKeySpec"); - } - } - - public PrivateKey generatePrivate(PrivateKeyInfo pki) - throws InvalidKeySpecException - { - // get the inner type inside the BIT STRING - try - { - ASN1Primitive innerType = pki.parsePrivateKey().toASN1Primitive(); - McEliecePrivateKey key = McEliecePrivateKey.getInstance(innerType); - return new BCMcEliecePrivateKey(key.getOID().getId(), key.getN(), key.getK(), key.getField(), key.getGoppaPoly(), key.getSInv(), key.getP1(), key.getP2(), key.getH(), key.getQInv()); - } - catch (IOException cce) - { - throw new InvalidKeySpecException("Unable to decode PKCS8EncodedKeySpec"); - } - } - - protected PublicKey engineGeneratePublic(KeySpec keySpec) - throws InvalidKeySpecException - { - return null; //To change body of implemented methods use File | Settings | File Templates. - } - - protected PrivateKey engineGeneratePrivate(KeySpec keySpec) - throws InvalidKeySpecException - { - return null; //To change body of implemented methods use File | Settings | File Templates. - } - - protected KeySpec engineGetKeySpec(Key key, Class tClass) - throws InvalidKeySpecException - { - return null; //To change body of implemented methods use File | Settings | File Templates. - } - - protected Key engineTranslateKey(Key key) - throws InvalidKeyException - { - return null; //To change body of implemented methods use File | Settings | File Templates. - } -} diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceKeyPairGeneratorSpi.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceKeyPairGeneratorSpi.java deleted file mode 100644 index 75008fef..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceKeyPairGeneratorSpi.java +++ /dev/null @@ -1,146 +0,0 @@ -package org.bouncycastle.pqc.jcajce.provider.mceliece; - -import java.security.InvalidAlgorithmParameterException; -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; - -import org.bouncycastle.crypto.AsymmetricCipherKeyPair; -import org.bouncycastle.pqc.crypto.mceliece.McElieceCCA2KeyGenerationParameters; -import org.bouncycastle.pqc.crypto.mceliece.McElieceCCA2KeyPairGenerator; -import org.bouncycastle.pqc.crypto.mceliece.McElieceCCA2Parameters; -import org.bouncycastle.pqc.crypto.mceliece.McElieceCCA2PrivateKeyParameters; -import org.bouncycastle.pqc.crypto.mceliece.McElieceCCA2PublicKeyParameters; -import org.bouncycastle.pqc.crypto.mceliece.McElieceKeyGenerationParameters; -import org.bouncycastle.pqc.crypto.mceliece.McElieceKeyPairGenerator; -import org.bouncycastle.pqc.crypto.mceliece.McElieceParameters; -import org.bouncycastle.pqc.crypto.mceliece.McEliecePrivateKeyParameters; -import org.bouncycastle.pqc.crypto.mceliece.McEliecePublicKeyParameters; -import org.bouncycastle.pqc.jcajce.spec.ECCKeyGenParameterSpec; -import org.bouncycastle.pqc.jcajce.spec.McElieceCCA2ParameterSpec; - -public abstract class McElieceKeyPairGeneratorSpi - extends KeyPairGenerator -{ - public McElieceKeyPairGeneratorSpi( - String algorithmName) - { - super(algorithmName); - } - - /** - * - * - * - */ - - public static class McElieceCCA2 - extends McElieceKeyPairGeneratorSpi - { - - McElieceCCA2KeyPairGenerator kpg; - - - public McElieceCCA2() - { - super("McElieceCCA-2"); - } - - public McElieceCCA2(String s) - { - super(s); - } - - public void initialize(AlgorithmParameterSpec params) - throws InvalidAlgorithmParameterException - { - kpg = new McElieceCCA2KeyPairGenerator(); - super.initialize(params); - ECCKeyGenParameterSpec ecc = (ECCKeyGenParameterSpec)params; - - McElieceCCA2KeyGenerationParameters mccca2KGParams = new McElieceCCA2KeyGenerationParameters(new SecureRandom(), new McElieceCCA2Parameters(ecc.getM(), ecc.getT())); - kpg.init(mccca2KGParams); - } - - public void initialize(int keySize, SecureRandom random) - { - McElieceCCA2ParameterSpec paramSpec = new McElieceCCA2ParameterSpec(); - - // call the initializer with the chosen parameters - try - { - this.initialize(paramSpec); - } - catch (InvalidAlgorithmParameterException ae) - { - } - } - - public KeyPair generateKeyPair() - { - AsymmetricCipherKeyPair generateKeyPair = kpg.generateKeyPair(); - McElieceCCA2PrivateKeyParameters sk = (McElieceCCA2PrivateKeyParameters)generateKeyPair.getPrivate(); - McElieceCCA2PublicKeyParameters pk = (McElieceCCA2PublicKeyParameters)generateKeyPair.getPublic(); - - return new KeyPair(new BCMcElieceCCA2PublicKey(pk), new BCMcElieceCCA2PrivateKey(sk)); - - } - - } - - /** - * - * - * - */ - - public static class McEliece - extends McElieceKeyPairGeneratorSpi - { - - McElieceKeyPairGenerator kpg; - - - public McEliece() - { - super("McEliece"); - } - - public void initialize(AlgorithmParameterSpec params) - throws InvalidAlgorithmParameterException - { - kpg = new McElieceKeyPairGenerator(); - super.initialize(params); - ECCKeyGenParameterSpec ecc = (ECCKeyGenParameterSpec)params; - - McElieceKeyGenerationParameters mccKGParams = new McElieceKeyGenerationParameters(new SecureRandom(), new McElieceParameters(ecc.getM(), ecc.getT())); - kpg.init(mccKGParams); - } - - public void initialize(int keySize, SecureRandom random) - { - ECCKeyGenParameterSpec paramSpec = new ECCKeyGenParameterSpec(); - - // call the initializer with the chosen parameters - try - { - this.initialize(paramSpec); - } - catch (InvalidAlgorithmParameterException ae) - { - } - } - - public KeyPair generateKeyPair() - { - AsymmetricCipherKeyPair generateKeyPair = kpg.generateKeyPair(); - McEliecePrivateKeyParameters sk = (McEliecePrivateKeyParameters)generateKeyPair.getPrivate(); - McEliecePublicKeyParameters pk = (McEliecePublicKeyParameters)generateKeyPair.getPublic(); - - return new KeyPair(new BCMcEliecePublicKey(pk), new BCMcEliecePrivateKey(sk)); - } - - } - -} diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceKeysToParams.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceKeysToParams.java deleted file mode 100644 index 23686b8c..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceKeysToParams.java +++ /dev/null @@ -1,47 +0,0 @@ -package org.bouncycastle.pqc.jcajce.provider.mceliece; - -import java.security.InvalidKeyException; -import java.security.PrivateKey; -import java.security.PublicKey; - -import org.bouncycastle.crypto.params.AsymmetricKeyParameter; -import org.bouncycastle.pqc.crypto.mceliece.McEliecePrivateKeyParameters; -import org.bouncycastle.pqc.crypto.mceliece.McEliecePublicKeyParameters; - -/** - * utility class for converting jce/jca McEliece objects - * objects into their org.bouncycastle.crypto counterparts. - */ -public class McElieceKeysToParams -{ - - - static public AsymmetricKeyParameter generatePublicKeyParameter( - PublicKey key) - throws InvalidKeyException - { - if (key instanceof BCMcEliecePublicKey) - { - BCMcEliecePublicKey k = (BCMcEliecePublicKey)key; - - return new McEliecePublicKeyParameters(k.getOIDString(), k.getN(), k.getT(), k.getG(), k.getMcElieceParameters()); - } - - throw new InvalidKeyException("can't identify McEliece public key: " + key.getClass().getName()); - } - - - static public AsymmetricKeyParameter generatePrivateKeyParameter( - PrivateKey key) - throws InvalidKeyException - { - if (key instanceof BCMcEliecePrivateKey) - { - BCMcEliecePrivateKey k = (BCMcEliecePrivateKey)key; - return new McEliecePrivateKeyParameters(k.getOIDString(), k.getN(), k.getK(), k.getField(), k.getGoppaPoly(), - k.getSInv(), k.getP1(), k.getP2(), k.getH(), k.getQInv(), k.getMcElieceParameters()); - } - - throw new InvalidKeyException("can't identify McEliece private key."); - } -} diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceKobaraImaiCipherSpi.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceKobaraImaiCipherSpi.java deleted file mode 100644 index 36c62312..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceKobaraImaiCipherSpi.java +++ /dev/null @@ -1,307 +0,0 @@ -package org.bouncycastle.pqc.jcajce.provider.mceliece; - -import java.io.ByteArrayOutputStream; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.BadPaddingException; -import javax.crypto.IllegalBlockSizeException; - -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.digests.SHA224Digest; -import org.bouncycastle.crypto.digests.SHA256Digest; -import org.bouncycastle.crypto.digests.SHA384Digest; -import org.bouncycastle.crypto.digests.SHA512Digest; -import org.bouncycastle.crypto.params.ParametersWithRandom; -import org.bouncycastle.pqc.crypto.mceliece.McElieceCCA2KeyParameters; -import org.bouncycastle.pqc.crypto.mceliece.McElieceKobaraImaiCipher; -import org.bouncycastle.pqc.jcajce.provider.util.AsymmetricHybridCipher; - -public class McElieceKobaraImaiCipherSpi - extends AsymmetricHybridCipher - implements PKCSObjectIdentifiers, X509ObjectIdentifiers -{ - - // TODO digest needed? - private Digest digest; - private McElieceKobaraImaiCipher cipher; - - /** - * buffer to store the input data - */ - private ByteArrayOutputStream buf = new ByteArrayOutputStream(); - - - public McElieceKobaraImaiCipherSpi() - { - buf = new ByteArrayOutputStream(); - } - - protected McElieceKobaraImaiCipherSpi(Digest digest, McElieceKobaraImaiCipher cipher) - { - this.digest = digest; - this.cipher = cipher; - buf = new ByteArrayOutputStream(); - } - - /** - * Continue a multiple-part encryption or decryption operation. - * - * @param input byte array containing the next part of the input - * @param inOff index in the array where the input starts - * @param inLen length of the input - * @return the processed byte array. - */ - public byte[] update(byte[] input, int inOff, int inLen) - { - buf.write(input, inOff, inLen); - return new byte[0]; - } - - - /** - * Encrypts or decrypts data in a single-part operation, or finishes a - * multiple-part operation. The data is encrypted or decrypted, depending on - * how this cipher was initialized. - * - * @param input the input buffer - * @param inOff the offset in input where the input starts - * @param inLen the input length - * @return the new buffer with the result - * @throws BadPaddingException if this cipher is in decryption mode, and (un)padding has - * been requested, but the decrypted data is not bounded by - * the appropriate padding bytes - */ - public byte[] doFinal(byte[] input, int inOff, int inLen) - throws BadPaddingException - { - update(input, inOff, inLen); - if (opMode == ENCRYPT_MODE) - { - - try - { - return cipher.messageEncrypt(this.pad()); - } - catch (Exception e) - { - e.printStackTrace(); - } - - } - else if (opMode == DECRYPT_MODE) - { - byte[] inputOfDecr = buf.toByteArray(); - buf.reset(); - - try - { - return unpad(cipher.messageDecrypt(inputOfDecr)); - } - catch (Exception e) - { - e.printStackTrace(); - } - - } - return null; - } - - protected int encryptOutputSize(int inLen) - { - return 0; - } - - protected int decryptOutputSize(int inLen) - { - return 0; - } - - protected void initCipherEncrypt(Key key, AlgorithmParameterSpec params, - SecureRandom sr) - throws InvalidKeyException, - InvalidAlgorithmParameterException - { - - buf.reset(); - CipherParameters param; - param = McElieceCCA2KeysToParams.generatePublicKeyParameter((PublicKey)key); - - param = new ParametersWithRandom(param, sr); - digest.reset(); - cipher.init(true, param); - } - - protected void initCipherDecrypt(Key key, AlgorithmParameterSpec params) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - - buf.reset(); - CipherParameters param; - param = McElieceCCA2KeysToParams.generatePrivateKeyParameter((PrivateKey)key); - - digest.reset(); - cipher.init(false, param); - } - - public String getName() - { - return "McElieceKobaraImaiCipher"; - } - - public int getKeySize(Key key) - throws InvalidKeyException - { - McElieceCCA2KeyParameters mcElieceCCA2KeyParameters; - if (key instanceof PublicKey) - { - mcElieceCCA2KeyParameters = (McElieceCCA2KeyParameters)McElieceCCA2KeysToParams.generatePublicKeyParameter((PublicKey)key); - return cipher.getKeySize(mcElieceCCA2KeyParameters); - } - else if (key instanceof PrivateKey) - { - mcElieceCCA2KeyParameters = (McElieceCCA2KeyParameters)McElieceCCA2KeysToParams.generatePrivateKeyParameter((PrivateKey)key); - return cipher.getKeySize(mcElieceCCA2KeyParameters); - } - else - { - throw new InvalidKeyException(); - } - - - } - - /** - * Pad and return the message stored in the message buffer. - * - * @return the padded message - */ - private byte[] pad() - { - buf.write(0x01); - byte[] result = buf.toByteArray(); - buf.reset(); - return result; - } - - /** - * Unpad a message. - * - * @param pmBytes the padded message - * @return the message - * @throws BadPaddingException if the padded message is invalid. - */ - private byte[] unpad(byte[] pmBytes) - throws BadPaddingException - { - // find first non-zero byte - int index; - for (index = pmBytes.length - 1; index >= 0 && pmBytes[index] == 0; index--) - { - ; - } - - // check if padding byte is valid - if (pmBytes[index] != 0x01) - { - throw new BadPaddingException("invalid ciphertext"); - } - - // extract and return message - byte[] mBytes = new byte[index]; - System.arraycopy(pmBytes, 0, mBytes, 0, index); - return mBytes; - } - - - public byte[] messageEncrypt() - throws IllegalBlockSizeException, BadPaddingException, NoSuchAlgorithmException - { - byte[] output = null; - try - { - output = cipher.messageEncrypt((this.pad())); - } - catch (Exception e) - { - e.printStackTrace(); - } - return output; - } - - - public byte[] messageDecrypt() - throws IllegalBlockSizeException, BadPaddingException, NoSuchAlgorithmException - { - byte[] output = null; - byte[] inputOfDecr = buf.toByteArray(); - buf.reset(); - try - { - output = unpad(cipher.messageDecrypt(inputOfDecr)); - } - catch (Exception e) - { - e.printStackTrace(); - } - return output; - } - - - static public class McElieceKobaraImai - extends McElieceKobaraImaiCipherSpi - { - public McElieceKobaraImai() - { - super(new SHA1Digest(), new McElieceKobaraImaiCipher()); - } - } - - static public class McElieceKobaraImai224 - extends McElieceKobaraImaiCipherSpi - { - public McElieceKobaraImai224() - { - super(new SHA224Digest(), new McElieceKobaraImaiCipher()); - } - } - - static public class McElieceKobaraImai256 - extends McElieceKobaraImaiCipherSpi - { - public McElieceKobaraImai256() - { - super(new SHA256Digest(), new McElieceKobaraImaiCipher()); - } - } - - static public class McElieceKobaraImai384 - extends McElieceKobaraImaiCipherSpi - { - public McElieceKobaraImai384() - { - super(new SHA384Digest(), new McElieceKobaraImaiCipher()); - } - } - - static public class McElieceKobaraImai512 - extends McElieceKobaraImaiCipherSpi - { - public McElieceKobaraImai512() - { - super(new SHA512Digest(), new McElieceKobaraImaiCipher()); - } - } - - -} diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/McEliecePKCSCipherSpi.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/McEliecePKCSCipherSpi.java deleted file mode 100644 index 583acbba..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/McEliecePKCSCipherSpi.java +++ /dev/null @@ -1,171 +0,0 @@ -package org.bouncycastle.pqc.jcajce.provider.mceliece; - -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.BadPaddingException; -import javax.crypto.IllegalBlockSizeException; - -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.digests.SHA224Digest; -import org.bouncycastle.crypto.digests.SHA256Digest; -import org.bouncycastle.crypto.digests.SHA384Digest; -import org.bouncycastle.crypto.digests.SHA512Digest; -import org.bouncycastle.crypto.params.ParametersWithRandom; -import org.bouncycastle.pqc.crypto.mceliece.McElieceKeyParameters; -import org.bouncycastle.pqc.crypto.mceliece.McEliecePKCSCipher; -import org.bouncycastle.pqc.jcajce.provider.util.AsymmetricBlockCipher; - -public class McEliecePKCSCipherSpi - extends AsymmetricBlockCipher - implements PKCSObjectIdentifiers, X509ObjectIdentifiers -{ - // TODO digest needed? - private Digest digest; - private McEliecePKCSCipher cipher; - - public McEliecePKCSCipherSpi(Digest digest, McEliecePKCSCipher cipher) - { - this.digest = digest; - this.cipher = cipher; - } - - protected void initCipherEncrypt(Key key, AlgorithmParameterSpec params, - SecureRandom sr) - throws InvalidKeyException, - InvalidAlgorithmParameterException - { - - CipherParameters param; - param = McElieceKeysToParams.generatePublicKeyParameter((PublicKey)key); - - param = new ParametersWithRandom(param, sr); - digest.reset(); - cipher.init(true, param); - this.maxPlainTextSize = cipher.maxPlainTextSize; - this.cipherTextSize = cipher.cipherTextSize; - } - - protected void initCipherDecrypt(Key key, AlgorithmParameterSpec params) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - CipherParameters param; - param = McElieceKeysToParams.generatePrivateKeyParameter((PrivateKey)key); - - digest.reset(); - cipher.init(false, param); - this.maxPlainTextSize = cipher.maxPlainTextSize; - this.cipherTextSize = cipher.cipherTextSize; - } - - protected byte[] messageEncrypt(byte[] input) - throws IllegalBlockSizeException, BadPaddingException - { - byte[] output = null; - try - { - output = cipher.messageEncrypt(input); - } - catch (Exception e) - { - e.printStackTrace(); - } - return output; - } - - protected byte[] messageDecrypt(byte[] input) - throws IllegalBlockSizeException, BadPaddingException - { - byte[] output = null; - try - { - output = cipher.messageDecrypt(input); - } - catch (Exception e) - { - e.printStackTrace(); - } - return output; - } - - public String getName() - { - return "McEliecePKCS"; - } - - public int getKeySize(Key key) - throws InvalidKeyException - { - McElieceKeyParameters mcElieceKeyParameters; - if (key instanceof PublicKey) - { - mcElieceKeyParameters = (McElieceKeyParameters)McElieceKeysToParams.generatePublicKeyParameter((PublicKey)key); - } - else - { - mcElieceKeyParameters = (McElieceKeyParameters)McElieceKeysToParams.generatePrivateKeyParameter((PrivateKey)key); - - } - - - return cipher.getKeySize(mcElieceKeyParameters); - } - - ////////////////////////////////////////////////////////////////////////////////// - - static public class McEliecePKCS - extends McEliecePKCSCipherSpi - { - public McEliecePKCS() - { - super(new SHA1Digest(), new McEliecePKCSCipher()); - } - } - - static public class McEliecePKCS224 - extends McEliecePKCSCipherSpi - { - public McEliecePKCS224() - { - super(new SHA224Digest(), new McEliecePKCSCipher()); - } - } - - static public class McEliecePKCS256 - extends McEliecePKCSCipherSpi - { - public McEliecePKCS256() - { - super(new SHA256Digest(), new McEliecePKCSCipher()); - } - } - - static public class McEliecePKCS384 - extends McEliecePKCSCipherSpi - { - public McEliecePKCS384() - { - super(new SHA384Digest(), new McEliecePKCSCipher()); - } - } - - static public class McEliecePKCS512 - extends McEliecePKCSCipherSpi - { - public McEliecePKCS512() - { - super(new SHA512Digest(), new McEliecePKCSCipher()); - } - } - - -} diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/McEliecePointchevalCipherSpi.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/McEliecePointchevalCipherSpi.java deleted file mode 100644 index c9c67ea6..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/mceliece/McEliecePointchevalCipherSpi.java +++ /dev/null @@ -1,247 +0,0 @@ -package org.bouncycastle.pqc.jcajce.provider.mceliece; - -import java.io.ByteArrayOutputStream; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.BadPaddingException; -import javax.crypto.IllegalBlockSizeException; - -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.digests.SHA224Digest; -import org.bouncycastle.crypto.digests.SHA256Digest; -import org.bouncycastle.crypto.digests.SHA384Digest; -import org.bouncycastle.crypto.digests.SHA512Digest; -import org.bouncycastle.crypto.params.ParametersWithRandom; -import org.bouncycastle.pqc.crypto.mceliece.McElieceCCA2KeyParameters; -import org.bouncycastle.pqc.crypto.mceliece.McEliecePointchevalCipher; -import org.bouncycastle.pqc.jcajce.provider.util.AsymmetricHybridCipher; - -public class McEliecePointchevalCipherSpi - extends AsymmetricHybridCipher - implements PKCSObjectIdentifiers, X509ObjectIdentifiers -{ - // TODO digest needed? - private Digest digest; - private McEliecePointchevalCipher cipher; - - /** - * buffer to store the input data - */ - private ByteArrayOutputStream buf = new ByteArrayOutputStream(); - - - protected McEliecePointchevalCipherSpi(Digest digest, McEliecePointchevalCipher cipher) - { - this.digest = digest; - this.cipher = cipher; - buf = new ByteArrayOutputStream(); - } - - /** - * Continue a multiple-part encryption or decryption operation. - * - * @param input byte array containing the next part of the input - * @param inOff index in the array where the input starts - * @param inLen length of the input - * @return the processed byte array. - */ - public byte[] update(byte[] input, int inOff, int inLen) - { - buf.write(input, inOff, inLen); - return new byte[0]; - } - - - /** - * Encrypts or decrypts data in a single-part operation, or finishes a - * multiple-part operation. The data is encrypted or decrypted, depending on - * how this cipher was initialized. - * - * @param input the input buffer - * @param inOff the offset in input where the input starts - * @param inLen the input length - * @return the new buffer with the result - * @throws BadPaddingException on deryption errors. - */ - public byte[] doFinal(byte[] input, int inOff, int inLen) - throws BadPaddingException - { - update(input, inOff, inLen); - byte[] data = buf.toByteArray(); - buf.reset(); - if (opMode == ENCRYPT_MODE) - { - - try - { - return cipher.messageEncrypt(data); - } - catch (Exception e) - { - e.printStackTrace(); - } - - } - else if (opMode == DECRYPT_MODE) - { - - try - { - return cipher.messageDecrypt(data); - } - catch (Exception e) - { - e.printStackTrace(); - } - - } - return null; - } - - protected int encryptOutputSize(int inLen) - { - return 0; - } - - protected int decryptOutputSize(int inLen) - { - return 0; - } - - protected void initCipherEncrypt(Key key, AlgorithmParameterSpec params, - SecureRandom sr) - throws InvalidKeyException, - InvalidAlgorithmParameterException - { - CipherParameters param; - param = McElieceCCA2KeysToParams.generatePublicKeyParameter((PublicKey)key); - - param = new ParametersWithRandom(param, sr); - digest.reset(); - cipher.init(true, param); - } - - protected void initCipherDecrypt(Key key, AlgorithmParameterSpec params) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - CipherParameters param; - param = McElieceCCA2KeysToParams.generatePrivateKeyParameter((PrivateKey)key); - - digest.reset(); - cipher.init(false, param); - } - - public String getName() - { - return "McEliecePointchevalCipher"; - } - - - public int getKeySize(Key key) - throws InvalidKeyException - { - McElieceCCA2KeyParameters mcElieceCCA2KeyParameters; - if (key instanceof PublicKey) - { - mcElieceCCA2KeyParameters = (McElieceCCA2KeyParameters)McElieceCCA2KeysToParams.generatePublicKeyParameter((PublicKey)key); - } - else - { - mcElieceCCA2KeyParameters = (McElieceCCA2KeyParameters)McElieceCCA2KeysToParams.generatePrivateKeyParameter((PrivateKey)key); - } - - return cipher.getKeySize(mcElieceCCA2KeyParameters); - } - - public byte[] messageEncrypt(byte[] input) - throws IllegalBlockSizeException, BadPaddingException, NoSuchAlgorithmException - { - byte[] output = null; - try - { - output = cipher.messageEncrypt(input); - } - catch (Exception e) - { - e.printStackTrace(); - } - return output; - } - - - public byte[] messageDecrypt(byte[] input) - throws IllegalBlockSizeException, BadPaddingException, NoSuchAlgorithmException - { - byte[] output = null; - try - { - output = cipher.messageDecrypt(input); - } - catch (Exception e) - { - e.printStackTrace(); - } - return output; - } - - - //////////////////////////////////////////////////////////////////////////////////77 - - static public class McEliecePointcheval - extends McEliecePointchevalCipherSpi - { - public McEliecePointcheval() - { - super(new SHA1Digest(), new McEliecePointchevalCipher()); - } - } - - static public class McEliecePointcheval224 - extends McEliecePointchevalCipherSpi - { - public McEliecePointcheval224() - { - super(new SHA224Digest(), new McEliecePointchevalCipher()); - } - } - - static public class McEliecePointcheval256 - extends McEliecePointchevalCipherSpi - { - public McEliecePointcheval256() - { - super(new SHA256Digest(), new McEliecePointchevalCipher()); - } - } - - static public class McEliecePointcheval384 - extends McEliecePointchevalCipherSpi - { - public McEliecePointcheval384() - { - super(new SHA384Digest(), new McEliecePointchevalCipher()); - } - } - - static public class McEliecePointcheval512 - extends McEliecePointchevalCipherSpi - { - public McEliecePointcheval512() - { - super(new SHA512Digest(), new McEliecePointchevalCipher()); - } - } - - -} diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/rainbow/BCRainbowPrivateKey.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/rainbow/BCRainbowPrivateKey.java deleted file mode 100644 index 62ea4e2b..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/rainbow/BCRainbowPrivateKey.java +++ /dev/null @@ -1,243 +0,0 @@ -package org.bouncycastle.pqc.jcajce.provider.rainbow; - -import java.io.IOException; -import java.security.PrivateKey; -import java.util.Arrays; - -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.pqc.asn1.PQCObjectIdentifiers; -import org.bouncycastle.pqc.asn1.RainbowPrivateKey; -import org.bouncycastle.pqc.crypto.rainbow.Layer; -import org.bouncycastle.pqc.crypto.rainbow.RainbowPrivateKeyParameters; -import org.bouncycastle.pqc.crypto.rainbow.util.RainbowUtil; -import org.bouncycastle.pqc.jcajce.spec.RainbowPrivateKeySpec; - -/** - * The Private key in Rainbow consists of the linear affine maps L1, L2 and the - * map F, consisting of quadratic polynomials. In this implementation, we - * denote: L1 = A1*x + b1 L2 = A2*x + b2 - * <p/> - * The coefficients of the polynomials in F are stored in 3-dimensional arrays - * per layer. The indices of these arrays denote the polynomial, and the - * variables. - * <p/> - * More detailed information about the private key is to be found in the paper - * of Jintai Ding, Dieter Schmidt: Rainbow, a New Multivariable Polynomial - * Signature Scheme. ACNS 2005: 164-175 (http://dx.doi.org/10.1007/11496137_12) - */ -public class BCRainbowPrivateKey - implements PrivateKey -{ - private static final long serialVersionUID = 1L; - - // the inverse of L1 - private short[][] A1inv; - - // translation vector element of L1 - private short[] b1; - - // the inverse of L2 - private short[][] A2inv; - - // translation vector of L2 - private short[] b2; - - /* - * components of F - */ - private Layer[] layers; - - // set of vinegar vars per layer. - private int[] vi; - - - /** - * Constructor. - * - * @param A1inv - * @param b1 - * @param A2inv - * @param b2 - * @param layers - */ - public BCRainbowPrivateKey(short[][] A1inv, short[] b1, short[][] A2inv, - short[] b2, int[] vi, Layer[] layers) - { - this.A1inv = A1inv; - this.b1 = b1; - this.A2inv = A2inv; - this.b2 = b2; - this.vi = vi; - this.layers = layers; - } - - /** - * Constructor (used by the {@link RainbowKeyFactorySpi}). - * - * @param keySpec a {@link RainbowPrivateKeySpec} - */ - public BCRainbowPrivateKey(RainbowPrivateKeySpec keySpec) - { - this(keySpec.getInvA1(), keySpec.getB1(), keySpec.getInvA2(), keySpec - .getB2(), keySpec.getVi(), keySpec.getLayers()); - } - - public BCRainbowPrivateKey( - RainbowPrivateKeyParameters params) - { - this(params.getInvA1(), params.getB1(), params.getInvA2(), params.getB2(), params.getVi(), params.getLayers()); - } - - /** - * Getter for the inverse matrix of A1. - * - * @return the A1inv inverse - */ - public short[][] getInvA1() - { - return this.A1inv; - } - - /** - * Getter for the translation part of the private quadratic map L1. - * - * @return b1 the translation part of L1 - */ - public short[] getB1() - { - return this.b1; - } - - /** - * Getter for the translation part of the private quadratic map L2. - * - * @return b2 the translation part of L2 - */ - public short[] getB2() - { - return this.b2; - } - - /** - * Getter for the inverse matrix of A2 - * - * @return the A2inv - */ - public short[][] getInvA2() - { - return this.A2inv; - } - - /** - * Returns the layers contained in the private key - * - * @return layers - */ - public Layer[] getLayers() - { - return this.layers; - } - - /** - * Returns the array of vi-s - * - * @return the vi - */ - public int[] getVi() - { - return vi; - } - - /** - * Compare this Rainbow private key with another object. - * - * @param other the other object - * @return the result of the comparison - */ - public boolean equals(Object other) - { - if (other == null || !(other instanceof BCRainbowPrivateKey)) - { - return false; - } - BCRainbowPrivateKey otherKey = (BCRainbowPrivateKey)other; - - boolean eq = true; - // compare using shortcut rule ( && instead of &) - eq = eq && RainbowUtil.equals(A1inv, otherKey.getInvA1()); - eq = eq && RainbowUtil.equals(A2inv, otherKey.getInvA2()); - eq = eq && RainbowUtil.equals(b1, otherKey.getB1()); - eq = eq && RainbowUtil.equals(b2, otherKey.getB2()); - eq = eq && Arrays.equals(vi, otherKey.getVi()); - if (layers.length != otherKey.getLayers().length) - { - return false; - } - for (int i = layers.length - 1; i >= 0; i--) - { - eq &= layers[i].equals(otherKey.getLayers()[i]); - } - return eq; - } - - public int hashCode() - { - int hash = layers.length; - - hash = hash * 37 + org.bouncycastle.util.Arrays.hashCode(A1inv); - hash = hash * 37 + org.bouncycastle.util.Arrays.hashCode(b1); - hash = hash * 37 + org.bouncycastle.util.Arrays.hashCode(A2inv); - hash = hash * 37 + org.bouncycastle.util.Arrays.hashCode(b2); - hash = hash * 37 + org.bouncycastle.util.Arrays.hashCode(vi); - - for (int i = layers.length - 1; i >= 0; i--) - { - hash = hash * 37 + layers[i].hashCode(); - } - - - return hash; - } - - /** - * @return name of the algorithm - "Rainbow" - */ - public final String getAlgorithm() - { - return "Rainbow"; - } - - public byte[] getEncoded() - { - RainbowPrivateKey privateKey = new RainbowPrivateKey(A1inv, b1, A2inv, b2, vi, layers); - - PrivateKeyInfo pki; - try - { - AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PQCObjectIdentifiers.rainbow, DERNull.INSTANCE); - pki = new PrivateKeyInfo(algorithmIdentifier, privateKey); - } - catch (IOException e) - { - e.printStackTrace(); - return null; - } - try - { - byte[] encoded = pki.getEncoded(); - return encoded; - } - catch (IOException e) - { - e.printStackTrace(); - return null; - } - } - - public String getFormat() - { - return "PKCS#8"; - } -} diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/rainbow/BCRainbowPublicKey.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/rainbow/BCRainbowPublicKey.java deleted file mode 100644 index 453cb615..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/rainbow/BCRainbowPublicKey.java +++ /dev/null @@ -1,170 +0,0 @@ -package org.bouncycastle.pqc.jcajce.provider.rainbow; - -import java.security.PublicKey; - -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.pqc.asn1.PQCObjectIdentifiers; -import org.bouncycastle.pqc.asn1.RainbowPublicKey; -import org.bouncycastle.pqc.crypto.rainbow.RainbowParameters; -import org.bouncycastle.pqc.crypto.rainbow.RainbowPublicKeyParameters; -import org.bouncycastle.pqc.crypto.rainbow.util.RainbowUtil; -import org.bouncycastle.pqc.jcajce.provider.util.KeyUtil; -import org.bouncycastle.pqc.jcajce.spec.RainbowPublicKeySpec; -import org.bouncycastle.util.Arrays; - -/** - * This class implements CipherParameters and PublicKey. - * <p/> - * The public key in Rainbow consists of n - v1 polynomial components of the - * private key's F and the field structure of the finite field k. - * <p/> - * The quadratic (or mixed) coefficients of the polynomials from the public key - * are stored in the 2-dimensional array in lexicographical order, requiring n * - * (n + 1) / 2 entries for each polynomial. The singular terms are stored in a - * 2-dimensional array requiring n entries per polynomial, the scalar term of - * each polynomial is stored in a 1-dimensional array. - * <p/> - * More detailed information on the public key is to be found in the paper of - * Jintai Ding, Dieter Schmidt: Rainbow, a New Multivariable Polynomial - * Signature Scheme. ACNS 2005: 164-175 (http://dx.doi.org/10.1007/11496137_12) - */ -public class BCRainbowPublicKey - implements PublicKey -{ - private static final long serialVersionUID = 1L; - - private short[][] coeffquadratic; - private short[][] coeffsingular; - private short[] coeffscalar; - private int docLength; // length of possible document to sign - - private RainbowParameters rainbowParams; - - /** - * Constructor - * - * @param docLength - * @param coeffQuadratic - * @param coeffSingular - * @param coeffScalar - */ - public BCRainbowPublicKey(int docLength, - short[][] coeffQuadratic, short[][] coeffSingular, - short[] coeffScalar) - { - this.docLength = docLength; - this.coeffquadratic = coeffQuadratic; - this.coeffsingular = coeffSingular; - this.coeffscalar = coeffScalar; - } - - /** - * Constructor (used by the {@link RainbowKeyFactorySpi}). - * - * @param keySpec a {@link RainbowPublicKeySpec} - */ - public BCRainbowPublicKey(RainbowPublicKeySpec keySpec) - { - this(keySpec.getDocLength(), keySpec.getCoeffQuadratic(), keySpec - .getCoeffSingular(), keySpec.getCoeffScalar()); - } - - public BCRainbowPublicKey( - RainbowPublicKeyParameters params) - { - this(params.getDocLength(), params.getCoeffQuadratic(), params.getCoeffSingular(), params.getCoeffScalar()); - } - - /** - * @return the docLength - */ - public int getDocLength() - { - return this.docLength; - } - - /** - * @return the coeffQuadratic - */ - public short[][] getCoeffQuadratic() - { - return coeffquadratic; - } - - /** - * @return the coeffSingular - */ - public short[][] getCoeffSingular() - { - short[][] copy = new short[coeffsingular.length][]; - - for (int i = 0; i != coeffsingular.length; i++) - { - copy[i] = Arrays.clone(coeffsingular[i]); - } - - return copy; - } - - - /** - * @return the coeffScalar - */ - public short[] getCoeffScalar() - { - return Arrays.clone(coeffscalar); - } - - /** - * Compare this Rainbow public key with another object. - * - * @param other the other object - * @return the result of the comparison - */ - public boolean equals(Object other) - { - if (other == null || !(other instanceof BCRainbowPublicKey)) - { - return false; - } - BCRainbowPublicKey otherKey = (BCRainbowPublicKey)other; - - return docLength == otherKey.getDocLength() - && RainbowUtil.equals(coeffquadratic, otherKey.getCoeffQuadratic()) - && RainbowUtil.equals(coeffsingular, otherKey.getCoeffSingular()) - && RainbowUtil.equals(coeffscalar, otherKey.getCoeffScalar()); - } - - public int hashCode() - { - int hash = docLength; - - hash = hash * 37 + Arrays.hashCode(coeffquadratic); - hash = hash * 37 + Arrays.hashCode(coeffsingular); - hash = hash * 37 + Arrays.hashCode(coeffscalar); - - return hash; - } - - /** - * @return name of the algorithm - "Rainbow" - */ - public final String getAlgorithm() - { - return "Rainbow"; - } - - public String getFormat() - { - return "X.509"; - } - - public byte[] getEncoded() - { - RainbowPublicKey key = new RainbowPublicKey(docLength, coeffquadratic, coeffsingular, coeffscalar); - AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PQCObjectIdentifiers.rainbow, DERNull.INSTANCE); - - return KeyUtil.getEncodedSubjectPublicKeyInfo(algorithmIdentifier, key); - } -} diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/rainbow/RainbowKeyFactorySpi.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/rainbow/RainbowKeyFactorySpi.java deleted file mode 100644 index c08fb8b0..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/rainbow/RainbowKeyFactorySpi.java +++ /dev/null @@ -1,236 +0,0 @@ -package org.bouncycastle.pqc.jcajce.provider.rainbow; - -import java.io.IOException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.KeyFactorySpi; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.KeySpec; -import java.security.spec.PKCS8EncodedKeySpec; -import java.security.spec.X509EncodedKeySpec; - -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter; -import org.bouncycastle.pqc.asn1.RainbowPrivateKey; -import org.bouncycastle.pqc.asn1.RainbowPublicKey; -import org.bouncycastle.pqc.jcajce.spec.RainbowPrivateKeySpec; -import org.bouncycastle.pqc.jcajce.spec.RainbowPublicKeySpec; - - -/** - * This class transforms Rainbow keys and Rainbow key specifications. - * - * @see BCRainbowPublicKey - * @see RainbowPublicKeySpec - * @see BCRainbowPrivateKey - * @see RainbowPrivateKeySpec - */ -public class RainbowKeyFactorySpi - extends KeyFactorySpi - implements AsymmetricKeyInfoConverter -{ - /** - * Converts, if possible, a key specification into a - * {@link BCRainbowPrivateKey}. Currently, the following key specifications - * are supported: {@link RainbowPrivateKeySpec}, {@link PKCS8EncodedKeySpec}. - * <p/> - * <p/> - * <p/> - * The ASN.1 definition of the key structure is - * <p/> - * <pre> - * RainbowPrivateKey ::= SEQUENCE { - * oid OBJECT IDENTIFIER -- OID identifying the algorithm - * A1inv SEQUENCE OF OCTET STRING -- inversed matrix of L1 - * b1 OCTET STRING -- translation vector of L1 - * A2inv SEQUENCE OF OCTET STRING -- inversed matrix of L2 - * b2 OCTET STRING -- translation vector of L2 - * vi OCTET STRING -- num of elmts in each Set S - * layers SEQUENCE OF Layer -- layers of F - * } - * - * Layer ::= SEQUENCE OF Poly - * Poly ::= SEQUENCE { - * alpha SEQUENCE OF OCTET STRING - * beta SEQUENCE OF OCTET STRING - * gamma OCTET STRING - * eta OCTET - * } - * </pre> - * <p/> - * <p/> - * - * @param keySpec the key specification - * @return the Rainbow private key - * @throws InvalidKeySpecException if the KeySpec is not supported. - */ - public PrivateKey engineGeneratePrivate(KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof RainbowPrivateKeySpec) - { - return new BCRainbowPrivateKey((RainbowPrivateKeySpec)keySpec); - } - else if (keySpec instanceof PKCS8EncodedKeySpec) - { - // get the DER-encoded Key according to PKCS#8 from the spec - byte[] encKey = ((PKCS8EncodedKeySpec)keySpec).getEncoded(); - - try - { - return generatePrivate(PrivateKeyInfo.getInstance(ASN1Primitive.fromByteArray(encKey))); - } - catch (Exception e) - { - throw new InvalidKeySpecException(e.toString()); - } - } - - throw new InvalidKeySpecException("Unsupported key specification: " - + keySpec.getClass() + "."); - } - - /** - * Converts, if possible, a key specification into a - * {@link BCRainbowPublicKey}. Currently, the following key specifications are - * supported:{@link X509EncodedKeySpec}. - * <p/> - * <p/> - * <p/> - * The ASN.1 definition of a public key's structure is - * <p/> - * <pre> - * RainbowPublicKey ::= SEQUENCE { - * oid OBJECT IDENTIFIER -- OID identifying the algorithm - * docLength Integer -- length of signable msg - * coeffquadratic SEQUENCE OF OCTET STRING -- quadratic (mixed) coefficients - * coeffsingular SEQUENCE OF OCTET STRING -- singular coefficients - * coeffscalar OCTET STRING -- scalar coefficients - * } - * </pre> - * <p/> - * <p/> - * - * @param keySpec the key specification - * @return the Rainbow public key - * @throws InvalidKeySpecException if the KeySpec is not supported. - */ - public PublicKey engineGeneratePublic(KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof RainbowPublicKeySpec) - { - return new BCRainbowPublicKey((RainbowPublicKeySpec)keySpec); - } - else if (keySpec instanceof X509EncodedKeySpec) - { - // get the DER-encoded Key according to X.509 from the spec - byte[] encKey = ((X509EncodedKeySpec)keySpec).getEncoded(); - - // decode the SubjectPublicKeyInfo data structure to the pki object - try - { - return generatePublic(SubjectPublicKeyInfo.getInstance(encKey)); - } - catch (Exception e) - { - throw new InvalidKeySpecException(e.toString()); - } - } - - throw new InvalidKeySpecException("Unknown key specification: " + keySpec + "."); - } - - /** - * Converts a given key into a key specification, if possible. Currently the - * following specs are supported: - * <ul> - * <li>for RainbowPublicKey: X509EncodedKeySpec, RainbowPublicKeySpec - * <li>for RainbowPrivateKey: PKCS8EncodedKeySpec, RainbowPrivateKeySpec - * </ul> - * - * @param key the key - * @param keySpec the key specification - * @return the specification of the CMSS key - * @throws InvalidKeySpecException if the key type or key specification is not supported. - */ - public final KeySpec engineGetKeySpec(Key key, Class keySpec) - throws InvalidKeySpecException - { - if (key instanceof BCRainbowPrivateKey) - { - if (PKCS8EncodedKeySpec.class.isAssignableFrom(keySpec)) - { - return new PKCS8EncodedKeySpec(key.getEncoded()); - } - else if (RainbowPrivateKeySpec.class.isAssignableFrom(keySpec)) - { - BCRainbowPrivateKey privKey = (BCRainbowPrivateKey)key; - return new RainbowPrivateKeySpec(privKey.getInvA1(), privKey - .getB1(), privKey.getInvA2(), privKey.getB2(), privKey - .getVi(), privKey.getLayers()); - } - } - else if (key instanceof BCRainbowPublicKey) - { - if (X509EncodedKeySpec.class.isAssignableFrom(keySpec)) - { - return new X509EncodedKeySpec(key.getEncoded()); - } - else if (RainbowPublicKeySpec.class.isAssignableFrom(keySpec)) - { - BCRainbowPublicKey pubKey = (BCRainbowPublicKey)key; - return new RainbowPublicKeySpec(pubKey.getDocLength(), pubKey - .getCoeffQuadratic(), pubKey.getCoeffSingular(), pubKey - .getCoeffScalar()); - } - } - else - { - throw new InvalidKeySpecException("Unsupported key type: " - + key.getClass() + "."); - } - - throw new InvalidKeySpecException("Unknown key specification: " - + keySpec + "."); - } - - /** - * Translates a key into a form known by the FlexiProvider. Currently the - * following key types are supported: RainbowPrivateKey, RainbowPublicKey. - * - * @param key the key - * @return a key of a known key type - * @throws InvalidKeyException if the key is not supported. - */ - public final Key engineTranslateKey(Key key) - throws InvalidKeyException - { - if (key instanceof BCRainbowPrivateKey || key instanceof BCRainbowPublicKey) - { - return key; - } - - throw new InvalidKeyException("Unsupported key type"); - } - - public PrivateKey generatePrivate(PrivateKeyInfo keyInfo) - throws IOException - { - RainbowPrivateKey pKey = RainbowPrivateKey.getInstance(keyInfo.parsePrivateKey()); - - return new BCRainbowPrivateKey(pKey.getInvA1(), pKey.getB1(), pKey.getInvA2(), pKey.getB2(), pKey.getVi(), pKey.getLayers()); - } - - public PublicKey generatePublic(SubjectPublicKeyInfo keyInfo) - throws IOException - { - RainbowPublicKey pKey = RainbowPublicKey.getInstance(keyInfo.parsePublicKey()); - - return new BCRainbowPublicKey(pKey.getDocLength(), pKey.getCoeffQuadratic(), pKey.getCoeffSingular(), pKey.getCoeffScalar()); - } -} diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/rainbow/RainbowKeyPairGeneratorSpi.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/rainbow/RainbowKeyPairGeneratorSpi.java deleted file mode 100644 index e64d53be..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/rainbow/RainbowKeyPairGeneratorSpi.java +++ /dev/null @@ -1,72 +0,0 @@ -package org.bouncycastle.pqc.jcajce.provider.rainbow; - -import java.security.InvalidAlgorithmParameterException; -import java.security.KeyPair; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; - -import org.bouncycastle.crypto.AsymmetricCipherKeyPair; -import org.bouncycastle.pqc.crypto.rainbow.RainbowKeyGenerationParameters; -import org.bouncycastle.pqc.crypto.rainbow.RainbowKeyPairGenerator; -import org.bouncycastle.pqc.crypto.rainbow.RainbowParameters; -import org.bouncycastle.pqc.crypto.rainbow.RainbowPrivateKeyParameters; -import org.bouncycastle.pqc.crypto.rainbow.RainbowPublicKeyParameters; -import org.bouncycastle.pqc.jcajce.spec.RainbowParameterSpec; - -public class RainbowKeyPairGeneratorSpi - extends java.security.KeyPairGenerator -{ - RainbowKeyGenerationParameters param; - RainbowKeyPairGenerator engine = new RainbowKeyPairGenerator(); - int strength = 1024; - SecureRandom random = new SecureRandom(); - boolean initialised = false; - - public RainbowKeyPairGeneratorSpi() - { - super("Rainbow"); - } - - public void initialize( - int strength, - SecureRandom random) - { - this.strength = strength; - this.random = random; - } - - public void initialize( - AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - if (!(params instanceof RainbowParameterSpec)) - { - throw new InvalidAlgorithmParameterException("parameter object not a RainbowParameterSpec"); - } - RainbowParameterSpec rainbowParams = (RainbowParameterSpec)params; - - param = new RainbowKeyGenerationParameters(random, new RainbowParameters(rainbowParams.getVi())); - - engine.init(param); - initialised = true; - } - - public KeyPair generateKeyPair() - { - if (!initialised) - { - param = new RainbowKeyGenerationParameters(random, new RainbowParameters(new RainbowParameterSpec().getVi())); - - engine.init(param); - initialised = true; - } - - AsymmetricCipherKeyPair pair = engine.generateKeyPair(); - RainbowPublicKeyParameters pub = (RainbowPublicKeyParameters)pair.getPublic(); - RainbowPrivateKeyParameters priv = (RainbowPrivateKeyParameters)pair.getPrivate(); - - return new KeyPair(new BCRainbowPublicKey(pub), - new BCRainbowPrivateKey(priv)); - } -} diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/rainbow/RainbowKeysToParams.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/rainbow/RainbowKeysToParams.java deleted file mode 100644 index f5c573a4..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/rainbow/RainbowKeysToParams.java +++ /dev/null @@ -1,49 +0,0 @@ -package org.bouncycastle.pqc.jcajce.provider.rainbow; - -import java.security.InvalidKeyException; -import java.security.PrivateKey; -import java.security.PublicKey; - -import org.bouncycastle.crypto.params.AsymmetricKeyParameter; -import org.bouncycastle.pqc.crypto.rainbow.RainbowPrivateKeyParameters; -import org.bouncycastle.pqc.crypto.rainbow.RainbowPublicKeyParameters; - - -/** - * utility class for converting jce/jca Rainbow objects - * objects into their org.bouncycastle.crypto counterparts. - */ - -public class RainbowKeysToParams -{ - static public AsymmetricKeyParameter generatePublicKeyParameter( - PublicKey key) - throws InvalidKeyException - { - if (key instanceof BCRainbowPublicKey) - { - BCRainbowPublicKey k = (BCRainbowPublicKey)key; - - return new RainbowPublicKeyParameters(k.getDocLength(), k.getCoeffQuadratic(), - k.getCoeffSingular(), k.getCoeffScalar()); - } - - throw new InvalidKeyException("can't identify Rainbow public key: " + key.getClass().getName()); - } - - static public AsymmetricKeyParameter generatePrivateKeyParameter( - PrivateKey key) - throws InvalidKeyException - { - if (key instanceof BCRainbowPrivateKey) - { - BCRainbowPrivateKey k = (BCRainbowPrivateKey)key; - return new RainbowPrivateKeyParameters(k.getInvA1(), k.getB1(), - k.getInvA2(), k.getB2(), k.getVi(), k.getLayers()); - } - - throw new InvalidKeyException("can't identify Rainbow private key."); - } -} - - diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/rainbow/SignatureSpi.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/rainbow/SignatureSpi.java deleted file mode 100644 index e118ed68..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/rainbow/SignatureSpi.java +++ /dev/null @@ -1,164 +0,0 @@ -package org.bouncycastle.pqc.jcajce.provider.rainbow; - -import java.security.InvalidKeyException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.SignatureException; -import java.security.spec.AlgorithmParameterSpec; - -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.SHA224Digest; -import org.bouncycastle.crypto.digests.SHA256Digest; -import org.bouncycastle.crypto.digests.SHA384Digest; -import org.bouncycastle.crypto.digests.SHA512Digest; -import org.bouncycastle.crypto.params.ParametersWithRandom; -import org.bouncycastle.pqc.crypto.rainbow.RainbowSigner; - -/** - * Rainbow Signature class, extending the jce SignatureSpi. - */ -public class SignatureSpi - extends java.security.SignatureSpi -{ - private Digest digest; - private RainbowSigner signer; - private SecureRandom random; - - protected SignatureSpi(Digest digest, RainbowSigner signer) - { - this.digest = digest; - this.signer = signer; - } - - protected void engineInitVerify(PublicKey publicKey) - throws InvalidKeyException - { - CipherParameters param; - param = RainbowKeysToParams.generatePublicKeyParameter(publicKey); - - digest.reset(); - signer.init(false, param); - } - - protected void engineInitSign(PrivateKey privateKey, SecureRandom random) - throws InvalidKeyException - { - this.random = random; - engineInitSign(privateKey); - } - - protected void engineInitSign(PrivateKey privateKey) - throws InvalidKeyException - { - CipherParameters param; - param = RainbowKeysToParams.generatePrivateKeyParameter(privateKey); - - if (random != null) - { - param = new ParametersWithRandom(param, random); - } - - digest.reset(); - signer.init(true, param); - - } - - protected void engineUpdate(byte b) - throws SignatureException - { - digest.update(b); - } - - protected void engineUpdate(byte[] b, int off, int len) - throws SignatureException - { - digest.update(b, off, len); - } - - protected byte[] engineSign() - throws SignatureException - { - byte[] hash = new byte[digest.getDigestSize()]; - digest.doFinal(hash, 0); - try - { - byte[] sig = signer.generateSignature(hash); - - return sig; - } - catch (Exception e) - { - throw new SignatureException(e.toString()); - } - } - - protected boolean engineVerify(byte[] sigBytes) - throws SignatureException - { - byte[] hash = new byte[digest.getDigestSize()]; - digest.doFinal(hash, 0); - return signer.verifySignature(hash, sigBytes); - } - - protected void engineSetParameter(AlgorithmParameterSpec params) - { - throw new UnsupportedOperationException("engineSetParameter unsupported"); - } - - /** - * @deprecated replaced with <a href = - * "#engineSetParameter(java.security.spec.AlgorithmParameterSpec)" - * > - */ - protected void engineSetParameter(String param, Object value) - { - throw new UnsupportedOperationException("engineSetParameter unsupported"); - } - - /** - * @deprecated - */ - protected Object engineGetParameter(String param) - { - throw new UnsupportedOperationException("engineSetParameter unsupported"); - } - - - static public class withSha224 - extends SignatureSpi - { - public withSha224() - { - super(new SHA224Digest(), new RainbowSigner()); - } - } - - static public class withSha256 - extends SignatureSpi - { - public withSha256() - { - super(new SHA256Digest(), new RainbowSigner()); - } - } - - static public class withSha384 - extends SignatureSpi - { - public withSha384() - { - super(new SHA384Digest(), new RainbowSigner()); - } - } - - static public class withSha512 - extends SignatureSpi - { - public withSha512() - { - super(new SHA512Digest(), new RainbowSigner()); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/util/AsymmetricBlockCipher.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/util/AsymmetricBlockCipher.java deleted file mode 100644 index 29eb87c8..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/util/AsymmetricBlockCipher.java +++ /dev/null @@ -1,522 +0,0 @@ -package org.bouncycastle.pqc.jcajce.provider.util; - -import java.io.ByteArrayOutputStream; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.InvalidParameterException; -import java.security.Key; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.BadPaddingException; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.ShortBufferException; - - -/** - * The AsymmetricBlockCipher class extends CipherSpiExt. - * NOTE: Some Ciphers are using Padding. OneAndZeroesPadding is used as default - * padding. However padding can still be specified, but mode is not supported; - * if you try to instantiate the cipher with something else than "NONE" as mode - * NoSuchAlgorithmException is thrown. - */ -public abstract class AsymmetricBlockCipher - extends CipherSpiExt -{ - - /** - * ParameterSpec used with this cipher - */ - protected AlgorithmParameterSpec paramSpec; - - /** - * Internal buffer - */ - protected ByteArrayOutputStream buf; - - /** - * The maximum number of bytes the cipher can decrypt. - */ - protected int maxPlainTextSize; - - /** - * The maximum number of bytes the cipher can encrypt. - */ - protected int cipherTextSize; - - /** - * The AsymmetricBlockCipher() constructor - */ - public AsymmetricBlockCipher() - { - buf = new ByteArrayOutputStream(); - } - - /** - * Return the block size (in bytes). Note: although the ciphers extending - * this class are not block ciphers, the method was adopted to return the - * maximal plaintext and ciphertext sizes for non hybrid ciphers. If the - * cipher is hybrid, it returns 0. - * - * @return if the cipher is not a hybrid one the max plain/cipher text size - * is returned, otherwise 0 is returned - */ - public final int getBlockSize() - { - return opMode == ENCRYPT_MODE ? maxPlainTextSize : cipherTextSize; - } - - /** - * @return <tt>null</tt> since no initialization vector is used. - */ - public final byte[] getIV() - { - return null; - } - - /** - * Return the length in bytes that an output buffer would need to be in - * order to hold the result of the next update or doFinal operation, given - * the input length <tt>inLen</tt> (in bytes). This call takes into - * account any unprocessed (buffered) data from a previous update call, and - * padding. The actual output length of the next update() or doFinal() call - * may be smaller than the length returned by this method. - * <p/> - * If the input length plus the length of the buffered data exceeds the - * maximum length, <tt>0</tt> is returned. - * - * @param inLen the length of the input - * @return the length of the ciphertext or <tt>0</tt> if the input is too - * long. - */ - public final int getOutputSize(int inLen) - { - - int totalLen = inLen + buf.size(); - - int maxLen = getBlockSize(); - - if (totalLen > maxLen) - { - // the length of the input exceeds the maximal supported length - return 0; - } - - return maxLen; - } - - /** - * <p/> - * Returns the parameters used with this cipher. - * <p/> - * The returned parameters may be the same that were used to initialize this - * cipher, or may contain the default set of parameters or a set of randomly - * generated parameters used by the underlying cipher implementation - * (provided that the underlying cipher implementation uses a default set of - * parameters or creates new parameters if it needs parameters but was not - * initialized with any). - * <p/> - * - * @return the parameters used with this cipher, or null if this cipher does - * not use any parameters. - */ - public final AlgorithmParameterSpec getParameters() - { - return paramSpec; - } - - /** - * Initializes the cipher for encryption by forwarding it to - * initEncrypt(Key, FlexiSecureRandom). - * <p/> - * <p/> - * If this cipher requires any algorithm parameters that cannot be derived - * from the given key, the underlying cipher implementation is supposed to - * generate the required parameters itself (using provider-specific default - * or random values) if it is being initialized for encryption, and raise an - * InvalidKeyException if it is being initialized for decryption. The - * generated parameters can be retrieved using engineGetParameters or - * engineGetIV (if the parameter is an IV). - * - * @param key the encryption or decryption key. - * @throws InvalidKeyException if the given key is inappropriate for initializing this - * cipher. - */ - public final void initEncrypt(Key key) - throws InvalidKeyException - { - try - { - initEncrypt(key, null, new SecureRandom()); - } - catch (InvalidAlgorithmParameterException e) - { - throw new InvalidParameterException( - "This cipher needs algorithm parameters for initialization (cannot be null)."); - } - } - - /** - * Initialize this cipher for encryption by forwarding it to - * initEncrypt(Key, FlexiSecureRandom, AlgorithmParameterSpec). - * <p/> - * If this cipher requires any algorithm parameters that cannot be derived - * from the given key, the underlying cipher implementation is supposed to - * generate the required parameters itself (using provider-specific default - * or random values) if it is being initialized for encryption, and raise an - * InvalidKeyException if it is being initialized for decryption. The - * generated parameters can be retrieved using engineGetParameters or - * engineGetIV (if the parameter is an IV). - * - * @param key the encryption or decryption key. - * @param random the source of randomness. - * @throws InvalidKeyException if the given key is inappropriate for initializing this - * cipher. - */ - public final void initEncrypt(Key key, SecureRandom random) - throws InvalidKeyException - { - - try - { - initEncrypt(key, null, random); - } - catch (InvalidAlgorithmParameterException iape) - { - throw new InvalidParameterException( - "This cipher needs algorithm parameters for initialization (cannot be null)."); - } - } - - /** - * Initializes the cipher for encryption by forwarding it to - * initEncrypt(Key, FlexiSecureRandom, AlgorithmParameterSpec). - * - * @param key the encryption or decryption key. - * @param params the algorithm parameters. - * @throws InvalidKeyException if the given key is inappropriate for initializing this - * cipher. - * @throws InvalidAlgorithmParameterException if the given algortihm parameters are inappropriate for - * this cipher, or if this cipher is being initialized for - * decryption and requires algorithm parameters and params - * is null. - */ - public final void initEncrypt(Key key, AlgorithmParameterSpec params) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - initEncrypt(key, params, new SecureRandom()); - } - - /** - * This method initializes the AsymmetricBlockCipher with a certain key for - * data encryption. - * <p/> - * If this cipher (including its underlying feedback or padding scheme) - * requires any random bytes (e.g., for parameter generation), it will get - * them from random. - * <p/> - * Note that when a Cipher object is initialized, it loses all - * previously-acquired state. In other words, initializing a Cipher is - * equivalent to creating a new instance of that Cipher and initializing it - * <p/> - * - * @param key the key which has to be used to encrypt data. - * @param secureRandom the source of randomness. - * @param params the algorithm parameters. - * @throws InvalidKeyException if the given key is inappropriate for initializing this - * cipher - * @throws InvalidAlgorithmParameterException if the given algorithm parameters are inappropriate for - * this cipher, or if this cipher is being initialized for - * decryption and requires algorithm parameters and params - * is null. - */ - public final void initEncrypt(Key key, AlgorithmParameterSpec params, - SecureRandom secureRandom) - throws InvalidKeyException, - InvalidAlgorithmParameterException - { - opMode = ENCRYPT_MODE; - initCipherEncrypt(key, params, secureRandom); - } - - /** - * Initialize the cipher for decryption by forwarding it to - * {@link #initDecrypt(Key, AlgorithmParameterSpec)}. - * <p/> - * If this cipher requires any algorithm parameters that cannot be derived - * from the given key, the underlying cipher implementation is supposed to - * generate the required parameters itself (using provider-specific default - * or random values) if it is being initialized for encryption, and raise an - * InvalidKeyException if it is being initialized for decryption. The - * generated parameters can be retrieved using engineGetParameters or - * engineGetIV (if the parameter is an IV). - * - * @param key the encryption or decryption key. - * @throws InvalidKeyException if the given key is inappropriate for initializing this - * cipher. - */ - public final void initDecrypt(Key key) - throws InvalidKeyException - { - try - { - initDecrypt(key, null); - } - catch (InvalidAlgorithmParameterException iape) - { - throw new InvalidParameterException( - "This cipher needs algorithm parameters for initialization (cannot be null)."); - } - } - - /** - * This method initializes the AsymmetricBlockCipher with a certain key for - * data decryption. - * <p/> - * If this cipher (including its underlying feedback or padding scheme) - * requires any random bytes (e.g., for parameter generation), it will get - * them from random. - * <p/> - * Note that when a Cipher object is initialized, it loses all - * previously-acquired state. In other words, initializing a Cipher is - * equivalent to creating a new instance of that Cipher and initializing it - * <p/> - * - * @param key the key which has to be used to decrypt data. - * @param params the algorithm parameters. - * @throws InvalidKeyException if the given key is inappropriate for initializing this - * cipher - * @throws InvalidAlgorithmParameterException if the given algorithm parameters are inappropriate for - * this cipher, or if this cipher is being initialized for - * decryption and requires algorithm parameters and params - * is null. - */ - public final void initDecrypt(Key key, AlgorithmParameterSpec params) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - opMode = DECRYPT_MODE; - initCipherDecrypt(key, params); - } - - /** - * Continue a multiple-part encryption or decryption operation. This method - * just writes the input into an internal buffer. - * - * @param input byte array containing the next part of the input - * @param inOff index in the array where the input starts - * @param inLen length of the input - * @return a new buffer with the result (always empty) - */ - public final byte[] update(byte[] input, int inOff, int inLen) - { - if (inLen != 0) - { - buf.write(input, inOff, inLen); - } - return new byte[0]; - } - - /** - * Continue a multiple-part encryption or decryption operation (depending on - * how this cipher was initialized), processing another data part. - * - * @param input the input buffer - * @param inOff the offset where the input starts - * @param inLen the input length - * @param output the output buffer - * @param outOff the offset where the result is stored - * @return the length of the output (always 0) - */ - public final int update(byte[] input, int inOff, int inLen, byte[] output, - int outOff) - { - update(input, inOff, inLen); - return 0; - } - - /** - * Finish a multiple-part encryption or decryption operation (depending on - * how this cipher was initialized). - * - * @param input the input buffer - * @param inOff the offset where the input starts - * @param inLen the input length - * @return a new buffer with the result - * @throws IllegalBlockSizeException if the plaintext or ciphertext size is too large. - * @throws BadPaddingException if the ciphertext is invalid. - */ - public final byte[] doFinal(byte[] input, int inOff, int inLen) - throws IllegalBlockSizeException, BadPaddingException - { - - checkLength(inLen); - update(input, inOff, inLen); - byte[] mBytes = buf.toByteArray(); - buf.reset(); - - switch (opMode) - { - case ENCRYPT_MODE: - return messageEncrypt(mBytes); - - case DECRYPT_MODE: - return messageDecrypt(mBytes); - - default: - return null; - - } - } - - /** - * Finish a multiple-part encryption or decryption operation (depending on - * how this cipher was initialized). - * - * @param input the input buffer - * @param inOff the offset where the input starts - * @param inLen the input length - * @param output the buffer for the result - * @param outOff the offset where the result is stored - * @return the output length - * @throws ShortBufferException if the output buffer is too small to hold the result. - * @throws IllegalBlockSizeException if the plaintext or ciphertext size is too large. - * @throws BadPaddingException if the ciphertext is invalid. - */ - public final int doFinal(byte[] input, int inOff, int inLen, byte[] output, - int outOff) - throws ShortBufferException, IllegalBlockSizeException, - BadPaddingException - { - - if (output.length < getOutputSize(inLen)) - { - throw new ShortBufferException("Output buffer too short."); - } - - byte[] out = doFinal(input, inOff, inLen); - System.arraycopy(out, 0, output, outOff, out.length); - return out.length; - } - - /** - * Since asymmetric block ciphers do not support modes, this method does - * nothing. - * - * @param modeName the cipher mode (unused) - */ - protected final void setMode(String modeName) - { - // empty - } - - /** - * Since asymmetric block ciphers do not support padding, this method does - * nothing. - * - * @param paddingName the name of the padding scheme (not used) - */ - protected final void setPadding(String paddingName) - { - // empty - } - - /** - * Check if the message length plus the length of the input length can be - * en/decrypted. This method uses the specific values - * {@link #maxPlainTextSize} and {@link #cipherTextSize} which are set by - * the implementations. If the input length plus the length of the internal - * buffer is greater than {@link #maxPlainTextSize} for encryption or not - * equal to {@link #cipherTextSize} for decryption, an - * {@link IllegalBlockSizeException} will be thrown. - * - * @param inLen length of the input to check - * @throws IllegalBlockSizeException if the input length is invalid. - */ - protected void checkLength(int inLen) - throws IllegalBlockSizeException - { - - int inLength = inLen + buf.size(); - - if (opMode == ENCRYPT_MODE) - { - if (inLength > maxPlainTextSize) - { - throw new IllegalBlockSizeException( - "The length of the plaintext (" + inLength - + " bytes) is not supported by " - + "the cipher (max. " + maxPlainTextSize - + " bytes)."); - } - } - else if (opMode == DECRYPT_MODE) - { - if (inLength != cipherTextSize) - { - throw new IllegalBlockSizeException( - "Illegal ciphertext length (expected " + cipherTextSize - + " bytes, was " + inLength + " bytes)."); - } - } - - } - - /** - * Initialize the AsymmetricBlockCipher with a certain key for data - * encryption. - * - * @param key the key which has to be used to encrypt data - * @param params the algorithm parameters - * @param sr the source of randomness - * @throws InvalidKeyException if the given key is inappropriate for initializing this - * cipher. - * @throws InvalidAlgorithmParameterException if the given parameters are inappropriate for - * initializing this cipher. - */ - protected abstract void initCipherEncrypt(Key key, - AlgorithmParameterSpec params, SecureRandom sr) - throws InvalidKeyException, InvalidAlgorithmParameterException; - - /** - * Initialize the AsymmetricBlockCipher with a certain key for data - * encryption. - * - * @param key the key which has to be used to decrypt data - * @param params the algorithm parameters - * @throws InvalidKeyException if the given key is inappropriate for initializing this - * cipher - * @throws InvalidAlgorithmParameterException if the given parameters are inappropriate for - * initializing this cipher. - */ - protected abstract void initCipherDecrypt(Key key, - AlgorithmParameterSpec params) - throws InvalidKeyException, - InvalidAlgorithmParameterException; - - /** - * Encrypt the message stored in input. The method should also perform an - * additional length check. - * - * @param input the message to be encrypted (usually the message length is - * less than or equal to maxPlainTextSize) - * @return the encrypted message (it has length equal to maxCipherTextSize_) - * @throws IllegalBlockSizeException if the input is inappropriate for this cipher. - * @throws BadPaddingException if the input format is invalid. - */ - protected abstract byte[] messageEncrypt(byte[] input) - throws IllegalBlockSizeException, BadPaddingException; - - /** - * Decrypt the ciphertext stored in input. The method should also perform an - * additional length check. - * - * @param input the ciphertext to be decrypted (the ciphertext length is - * less than or equal to maxCipherTextSize) - * @return the decrypted message - * @throws IllegalBlockSizeException if the input is inappropriate for this cipher. - * @throws BadPaddingException if the input format is invalid. - */ - protected abstract byte[] messageDecrypt(byte[] input) - throws IllegalBlockSizeException, BadPaddingException; - -} diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/util/AsymmetricHybridCipher.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/util/AsymmetricHybridCipher.java deleted file mode 100644 index 17b8811b..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/util/AsymmetricHybridCipher.java +++ /dev/null @@ -1,397 +0,0 @@ -package org.bouncycastle.pqc.jcajce.provider.util; - -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.InvalidParameterException; -import java.security.Key; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.BadPaddingException; -import javax.crypto.ShortBufferException; - -/** - * The AsymmetricHybridCipher class extends CipherSpiExt. - * NOTE: Some Ciphers are using Padding. OneAndZeroesPadding is used as default - * padding. However padding can still be specified, but mode is not supported; - * if you try to instantiate the cipher with something else than "NONE" as mode, - * NoSuchAlgorithmException is thrown. - */ -public abstract class AsymmetricHybridCipher - extends CipherSpiExt -{ - - /** - * ParameterSpec used with this cipher - */ - protected AlgorithmParameterSpec paramSpec; - - /** - * Since asymmetric hybrid ciphers do not support modes, this method does - * nothing. - * - * @param modeName the cipher mode (unused) - */ - protected final void setMode(String modeName) - { - // empty - } - - /** - * Since asymmetric hybrid ciphers do not support padding, this method does - * nothing. - * - * @param paddingName the name of the padding scheme (not used) - */ - protected final void setPadding(String paddingName) - { - // empty - } - - /** - * @return <tt>null</tt> since no initialization vector is used. - */ - public final byte[] getIV() - { - return null; - } - - /** - * @return 0 since the implementing algorithms are not block ciphers - */ - public final int getBlockSize() - { - return 0; - } - - /** - * Return the parameters used with this cipher. - * <p/> - * The returned parameters may be the same that were used to initialize this - * cipher, or may contain the default set of parameters or a set of randomly - * generated parameters used by the underlying cipher implementation - * (provided that the underlying cipher implementation uses a default set of - * parameters or creates new parameters if it needs parameters but was not - * initialized with any). - * - * @return the parameters used with this cipher, or <tt>null</tt> if this - * cipher does not use any parameters. - */ - public final AlgorithmParameterSpec getParameters() - { - return paramSpec; - } - - /** - * Return the length in bytes that an output buffer would need to be in - * order to hold the result of the next update or doFinal operation, given - * the input length <tt>inLen</tt> (in bytes). This call takes into - * account any unprocessed (buffered) data from a previous update call, and - * padding. The actual output length of the next update() or doFinal() call - * may be smaller than the length returned by this method. - * - * @param inLen the length of the input - * @return the length of the output of the next <tt>update()</tt> or - * <tt>doFinal()</tt> call - */ - public final int getOutputSize(int inLen) - { - return opMode == ENCRYPT_MODE ? encryptOutputSize(inLen) - : decryptOutputSize(inLen); - } - - /** - * Initialize the cipher for encryption by forwarding it to - * {@link #initEncrypt(Key, AlgorithmParameterSpec, SecureRandom)}. - * <p/> - * If this cipher requires any algorithm parameters that cannot be derived - * from the given key, the underlying cipher implementation is supposed to - * generate the required parameters itself (using provider-specific default - * or random values) if it is being initialized for encryption, and raise an - * InvalidKeyException if it is being initialized for decryption. The - * generated parameters can be retrieved using {@link #getParameters()}. - * - * @param key the encryption key - * @throws InvalidKeyException if the given key is inappropriate for initializing this - * cipher. - * @throws InvalidParameterException if this cipher needs algorithm parameters for - * initialization and cannot generate parameters itself. - */ - public final void initEncrypt(Key key) - throws InvalidKeyException - { - try - { - initEncrypt(key, null, new SecureRandom()); - } - catch (InvalidAlgorithmParameterException e) - { - throw new InvalidParameterException( - "This cipher needs algorithm parameters for initialization (cannot be null)."); - } - } - - /** - * Initialize this cipher for encryption by forwarding it to - * {@link #initEncrypt(Key, AlgorithmParameterSpec, SecureRandom)}. - * <p/> - * If this cipher requires any algorithm parameters that cannot be derived - * from the given key, the underlying cipher implementation is supposed to - * generate the required parameters itself (using provider-specific default - * or random values) if it is being initialized for encryption, and raise an - * InvalidKeyException if it is being initialized for decryption. The - * generated parameters can be retrieved using {@link #getParameters()}. - * - * @param key the encryption key - * @param random the source of randomness - * @throws InvalidKeyException if the given key is inappropriate for initializing this - * cipher. - * @throws InvalidParameterException if this cipher needs algorithm parameters for - * initialization and cannot generate parameters itself. - */ - public final void initEncrypt(Key key, SecureRandom random) - throws InvalidKeyException - { - try - { - initEncrypt(key, null, random); - } - catch (InvalidAlgorithmParameterException iape) - { - throw new InvalidParameterException( - "This cipher needs algorithm parameters for initialization (cannot be null)."); - } - } - - /** - * Initialize the cipher for encryption by forwarding it to initEncrypt(Key, - * FlexiSecureRandom, AlgorithmParameterSpec). - * - * @param key the encryption key - * @param params the algorithm parameters - * @throws InvalidKeyException if the given key is inappropriate for initializing this - * cipher. - * @throws InvalidAlgorithmParameterException if the given algorithm parameters are inappropriate for - * this cipher, or if this cipher is initialized with - * <tt>null</tt> parameters and cannot generate parameters - * itself. - */ - public final void initEncrypt(Key key, AlgorithmParameterSpec params) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - initEncrypt(key, params, new SecureRandom()); - } - - /** - * Initialize the cipher with a certain key for data encryption. - * <p/> - * If this cipher requires any random bytes (e.g., for parameter - * generation), it will get them from <tt>random</tt>. - * <p/> - * Note that when a Cipher object is initialized, it loses all - * previously-acquired state. In other words, initializing a Cipher is - * equivalent to creating a new instance of that Cipher and initializing it. - * - * @param key the encryption key - * @param random the source of randomness - * @param params the algorithm parameters - * @throws InvalidKeyException if the given key is inappropriate for initializing this - * cipher - * @throws InvalidAlgorithmParameterException if the given algorithm parameters are inappropriate for - * this cipher, or if this cipher is initialized with - * <tt>null</tt> parameters and cannot generate parameters - * itself. - */ - public final void initEncrypt(Key key, AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidKeyException, - InvalidAlgorithmParameterException - { - opMode = ENCRYPT_MODE; - initCipherEncrypt(key, params, random); - } - - /** - * Initialize the cipher for decryption by forwarding it to initDecrypt(Key, - * FlexiSecureRandom). - * <p/> - * If this cipher requires any algorithm parameters that cannot be derived - * from the given key, the underlying cipher implementation is supposed to - * generate the required parameters itself (using provider-specific default - * or random values) if it is being initialized for encryption, and raise an - * InvalidKeyException if it is being initialized for decryption. The - * generated parameters can be retrieved using {@link #getParameters()}. - * - * @param key the decryption key - * @throws InvalidKeyException if the given key is inappropriate for initializing this - * cipher. - */ - public final void initDecrypt(Key key) - throws InvalidKeyException - { - try - { - initDecrypt(key, null); - } - catch (InvalidAlgorithmParameterException iape) - { - throw new InvalidParameterException( - "This cipher needs algorithm parameters for initialization (cannot be null)."); - } - } - - /** - * Initialize the cipher with a certain key for data decryption. - * <p/> - * If this cipher requires any random bytes (e.g., for parameter - * generation), it will get them from <tt>random</tt>. - * <p/> - * Note that when a Cipher object is initialized, it loses all - * previously-acquired state. In other words, initializing a Cipher is - * equivalent to creating a new instance of that Cipher and initializing it - * - * @param key the decryption key - * @param params the algorithm parameters - * @throws InvalidKeyException if the given key is inappropriate for initializing this - * cipher - * @throws InvalidAlgorithmParameterException if the given algorithm parameters are inappropriate for - * this cipher, or if this cipher is initialized with - * <tt>null</tt> parameters and cannot generate parameters - * itself. - */ - public final void initDecrypt(Key key, AlgorithmParameterSpec params) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - opMode = DECRYPT_MODE; - initCipherDecrypt(key, params); - } - - /** - * Continue a multiple-part encryption or decryption operation (depending on - * how this cipher was initialized), processing another data part. - * - * @param input the input buffer - * @param inOff the offset where the input starts - * @param inLen the input length - * @return a new buffer with the result (maybe an empty byte array) - */ - public abstract byte[] update(byte[] input, int inOff, int inLen); - - /** - * Continue a multiple-part encryption or decryption operation (depending on - * how this cipher was initialized), processing another data part. - * - * @param input the input buffer - * @param inOff the offset where the input starts - * @param inLen the input length - * @param output the output buffer - * @param outOff the offset where the result is stored - * @return the length of the output - * @throws ShortBufferException if the output buffer is too small to hold the result. - */ - public final int update(byte[] input, int inOff, int inLen, byte[] output, - int outOff) - throws ShortBufferException - { - if (output.length < getOutputSize(inLen)) - { - throw new ShortBufferException("output"); - } - byte[] out = update(input, inOff, inLen); - System.arraycopy(out, 0, output, outOff, out.length); - return out.length; - } - - /** - * Finish a multiple-part encryption or decryption operation (depending on - * how this cipher was initialized). - * - * @param input the input buffer - * @param inOff the offset where the input starts - * @param inLen the input length - * @return a new buffer with the result - * @throws BadPaddingException if the ciphertext is invalid. - */ - public abstract byte[] doFinal(byte[] input, int inOff, int inLen) - throws BadPaddingException; - - /** - * Finish a multiple-part encryption or decryption operation (depending on - * how this cipher was initialized). - * - * @param input the input buffer - * @param inOff the offset where the input starts - * @param inLen the input length - * @param output the buffer for the result - * @param outOff the offset where the result is stored - * @return the output length - * @throws ShortBufferException if the output buffer is too small to hold the result. - * @throws BadPaddingException if the ciphertext is invalid. - */ - public final int doFinal(byte[] input, int inOff, int inLen, byte[] output, - int outOff) - throws ShortBufferException, BadPaddingException - { - - if (output.length < getOutputSize(inLen)) - { - throw new ShortBufferException("Output buffer too short."); - } - byte[] out = doFinal(input, inOff, inLen); - System.arraycopy(out, 0, output, outOff, out.length); - return out.length; - } - - /** - * Compute the output size of an update() or doFinal() operation of a hybrid - * asymmetric cipher in encryption mode when given input of the specified - * length. - * - * @param inLen the length of the input - * @return the output size - */ - protected abstract int encryptOutputSize(int inLen); - - /** - * Compute the output size of an update() or doFinal() operation of a hybrid - * asymmetric cipher in decryption mode when given input of the specified - * length. - * - * @param inLen the length of the input - * @return the output size - */ - protected abstract int decryptOutputSize(int inLen); - - /** - * Initialize the AsymmetricHybridCipher with a certain key for data - * encryption. - * - * @param key the key which has to be used to encrypt data - * @param params the algorithm parameters - * @param sr the source of randomness - * @throws InvalidKeyException if the given key is inappropriate for initializing this - * cipher. - * @throws InvalidAlgorithmParameterException if the given parameters are inappropriate for - * initializing this cipher. - */ - protected abstract void initCipherEncrypt(Key key, - AlgorithmParameterSpec params, SecureRandom sr) - throws InvalidKeyException, InvalidAlgorithmParameterException; - - /** - * Initialize the AsymmetricHybridCipher with a certain key for data - * encryption. - * - * @param key the key which has to be used to decrypt data - * @param params the algorithm parameters - * @throws InvalidKeyException if the given key is inappropriate for initializing this - * cipher - * @throws InvalidAlgorithmParameterException if the given parameters are inappropriate for - * initializing this cipher. - */ - protected abstract void initCipherDecrypt(Key key, - AlgorithmParameterSpec params) - throws InvalidKeyException, - InvalidAlgorithmParameterException; - -} diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/util/CipherSpiExt.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/util/CipherSpiExt.java deleted file mode 100644 index 3f4c8fcc..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/util/CipherSpiExt.java +++ /dev/null @@ -1,635 +0,0 @@ -package org.bouncycastle.pqc.jcajce.provider.util; - - -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.InvalidParameterException; -import java.security.Key; -import java.security.NoSuchAlgorithmException; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.BadPaddingException; -import javax.crypto.CipherSpi; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.ShortBufferException; - -/** - * The CipherSpiExt class extends CipherSpi. - */ -public abstract class CipherSpiExt - extends CipherSpi -{ - - /** - * Constant specifying encrypt mode. - */ - public static final int ENCRYPT_MODE = javax.crypto.Cipher.ENCRYPT_MODE; - - /** - * Constant specifying decrypt mode. - */ - public static final int DECRYPT_MODE = javax.crypto.Cipher.DECRYPT_MODE; - - /** - * The operation mode for this cipher ({@link #ENCRYPT_MODE} or - * {@link #DECRYPT_MODE}). - */ - protected int opMode; - - // **************************************************** - // JCA adapter methods - // **************************************************** - - /** - * Initialize this cipher object with a proper key and some random seed. - * Before a cipher object is ready for data processing, it has to be - * initialized according to the desired cryptographic operation, which is - * specified by the <tt>opMode</tt> parameter. - * <p/> - * If this cipher (including its underlying mode or padding scheme) requires - * any random bytes, it will obtain them from <tt>random</tt>. - * <p/> - * Note: If the mode needs an initialization vector, a blank array is used - * in this case. - * - * @param opMode the operation mode ({@link #ENCRYPT_MODE} or - * {@link #DECRYPT_MODE}) - * @param key the key - * @param random the random seed - * @throws java.security.InvalidKeyException if the key is inappropriate for initializing this cipher. - */ - protected final void engineInit(int opMode, java.security.Key key, - java.security.SecureRandom random) - throws java.security.InvalidKeyException - { - - try - { - engineInit(opMode, key, - (java.security.spec.AlgorithmParameterSpec)null, random); - } - catch (java.security.InvalidAlgorithmParameterException e) - { - throw new InvalidParameterException(e.getMessage()); - } - } - - /** - * Initialize this cipher with a key, a set of algorithm parameters, and a - * source of randomness. The cipher is initialized for encryption or - * decryption, depending on the value of <tt>opMode</tt>. - * <p/> - * If this cipher (including its underlying mode or padding scheme) requires - * any random bytes, it will obtain them from <tt>random</tt>. Note that - * when a {@link BlockCipher} object is initialized, it loses all - * previously-acquired state. In other words, initializing a Cipher is - * equivalent to creating a new instance of that Cipher and initializing it. - * <p/> - * Note: If the mode needs an initialization vector, a try to retrieve it - * from the AlgorithmParametersSpec is made. - * - * @param opMode the operation mode ({@link #ENCRYPT_MODE} or - * {@link #DECRYPT_MODE}) - * @param key the key - * @param algParams the algorithm parameters - * @param random the random seed - * @throws java.security.InvalidKeyException if the key is inappropriate for initializing this block - * cipher. - * @throws java.security.InvalidAlgorithmParameterException if the parameters are inappropriate for initializing this - * block cipher. - */ - protected final void engineInit(int opMode, java.security.Key key, - java.security.AlgorithmParameters algParams, - java.security.SecureRandom random) - throws java.security.InvalidKeyException, - java.security.InvalidAlgorithmParameterException - { - - // if algParams are not specified, initialize without them - if (algParams == null) - { - engineInit(opMode, key, random); - return; - } - - AlgorithmParameterSpec paramSpec = null; - // XXX getting AlgorithmParameterSpec from AlgorithmParameters - - engineInit(opMode, key, paramSpec, random); - } - - /** - * Initialize this cipher with a key, a set of algorithm parameters, and a - * source of randomness. The cipher is initialized for one of the following - * four operations: encryption, decryption, key wrapping or key unwrapping, - * depending on the value of opMode. If this cipher (including its - * underlying feedback or padding scheme) requires any random bytes (e.g., - * for parameter generation), it will get them from random. Note that when a - * Cipher object is initialized, it loses all previously-acquired state. In - * other words, initializing a Cipher is equivalent to creating a new - * instance of that Cipher and initializing it. - * - * @param opMode the operation mode ({@link #ENCRYPT_MODE} or - * {@link #DECRYPT_MODE}) - * @param key the encryption key - * @param params the algorithm parameters - * @param javaRand the source of randomness - * @throws java.security.InvalidKeyException if the given key is inappropriate for initializing this - * cipher - * @throws java.security.InvalidAlgorithmParameterException if the given algorithm parameters are inappropriate for - * this cipher, or if this cipher is being initialized for - * decryption and requires algorithm parameters and the - * parameters are null. - */ - protected void engineInit(int opMode, java.security.Key key, - java.security.spec.AlgorithmParameterSpec params, - java.security.SecureRandom javaRand) - throws java.security.InvalidKeyException, - java.security.InvalidAlgorithmParameterException - { - - if ((params != null) && !(params instanceof AlgorithmParameterSpec)) - { - throw new java.security.InvalidAlgorithmParameterException(); - } - - if ((key == null) || !(key instanceof Key)) - { - throw new java.security.InvalidKeyException(); - } - - this.opMode = opMode; - - if (opMode == ENCRYPT_MODE) - { - SecureRandom flexiRand = javaRand; - initEncrypt((Key)key, (AlgorithmParameterSpec)params, flexiRand); - - } - else if (opMode == DECRYPT_MODE) - { - initDecrypt((Key)key, (AlgorithmParameterSpec)params); - - } - } - - /** - * Return the result of the last step of a multi-step en-/decryption - * operation or the result of a single-step en-/decryption operation by - * processing the given input data and any remaining buffered data. The data - * to be processed is given in an input byte array. Beginning at - * inputOffset, only the first inputLen bytes are en-/decrypted, including - * any buffered bytes of a previous update operation. If necessary, padding - * is performed. The result is returned as a output byte array. - * - * @param input the byte array holding the data to be processed - * @param inOff the offset indicating the start position within the input - * byte array - * @param inLen the number of bytes to be processed - * @return the byte array containing the en-/decrypted data - * @throws javax.crypto.IllegalBlockSizeException if the ciphertext length is not a multiple of the - * blocklength. - * @throws javax.crypto.BadPaddingException if unpadding is not possible. - */ - protected final byte[] engineDoFinal(byte[] input, int inOff, int inLen) - throws javax.crypto.IllegalBlockSizeException, - javax.crypto.BadPaddingException - { - return doFinal(input, inOff, inLen); - } - - /** - * Perform the last step of a multi-step en-/decryption operation or a - * single-step en-/decryption operation by processing the given input data - * and any remaining buffered data. The data to be processed is given in an - * input byte array. Beginning at inputOffset, only the first inputLen bytes - * are en-/decrypted, including any buffered bytes of a previous update - * operation. If necessary, padding is performed. The result is stored in - * the given output byte array, beginning at outputOffset. The number of - * bytes stored in this byte array are returned. - * - * @param input the byte array holding the data to be processed - * @param inOff the offset indicating the start position within the input - * byte array - * @param inLen the number of bytes to be processed - * @param output the byte array for holding the result - * @param outOff the offset indicating the start position within the output - * byte array to which the en/decrypted data is written - * @return the number of bytes stored in the output byte array - * @throws javax.crypto.ShortBufferException if the output buffer is too short to hold the output. - * @throws javax.crypto.IllegalBlockSizeException if the ciphertext length is not a multiple of the - * blocklength. - * @throws javax.crypto.BadPaddingException if unpadding is not possible. - */ - protected final int engineDoFinal(byte[] input, int inOff, int inLen, - byte[] output, int outOff) - throws javax.crypto.ShortBufferException, - javax.crypto.IllegalBlockSizeException, - javax.crypto.BadPaddingException - { - return doFinal(input, inOff, inLen, output, outOff); - } - - /** - * @return the block size (in bytes), or 0 if the underlying algorithm is - * not a block cipher - */ - protected final int engineGetBlockSize() - { - return getBlockSize(); - } - - /** - * Return the key size of the given key object in bits. - * - * @param key the key object - * @return the key size in bits of the given key object - * @throws java.security.InvalidKeyException if key is invalid. - */ - protected final int engineGetKeySize(java.security.Key key) - throws java.security.InvalidKeyException - { - if (!(key instanceof Key)) - { - throw new java.security.InvalidKeyException("Unsupported key."); - } - return getKeySize((Key)key); - } - - /** - * Return the initialization vector. This is useful in the context of - * password-based encryption or decryption, where the IV is derived from a - * user-provided passphrase. - * - * @return the initialization vector in a new buffer, or <tt>null</tt> if - * the underlying algorithm does not use an IV, or if the IV has not - * yet been set. - */ - protected final byte[] engineGetIV() - { - return getIV(); - } - - /** - * Return the length in bytes that an output buffer would need to be in - * order to hold the result of the next update or doFinal operation, given - * the input length inputLen (in bytes). - * <p/> - * This call takes into account any unprocessed (buffered) data from a - * previous update call, and padding. - * <p/> - * The actual output length of the next update or doFinal call may be - * smaller than the length returned by this method. - * - * @param inLen the input length (in bytes) - * @return the required output buffer size (in bytes) - */ - protected final int engineGetOutputSize(int inLen) - { - return getOutputSize(inLen); - } - - /** - * Returns the parameters used with this cipher. - * <p/> - * The returned parameters may be the same that were used to initialize this - * cipher, or may contain the default set of parameters or a set of randomly - * generated parameters used by the underlying cipher implementation - * (provided that the underlying cipher implementation uses a default set of - * parameters or creates new parameters if it needs parameters but was not - * initialized with any). - * - * @return the parameters used with this cipher, or null if this cipher does - * not use any parameters. - */ - protected final java.security.AlgorithmParameters engineGetParameters() - { - // TODO - return null; - } - - /** - * Set the mode of this cipher. - * - * @param modeName the cipher mode - * @throws java.security.NoSuchAlgorithmException if neither the mode with the given name nor the default - * mode can be found - */ - protected final void engineSetMode(String modeName) - throws java.security.NoSuchAlgorithmException - { - setMode(modeName); - } - - /** - * Set the padding scheme of this cipher. - * - * @param paddingName the padding scheme - * @throws javax.crypto.NoSuchPaddingException if the requested padding scheme cannot be found. - */ - protected final void engineSetPadding(String paddingName) - throws javax.crypto.NoSuchPaddingException - { - setPadding(paddingName); - } - - /** - * Return the result of the next step of a multi-step en-/decryption - * operation. The data to be processed is given in an input byte array. - * Beginning at inputOffset, only the first inputLen bytes are - * en-/decrypted. The result is returned as a byte array. - * - * @param input the byte array holding the data to be processed - * @param inOff the offset indicating the start position within the input - * byte array - * @param inLen the number of bytes to be processed - * @return the byte array containing the en-/decrypted data - */ - protected final byte[] engineUpdate(byte[] input, int inOff, int inLen) - { - return update(input, inOff, inLen); - } - - /** - * Perform the next step of a multi-step en-/decryption operation. The data - * to be processed is given in an input byte array. Beginning at - * inputOffset, only the first inputLen bytes are en-/decrypted. The result - * is stored in the given output byte array, beginning at outputOffset. The - * number of bytes stored in this output byte array are returned. - * - * @param input the byte array holding the data to be processed - * @param inOff the offset indicating the start position within the input - * byte array - * @param inLen the number of bytes to be processed - * @param output the byte array for holding the result - * @param outOff the offset indicating the start position within the output - * byte array to which the en-/decrypted data is written - * @return the number of bytes that are stored in the output byte array - * @throws javax.crypto.ShortBufferException if the output buffer is too short to hold the output. - */ - protected final int engineUpdate(final byte[] input, final int inOff, - final int inLen, byte[] output, final int outOff) - throws javax.crypto.ShortBufferException - { - return update(input, inOff, inLen, output, outOff); - } - - /** - * Initialize this cipher with a key, a set of algorithm parameters, and a - * source of randomness for encryption. - * <p/> - * If this cipher requires any algorithm parameters and paramSpec is null, - * the underlying cipher implementation is supposed to generate the required - * parameters itself (using provider-specific default or random values) if - * it is being initialized for encryption, and raise an - * InvalidAlgorithmParameterException if it is being initialized for - * decryption. The generated parameters can be retrieved using - * engineGetParameters or engineGetIV (if the parameter is an IV). - * <p/> - * If this cipher (including its underlying feedback or padding scheme) - * requires any random bytes (e.g., for parameter generation), it will get - * them from random. - * <p/> - * Note that when a {@link BlockCipher} object is initialized, it loses all - * previously-acquired state. In other words, initializing a Cipher is - * equivalent to creating a new instance of that Cipher and initializing it. - * - * @param key the encryption key - * @param cipherParams the cipher parameters - * @param random the source of randomness - * @throws InvalidKeyException if the given key is inappropriate for initializing this - * block cipher. - * @throws InvalidAlgorithmParameterException if the parameters are inappropriate for initializing this - * block cipher. - */ - public abstract void initEncrypt(Key key, - AlgorithmParameterSpec cipherParams, SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException; - - /** - * Initialize this cipher with a key, a set of algorithm parameters, and a - * source of randomness for decryption. - * <p/> - * If this cipher requires any algorithm parameters and paramSpec is null, - * the underlying cipher implementation is supposed to generate the required - * parameters itself (using provider-specific default or random values) if - * it is being initialized for encryption, and throw an - * {@link InvalidAlgorithmParameterException} if it is being initialized for - * decryption. The generated parameters can be retrieved using - * engineGetParameters or engineGetIV (if the parameter is an IV). - * <p/> - * If this cipher (including its underlying feedback or padding scheme) - * requires any random bytes (e.g., for parameter generation), it will get - * them from random. - * <p/> - * Note that when a {@link BlockCipher} object is initialized, it loses all - * previously-acquired state. In other words, initializing a Cipher is - * equivalent to creating a new instance of that Cipher and initializing it. - * - * @param key the encryption key - * @param cipherParams the cipher parameters - * @throws InvalidKeyException if the given key is inappropriate for initializing this - * block cipher. - * @throws InvalidAlgorithmParameterException if the parameters are inappropriate for initializing this - * block cipher. - */ - public abstract void initDecrypt(Key key, - AlgorithmParameterSpec cipherParams) - throws InvalidKeyException, - InvalidAlgorithmParameterException; - - /** - * @return the name of this cipher - */ - public abstract String getName(); - - /** - * @return the block size (in bytes), or 0 if the underlying algorithm is - * not a block cipher - */ - public abstract int getBlockSize(); - - /** - * Returns the length in bytes that an output buffer would need to be in - * order to hold the result of the next update or doFinal operation, given - * the input length inputLen (in bytes). - * <p/> - * This call takes into account any unprocessed (buffered) data from a - * previous update call, and padding. - * <p/> - * The actual output length of the next update or doFinal call may be - * smaller than the length returned by this method. - * - * @param inputLen the input length (in bytes) - * @return the required output buffer size (in bytes) - */ - public abstract int getOutputSize(int inputLen); - - /** - * Return the key size of the given key object in bits. - * - * @param key the key object - * @return the key size in bits of the given key object - * @throws InvalidKeyException if key is invalid. - */ - public abstract int getKeySize(Key key) - throws InvalidKeyException; - - /** - * Returns the parameters used with this cipher. - * <p/> - * The returned parameters may be the same that were used to initialize this - * cipher, or may contain the default set of parameters or a set of randomly - * generated parameters used by the underlying cipher implementation - * (provided that the underlying cipher implementation uses a default set of - * parameters or creates new parameters if it needs parameters but was not - * initialized with any). - * - * @return the parameters used with this cipher, or null if this cipher does - * not use any parameters. - */ - public abstract AlgorithmParameterSpec getParameters(); - - /** - * Return the initialization vector. This is useful in the context of - * password-based encryption or decryption, where the IV is derived from a - * user-provided passphrase. - * - * @return the initialization vector in a new buffer, or <tt>null</tt> if - * the underlying algorithm does not use an IV, or if the IV has not - * yet been set. - */ - public abstract byte[] getIV(); - - /** - * Set the mode of this cipher. - * - * @param mode the cipher mode - * @throws NoSuchModeException if the requested mode cannot be found. - */ - protected abstract void setMode(String mode) - throws NoSuchAlgorithmException; - - /** - * Set the padding mechanism of this cipher. - * - * @param padding the padding mechanism - * @throws NoSuchPaddingException if the requested padding scheme cannot be found. - */ - protected abstract void setPadding(String padding) - throws NoSuchPaddingException; - - /** - * Continue a multiple-part encryption or decryption operation (depending on - * how this cipher was initialized), processing another data part. - * - * @param input the input buffer - * @return a new buffer with the result (maybe an empty byte array) - */ - public final byte[] update(byte[] input) - { - return update(input, 0, input.length); - } - - /** - * Continue a multiple-part encryption or decryption operation (depending on - * how this cipher was initialized), processing another data part. - * - * @param input the input buffer - * @param inOff the offset where the input starts - * @param inLen the input length - * @return a new buffer with the result (maybe an empty byte array) - */ - public abstract byte[] update(byte[] input, int inOff, int inLen); - - /** - * Continue a multiple-part encryption or decryption operation (depending on - * how this cipher was initialized), processing another data part. - * - * @param input the input buffer - * @param inOff the offset where the input starts - * @param inLen the input length - * @param output the output buffer - * @param outOff the offset where the result is stored - * @return the length of the output - * @throws ShortBufferException if the output buffer is too small to hold the result. - */ - public abstract int update(byte[] input, int inOff, int inLen, - byte[] output, int outOff) - throws ShortBufferException; - - /** - * Finish a multiple-part encryption or decryption operation (depending on - * how this cipher was initialized). - * - * @return a new buffer with the result - * @throws IllegalBlockSizeException if this cipher is a block cipher and the total input - * length is not a multiple of the block size (for - * encryption when no padding is used or for decryption). - * @throws BadPaddingException if this cipher is a block cipher and unpadding fails. - */ - public final byte[] doFinal() - throws IllegalBlockSizeException, - BadPaddingException - { - return doFinal(null, 0, 0); - } - - /** - * Finish a multiple-part encryption or decryption operation (depending on - * how this cipher was initialized). - * - * @param input the input buffer - * @return a new buffer with the result - * @throws IllegalBlockSizeException if this cipher is a block cipher and the total input - * length is not a multiple of the block size (for - * encryption when no padding is used or for decryption). - * @throws BadPaddingException if this cipher is a block cipher and unpadding fails. - */ - public final byte[] doFinal(byte[] input) - throws IllegalBlockSizeException, - BadPaddingException - { - return doFinal(input, 0, input.length); - } - - /** - * Finish a multiple-part encryption or decryption operation (depending on - * how this cipher was initialized). - * - * @param input the input buffer - * @param inOff the offset where the input starts - * @param inLen the input length - * @return a new buffer with the result - * @throws IllegalBlockSizeException if this cipher is a block cipher and the total input - * length is not a multiple of the block size (for - * encryption when no padding is used or for decryption). - * @throws BadPaddingException if this cipher is a block cipher and unpadding fails. - */ - public abstract byte[] doFinal(byte[] input, int inOff, int inLen) - throws IllegalBlockSizeException, BadPaddingException; - - /** - * Finish a multiple-part encryption or decryption operation (depending on - * how this cipher was initialized). - * - * @param input the input buffer - * @param inOff the offset where the input starts - * @param inLen the input length - * @param output the buffer for the result - * @param outOff the offset where the result is stored - * @return the output length - * @throws ShortBufferException if the output buffer is too small to hold the result. - * @throws IllegalBlockSizeException if this cipher is a block cipher and the total input - * length is not a multiple of the block size (for - * encryption when no padding is used or for decryption). - * @throws BadPaddingException if this cipher is a block cipher and unpadding fails. - */ - public abstract int doFinal(byte[] input, int inOff, int inLen, - byte[] output, int outOff) - throws ShortBufferException, - IllegalBlockSizeException, BadPaddingException; - -} diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/util/KeyUtil.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/util/KeyUtil.java deleted file mode 100644 index ba31e4d6..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/util/KeyUtil.java +++ /dev/null @@ -1,72 +0,0 @@ -package org.bouncycastle.pqc.jcajce.provider.util; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; - -public class KeyUtil -{ - public static byte[] getEncodedSubjectPublicKeyInfo(AlgorithmIdentifier algId, ASN1Encodable keyData) - { - try - { - return getEncodedSubjectPublicKeyInfo(new SubjectPublicKeyInfo(algId, keyData)); - } - catch (Exception e) - { - return null; - } - } - - public static byte[] getEncodedSubjectPublicKeyInfo(AlgorithmIdentifier algId, byte[] keyData) - { - try - { - return getEncodedSubjectPublicKeyInfo(new SubjectPublicKeyInfo(algId, keyData)); - } - catch (Exception e) - { - return null; - } - } - - public static byte[] getEncodedSubjectPublicKeyInfo(SubjectPublicKeyInfo info) - { - try - { - return info.getEncoded(ASN1Encoding.DER); - } - catch (Exception e) - { - return null; - } - } - - public static byte[] getEncodedPrivateKeyInfo(AlgorithmIdentifier algId, ASN1Encodable privKey) - { - try - { - PrivateKeyInfo info = new PrivateKeyInfo(algId, privKey.toASN1Primitive()); - - return getEncodedPrivateKeyInfo(info); - } - catch (Exception e) - { - return null; - } - } - - public static byte[] getEncodedPrivateKeyInfo(PrivateKeyInfo info) - { - try - { - return info.getEncoded(ASN1Encoding.DER); - } - catch (Exception e) - { - return null; - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/spec/ECCKeyGenParameterSpec.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/spec/ECCKeyGenParameterSpec.java deleted file mode 100644 index 517d9a0d..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/spec/ECCKeyGenParameterSpec.java +++ /dev/null @@ -1,192 +0,0 @@ -package org.bouncycastle.pqc.jcajce.spec; - -import java.security.InvalidParameterException; -import java.security.spec.AlgorithmParameterSpec; - -import org.bouncycastle.pqc.math.linearalgebra.PolynomialRingGF2; - -/** - * This class provides a specification for the parameters that are used by the - * McEliece, McElieceCCA2, and Niederreiter key pair generators. - * - * @see org.bouncycastle.pqc.ecc.mceliece.McElieceKeyPairGenerator - * @see org.bouncycastle.pqc.ecc.mceliece.McElieceCCA2KeyPairGenerator - * @see org.bouncycastle.pqc.ecc.niederreiter.NiederreiterKeyPairGenerator - */ -public class ECCKeyGenParameterSpec - implements AlgorithmParameterSpec -{ - - /** - * The default extension degree - */ - public static final int DEFAULT_M = 11; - - /** - * The default error correcting capability. - */ - public static final int DEFAULT_T = 50; - - /** - * extension degree of the finite field GF(2^m) - */ - private int m; - - /** - * error correction capability of the code - */ - private int t; - - /** - * length of the code - */ - private int n; - - /** - * the field polynomial - */ - private int fieldPoly; - - /** - * Constructor. Set the default parameters: extension degree. - */ - public ECCKeyGenParameterSpec() - { - this(DEFAULT_M, DEFAULT_T); - } - - /** - * Constructor. - * - * @param keysize the length of a Goppa code - * @throws InvalidParameterException if <tt>keysize < 1</tt>. - */ - public ECCKeyGenParameterSpec(int keysize) - throws InvalidParameterException - { - if (keysize < 1) - { - throw new InvalidParameterException("key size must be positive"); - } - m = 0; - n = 1; - while (n < keysize) - { - n <<= 1; - m++; - } - t = n >>> 1; - t /= m; - fieldPoly = PolynomialRingGF2.getIrreduciblePolynomial(m); - } - - /** - * Constructor. - * - * @param m degree of the finite field GF(2^m) - * @param t error correction capability of the code - * @throws InvalidParameterException if <tt>m < 1</tt> or <tt>m > 32</tt> or - * <tt>t < 0</tt> or <tt>t > n</tt>. - */ - public ECCKeyGenParameterSpec(int m, int t) - throws InvalidParameterException - { - if (m < 1) - { - throw new InvalidParameterException("m must be positive"); - } - if (m > 32) - { - throw new InvalidParameterException("m is too large"); - } - this.m = m; - n = 1 << m; - if (t < 0) - { - throw new InvalidParameterException("t must be positive"); - } - if (t > n) - { - throw new InvalidParameterException("t must be less than n = 2^m"); - } - this.t = t; - fieldPoly = PolynomialRingGF2.getIrreduciblePolynomial(m); - } - - /** - * Constructor. - * - * @param m degree of the finite field GF(2^m) - * @param t error correction capability of the code - * @param poly the field polynomial - * @throws InvalidParameterException if <tt>m < 1</tt> or <tt>m > 32</tt> or - * <tt>t < 0</tt> or <tt>t > n</tt> or - * <tt>poly</tt> is not an irreducible field polynomial. - */ - public ECCKeyGenParameterSpec(int m, int t, int poly) - throws InvalidParameterException - { - this.m = m; - if (m < 1) - { - throw new InvalidParameterException("m must be positive"); - } - if (m > 32) - { - throw new InvalidParameterException(" m is too large"); - } - this.n = 1 << m; - this.t = t; - if (t < 0) - { - throw new InvalidParameterException("t must be positive"); - } - if (t > n) - { - throw new InvalidParameterException("t must be less than n = 2^m"); - } - if ((PolynomialRingGF2.degree(poly) == m) - && (PolynomialRingGF2.isIrreducible(poly))) - { - this.fieldPoly = poly; - } - else - { - throw new InvalidParameterException( - "polynomial is not a field polynomial for GF(2^m)"); - } - } - - /** - * @return the extension degree of the finite field GF(2^m) - */ - public int getM() - { - return m; - } - - /** - * @return the length of the code - */ - public int getN() - { - return n; - } - - /** - * @return the error correction capability of the code - */ - public int getT() - { - return t; - } - - /** - * @return the field polynomial - */ - public int getFieldPoly() - { - return fieldPoly; - } - -} diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/spec/GMSSKeySpec.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/spec/GMSSKeySpec.java deleted file mode 100644 index 7e469f0e..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/spec/GMSSKeySpec.java +++ /dev/null @@ -1,29 +0,0 @@ -package org.bouncycastle.pqc.jcajce.spec; - -import java.security.spec.KeySpec; - -import org.bouncycastle.pqc.crypto.gmss.GMSSParameters; - -public class GMSSKeySpec - implements KeySpec -{ - /** - * The GMSSParameterSet - */ - private GMSSParameters gmssParameterSet; - - protected GMSSKeySpec(GMSSParameters gmssParameterSet) - { - this.gmssParameterSet = gmssParameterSet; - } - - /** - * Returns the GMSS parameter set - * - * @return The GMSS parameter set - */ - public GMSSParameters getParameters() - { - return gmssParameterSet; - } -} diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/spec/GMSSPrivateKeySpec.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/spec/GMSSPrivateKeySpec.java deleted file mode 100644 index 150e9dc5..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/spec/GMSSPrivateKeySpec.java +++ /dev/null @@ -1,353 +0,0 @@ -package org.bouncycastle.pqc.jcajce.spec; - -import java.security.spec.KeySpec; -import java.util.Vector; - -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.pqc.crypto.gmss.GMSSLeaf; -import org.bouncycastle.pqc.crypto.gmss.GMSSParameters; -import org.bouncycastle.pqc.crypto.gmss.GMSSRootCalc; -import org.bouncycastle.pqc.crypto.gmss.GMSSRootSig; -import org.bouncycastle.pqc.crypto.gmss.Treehash; -import org.bouncycastle.util.Arrays; - - -/** - * This class provides a specification for a GMSS private key. - */ -public class GMSSPrivateKeySpec - implements KeySpec -{ - - private int[] index; - - private byte[][] currentSeed; - private byte[][] nextNextSeed; - - private byte[][][] currentAuthPath; - private byte[][][] nextAuthPath; - - private Treehash[][] currentTreehash; - private Treehash[][] nextTreehash; - - private Vector[] currentStack; - private Vector[] nextStack; - - private Vector[][] currentRetain; - private Vector[][] nextRetain; - - private byte[][][] keep; - - private GMSSLeaf[] nextNextLeaf; - private GMSSLeaf[] upperLeaf; - private GMSSLeaf[] upperTreehashLeaf; - - private int[] minTreehash; - - private GMSSParameters gmssPS; - - private byte[][] nextRoot; - private GMSSRootCalc[] nextNextRoot; - - private byte[][] currentRootSig; - private GMSSRootSig[] nextRootSig; - - /** - * @param index tree indices - * @param currentSeed seed for the generation of private OTS keys for the - * current subtrees (TREE) - * @param nextNextSeed seed for the generation of private OTS keys for the - * subtrees after next (TREE++) - * @param currentAuthPath array of current authentication paths (AUTHPATH) - * @param nextAuthPath array of next authentication paths (AUTHPATH+) - * @param keep keep array for the authPath algorithm - * @param currentTreehash treehash for authPath algorithm of current tree - * @param nextTreehash treehash for authPath algorithm of next tree (TREE+) - * @param currentStack shared stack for authPath algorithm of current tree - * @param nextStack shared stack for authPath algorithm of next tree (TREE+) - * @param currentRetain retain stack for authPath algorithm of current tree - * @param nextRetain retain stack for authPath algorithm of next tree (TREE+) - * @param nextNextLeaf array of upcoming leafs of the tree after next (LEAF++) of - * each layer - * @param upperLeaf needed for precomputation of upper nodes - * @param upperTreehashLeaf needed for precomputation of upper treehash nodes - * @param minTreehash index of next treehash instance to receive an update - * @param nextRoot the roots of the next trees (ROOT+) - * @param nextNextRoot the roots of the tree after next (ROOT++) - * @param currentRootSig array of signatures of the roots of the current subtrees - * (SIG) - * @param nextRootSig array of signatures of the roots of the next subtree - * (SIG+) - * @param gmssParameterset the GMSS Parameterset - */ - public GMSSPrivateKeySpec(int[] index, byte[][] currentSeed, - byte[][] nextNextSeed, byte[][][] currentAuthPath, - byte[][][] nextAuthPath, Treehash[][] currentTreehash, - Treehash[][] nextTreehash, Vector[] currentStack, - Vector[] nextStack, Vector[][] currentRetain, - Vector[][] nextRetain, byte[][][] keep, GMSSLeaf[] nextNextLeaf, - GMSSLeaf[] upperLeaf, GMSSLeaf[] upperTreehashLeaf, - int[] minTreehash, byte[][] nextRoot, GMSSRootCalc[] nextNextRoot, - byte[][] currentRootSig, GMSSRootSig[] nextRootSig, - GMSSParameters gmssParameterset) - { - this.index = index; - this.currentSeed = currentSeed; - this.nextNextSeed = nextNextSeed; - this.currentAuthPath = currentAuthPath; - this.nextAuthPath = nextAuthPath; - this.currentTreehash = currentTreehash; - this.nextTreehash = nextTreehash; - this.currentStack = currentStack; - this.nextStack = nextStack; - this.currentRetain = currentRetain; - this.nextRetain = nextRetain; - this.keep = keep; - this.nextNextLeaf = nextNextLeaf; - this.upperLeaf = upperLeaf; - this.upperTreehashLeaf = upperTreehashLeaf; - this.minTreehash = minTreehash; - this.nextRoot = nextRoot; - this.nextNextRoot = nextNextRoot; - this.currentRootSig = currentRootSig; - this.nextRootSig = nextRootSig; - this.gmssPS = gmssParameterset; - } - - public int[] getIndex() - { - return Arrays.clone(index); - } - - public byte[][] getCurrentSeed() - { - return clone(currentSeed); - } - - public byte[][] getNextNextSeed() - { - return clone(nextNextSeed); - } - - public byte[][][] getCurrentAuthPath() - { - return clone(currentAuthPath); - } - - public byte[][][] getNextAuthPath() - { - return clone(nextAuthPath); - } - - public Treehash[][] getCurrentTreehash() - { - return clone(currentTreehash); - } - - public Treehash[][] getNextTreehash() - { - return clone(nextTreehash); - } - - public byte[][][] getKeep() - { - return clone(keep); - } - - public Vector[] getCurrentStack() - { - return clone(currentStack); - } - - public Vector[] getNextStack() - { - return clone(nextStack); - } - - public Vector[][] getCurrentRetain() - { - return clone(currentRetain); - } - - public Vector[][] getNextRetain() - { - return clone(nextRetain); - } - - public GMSSLeaf[] getNextNextLeaf() - { - return clone(nextNextLeaf); - } - - public GMSSLeaf[] getUpperLeaf() - { - return clone(upperLeaf); - } - - public GMSSLeaf[] getUpperTreehashLeaf() - { - return clone(upperTreehashLeaf); - } - - public int[] getMinTreehash() - { - return Arrays.clone(minTreehash); - } - - public GMSSRootSig[] getNextRootSig() - { - return clone(nextRootSig); - } - - public GMSSParameters getGmssPS() - { - return gmssPS; - } - - public byte[][] getNextRoot() - { - return clone(nextRoot); - } - - public GMSSRootCalc[] getNextNextRoot() - { - return clone(nextNextRoot); - } - - public byte[][] getCurrentRootSig() - { - return clone(currentRootSig); - } - - private static GMSSLeaf[] clone(GMSSLeaf[] data) - { - if (data == null) - { - return null; - } - GMSSLeaf[] copy = new GMSSLeaf[data.length]; - - System.arraycopy(data, 0, copy, 0, data.length); - - return copy; - } - - private static GMSSRootCalc[] clone(GMSSRootCalc[] data) - { - if (data == null) - { - return null; - } - GMSSRootCalc[] copy = new GMSSRootCalc[data.length]; - - System.arraycopy(data, 0, copy, 0, data.length); - - return copy; - } - - private static GMSSRootSig[] clone(GMSSRootSig[] data) - { - if (data == null) - { - return null; - } - GMSSRootSig[] copy = new GMSSRootSig[data.length]; - - System.arraycopy(data, 0, copy, 0, data.length); - - return copy; - } - - private static byte[][] clone(byte[][] data) - { - if (data == null) - { - return null; - } - byte[][] copy = new byte[data.length][]; - - for (int i = 0; i != data.length; i++) - { - copy[i] = Arrays.clone(data[i]); - } - - return copy; - } - - private static byte[][][] clone(byte[][][] data) - { - if (data == null) - { - return null; - } - byte[][][] copy = new byte[data.length][][]; - - for (int i = 0; i != data.length; i++) - { - copy[i] = clone(data[i]); - } - - return copy; - } - - private static Treehash[] clone(Treehash[] data) - { - if (data == null) - { - return null; - } - Treehash[] copy = new Treehash[data.length]; - - System.arraycopy(data, 0, copy, 0, data.length); - - return copy; - } - - private static Treehash[][] clone(Treehash[][] data) - { - if (data == null) - { - return null; - } - Treehash[][] copy = new Treehash[data.length][]; - - for (int i = 0; i != data.length; i++) - { - copy[i] = clone(data[i]); - } - - return copy; - } - - private static Vector[] clone(Vector[] data) - { - if (data == null) - { - return null; - } - Vector[] copy = new Vector[data.length]; - - for (int i = 0; i != data.length; i++) - { - copy[i] = new Vector(data[i]); - } - - return copy; - } - - private static Vector[][] clone(Vector[][] data) - { - if (data == null) - { - return null; - } - Vector[][] copy = new Vector[data.length][]; - - for (int i = 0; i != data.length; i++) - { - copy[i] = clone(data[i]); - } - - return copy; - } -}
\ No newline at end of file diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/spec/GMSSPublicKeySpec.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/spec/GMSSPublicKeySpec.java deleted file mode 100644 index 441febd6..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/spec/GMSSPublicKeySpec.java +++ /dev/null @@ -1,40 +0,0 @@ -package org.bouncycastle.pqc.jcajce.spec; - -import org.bouncycastle.pqc.crypto.gmss.GMSSParameters; - -/** - * This class provides a specification for a GMSS public key. - * - * @see org.bouncycastle.pqc.jcajce.provider.gmss.BCGMSSPublicKey - */ -public class GMSSPublicKeySpec - extends GMSSKeySpec -{ - /** - * The GMSS public key - */ - private byte[] gmssPublicKey; - - /** - * The constructor. - * - * @param key a raw GMSS public key - * @param gmssParameterSet an instance of GMSSParameterSet - */ - public GMSSPublicKeySpec(byte[] key, GMSSParameters gmssParameterSet) - { - super(gmssParameterSet); - - this.gmssPublicKey = key; - } - - /** - * Returns the GMSS public key - * - * @return The GMSS public key - */ - public byte[] getPublicKey() - { - return gmssPublicKey; - } -} diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/spec/McElieceCCA2ParameterSpec.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/spec/McElieceCCA2ParameterSpec.java deleted file mode 100644 index d98a8f5e..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/spec/McElieceCCA2ParameterSpec.java +++ /dev/null @@ -1,63 +0,0 @@ -package org.bouncycastle.pqc.jcajce.spec; - - -import java.security.spec.AlgorithmParameterSpec; - -/** - * This class provides a specification for the parameters of the CCA2-secure - * variants of the McEliece PKCS that are used with - * {@link McElieceFujisakiCipher}, {@link McElieceKobaraImaiCipher}, and - * {@link McEliecePointchevalCipher}. - * - * @see McElieceFujisakiCipher - * @see McElieceKobaraImaiCipher - * @see McEliecePointchevalCipher - */ -public class McElieceCCA2ParameterSpec - implements AlgorithmParameterSpec -{ - - /** - * The default message digest ("SHA256"). - */ - public static final String DEFAULT_MD = "SHA256"; - - private String mdName; - - /** - * Construct the default parameters. Choose the - */ - public McElieceCCA2ParameterSpec() - { - this(DEFAULT_MD); - } - - /** - * Constructor. - * - * @param mdName the name of the hash function - */ - public McElieceCCA2ParameterSpec(String mdName) - { - // check whether message digest is available - // TODO: this method not used! -// try { -// Registry.getMessageDigest(mdName); -// } catch (NoSuchAlgorithmException nsae) { -// throw new InvalidParameterException("Message digest '" + mdName -// + "' not found'."); -// } - - // assign message digest name - this.mdName = mdName; - } - - /** - * @return the name of the hash function - */ - public String getMDName() - { - return mdName; - } - -} diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/spec/McElieceCCA2PrivateKeySpec.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/spec/McElieceCCA2PrivateKeySpec.java deleted file mode 100644 index efb27b5b..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/spec/McElieceCCA2PrivateKeySpec.java +++ /dev/null @@ -1,161 +0,0 @@ -package org.bouncycastle.pqc.jcajce.spec; - -import java.security.spec.KeySpec; - -import org.bouncycastle.pqc.math.linearalgebra.GF2Matrix; -import org.bouncycastle.pqc.math.linearalgebra.GF2mField; -import org.bouncycastle.pqc.math.linearalgebra.Permutation; -import org.bouncycastle.pqc.math.linearalgebra.PolynomialGF2mSmallM; - -/** - * This class provides a specification for a McEliece CCA2 private key. - * - * @see JDKMcElieceCCA2PrivateKey - */ -public class McElieceCCA2PrivateKeySpec - implements KeySpec -{ - - // the OID of the algorithm - private String oid; - - // the length of the code - private int n; - - // the dimension of the code - private int k; - - // the finte field GF(2^m) - private GF2mField field; - - // the irreducible Goppa polynomial - private PolynomialGF2mSmallM goppaPoly; - - // the permutation - private Permutation p; - - // the canonical check matrix - private GF2Matrix h; - - // the matrix used to compute square roots in (GF(2^m))^t - private PolynomialGF2mSmallM[] qInv; - - /** - * Constructor. - * - * @param n the length of the code - * @param k the dimension of the code - * @param field the finite field <tt>GF(2<sup>m</sup>)</tt> - * @param gp the irreducible Goppa polynomial - * @param p the permutation - * @param h the canonical check matrix - * @param qInv the matrix used to compute square roots in - * <tt>(GF(2^m))^t</tt> - */ - public McElieceCCA2PrivateKeySpec(String oid, int n, int k, GF2mField field, - PolynomialGF2mSmallM gp, Permutation p, GF2Matrix h, - PolynomialGF2mSmallM[] qInv) - { - this.oid = oid; - this.n = n; - this.k = k; - this.field = field; - this.goppaPoly = gp; - this.p = p; - this.h = h; - this.qInv = qInv; - } - - /** - * Constructor used by the {@link McElieceKeyFactory}. - * - * @param n the length of the code - * @param k the dimension of the code - * @param encFieldPoly the encoded field polynomial defining the finite field - * <tt>GF(2<sup>m</sup>)</tt> - * @param encGoppaPoly the encoded irreducible Goppa polynomial - * @param encP the encoded permutation - * @param encH the encoded canonical check matrix - * @param encQInv the encoded matrix used to compute square roots in - * <tt>(GF(2^m))^t</tt> - */ - public McElieceCCA2PrivateKeySpec(String oid, int n, int k, byte[] encFieldPoly, - byte[] encGoppaPoly, byte[] encP, byte[] encH, byte[][] encQInv) - { - this.oid = oid; - this.n = n; - this.k = k; - field = new GF2mField(encFieldPoly); - goppaPoly = new PolynomialGF2mSmallM(field, encGoppaPoly); - p = new Permutation(encP); - h = new GF2Matrix(encH); - qInv = new PolynomialGF2mSmallM[encQInv.length]; - for (int i = 0; i < encQInv.length; i++) - { - qInv[i] = new PolynomialGF2mSmallM(field, encQInv[i]); - } - } - - /** - * @return the length of the code - */ - public int getN() - { - return n; - } - - /** - * @return the dimension of the code - */ - public int getK() - { - return k; - } - - /** - * @return the finite field - */ - public GF2mField getField() - { - return field; - } - - /** - * @return the irreducible Goppa polynomial - */ - public PolynomialGF2mSmallM getGoppaPoly() - { - return goppaPoly; - } - - /** - * @return the permutation P - */ - public Permutation getP() - { - return p; - } - - /** - * @return the canonical check matrix H - */ - public GF2Matrix getH() - { - return h; - } - - /** - * @return the matrix used to compute square roots in <tt>(GF(2^m))^t</tt> - */ - public PolynomialGF2mSmallM[] getQInv() - { - return qInv; - } - - public String getOIDString() - { - return oid; - - } - -} diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/spec/McElieceCCA2PublicKeySpec.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/spec/McElieceCCA2PublicKeySpec.java deleted file mode 100644 index 88a60b99..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/spec/McElieceCCA2PublicKeySpec.java +++ /dev/null @@ -1,88 +0,0 @@ -package org.bouncycastle.pqc.jcajce.spec; - -import java.security.spec.KeySpec; - -import org.bouncycastle.pqc.math.linearalgebra.GF2Matrix; - - -/** - * This class provides a specification for a McEliece CCA2 public key. - * - * @see org.bouncycastle.pqc.jcajce.provider.mceliece.BCMcElieceCCA2PublicKey - */ -public class McElieceCCA2PublicKeySpec - implements KeySpec -{ - - // the OID of the algorithm - private String oid; - - // the length of the code - private int n; - - // the error correction capability of the code - private int t; - - // the generator matrix - private GF2Matrix matrixG; - - /** - * Constructor. - * - * @param n length of the code - * @param t error correction capability - * @param matrix generator matrix - */ - public McElieceCCA2PublicKeySpec(String oid, int n, int t, GF2Matrix matrix) - { - this.oid = oid; - this.n = n; - this.t = t; - this.matrixG = new GF2Matrix(matrix); - } - - /** - * Constructor (used by {@link org.bouncycastle.pqc.jcajce.provider.mceliece.McElieceKeyFactorySpi}). - * - * @param n length of the code - * @param t error correction capability of the code - * @param encMatrix encoded generator matrix - */ - public McElieceCCA2PublicKeySpec(String oid, int n, int t, byte[] encMatrix) - { - this.oid = oid; - this.n = n; - this.t = t; - this.matrixG = new GF2Matrix(encMatrix); - } - - /** - * @return the length of the code - */ - public int getN() - { - return n; - } - - /** - * @return the error correction capability of the code - */ - public int getT() - { - return t; - } - - /** - * @return the generator matrix - */ - public GF2Matrix getMatrixG() - { - return matrixG; - } - - public String getOIDString() - { - return oid; - - } -} diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/spec/McEliecePrivateKeySpec.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/spec/McEliecePrivateKeySpec.java deleted file mode 100644 index 099fc2bf..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/spec/McEliecePrivateKeySpec.java +++ /dev/null @@ -1,201 +0,0 @@ -package org.bouncycastle.pqc.jcajce.spec; - - -import java.security.spec.KeySpec; - -import org.bouncycastle.pqc.math.linearalgebra.GF2Matrix; -import org.bouncycastle.pqc.math.linearalgebra.GF2mField; -import org.bouncycastle.pqc.math.linearalgebra.Permutation; -import org.bouncycastle.pqc.math.linearalgebra.PolynomialGF2mSmallM; - -/** - * This class provides a specification for a McEliece private key. - * - * @see org.bouncycastle.pqc.ecc.JDKMcEliecePrivateKey.McEliecePrivateKey - * @see KeySpec - */ -public class McEliecePrivateKeySpec - implements KeySpec -{ - - // the OID of the algorithm - private String oid; - - // the length of the code - private int n; - - // the dimension of the code, where <tt>k >= n - mt</tt> - private int k; - - // the underlying finite field - private GF2mField field; - - // the irreducible Goppa polynomial - private PolynomialGF2mSmallM goppaPoly; - - // a k x k random binary non-singular matrix - private GF2Matrix sInv; - - // the permutation used to generate the systematic check matrix - private Permutation p1; - - // the permutation used to compute the public generator matrix - private Permutation p2; - - // the canonical check matrix of the code - private GF2Matrix h; - - // the matrix used to compute square roots in <tt>(GF(2^m))^t</tt> - private PolynomialGF2mSmallM[] qInv; - - /** - * Constructor. - * - * @param oid - * @param n the length of the code - * @param k the dimension of the code - * @param field the field polynomial defining the finite field - * <tt>GF(2<sup>m</sup>)</tt> - * @param goppaPoly the irreducible Goppa polynomial - * @param sInv the matrix <tt>S<sup>-1</sup></tt> - * @param p1 the permutation used to generate the systematic check - * matrix - * @param p2 the permutation used to compute the public generator - * matrix - * @param h the canonical check matrix - * @param qInv the matrix used to compute square roots in - * <tt>(GF(2<sup>m</sup>))<sup>t</sup></tt> - */ - public McEliecePrivateKeySpec(String oid, int n, int k, GF2mField field, - PolynomialGF2mSmallM goppaPoly, GF2Matrix sInv, Permutation p1, - Permutation p2, GF2Matrix h, PolynomialGF2mSmallM[] qInv) - { - this.oid = oid; - this.k = k; - this.n = n; - this.field = field; - this.goppaPoly = goppaPoly; - this.sInv = sInv; - this.p1 = p1; - this.p2 = p2; - this.h = h; - this.qInv = qInv; - } - - /** - * Constructor (used by the {@link McElieceKeyFactory}). - * - * @param oid - * @param n the length of the code - * @param k the dimension of the code - * @param encField the encoded field polynomial defining the finite field - * <tt>GF(2<sup>m</sup>)</tt> - * @param encGoppaPoly the encoded irreducible Goppa polynomial - * @param encSInv the encoded matrix <tt>S<sup>-1</sup></tt> - * @param encP1 the encoded permutation used to generate the systematic - * check matrix - * @param encP2 the encoded permutation used to compute the public - * generator matrix - * @param encH the encoded canonical check matrix - * @param encQInv the encoded matrix used to compute square roots in - * <tt>(GF(2<sup>m</sup>))<sup>t</sup></tt> - */ - public McEliecePrivateKeySpec(String oid, int n, int k, byte[] encField, - byte[] encGoppaPoly, byte[] encSInv, byte[] encP1, byte[] encP2, - byte[] encH, byte[][] encQInv) - { - this.oid = oid; - this.n = n; - this.k = k; - field = new GF2mField(encField); - goppaPoly = new PolynomialGF2mSmallM(field, encGoppaPoly); - sInv = new GF2Matrix(encSInv); - p1 = new Permutation(encP1); - p2 = new Permutation(encP2); - h = new GF2Matrix(encH); - qInv = new PolynomialGF2mSmallM[encQInv.length]; - for (int i = 0; i < encQInv.length; i++) - { - qInv[i] = new PolynomialGF2mSmallM(field, encQInv[i]); - } - } - - /** - * @return the length of the code - */ - public int getN() - { - return n; - } - - /** - * @return the dimension of the code - */ - public int getK() - { - return k; - } - - /** - * @return the finite field <tt>GF(2<sup>m</sup>)</tt> - */ - public GF2mField getField() - { - return field; - } - - /** - * @return the irreducible Goppa polynomial - */ - public PolynomialGF2mSmallM getGoppaPoly() - { - return goppaPoly; - } - - /** - * @return the k x k random binary non-singular matrix S^-1 - */ - public GF2Matrix getSInv() - { - return sInv; - } - - /** - * @return the permutation used to generate the systematic check matrix - */ - public Permutation getP1() - { - return p1; - } - - /** - * @return the permutation used to compute the public generator matrix - */ - public Permutation getP2() - { - return p2; - } - - /** - * @return the canonical check matrix H - */ - public GF2Matrix getH() - { - return h; - } - - /** - * @return the matrix used to compute square roots in - * <tt>(GF(2<sup>m</sup>))<sup>t</sup></tt> - */ - public PolynomialGF2mSmallM[] getQInv() - { - return qInv; - } - - public String getOIDString() - { - return oid; - } - -} diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/spec/McEliecePublicKeySpec.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/spec/McEliecePublicKeySpec.java deleted file mode 100644 index f5f18761..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/spec/McEliecePublicKeySpec.java +++ /dev/null @@ -1,91 +0,0 @@ -package org.bouncycastle.pqc.jcajce.spec; - - -import java.security.spec.KeySpec; - -import org.bouncycastle.pqc.math.linearalgebra.GF2Matrix; - -/** - * This class provides a specification for a McEliece public key. - * - * @see org.bouncycastle.pqc.jcajce.provider.mceliece.BCMcEliecePublicKey - */ -public class McEliecePublicKeySpec - implements KeySpec -{ - - // the OID of the algorithm - private String oid; - - // the length of the code - private int n; - - // the error correction capability of the code - private int t; - - // the generator matrix - private GF2Matrix g; - - /** - * Constructor (used by {@link org.bouncycastle.pqc.jcajce.provider.mceliece.McElieceKeyFactorySpi}). - * - * @param oid - * @param n the length of the code - * @param t the error correction capability of the code - * @param g the generator matrix - */ - public McEliecePublicKeySpec(String oid, int n, int t, GF2Matrix g) - { - this.oid = oid; - this.n = n; - this.t = t; - this.g = new GF2Matrix(g); - } - - /** - * Constructor (used by {@link org.bouncycastle.pqc.jcajce.provider.mceliece.McElieceKeyFactorySpi}). - * - * @param oid - * @param n the length of the code - * @param t the error correction capability of the code - * @param encG the encoded generator matrix - */ - public McEliecePublicKeySpec(String oid, int t, int n, byte[] encG) - { - this.oid = oid; - this.n = n; - this.t = t; - this.g = new GF2Matrix(encG); - } - - /** - * @return the length of the code - */ - public int getN() - { - return n; - } - - /** - * @return the error correction capability of the code - */ - public int getT() - { - return t; - } - - /** - * @return the generator matrix - */ - public GF2Matrix getG() - { - return g; - } - - public String getOIDString() - { - return oid; - - } - -} diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/spec/RainbowParameterSpec.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/spec/RainbowParameterSpec.java deleted file mode 100644 index 9fcc3f8f..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/spec/RainbowParameterSpec.java +++ /dev/null @@ -1,123 +0,0 @@ -package org.bouncycastle.pqc.jcajce.spec; - -import java.security.spec.AlgorithmParameterSpec; - -import org.bouncycastle.util.Arrays; - -/** - * This class provides methods for setting and getting the Rainbow-parameters - * like number of Vinegar-variables in the layers, number of layers and so on. - * <p/> - * More detailed information about the needed parameters for the Rainbow - * Signature Scheme is to be found in the paper of Jintai Ding, Dieter Schmidt: - * Rainbow, a New Multivariable Polynomial Signature Scheme. ACNS 2005: 164-175 - * (http://dx.doi.org/10.1007/11496137_12) - */ -public class RainbowParameterSpec - implements AlgorithmParameterSpec -{ - - /** - * DEFAULT PARAMS - */ - /* - * Vi = vinegars per layer whereas n is vu (vu = 33 = n) such that - * - * v1 = 6; o1 = 12-6 = 6 - * - * v2 = 12; o2 = 17-12 = 5 - * - * v3 = 17; o3 = 22-17 = 5 - * - * v4 = 22; o4 = 33-22 = 11 - * - * v5 = 33; (o5 = 0) - */ - private static final int[] DEFAULT_VI = {6, 12, 17, 22, 33}; - - private int[] vi;// set of vinegar vars per layer. - - /** - * Default Constructor The elements of the array containing the number of - * Vinegar variables in each layer are set to the default values here. - */ - public RainbowParameterSpec() - { - this.vi = DEFAULT_VI; - } - - /** - * Constructor with parameters - * - * @param vi The elements of the array containing the number of Vinegar - * variables per layer are set to the values of the input array. - * @throws IllegalArgumentException if the variables are invalid. - */ - public RainbowParameterSpec(int[] vi) - { - this.vi = vi; - try - { - checkParams(); - } - catch (Exception e) - { - e.printStackTrace(); - } - } - - private void checkParams() - throws Exception - { - if (vi == null) - { - throw new IllegalArgumentException("no layers defined."); - } - if (vi.length > 1) - { - for (int i = 0; i < vi.length - 1; i++) - { - if (vi[i] >= vi[i + 1]) - { - throw new IllegalArgumentException( - "v[i] has to be smaller than v[i+1]"); - } - } - } - else - { - throw new IllegalArgumentException( - "Rainbow needs at least 1 layer, such that v1 < v2."); - } - } - - /** - * Getter for the number of layers - * - * @return the number of layers - */ - public int getNumOfLayers() - { - return this.vi.length - 1; - } - - /** - * Getter for the number of all the polynomials in Rainbow - * - * @return the number of the polynomials - */ - public int getDocumentLength() - { - return vi[vi.length - 1] - vi[0]; - } - - /** - * Getter for the array containing the number of Vinegar-variables per layer - * - * @return the numbers of vinegars per layer - */ - public int[] getVi() - { - return Arrays.clone(this.vi); - } -} diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/spec/RainbowPrivateKeySpec.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/spec/RainbowPrivateKeySpec.java deleted file mode 100644 index 5a101994..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/spec/RainbowPrivateKeySpec.java +++ /dev/null @@ -1,125 +0,0 @@ -package org.bouncycastle.pqc.jcajce.spec; - -import java.security.spec.KeySpec; - -import org.bouncycastle.pqc.crypto.rainbow.Layer; - -/** - * This class provides a specification for a RainbowSignature private key. - * - * @see KeySpec - */ -public class RainbowPrivateKeySpec - implements KeySpec -{ - /* - * invertible affine linear map L1 - */ - // the inverse of A1, (n-v1 x n-v1 matrix) - private short[][] A1inv; - - // translation vector of L1 - private short[] b1; - - /* - * invertible affine linear map L2 - */ - // the inverse of A2, (n x n matrix) - private short[][] A2inv; - - // translation vector of L2 - private short[] b2; - - /* - * components of F - */ - // the number of Vinegar-variables per layer. - private int[] vi; - - // contains the polynomials with their coefficients of private map F - private Layer[] layers; - - /** - * Constructor - * - * @param A1inv the inverse of A1(the matrix part of the affine linear map L1) - * (n-v1 x n-v1 matrix) - * @param b1 translation vector, part of the linear affine map L1 - * @param A2inv the inverse of A2(the matrix part of the affine linear map L2) - * (n x n matrix) - * @param b2 translation vector, part of the linear affine map L2 - * @param vi the number of Vinegar-variables per layer - * @param layers the polynomials with their coefficients of private map F - */ - public RainbowPrivateKeySpec(short[][] A1inv, short[] b1, - short[][] A2inv, short[] b2, int[] vi, Layer[] layers) - { - this.A1inv = A1inv; - this.b1 = b1; - this.A2inv = A2inv; - this.b2 = b2; - this.vi = vi; - this.layers = layers; - } - - /** - * Getter for the translation part of the private quadratic map L1. - * - * @return b1 the translation part of L1 - */ - public short[] getB1() - { - return this.b1; - } - - /** - * Getter for the inverse matrix of A1. - * - * @return the A1inv inverse - */ - public short[][] getInvA1() - { - return this.A1inv; - } - - /** - * Getter for the translation part of the private quadratic map L2. - * - * @return b2 the translation part of L2 - */ - public short[] getB2() - { - return this.b2; - } - - /** - * Getter for the inverse matrix of A2 - * - * @return the A2inv - */ - public short[][] getInvA2() - { - return this.A2inv; - } - - /** - * Returns the layers contained in the private key - * - * @return layers - */ - public Layer[] getLayers() - { - return this.layers; - } - - /** - * /** Returns the array of vi-s - * - * @return the vi - */ - public int[] getVi() - { - return vi; - } - -} diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/spec/RainbowPublicKeySpec.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/spec/RainbowPublicKeySpec.java deleted file mode 100644 index dbcf3e75..00000000 --- a/prov/src/main/java/org/bouncycastle/pqc/jcajce/spec/RainbowPublicKeySpec.java +++ /dev/null @@ -1,68 +0,0 @@ -package org.bouncycastle.pqc.jcajce.spec; - - -import java.security.spec.KeySpec; - -/** - * This class provides a specification for a RainbowSignature public key. - * - * @see KeySpec - */ -public class RainbowPublicKeySpec - implements KeySpec -{ - private short[][] coeffquadratic; - private short[][] coeffsingular; - private short[] coeffscalar; - private int docLength; // length of possible document to sign - - /** - * Constructor - * - * @param docLength - * @param coeffquadratic - * @param coeffSingular - * @param coeffScalar - */ - public RainbowPublicKeySpec(int docLength, - short[][] coeffquadratic, short[][] coeffSingular, - short[] coeffScalar) - { - this.docLength = docLength; - this.coeffquadratic = coeffquadratic; - this.coeffsingular = coeffSingular; - this.coeffscalar = coeffScalar; - } - - /** - * @return the docLength - */ - public int getDocLength() - { - return this.docLength; - } - - /** - * @return the coeffquadratic - */ - public short[][] getCoeffQuadratic() - { - return coeffquadratic; - } - - /** - * @return the coeffsingular - */ - public short[][] getCoeffSingular() - { - return coeffsingular; - } - - /** - * @return the coeffscalar - */ - public short[] getCoeffScalar() - { - return coeffscalar; - } -} diff --git a/prov/src/main/java/org/bouncycastle/x509/AttributeCertificateHolder.java b/prov/src/main/java/org/bouncycastle/x509/AttributeCertificateHolder.java deleted file mode 100644 index b00cd1d4..00000000 --- a/prov/src/main/java/org/bouncycastle/x509/AttributeCertificateHolder.java +++ /dev/null @@ -1,420 +0,0 @@ -package org.bouncycastle.x509; - -import java.io.IOException; -import java.math.BigInteger; -import java.security.MessageDigest; -import java.security.Principal; -import java.security.cert.CertSelector; -import java.security.cert.Certificate; -import java.security.cert.CertificateEncodingException; -import java.security.cert.CertificateParsingException; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.List; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.GeneralNames; -import org.bouncycastle.asn1.x509.Holder; -import org.bouncycastle.asn1.x509.IssuerSerial; -import org.bouncycastle.asn1.x509.ObjectDigestInfo; -import org.bouncycastle.jce.PrincipalUtil; -import org.bouncycastle.jce.X509Principal; -import org.bouncycastle.util.Arrays; -import org.bouncycastle.util.Selector; - -/** - * The Holder object. - * - * <pre> - * Holder ::= SEQUENCE { - * baseCertificateID [0] IssuerSerial OPTIONAL, - * -- the issuer and serial number of - * -- the holder's Public Key Certificate - * entityName [1] GeneralNames OPTIONAL, - * -- the name of the claimant or role - * objectDigestInfo [2] ObjectDigestInfo OPTIONAL - * -- used to directly authenticate the holder, - * -- for example, an executable - * } - * </pre> - * @deprecated use org.bouncycastle.cert.AttributeCertificateHolder - */ -public class AttributeCertificateHolder - implements CertSelector, Selector -{ - final Holder holder; - - AttributeCertificateHolder(ASN1Sequence seq) - { - holder = Holder.getInstance(seq); - } - - public AttributeCertificateHolder(X509Principal issuerName, - BigInteger serialNumber) - { - holder = new org.bouncycastle.asn1.x509.Holder(new IssuerSerial( - GeneralNames.getInstance(new DERSequence(new GeneralName(issuerName))), - new ASN1Integer(serialNumber))); - } - - public AttributeCertificateHolder(X500Principal issuerName, - BigInteger serialNumber) - { - this(X509Util.convertPrincipal(issuerName), serialNumber); - } - - public AttributeCertificateHolder(X509Certificate cert) - throws CertificateParsingException - { - X509Principal name; - - try - { - name = PrincipalUtil.getIssuerX509Principal(cert); - } - catch (Exception e) - { - throw new CertificateParsingException(e.getMessage()); - } - - holder = new Holder(new IssuerSerial(generateGeneralNames(name), - new ASN1Integer(cert.getSerialNumber()))); - } - - public AttributeCertificateHolder(X509Principal principal) - { - holder = new Holder(generateGeneralNames(principal)); - } - - public AttributeCertificateHolder(X500Principal principal) - { - this(X509Util.convertPrincipal(principal)); - } - - /** - * Constructs a holder for v2 attribute certificates with a hash value for - * some type of object. - * <p> - * <code>digestedObjectType</code> can be one of the following: - * <ul> - * <li>0 - publicKey - A hash of the public key of the holder must be - * passed. - * <li>1 - publicKeyCert - A hash of the public key certificate of the - * holder must be passed. - * <li>2 - otherObjectDigest - A hash of some other object type must be - * passed. <code>otherObjectTypeID</code> must not be empty. - * </ul> - * <p> - * This cannot be used if a v1 attribute certificate is used. - * - * @param digestedObjectType The digest object type. - * @param digestAlgorithm The algorithm identifier for the hash. - * @param otherObjectTypeID The object type ID if - * <code>digestedObjectType</code> is - * <code>otherObjectDigest</code>. - * @param objectDigest The hash value. - */ - public AttributeCertificateHolder(int digestedObjectType, - String digestAlgorithm, String otherObjectTypeID, byte[] objectDigest) - { - holder = new Holder(new ObjectDigestInfo(digestedObjectType, - new ASN1ObjectIdentifier(otherObjectTypeID), new AlgorithmIdentifier(digestAlgorithm), Arrays - .clone(objectDigest))); - } - - /** - * Returns the digest object type if an object digest info is used. - * <p> - * <ul> - * <li>0 - publicKey - A hash of the public key of the holder must be - * passed. - * <li>1 - publicKeyCert - A hash of the public key certificate of the - * holder must be passed. - * <li>2 - otherObjectDigest - A hash of some other object type must be - * passed. <code>otherObjectTypeID</code> must not be empty. - * </ul> - * - * @return The digest object type or -1 if no object digest info is set. - */ - public int getDigestedObjectType() - { - if (holder.getObjectDigestInfo() != null) - { - return holder.getObjectDigestInfo().getDigestedObjectType() - .getValue().intValue(); - } - return -1; - } - - /** - * Returns the other object type ID if an object digest info is used. - * - * @return The other object type ID or <code>null</code> if no object - * digest info is set. - */ - public String getDigestAlgorithm() - { - if (holder.getObjectDigestInfo() != null) - { - return holder.getObjectDigestInfo().getDigestAlgorithm().getObjectId() - .getId(); - } - return null; - } - - /** - * Returns the hash if an object digest info is used. - * - * @return The hash or <code>null</code> if no object digest info is set. - */ - public byte[] getObjectDigest() - { - if (holder.getObjectDigestInfo() != null) - { - return holder.getObjectDigestInfo().getObjectDigest().getBytes(); - } - return null; - } - - /** - * Returns the digest algorithm ID if an object digest info is used. - * - * @return The digest algorithm ID or <code>null</code> if no object - * digest info is set. - */ - public String getOtherObjectTypeID() - { - if (holder.getObjectDigestInfo() != null) - { - holder.getObjectDigestInfo().getOtherObjectTypeID().getId(); - } - return null; - } - - private GeneralNames generateGeneralNames(X509Principal principal) - { - return GeneralNames.getInstance(new DERSequence(new GeneralName(principal))); - } - - private boolean matchesDN(X509Principal subject, GeneralNames targets) - { - GeneralName[] names = targets.getNames(); - - for (int i = 0; i != names.length; i++) - { - GeneralName gn = names[i]; - - if (gn.getTagNo() == GeneralName.directoryName) - { - try - { - if (new X509Principal(((ASN1Encodable)gn.getName()).toASN1Primitive() - .getEncoded()).equals(subject)) - { - return true; - } - } - catch (IOException e) - { - } - } - } - - return false; - } - - private Object[] getNames(GeneralName[] names) - { - List l = new ArrayList(names.length); - - for (int i = 0; i != names.length; i++) - { - if (names[i].getTagNo() == GeneralName.directoryName) - { - try - { - l.add(new X500Principal( - ((ASN1Encodable)names[i].getName()).toASN1Primitive().getEncoded())); - } - catch (IOException e) - { - throw new RuntimeException("badly formed Name object"); - } - } - } - - return l.toArray(new Object[l.size()]); - } - - private Principal[] getPrincipals(GeneralNames names) - { - Object[] p = this.getNames(names.getNames()); - List l = new ArrayList(); - - for (int i = 0; i != p.length; i++) - { - if (p[i] instanceof Principal) - { - l.add(p[i]); - } - } - - return (Principal[])l.toArray(new Principal[l.size()]); - } - - /** - * Return any principal objects inside the attribute certificate holder - * entity names field. - * - * @return an array of Principal objects (usually X500Principal), null if no - * entity names field is set. - */ - public Principal[] getEntityNames() - { - if (holder.getEntityName() != null) - { - return getPrincipals(holder.getEntityName()); - } - - return null; - } - - /** - * Return the principals associated with the issuer attached to this holder - * - * @return an array of principals, null if no BaseCertificateID is set. - */ - public Principal[] getIssuer() - { - if (holder.getBaseCertificateID() != null) - { - return getPrincipals(holder.getBaseCertificateID().getIssuer()); - } - - return null; - } - - /** - * Return the serial number associated with the issuer attached to this - * holder. - * - * @return the certificate serial number, null if no BaseCertificateID is - * set. - */ - public BigInteger getSerialNumber() - { - if (holder.getBaseCertificateID() != null) - { - return holder.getBaseCertificateID().getSerial().getValue(); - } - - return null; - } - - public Object clone() - { - return new AttributeCertificateHolder((ASN1Sequence)holder - .toASN1Object()); - } - - public boolean match(Certificate cert) - { - if (!(cert instanceof X509Certificate)) - { - return false; - } - - X509Certificate x509Cert = (X509Certificate)cert; - - try - { - if (holder.getBaseCertificateID() != null) - { - return holder.getBaseCertificateID().getSerial().getValue().equals(x509Cert.getSerialNumber()) - && matchesDN(PrincipalUtil.getIssuerX509Principal(x509Cert), holder.getBaseCertificateID().getIssuer()); - } - - if (holder.getEntityName() != null) - { - if (matchesDN(PrincipalUtil.getSubjectX509Principal(x509Cert), - holder.getEntityName())) - { - return true; - } - } - if (holder.getObjectDigestInfo() != null) - { - MessageDigest md = null; - try - { - md = MessageDigest.getInstance(getDigestAlgorithm(), "BC"); - - } - catch (Exception e) - { - return false; - } - switch (getDigestedObjectType()) - { - case ObjectDigestInfo.publicKey: - // TODO: DSA Dss-parms - md.update(cert.getPublicKey().getEncoded()); - break; - case ObjectDigestInfo.publicKeyCert: - md.update(cert.getEncoded()); - break; - } - if (!Arrays.areEqual(md.digest(), getObjectDigest())) - { - return false; - } - } - } - catch (CertificateEncodingException e) - { - return false; - } - - return false; - } - - public boolean equals(Object obj) - { - if (obj == this) - { - return true; - } - - if (!(obj instanceof AttributeCertificateHolder)) - { - return false; - } - - AttributeCertificateHolder other = (AttributeCertificateHolder)obj; - - return this.holder.equals(other.holder); - } - - public int hashCode() - { - return this.holder.hashCode(); - } - - public boolean match(Object obj) - { - if (!(obj instanceof X509Certificate)) - { - return false; - } - - return match((Certificate)obj); - } -} diff --git a/prov/src/main/java/org/bouncycastle/x509/AttributeCertificateIssuer.java b/prov/src/main/java/org/bouncycastle/x509/AttributeCertificateIssuer.java deleted file mode 100644 index 3a342082..00000000 --- a/prov/src/main/java/org/bouncycastle/x509/AttributeCertificateIssuer.java +++ /dev/null @@ -1,208 +0,0 @@ -package org.bouncycastle.x509; - -import java.io.IOException; -import java.security.Principal; -import java.security.cert.CertSelector; -import java.security.cert.Certificate; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.List; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.AttCertIssuer; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.GeneralNames; -import org.bouncycastle.asn1.x509.V2Form; -import org.bouncycastle.jce.X509Principal; -import org.bouncycastle.util.Selector; - -/** - * Carrying class for an attribute certificate issuer. - * @deprecated use org.bouncycastle.cert.AttributeCertificateIssuer - */ -public class AttributeCertificateIssuer - implements CertSelector, Selector -{ - final ASN1Encodable form; - - /** - * Set the issuer directly with the ASN.1 structure. - * - * @param issuer The issuer - */ - public AttributeCertificateIssuer(AttCertIssuer issuer) - { - form = issuer.getIssuer(); - } - - public AttributeCertificateIssuer(X500Principal principal) - throws IOException - { - this(new X509Principal(principal.getEncoded())); - } - - public AttributeCertificateIssuer(X509Principal principal) - { - form = new V2Form(GeneralNames.getInstance(new DERSequence(new GeneralName(principal)))); - } - - private Object[] getNames() - { - GeneralNames name; - - if (form instanceof V2Form) - { - name = ((V2Form)form).getIssuerName(); - } - else - { - name = (GeneralNames)form; - } - - GeneralName[] names = name.getNames(); - - List l = new ArrayList(names.length); - - for (int i = 0; i != names.length; i++) - { - if (names[i].getTagNo() == GeneralName.directoryName) - { - try - { - l.add(new X500Principal( - ((ASN1Encodable)names[i].getName()).toASN1Primitive().getEncoded())); - } - catch (IOException e) - { - throw new RuntimeException("badly formed Name object"); - } - } - } - - return l.toArray(new Object[l.size()]); - } - - /** - * Return any principal objects inside the attribute certificate issuer - * object. - * - * @return an array of Principal objects (usually X500Principal) - */ - public Principal[] getPrincipals() - { - Object[] p = this.getNames(); - List l = new ArrayList(); - - for (int i = 0; i != p.length; i++) - { - if (p[i] instanceof Principal) - { - l.add(p[i]); - } - } - - return (Principal[])l.toArray(new Principal[l.size()]); - } - - private boolean matchesDN(X500Principal subject, GeneralNames targets) - { - GeneralName[] names = targets.getNames(); - - for (int i = 0; i != names.length; i++) - { - GeneralName gn = names[i]; - - if (gn.getTagNo() == GeneralName.directoryName) - { - try - { - if (new X500Principal(((ASN1Encodable)gn.getName()).toASN1Primitive().getEncoded()).equals(subject)) - { - return true; - } - } - catch (IOException e) - { - } - } - } - - return false; - } - - public Object clone() - { - return new AttributeCertificateIssuer(AttCertIssuer.getInstance(form)); - } - - public boolean match(Certificate cert) - { - if (!(cert instanceof X509Certificate)) - { - return false; - } - - X509Certificate x509Cert = (X509Certificate)cert; - - if (form instanceof V2Form) - { - V2Form issuer = (V2Form)form; - if (issuer.getBaseCertificateID() != null) - { - return issuer.getBaseCertificateID().getSerial().getValue().equals(x509Cert.getSerialNumber()) - && matchesDN(x509Cert.getIssuerX500Principal(), issuer.getBaseCertificateID().getIssuer()); - } - - GeneralNames name = issuer.getIssuerName(); - if (matchesDN(x509Cert.getSubjectX500Principal(), name)) - { - return true; - } - } - else - { - GeneralNames name = (GeneralNames)form; - if (matchesDN(x509Cert.getSubjectX500Principal(), name)) - { - return true; - } - } - - return false; - } - - public boolean equals(Object obj) - { - if (obj == this) - { - return true; - } - - if (!(obj instanceof AttributeCertificateIssuer)) - { - return false; - } - - AttributeCertificateIssuer other = (AttributeCertificateIssuer)obj; - - return this.form.equals(other.form); - } - - public int hashCode() - { - return this.form.hashCode(); - } - - public boolean match(Object obj) - { - if (!(obj instanceof X509Certificate)) - { - return false; - } - - return match((Certificate)obj); - } -} diff --git a/prov/src/main/java/org/bouncycastle/x509/CertPathReviewerException.java b/prov/src/main/java/org/bouncycastle/x509/CertPathReviewerException.java deleted file mode 100644 index 173d4789..00000000 --- a/prov/src/main/java/org/bouncycastle/x509/CertPathReviewerException.java +++ /dev/null @@ -1,72 +0,0 @@ -package org.bouncycastle.x509; - -import java.security.cert.CertPath; - -import org.bouncycastle.i18n.ErrorBundle; -import org.bouncycastle.i18n.LocalizedException; - -public class CertPathReviewerException extends LocalizedException -{ - - private int index = -1; - - private CertPath certPath = null; - - public CertPathReviewerException(ErrorBundle errorMessage, Throwable throwable) - { - super(errorMessage, throwable); - } - - public CertPathReviewerException(ErrorBundle errorMessage) - { - super(errorMessage); - } - - public CertPathReviewerException( - ErrorBundle errorMessage, - Throwable throwable, - CertPath certPath, - int index) - { - super(errorMessage, throwable); - if (certPath == null || index == -1) - { - throw new IllegalArgumentException(); - } - if (index < -1 || (certPath != null && index >= certPath.getCertificates().size())) - { - throw new IndexOutOfBoundsException(); - } - this.certPath = certPath; - this.index = index; - } - - public CertPathReviewerException( - ErrorBundle errorMessage, - CertPath certPath, - int index) - { - super(errorMessage); - if (certPath == null || index == -1) - { - throw new IllegalArgumentException(); - } - if (index < -1 || (certPath != null && index >= certPath.getCertificates().size())) - { - throw new IndexOutOfBoundsException(); - } - this.certPath = certPath; - this.index = index; - } - - public CertPath getCertPath() - { - return certPath; - } - - public int getIndex() - { - return index; - } - -} diff --git a/prov/src/main/java/org/bouncycastle/x509/ExtCertificateEncodingException.java b/prov/src/main/java/org/bouncycastle/x509/ExtCertificateEncodingException.java deleted file mode 100644 index a26c3103..00000000 --- a/prov/src/main/java/org/bouncycastle/x509/ExtCertificateEncodingException.java +++ /dev/null @@ -1,20 +0,0 @@ -package org.bouncycastle.x509; - -import java.security.cert.CertificateEncodingException; - -class ExtCertificateEncodingException - extends CertificateEncodingException -{ - Throwable cause; - - ExtCertificateEncodingException(String message, Throwable cause) - { - super(message); - this.cause = cause; - } - - public Throwable getCause() - { - return cause; - } -} diff --git a/prov/src/main/java/org/bouncycastle/x509/ExtendedPKIXBuilderParameters.java b/prov/src/main/java/org/bouncycastle/x509/ExtendedPKIXBuilderParameters.java deleted file mode 100644 index 51831d07..00000000 --- a/prov/src/main/java/org/bouncycastle/x509/ExtendedPKIXBuilderParameters.java +++ /dev/null @@ -1,210 +0,0 @@ -package org.bouncycastle.x509; - -import org.bouncycastle.util.Selector; - -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidParameterException; -import java.security.cert.PKIXBuilderParameters; -import java.security.cert.PKIXParameters; -import java.security.cert.TrustAnchor; -import java.security.cert.X509CertSelector; -import java.util.Collections; -import java.util.HashSet; -import java.util.Set; - -/** - * This class contains extended parameters for PKIX certification path builders. - * - * @see java.security.cert.PKIXBuilderParameters - * @see org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi - */ -public class ExtendedPKIXBuilderParameters extends ExtendedPKIXParameters -{ - - private int maxPathLength = 5; - - private Set excludedCerts = Collections.EMPTY_SET; - - /** - * Excluded certificates are not used for building a certification path. - * <p> - * The returned set is immutable. - * - * @return Returns the excluded certificates. - */ - public Set getExcludedCerts() - { - return Collections.unmodifiableSet(excludedCerts); - } - - /** - * Sets the excluded certificates which are not used for building a - * certification path. If the <code>Set</code> is <code>null</code> an - * empty set is assumed. - * <p> - * The given set is cloned to protect it against subsequent modifications. - * - * @param excludedCerts The excluded certificates to set. - */ - public void setExcludedCerts(Set excludedCerts) - { - if (excludedCerts == null) - { - excludedCerts = Collections.EMPTY_SET; - } - else - { - this.excludedCerts = new HashSet(excludedCerts); - } - } - - /** - * Creates an instance of <code>PKIXBuilderParameters</code> with the - * specified <code>Set</code> of most-trusted CAs. Each element of the set - * is a {@link TrustAnchor TrustAnchor}. - * - * <p> - * Note that the <code>Set</code> is copied to protect against subsequent - * modifications. - * - * @param trustAnchors a <code>Set</code> of <code>TrustAnchor</code>s - * @param targetConstraints a <code>Selector</code> specifying the - * constraints on the target certificate or attribute - * certificate. - * @throws InvalidAlgorithmParameterException if <code>trustAnchors</code> - * is empty. - * @throws NullPointerException if <code>trustAnchors</code> is - * <code>null</code> - * @throws ClassCastException if any of the elements of - * <code>trustAnchors</code> is not of type - * <code>java.security.cert.TrustAnchor</code> - */ - public ExtendedPKIXBuilderParameters(Set trustAnchors, - Selector targetConstraints) - throws InvalidAlgorithmParameterException - { - super(trustAnchors); - setTargetConstraints(targetConstraints); - } - - /** - * Sets the maximum number of intermediate non-self-issued certificates in a - * certification path. The PKIX <code>CertPathBuilder</code> must not - * build paths longer then this length. - * <p> - * A value of 0 implies that the path can only contain a single certificate. - * A value of -1 does not limit the length. The default length is 5. - * - * <p> - * - * The basic constraints extension of a CA certificate overrides this value - * if smaller. - * - * @param maxPathLength the maximum number of non-self-issued intermediate - * certificates in the certification path - * @throws InvalidParameterException if <code>maxPathLength</code> is set - * to a value less than -1 - * - * @see org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi - * @see #getMaxPathLength - */ - public void setMaxPathLength(int maxPathLength) - { - if (maxPathLength < -1) - { - throw new InvalidParameterException("The maximum path " - + "length parameter can not be less than -1."); - } - this.maxPathLength = maxPathLength; - } - - /** - * Returns the value of the maximum number of intermediate non-self-issued - * certificates in the certification path. - * - * @return the maximum number of non-self-issued intermediate certificates - * in the certification path, or -1 if no limit exists. - * - * @see #setMaxPathLength(int) - */ - public int getMaxPathLength() - { - return maxPathLength; - } - - /** - * Can alse handle <code>ExtendedPKIXBuilderParameters</code> and - * <code>PKIXBuilderParameters</code>. - * - * @param params Parameters to set. - * @see org.bouncycastle.x509.ExtendedPKIXParameters#setParams(java.security.cert.PKIXParameters) - */ - protected void setParams(PKIXParameters params) - { - super.setParams(params); - if (params instanceof ExtendedPKIXBuilderParameters) - { - ExtendedPKIXBuilderParameters _params = (ExtendedPKIXBuilderParameters) params; - maxPathLength = _params.maxPathLength; - excludedCerts = new HashSet(_params.excludedCerts); - } - if (params instanceof PKIXBuilderParameters) - { - PKIXBuilderParameters _params = (PKIXBuilderParameters) params; - maxPathLength = _params.getMaxPathLength(); - } - } - - /** - * Makes a copy of this <code>PKIXParameters</code> object. Changes to the - * copy will not affect the original and vice versa. - * - * @return a copy of this <code>PKIXParameters</code> object - */ - public Object clone() - { - ExtendedPKIXBuilderParameters params = null; - try - { - params = new ExtendedPKIXBuilderParameters(getTrustAnchors(), - getTargetConstraints()); - } - catch (Exception e) - { - // cannot happen - throw new RuntimeException(e.getMessage()); - } - params.setParams(this); - return params; - } - - /** - * Returns an instance of <code>ExtendedPKIXParameters</code> which can be - * safely casted to <code>ExtendedPKIXBuilderParameters</code>. - * <p> - * This method can be used to get a copy from other - * <code>PKIXBuilderParameters</code>, <code>PKIXParameters</code>, - * and <code>ExtendedPKIXParameters</code> instances. - * - * @param pkixParams The PKIX parameters to create a copy of. - * @return An <code>ExtendedPKIXBuilderParameters</code> instance. - */ - public static ExtendedPKIXParameters getInstance(PKIXParameters pkixParams) - { - ExtendedPKIXBuilderParameters params; - try - { - params = new ExtendedPKIXBuilderParameters(pkixParams - .getTrustAnchors(), X509CertStoreSelector - .getInstance((X509CertSelector) pkixParams - .getTargetCertConstraints())); - } - catch (Exception e) - { - // cannot happen - throw new RuntimeException(e.getMessage()); - } - params.setParams(pkixParams); - return params; - } -} diff --git a/prov/src/main/java/org/bouncycastle/x509/ExtendedPKIXParameters.java b/prov/src/main/java/org/bouncycastle/x509/ExtendedPKIXParameters.java deleted file mode 100644 index 63866182..00000000 --- a/prov/src/main/java/org/bouncycastle/x509/ExtendedPKIXParameters.java +++ /dev/null @@ -1,651 +0,0 @@ -package org.bouncycastle.x509; - -import org.bouncycastle.util.Selector; -import org.bouncycastle.util.Store; - -import java.security.InvalidAlgorithmParameterException; -import java.security.cert.CertSelector; -import java.security.cert.CertStore; -import java.security.cert.PKIXParameters; -import java.security.cert.TrustAnchor; -import java.security.cert.X509CertSelector; -import java.util.ArrayList; -import java.util.Collections; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; -import java.util.Set; - -/** - * This class extends the PKIXParameters with a validity model parameter. - */ -public class ExtendedPKIXParameters - extends PKIXParameters -{ - - private List stores; - - private Selector selector; - - private boolean additionalLocationsEnabled; - - private List additionalStores; - - private Set trustedACIssuers; - - private Set necessaryACAttributes; - - private Set prohibitedACAttributes; - - private Set attrCertCheckers; - - /** - * Creates an instance of <code>PKIXParameters</code> with the specified - * <code>Set</code> of most-trusted CAs. Each element of the set is a - * {@link TrustAnchor TrustAnchor}. <p/> Note that the <code>Set</code> - * is copied to protect against subsequent modifications. - * - * @param trustAnchors a <code>Set</code> of <code>TrustAnchor</code>s - * @throws InvalidAlgorithmParameterException if the specified - * <code>Set</code> is empty. - * @throws NullPointerException if the specified <code>Set</code> is - * <code>null</code> - * @throws ClassCastException if any of the elements in the <code>Set</code> - * is not of type <code>java.security.cert.TrustAnchor</code> - */ - public ExtendedPKIXParameters(Set trustAnchors) - throws InvalidAlgorithmParameterException - { - super(trustAnchors); - stores = new ArrayList(); - additionalStores = new ArrayList(); - trustedACIssuers = new HashSet(); - necessaryACAttributes = new HashSet(); - prohibitedACAttributes = new HashSet(); - attrCertCheckers = new HashSet(); - } - - /** - * Returns an instance with the parameters of a given - * <code>PKIXParameters</code> object. - * - * @param pkixParams The given <code>PKIXParameters</code> - * @return an extended PKIX params object - */ - public static ExtendedPKIXParameters getInstance(PKIXParameters pkixParams) - { - ExtendedPKIXParameters params; - try - { - params = new ExtendedPKIXParameters(pkixParams.getTrustAnchors()); - } - catch (Exception e) - { - // cannot happen - throw new RuntimeException(e.getMessage()); - } - params.setParams(pkixParams); - return params; - } - - /** - * Method to support <code>clone()</code> under J2ME. - * <code>super.clone()</code> does not exist and fields are not copied. - * - * @param params Parameters to set. If this are - * <code>ExtendedPKIXParameters</code> they are copied to. - */ - protected void setParams(PKIXParameters params) - { - setDate(params.getDate()); - setCertPathCheckers(params.getCertPathCheckers()); - setCertStores(params.getCertStores()); - setAnyPolicyInhibited(params.isAnyPolicyInhibited()); - setExplicitPolicyRequired(params.isExplicitPolicyRequired()); - setPolicyMappingInhibited(params.isPolicyMappingInhibited()); - setRevocationEnabled(params.isRevocationEnabled()); - setInitialPolicies(params.getInitialPolicies()); - setPolicyQualifiersRejected(params.getPolicyQualifiersRejected()); - setSigProvider(params.getSigProvider()); - setTargetCertConstraints(params.getTargetCertConstraints()); - try - { - setTrustAnchors(params.getTrustAnchors()); - } - catch (Exception e) - { - // cannot happen - throw new RuntimeException(e.getMessage()); - } - if (params instanceof ExtendedPKIXParameters) - { - ExtendedPKIXParameters _params = (ExtendedPKIXParameters) params; - validityModel = _params.validityModel; - useDeltas = _params.useDeltas; - additionalLocationsEnabled = _params.additionalLocationsEnabled; - selector = _params.selector == null ? null - : (Selector) _params.selector.clone(); - stores = new ArrayList(_params.stores); - additionalStores = new ArrayList(_params.additionalStores); - trustedACIssuers = new HashSet(_params.trustedACIssuers); - prohibitedACAttributes = new HashSet(_params.prohibitedACAttributes); - necessaryACAttributes = new HashSet(_params.necessaryACAttributes); - attrCertCheckers = new HashSet(_params.attrCertCheckers); - } - } - - /** - * This is the default PKIX validity model. Actually there are two variants - * of this: The PKIX model and the modified PKIX model. The PKIX model - * verifies that all involved certificates must have been valid at the - * current time. The modified PKIX model verifies that all involved - * certificates were valid at the signing time. Both are indirectly choosen - * with the {@link PKIXParameters#setDate(java.util.Date)} method, so this - * methods sets the Date when <em>all</em> certificates must have been - * valid. - */ - public static final int PKIX_VALIDITY_MODEL = 0; - - /** - * This model uses the following validity model. Each certificate must have - * been valid at the moment where is was used. That means the end - * certificate must have been valid at the time the signature was done. The - * CA certificate which signed the end certificate must have been valid, - * when the end certificate was signed. The CA (or Root CA) certificate must - * have been valid, when the CA certificate was signed and so on. So the - * {@link PKIXParameters#setDate(java.util.Date)} method sets the time, when - * the <em>end certificate</em> must have been valid. <p/> It is used e.g. - * in the German signature law. - */ - public static final int CHAIN_VALIDITY_MODEL = 1; - - private int validityModel = PKIX_VALIDITY_MODEL; - - private boolean useDeltas = false; - - /** - * Defaults to <code>false</code>. - * - * @return Returns if delta CRLs should be used. - */ - public boolean isUseDeltasEnabled() - { - return useDeltas; - } - - /** - * Sets if delta CRLs should be used for checking the revocation status. - * - * @param useDeltas <code>true</code> if delta CRLs should be used. - */ - public void setUseDeltasEnabled(boolean useDeltas) - { - this.useDeltas = useDeltas; - } - - /** - * @return Returns the validity model. - * @see #CHAIN_VALIDITY_MODEL - * @see #PKIX_VALIDITY_MODEL - */ - public int getValidityModel() - { - return validityModel; - } - - /** - * Sets the Java CertStore to this extended PKIX parameters. - * - * @throws ClassCastException if an element of <code>stores</code> is not - * a <code>CertStore</code>. - */ - public void setCertStores(List stores) - { - if (stores != null) - { - Iterator it = stores.iterator(); - while (it.hasNext()) - { - addCertStore((CertStore)it.next()); - } - } - } - - /** - * Sets the Bouncy Castle Stores for finding CRLs, certificates, attribute - * certificates or cross certificates. - * <p> - * The <code>List</code> is cloned. - * - * @param stores A list of stores to use. - * @see #getStores - * @throws ClassCastException if an element of <code>stores</code> is not - * a {@link Store}. - */ - public void setStores(List stores) - { - if (stores == null) - { - this.stores = new ArrayList(); - } - else - { - for (Iterator i = stores.iterator(); i.hasNext();) - { - if (!(i.next() instanceof Store)) - { - throw new ClassCastException( - "All elements of list must be " - + "of type org.bouncycastle.util.Store."); - } - } - this.stores = new ArrayList(stores); - } - } - - /** - * Adds a Bouncy Castle {@link Store} to find CRLs, certificates, attribute - * certificates or cross certificates. - * <p> - * This method should be used to add local stores, like collection based - * X.509 stores, if available. Local stores should be considered first, - * before trying to use additional (remote) locations, because they do not - * need possible additional network traffic. - * <p> - * If <code>store</code> is <code>null</code> it is ignored. - * - * @param store The store to add. - * @see #getStores - */ - public void addStore(Store store) - { - if (store != null) - { - stores.add(store); - } - } - - /** - * Adds an additional Bouncy Castle {@link Store} to find CRLs, certificates, - * attribute certificates or cross certificates. - * <p> - * You should not use this method. This method is used for adding additional - * X.509 stores, which are used to add (remote) locations, e.g. LDAP, found - * during X.509 object processing, e.g. in certificates or CRLs. This method - * is used in PKIX certification path processing. - * <p> - * If <code>store</code> is <code>null</code> it is ignored. - * - * @param store The store to add. - * @see #getStores() - */ - public void addAdditionalStore(Store store) - { - if (store != null) - { - additionalStores.add(store); - } - } - - /** - * @deprecated - */ - public void addAddionalStore(Store store) - { - addAdditionalStore(store); - } - - /** - * Returns an immutable <code>List</code> of additional Bouncy Castle - * <code>Store</code>s used for finding CRLs, certificates, attribute - * certificates or cross certificates. - * - * @return an immutable <code>List</code> of additional Bouncy Castle - * <code>Store</code>s. Never <code>null</code>. - * - * @see #addAdditionalStore(Store) - */ - public List getAdditionalStores() - { - return Collections.unmodifiableList(additionalStores); - } - - /** - * Returns an immutable <code>List</code> of Bouncy Castle - * <code>Store</code>s used for finding CRLs, certificates, attribute - * certificates or cross certificates. - * - * @return an immutable <code>List</code> of Bouncy Castle - * <code>Store</code>s. Never <code>null</code>. - * - * @see #setStores(List) - */ - public List getStores() - { - return Collections.unmodifiableList(new ArrayList(stores)); - } - - /** - * @param validityModel The validity model to set. - * @see #CHAIN_VALIDITY_MODEL - * @see #PKIX_VALIDITY_MODEL - */ - public void setValidityModel(int validityModel) - { - this.validityModel = validityModel; - } - - public Object clone() - { - ExtendedPKIXParameters params; - try - { - params = new ExtendedPKIXParameters(getTrustAnchors()); - } - catch (Exception e) - { - // cannot happen - throw new RuntimeException(e.getMessage()); - } - params.setParams(this); - return params; - } - - /** - * Returns if additional {@link X509Store}s for locations like LDAP found - * in certificates or CRLs should be used. - * - * @return Returns <code>true</code> if additional stores are used. - */ - public boolean isAdditionalLocationsEnabled() - { - return additionalLocationsEnabled; - } - - /** - * Sets if additional {@link X509Store}s for locations like LDAP found in - * certificates or CRLs should be used. - * - * @param enabled <code>true</code> if additional stores are used. - */ - public void setAdditionalLocationsEnabled(boolean enabled) - { - additionalLocationsEnabled = enabled; - } - - /** - * Returns the required constraints on the target certificate or attribute - * certificate. The constraints are returned as an instance of - * <code>Selector</code>. If <code>null</code>, no constraints are - * defined. - * - * <p> - * The target certificate in a PKIX path may be a certificate or an - * attribute certificate. - * <p> - * Note that the <code>Selector</code> returned is cloned to protect - * against subsequent modifications. - * - * @return a <code>Selector</code> specifying the constraints on the - * target certificate or attribute certificate (or <code>null</code>) - * @see #setTargetConstraints - * @see X509CertStoreSelector - * @see X509AttributeCertStoreSelector - */ - public Selector getTargetConstraints() - { - if (selector != null) - { - return (Selector) selector.clone(); - } - else - { - return null; - } - } - - /** - * Sets the required constraints on the target certificate or attribute - * certificate. The constraints are specified as an instance of - * <code>Selector</code>. If <code>null</code>, no constraints are - * defined. - * <p> - * The target certificate in a PKIX path may be a certificate or an - * attribute certificate. - * <p> - * Note that the <code>Selector</code> specified is cloned to protect - * against subsequent modifications. - * - * @param selector a <code>Selector</code> specifying the constraints on - * the target certificate or attribute certificate (or - * <code>null</code>) - * @see #getTargetConstraints - * @see X509CertStoreSelector - * @see X509AttributeCertStoreSelector - */ - public void setTargetConstraints(Selector selector) - { - if (selector != null) - { - this.selector = (Selector) selector.clone(); - } - else - { - this.selector = null; - } - } - - /** - * Sets the required constraints on the target certificate. The constraints - * are specified as an instance of <code>X509CertSelector</code>. If - * <code>null</code>, no constraints are defined. - * - * <p> - * This method wraps the given <code>X509CertSelector</code> into a - * <code>X509CertStoreSelector</code>. - * <p> - * Note that the <code>X509CertSelector</code> specified is cloned to - * protect against subsequent modifications. - * - * @param selector a <code>X509CertSelector</code> specifying the - * constraints on the target certificate (or <code>null</code>) - * @see #getTargetCertConstraints - * @see X509CertStoreSelector - */ - public void setTargetCertConstraints(CertSelector selector) - { - super.setTargetCertConstraints(selector); - if (selector != null) - { - this.selector = X509CertStoreSelector - .getInstance((X509CertSelector) selector); - } - else - { - this.selector = null; - } - } - - /** - * Returns the trusted attribute certificate issuers. If attribute - * certificates is verified the trusted AC issuers must be set. - * <p> - * The returned <code>Set</code> consists of <code>TrustAnchor</code>s. - * <p> - * The returned <code>Set</code> is immutable. Never <code>null</code> - * - * @return Returns an immutable set of the trusted AC issuers. - */ - public Set getTrustedACIssuers() - { - return Collections.unmodifiableSet(trustedACIssuers); - } - - /** - * Sets the trusted attribute certificate issuers. If attribute certificates - * is verified the trusted AC issuers must be set. - * <p> - * The <code>trustedACIssuers</code> must be a <code>Set</code> of - * <code>TrustAnchor</code> - * <p> - * The given set is cloned. - * - * @param trustedACIssuers The trusted AC issuers to set. Is never - * <code>null</code>. - * @throws ClassCastException if an element of <code>stores</code> is not - * a <code>TrustAnchor</code>. - */ - public void setTrustedACIssuers(Set trustedACIssuers) - { - if (trustedACIssuers == null) - { - this.trustedACIssuers.clear(); - return; - } - for (Iterator it = trustedACIssuers.iterator(); it.hasNext();) - { - if (!(it.next() instanceof TrustAnchor)) - { - throw new ClassCastException("All elements of set must be " - + "of type " + TrustAnchor.class.getName() + "."); - } - } - this.trustedACIssuers.clear(); - this.trustedACIssuers.addAll(trustedACIssuers); - } - - /** - * Returns the neccessary attributes which must be contained in an attribute - * certificate. - * <p> - * The returned <code>Set</code> is immutable and contains - * <code>String</code>s with the OIDs. - * - * @return Returns the necessary AC attributes. - */ - public Set getNecessaryACAttributes() - { - return Collections.unmodifiableSet(necessaryACAttributes); - } - - /** - * Sets the neccessary which must be contained in an attribute certificate. - * <p> - * The <code>Set</code> must contain <code>String</code>s with the - * OIDs. - * <p> - * The set is cloned. - * - * @param necessaryACAttributes The necessary AC attributes to set. - * @throws ClassCastException if an element of - * <code>necessaryACAttributes</code> is not a - * <code>String</code>. - */ - public void setNecessaryACAttributes(Set necessaryACAttributes) - { - if (necessaryACAttributes == null) - { - this.necessaryACAttributes.clear(); - return; - } - for (Iterator it = necessaryACAttributes.iterator(); it.hasNext();) - { - if (!(it.next() instanceof String)) - { - throw new ClassCastException("All elements of set must be " - + "of type String."); - } - } - this.necessaryACAttributes.clear(); - this.necessaryACAttributes.addAll(necessaryACAttributes); - } - - /** - * Returns the attribute certificates which are not allowed. - * <p> - * The returned <code>Set</code> is immutable and contains - * <code>String</code>s with the OIDs. - * - * @return Returns the prohibited AC attributes. Is never <code>null</code>. - */ - public Set getProhibitedACAttributes() - { - return Collections.unmodifiableSet(prohibitedACAttributes); - } - - /** - * Sets the attribute certificates which are not allowed. - * <p> - * The <code>Set</code> must contain <code>String</code>s with the - * OIDs. - * <p> - * The set is cloned. - * - * @param prohibitedACAttributes The prohibited AC attributes to set. - * @throws ClassCastException if an element of - * <code>prohibitedACAttributes</code> is not a - * <code>String</code>. - */ - public void setProhibitedACAttributes(Set prohibitedACAttributes) - { - if (prohibitedACAttributes == null) - { - this.prohibitedACAttributes.clear(); - return; - } - for (Iterator it = prohibitedACAttributes.iterator(); it.hasNext();) - { - if (!(it.next() instanceof String)) - { - throw new ClassCastException("All elements of set must be " - + "of type String."); - } - } - this.prohibitedACAttributes.clear(); - this.prohibitedACAttributes.addAll(prohibitedACAttributes); - } - - /** - * Returns the attribute certificate checker. The returned set contains - * {@link PKIXAttrCertChecker}s and is immutable. - * - * @return Returns the attribute certificate checker. Is never - * <code>null</code>. - */ - public Set getAttrCertCheckers() - { - return Collections.unmodifiableSet(attrCertCheckers); - } - - /** - * Sets the attribute certificate checkers. - * <p> - * All elements in the <code>Set</code> must a {@link PKIXAttrCertChecker}. - * <p> - * The given set is cloned. - * - * @param attrCertCheckers The attribute certificate checkers to set. Is - * never <code>null</code>. - * @throws ClassCastException if an element of <code>attrCertCheckers</code> - * is not a <code>PKIXAttrCertChecker</code>. - */ - public void setAttrCertCheckers(Set attrCertCheckers) - { - if (attrCertCheckers == null) - { - this.attrCertCheckers.clear(); - return; - } - for (Iterator it = attrCertCheckers.iterator(); it.hasNext();) - { - if (!(it.next() instanceof PKIXAttrCertChecker)) - { - throw new ClassCastException("All elements of set must be " - + "of type " + PKIXAttrCertChecker.class.getName() + "."); - } - } - this.attrCertCheckers.clear(); - this.attrCertCheckers.addAll(attrCertCheckers); - } - -} diff --git a/prov/src/main/java/org/bouncycastle/x509/NoSuchParserException.java b/prov/src/main/java/org/bouncycastle/x509/NoSuchParserException.java deleted file mode 100644 index c25b9dd1..00000000 --- a/prov/src/main/java/org/bouncycastle/x509/NoSuchParserException.java +++ /dev/null @@ -1,10 +0,0 @@ -package org.bouncycastle.x509; - -public class NoSuchParserException - extends Exception -{ - public NoSuchParserException(String message) - { - super(message); - } -} diff --git a/prov/src/main/java/org/bouncycastle/x509/NoSuchStoreException.java b/prov/src/main/java/org/bouncycastle/x509/NoSuchStoreException.java deleted file mode 100644 index 255c0303..00000000 --- a/prov/src/main/java/org/bouncycastle/x509/NoSuchStoreException.java +++ /dev/null @@ -1,10 +0,0 @@ -package org.bouncycastle.x509; - -public class NoSuchStoreException - extends Exception -{ - public NoSuchStoreException(String message) - { - super(message); - } -} diff --git a/prov/src/main/java/org/bouncycastle/x509/PKIXAttrCertChecker.java b/prov/src/main/java/org/bouncycastle/x509/PKIXAttrCertChecker.java deleted file mode 100644 index 816cdab3..00000000 --- a/prov/src/main/java/org/bouncycastle/x509/PKIXAttrCertChecker.java +++ /dev/null @@ -1,56 +0,0 @@ -package org.bouncycastle.x509; - -import java.security.cert.CertPath; -import java.security.cert.CertPathValidatorException; -import java.util.Collection; -import java.util.Set; - -public abstract class PKIXAttrCertChecker - implements Cloneable -{ - - /** - * Returns an immutable <code>Set</code> of X.509 attribute certificate - * extensions that this <code>PKIXAttrCertChecker</code> supports or - * <code>null</code> if no extensions are supported. - * <p> - * Each element of the set is a <code>String</code> representing the - * Object Identifier (OID) of the X.509 extension that is supported. - * <p> - * All X.509 attribute certificate extensions that a - * <code>PKIXAttrCertChecker</code> might possibly be able to process - * should be included in the set. - * - * @return an immutable <code>Set</code> of X.509 extension OIDs (in - * <code>String</code> format) supported by this - * <code>PKIXAttrCertChecker</code>, or <code>null</code> if no - * extensions are supported - */ - public abstract Set getSupportedExtensions(); - - /** - * Performs checks on the specified attribute certificate. Every handled - * extension is rmeoved from the <code>unresolvedCritExts</code> - * collection. - * - * @param attrCert The attribute certificate to be checked. - * @param certPath The certificate path which belongs to the attribute - * certificate issuer public key certificate. - * @param holderCertPath The certificate path which belongs to the holder - * certificate. - * @param unresolvedCritExts a <code>Collection</code> of OID strings - * representing the current set of unresolved critical extensions - * @throws CertPathValidatorException if the specified attribute certificate - * does not pass the check. - */ - public abstract void check(X509AttributeCertificate attrCert, CertPath certPath, - CertPath holderCertPath, Collection unresolvedCritExts) - throws CertPathValidatorException; - - /** - * Returns a clone of this object. - * - * @return a copy of this <code>PKIXAttrCertChecker</code> - */ - public abstract Object clone(); -} diff --git a/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.java b/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.java deleted file mode 100644 index 528fbec4..00000000 --- a/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.java +++ /dev/null @@ -1,2544 +0,0 @@ -package org.bouncycastle.x509; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.math.BigInteger; -import java.net.HttpURLConnection; -import java.net.InetAddress; -import java.net.URL; -import java.security.GeneralSecurityException; -import java.security.PublicKey; -import java.security.SignatureException; -import java.security.cert.CertPath; -import java.security.cert.CertPathValidatorException; -import java.security.cert.CertificateExpiredException; -import java.security.cert.CertificateFactory; -import java.security.cert.CertificateNotYetValidException; -import java.security.cert.PKIXCertPathChecker; -import java.security.cert.PKIXParameters; -import java.security.cert.PolicyNode; -import java.security.cert.TrustAnchor; -import java.security.cert.X509CRL; -import java.security.cert.X509CRLEntry; -import java.security.cert.X509CertSelector; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Date; -import java.util.Enumeration; -import java.util.HashMap; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; -import java.util.Map; -import java.util.Set; -import java.util.Vector; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Enumerated; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.x509.AccessDescription; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.AuthorityInformationAccess; -import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier; -import org.bouncycastle.asn1.x509.BasicConstraints; -import org.bouncycastle.asn1.x509.CRLDistPoint; -import org.bouncycastle.asn1.x509.DistributionPoint; -import org.bouncycastle.asn1.x509.DistributionPointName; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.GeneralNames; -import org.bouncycastle.asn1.x509.GeneralSubtree; -import org.bouncycastle.asn1.x509.IssuingDistributionPoint; -import org.bouncycastle.asn1.x509.NameConstraints; -import org.bouncycastle.asn1.x509.PolicyInformation; -import org.bouncycastle.asn1.x509.X509Extensions; -import org.bouncycastle.asn1.x509.qualified.Iso4217CurrencyCode; -import org.bouncycastle.asn1.x509.qualified.MonetaryValue; -import org.bouncycastle.asn1.x509.qualified.QCStatement; -import org.bouncycastle.i18n.ErrorBundle; -import org.bouncycastle.i18n.LocaleString; -import org.bouncycastle.i18n.filter.TrustedInput; -import org.bouncycastle.i18n.filter.UntrustedInput; -import org.bouncycastle.i18n.filter.UntrustedUrlInput; -import org.bouncycastle.jce.provider.AnnotatedException; -import org.bouncycastle.jce.provider.CertPathValidatorUtilities; -import org.bouncycastle.jce.provider.PKIXNameConstraintValidator; -import org.bouncycastle.jce.provider.PKIXNameConstraintValidatorException; -import org.bouncycastle.jce.provider.PKIXPolicyNode; -import org.bouncycastle.util.Integers; -import org.bouncycastle.x509.extension.X509ExtensionUtil; - -/** - * PKIXCertPathReviewer<br> - * Validation of X.509 Certificate Paths. Tries to find as much errors in the Path as possible. - */ -public class PKIXCertPathReviewer extends CertPathValidatorUtilities -{ - - private static final String QC_STATEMENT = X509Extensions.QCStatements.getId(); - private static final String CRL_DIST_POINTS = X509Extensions.CRLDistributionPoints.getId(); - private static final String AUTH_INFO_ACCESS = X509Extensions.AuthorityInfoAccess.getId(); - - private static final String RESOURCE_NAME = "org.bouncycastle.x509.CertPathReviewerMessages"; - - // input parameters - - protected CertPath certPath; - - protected PKIXParameters pkixParams; - - protected Date validDate; - - // state variables - - protected List certs; - - protected int n; - - // output variables - - protected List[] notifications; - protected List[] errors; - protected TrustAnchor trustAnchor; - protected PublicKey subjectPublicKey; - protected PolicyNode policyTree; - - private boolean initialized; - - /** - * Initializes the PKIXCertPathReviewer with the given {@link CertPath} and {@link PKIXParameters} params - * @param certPath the {@link CertPath} to validate - * @param params the {@link PKIXParameters} to use - * @throws CertPathReviewerException if the certPath is empty - * @throws IllegalStateException if the {@link PKIXCertPathReviewer} is already initialized - */ - public void init(CertPath certPath, PKIXParameters params) - throws CertPathReviewerException - { - if (initialized) - { - throw new IllegalStateException("object is already initialized!"); - } - initialized = true; - - // check input parameters - if (certPath == null) - { - throw new NullPointerException("certPath was null"); - } - this.certPath = certPath; - - certs = certPath.getCertificates(); - n = certs.size(); - if (certs.isEmpty()) - { - throw new CertPathReviewerException( - new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.emptyCertPath")); - } - - pkixParams = (PKIXParameters) params.clone(); - - // 6.1.1 - Inputs - - // a) done - - // b) - - validDate = getValidDate(pkixParams); - - // c) part of pkixParams - - // d) done at the beginning of checkSignatures - - // e) f) g) part of pkixParams - - // initialize output parameters - - notifications = null; - errors = null; - trustAnchor = null; - subjectPublicKey = null; - policyTree = null; - } - - /** - * Creates a PKIXCertPathReviewer and initializes it with the given {@link CertPath} and {@link PKIXParameters} params - * @param certPath the {@link CertPath} to validate - * @param params the {@link PKIXParameters} to use - * @throws CertPathReviewerException if the certPath is empty - */ - public PKIXCertPathReviewer(CertPath certPath, PKIXParameters params) - throws CertPathReviewerException - { - init(certPath, params); - } - - /** - * Creates an empty PKIXCertPathReviewer. Don't forget to call init() to initialize the object. - */ - public PKIXCertPathReviewer() - { - // do nothing - } - - /** - * - * @return the CertPath that was validated - */ - public CertPath getCertPath() - { - return certPath; - } - - /** - * - * @return the size of the CertPath - */ - public int getCertPathSize() - { - return n; - } - - /** - * Returns an Array of Lists which contains a List of global error messages - * and a List of error messages for each certificate in the path. - * The global error List is at index 0. The error lists for each certificate at index 1 to n. - * The error messages are of type. - * @return the Array of Lists which contain the error messages - * @throws IllegalStateException if the {@link PKIXCertPathReviewer} was not initialized - */ - public List[] getErrors() - { - doChecks(); - return errors; - } - - /** - * Returns an List of error messages for the certificate at the given index in the CertPath. - * If index == -1 then the list of global errors is returned with errors not specific to a certificate. - * @param index the index of the certificate in the CertPath - * @return List of error messages for the certificate - * @throws IllegalStateException if the {@link PKIXCertPathReviewer} was not initialized - */ - public List getErrors(int index) - { - doChecks(); - return errors[index + 1]; - } - - /** - * Returns an Array of Lists which contains a List of global notification messages - * and a List of botification messages for each certificate in the path. - * The global notificatio List is at index 0. The notification lists for each certificate at index 1 to n. - * The error messages are of type. - * @return the Array of Lists which contain the notification messages - * @throws IllegalStateException if the {@link PKIXCertPathReviewer} was not initialized - */ - public List[] getNotifications() - { - doChecks(); - return notifications; - } - - /** - * Returns an List of notification messages for the certificate at the given index in the CertPath. - * If index == -1 then the list of global notifications is returned with notifications not specific to a certificate. - * @param index the index of the certificate in the CertPath - * @return List of notification messages for the certificate - * @throws IllegalStateException if the {@link PKIXCertPathReviewer} was not initialized - */ - public List getNotifications(int index) - { - doChecks(); - return notifications[index + 1]; - } - - /** - * - * @return the valid policy tree, <b>null</b> if no valid policy exists. - * @throws IllegalStateException if the {@link PKIXCertPathReviewer} was not initialized - */ - public PolicyNode getPolicyTree() - { - doChecks(); - return policyTree; - } - - /** - * - * @return the PublicKey if the last certificate in the CertPath - * @throws IllegalStateException if the {@link PKIXCertPathReviewer} was not initialized - */ - public PublicKey getSubjectPublicKey() - { - doChecks(); - return subjectPublicKey; - } - - /** - * - * @return the TrustAnchor for the CertPath, <b>null</b> if no valid TrustAnchor was found. - * @throws IllegalStateException if the {@link PKIXCertPathReviewer} was not initialized - */ - public TrustAnchor getTrustAnchor() - { - doChecks(); - return trustAnchor; - } - - /** - * - * @return if the CertPath is valid - * @throws IllegalStateException if the {@link PKIXCertPathReviewer} was not initialized - */ - public boolean isValidCertPath() - { - doChecks(); - boolean valid = true; - for (int i = 0; i < errors.length; i++) - { - if (!errors[i].isEmpty()) - { - valid = false; - break; - } - } - return valid; - } - - protected void addNotification(ErrorBundle msg) - { - notifications[0].add(msg); - } - - protected void addNotification(ErrorBundle msg, int index) - { - if (index < -1 || index >= n) - { - throw new IndexOutOfBoundsException(); - } - notifications[index + 1].add(msg); - } - - protected void addError(ErrorBundle msg) - { - errors[0].add(msg); - } - - protected void addError(ErrorBundle msg, int index) - { - if (index < -1 || index >= n) - { - throw new IndexOutOfBoundsException(); - } - errors[index + 1].add(msg); - } - - protected void doChecks() - { - if (!initialized) - { - throw new IllegalStateException("Object not initialized. Call init() first."); - } - if (notifications == null) - { - // initialize lists - notifications = new List[n+1]; - errors = new List[n+1]; - - for (int i = 0; i < notifications.length; i++) - { - notifications[i] = new ArrayList(); - errors[i] = new ArrayList(); - } - - // check Signatures - checkSignatures(); - - // check Name Constraints - checkNameConstraints(); - - // check Path Length - checkPathLength(); - - // check Policy - checkPolicy(); - - // check other critical extensions - checkCriticalExtensions(); - - } - } - - private void checkNameConstraints() - { - X509Certificate cert = null; - - // - // Setup - // - - // (b) and (c) - PKIXNameConstraintValidator nameConstraintValidator = new PKIXNameConstraintValidator(); - - // - // process each certificate except the last in the path - // - int index; - int i; - - try - { - for (index = certs.size()-1; index>0; index--) - { - i = n - index; - - // - // certificate processing - // - - cert = (X509Certificate) certs.get(index); - - // b),c) - - if (!isSelfIssued(cert)) - { - X500Principal principal = getSubjectPrincipal(cert); - ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(principal.getEncoded())); - ASN1Sequence dns; - - try - { - dns = (ASN1Sequence)aIn.readObject(); - } - catch (IOException e) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.ncSubjectNameError", - new Object[] {new UntrustedInput(principal)}); - throw new CertPathReviewerException(msg,e,certPath,index); - } - - try - { - nameConstraintValidator.checkPermittedDN(dns); - } - catch (PKIXNameConstraintValidatorException cpve) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.notPermittedDN", - new Object[] {new UntrustedInput(principal.getName())}); - throw new CertPathReviewerException(msg,cpve,certPath,index); - } - - try - { - nameConstraintValidator.checkExcludedDN(dns); - } - catch (PKIXNameConstraintValidatorException cpve) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.excludedDN", - new Object[] {new UntrustedInput(principal.getName())}); - throw new CertPathReviewerException(msg,cpve,certPath,index); - } - - ASN1Sequence altName; - try - { - altName = (ASN1Sequence)getExtensionValue(cert, SUBJECT_ALTERNATIVE_NAME); - } - catch (AnnotatedException ae) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.subjAltNameExtError"); - throw new CertPathReviewerException(msg,ae,certPath,index); - } - - if (altName != null) - { - for (int j = 0; j < altName.size(); j++) - { - GeneralName name = GeneralName.getInstance(altName.getObjectAt(j)); - - try - { - nameConstraintValidator.checkPermitted(name); - nameConstraintValidator.checkExcluded(name); - } - catch (PKIXNameConstraintValidatorException cpve) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.notPermittedEmail", - new Object[] {new UntrustedInput(name)}); - throw new CertPathReviewerException(msg,cpve,certPath,index); - } -// switch(o.getTagNo()) TODO - move resources to PKIXNameConstraints -// { -// case 1: -// String email = DERIA5String.getInstance(o, true).getString(); -// -// try -// { -// checkPermittedEmail(permittedSubtreesEmail, email); -// } -// catch (CertPathValidatorException cpve) -// { -// ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.notPermittedEmail", -// new Object[] {new UntrustedInput(email)}); -// throw new CertPathReviewerException(msg,cpve,certPath,index); -// } -// -// try -// { -// checkExcludedEmail(excludedSubtreesEmail, email); -// } -// catch (CertPathValidatorException cpve) -// { -// ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.excludedEmail", -// new Object[] {new UntrustedInput(email)}); -// throw new CertPathReviewerException(msg,cpve,certPath,index); -// } -// -// break; -// case 4: -// ASN1Sequence altDN = ASN1Sequence.getInstance(o, true); -// -// try -// { -// checkPermittedDN(permittedSubtreesDN, altDN); -// } -// catch (CertPathValidatorException cpve) -// { -// X509Name altDNName = new X509Name(altDN); -// ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.notPermittedDN", -// new Object[] {new UntrustedInput(altDNName)}); -// throw new CertPathReviewerException(msg,cpve,certPath,index); -// } -// -// try -// { -// checkExcludedDN(excludedSubtreesDN, altDN); -// } -// catch (CertPathValidatorException cpve) -// { -// X509Name altDNName = new X509Name(altDN); -// ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.excludedDN", -// new Object[] {new UntrustedInput(altDNName)}); -// throw new CertPathReviewerException(msg,cpve,certPath,index); -// } -// -// break; -// case 7: -// byte[] ip = ASN1OctetString.getInstance(o, true).getOctets(); -// -// try -// { -// checkPermittedIP(permittedSubtreesIP, ip); -// } -// catch (CertPathValidatorException cpve) -// { -// ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.notPermittedIP", -// new Object[] {IPtoString(ip)}); -// throw new CertPathReviewerException(msg,cpve,certPath,index); -// } -// -// try -// { -// checkExcludedIP(excludedSubtreesIP, ip); -// } -// catch (CertPathValidatorException cpve) -// { -// ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.excludedIP", -// new Object[] {IPtoString(ip)}); -// throw new CertPathReviewerException(msg,cpve,certPath,index); -// } -// } - } - } - } - - // - // prepare for next certificate - // - - // - // (g) handle the name constraints extension - // - ASN1Sequence ncSeq; - try - { - ncSeq = (ASN1Sequence)getExtensionValue(cert, NAME_CONSTRAINTS); - } - catch (AnnotatedException ae) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.ncExtError"); - throw new CertPathReviewerException(msg,ae,certPath,index); - } - - if (ncSeq != null) - { - NameConstraints nc = NameConstraints.getInstance(ncSeq); - - // - // (g) (1) permitted subtrees - // - GeneralSubtree[] permitted = nc.getPermittedSubtrees(); - if (permitted != null) - { - nameConstraintValidator.intersectPermittedSubtree(permitted); - } - - // - // (g) (2) excluded subtrees - // - GeneralSubtree[] excluded = nc.getExcludedSubtrees(); - if (excluded != null) - { - for (int c = 0; c != excluded.length; c++) - { - nameConstraintValidator.addExcludedSubtree(excluded[c]); - } - } - } - - } // for - } - catch (CertPathReviewerException cpre) - { - addError(cpre.getErrorMessage(),cpre.getIndex()); - } - - } - - /* - * checks: - path length constraints and reports - total path length - */ - private void checkPathLength() - { - // init - int maxPathLength = n; - int totalPathLength = 0; - - X509Certificate cert = null; - - int i; - for (int index = certs.size() - 1; index > 0; index--) - { - i = n - index; - - cert = (X509Certificate) certs.get(index); - - // l) - - if (!isSelfIssued(cert)) - { - if (maxPathLength <= 0) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.pathLenghtExtended"); - addError(msg); - } - maxPathLength--; - totalPathLength++; - } - - // m) - - BasicConstraints bc; - try - { - bc = BasicConstraints.getInstance(getExtensionValue(cert, - BASIC_CONSTRAINTS)); - } - catch (AnnotatedException ae) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.processLengthConstError"); - addError(msg,index); - bc = null; - } - - if (bc != null) - { - BigInteger _pathLengthConstraint = bc.getPathLenConstraint(); - - if (_pathLengthConstraint != null) - { - int _plc = _pathLengthConstraint.intValue(); - - if (_plc < maxPathLength) - { - maxPathLength = _plc; - } - } - } - - } - - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.totalPathLength", - new Object[]{Integers.valueOf(totalPathLength)}); - - addNotification(msg); - } - - /* - * checks: - signatures - name chaining - validity of certificates - todo: - * if certificate revoked (if specified in the parameters) - */ - private void checkSignatures() - { - // 1.6.1 - Inputs - - // d) - - TrustAnchor trust = null; - X500Principal trustPrincipal = null; - - // validation date - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.certPathValidDate", - new Object[] {new TrustedInput(validDate), new TrustedInput(new Date())}); - addNotification(msg); - } - - // find trust anchors - try - { - X509Certificate cert = (X509Certificate) certs.get(certs.size() - 1); - Collection trustColl = getTrustAnchors(cert,pkixParams.getTrustAnchors()); - if (trustColl.size() > 1) - { - // conflicting trust anchors - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, - "CertPathReviewer.conflictingTrustAnchors", - new Object[]{Integers.valueOf(trustColl.size()), - new UntrustedInput(cert.getIssuerX500Principal())}); - addError(msg); - } - else if (trustColl.isEmpty()) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, - "CertPathReviewer.noTrustAnchorFound", - new Object[]{new UntrustedInput(cert.getIssuerX500Principal()), - Integers.valueOf(pkixParams.getTrustAnchors().size())}); - addError(msg); - } - else - { - PublicKey trustPublicKey; - trust = (TrustAnchor) trustColl.iterator().next(); - if (trust.getTrustedCert() != null) - { - trustPublicKey = trust.getTrustedCert().getPublicKey(); - } - else - { - trustPublicKey = trust.getCAPublicKey(); - } - try - { - CertPathValidatorUtilities.verifyX509Certificate(cert, trustPublicKey, - pkixParams.getSigProvider()); - } - catch (SignatureException e) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.trustButInvalidCert"); - addError(msg); - } - catch (Exception e) - { - // do nothing, error occurs again later - } - } - } - catch (CertPathReviewerException cpre) - { - addError(cpre.getErrorMessage()); - } - catch (Throwable t) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, - "CertPathReviewer.unknown", - new Object[] {new UntrustedInput(t.getMessage()), new UntrustedInput(t)}); - addError(msg); - } - - if (trust != null) - { - // get the name of the trustAnchor - X509Certificate sign = trust.getTrustedCert(); - try - { - if (sign != null) - { - trustPrincipal = getSubjectPrincipal(sign); - } - else - { - trustPrincipal = new X500Principal(trust.getCAName()); - } - } - catch (IllegalArgumentException ex) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.trustDNInvalid", - new Object[] {new UntrustedInput(trust.getCAName())}); - addError(msg); - } - - // test key usages of the trust anchor - if (sign != null) - { - boolean[] ku = sign.getKeyUsage(); - if (ku != null && !ku[5]) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, "CertPathReviewer.trustKeyUsage"); - addNotification(msg); - } - } - } - - // 1.6.2 - Initialization - - PublicKey workingPublicKey = null; - X500Principal workingIssuerName = trustPrincipal; - - X509Certificate sign = null; - - AlgorithmIdentifier workingAlgId = null; - ASN1ObjectIdentifier workingPublicKeyAlgorithm = null; - ASN1Encodable workingPublicKeyParameters = null; - - if (trust != null) - { - sign = trust.getTrustedCert(); - - if (sign != null) - { - workingPublicKey = sign.getPublicKey(); - } - else - { - workingPublicKey = trust.getCAPublicKey(); - } - - try - { - workingAlgId = getAlgorithmIdentifier(workingPublicKey); - workingPublicKeyAlgorithm = workingAlgId.getObjectId(); - workingPublicKeyParameters = workingAlgId.getParameters(); - } - catch (CertPathValidatorException ex) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.trustPubKeyError"); - addError(msg); - workingAlgId = null; - } - - } - - // Basic cert checks - - X509Certificate cert = null; - int i; - - for (int index = certs.size() - 1; index >= 0; index--) - { - // - // i as defined in the algorithm description - // - i = n - index; - - // - // set certificate to be checked in this round - // sign and workingPublicKey and workingIssuerName are set - // at the end of the for loop and initialied the - // first time from the TrustAnchor - // - cert = (X509Certificate) certs.get(index); - - // verify signature - if (workingPublicKey != null) - { - try - { - CertPathValidatorUtilities.verifyX509Certificate(cert, workingPublicKey, - pkixParams.getSigProvider()); - } - catch (GeneralSecurityException ex) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.signatureNotVerified", - new Object[] {ex.getMessage(),ex,ex.getClass().getName()}); - addError(msg,index); - } - } - else if (isSelfIssued(cert)) - { - try - { - CertPathValidatorUtilities.verifyX509Certificate(cert, cert.getPublicKey(), - pkixParams.getSigProvider()); - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.rootKeyIsValidButNotATrustAnchor"); - addError(msg, index); - } - catch (GeneralSecurityException ex) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.signatureNotVerified", - new Object[] {ex.getMessage(),ex,ex.getClass().getName()}); - addError(msg,index); - } - } - else - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.NoIssuerPublicKey"); - // if there is an authority key extension add the serial and issuer of the missing certificate - byte[] akiBytes = cert.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId()); - if (akiBytes != null) - { - try - { - AuthorityKeyIdentifier aki = AuthorityKeyIdentifier.getInstance( - X509ExtensionUtil.fromExtensionValue(akiBytes)); - GeneralNames issuerNames = aki.getAuthorityCertIssuer(); - if (issuerNames != null) - { - GeneralName name = issuerNames.getNames()[0]; - BigInteger serial = aki.getAuthorityCertSerialNumber(); - if (serial != null) - { - Object[] extraArgs = {new LocaleString(RESOURCE_NAME, "missingIssuer"), " \"", name , - "\" ", new LocaleString(RESOURCE_NAME, "missingSerial") , " ", serial}; - msg.setExtraArguments(extraArgs); - } - } - } - catch (IOException e) - { - // ignore - } - } - addError(msg,index); - } - - // certificate valid? - try - { - cert.checkValidity(validDate); - } - catch (CertificateNotYetValidException cnve) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.certificateNotYetValid", - new Object[] {new TrustedInput(cert.getNotBefore())}); - addError(msg,index); - } - catch (CertificateExpiredException cee) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.certificateExpired", - new Object[] {new TrustedInput(cert.getNotAfter())}); - addError(msg,index); - } - - // certificate revoked? - if (pkixParams.isRevocationEnabled()) - { - // read crl distribution points extension - CRLDistPoint crlDistPoints = null; - try - { - ASN1Primitive crl_dp = getExtensionValue(cert,CRL_DIST_POINTS); - if (crl_dp != null) - { - crlDistPoints = CRLDistPoint.getInstance(crl_dp); - } - } - catch (AnnotatedException ae) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlDistPtExtError"); - addError(msg,index); - } - - // read authority information access extension - AuthorityInformationAccess authInfoAcc = null; - try - { - ASN1Primitive auth_info_acc = getExtensionValue(cert,AUTH_INFO_ACCESS); - if (auth_info_acc != null) - { - authInfoAcc = AuthorityInformationAccess.getInstance(auth_info_acc); - } - } - catch (AnnotatedException ae) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlAuthInfoAccError"); - addError(msg,index); - } - - Vector crlDistPointUrls = getCRLDistUrls(crlDistPoints); - Vector ocspUrls = getOCSPUrls(authInfoAcc); - - // add notifications with the crl distribution points - - // output crl distribution points - Iterator urlIt = crlDistPointUrls.iterator(); - while (urlIt.hasNext()) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlDistPoint", - new Object[] {new UntrustedUrlInput(urlIt.next())}); - addNotification(msg,index); - } - - // output ocsp urls - urlIt = ocspUrls.iterator(); - while (urlIt.hasNext()) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.ocspLocation", - new Object[] {new UntrustedUrlInput(urlIt.next())}); - addNotification(msg,index); - } - - // TODO also support Netscapes revocation-url and/or OCSP instead of CRLs for revocation checking - // check CRLs - try - { - checkRevocation(pkixParams, cert, validDate, sign, workingPublicKey, crlDistPointUrls, ocspUrls, index); - } - catch (CertPathReviewerException cpre) - { - addError(cpre.getErrorMessage(),index); - } - } - - // certificate issuer correct - if (workingIssuerName != null && !cert.getIssuerX500Principal().equals(workingIssuerName)) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.certWrongIssuer", - new Object[] {workingIssuerName.getName(), - cert.getIssuerX500Principal().getName()}); - addError(msg,index); - } - - // - // prepare for next certificate - // - if (i != n) - { - - if (cert != null && cert.getVersion() == 1) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.noCACert"); - addError(msg,index); - } - - // k) - - BasicConstraints bc; - try - { - bc = BasicConstraints.getInstance(getExtensionValue(cert, - BASIC_CONSTRAINTS)); - if (bc != null) - { - if (!bc.isCA()) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.noCACert"); - addError(msg,index); - } - } - else - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.noBasicConstraints"); - addError(msg,index); - } - } - catch (AnnotatedException ae) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.errorProcesingBC"); - addError(msg,index); - } - - // n) - - boolean[] _usage = cert.getKeyUsage(); - - if ((_usage != null) && !_usage[KEY_CERT_SIGN]) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.noCertSign"); - addError(msg,index); - } - - } // if - - // set signing certificate for next round - sign = cert; - - // c) - - workingIssuerName = cert.getSubjectX500Principal(); - - // d) e) f) - - try - { - workingPublicKey = getNextWorkingKey(certs, index); - workingAlgId = getAlgorithmIdentifier(workingPublicKey); - workingPublicKeyAlgorithm = workingAlgId.getObjectId(); - workingPublicKeyParameters = workingAlgId.getParameters(); - } - catch (CertPathValidatorException ex) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.pubKeyError"); - addError(msg,index); - workingAlgId = null; - workingPublicKeyAlgorithm = null; - workingPublicKeyParameters = null; - } - - } // for - - trustAnchor = trust; - subjectPublicKey = workingPublicKey; - } - - private void checkPolicy() - { - // - // 6.1.1 Inputs - // - - // c) Initial Policy Set - - Set userInitialPolicySet = pkixParams.getInitialPolicies(); - - // e) f) g) are part of pkixParams - - // - // 6.1.2 Initialization - // - - // a) valid policy tree - - List[] policyNodes = new ArrayList[n + 1]; - for (int j = 0; j < policyNodes.length; j++) - { - policyNodes[j] = new ArrayList(); - } - - Set policySet = new HashSet(); - - policySet.add(ANY_POLICY); - - PKIXPolicyNode validPolicyTree = new PKIXPolicyNode(new ArrayList(), 0, - policySet, null, new HashSet(), ANY_POLICY, false); - - policyNodes[0].add(validPolicyTree); - - // d) explicit policy - - int explicitPolicy; - if (pkixParams.isExplicitPolicyRequired()) - { - explicitPolicy = 0; - } - else - { - explicitPolicy = n + 1; - } - - // e) inhibit any policy - - int inhibitAnyPolicy; - if (pkixParams.isAnyPolicyInhibited()) - { - inhibitAnyPolicy = 0; - } - else - { - inhibitAnyPolicy = n + 1; - } - - // f) policy mapping - - int policyMapping; - if (pkixParams.isPolicyMappingInhibited()) - { - policyMapping = 0; - } - else - { - policyMapping = n + 1; - } - - Set acceptablePolicies = null; - - // - // 6.1.3 Basic Certificate processing - // - - X509Certificate cert = null; - int index; - int i; - - try - { - for (index = certs.size() - 1; index >= 0; index--) - { - // i as defined in the algorithm description - i = n - index; - - // set certificate to be checked in this round - cert = (X509Certificate) certs.get(index); - - // d) process policy information - - ASN1Sequence certPolicies; - try - { - certPolicies = (ASN1Sequence) getExtensionValue( - cert, CERTIFICATE_POLICIES); - } - catch (AnnotatedException ae) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.policyExtError"); - throw new CertPathReviewerException(msg,ae,certPath,index); - } - if (certPolicies != null && validPolicyTree != null) - { - - // d) 1) - - Enumeration e = certPolicies.getObjects(); - Set pols = new HashSet(); - - while (e.hasMoreElements()) - { - PolicyInformation pInfo = PolicyInformation.getInstance(e.nextElement()); - ASN1ObjectIdentifier pOid = pInfo.getPolicyIdentifier(); - - pols.add(pOid.getId()); - - if (!ANY_POLICY.equals(pOid.getId())) - { - Set pq; - try - { - pq = getQualifierSet(pInfo.getPolicyQualifiers()); - } - catch (CertPathValidatorException cpve) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.policyQualifierError"); - throw new CertPathReviewerException(msg,cpve,certPath,index); - } - - boolean match = processCertD1i(i, policyNodes, pOid, pq); - - if (!match) - { - processCertD1ii(i, policyNodes, pOid, pq); - } - } - } - - if (acceptablePolicies == null || acceptablePolicies.contains(ANY_POLICY)) - { - acceptablePolicies = pols; - } - else - { - Iterator it = acceptablePolicies.iterator(); - Set t1 = new HashSet(); - - while (it.hasNext()) - { - Object o = it.next(); - - if (pols.contains(o)) - { - t1.add(o); - } - } - - acceptablePolicies = t1; - } - - // d) 2) - - if ((inhibitAnyPolicy > 0) || ((i < n) && isSelfIssued(cert))) - { - e = certPolicies.getObjects(); - - while (e.hasMoreElements()) - { - PolicyInformation pInfo = PolicyInformation.getInstance(e.nextElement()); - - if (ANY_POLICY.equals(pInfo.getPolicyIdentifier().getId())) - { - Set _apq; - try - { - _apq = getQualifierSet(pInfo.getPolicyQualifiers()); - } - catch (CertPathValidatorException cpve) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.policyQualifierError"); - throw new CertPathReviewerException(msg,cpve,certPath,index); - } - List _nodes = policyNodes[i - 1]; - - for (int k = 0; k < _nodes.size(); k++) - { - PKIXPolicyNode _node = (PKIXPolicyNode) _nodes.get(k); - - Iterator _policySetIter = _node.getExpectedPolicies().iterator(); - while (_policySetIter.hasNext()) - { - Object _tmp = _policySetIter.next(); - - String _policy; - if (_tmp instanceof String) - { - _policy = (String) _tmp; - } - else if (_tmp instanceof ASN1ObjectIdentifier) - { - _policy = ((ASN1ObjectIdentifier) _tmp).getId(); - } - else - { - continue; - } - - boolean _found = false; - Iterator _childrenIter = _node - .getChildren(); - - while (_childrenIter.hasNext()) - { - PKIXPolicyNode _child = (PKIXPolicyNode) _childrenIter.next(); - - if (_policy.equals(_child.getValidPolicy())) - { - _found = true; - } - } - - if (!_found) - { - Set _newChildExpectedPolicies = new HashSet(); - _newChildExpectedPolicies.add(_policy); - - PKIXPolicyNode _newChild = new PKIXPolicyNode( - new ArrayList(), i, - _newChildExpectedPolicies, - _node, _apq, _policy, false); - _node.addChild(_newChild); - policyNodes[i].add(_newChild); - } - } - } - break; - } - } - } - - // - // (d) (3) - // - for (int j = (i - 1); j >= 0; j--) - { - List nodes = policyNodes[j]; - - for (int k = 0; k < nodes.size(); k++) - { - PKIXPolicyNode node = (PKIXPolicyNode) nodes.get(k); - if (!node.hasChildren()) - { - validPolicyTree = removePolicyNode( - validPolicyTree, policyNodes, node); - if (validPolicyTree == null) - { - break; - } - } - } - } - - // - // d (4) - // - Set criticalExtensionOids = cert.getCriticalExtensionOIDs(); - - if (criticalExtensionOids != null) - { - boolean critical = criticalExtensionOids.contains(CERTIFICATE_POLICIES); - - List nodes = policyNodes[i]; - for (int j = 0; j < nodes.size(); j++) - { - PKIXPolicyNode node = (PKIXPolicyNode) nodes.get(j); - node.setCritical(critical); - } - } - - } - - // e) - - if (certPolicies == null) - { - validPolicyTree = null; - } - - // f) - - if (explicitPolicy <= 0 && validPolicyTree == null) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.noValidPolicyTree"); - throw new CertPathReviewerException(msg); - } - - // - // 6.1.4 preparation for next Certificate - // - - if (i != n) - { - - // a) - - ASN1Primitive pm; - try - { - pm = getExtensionValue(cert, POLICY_MAPPINGS); - } - catch (AnnotatedException ae) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.policyMapExtError"); - throw new CertPathReviewerException(msg,ae,certPath,index); - } - - if (pm != null) - { - ASN1Sequence mappings = (ASN1Sequence) pm; - for (int j = 0; j < mappings.size(); j++) - { - ASN1Sequence mapping = (ASN1Sequence) mappings.getObjectAt(j); - ASN1ObjectIdentifier ip_id = (ASN1ObjectIdentifier) mapping.getObjectAt(0); - ASN1ObjectIdentifier sp_id = (ASN1ObjectIdentifier) mapping.getObjectAt(1); - if (ANY_POLICY.equals(ip_id.getId())) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.invalidPolicyMapping"); - throw new CertPathReviewerException(msg,certPath,index); - } - if (ANY_POLICY.equals(sp_id.getId())) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.invalidPolicyMapping"); - throw new CertPathReviewerException(msg,certPath,index); - } - } - } - - // b) - - if (pm != null) - { - ASN1Sequence mappings = (ASN1Sequence)pm; - Map m_idp = new HashMap(); - Set s_idp = new HashSet(); - - for (int j = 0; j < mappings.size(); j++) - { - ASN1Sequence mapping = (ASN1Sequence)mappings.getObjectAt(j); - String id_p = ((ASN1ObjectIdentifier)mapping.getObjectAt(0)).getId(); - String sd_p = ((ASN1ObjectIdentifier)mapping.getObjectAt(1)).getId(); - Set tmp; - - if (!m_idp.containsKey(id_p)) - { - tmp = new HashSet(); - tmp.add(sd_p); - m_idp.put(id_p, tmp); - s_idp.add(id_p); - } - else - { - tmp = (Set)m_idp.get(id_p); - tmp.add(sd_p); - } - } - - Iterator it_idp = s_idp.iterator(); - while (it_idp.hasNext()) - { - String id_p = (String)it_idp.next(); - - // - // (1) - // - if (policyMapping > 0) - { - try - { - prepareNextCertB1(i,policyNodes,id_p,m_idp,cert); - } - catch (AnnotatedException ae) - { - // error processing certificate policies extension - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.policyExtError"); - throw new CertPathReviewerException(msg,ae,certPath,index); - } - catch (CertPathValidatorException cpve) - { - // error building qualifier set - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.policyQualifierError"); - throw new CertPathReviewerException(msg,cpve,certPath,index); - } - - // - // (2) - // - } - else if (policyMapping <= 0) - { - validPolicyTree = prepareNextCertB2(i,policyNodes,id_p,validPolicyTree); - } - - } - } - - // - // h) - // - - if (!isSelfIssued(cert)) - { - - // (1) - if (explicitPolicy != 0) - { - explicitPolicy--; - } - - // (2) - if (policyMapping != 0) - { - policyMapping--; - } - - // (3) - if (inhibitAnyPolicy != 0) - { - inhibitAnyPolicy--; - } - - } - - // - // i) - // - - try - { - ASN1Sequence pc = (ASN1Sequence) getExtensionValue(cert,POLICY_CONSTRAINTS); - if (pc != null) - { - Enumeration policyConstraints = pc.getObjects(); - - while (policyConstraints.hasMoreElements()) - { - ASN1TaggedObject constraint = (ASN1TaggedObject) policyConstraints.nextElement(); - int tmpInt; - - switch (constraint.getTagNo()) - { - case 0: - tmpInt = ASN1Integer.getInstance(constraint, false).getValue().intValue(); - if (tmpInt < explicitPolicy) - { - explicitPolicy = tmpInt; - } - break; - case 1: - tmpInt = ASN1Integer.getInstance(constraint, false).getValue().intValue(); - if (tmpInt < policyMapping) - { - policyMapping = tmpInt; - } - break; - } - } - } - } - catch (AnnotatedException ae) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.policyConstExtError"); - throw new CertPathReviewerException(msg,certPath,index); - } - - // - // j) - // - - try - { - ASN1Integer iap = (ASN1Integer)getExtensionValue(cert, INHIBIT_ANY_POLICY); - - if (iap != null) - { - int _inhibitAnyPolicy = iap.getValue().intValue(); - - if (_inhibitAnyPolicy < inhibitAnyPolicy) - { - inhibitAnyPolicy = _inhibitAnyPolicy; - } - } - } - catch (AnnotatedException ae) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.policyInhibitExtError"); - throw new CertPathReviewerException(msg,certPath,index); - } - } - - } - - // - // 6.1.5 Wrap up - // - - // - // a) - // - - if (!isSelfIssued(cert) && explicitPolicy > 0) - { - explicitPolicy--; - } - - // - // b) - // - - try - { - ASN1Sequence pc = (ASN1Sequence) getExtensionValue(cert, POLICY_CONSTRAINTS); - if (pc != null) - { - Enumeration policyConstraints = pc.getObjects(); - - while (policyConstraints.hasMoreElements()) - { - ASN1TaggedObject constraint = (ASN1TaggedObject)policyConstraints.nextElement(); - switch (constraint.getTagNo()) - { - case 0: - int tmpInt = ASN1Integer.getInstance(constraint, false).getValue().intValue(); - if (tmpInt == 0) - { - explicitPolicy = 0; - } - break; - } - } - } - } - catch (AnnotatedException e) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.policyConstExtError"); - throw new CertPathReviewerException(msg,certPath,index); - } - - - // - // (g) - // - PKIXPolicyNode intersection; - - - // - // (g) (i) - // - if (validPolicyTree == null) - { - if (pkixParams.isExplicitPolicyRequired()) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.explicitPolicy"); - throw new CertPathReviewerException(msg,certPath,index); - } - intersection = null; - } - else if (isAnyPolicy(userInitialPolicySet)) // (g) (ii) - { - if (pkixParams.isExplicitPolicyRequired()) - { - if (acceptablePolicies.isEmpty()) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.explicitPolicy"); - throw new CertPathReviewerException(msg,certPath,index); - } - else - { - Set _validPolicyNodeSet = new HashSet(); - - for (int j = 0; j < policyNodes.length; j++) - { - List _nodeDepth = policyNodes[j]; - - for (int k = 0; k < _nodeDepth.size(); k++) - { - PKIXPolicyNode _node = (PKIXPolicyNode)_nodeDepth.get(k); - - if (ANY_POLICY.equals(_node.getValidPolicy())) - { - Iterator _iter = _node.getChildren(); - while (_iter.hasNext()) - { - _validPolicyNodeSet.add(_iter.next()); - } - } - } - } - - Iterator _vpnsIter = _validPolicyNodeSet.iterator(); - while (_vpnsIter.hasNext()) - { - PKIXPolicyNode _node = (PKIXPolicyNode)_vpnsIter.next(); - String _validPolicy = _node.getValidPolicy(); - - if (!acceptablePolicies.contains(_validPolicy)) - { - //validPolicyTree = removePolicyNode(validPolicyTree, policyNodes, _node); - } - } - if (validPolicyTree != null) - { - for (int j = (n - 1); j >= 0; j--) - { - List nodes = policyNodes[j]; - - for (int k = 0; k < nodes.size(); k++) - { - PKIXPolicyNode node = (PKIXPolicyNode)nodes.get(k); - if (!node.hasChildren()) - { - validPolicyTree = removePolicyNode(validPolicyTree, policyNodes, node); - } - } - } - } - } - } - - intersection = validPolicyTree; - } - else - { - // - // (g) (iii) - // - // This implementation is not exactly same as the one described in RFC3280. - // However, as far as the validation result is concerned, both produce - // adequate result. The only difference is whether AnyPolicy is remain - // in the policy tree or not. - // - // (g) (iii) 1 - // - Set _validPolicyNodeSet = new HashSet(); - - for (int j = 0; j < policyNodes.length; j++) - { - List _nodeDepth = policyNodes[j]; - - for (int k = 0; k < _nodeDepth.size(); k++) - { - PKIXPolicyNode _node = (PKIXPolicyNode)_nodeDepth.get(k); - - if (ANY_POLICY.equals(_node.getValidPolicy())) - { - Iterator _iter = _node.getChildren(); - while (_iter.hasNext()) - { - PKIXPolicyNode _c_node = (PKIXPolicyNode)_iter.next(); - if (!ANY_POLICY.equals(_c_node.getValidPolicy())) - { - _validPolicyNodeSet.add(_c_node); - } - } - } - } - } - - // - // (g) (iii) 2 - // - Iterator _vpnsIter = _validPolicyNodeSet.iterator(); - while (_vpnsIter.hasNext()) - { - PKIXPolicyNode _node = (PKIXPolicyNode)_vpnsIter.next(); - String _validPolicy = _node.getValidPolicy(); - - if (!userInitialPolicySet.contains(_validPolicy)) - { - validPolicyTree = removePolicyNode(validPolicyTree, policyNodes, _node); - } - } - - // - // (g) (iii) 4 - // - if (validPolicyTree != null) - { - for (int j = (n - 1); j >= 0; j--) - { - List nodes = policyNodes[j]; - - for (int k = 0; k < nodes.size(); k++) - { - PKIXPolicyNode node = (PKIXPolicyNode)nodes.get(k); - if (!node.hasChildren()) - { - validPolicyTree = removePolicyNode(validPolicyTree, policyNodes, node); - } - } - } - } - - intersection = validPolicyTree; - } - - if ((explicitPolicy <= 0) && (intersection == null)) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.invalidPolicy"); - throw new CertPathReviewerException(msg); - } - - validPolicyTree = intersection; - } - catch (CertPathReviewerException cpre) - { - addError(cpre.getErrorMessage(),cpre.getIndex()); - validPolicyTree = null; - } - } - - private void checkCriticalExtensions() - { - // - // initialise CertPathChecker's - // - List pathCheckers = pkixParams.getCertPathCheckers(); - Iterator certIter = pathCheckers.iterator(); - - try - { - try - { - while (certIter.hasNext()) - { - ((PKIXCertPathChecker)certIter.next()).init(false); - } - } - catch (CertPathValidatorException cpve) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.certPathCheckerError", - new Object[] {cpve.getMessage(),cpve,cpve.getClass().getName()}); - throw new CertPathReviewerException(msg,cpve); - } - - // - // process critical extesions for each certificate - // - - X509Certificate cert = null; - - int index; - - for (index = certs.size()-1; index >= 0; index--) - { - cert = (X509Certificate) certs.get(index); - - Set criticalExtensions = cert.getCriticalExtensionOIDs(); - if (criticalExtensions == null || criticalExtensions.isEmpty()) - { - continue; - } - // remove already processed extensions - criticalExtensions.remove(KEY_USAGE); - criticalExtensions.remove(CERTIFICATE_POLICIES); - criticalExtensions.remove(POLICY_MAPPINGS); - criticalExtensions.remove(INHIBIT_ANY_POLICY); - criticalExtensions.remove(ISSUING_DISTRIBUTION_POINT); - criticalExtensions.remove(DELTA_CRL_INDICATOR); - criticalExtensions.remove(POLICY_CONSTRAINTS); - criticalExtensions.remove(BASIC_CONSTRAINTS); - criticalExtensions.remove(SUBJECT_ALTERNATIVE_NAME); - criticalExtensions.remove(NAME_CONSTRAINTS); - - // process qcStatements extension - if (criticalExtensions.contains(QC_STATEMENT)) - { - if (processQcStatements(cert,index)) - { - criticalExtensions.remove(QC_STATEMENT); - } - } - - Iterator tmpIter = pathCheckers.iterator(); - while (tmpIter.hasNext()) - { - try - { - ((PKIXCertPathChecker)tmpIter.next()).check(cert, criticalExtensions); - } - catch (CertPathValidatorException e) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.criticalExtensionError", - new Object[] {e.getMessage(),e,e.getClass().getName()}); - throw new CertPathReviewerException(msg,e.getCause(),certPath,index); - } - } - if (!criticalExtensions.isEmpty()) - { - ErrorBundle msg; - Iterator it = criticalExtensions.iterator(); - while (it.hasNext()) - { - msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.unknownCriticalExt", - new Object[] {new ASN1ObjectIdentifier((String) it.next())}); - addError(msg, index); - } - } - } - } - catch (CertPathReviewerException cpre) - { - addError(cpre.getErrorMessage(),cpre.getIndex()); - } - } - - private boolean processQcStatements( - X509Certificate cert, - int index) - { - try - { - boolean unknownStatement = false; - - ASN1Sequence qcSt = (ASN1Sequence) getExtensionValue(cert,QC_STATEMENT); - for (int j = 0; j < qcSt.size(); j++) - { - QCStatement stmt = QCStatement.getInstance(qcSt.getObjectAt(j)); - if (QCStatement.id_etsi_qcs_QcCompliance.equals(stmt.getStatementId())) - { - // process statement - just write a notification that the certificate contains this statement - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.QcEuCompliance"); - addNotification(msg,index); - } - else if (QCStatement.id_qcs_pkixQCSyntax_v1.equals(stmt.getStatementId())) - { - // process statement - just recognize the statement - } - else if (QCStatement.id_etsi_qcs_QcSSCD.equals(stmt.getStatementId())) - { - // process statement - just write a notification that the certificate contains this statement - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.QcSSCD"); - addNotification(msg,index); - } - else if (QCStatement.id_etsi_qcs_LimiteValue.equals(stmt.getStatementId())) - { - // process statement - write a notification containing the limit value - MonetaryValue limit = MonetaryValue.getInstance(stmt.getStatementInfo()); - Iso4217CurrencyCode currency = limit.getCurrency(); - double value = limit.getAmount().doubleValue() * Math.pow(10,limit.getExponent().doubleValue()); - ErrorBundle msg; - if (limit.getCurrency().isAlphabetic()) - { - msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.QcLimitValueAlpha", - new Object[] {limit.getCurrency().getAlphabetic(), - new TrustedInput(new Double(value)), - limit}); - } - else - { - msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.QcLimitValueNum", - new Object[]{Integers.valueOf(limit.getCurrency().getNumeric()), - new TrustedInput(new Double(value)), - limit}); - } - addNotification(msg,index); - } - else - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.QcUnknownStatement", - new Object[] {stmt.getStatementId(),new UntrustedInput(stmt)}); - addNotification(msg,index); - unknownStatement = true; - } - } - - return !unknownStatement; - } - catch (AnnotatedException ae) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.QcStatementExtError"); - addError(msg,index); - } - - return false; - } - - private String IPtoString(byte[] ip) - { - String result; - try - { - result = InetAddress.getByAddress(ip).getHostAddress(); - } - catch (Exception e) - { - StringBuffer b = new StringBuffer(); - - for (int i = 0; i != ip.length; i++) - { - b.append(Integer.toHexString(ip[i] & 0xff)); - b.append(' '); - } - - result = b.toString(); - } - - return result; - } - - protected void checkRevocation(PKIXParameters paramsPKIX, - X509Certificate cert, - Date validDate, - X509Certificate sign, - PublicKey workingPublicKey, - Vector crlDistPointUrls, - Vector ocspUrls, - int index) - throws CertPathReviewerException - { - checkCRLs(paramsPKIX, cert, validDate, sign, workingPublicKey, crlDistPointUrls, index); - } - - protected void checkCRLs( - PKIXParameters paramsPKIX, - X509Certificate cert, - Date validDate, - X509Certificate sign, - PublicKey workingPublicKey, - Vector crlDistPointUrls, - int index) - throws CertPathReviewerException - { - X509CRLStoreSelector crlselect; - crlselect = new X509CRLStoreSelector(); - - try - { - crlselect.addIssuerName(getEncodedIssuerPrincipal(cert).getEncoded()); - } - catch (IOException e) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlIssuerException"); - throw new CertPathReviewerException(msg,e); - } - - crlselect.setCertificateChecking(cert); - - Iterator crl_iter; - try - { - Collection crl_coll = CRL_UTIL.findCRLs(crlselect, paramsPKIX); - crl_iter = crl_coll.iterator(); - - if (crl_coll.isEmpty()) - { - // notifcation - no local crls found - crl_coll = CRL_UTIL.findCRLs(new X509CRLStoreSelector(),paramsPKIX); - Iterator it = crl_coll.iterator(); - List nonMatchingCrlNames = new ArrayList(); - while (it.hasNext()) - { - nonMatchingCrlNames.add(((X509CRL) it.next()).getIssuerX500Principal()); - } - int numbOfCrls = nonMatchingCrlNames.size(); - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, - "CertPathReviewer.noCrlInCertstore", - new Object[]{new UntrustedInput(crlselect.getIssuerNames()), - new UntrustedInput(nonMatchingCrlNames), - Integers.valueOf(numbOfCrls)}); - addNotification(msg,index); - } - - } - catch (AnnotatedException ae) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlExtractionError", - new Object[] {ae.getCause().getMessage(),ae.getCause(),ae.getCause().getClass().getName()}); - addError(msg,index); - crl_iter = new ArrayList().iterator(); - } - boolean validCrlFound = false; - X509CRL crl = null; - while (crl_iter.hasNext()) - { - crl = (X509CRL)crl_iter.next(); - - if (crl.getNextUpdate() == null - || paramsPKIX.getDate().before(crl.getNextUpdate())) - { - validCrlFound = true; - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, - "CertPathReviewer.localValidCRL", - new Object[] {new TrustedInput(crl.getThisUpdate()), new TrustedInput(crl.getNextUpdate())}); - addNotification(msg,index); - break; - } - else - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, - "CertPathReviewer.localInvalidCRL", - new Object[] {new TrustedInput(crl.getThisUpdate()), new TrustedInput(crl.getNextUpdate())}); - addNotification(msg,index); - } - } - - // if no valid crl was found in the CertStores try to get one from a - // crl distribution point - if (!validCrlFound) - { - X509CRL onlineCRL = null; - Iterator urlIt = crlDistPointUrls.iterator(); - while (urlIt.hasNext()) - { - try - { - String location = (String) urlIt.next(); - onlineCRL = getCRL(location); - if (onlineCRL != null) - { - // check if crl issuer is correct - if (!cert.getIssuerX500Principal().equals(onlineCRL.getIssuerX500Principal())) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, - "CertPathReviewer.onlineCRLWrongCA", - new Object[] {new UntrustedInput(onlineCRL.getIssuerX500Principal().getName()), - new UntrustedInput(cert.getIssuerX500Principal().getName()), - new UntrustedUrlInput(location)}); - addNotification(msg,index); - continue; - } - - if (onlineCRL.getNextUpdate() == null - || pkixParams.getDate().before(onlineCRL.getNextUpdate())) - { - validCrlFound = true; - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, - "CertPathReviewer.onlineValidCRL", - new Object[] {new TrustedInput(onlineCRL.getThisUpdate()), - new TrustedInput(onlineCRL.getNextUpdate()), - new UntrustedUrlInput(location)}); - addNotification(msg,index); - crl = onlineCRL; - break; - } - else - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, - "CertPathReviewer.onlineInvalidCRL", - new Object[] {new TrustedInput(onlineCRL.getThisUpdate()), - new TrustedInput(onlineCRL.getNextUpdate()), - new UntrustedUrlInput(location)}); - addNotification(msg,index); - } - } - } - catch (CertPathReviewerException cpre) - { - addNotification(cpre.getErrorMessage(),index); - } - } - } - - // check the crl - X509CRLEntry crl_entry; - if (crl != null) - { - if (sign != null) - { - boolean[] keyusage = sign.getKeyUsage(); - - if (keyusage != null - && (keyusage.length < 7 || !keyusage[CRL_SIGN])) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.noCrlSigningPermited"); - throw new CertPathReviewerException(msg); - } - } - - if (workingPublicKey != null) - { - try - { - crl.verify(workingPublicKey, "BC"); - } - catch (Exception e) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlVerifyFailed"); - throw new CertPathReviewerException(msg,e); - } - } - else // issuer public key not known - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlNoIssuerPublicKey"); - throw new CertPathReviewerException(msg); - } - - crl_entry = crl.getRevokedCertificate(cert.getSerialNumber()); - if (crl_entry != null) - { - String reason = null; - - if (crl_entry.hasExtensions()) - { - ASN1Enumerated reasonCode; - try - { - reasonCode = ASN1Enumerated.getInstance(getExtensionValue(crl_entry, X509Extensions.ReasonCode.getId())); - } - catch (AnnotatedException ae) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlReasonExtError"); - throw new CertPathReviewerException(msg,ae); - } - if (reasonCode != null) - { - reason = crlReasons[reasonCode.getValue().intValue()]; - } - } - - if (reason == null) - { - reason = crlReasons[7]; // unknown - } - - // i18n reason - LocaleString ls = new LocaleString(RESOURCE_NAME, reason); - - if (!validDate.before(crl_entry.getRevocationDate())) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.certRevoked", - new Object[] {new TrustedInput(crl_entry.getRevocationDate()),ls}); - throw new CertPathReviewerException(msg); - } - else // cert was revoked after validation date - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.revokedAfterValidation", - new Object[] {new TrustedInput(crl_entry.getRevocationDate()),ls}); - addNotification(msg,index); - } - } - else // cert is not revoked - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.notRevoked"); - addNotification(msg,index); - } - - // - // warn if a new crl is available - // - if (crl.getNextUpdate() != null && crl.getNextUpdate().before(pkixParams.getDate())) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlUpdateAvailable", - new Object[] {new TrustedInput(crl.getNextUpdate())}); - addNotification(msg,index); - } - - // - // check the DeltaCRL indicator, base point and the issuing distribution point - // - ASN1Primitive idp; - try - { - idp = getExtensionValue(crl, ISSUING_DISTRIBUTION_POINT); - } - catch (AnnotatedException ae) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.distrPtExtError"); - throw new CertPathReviewerException(msg); - } - ASN1Primitive dci; - try - { - dci = getExtensionValue(crl, DELTA_CRL_INDICATOR); - } - catch (AnnotatedException ae) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.deltaCrlExtError"); - throw new CertPathReviewerException(msg); - } - - if (dci != null) - { - X509CRLStoreSelector baseSelect = new X509CRLStoreSelector(); - - try - { - baseSelect.addIssuerName(getIssuerPrincipal(crl).getEncoded()); - } - catch (IOException e) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlIssuerException"); - throw new CertPathReviewerException(msg,e); - } - - baseSelect.setMinCRLNumber(((ASN1Integer)dci).getPositiveValue()); - try - { - baseSelect.setMaxCRLNumber(((ASN1Integer)getExtensionValue(crl, CRL_NUMBER)).getPositiveValue().subtract(BigInteger.valueOf(1))); - } - catch (AnnotatedException ae) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlNbrExtError"); - throw new CertPathReviewerException(msg,ae); - } - - boolean foundBase = false; - Iterator it; - try - { - it = CRL_UTIL.findCRLs(baseSelect, paramsPKIX).iterator(); - } - catch (AnnotatedException ae) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlExtractionError"); - throw new CertPathReviewerException(msg,ae); - } - while (it.hasNext()) - { - X509CRL base = (X509CRL)it.next(); - - ASN1Primitive baseIdp; - try - { - baseIdp = getExtensionValue(base, ISSUING_DISTRIBUTION_POINT); - } - catch (AnnotatedException ae) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.distrPtExtError"); - throw new CertPathReviewerException(msg,ae); - } - - if (idp == null) - { - if (baseIdp == null) - { - foundBase = true; - break; - } - } - else - { - if (idp.equals(baseIdp)) - { - foundBase = true; - break; - } - } - } - - if (!foundBase) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.noBaseCRL"); - throw new CertPathReviewerException(msg); - } - } - - if (idp != null) - { - IssuingDistributionPoint p = IssuingDistributionPoint.getInstance(idp); - BasicConstraints bc = null; - try - { - bc = BasicConstraints.getInstance(getExtensionValue(cert, BASIC_CONSTRAINTS)); - } - catch (AnnotatedException ae) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlBCExtError"); - throw new CertPathReviewerException(msg,ae); - } - - if (p.onlyContainsUserCerts() && (bc != null && bc.isCA())) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlOnlyUserCert"); - throw new CertPathReviewerException(msg); - } - - if (p.onlyContainsCACerts() && (bc == null || !bc.isCA())) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlOnlyCaCert"); - throw new CertPathReviewerException(msg); - } - - if (p.onlyContainsAttributeCerts()) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlOnlyAttrCert"); - throw new CertPathReviewerException(msg); - } - } - } - - if (!validCrlFound) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.noValidCrlFound"); - throw new CertPathReviewerException(msg); - } - - } - - protected Vector getCRLDistUrls(CRLDistPoint crlDistPoints) - { - Vector urls = new Vector(); - - if (crlDistPoints != null) - { - DistributionPoint[] distPoints = crlDistPoints.getDistributionPoints(); - for (int i = 0; i < distPoints.length; i++) - { - DistributionPointName dp_name = distPoints[i].getDistributionPoint(); - if (dp_name.getType() == DistributionPointName.FULL_NAME) - { - GeneralName[] generalNames = GeneralNames.getInstance(dp_name.getName()).getNames(); - for (int j = 0; j < generalNames.length; j++) - { - if (generalNames[j].getTagNo() == GeneralName.uniformResourceIdentifier) - { - String url = ((DERIA5String) generalNames[j].getName()).getString(); - urls.add(url); - } - } - } - } - } - return urls; - } - - protected Vector getOCSPUrls(AuthorityInformationAccess authInfoAccess) - { - Vector urls = new Vector(); - - if (authInfoAccess != null) - { - AccessDescription[] ads = authInfoAccess.getAccessDescriptions(); - for (int i = 0; i < ads.length; i++) - { - if (ads[i].getAccessMethod().equals(AccessDescription.id_ad_ocsp)) - { - GeneralName name = ads[i].getAccessLocation(); - if (name.getTagNo() == GeneralName.uniformResourceIdentifier) - { - String url = ((DERIA5String) name.getName()).getString(); - urls.add(url); - } - } - } - } - - return urls; - } - - private X509CRL getCRL(String location) throws CertPathReviewerException - { - X509CRL result = null; - try - { - URL url = new URL(location); - - if (url.getProtocol().equals("http") || url.getProtocol().equals("https")) - { - HttpURLConnection conn = (HttpURLConnection) url.openConnection(); - conn.setUseCaches(false); - //conn.setConnectTimeout(2000); - conn.setDoInput(true); - conn.connect(); - if (conn.getResponseCode() == HttpURLConnection.HTTP_OK) - { - CertificateFactory cf = CertificateFactory.getInstance("X.509","BC"); - result = (X509CRL) cf.generateCRL(conn.getInputStream()); - } - else - { - throw new Exception(conn.getResponseMessage()); - } - } - } - catch (Exception e) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, - "CertPathReviewer.loadCrlDistPointError", - new Object[] {new UntrustedInput(location), - e.getMessage(),e,e.getClass().getName()}); - throw new CertPathReviewerException(msg); - } - return result; - } - - protected Collection getTrustAnchors(X509Certificate cert, Set trustanchors) throws CertPathReviewerException - { - Collection trustColl = new ArrayList(); - Iterator it = trustanchors.iterator(); - - X509CertSelector certSelectX509 = new X509CertSelector(); - - try - { - certSelectX509.setSubject(getEncodedIssuerPrincipal(cert).getEncoded()); - byte[] ext = cert.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId()); - - if (ext != null) - { - ASN1OctetString oct = (ASN1OctetString)ASN1Primitive.fromByteArray(ext); - AuthorityKeyIdentifier authID = AuthorityKeyIdentifier.getInstance(ASN1Primitive.fromByteArray(oct.getOctets())); - - certSelectX509.setSerialNumber(authID.getAuthorityCertSerialNumber()); - byte[] keyID = authID.getKeyIdentifier(); - if (keyID != null) - { - certSelectX509.setSubjectKeyIdentifier(new DEROctetString(keyID).getEncoded()); - } - } - } - catch (IOException ex) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.trustAnchorIssuerError"); - throw new CertPathReviewerException(msg); - } - - while (it.hasNext()) - { - TrustAnchor trust = (TrustAnchor) it.next(); - if (trust.getTrustedCert() != null) - { - if (certSelectX509.match(trust.getTrustedCert())) - { - trustColl.add(trust); - } - } - else if (trust.getCAName() != null && trust.getCAPublicKey() != null) - { - X500Principal certIssuer = getEncodedIssuerPrincipal(cert); - X500Principal caName = new X500Principal(trust.getCAName()); - if (certIssuer.equals(caName)) - { - trustColl.add(trust); - } - } - } - return trustColl; - } -} diff --git a/prov/src/main/java/org/bouncycastle/x509/X509Attribute.java b/prov/src/main/java/org/bouncycastle/x509/X509Attribute.java deleted file mode 100644 index 95da2925..00000000 --- a/prov/src/main/java/org/bouncycastle/x509/X509Attribute.java +++ /dev/null @@ -1,79 +0,0 @@ -package org.bouncycastle.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Object; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.x509.Attribute; - -/** - * Class for carrying the values in an X.509 Attribute. - */ -public class X509Attribute - extends ASN1Object -{ - Attribute attr; - - /** - * @param at an object representing an attribute. - */ - X509Attribute( - ASN1Encodable at) - { - this.attr = Attribute.getInstance(at); - } - - /** - * Create an X.509 Attribute with the type given by the passed in oid and - * the value represented by an ASN.1 Set containing value. - * - * @param oid type of the attribute - * @param value value object to go into the atribute's value set. - */ - public X509Attribute( - String oid, - ASN1Encodable value) - { - this.attr = new Attribute(new ASN1ObjectIdentifier(oid), new DERSet(value)); - } - - /** - * Create an X.59 Attribute with the type given by the passed in oid and the - * value represented by an ASN.1 Set containing the objects in value. - * - * @param oid type of the attribute - * @param value vector of values to go in the attribute's value set. - */ - public X509Attribute( - String oid, - ASN1EncodableVector value) - { - this.attr = new Attribute(new ASN1ObjectIdentifier(oid), new DERSet(value)); - } - - public String getOID() - { - return attr.getAttrType().getId(); - } - - public ASN1Encodable[] getValues() - { - ASN1Set s = attr.getAttrValues(); - ASN1Encodable[] values = new ASN1Encodable[s.size()]; - - for (int i = 0; i != s.size(); i++) - { - values[i] = (ASN1Encodable)s.getObjectAt(i); - } - - return values; - } - - public ASN1Primitive toASN1Primitive() - { - return attr.toASN1Primitive(); - } -} diff --git a/prov/src/main/java/org/bouncycastle/x509/X509AttributeCertStoreSelector.java b/prov/src/main/java/org/bouncycastle/x509/X509AttributeCertStoreSelector.java deleted file mode 100644 index bd474fd3..00000000 --- a/prov/src/main/java/org/bouncycastle/x509/X509AttributeCertStoreSelector.java +++ /dev/null @@ -1,484 +0,0 @@ -package org.bouncycastle.x509; - -import java.io.IOException; -import java.math.BigInteger; -import java.security.cert.CertificateExpiredException; -import java.security.cert.CertificateNotYetValidException; -import java.util.Collection; -import java.util.Collections; -import java.util.Date; -import java.util.HashSet; -import java.util.Iterator; -import java.util.Set; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.Target; -import org.bouncycastle.asn1.x509.TargetInformation; -import org.bouncycastle.asn1.x509.Targets; -import org.bouncycastle.asn1.x509.X509Extensions; -import org.bouncycastle.util.Selector; - -/** - * This class is an <code>Selector</code> like implementation to select - * attribute certificates from a given set of criteria. - * - * @see org.bouncycastle.x509.X509AttributeCertificate - * @see org.bouncycastle.x509.X509Store - * @deprecated use org.bouncycastle.cert.X509AttributeCertificateSelector and org.bouncycastle.cert.X509AttributeCertificateSelectorBuilder. - */ -public class X509AttributeCertStoreSelector - implements Selector -{ - - // TODO: name constraints??? - - private AttributeCertificateHolder holder; - - private AttributeCertificateIssuer issuer; - - private BigInteger serialNumber; - - private Date attributeCertificateValid; - - private X509AttributeCertificate attributeCert; - - private Collection targetNames = new HashSet(); - - private Collection targetGroups = new HashSet(); - - public X509AttributeCertStoreSelector() - { - super(); - } - - /** - * Decides if the given attribute certificate should be selected. - * - * @param obj The attribute certificate which should be checked. - * @return <code>true</code> if the attribute certificate can be selected, - * <code>false</code> otherwise. - */ - public boolean match(Object obj) - { - if (!(obj instanceof X509AttributeCertificate)) - { - return false; - } - - X509AttributeCertificate attrCert = (X509AttributeCertificate) obj; - - if (this.attributeCert != null) - { - if (!this.attributeCert.equals(attrCert)) - { - return false; - } - } - if (serialNumber != null) - { - if (!attrCert.getSerialNumber().equals(serialNumber)) - { - return false; - } - } - if (holder != null) - { - if (!attrCert.getHolder().equals(holder)) - { - return false; - } - } - if (issuer != null) - { - if (!attrCert.getIssuer().equals(issuer)) - { - return false; - } - } - - if (attributeCertificateValid != null) - { - try - { - attrCert.checkValidity(attributeCertificateValid); - } - catch (CertificateExpiredException e) - { - return false; - } - catch (CertificateNotYetValidException e) - { - return false; - } - } - if (!targetNames.isEmpty() || !targetGroups.isEmpty()) - { - - byte[] targetInfoExt = attrCert - .getExtensionValue(X509Extensions.TargetInformation.getId()); - if (targetInfoExt != null) - { - TargetInformation targetinfo; - try - { - targetinfo = TargetInformation - .getInstance(new ASN1InputStream( - ((DEROctetString) DEROctetString - .fromByteArray(targetInfoExt)).getOctets()) - .readObject()); - } - catch (IOException e) - { - return false; - } - catch (IllegalArgumentException e) - { - return false; - } - Targets[] targetss = targetinfo.getTargetsObjects(); - if (!targetNames.isEmpty()) - { - boolean found = false; - - for (int i=0; i<targetss.length; i++) - { - Targets t = targetss[i]; - Target[] targets = t.getTargets(); - for (int j=0; j<targets.length; j++) - { - if (targetNames.contains(GeneralName.getInstance(targets[j] - .getTargetName()))) - { - found = true; - break; - } - } - } - if (!found) - { - return false; - } - } - if (!targetGroups.isEmpty()) - { - boolean found = false; - - for (int i=0; i<targetss.length; i++) - { - Targets t = targetss[i]; - Target[] targets = t.getTargets(); - for (int j=0; j<targets.length; j++) - { - if (targetGroups.contains(GeneralName.getInstance(targets[j] - .getTargetGroup()))) - { - found = true; - break; - } - } - } - if (!found) - { - return false; - } - } - } - } - return true; - } - - /** - * Returns a clone of this object. - * - * @return the clone. - */ - public Object clone() - { - X509AttributeCertStoreSelector sel = new X509AttributeCertStoreSelector(); - sel.attributeCert = attributeCert; - sel.attributeCertificateValid = getAttributeCertificateValid(); - sel.holder = holder; - sel.issuer = issuer; - sel.serialNumber = serialNumber; - sel.targetGroups = getTargetGroups(); - sel.targetNames = getTargetNames(); - return sel; - } - - /** - * Returns the attribute certificate which must be matched. - * - * @return Returns the attribute certificate. - */ - public X509AttributeCertificate getAttributeCert() - { - return attributeCert; - } - - /** - * Set the attribute certificate to be matched. If <code>null</code> is - * given any will do. - * - * @param attributeCert The attribute certificate to set. - */ - public void setAttributeCert(X509AttributeCertificate attributeCert) - { - this.attributeCert = attributeCert; - } - - /** - * Get the criteria for the validity. - * - * @return Returns the attributeCertificateValid. - */ - public Date getAttributeCertificateValid() - { - if (attributeCertificateValid != null) - { - return new Date(attributeCertificateValid.getTime()); - } - - return null; - } - - /** - * Set the time, when the certificate must be valid. If <code>null</code> - * is given any will do. - * - * @param attributeCertificateValid The attribute certificate validation - * time to set. - */ - public void setAttributeCertificateValid(Date attributeCertificateValid) - { - if (attributeCertificateValid != null) - { - this.attributeCertificateValid = new Date(attributeCertificateValid - .getTime()); - } - else - { - this.attributeCertificateValid = null; - } - } - - /** - * Gets the holder. - * - * @return Returns the holder. - */ - public AttributeCertificateHolder getHolder() - { - return holder; - } - - /** - * Sets the holder. If <code>null</code> is given any will do. - * - * @param holder The holder to set. - */ - public void setHolder(AttributeCertificateHolder holder) - { - this.holder = holder; - } - - /** - * Returns the issuer criterion. - * - * @return Returns the issuer. - */ - public AttributeCertificateIssuer getIssuer() - { - return issuer; - } - - /** - * Sets the issuer the attribute certificate must have. If <code>null</code> - * is given any will do. - * - * @param issuer The issuer to set. - */ - public void setIssuer(AttributeCertificateIssuer issuer) - { - this.issuer = issuer; - } - - /** - * Gets the serial number the attribute certificate must have. - * - * @return Returns the serialNumber. - */ - public BigInteger getSerialNumber() - { - return serialNumber; - } - - /** - * Sets the serial number the attribute certificate must have. If - * <code>null</code> is given any will do. - * - * @param serialNumber The serialNumber to set. - */ - public void setSerialNumber(BigInteger serialNumber) - { - this.serialNumber = serialNumber; - } - - /** - * Adds a target name criterion for the attribute certificate to the target - * information extension criteria. The <code>X509AttributeCertificate</code> - * must contain at least one of the specified target names. - * <p> - * Each attribute certificate may contain a target information extension - * limiting the servers where this attribute certificate can be used. If - * this extension is not present, the attribute certificate is not targeted - * and may be accepted by any server. - * - * @param name The name as a GeneralName (not <code>null</code>) - */ - public void addTargetName(GeneralName name) - { - targetNames.add(name); - } - - /** - * Adds a target name criterion for the attribute certificate to the target - * information extension criteria. The <code>X509AttributeCertificate</code> - * must contain at least one of the specified target names. - * <p> - * Each attribute certificate may contain a target information extension - * limiting the servers where this attribute certificate can be used. If - * this extension is not present, the attribute certificate is not targeted - * and may be accepted by any server. - * - * @param name a byte array containing the name in ASN.1 DER encoded form of a GeneralName - * @throws IOException if a parsing error occurs. - */ - public void addTargetName(byte[] name) throws IOException - { - addTargetName(GeneralName.getInstance(ASN1Primitive.fromByteArray(name))); - } - - /** - * Adds a collection with target names criteria. If <code>null</code> is - * given any will do. - * <p> - * The collection consists of either GeneralName objects or byte[] arrays representing - * DER encoded GeneralName structures. - * - * @param names A collection of target names. - * @throws IOException if a parsing error occurs. - * @see #addTargetName(byte[]) - * @see #addTargetName(GeneralName) - */ - public void setTargetNames(Collection names) throws IOException - { - targetNames = extractGeneralNames(names); - } - - /** - * Gets the target names. The collection consists of <code>GeneralName</code> - * objects. - * <p> - * The returned collection is immutable. - * - * @return The collection of target names - * @see #setTargetNames(Collection) - */ - public Collection getTargetNames() - { - return Collections.unmodifiableCollection(targetNames); - } - - /** - * Adds a target group criterion for the attribute certificate to the target - * information extension criteria. The <code>X509AttributeCertificate</code> - * must contain at least one of the specified target groups. - * <p> - * Each attribute certificate may contain a target information extension - * limiting the servers where this attribute certificate can be used. If - * this extension is not present, the attribute certificate is not targeted - * and may be accepted by any server. - * - * @param group The group as GeneralName form (not <code>null</code>) - */ - public void addTargetGroup(GeneralName group) - { - targetGroups.add(group); - } - - /** - * Adds a target group criterion for the attribute certificate to the target - * information extension criteria. The <code>X509AttributeCertificate</code> - * must contain at least one of the specified target groups. - * <p> - * Each attribute certificate may contain a target information extension - * limiting the servers where this attribute certificate can be used. If - * this extension is not present, the attribute certificate is not targeted - * and may be accepted by any server. - * - * @param name a byte array containing the group in ASN.1 DER encoded form of a GeneralName - * @throws IOException if a parsing error occurs. - */ - public void addTargetGroup(byte[] name) throws IOException - { - addTargetGroup(GeneralName.getInstance(ASN1Primitive.fromByteArray(name))); - } - - /** - * Adds a collection with target groups criteria. If <code>null</code> is - * given any will do. - * <p> - * The collection consists of <code>GeneralName</code> objects or <code>byte[]</code representing DER - * encoded GeneralNames. - * - * @param names A collection of target groups. - * @throws IOException if a parsing error occurs. - * @see #addTargetGroup(byte[]) - * @see #addTargetGroup(GeneralName) - */ - public void setTargetGroups(Collection names) throws IOException - { - targetGroups = extractGeneralNames(names); - } - - - - /** - * Gets the target groups. The collection consists of <code>GeneralName</code> objects. - * <p> - * The returned collection is immutable. - * - * @return The collection of target groups. - * @see #setTargetGroups(Collection) - */ - public Collection getTargetGroups() - { - return Collections.unmodifiableCollection(targetGroups); - } - - private Set extractGeneralNames(Collection names) - throws IOException - { - if (names == null || names.isEmpty()) - { - return new HashSet(); - } - Set temp = new HashSet(); - for (Iterator it = names.iterator(); it.hasNext();) - { - Object o = it.next(); - if (o instanceof GeneralName) - { - temp.add(o); - } - else - { - temp.add(GeneralName.getInstance(ASN1Primitive.fromByteArray((byte[])o))); - } - } - return temp; - } -} diff --git a/prov/src/main/java/org/bouncycastle/x509/X509AttributeCertificate.java b/prov/src/main/java/org/bouncycastle/x509/X509AttributeCertificate.java deleted file mode 100644 index d65ec78e..00000000 --- a/prov/src/main/java/org/bouncycastle/x509/X509AttributeCertificate.java +++ /dev/null @@ -1,102 +0,0 @@ -package org.bouncycastle.x509; - -import java.io.IOException; -import java.math.BigInteger; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PublicKey; -import java.security.SignatureException; -import java.security.cert.CertificateException; -import java.security.cert.CertificateExpiredException; -import java.security.cert.CertificateNotYetValidException; -import java.security.cert.X509Extension; -import java.util.Date; - -/** - * Interface for an X.509 Attribute Certificate. - * @deprecated use X509CertificateHolder class in the PKIX package. - */ -public interface X509AttributeCertificate - extends X509Extension -{ - /** - * Return the version number for the certificate. - * - * @return the version number. - */ - public int getVersion(); - - /** - * Return the serial number for the certificate. - * - * @return the serial number. - */ - public BigInteger getSerialNumber(); - - /** - * Return the date before which the certificate is not valid. - * - * @return the "not valid before" date. - */ - public Date getNotBefore(); - - /** - * Return the date after which the certificate is not valid. - * - * @return the "not valid afer" date. - */ - public Date getNotAfter(); - - /** - * Return the holder of the certificate. - * - * @return the holder. - */ - public AttributeCertificateHolder getHolder(); - - /** - * Return the issuer details for the certificate. - * - * @return the issuer details. - */ - public AttributeCertificateIssuer getIssuer(); - - /** - * Return the attributes contained in the attribute block in the certificate. - * - * @return an array of attributes. - */ - public X509Attribute[] getAttributes(); - - /** - * Return the attributes with the same type as the passed in oid. - * - * @param oid the object identifier we wish to match. - * @return an array of matched attributes, null if there is no match. - */ - public X509Attribute[] getAttributes(String oid); - - public boolean[] getIssuerUniqueID(); - - public void checkValidity() - throws CertificateExpiredException, CertificateNotYetValidException; - - public void checkValidity(Date date) - throws CertificateExpiredException, CertificateNotYetValidException; - - public byte[] getSignature(); - - public void verify(PublicKey key, String provider) - throws CertificateException, NoSuchAlgorithmException, - InvalidKeyException, NoSuchProviderException, SignatureException; - - /** - * Return an ASN.1 encoded byte array representing the attribute certificate. - * - * @return an ASN.1 encoded byte array. - * @throws IOException if the certificate cannot be encoded. - */ - public byte[] getEncoded() - throws IOException; -} diff --git a/prov/src/main/java/org/bouncycastle/x509/X509CRLStoreSelector.java b/prov/src/main/java/org/bouncycastle/x509/X509CRLStoreSelector.java deleted file mode 100644 index 2486d208..00000000 --- a/prov/src/main/java/org/bouncycastle/x509/X509CRLStoreSelector.java +++ /dev/null @@ -1,330 +0,0 @@ -package org.bouncycastle.x509; - -import java.io.IOException; -import java.math.BigInteger; -import java.security.cert.CRL; -import java.security.cert.X509CRL; -import java.security.cert.X509CRLSelector; - -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.x509.X509Extensions; -import org.bouncycastle.util.Arrays; -import org.bouncycastle.util.Selector; -import org.bouncycastle.x509.extension.X509ExtensionUtil; - -/** - * This class is a Selector implementation for X.509 certificate revocation - * lists. - * - * @see org.bouncycastle.util.Selector - * @see org.bouncycastle.x509.X509Store - * @see org.bouncycastle.jce.provider.X509StoreCRLCollection - */ -public class X509CRLStoreSelector - extends X509CRLSelector - implements Selector -{ - private boolean deltaCRLIndicator = false; - - private boolean completeCRLEnabled = false; - - private BigInteger maxBaseCRLNumber = null; - - private byte[] issuingDistributionPoint = null; - - private boolean issuingDistributionPointEnabled = false; - - private X509AttributeCertificate attrCertChecking; - - /** - * Returns if the issuing distribution point criteria should be applied. - * Defaults to <code>false</code>. - * <p> - * You may also set the issuing distribution point criteria if not a missing - * issuing distribution point should be assumed. - * - * @return Returns if the issuing distribution point check is enabled. - */ - public boolean isIssuingDistributionPointEnabled() - { - return issuingDistributionPointEnabled; - } - - /** - * Enables or disables the issuing distribution point check. - * - * @param issuingDistributionPointEnabled <code>true</code> to enable the - * issuing distribution point check. - */ - public void setIssuingDistributionPointEnabled( - boolean issuingDistributionPointEnabled) - { - this.issuingDistributionPointEnabled = issuingDistributionPointEnabled; - } - - /** - * Sets the attribute certificate being checked. This is not a criterion. - * Rather, it is optional information that may help a {@link X509Store} find - * CRLs that would be relevant when checking revocation for the specified - * attribute certificate. If <code>null</code> is specified, then no such - * optional information is provided. - * - * @param attrCert the <code>X509AttributeCertificate</code> being checked (or - * <code>null</code>) - * @see #getAttrCertificateChecking() - */ - public void setAttrCertificateChecking(X509AttributeCertificate attrCert) - { - attrCertChecking = attrCert; - } - - /** - * Returns the attribute certificate being checked. - * - * @return Returns the attribute certificate being checked. - * @see #setAttrCertificateChecking(X509AttributeCertificate) - */ - public X509AttributeCertificate getAttrCertificateChecking() - { - return attrCertChecking; - } - - public boolean match(Object obj) - { - if (!(obj instanceof X509CRL)) - { - return false; - } - X509CRL crl = (X509CRL)obj; - ASN1Integer dci = null; - try - { - byte[] bytes = crl - .getExtensionValue(X509Extensions.DeltaCRLIndicator.getId()); - if (bytes != null) - { - dci = ASN1Integer.getInstance(X509ExtensionUtil - .fromExtensionValue(bytes)); - } - } - catch (Exception e) - { - return false; - } - if (isDeltaCRLIndicatorEnabled()) - { - if (dci == null) - { - return false; - } - } - if (isCompleteCRLEnabled()) - { - if (dci != null) - { - return false; - } - } - if (dci != null) - { - - if (maxBaseCRLNumber != null) - { - if (dci.getPositiveValue().compareTo(maxBaseCRLNumber) == 1) - { - return false; - } - } - } - if (issuingDistributionPointEnabled) - { - byte[] idp = crl - .getExtensionValue(X509Extensions.IssuingDistributionPoint - .getId()); - if (issuingDistributionPoint == null) - { - if (idp != null) - { - return false; - } - } - else - { - if (!Arrays.areEqual(idp, issuingDistributionPoint)) - { - return false; - } - } - - } - return super.match((X509CRL)obj); - } - - public boolean match(CRL crl) - { - return match((Object)crl); - } - - /** - * Returns if this selector must match CRLs with the delta CRL indicator - * extension set. Defaults to <code>false</code>. - * - * @return Returns <code>true</code> if only CRLs with the delta CRL - * indicator extension are selected. - */ - public boolean isDeltaCRLIndicatorEnabled() - { - return deltaCRLIndicator; - } - - /** - * If this is set to <code>true</code> the CRL reported contains the delta - * CRL indicator CRL extension. - * <p> - * {@link #setCompleteCRLEnabled(boolean)} and - * {@link #setDeltaCRLIndicatorEnabled(boolean)} excluded each other. - * - * @param deltaCRLIndicator <code>true</code> if the delta CRL indicator - * extension must be in the CRL. - */ - public void setDeltaCRLIndicatorEnabled(boolean deltaCRLIndicator) - { - this.deltaCRLIndicator = deltaCRLIndicator; - } - - /** - * Returns an instance of this from a <code>X509CRLSelector</code>. - * - * @param selector A <code>X509CRLSelector</code> instance. - * @return An instance of an <code>X509CRLStoreSelector</code>. - * @exception IllegalArgumentException if selector is null or creation - * fails. - */ - public static X509CRLStoreSelector getInstance(X509CRLSelector selector) - { - if (selector == null) - { - throw new IllegalArgumentException( - "cannot create from null selector"); - } - X509CRLStoreSelector cs = new X509CRLStoreSelector(); - cs.setCertificateChecking(selector.getCertificateChecking()); - cs.setDateAndTime(selector.getDateAndTime()); - try - { - cs.setIssuerNames(selector.getIssuerNames()); - } - catch (IOException e) - { - // cannot happen - throw new IllegalArgumentException(e.getMessage()); - } - cs.setIssuers(selector.getIssuers()); - cs.setMaxCRLNumber(selector.getMaxCRL()); - cs.setMinCRLNumber(selector.getMinCRL()); - return cs; - } - - public Object clone() - { - X509CRLStoreSelector sel = X509CRLStoreSelector.getInstance(this); - sel.deltaCRLIndicator = deltaCRLIndicator; - sel.completeCRLEnabled = completeCRLEnabled; - sel.maxBaseCRLNumber = maxBaseCRLNumber; - sel.attrCertChecking = attrCertChecking; - sel.issuingDistributionPointEnabled = issuingDistributionPointEnabled; - sel.issuingDistributionPoint = Arrays.clone(issuingDistributionPoint); - return sel; - } - - /** - * If <code>true</code> only complete CRLs are returned. Defaults to - * <code>false</code>. - * - * @return <code>true</code> if only complete CRLs are returned. - */ - public boolean isCompleteCRLEnabled() - { - return completeCRLEnabled; - } - - /** - * If set to <code>true</code> only complete CRLs are returned. - * <p> - * {@link #setCompleteCRLEnabled(boolean)} and - * {@link #setDeltaCRLIndicatorEnabled(boolean)} excluded each other. - * - * @param completeCRLEnabled <code>true</code> if only complete CRLs - * should be returned. - */ - public void setCompleteCRLEnabled(boolean completeCRLEnabled) - { - this.completeCRLEnabled = completeCRLEnabled; - } - - /** - * Get the maximum base CRL number. Defaults to <code>null</code>. - * - * @return Returns the maximum base CRL number. - * @see #setMaxBaseCRLNumber(BigInteger) - */ - public BigInteger getMaxBaseCRLNumber() - { - return maxBaseCRLNumber; - } - - /** - * Sets the maximum base CRL number. Setting to <code>null</code> disables - * this cheack. - * <p> - * This is only meaningful for delta CRLs. Complete CRLs must have a CRL - * number which is greater or equal than the base number of the - * corresponding CRL. - * - * @param maxBaseCRLNumber The maximum base CRL number to set. - */ - public void setMaxBaseCRLNumber(BigInteger maxBaseCRLNumber) - { - this.maxBaseCRLNumber = maxBaseCRLNumber; - } - - /** - * Returns the issuing distribution point. Defaults to <code>null</code>, - * which is a missing issuing distribution point extension. - * <p> - * The internal byte array is cloned before it is returned. - * <p> - * The criteria must be enable with - * {@link #setIssuingDistributionPointEnabled(boolean)}. - * - * @return Returns the issuing distribution point. - * @see #setIssuingDistributionPoint(byte[]) - */ - public byte[] getIssuingDistributionPoint() - { - return Arrays.clone(issuingDistributionPoint); - } - - /** - * Sets the issuing distribution point. - * <p> - * The issuing distribution point extension is a CRL extension which - * identifies the scope and the distribution point of a CRL. The scope - * contains among others information about revocation reasons contained in - * the CRL. Delta CRLs and complete CRLs must have matching issuing - * distribution points. - * <p> - * The byte array is cloned to protect against subsequent modifications. - * <p> - * You must also enable or disable this criteria with - * {@link #setIssuingDistributionPointEnabled(boolean)}. - * - * @param issuingDistributionPoint The issuing distribution point to set. - * This is the DER encoded OCTET STRING extension value. - * @see #getIssuingDistributionPoint() - */ - public void setIssuingDistributionPoint(byte[] issuingDistributionPoint) - { - this.issuingDistributionPoint = Arrays.clone(issuingDistributionPoint); - } -} diff --git a/prov/src/main/java/org/bouncycastle/x509/X509CertPairStoreSelector.java b/prov/src/main/java/org/bouncycastle/x509/X509CertPairStoreSelector.java deleted file mode 100644 index 187b0983..00000000 --- a/prov/src/main/java/org/bouncycastle/x509/X509CertPairStoreSelector.java +++ /dev/null @@ -1,155 +0,0 @@ -package org.bouncycastle.x509; - -import org.bouncycastle.util.Selector; - -/** - * This class is an <code>Selector</code> like implementation to select - * certificates pairs, which are e.g. used for cross certificates. The set of - * criteria is given from two - * {@link org.bouncycastle.x509.X509CertStoreSelector}s which must be both - * matched. - * - * @see org.bouncycastle.x509.X509AttributeCertificate - * @see org.bouncycastle.x509.X509Store - */ -public class X509CertPairStoreSelector implements Selector -{ - - private X509CertStoreSelector forwardSelector; - - private X509CertStoreSelector reverseSelector; - - private X509CertificatePair certPair; - - public X509CertPairStoreSelector() - { - } - - /** - * Returns the certificate pair which is used for testing on equality. - * - * @return Returns the certificate pair which is checked. - */ - public X509CertificatePair getCertPair() - { - return certPair; - } - - /** - * Set the certificate pair which is used for testing on equality. - * - * @param certPair The certPairChecking to set. - */ - public void setCertPair(X509CertificatePair certPair) - { - this.certPair = certPair; - } - - /** - * @param forwardSelector The certificate selector for the forward part in - * the pair. - */ - public void setForwardSelector(X509CertStoreSelector forwardSelector) - { - this.forwardSelector = forwardSelector; - } - - /** - * @param reverseSelector The certificate selector for the reverse part in - * the pair. - */ - public void setReverseSelector(X509CertStoreSelector reverseSelector) - { - this.reverseSelector = reverseSelector; - } - - /** - * Returns a clone of this selector. - * - * @return A clone of this selector. - * @see java.lang.Object#clone() - */ - public Object clone() - { - X509CertPairStoreSelector cln = new X509CertPairStoreSelector(); - - cln.certPair = certPair; - - if (forwardSelector != null) - { - cln.setForwardSelector((X509CertStoreSelector) forwardSelector - .clone()); - } - - if (reverseSelector != null) - { - cln.setReverseSelector((X509CertStoreSelector) reverseSelector - .clone()); - } - - return cln; - } - - /** - * Decides if the given certificate pair should be selected. If - * <code>obj</code> is not a {@link X509CertificatePair} this method - * returns <code>false</code>. - * - * @param obj The {@link X509CertificatePair} which should be tested. - * @return <code>true</code> if the object matches this selector. - */ - public boolean match(Object obj) - { - try - { - if (!(obj instanceof X509CertificatePair)) - { - return false; - } - X509CertificatePair pair = (X509CertificatePair)obj; - - if (forwardSelector != null - && !forwardSelector.match((Object)pair.getForward())) - { - return false; - } - - if (reverseSelector != null - && !reverseSelector.match((Object)pair.getReverse())) - { - return false; - } - - if (certPair != null) - { - return certPair.equals(obj); - } - - return true; - } - catch (Exception e) - { - return false; - } - } - - /** - * Returns the certicate selector for the forward part. - * - * @return Returns the certicate selector for the forward part. - */ - public X509CertStoreSelector getForwardSelector() - { - return forwardSelector; - } - - /** - * Returns the certicate selector for the reverse part. - * - * @return Returns the reverse selector for teh reverse part. - */ - public X509CertStoreSelector getReverseSelector() - { - return reverseSelector; - } -} diff --git a/prov/src/main/java/org/bouncycastle/x509/X509CertStoreSelector.java b/prov/src/main/java/org/bouncycastle/x509/X509CertStoreSelector.java deleted file mode 100644 index 65353285..00000000 --- a/prov/src/main/java/org/bouncycastle/x509/X509CertStoreSelector.java +++ /dev/null @@ -1,88 +0,0 @@ -package org.bouncycastle.x509; - -import java.io.IOException; -import java.security.cert.Certificate; -import java.security.cert.X509CertSelector; -import java.security.cert.X509Certificate; - -import org.bouncycastle.util.Selector; - -/** - * This class is a Selector implementation for X.509 certificates. - * - * @see org.bouncycastle.util.Selector - * @see org.bouncycastle.x509.X509Store - * @see org.bouncycastle.jce.provider.X509StoreCertCollection - * @deprecated use the classes under org.bouncycastle.cert.selector - */ -public class X509CertStoreSelector - extends X509CertSelector - implements Selector -{ - public boolean match(Object obj) - { - if (!(obj instanceof X509Certificate)) - { - return false; - } - - X509Certificate other = (X509Certificate)obj; - - return super.match(other); - } - - public boolean match(Certificate cert) - { - return match((Object)cert); - } - - public Object clone() - { - X509CertStoreSelector selector = (X509CertStoreSelector)super.clone(); - - return selector; - } - - /** - * Returns an instance of this from a <code>X509CertSelector</code>. - * - * @param selector A <code>X509CertSelector</code> instance. - * @return An instance of an <code>X509CertStoreSelector</code>. - * @exception IllegalArgumentException if selector is null or creation fails. - */ - public static X509CertStoreSelector getInstance(X509CertSelector selector) - { - if (selector == null) - { - throw new IllegalArgumentException("cannot create from null selector"); - } - X509CertStoreSelector cs = new X509CertStoreSelector(); - cs.setAuthorityKeyIdentifier(selector.getAuthorityKeyIdentifier()); - cs.setBasicConstraints(selector.getBasicConstraints()); - cs.setCertificate(selector.getCertificate()); - cs.setCertificateValid(selector.getCertificateValid()); - cs.setMatchAllSubjectAltNames(selector.getMatchAllSubjectAltNames()); - try - { - cs.setPathToNames(selector.getPathToNames()); - cs.setExtendedKeyUsage(selector.getExtendedKeyUsage()); - cs.setNameConstraints(selector.getNameConstraints()); - cs.setPolicy(selector.getPolicy()); - cs.setSubjectPublicKeyAlgID(selector.getSubjectPublicKeyAlgID()); - cs.setSubjectAlternativeNames(selector.getSubjectAlternativeNames()); - } - catch (IOException e) - { - throw new IllegalArgumentException("error in passed in selector: " + e); - } - cs.setIssuer(selector.getIssuer()); - cs.setKeyUsage(selector.getKeyUsage()); - cs.setPrivateKeyValid(selector.getPrivateKeyValid()); - cs.setSerialNumber(selector.getSerialNumber()); - cs.setSubject(selector.getSubject()); - cs.setSubjectKeyIdentifier(selector.getSubjectKeyIdentifier()); - cs.setSubjectPublicKey(selector.getSubjectPublicKey()); - return cs; - } - -} diff --git a/prov/src/main/java/org/bouncycastle/x509/X509CertificatePair.java b/prov/src/main/java/org/bouncycastle/x509/X509CertificatePair.java deleted file mode 100644 index 73e5ba31..00000000 --- a/prov/src/main/java/org/bouncycastle/x509/X509CertificatePair.java +++ /dev/null @@ -1,167 +0,0 @@ -package org.bouncycastle.x509; - -import java.io.IOException; -import java.security.cert.CertificateEncodingException; -import java.security.cert.CertificateParsingException; -import java.security.cert.X509Certificate; - -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.x509.Certificate; -import org.bouncycastle.asn1.x509.CertificatePair; -import org.bouncycastle.jce.provider.X509CertificateObject; - -/** - * This class contains a cross certificate pair. Cross certificates pairs may - * contain two cross signed certificates from two CAs. A certificate from the - * other CA to this CA is contained in the forward certificate, the certificate - * from this CA to the other CA is contained in the reverse certificate. - */ -public class X509CertificatePair -{ - private X509Certificate forward; - private X509Certificate reverse; - - /** - * Constructor. - * - * @param forward Certificate from the other CA to this CA. - * @param reverse Certificate from this CA to the other CA. - */ - public X509CertificatePair( - X509Certificate forward, - X509Certificate reverse) - { - this.forward = forward; - this.reverse = reverse; - } - - /** - * Constructor from a ASN.1 CertificatePair structure. - * - * @param pair The <code>CertificatePair</code> ASN.1 object. - */ - public X509CertificatePair( - CertificatePair pair) - throws CertificateParsingException - { - if (pair.getForward() != null) - { - this.forward = new X509CertificateObject(pair.getForward()); - } - if (pair.getReverse() != null) - { - this.reverse = new X509CertificateObject(pair.getReverse()); - } - } - - public byte[] getEncoded() - throws CertificateEncodingException - { - Certificate f = null; - Certificate r = null; - try - { - if (forward != null) - { - f = Certificate.getInstance(new ASN1InputStream( - forward.getEncoded()).readObject()); - if (f == null) - { - throw new CertificateEncodingException("unable to get encoding for forward"); - } - } - if (reverse != null) - { - r = Certificate.getInstance(new ASN1InputStream( - reverse.getEncoded()).readObject()); - if (r == null) - { - throw new CertificateEncodingException("unable to get encoding for reverse"); - } - } - return new CertificatePair(f, r).getEncoded(ASN1Encoding.DER); - } - catch (IllegalArgumentException e) - { - throw new ExtCertificateEncodingException(e.toString(), e); - } - catch (IOException e) - { - throw new ExtCertificateEncodingException(e.toString(), e); - } - } - - /** - * Returns the certificate from the other CA to this CA. - * - * @return Returns the forward certificate. - */ - public X509Certificate getForward() - { - return forward; - } - - /** - * Return the certificate from this CA to the other CA. - * - * @return Returns the reverse certificate. - */ - public X509Certificate getReverse() - { - return reverse; - } - - public boolean equals(Object o) - { - if (o == null) - { - return false; - } - if (!(o instanceof X509CertificatePair)) - { - return false; - } - X509CertificatePair pair = (X509CertificatePair)o; - boolean equalReverse = true; - boolean equalForward = true; - if (forward != null) - { - equalForward = this.forward.equals(pair.forward); - } - else - { - if (pair.forward != null) - { - equalForward = false; - } - } - if (reverse != null) - { - equalReverse = this.reverse.equals(pair.reverse); - } - else - { - if (pair.reverse != null) - { - equalReverse = false; - } - } - return equalForward && equalReverse; - } - - public int hashCode() - { - int hash = -1; - if (forward != null) - { - hash ^= forward.hashCode(); - } - if (reverse != null) - { - hash *= 17; - hash ^= reverse.hashCode(); - } - return hash; - } -} diff --git a/prov/src/main/java/org/bouncycastle/x509/X509CollectionStoreParameters.java b/prov/src/main/java/org/bouncycastle/x509/X509CollectionStoreParameters.java deleted file mode 100644 index 16420fed..00000000 --- a/prov/src/main/java/org/bouncycastle/x509/X509CollectionStoreParameters.java +++ /dev/null @@ -1,70 +0,0 @@ -package org.bouncycastle.x509; - -import java.util.ArrayList; -import java.util.Collection; - -/** - * This class contains a collection for collection based <code>X509Store</code>s. - * - * @see org.bouncycastle.x509.X509Store - * - */ -public class X509CollectionStoreParameters - implements X509StoreParameters -{ - private Collection collection; - - /** - * Constructor. - * <p> - * The collection is copied. - * </p> - * - * @param collection - * The collection containing X.509 object types. - * @throws NullPointerException if <code>collection</code> is <code>null</code>. - */ - public X509CollectionStoreParameters(Collection collection) - { - if (collection == null) - { - throw new NullPointerException("collection cannot be null"); - } - this.collection = collection; - } - - /** - * Returns a shallow clone. The returned contents are not copied, so adding - * or removing objects will effect this. - * - * @return a shallow clone. - */ - public Object clone() - { - return new X509CollectionStoreParameters(collection); - } - - /** - * Returns a copy of the <code>Collection</code>. - * - * @return The <code>Collection</code>. Is never <code>null</code>. - */ - public Collection getCollection() - { - return new ArrayList(collection); - } - - /** - * Returns a formatted string describing the parameters. - * - * @return a formatted string describing the parameters - */ - public String toString() - { - StringBuffer sb = new StringBuffer(); - sb.append("X509CollectionStoreParameters: [\n"); - sb.append(" collection: " + collection + "\n"); - sb.append("]"); - return sb.toString(); - } -} diff --git a/prov/src/main/java/org/bouncycastle/x509/X509Store.java b/prov/src/main/java/org/bouncycastle/x509/X509Store.java deleted file mode 100644 index 61d921c5..00000000 --- a/prov/src/main/java/org/bouncycastle/x509/X509Store.java +++ /dev/null @@ -1,82 +0,0 @@ -package org.bouncycastle.x509; - -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.Provider; -import java.util.Collection; - -import org.bouncycastle.util.Selector; -import org.bouncycastle.util.Store; - -/** - * @deprecated use CollectionStore - this class will be removed. - */ -public class X509Store - implements Store -{ - public static X509Store getInstance(String type, X509StoreParameters parameters) - throws NoSuchStoreException - { - try - { - X509Util.Implementation impl = X509Util.getImplementation("X509Store", type); - - return createStore(impl, parameters); - } - catch (NoSuchAlgorithmException e) - { - throw new NoSuchStoreException(e.getMessage()); - } - } - - public static X509Store getInstance(String type, X509StoreParameters parameters, String provider) - throws NoSuchStoreException, NoSuchProviderException - { - return getInstance(type, parameters, X509Util.getProvider(provider)); - } - - public static X509Store getInstance(String type, X509StoreParameters parameters, Provider provider) - throws NoSuchStoreException - { - try - { - X509Util.Implementation impl = X509Util.getImplementation("X509Store", type, provider); - - return createStore(impl, parameters); - } - catch (NoSuchAlgorithmException e) - { - throw new NoSuchStoreException(e.getMessage()); - } - } - - private static X509Store createStore(X509Util.Implementation impl, X509StoreParameters parameters) - { - X509StoreSpi spi = (X509StoreSpi)impl.getEngine(); - - spi.engineInit(parameters); - - return new X509Store(impl.getProvider(), spi); - } - - private Provider _provider; - private X509StoreSpi _spi; - - private X509Store( - Provider provider, - X509StoreSpi spi) - { - _provider = provider; - _spi = spi; - } - - public Provider getProvider() - { - return _provider; - } - - public Collection getMatches(Selector selector) - { - return _spi.engineGetMatches(selector); - } -} diff --git a/prov/src/main/java/org/bouncycastle/x509/X509StoreParameters.java b/prov/src/main/java/org/bouncycastle/x509/X509StoreParameters.java deleted file mode 100644 index 22548da4..00000000 --- a/prov/src/main/java/org/bouncycastle/x509/X509StoreParameters.java +++ /dev/null @@ -1,5 +0,0 @@ -package org.bouncycastle.x509; - -public interface X509StoreParameters -{ -} diff --git a/prov/src/main/java/org/bouncycastle/x509/X509StoreSpi.java b/prov/src/main/java/org/bouncycastle/x509/X509StoreSpi.java deleted file mode 100644 index 3455add9..00000000 --- a/prov/src/main/java/org/bouncycastle/x509/X509StoreSpi.java +++ /dev/null @@ -1,12 +0,0 @@ -package org.bouncycastle.x509; - -import org.bouncycastle.util.Selector; - -import java.util.Collection; - -public abstract class X509StoreSpi -{ - public abstract void engineInit(X509StoreParameters parameters); - - public abstract Collection engineGetMatches(Selector selector); -} diff --git a/prov/src/main/java/org/bouncycastle/x509/X509StreamParser.java b/prov/src/main/java/org/bouncycastle/x509/X509StreamParser.java deleted file mode 100644 index 3ad28468..00000000 --- a/prov/src/main/java/org/bouncycastle/x509/X509StreamParser.java +++ /dev/null @@ -1,161 +0,0 @@ -package org.bouncycastle.x509; - -import org.bouncycastle.x509.util.StreamParser; -import org.bouncycastle.x509.util.StreamParsingException; - -import java.io.ByteArrayInputStream; -import java.io.InputStream; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.Provider; -import java.util.Collection; - -/** - * - * This class allows access to different implementations for reading X.509 - * objects from streams. - * <p> - * A X509StreamParser is used to read a collection of objects or a single object - * of a certain X.509 object structure. E.g. one X509StreamParser can read - * certificates, another one CRLs, certification paths, attribute certificates - * and so on. The kind of object structure is specified with the - * <code>algorithm</code> parameter to the <code>getInstance</code> methods. - * <p> - * Implementations must implement the - * {@link org.bouncycastle.x509.X509StreamParserSpi}. - */ -public class X509StreamParser - implements StreamParser -{ - /** - * Generates a StreamParser object that implements the specified type. If - * the default provider package provides an implementation of the requested - * type, an instance of StreamParser containing that implementation is - * returned. If the type is not available in the default package, other - * packages are searched. - * - * @param type - * The name of the requested X.509 object type. - * @return a StreamParser object for the specified type. - * - * @exception NoSuchParserException - * if the requested type is not available in the default - * provider package or any of the other provider packages - * that were searched. - */ - public static X509StreamParser getInstance(String type) - throws NoSuchParserException - { - try - { - X509Util.Implementation impl = X509Util.getImplementation("X509StreamParser", type); - - return createParser(impl); - } - catch (NoSuchAlgorithmException e) - { - throw new NoSuchParserException(e.getMessage()); - } - } - - /** - * Generates a X509StreamParser object for the specified type from the - * specified provider. - * - * @param type - * the name of the requested X.509 object type. - * @param provider - * the name of the provider. - * - * @return a X509StreamParser object for the specified type. - * - * @exception NoSuchParserException - * if the type is not available from the specified provider. - * - * @exception NoSuchProviderException - * if the provider can not be found. - * - * @see Provider - */ - public static X509StreamParser getInstance(String type, String provider) - throws NoSuchParserException, NoSuchProviderException - { - return getInstance(type, X509Util.getProvider(provider)); - } - - /** - * Generates a X509StreamParser object for the specified type from the - * specified provider. - * - * @param type - * the name of the requested X.509 object type. - * @param provider - * the Provider to use. - * - * @return a X509StreamParser object for the specified type. - * - * @exception NoSuchParserException - * if the type is not available from the specified provider. - * - * @see Provider - */ - public static X509StreamParser getInstance(String type, Provider provider) - throws NoSuchParserException - { - try - { - X509Util.Implementation impl = X509Util.getImplementation("X509StreamParser", type, provider); - - return createParser(impl); - } - catch (NoSuchAlgorithmException e) - { - throw new NoSuchParserException(e.getMessage()); - } - } - - private static X509StreamParser createParser(X509Util.Implementation impl) - { - X509StreamParserSpi spi = (X509StreamParserSpi)impl.getEngine(); - - return new X509StreamParser(impl.getProvider(), spi); - } - - private Provider _provider; - private X509StreamParserSpi _spi; - - private X509StreamParser( - Provider provider, - X509StreamParserSpi spi) - { - _provider = provider; - _spi = spi; - } - - public Provider getProvider() - { - return _provider; - } - - public void init(InputStream stream) - { - _spi.engineInit(stream); - } - - public void init(byte[] data) - { - _spi.engineInit(new ByteArrayInputStream(data)); - } - - public Object read() - throws StreamParsingException - { - return _spi.engineRead(); - } - - public Collection readAll() - throws StreamParsingException - { - return _spi.engineReadAll(); - } -} diff --git a/prov/src/main/java/org/bouncycastle/x509/X509StreamParserSpi.java b/prov/src/main/java/org/bouncycastle/x509/X509StreamParserSpi.java deleted file mode 100644 index 6929eb12..00000000 --- a/prov/src/main/java/org/bouncycastle/x509/X509StreamParserSpi.java +++ /dev/null @@ -1,45 +0,0 @@ -package org.bouncycastle.x509; - -import org.bouncycastle.x509.util.StreamParsingException; - -import java.io.InputStream; -import java.util.Collection; - -/** - * This abstract class defines the service provider interface (SPI) for - * X509StreamParser. - * - * @see org.bouncycastle.x509.X509StreamParser - * - */ -public abstract class X509StreamParserSpi -{ - /** - * Initializes this stream parser with the input stream. - * - * @param in The input stream. - */ - public abstract void engineInit(InputStream in); - - /** - * Returns the next X.509 object of the type of this SPI from the given - * input stream. - * - * @return the next X.509 object in the stream or <code>null</code> if the - * end of the stream is reached. - * @exception StreamParsingException - * if the object cannot be created from input stream. - */ - public abstract Object engineRead() throws StreamParsingException; - - /** - * Returns all X.509 objects of the type of this SPI from - * the given input stream. - * - * @return A collection of all X.509 objects in the input stream or - * <code>null</code> if the end of the stream is reached. - * @exception StreamParsingException - * if an object cannot be created from input stream. - */ - public abstract Collection engineReadAll() throws StreamParsingException; -} diff --git a/prov/src/main/java/org/bouncycastle/x509/X509Util.java b/prov/src/main/java/org/bouncycastle/x509/X509Util.java deleted file mode 100644 index d002111e..00000000 --- a/prov/src/main/java/org/bouncycastle/x509/X509Util.java +++ /dev/null @@ -1,412 +0,0 @@ -package org.bouncycastle.x509; - -import java.io.IOException; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.Provider; -import java.security.SecureRandom; -import java.security.Security; -import java.security.Signature; -import java.security.SignatureException; -import java.util.ArrayList; -import java.util.Enumeration; -import java.util.HashSet; -import java.util.Hashtable; -import java.util.Iterator; -import java.util.List; -import java.util.Set; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.RSASSAPSSparams; -import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.jce.X509Principal; -import org.bouncycastle.util.Strings; - -class X509Util -{ - private static Hashtable algorithms = new Hashtable(); - private static Hashtable params = new Hashtable(); - private static Set noParams = new HashSet(); - - static - { - algorithms.put("MD2WITHRSAENCRYPTION", PKCSObjectIdentifiers.md2WithRSAEncryption); - algorithms.put("MD2WITHRSA", PKCSObjectIdentifiers.md2WithRSAEncryption); - algorithms.put("MD5WITHRSAENCRYPTION", PKCSObjectIdentifiers.md5WithRSAEncryption); - algorithms.put("MD5WITHRSA", PKCSObjectIdentifiers.md5WithRSAEncryption); - algorithms.put("SHA1WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha1WithRSAEncryption); - algorithms.put("SHA1WITHRSA", PKCSObjectIdentifiers.sha1WithRSAEncryption); - algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption); - algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption); - algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption); - algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption); - algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption); - algorithms.put("SHA384WITHRSA", PKCSObjectIdentifiers.sha384WithRSAEncryption); - algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption); - algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption); - algorithms.put("SHA1WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); - algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); - algorithms.put("SHA256WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); - algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); - algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS); - algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); - algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160); - algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); - algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128); - algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); - algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256); - algorithms.put("SHA1WITHDSA", X9ObjectIdentifiers.id_dsa_with_sha1); - algorithms.put("DSAWITHSHA1", X9ObjectIdentifiers.id_dsa_with_sha1); - algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224); - algorithms.put("SHA256WITHDSA", NISTObjectIdentifiers.dsa_with_sha256); - algorithms.put("SHA384WITHDSA", NISTObjectIdentifiers.dsa_with_sha384); - algorithms.put("SHA512WITHDSA", NISTObjectIdentifiers.dsa_with_sha512); - algorithms.put("SHA1WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1); - algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1); - algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224); - algorithms.put("SHA256WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256); - algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384); - algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512); - algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); - algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); - algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); - algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); - algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); - - // - // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field. - // The parameters field SHALL be NULL for RSA based signature algorithms. - // - noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA1); - noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224); - noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA256); - noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA384); - noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA512); - noParams.add(X9ObjectIdentifiers.id_dsa_with_sha1); - noParams.add(NISTObjectIdentifiers.dsa_with_sha224); - noParams.add(NISTObjectIdentifiers.dsa_with_sha256); - noParams.add(NISTObjectIdentifiers.dsa_with_sha384); - noParams.add(NISTObjectIdentifiers.dsa_with_sha512); - - // - // RFC 4491 - // - noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); - noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); - - // - // explicit params - // - AlgorithmIdentifier sha1AlgId = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.INSTANCE); - params.put("SHA1WITHRSAANDMGF1", creatPSSParams(sha1AlgId, 20)); - - AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, DERNull.INSTANCE); - params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28)); - - AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, DERNull.INSTANCE); - params.put("SHA256WITHRSAANDMGF1", creatPSSParams(sha256AlgId, 32)); - - AlgorithmIdentifier sha384AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha384, DERNull.INSTANCE); - params.put("SHA384WITHRSAANDMGF1", creatPSSParams(sha384AlgId, 48)); - - AlgorithmIdentifier sha512AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha512, DERNull.INSTANCE); - params.put("SHA512WITHRSAANDMGF1", creatPSSParams(sha512AlgId, 64)); - } - - private static RSASSAPSSparams creatPSSParams(AlgorithmIdentifier hashAlgId, int saltSize) - { - return new RSASSAPSSparams( - hashAlgId, - new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, hashAlgId), - new ASN1Integer(saltSize), - new ASN1Integer(1)); - } - - static ASN1ObjectIdentifier getAlgorithmOID( - String algorithmName) - { - algorithmName = Strings.toUpperCase(algorithmName); - - if (algorithms.containsKey(algorithmName)) - { - return (ASN1ObjectIdentifier)algorithms.get(algorithmName); - } - - return new ASN1ObjectIdentifier(algorithmName); - } - - static AlgorithmIdentifier getSigAlgID( - ASN1ObjectIdentifier sigOid, - String algorithmName) - { - if (noParams.contains(sigOid)) - { - return new AlgorithmIdentifier(sigOid); - } - - algorithmName = Strings.toUpperCase(algorithmName); - - if (params.containsKey(algorithmName)) - { - return new AlgorithmIdentifier(sigOid, (ASN1Encodable)params.get(algorithmName)); - } - else - { - return new AlgorithmIdentifier(sigOid, DERNull.INSTANCE); - } - } - - static Iterator getAlgNames() - { - Enumeration e = algorithms.keys(); - List l = new ArrayList(); - - while (e.hasMoreElements()) - { - l.add(e.nextElement()); - } - - return l.iterator(); - } - - static Signature getSignatureInstance( - String algorithm) - throws NoSuchAlgorithmException - { - return Signature.getInstance(algorithm); - } - - static Signature getSignatureInstance( - String algorithm, - String provider) - throws NoSuchProviderException, NoSuchAlgorithmException - { - if (provider != null) - { - return Signature.getInstance(algorithm, provider); - } - else - { - return Signature.getInstance(algorithm); - } - } - - static byte[] calculateSignature( - ASN1ObjectIdentifier sigOid, - String sigName, - PrivateKey key, - SecureRandom random, - ASN1Encodable object) - throws IOException, NoSuchAlgorithmException, InvalidKeyException, SignatureException - { - Signature sig; - - if (sigOid == null) - { - throw new IllegalStateException("no signature algorithm specified"); - } - - sig = X509Util.getSignatureInstance(sigName); - - if (random != null) - { - sig.initSign(key, random); - } - else - { - sig.initSign(key); - } - - sig.update(object.toASN1Primitive().getEncoded(ASN1Encoding.DER)); - - return sig.sign(); - } - - static byte[] calculateSignature( - ASN1ObjectIdentifier sigOid, - String sigName, - String provider, - PrivateKey key, - SecureRandom random, - ASN1Encodable object) - throws IOException, NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, SignatureException - { - Signature sig; - - if (sigOid == null) - { - throw new IllegalStateException("no signature algorithm specified"); - } - - sig = X509Util.getSignatureInstance(sigName, provider); - - if (random != null) - { - sig.initSign(key, random); - } - else - { - sig.initSign(key); - } - - sig.update(object.toASN1Primitive().getEncoded(ASN1Encoding.DER)); - - return sig.sign(); - } - - static X509Principal convertPrincipal( - X500Principal principal) - { - try - { - return new X509Principal(principal.getEncoded()); - } - catch (IOException e) - { - throw new IllegalArgumentException("cannot convert principal"); - } - } - - static class Implementation - { - Object engine; - Provider provider; - - Implementation( - Object engine, - Provider provider) - { - this.engine = engine; - this.provider = provider; - } - - Object getEngine() - { - return engine; - } - - Provider getProvider() - { - return provider; - } - } - - /** - * see if we can find an algorithm (or its alias and what it represents) in - * the property table for the given provider. - */ - static Implementation getImplementation( - String baseName, - String algorithm, - Provider prov) - throws NoSuchAlgorithmException - { - algorithm = Strings.toUpperCase(algorithm); - - String alias; - - while ((alias = prov.getProperty("Alg.Alias." + baseName + "." + algorithm)) != null) - { - algorithm = alias; - } - - String className = prov.getProperty(baseName + "." + algorithm); - - if (className != null) - { - try - { - Class cls; - ClassLoader clsLoader = prov.getClass().getClassLoader(); - - if (clsLoader != null) - { - cls = clsLoader.loadClass(className); - } - else - { - cls = Class.forName(className); - } - - return new Implementation(cls.newInstance(), prov); - } - catch (ClassNotFoundException e) - { - throw new IllegalStateException( - "algorithm " + algorithm + " in provider " + prov.getName() + " but no class \"" + className + "\" found!"); - } - catch (Exception e) - { - throw new IllegalStateException( - "algorithm " + algorithm + " in provider " + prov.getName() + " but class \"" + className + "\" inaccessible!"); - } - } - - throw new NoSuchAlgorithmException("cannot find implementation " + algorithm + " for provider " + prov.getName()); - } - - /** - * return an implementation for a given algorithm/provider. - * If the provider is null, we grab the first avalaible who has the required algorithm. - */ - static Implementation getImplementation( - String baseName, - String algorithm) - throws NoSuchAlgorithmException - { - Provider[] prov = Security.getProviders(); - - // - // search every provider looking for the algorithm we want. - // - for (int i = 0; i != prov.length; i++) - { - // - // try case insensitive - // - Implementation imp = getImplementation(baseName, Strings.toUpperCase(algorithm), prov[i]); - if (imp != null) - { - return imp; - } - - try - { - imp = getImplementation(baseName, algorithm, prov[i]); - } - catch (NoSuchAlgorithmException e) - { - // continue - } - } - - throw new NoSuchAlgorithmException("cannot find implementation " + algorithm); - } - - static Provider getProvider(String provider) - throws NoSuchProviderException - { - Provider prov = Security.getProvider(provider); - - if (prov == null) - { - throw new NoSuchProviderException("Provider " + provider + " not found"); - } - - return prov; - } -} diff --git a/prov/src/main/java/org/bouncycastle/x509/X509V1CertificateGenerator.java b/prov/src/main/java/org/bouncycastle/x509/X509V1CertificateGenerator.java deleted file mode 100644 index f7ff3e43..00000000 --- a/prov/src/main/java/org/bouncycastle/x509/X509V1CertificateGenerator.java +++ /dev/null @@ -1,377 +0,0 @@ -package org.bouncycastle.x509; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.math.BigInteger; -import java.security.GeneralSecurityException; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.SignatureException; -import java.security.cert.CertificateEncodingException; -import java.security.cert.CertificateParsingException; -import java.security.cert.X509Certificate; -import java.util.Date; -import java.util.Iterator; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.Certificate; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x509.TBSCertificate; -import org.bouncycastle.asn1.x509.Time; -import org.bouncycastle.asn1.x509.V1TBSCertificateGenerator; -import org.bouncycastle.asn1.x509.X509Name; -import org.bouncycastle.jce.X509Principal; -import org.bouncycastle.jce.provider.X509CertificateObject; - -/** - * class to produce an X.509 Version 1 certificate. - * @deprecated use org.bouncycastle.cert.X509v1CertificateBuilder. - */ -public class X509V1CertificateGenerator -{ - private V1TBSCertificateGenerator tbsGen; - private ASN1ObjectIdentifier sigOID; - private AlgorithmIdentifier sigAlgId; - private String signatureAlgorithm; - - public X509V1CertificateGenerator() - { - tbsGen = new V1TBSCertificateGenerator(); - } - - /** - * reset the generator - */ - public void reset() - { - tbsGen = new V1TBSCertificateGenerator(); - } - - /** - * set the serial number for the certificate. - */ - public void setSerialNumber( - BigInteger serialNumber) - { - if (serialNumber.compareTo(BigInteger.ZERO) <= 0) - { - throw new IllegalArgumentException("serial number must be a positive integer"); - } - - tbsGen.setSerialNumber(new ASN1Integer(serialNumber)); - } - - /** - * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the - * certificate. - */ - public void setIssuerDN( - X500Principal issuer) - { - try - { - tbsGen.setIssuer(new X509Principal(issuer.getEncoded())); - } - catch (IOException e) - { - throw new IllegalArgumentException("can't process principal: " + e); - } - } - - /** - * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the - * certificate. - */ - public void setIssuerDN( - X509Name issuer) - { - tbsGen.setIssuer(issuer); - } - - public void setNotBefore( - Date date) - { - tbsGen.setStartDate(new Time(date)); - } - - public void setNotAfter( - Date date) - { - tbsGen.setEndDate(new Time(date)); - } - - /** - * Set the subject distinguished name. The subject describes the entity associated with the public key. - */ - public void setSubjectDN( - X500Principal subject) - { - try - { - tbsGen.setSubject(new X509Principal(subject.getEncoded())); - } - catch (IOException e) - { - throw new IllegalArgumentException("can't process principal: " + e); - } - } - - /** - * Set the subject distinguished name. The subject describes the entity associated with the public key. - */ - public void setSubjectDN( - X509Name subject) - { - tbsGen.setSubject(subject); - } - - public void setPublicKey( - PublicKey key) - { - try - { - tbsGen.setSubjectPublicKeyInfo(new SubjectPublicKeyInfo((ASN1Sequence)new ASN1InputStream( - new ByteArrayInputStream(key.getEncoded())).readObject())); - } - catch (Exception e) - { - throw new IllegalArgumentException("unable to process key - " + e.toString()); - } - } - - /** - * Set the signature algorithm. This can be either a name or an OID, names - * are treated as case insensitive. - * - * @param signatureAlgorithm string representation of the algorithm name. - */ - public void setSignatureAlgorithm( - String signatureAlgorithm) - { - this.signatureAlgorithm = signatureAlgorithm; - - try - { - sigOID = X509Util.getAlgorithmOID(signatureAlgorithm); - } - catch (Exception e) - { - throw new IllegalArgumentException("Unknown signature type requested"); - } - - sigAlgId = X509Util.getSigAlgID(sigOID, signatureAlgorithm); - - tbsGen.setSignature(sigAlgId); - } - - /** - * generate an X509 certificate, based on the current issuer and subject - * using the default provider "BC". - * @deprecated use generate(key, "BC") - */ - public X509Certificate generateX509Certificate( - PrivateKey key) - throws SecurityException, SignatureException, InvalidKeyException - { - try - { - return generateX509Certificate(key, "BC", null); - } - catch (NoSuchProviderException e) - { - throw new SecurityException("BC provider not installed!"); - } - } - - /** - * generate an X509 certificate, based on the current issuer and subject - * using the default provider "BC" and the passed in source of randomness - * @deprecated use generate(key, random, "BC") - */ - public X509Certificate generateX509Certificate( - PrivateKey key, - SecureRandom random) - throws SecurityException, SignatureException, InvalidKeyException - { - try - { - return generateX509Certificate(key, "BC", random); - } - catch (NoSuchProviderException e) - { - throw new SecurityException("BC provider not installed!"); - } - } - - /** - * generate an X509 certificate, based on the current issuer and subject, - * using the passed in provider for the signing, and the passed in source - * of randomness (if required). - * @deprecated use generate() - */ - public X509Certificate generateX509Certificate( - PrivateKey key, - String provider) - throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException - { - return generateX509Certificate(key, provider, null); - } - - /** - * generate an X509 certificate, based on the current issuer and subject, - * using the passed in provider for the signing, and the passed in source - * of randomness (if required). - * @deprecated use generate() - */ - public X509Certificate generateX509Certificate( - PrivateKey key, - String provider, - SecureRandom random) - throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException - { - try - { - return generate(key, provider, random); - } - catch (NoSuchProviderException e) - { - throw e; - } - catch (SignatureException e) - { - throw e; - } - catch (InvalidKeyException e) - { - throw e; - } - catch (GeneralSecurityException e) - { - throw new SecurityException("exception: " + e); - } - } - - /** - * generate an X509 certificate, based on the current issuer and subject - * using the default provider. - * <p> - * <b>Note:</b> this differs from the deprecated method in that the default provider is - * used - not "BC". - * </p> - */ - public X509Certificate generate( - PrivateKey key) - throws CertificateEncodingException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException - { - return generate(key, (SecureRandom)null); - } - - /** - * generate an X509 certificate, based on the current issuer and subject - * using the default provider and the passed in source of randomness - * <p> - * <b>Note:</b> this differs from the deprecated method in that the default provider is - * used - not "BC". - * </p> - */ - public X509Certificate generate( - PrivateKey key, - SecureRandom random) - throws CertificateEncodingException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException - { - TBSCertificate tbsCert = tbsGen.generateTBSCertificate(); - byte[] signature; - - try - { - signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, key, random, tbsCert); - } - catch (IOException e) - { - throw new ExtCertificateEncodingException("exception encoding TBS cert", e); - } - - return generateJcaObject(tbsCert, signature); - } - - /** - * generate an X509 certificate, based on the current issuer and subject, - * using the passed in provider for the signing, and the passed in source - * of randomness (if required). - */ - public X509Certificate generate( - PrivateKey key, - String provider) - throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException - { - return generate(key, provider, null); - } - - /** - * generate an X509 certificate, based on the current issuer and subject, - * using the passed in provider for the signing, and the passed in source - * of randomness (if required). - */ - public X509Certificate generate( - PrivateKey key, - String provider, - SecureRandom random) - throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException - { - TBSCertificate tbsCert = tbsGen.generateTBSCertificate(); - byte[] signature; - - try - { - signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, provider, key, random, tbsCert); - } - catch (IOException e) - { - throw new ExtCertificateEncodingException("exception encoding TBS cert", e); - } - - return generateJcaObject(tbsCert, signature); - } - - private X509Certificate generateJcaObject(TBSCertificate tbsCert, byte[] signature) - throws CertificateEncodingException - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(tbsCert); - v.add(sigAlgId); - v.add(new DERBitString(signature)); - - try - { - return new X509CertificateObject(Certificate.getInstance(new DERSequence(v))); - } - catch (CertificateParsingException e) - { - throw new ExtCertificateEncodingException("exception producing certificate object", e); - } - } - - /** - * Return an iterator of the signature names supported by the generator. - * - * @return an iterator containing recognised names. - */ - public Iterator getSignatureAlgNames() - { - return X509Util.getAlgNames(); - } -} diff --git a/prov/src/main/java/org/bouncycastle/x509/X509V2AttributeCertificate.java b/prov/src/main/java/org/bouncycastle/x509/X509V2AttributeCertificate.java deleted file mode 100644 index 14db8eab..00000000 --- a/prov/src/main/java/org/bouncycastle/x509/X509V2AttributeCertificate.java +++ /dev/null @@ -1,350 +0,0 @@ -package org.bouncycastle.x509; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.math.BigInteger; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PublicKey; -import java.security.Signature; -import java.security.SignatureException; -import java.security.cert.CertificateException; -import java.security.cert.CertificateExpiredException; -import java.security.cert.CertificateNotYetValidException; -import java.text.ParseException; -import java.util.ArrayList; -import java.util.Date; -import java.util.Enumeration; -import java.util.HashSet; -import java.util.List; -import java.util.Set; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.x509.AttributeCertificate; -import org.bouncycastle.asn1.x509.Extension; -import org.bouncycastle.asn1.x509.Extensions; -import org.bouncycastle.util.Arrays; - -/** - * An implementation of a version 2 X.509 Attribute Certificate. - * @deprecated use org.bouncycastle.cert.X509AttributeCertificateHolder - */ -public class X509V2AttributeCertificate - implements X509AttributeCertificate -{ - private AttributeCertificate cert; - private Date notBefore; - private Date notAfter; - - private static AttributeCertificate getObject(InputStream in) - throws IOException - { - try - { - return AttributeCertificate.getInstance(new ASN1InputStream(in).readObject()); - } - catch (IOException e) - { - throw e; - } - catch (Exception e) - { - throw new IOException("exception decoding certificate structure: " + e.toString()); - } - } - - public X509V2AttributeCertificate( - InputStream encIn) - throws IOException - { - this(getObject(encIn)); - } - - public X509V2AttributeCertificate( - byte[] encoded) - throws IOException - { - this(new ByteArrayInputStream(encoded)); - } - - X509V2AttributeCertificate( - AttributeCertificate cert) - throws IOException - { - this.cert = cert; - - try - { - this.notAfter = cert.getAcinfo().getAttrCertValidityPeriod().getNotAfterTime().getDate(); - this.notBefore = cert.getAcinfo().getAttrCertValidityPeriod().getNotBeforeTime().getDate(); - } - catch (ParseException e) - { - throw new IOException("invalid data structure in certificate!"); - } - } - - public int getVersion() - { - return cert.getAcinfo().getVersion().getValue().intValue() + 1; - } - - public BigInteger getSerialNumber() - { - return cert.getAcinfo().getSerialNumber().getValue(); - } - - public AttributeCertificateHolder getHolder() - { - return new AttributeCertificateHolder((ASN1Sequence)cert.getAcinfo().getHolder().toASN1Object()); - } - - public AttributeCertificateIssuer getIssuer() - { - return new AttributeCertificateIssuer(cert.getAcinfo().getIssuer()); - } - - public Date getNotBefore() - { - return notBefore; - } - - public Date getNotAfter() - { - return notAfter; - } - - public boolean[] getIssuerUniqueID() - { - DERBitString id = cert.getAcinfo().getIssuerUniqueID(); - - if (id != null) - { - byte[] bytes = id.getBytes(); - boolean[] boolId = new boolean[bytes.length * 8 - id.getPadBits()]; - - for (int i = 0; i != boolId.length; i++) - { - boolId[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0; - } - - return boolId; - } - - return null; - } - - public void checkValidity() - throws CertificateExpiredException, CertificateNotYetValidException - { - this.checkValidity(new Date()); - } - - public void checkValidity( - Date date) - throws CertificateExpiredException, CertificateNotYetValidException - { - if (date.after(this.getNotAfter())) - { - throw new CertificateExpiredException("certificate expired on " + this.getNotAfter()); - } - - if (date.before(this.getNotBefore())) - { - throw new CertificateNotYetValidException("certificate not valid till " + this.getNotBefore()); - } - } - - public byte[] getSignature() - { - return cert.getSignatureValue().getBytes(); - } - - public final void verify( - PublicKey key, - String provider) - throws CertificateException, NoSuchAlgorithmException, - InvalidKeyException, NoSuchProviderException, SignatureException - { - Signature signature = null; - - if (!cert.getSignatureAlgorithm().equals(cert.getAcinfo().getSignature())) - { - throw new CertificateException("Signature algorithm in certificate info not same as outer certificate"); - } - - signature = Signature.getInstance(cert.getSignatureAlgorithm().getObjectId().getId(), provider); - - signature.initVerify(key); - - try - { - signature.update(cert.getAcinfo().getEncoded()); - } - catch (IOException e) - { - throw new SignatureException("Exception encoding certificate info object"); - } - - if (!signature.verify(this.getSignature())) - { - throw new InvalidKeyException("Public key presented not for certificate signature"); - } - } - - public byte[] getEncoded() - throws IOException - { - return cert.getEncoded(); - } - - public byte[] getExtensionValue(String oid) - { - Extensions extensions = cert.getAcinfo().getExtensions(); - - if (extensions != null) - { - Extension ext = extensions.getExtension(new ASN1ObjectIdentifier(oid)); - - if (ext != null) - { - try - { - return ext.getExtnValue().getEncoded(ASN1Encoding.DER); - } - catch (Exception e) - { - throw new RuntimeException("error encoding " + e.toString()); - } - } - } - - return null; - } - - private Set getExtensionOIDs( - boolean critical) - { - Extensions extensions = cert.getAcinfo().getExtensions(); - - if (extensions != null) - { - Set set = new HashSet(); - Enumeration e = extensions.oids(); - - while (e.hasMoreElements()) - { - ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier)e.nextElement(); - Extension ext = extensions.getExtension(oid); - - if (ext.isCritical() == critical) - { - set.add(oid.getId()); - } - } - - return set; - } - - return null; - } - - public Set getNonCriticalExtensionOIDs() - { - return getExtensionOIDs(false); - } - - public Set getCriticalExtensionOIDs() - { - return getExtensionOIDs(true); - } - - public boolean hasUnsupportedCriticalExtension() - { - Set extensions = getCriticalExtensionOIDs(); - - return extensions != null && !extensions.isEmpty(); - } - - public X509Attribute[] getAttributes() - { - ASN1Sequence seq = cert.getAcinfo().getAttributes(); - X509Attribute[] attrs = new X509Attribute[seq.size()]; - - for (int i = 0; i != seq.size(); i++) - { - attrs[i] = new X509Attribute((ASN1Encodable)seq.getObjectAt(i)); - } - - return attrs; - } - - public X509Attribute[] getAttributes(String oid) - { - ASN1Sequence seq = cert.getAcinfo().getAttributes(); - List list = new ArrayList(); - - for (int i = 0; i != seq.size(); i++) - { - X509Attribute attr = new X509Attribute((ASN1Encodable)seq.getObjectAt(i)); - if (attr.getOID().equals(oid)) - { - list.add(attr); - } - } - - if (list.size() == 0) - { - return null; - } - - return (X509Attribute[])list.toArray(new X509Attribute[list.size()]); - } - - public boolean equals( - Object o) - { - if (o == this) - { - return true; - } - - if (!(o instanceof X509AttributeCertificate)) - { - return false; - } - - X509AttributeCertificate other = (X509AttributeCertificate)o; - - try - { - byte[] b1 = this.getEncoded(); - byte[] b2 = other.getEncoded(); - - return Arrays.areEqual(b1, b2); - } - catch (IOException e) - { - return false; - } - } - - public int hashCode() - { - try - { - return Arrays.hashCode(this.getEncoded()); - } - catch (IOException e) - { - return 0; - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/x509/X509V2CRLGenerator.java b/prov/src/main/java/org/bouncycastle/x509/X509V2CRLGenerator.java deleted file mode 100644 index 8773d0ec..00000000 --- a/prov/src/main/java/org/bouncycastle/x509/X509V2CRLGenerator.java +++ /dev/null @@ -1,450 +0,0 @@ -package org.bouncycastle.x509; - -import java.io.IOException; -import java.math.BigInteger; -import java.security.GeneralSecurityException; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.SecureRandom; -import java.security.SignatureException; -import java.security.cert.CRLException; -import java.security.cert.X509CRL; -import java.security.cert.X509CRLEntry; -import java.util.Date; -import java.util.Iterator; -import java.util.Set; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1GeneralizedTime; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.CertificateList; -import org.bouncycastle.asn1.x509.Extensions; -import org.bouncycastle.asn1.x509.TBSCertList; -import org.bouncycastle.asn1.x509.Time; -import org.bouncycastle.asn1.x509.V2TBSCertListGenerator; -import org.bouncycastle.asn1.x509.X509Extensions; -import org.bouncycastle.asn1.x509.X509ExtensionsGenerator; -import org.bouncycastle.asn1.x509.X509Name; -import org.bouncycastle.jce.X509Principal; -import org.bouncycastle.jce.provider.X509CRLObject; - -/** - * class to produce an X.509 Version 2 CRL. - * @deprecated use org.bouncycastle.cert.X509v2CRLBuilder. - */ -public class X509V2CRLGenerator -{ - private V2TBSCertListGenerator tbsGen; - private ASN1ObjectIdentifier sigOID; - private AlgorithmIdentifier sigAlgId; - private String signatureAlgorithm; - private X509ExtensionsGenerator extGenerator; - - public X509V2CRLGenerator() - { - tbsGen = new V2TBSCertListGenerator(); - extGenerator = new X509ExtensionsGenerator(); - } - - /** - * reset the generator - */ - public void reset() - { - tbsGen = new V2TBSCertListGenerator(); - extGenerator.reset(); - } - - /** - * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the - * certificate. - */ - public void setIssuerDN( - X500Principal issuer) - { - try - { - tbsGen.setIssuer(new X509Principal(issuer.getEncoded())); - } - catch (IOException e) - { - throw new IllegalArgumentException("can't process principal: " + e); - } - } - - /** - * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the - * certificate. - */ - public void setIssuerDN( - X509Name issuer) - { - tbsGen.setIssuer(issuer); - } - - public void setThisUpdate( - Date date) - { - tbsGen.setThisUpdate(new Time(date)); - } - - public void setNextUpdate( - Date date) - { - tbsGen.setNextUpdate(new Time(date)); - } - - /** - * Reason being as indicated by CRLReason, i.e. CRLReason.keyCompromise - * or 0 if CRLReason is not to be used - **/ - public void addCRLEntry(BigInteger userCertificate, Date revocationDate, int reason) - { - tbsGen.addCRLEntry(new ASN1Integer(userCertificate), new Time(revocationDate), reason); - } - - /** - * Add a CRL entry with an Invalidity Date extension as well as a CRLReason extension. - * Reason being as indicated by CRLReason, i.e. CRLReason.keyCompromise - * or 0 if CRLReason is not to be used - **/ - public void addCRLEntry(BigInteger userCertificate, Date revocationDate, int reason, Date invalidityDate) - { - tbsGen.addCRLEntry(new ASN1Integer(userCertificate), new Time(revocationDate), reason, new ASN1GeneralizedTime(invalidityDate)); - } - - /** - * Add a CRL entry with extensions. - **/ - public void addCRLEntry(BigInteger userCertificate, Date revocationDate, X509Extensions extensions) - { - tbsGen.addCRLEntry(new ASN1Integer(userCertificate), new Time(revocationDate), Extensions.getInstance(extensions)); - } - - /** - * Add the CRLEntry objects contained in a previous CRL. - * - * @param other the X509CRL to source the other entries from. - */ - public void addCRL(X509CRL other) - throws CRLException - { - Set revocations = other.getRevokedCertificates(); - - if (revocations != null) - { - Iterator it = revocations.iterator(); - while (it.hasNext()) - { - X509CRLEntry entry = (X509CRLEntry)it.next(); - - ASN1InputStream aIn = new ASN1InputStream(entry.getEncoded()); - - try - { - tbsGen.addCRLEntry(ASN1Sequence.getInstance(aIn.readObject())); - } - catch (IOException e) - { - throw new CRLException("exception processing encoding of CRL: " + e.toString()); - } - } - } - } - - /** - * Set the signature algorithm. This can be either a name or an OID, names - * are treated as case insensitive. - * - * @param signatureAlgorithm string representation of the algorithm name. - */ - public void setSignatureAlgorithm( - String signatureAlgorithm) - { - this.signatureAlgorithm = signatureAlgorithm; - - try - { - sigOID = X509Util.getAlgorithmOID(signatureAlgorithm); - } - catch (Exception e) - { - throw new IllegalArgumentException("Unknown signature type requested"); - } - - sigAlgId = X509Util.getSigAlgID(sigOID, signatureAlgorithm); - - tbsGen.setSignature(sigAlgId); - } - - /** - * add a given extension field for the standard extensions tag (tag 0) - */ - public void addExtension( - String oid, - boolean critical, - ASN1Encodable value) - { - this.addExtension(new ASN1ObjectIdentifier(oid), critical, value); - } - - /** - * add a given extension field for the standard extensions tag (tag 0) - */ - public void addExtension( - ASN1ObjectIdentifier oid, - boolean critical, - ASN1Encodable value) - { - extGenerator.addExtension(new ASN1ObjectIdentifier(oid.getId()), critical, value); - } - - /** - * add a given extension field for the standard extensions tag (tag 0) - */ - public void addExtension( - String oid, - boolean critical, - byte[] value) - { - this.addExtension(new ASN1ObjectIdentifier(oid), critical, value); - } - - /** - * add a given extension field for the standard extensions tag (tag 0) - */ - public void addExtension( - ASN1ObjectIdentifier oid, - boolean critical, - byte[] value) - { - extGenerator.addExtension(new ASN1ObjectIdentifier(oid.getId()), critical, value); - } - - /** - * generate an X509 CRL, based on the current issuer and subject - * using the default provider "BC". - * @deprecated use generate(key, "BC") - */ - public X509CRL generateX509CRL( - PrivateKey key) - throws SecurityException, SignatureException, InvalidKeyException - { - try - { - return generateX509CRL(key, "BC", null); - } - catch (NoSuchProviderException e) - { - throw new SecurityException("BC provider not installed!"); - } - } - - /** - * generate an X509 CRL, based on the current issuer and subject - * using the default provider "BC" and an user defined SecureRandom object as - * source of randomness. - * @deprecated use generate(key, random, "BC") - */ - public X509CRL generateX509CRL( - PrivateKey key, - SecureRandom random) - throws SecurityException, SignatureException, InvalidKeyException - { - try - { - return generateX509CRL(key, "BC", random); - } - catch (NoSuchProviderException e) - { - throw new SecurityException("BC provider not installed!"); - } - } - - /** - * generate an X509 certificate, based on the current issuer and subject - * using the passed in provider for the signing. - * @deprecated use generate() - */ - public X509CRL generateX509CRL( - PrivateKey key, - String provider) - throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException - { - return generateX509CRL(key, provider, null); - } - - /** - * generate an X509 CRL, based on the current issuer and subject, - * using the passed in provider for the signing. - * @deprecated use generate() - */ - public X509CRL generateX509CRL( - PrivateKey key, - String provider, - SecureRandom random) - throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException - { - try - { - return generate(key, provider, random); - } - catch (NoSuchProviderException e) - { - throw e; - } - catch (SignatureException e) - { - throw e; - } - catch (InvalidKeyException e) - { - throw e; - } - catch (GeneralSecurityException e) - { - throw new SecurityException("exception: " + e); - } - } - - /** - * generate an X509 CRL, based on the current issuer and subject - * using the default provider. - * <p> - * <b>Note:</b> this differs from the deprecated method in that the default provider is - * used - not "BC". - * </p> - */ - public X509CRL generate( - PrivateKey key) - throws CRLException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException - { - return generate(key, (SecureRandom)null); - } - - /** - * generate an X509 CRL, based on the current issuer and subject - * using the default provider and an user defined SecureRandom object as - * source of randomness. - * <p> - * <b>Note:</b> this differs from the deprecated method in that the default provider is - * used - not "BC". - * </p> - */ - public X509CRL generate( - PrivateKey key, - SecureRandom random) - throws CRLException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException - { - TBSCertList tbsCrl = generateCertList(); - byte[] signature; - - try - { - signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, key, random, tbsCrl); - } - catch (IOException e) - { - throw new ExtCRLException("cannot generate CRL encoding", e); - } - - return generateJcaObject(tbsCrl, signature); - } - - /** - * generate an X509 certificate, based on the current issuer and subject - * using the passed in provider for the signing. - */ - public X509CRL generate( - PrivateKey key, - String provider) - throws CRLException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException - { - return generate(key, provider, null); - } - - /** - * generate an X509 CRL, based on the current issuer and subject, - * using the passed in provider for the signing. - */ - public X509CRL generate( - PrivateKey key, - String provider, - SecureRandom random) - throws CRLException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException - { - TBSCertList tbsCrl = generateCertList(); - byte[] signature; - - try - { - signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, provider, key, random, tbsCrl); - } - catch (IOException e) - { - throw new ExtCRLException("cannot generate CRL encoding", e); - } - - return generateJcaObject(tbsCrl, signature); - } - - private TBSCertList generateCertList() - { - if (!extGenerator.isEmpty()) - { - tbsGen.setExtensions(extGenerator.generate()); - } - - return tbsGen.generateTBSCertList(); - } - - private X509CRL generateJcaObject(TBSCertList tbsCrl, byte[] signature) - throws CRLException - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(tbsCrl); - v.add(sigAlgId); - v.add(new DERBitString(signature)); - - return new X509CRLObject(new CertificateList(new DERSequence(v))); - } - - /** - * Return an iterator of the signature names supported by the generator. - * - * @return an iterator containing recognised names. - */ - public Iterator getSignatureAlgNames() - { - return X509Util.getAlgNames(); - } - - private static class ExtCRLException - extends CRLException - { - Throwable cause; - - ExtCRLException(String message, Throwable cause) - { - super(message); - this.cause = cause; - } - - public Throwable getCause() - { - return cause; - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/x509/X509V3CertificateGenerator.java b/prov/src/main/java/org/bouncycastle/x509/X509V3CertificateGenerator.java deleted file mode 100644 index c422cb26..00000000 --- a/prov/src/main/java/org/bouncycastle/x509/X509V3CertificateGenerator.java +++ /dev/null @@ -1,526 +0,0 @@ -package org.bouncycastle.x509; - -import java.io.IOException; -import java.math.BigInteger; -import java.security.GeneralSecurityException; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.SignatureException; -import java.security.cert.CertificateEncodingException; -import java.security.cert.CertificateParsingException; -import java.security.cert.X509Certificate; -import java.util.Date; -import java.util.Iterator; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.Certificate; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x509.TBSCertificate; -import org.bouncycastle.asn1.x509.Time; -import org.bouncycastle.asn1.x509.V3TBSCertificateGenerator; -import org.bouncycastle.asn1.x509.X509ExtensionsGenerator; -import org.bouncycastle.asn1.x509.X509Name; -import org.bouncycastle.jce.X509Principal; -import org.bouncycastle.jce.provider.X509CertificateObject; -import org.bouncycastle.x509.extension.X509ExtensionUtil; - -/** - * class to produce an X.509 Version 3 certificate. - * @deprecated use org.bouncycastle.cert.X509v3CertificateBuilder. - */ -public class X509V3CertificateGenerator -{ - private V3TBSCertificateGenerator tbsGen; - private ASN1ObjectIdentifier sigOID; - private AlgorithmIdentifier sigAlgId; - private String signatureAlgorithm; - private X509ExtensionsGenerator extGenerator; - - public X509V3CertificateGenerator() - { - tbsGen = new V3TBSCertificateGenerator(); - extGenerator = new X509ExtensionsGenerator(); - } - - /** - * reset the generator - */ - public void reset() - { - tbsGen = new V3TBSCertificateGenerator(); - extGenerator.reset(); - } - - /** - * set the serial number for the certificate. - */ - public void setSerialNumber( - BigInteger serialNumber) - { - if (serialNumber.compareTo(BigInteger.ZERO) <= 0) - { - throw new IllegalArgumentException("serial number must be a positive integer"); - } - - tbsGen.setSerialNumber(new ASN1Integer(serialNumber)); - } - - /** - * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the - * certificate. - */ - public void setIssuerDN( - X500Principal issuer) - { - try - { - tbsGen.setIssuer(new X509Principal(issuer.getEncoded())); - } - catch (IOException e) - { - throw new IllegalArgumentException("can't process principal: " + e); - } - } - - /** - * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the - * certificate. - */ - public void setIssuerDN( - X509Name issuer) - { - tbsGen.setIssuer(issuer); - } - - public void setNotBefore( - Date date) - { - tbsGen.setStartDate(new Time(date)); - } - - public void setNotAfter( - Date date) - { - tbsGen.setEndDate(new Time(date)); - } - - /** - * Set the subject distinguished name. The subject describes the entity associated with the public key. - */ - public void setSubjectDN( - X500Principal subject) - { - try - { - tbsGen.setSubject(new X509Principal(subject.getEncoded())); - } - catch (IOException e) - { - throw new IllegalArgumentException("can't process principal: " + e); - } - } - - /** - * Set the subject distinguished name. The subject describes the entity associated with the public key. - */ - public void setSubjectDN( - X509Name subject) - { - tbsGen.setSubject(subject); - } - - public void setPublicKey( - PublicKey key) - throws IllegalArgumentException - { - try - { - tbsGen.setSubjectPublicKeyInfo( - SubjectPublicKeyInfo.getInstance(new ASN1InputStream(key.getEncoded()).readObject())); - } - catch (Exception e) - { - throw new IllegalArgumentException("unable to process key - " + e.toString()); - } - } - - /** - * Set the signature algorithm. This can be either a name or an OID, names - * are treated as case insensitive. - * - * @param signatureAlgorithm string representation of the algorithm name. - */ - public void setSignatureAlgorithm( - String signatureAlgorithm) - { - this.signatureAlgorithm = signatureAlgorithm; - - try - { - sigOID = X509Util.getAlgorithmOID(signatureAlgorithm); - } - catch (Exception e) - { - throw new IllegalArgumentException("Unknown signature type requested: " + signatureAlgorithm); - } - - sigAlgId = X509Util.getSigAlgID(sigOID, signatureAlgorithm); - - tbsGen.setSignature(sigAlgId); - } - - /** - * Set the subject unique ID - note: it is very rare that it is correct to do this. - */ - public void setSubjectUniqueID(boolean[] uniqueID) - { - tbsGen.setSubjectUniqueID(booleanToBitString(uniqueID)); - } - - /** - * Set the issuer unique ID - note: it is very rare that it is correct to do this. - */ - public void setIssuerUniqueID(boolean[] uniqueID) - { - tbsGen.setIssuerUniqueID(booleanToBitString(uniqueID)); - } - - private DERBitString booleanToBitString(boolean[] id) - { - byte[] bytes = new byte[(id.length + 7) / 8]; - - for (int i = 0; i != id.length; i++) - { - bytes[i / 8] |= (id[i]) ? (1 << ((7 - (i % 8)))) : 0; - } - - int pad = id.length % 8; - - if (pad == 0) - { - return new DERBitString(bytes); - } - else - { - return new DERBitString(bytes, 8 - pad); - } - } - - /** - * add a given extension field for the standard extensions tag (tag 3) - */ - public void addExtension( - String oid, - boolean critical, - ASN1Encodable value) - { - this.addExtension(new ASN1ObjectIdentifier(oid), critical, value); - } - - /** - * add a given extension field for the standard extensions tag (tag 3) - */ - public void addExtension( - ASN1ObjectIdentifier oid, - boolean critical, - ASN1Encodable value) - { - extGenerator.addExtension(new ASN1ObjectIdentifier(oid.getId()), critical, value); - } - - /** - * add a given extension field for the standard extensions tag (tag 3) - * The value parameter becomes the contents of the octet string associated - * with the extension. - */ - public void addExtension( - String oid, - boolean critical, - byte[] value) - { - this.addExtension(new ASN1ObjectIdentifier(oid), critical, value); - } - - /** - * add a given extension field for the standard extensions tag (tag 3) - */ - public void addExtension( - ASN1ObjectIdentifier oid, - boolean critical, - byte[] value) - { - extGenerator.addExtension(new ASN1ObjectIdentifier(oid.getId()), critical, value); - } - - /** - * add a given extension field for the standard extensions tag (tag 3) - * copying the extension value from another certificate. - * @throws CertificateParsingException if the extension cannot be extracted. - */ - public void copyAndAddExtension( - String oid, - boolean critical, - X509Certificate cert) - throws CertificateParsingException - { - byte[] extValue = cert.getExtensionValue(oid); - - if (extValue == null) - { - throw new CertificateParsingException("extension " + oid + " not present"); - } - - try - { - ASN1Encodable value = X509ExtensionUtil.fromExtensionValue(extValue); - - this.addExtension(oid, critical, value); - } - catch (IOException e) - { - throw new CertificateParsingException(e.toString()); - } - } - - /** - * add a given extension field for the standard extensions tag (tag 3) - * copying the extension value from another certificate. - * @throws CertificateParsingException if the extension cannot be extracted. - */ - public void copyAndAddExtension( - ASN1ObjectIdentifier oid, - boolean critical, - X509Certificate cert) - throws CertificateParsingException - { - this.copyAndAddExtension(oid.getId(), critical, cert); - } - - /** - * generate an X509 certificate, based on the current issuer and subject - * using the default provider "BC". - * @deprecated use generate(key, "BC") - */ - public X509Certificate generateX509Certificate( - PrivateKey key) - throws SecurityException, SignatureException, InvalidKeyException - { - try - { - return generateX509Certificate(key, "BC", null); - } - catch (NoSuchProviderException e) - { - throw new SecurityException("BC provider not installed!"); - } - } - - /** - * generate an X509 certificate, based on the current issuer and subject - * using the default provider "BC", and the passed in source of randomness - * (if required). - * @deprecated use generate(key, random, "BC") - */ - public X509Certificate generateX509Certificate( - PrivateKey key, - SecureRandom random) - throws SecurityException, SignatureException, InvalidKeyException - { - try - { - return generateX509Certificate(key, "BC", random); - } - catch (NoSuchProviderException e) - { - throw new SecurityException("BC provider not installed!"); - } - } - - /** - * generate an X509 certificate, based on the current issuer and subject, - * using the passed in provider for the signing. - * @deprecated use generate() - */ - public X509Certificate generateX509Certificate( - PrivateKey key, - String provider) - throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException - { - return generateX509Certificate(key, provider, null); - } - - /** - * generate an X509 certificate, based on the current issuer and subject, - * using the passed in provider for the signing and the supplied source - * of randomness, if required. - * @deprecated use generate() - */ - public X509Certificate generateX509Certificate( - PrivateKey key, - String provider, - SecureRandom random) - throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException - { - try - { - return generate(key, provider, random); - } - catch (NoSuchProviderException e) - { - throw e; - } - catch (SignatureException e) - { - throw e; - } - catch (InvalidKeyException e) - { - throw e; - } - catch (GeneralSecurityException e) - { - throw new SecurityException("exception: " + e); - } - } - - /** - * generate an X509 certificate, based on the current issuer and subject - * using the default provider. - * <p> - * <b>Note:</b> this differs from the deprecated method in that the default provider is - * used - not "BC". - * </p> - */ - public X509Certificate generate( - PrivateKey key) - throws CertificateEncodingException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException - { - return generate(key, (SecureRandom)null); - } - - /** - * generate an X509 certificate, based on the current issuer and subject - * using the default provider, and the passed in source of randomness - * (if required). - * <p> - * <b>Note:</b> this differs from the deprecated method in that the default provider is - * used - not "BC". - * </p> - */ - public X509Certificate generate( - PrivateKey key, - SecureRandom random) - throws CertificateEncodingException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException - { - TBSCertificate tbsCert = generateTbsCert(); - byte[] signature; - - try - { - signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, key, random, tbsCert); - } - catch (IOException e) - { - throw new ExtCertificateEncodingException("exception encoding TBS cert", e); - } - - try - { - return generateJcaObject(tbsCert, signature); - } - catch (CertificateParsingException e) - { - throw new ExtCertificateEncodingException("exception producing certificate object", e); - } - } - - /** - * generate an X509 certificate, based on the current issuer and subject, - * using the passed in provider for the signing. - */ - public X509Certificate generate( - PrivateKey key, - String provider) - throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException - { - return generate(key, provider, null); - } - - /** - * generate an X509 certificate, based on the current issuer and subject, - * using the passed in provider for the signing and the supplied source - * of randomness, if required. - */ - public X509Certificate generate( - PrivateKey key, - String provider, - SecureRandom random) - throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException - { - TBSCertificate tbsCert = generateTbsCert(); - byte[] signature; - - try - { - signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, provider, key, random, tbsCert); - } - catch (IOException e) - { - throw new ExtCertificateEncodingException("exception encoding TBS cert", e); - } - - try - { - return generateJcaObject(tbsCert, signature); - } - catch (CertificateParsingException e) - { - throw new ExtCertificateEncodingException("exception producing certificate object", e); - } - } - - private TBSCertificate generateTbsCert() - { - if (!extGenerator.isEmpty()) - { - tbsGen.setExtensions(extGenerator.generate()); - } - - return tbsGen.generateTBSCertificate(); - } - - private X509Certificate generateJcaObject(TBSCertificate tbsCert, byte[] signature) - throws CertificateParsingException - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(tbsCert); - v.add(sigAlgId); - v.add(new DERBitString(signature)); - - return new X509CertificateObject(Certificate.getInstance(new DERSequence(v))); - } - - /** - * Return an iterator of the signature names supported by the generator. - * - * @return an iterator containing recognised names. - */ - public Iterator getSignatureAlgNames() - { - return X509Util.getAlgNames(); - } -} diff --git a/prov/src/main/java/org/bouncycastle/x509/extension/AuthorityKeyIdentifierStructure.java b/prov/src/main/java/org/bouncycastle/x509/extension/AuthorityKeyIdentifierStructure.java deleted file mode 100644 index 2164d1fb..00000000 --- a/prov/src/main/java/org/bouncycastle/x509/extension/AuthorityKeyIdentifierStructure.java +++ /dev/null @@ -1,152 +0,0 @@ -package org.bouncycastle.x509.extension; - -import java.io.IOException; -import java.security.InvalidKeyException; -import java.security.PublicKey; -import java.security.cert.CertificateParsingException; -import java.security.cert.X509Certificate; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier; -import org.bouncycastle.asn1.x509.Extension; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.GeneralNames; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x509.X509Extension; -import org.bouncycastle.asn1.x509.X509Extensions; -import org.bouncycastle.jce.PrincipalUtil; - -/** - * A high level authority key identifier. - * @deprecated use JcaX509ExtensionUtils and AuthorityKeyIdentifier.getInstance() - */ -public class AuthorityKeyIdentifierStructure - extends AuthorityKeyIdentifier -{ - /** - * Constructor which will take the byte[] returned from getExtensionValue() - * - * @param encodedValue a DER octet encoded string with the extension structure in it. - * @throws IOException on parsing errors. - */ - public AuthorityKeyIdentifierStructure( - byte[] encodedValue) - throws IOException - { - super((ASN1Sequence)X509ExtensionUtil.fromExtensionValue(encodedValue)); - } - - /** - * Constructor which will take an extension - * - * @param extension a X509Extension object containing an AuthorityKeyIdentifier. - * @deprecated use constructor that takes Extension - */ - public AuthorityKeyIdentifierStructure( - X509Extension extension) - { - super((ASN1Sequence)extension.getParsedValue()); - } - - /** - * Constructor which will take an extension - * - * @param extension a X509Extension object containing an AuthorityKeyIdentifier. - */ - public AuthorityKeyIdentifierStructure( - Extension extension) - { - super((ASN1Sequence)extension.getParsedValue()); - } - - private static ASN1Sequence fromCertificate( - X509Certificate certificate) - throws CertificateParsingException - { - try - { - if (certificate.getVersion() != 3) - { - GeneralName genName = new GeneralName(PrincipalUtil.getIssuerX509Principal(certificate)); - SubjectPublicKeyInfo info = new SubjectPublicKeyInfo( - (ASN1Sequence)new ASN1InputStream(certificate.getPublicKey().getEncoded()).readObject()); - - return (ASN1Sequence)new AuthorityKeyIdentifier( - info, new GeneralNames(genName), certificate.getSerialNumber()).toASN1Object(); - } - else - { - GeneralName genName = new GeneralName(PrincipalUtil.getIssuerX509Principal(certificate)); - - byte[] ext = certificate.getExtensionValue(X509Extensions.SubjectKeyIdentifier.getId()); - - if (ext != null) - { - ASN1OctetString str = (ASN1OctetString)X509ExtensionUtil.fromExtensionValue(ext); - - return (ASN1Sequence)new AuthorityKeyIdentifier( - str.getOctets(), new GeneralNames(genName), certificate.getSerialNumber()).toASN1Object(); - } - else - { - SubjectPublicKeyInfo info = new SubjectPublicKeyInfo( - (ASN1Sequence)new ASN1InputStream(certificate.getPublicKey().getEncoded()).readObject()); - - return (ASN1Sequence)new AuthorityKeyIdentifier( - info, new GeneralNames(genName), certificate.getSerialNumber()).toASN1Object(); - } - } - } - catch (Exception e) - { - throw new CertificateParsingException("Exception extracting certificate details: " + e.toString()); - } - } - - private static ASN1Sequence fromKey( - PublicKey pubKey) - throws InvalidKeyException - { - try - { - SubjectPublicKeyInfo info = new SubjectPublicKeyInfo( - (ASN1Sequence)new ASN1InputStream(pubKey.getEncoded()).readObject()); - - return (ASN1Sequence)new AuthorityKeyIdentifier(info).toASN1Object(); - } - catch (Exception e) - { - throw new InvalidKeyException("can't process key: " + e); - } - } - - /** - * Create an AuthorityKeyIdentifier using the passed in certificate's public - * key, issuer and serial number. - * - * @param certificate the certificate providing the information. - * @throws CertificateParsingException if there is a problem processing the certificate - */ - public AuthorityKeyIdentifierStructure( - X509Certificate certificate) - throws CertificateParsingException - { - super(fromCertificate(certificate)); - } - - /** - * Create an AuthorityKeyIdentifier using just the hash of the - * public key. - * - * @param pubKey the key to generate the hash from. - * @throws InvalidKeyException if there is a problem using the key. - */ - public AuthorityKeyIdentifierStructure( - PublicKey pubKey) - throws InvalidKeyException - { - super(fromKey(pubKey)); - } -} diff --git a/prov/src/main/java/org/bouncycastle/x509/extension/X509ExtensionUtil.java b/prov/src/main/java/org/bouncycastle/x509/extension/X509ExtensionUtil.java deleted file mode 100644 index 2e4d14d3..00000000 --- a/prov/src/main/java/org/bouncycastle/x509/extension/X509ExtensionUtil.java +++ /dev/null @@ -1,101 +0,0 @@ -package org.bouncycastle.x509.extension; - -import java.io.IOException; -import java.security.cert.CertificateParsingException; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Collections; -import java.util.Enumeration; -import java.util.List; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.ASN1String; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.X509Extension; -import org.bouncycastle.util.Integers; - - -public class X509ExtensionUtil -{ - public static ASN1Primitive fromExtensionValue( - byte[] encodedValue) - throws IOException - { - ASN1OctetString octs = (ASN1OctetString)ASN1Primitive.fromByteArray(encodedValue); - - return ASN1Primitive.fromByteArray(octs.getOctets()); - } - - public static Collection getIssuerAlternativeNames(X509Certificate cert) - throws CertificateParsingException - { - byte[] extVal = cert.getExtensionValue(X509Extension.issuerAlternativeName.getId()); - - return getAlternativeNames(extVal); - } - - public static Collection getSubjectAlternativeNames(X509Certificate cert) - throws CertificateParsingException - { - byte[] extVal = cert.getExtensionValue(X509Extension.subjectAlternativeName.getId()); - - return getAlternativeNames(extVal); - } - - private static Collection getAlternativeNames(byte[] extVal) - throws CertificateParsingException - { - if (extVal == null) - { - return Collections.EMPTY_LIST; - } - try - { - Collection temp = new ArrayList(); - Enumeration it = DERSequence.getInstance(fromExtensionValue(extVal)).getObjects(); - while (it.hasMoreElements()) - { - GeneralName genName = GeneralName.getInstance(it.nextElement()); - List list = new ArrayList(); - list.add(Integers.valueOf(genName.getTagNo())); - switch (genName.getTagNo()) - { - case GeneralName.ediPartyName: - case GeneralName.x400Address: - case GeneralName.otherName: - list.add(genName.getName().toASN1Primitive()); - break; - case GeneralName.directoryName: - list.add(X500Name.getInstance(genName.getName()).toString()); - break; - case GeneralName.dNSName: - case GeneralName.rfc822Name: - case GeneralName.uniformResourceIdentifier: - list.add(((ASN1String)genName.getName()).getString()); - break; - case GeneralName.registeredID: - list.add(ASN1ObjectIdentifier.getInstance(genName.getName()).getId()); - break; - case GeneralName.iPAddress: - list.add(DEROctetString.getInstance(genName.getName()).getOctets()); - break; - default: - throw new IOException("Bad tag number: " + genName.getTagNo()); - } - - temp.add(list); - } - return Collections.unmodifiableCollection(temp); - } - catch (Exception e) - { - throw new CertificateParsingException(e.getMessage()); - } - } -} diff --git a/prov/src/main/java/org/bouncycastle/x509/util/LDAPStoreHelper.java b/prov/src/main/java/org/bouncycastle/x509/util/LDAPStoreHelper.java deleted file mode 100644 index 13b39423..00000000 --- a/prov/src/main/java/org/bouncycastle/x509/util/LDAPStoreHelper.java +++ /dev/null @@ -1,1116 +0,0 @@ -package org.bouncycastle.x509.util; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.security.Principal; -import java.security.cert.CertificateParsingException; -import java.security.cert.X509CRL; -import java.security.cert.X509Certificate; -import java.sql.Date; -import java.util.ArrayList; -import java.util.Collection; -import java.util.HashMap; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; -import java.util.Map; -import java.util.Properties; -import java.util.Set; - -import javax.naming.Context; -import javax.naming.NamingEnumeration; -import javax.naming.NamingException; -import javax.naming.directory.Attribute; -import javax.naming.directory.DirContext; -import javax.naming.directory.InitialDirContext; -import javax.naming.directory.SearchControls; -import javax.naming.directory.SearchResult; -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.x509.Certificate; -import org.bouncycastle.asn1.x509.CertificatePair; -import org.bouncycastle.jce.X509LDAPCertStoreParameters; -import org.bouncycastle.jce.provider.X509AttrCertParser; -import org.bouncycastle.jce.provider.X509CRLParser; -import org.bouncycastle.jce.provider.X509CertPairParser; -import org.bouncycastle.jce.provider.X509CertParser; -import org.bouncycastle.util.StoreException; -import org.bouncycastle.x509.X509AttributeCertStoreSelector; -import org.bouncycastle.x509.X509AttributeCertificate; -import org.bouncycastle.x509.X509CRLStoreSelector; -import org.bouncycastle.x509.X509CertPairStoreSelector; -import org.bouncycastle.x509.X509CertStoreSelector; -import org.bouncycastle.x509.X509CertificatePair; - -/** - * This is a general purpose implementation to get X.509 certificates, CRLs, - * attribute certificates and cross certificates from a LDAP location. - * <p/> - * At first a search is performed in the ldap*AttributeNames of the - * {@link org.bouncycastle.jce.X509LDAPCertStoreParameters} with the given - * information of the subject (for all kind of certificates) or issuer (for - * CRLs), respectively, if a {@link org.bouncycastle.x509.X509CertStoreSelector} or - * {@link org.bouncycastle.x509.X509AttributeCertificate} is given with that - * details. - * <p/> - * For the used schemes see: - * <ul> - * <li><a href="http://www.ietf.org/rfc/rfc2587.txt">RFC 2587</a> - * <li><a - * href="http://www3.ietf.org/proceedings/01mar/I-D/pkix-ldap-schema-01.txt">Internet - * X.509 Public Key Infrastructure Additional LDAP Schema for PKIs and PMIs</a> - * </ul> - */ -public class LDAPStoreHelper -{ - - // TODO: cache results - - private X509LDAPCertStoreParameters params; - - public LDAPStoreHelper(X509LDAPCertStoreParameters params) - { - this.params = params; - } - - /** - * Initial Context Factory. - */ - private static String LDAP_PROVIDER = "com.sun.jndi.ldap.LdapCtxFactory"; - - /** - * Processing referrals.. - */ - private static String REFERRALS_IGNORE = "ignore"; - - /** - * Security level to be used for LDAP connections. - */ - private static final String SEARCH_SECURITY_LEVEL = "none"; - - /** - * Package Prefix for loading URL context factories. - */ - private static final String URL_CONTEXT_PREFIX = "com.sun.jndi.url"; - - private DirContext connectLDAP() throws NamingException - { - Properties props = new Properties(); - props.setProperty(Context.INITIAL_CONTEXT_FACTORY, LDAP_PROVIDER); - props.setProperty(Context.BATCHSIZE, "0"); - - props.setProperty(Context.PROVIDER_URL, params.getLdapURL()); - props.setProperty(Context.URL_PKG_PREFIXES, URL_CONTEXT_PREFIX); - props.setProperty(Context.REFERRAL, REFERRALS_IGNORE); - props.setProperty(Context.SECURITY_AUTHENTICATION, - SEARCH_SECURITY_LEVEL); - - DirContext ctx = new InitialDirContext(props); - return ctx; - } - - private String parseDN(String subject, String dNAttributeName) - { - String temp = subject; - int begin = temp.toLowerCase().indexOf( - dNAttributeName.toLowerCase() + "="); - if (begin == -1) - { - return ""; - } - temp = temp.substring(begin + dNAttributeName.length()); - int end = temp.indexOf(','); - if (end == -1) - { - end = temp.length(); - } - while (temp.charAt(end - 1) == '\\') - { - end = temp.indexOf(',', end + 1); - if (end == -1) - { - end = temp.length(); - } - } - temp = temp.substring(0, end); - begin = temp.indexOf('='); - temp = temp.substring(begin + 1); - if (temp.charAt(0) == ' ') - { - temp = temp.substring(1); - } - if (temp.startsWith("\"")) - { - temp = temp.substring(1); - } - if (temp.endsWith("\"")) - { - temp = temp.substring(0, temp.length() - 1); - } - return temp; - } - - private Set createCerts(List list, X509CertStoreSelector xselector) - throws StoreException - { - Set certSet = new HashSet(); - - Iterator it = list.iterator(); - X509CertParser parser = new X509CertParser(); - while (it.hasNext()) - { - try - { - parser.engineInit(new ByteArrayInputStream((byte[])it - .next())); - X509Certificate cert = (X509Certificate)parser - .engineRead(); - if (xselector.match((Object)cert)) - { - certSet.add(cert); - } - - } - catch (Exception e) - { - - } - } - - return certSet; - } - - /** - * Can use the subject and serial and the subject and serialNumber of the - * certificate of the given of the X509CertStoreSelector. If a certificate - * for checking is given this has higher precedence. - * - * @param xselector The selector with the search criteria. - * @param attrs Attributes which contain the certificates in the LDAP - * directory. - * @param attrNames Attribute names in teh LDAP directory which correspond to the - * subjectAttributeNames. - * @param subjectAttributeNames Subject attribute names (like "CN", "O", "OU") to use to - * search in the LDAP directory - * @return A list of found DER encoded certificates. - * @throws StoreException if an error occurs while searching. - */ - private List certSubjectSerialSearch(X509CertStoreSelector xselector, - String[] attrs, String attrNames[], String subjectAttributeNames[]) - throws StoreException - { - // TODO: support also subjectAltNames? - List list = new ArrayList(); - - String subject = null; - String serial = null; - - subject = getSubjectAsString(xselector); - - if (xselector.getSerialNumber() != null) - { - serial = xselector.getSerialNumber().toString(); - } - if (xselector.getCertificate() != null) - { - subject = xselector.getCertificate().getSubjectX500Principal().getName("RFC1779"); - serial = xselector.getCertificate().getSerialNumber().toString(); - } - - String attrValue = null; - if (subject != null) - { - for (int i = 0; i < subjectAttributeNames.length; i++) - { - attrValue = parseDN(subject, subjectAttributeNames[i]); - list - .addAll(search(attrNames, "*" + attrValue + "*", - attrs)); - } - } - if (serial != null && params.getSearchForSerialNumberIn() != null) - { - attrValue = serial; - list.addAll(search( - splitString(params.getSearchForSerialNumberIn()), - attrValue, attrs)); - } - if (serial == null && subject == null) - { - list.addAll(search(attrNames, "*", attrs)); - } - - return list; - } - - - - /** - * Can use the subject of the forward certificate of the set certificate - * pair or the subject of the forward - * {@link org.bouncycastle.x509.X509CertStoreSelector} of the given - * selector. - * - * @param xselector The selector with the search criteria. - * @param attrs Attributes which contain the attribute certificates in the - * LDAP directory. - * @param attrNames Attribute names in the LDAP directory which correspond to the - * subjectAttributeNames. - * @param subjectAttributeNames Subject attribute names (like "CN", "O", "OU") to use to - * search in the LDAP directory - * @return A list of found DER encoded certificate pairs. - * @throws StoreException if an error occurs while searching. - */ - private List crossCertificatePairSubjectSearch( - X509CertPairStoreSelector xselector, String[] attrs, - String attrNames[], String subjectAttributeNames[]) - throws StoreException - { - List list = new ArrayList(); - - // search for subject - String subject = null; - - if (xselector.getForwardSelector() != null) - { - subject = getSubjectAsString(xselector.getForwardSelector()); - } - if (xselector.getCertPair() != null) - { - if (xselector.getCertPair().getForward() != null) - { - subject = xselector.getCertPair().getForward() - .getSubjectX500Principal().getName("RFC1779"); - } - } - String attrValue = null; - if (subject != null) - { - for (int i = 0; i < subjectAttributeNames.length; i++) - { - attrValue = parseDN(subject, subjectAttributeNames[i]); - list - .addAll(search(attrNames, "*" + attrValue + "*", - attrs)); - } - } - if (subject == null) - { - list.addAll(search(attrNames, "*", attrs)); - } - - return list; - } - - /** - * Can use the entityName of the holder of the attribute certificate, the - * serialNumber of attribute certificate and the serialNumber of the - * associated certificate of the given of the X509AttributeCertSelector. - * - * @param xselector The selector with the search criteria. - * @param attrs Attributes which contain the attribute certificates in the - * LDAP directory. - * @param attrNames Attribute names in the LDAP directory which correspond to the - * subjectAttributeNames. - * @param subjectAttributeNames Subject attribute names (like "CN", "O", "OU") to use to - * search in the LDAP directory - * @return A list of found DER encoded attribute certificates. - * @throws StoreException if an error occurs while searching. - */ - private List attrCertSubjectSerialSearch( - X509AttributeCertStoreSelector xselector, String[] attrs, - String attrNames[], String subjectAttributeNames[]) - throws StoreException - { - List list = new ArrayList(); - - // search for serialNumber of associated cert, - // serialNumber of the attribute certificate or DN in the entityName - // of the holder - - String subject = null; - String serial = null; - - Collection serials = new HashSet(); - Principal principals[] = null; - if (xselector.getHolder() != null) - { - // serialNumber of associated cert - if (xselector.getHolder().getSerialNumber() != null) - { - serials.add(xselector.getHolder().getSerialNumber() - .toString()); - } - // DN in the entityName of the holder - if (xselector.getHolder().getEntityNames() != null) - { - principals = xselector.getHolder().getEntityNames(); - } - } - - if (xselector.getAttributeCert() != null) - { - if (xselector.getAttributeCert().getHolder().getEntityNames() != null) - { - principals = xselector.getAttributeCert().getHolder() - .getEntityNames(); - } - // serialNumber of the attribute certificate - serials.add(xselector.getAttributeCert().getSerialNumber() - .toString()); - } - if (principals != null) - { - // only first should be relevant - if (principals[0] instanceof X500Principal) - { - subject = ((X500Principal)principals[0]) - .getName("RFC1779"); - } - else - { - // strange ... - subject = principals[0].getName(); - } - } - if (xselector.getSerialNumber() != null) - { - serials.add(xselector.getSerialNumber().toString()); - } - - String attrValue = null; - if (subject != null) - { - for (int i = 0; i < subjectAttributeNames.length; i++) - { - attrValue = parseDN(subject, subjectAttributeNames[i]); - list - .addAll(search(attrNames, "*" + attrValue + "*", - attrs)); - } - } - if (serials.size() > 0 - && params.getSearchForSerialNumberIn() != null) - { - Iterator it = serials.iterator(); - while (it.hasNext()) - { - serial = (String)it.next(); - list.addAll(search(splitString(params.getSearchForSerialNumberIn()), serial, attrs)); - } - } - if (serials.size() == 0 && subject == null) - { - list.addAll(search(attrNames, "*", attrs)); - } - - return list; - } - - /** - * Can use the issuer of the given of the X509CRLStoreSelector. - * - * @param xselector The selector with the search criteria. - * @param attrs Attributes which contain the attribute certificates in the - * LDAP directory. - * @param attrNames Attribute names in the LDAP directory which correspond to the - * subjectAttributeNames. - * @param issuerAttributeNames Issuer attribute names (like "CN", "O", "OU") to use to search - * in the LDAP directory - * @return A list of found DER encoded CRLs. - * @throws StoreException if an error occurs while searching. - */ - private List cRLIssuerSearch(X509CRLStoreSelector xselector, - String[] attrs, String attrNames[], String issuerAttributeNames[]) - throws StoreException - { - List list = new ArrayList(); - - String issuer = null; - Collection issuers = new HashSet(); - if (xselector.getIssuers() != null) - { - issuers.addAll(xselector.getIssuers()); - } - if (xselector.getCertificateChecking() != null) - { - issuers.add(getCertificateIssuer(xselector.getCertificateChecking())); - } - if (xselector.getAttrCertificateChecking() != null) - { - Principal principals[] = xselector.getAttrCertificateChecking().getIssuer().getPrincipals(); - for (int i=0; i<principals.length; i++) - { - if (principals[i] instanceof X500Principal) - { - issuers.add(principals[i]); - } - } - } - Iterator it = issuers.iterator(); - while (it.hasNext()) - { - issuer = ((X500Principal)it.next()).getName("RFC1779"); - String attrValue = null; - - for (int i = 0; i < issuerAttributeNames.length; i++) - { - attrValue = parseDN(issuer, issuerAttributeNames[i]); - list - .addAll(search(attrNames, "*" + attrValue + "*", - attrs)); - } - } - if (issuer == null) - { - list.addAll(search(attrNames, "*", attrs)); - } - - return list; - } - - /** - * Returns a <code>List</code> of encodings of the certificates, attribute - * certificates, CRL or certificate pairs. - * - * @param attributeNames The attribute names to look for in the LDAP. - * @param attributeValue The value the attribute name must have. - * @param attrs The attributes in the LDAP which hold the certificate, - * attribute certificate, certificate pair or CRL in a found - * entry. - * @return A <code>List</code> of byte arrays with the encodings. - * @throws StoreException if an error occurs getting the results from the LDAP - * directory. - */ - private List search(String attributeNames[], String attributeValue, - String[] attrs) throws StoreException - { - String filter = null; - if (attributeNames == null) - { - filter = null; - } - else - { - filter = ""; - if (attributeValue.equals("**")) - { - attributeValue = "*"; - } - for (int i = 0; i < attributeNames.length; i++) - { - filter += "(" + attributeNames[i] + "=" + attributeValue + ")"; - } - filter = "(|" + filter + ")"; - } - String filter2 = ""; - for (int i = 0; i < attrs.length; i++) - { - filter2 += "(" + attrs[i] + "=*)"; - } - filter2 = "(|" + filter2 + ")"; - - String filter3 = "(&" + filter + "" + filter2 + ")"; - if (filter == null) - { - filter3 = filter2; - } - List list; - list = getFromCache(filter3); - if (list != null) - { - return list; - } - DirContext ctx = null; - list = new ArrayList(); - try - { - - ctx = connectLDAP(); - - SearchControls constraints = new SearchControls(); - constraints.setSearchScope(SearchControls.SUBTREE_SCOPE); - constraints.setCountLimit(0); - constraints.setReturningAttributes(attrs); - NamingEnumeration results = ctx.search(params.getBaseDN(), filter3, - constraints); - while (results.hasMoreElements()) - { - SearchResult sr = (SearchResult)results.next(); - NamingEnumeration enumeration = ((Attribute)(sr - .getAttributes().getAll().next())).getAll(); - while (enumeration.hasMore()) - { - list.add(enumeration.next()); - } - } - addToCache(filter3, list); - } - catch (NamingException e) - { - // skip exception, unfortunately if an attribute type is not - // supported an exception is thrown - - } - finally - { - try - { - if (null != ctx) - { - ctx.close(); - } - } - catch (Exception e) - { - } - } - return list; - } - - private Set createCRLs(List list, X509CRLStoreSelector xselector) - throws StoreException - { - Set crlSet = new HashSet(); - - X509CRLParser parser = new X509CRLParser(); - Iterator it = list.iterator(); - while (it.hasNext()) - { - try - { - parser.engineInit(new ByteArrayInputStream((byte[])it - .next())); - X509CRL crl = (X509CRL)parser.engineRead(); - if (xselector.match((Object)crl)) - { - crlSet.add(crl); - } - } - catch (StreamParsingException e) - { - - } - } - - return crlSet; - } - - private Set createCrossCertificatePairs(List list, - X509CertPairStoreSelector xselector) throws StoreException - { - Set certPairSet = new HashSet(); - - int i = 0; - while (i < list.size()) - { - X509CertificatePair pair; - try - { - // first try to decode it as certificate pair - try - { - X509CertPairParser parser = new X509CertPairParser(); - parser.engineInit(new ByteArrayInputStream( - (byte[])list.get(i))); - pair = (X509CertificatePair)parser.engineRead(); - } - catch (StreamParsingException e) - { - // now try it to construct it the forward and reverse - // certificate - byte[] forward = (byte[])list.get(i); - byte[] reverse = (byte[])list.get(i + 1); - pair = new X509CertificatePair(new CertificatePair( - Certificate - .getInstance(new ASN1InputStream( - forward).readObject()), - Certificate - .getInstance(new ASN1InputStream( - reverse).readObject()))); - i++; - } - if (xselector.match((Object)pair)) - { - certPairSet.add(pair); - } - } - catch (CertificateParsingException e) - { - // try next - } - catch (IOException e) - { - // try next - } - i++; - } - - return certPairSet; - } - - private Set createAttributeCertificates(List list, - X509AttributeCertStoreSelector xselector) throws StoreException - { - Set certSet = new HashSet(); - - Iterator it = list.iterator(); - X509AttrCertParser parser = new X509AttrCertParser(); - while (it.hasNext()) - { - try - { - parser.engineInit(new ByteArrayInputStream((byte[])it - .next())); - X509AttributeCertificate cert = (X509AttributeCertificate)parser - .engineRead(); - if (xselector.match((Object)cert)) - { - certSet.add(cert); - } - } - catch (StreamParsingException e) - { - - } - } - - return certSet; - } - - /** - * Returns the CRLs for issued certificates for other CAs matching the given - * selector. <br> - * The authorityRevocationList attribute includes revocation information - * regarding certificates issued to other CAs. - * - * @param selector The CRL selector to use to find the CRLs. - * @return A possible empty collection with CRLs - * @throws StoreException - */ - public Collection getAuthorityRevocationLists(X509CRLStoreSelector selector) - throws StoreException - { - String[] attrs = splitString(params.getAuthorityRevocationListAttribute()); - String attrNames[] = splitString(params - .getLdapAuthorityRevocationListAttributeName()); - String issuerAttributeNames[] = splitString(params - .getAuthorityRevocationListIssuerAttributeName()); - - List list = cRLIssuerSearch(selector, attrs, attrNames, - issuerAttributeNames); - Set resultSet = createCRLs(list, selector); - if (resultSet.size() == 0) - { - X509CRLStoreSelector emptySelector = new X509CRLStoreSelector(); - list = cRLIssuerSearch(emptySelector, attrs, attrNames, - issuerAttributeNames); - - resultSet.addAll(createCRLs(list, selector)); - } - return resultSet; - } - - /** - * Returns the revocation list for revoked attribute certificates. - * <p/> - * The attributeCertificateRevocationList holds a list of attribute - * certificates that have been revoked. - * - * @param selector The CRL selector to use to find the CRLs. - * @return A possible empty collection with CRLs. - * @throws StoreException - */ - public Collection getAttributeCertificateRevocationLists( - X509CRLStoreSelector selector) throws StoreException - { - String[] attrs = splitString(params - .getAttributeCertificateRevocationListAttribute()); - String attrNames[] = splitString(params - .getLdapAttributeCertificateRevocationListAttributeName()); - String issuerAttributeNames[] = splitString(params - .getAttributeCertificateRevocationListIssuerAttributeName()); - - List list = cRLIssuerSearch(selector, attrs, attrNames, - issuerAttributeNames); - Set resultSet = createCRLs(list, selector); - if (resultSet.size() == 0) - { - X509CRLStoreSelector emptySelector = new X509CRLStoreSelector(); - list = cRLIssuerSearch(emptySelector, attrs, attrNames, - issuerAttributeNames); - - resultSet.addAll(createCRLs(list, selector)); - } - return resultSet; - } - - /** - * Returns the revocation list for revoked attribute certificates for an - * attribute authority - * <p/> - * The attributeAuthorityList holds a list of AA certificates that have been - * revoked. - * - * @param selector The CRL selector to use to find the CRLs. - * @return A possible empty collection with CRLs - * @throws StoreException - */ - public Collection getAttributeAuthorityRevocationLists( - X509CRLStoreSelector selector) throws StoreException - { - String[] attrs = splitString(params.getAttributeAuthorityRevocationListAttribute()); - String attrNames[] = splitString(params - .getLdapAttributeAuthorityRevocationListAttributeName()); - String issuerAttributeNames[] = splitString(params - .getAttributeAuthorityRevocationListIssuerAttributeName()); - - List list = cRLIssuerSearch(selector, attrs, attrNames, - issuerAttributeNames); - Set resultSet = createCRLs(list, selector); - if (resultSet.size() == 0) - { - X509CRLStoreSelector emptySelector = new X509CRLStoreSelector(); - list = cRLIssuerSearch(emptySelector, attrs, attrNames, - issuerAttributeNames); - - resultSet.addAll(createCRLs(list, selector)); - } - return resultSet; - } - - /** - * Returns cross certificate pairs. - * - * @param selector The selector to use to find the cross certificates. - * @return A possible empty collection with {@link X509CertificatePair}s - * @throws StoreException - */ - public Collection getCrossCertificatePairs( - X509CertPairStoreSelector selector) throws StoreException - { - String[] attrs = splitString(params.getCrossCertificateAttribute()); - String attrNames[] = splitString(params.getLdapCrossCertificateAttributeName()); - String subjectAttributeNames[] = splitString(params - .getCrossCertificateSubjectAttributeName()); - List list = crossCertificatePairSubjectSearch(selector, attrs, - attrNames, subjectAttributeNames); - Set resultSet = createCrossCertificatePairs(list, selector); - if (resultSet.size() == 0) - { - X509CertStoreSelector emptyCertselector = new X509CertStoreSelector(); - X509CertPairStoreSelector emptySelector = new X509CertPairStoreSelector(); - - emptySelector.setForwardSelector(emptyCertselector); - emptySelector.setReverseSelector(emptyCertselector); - list = crossCertificatePairSubjectSearch(emptySelector, attrs, - attrNames, subjectAttributeNames); - resultSet.addAll(createCrossCertificatePairs(list, selector)); - } - return resultSet; - } - - /** - * Returns end certificates. - * <p/> - * The attributeDescriptorCertificate is self signed by a source of - * authority and holds a description of the privilege and its delegation - * rules. - * - * @param selector The selector to find the certificates. - * @return A possible empty collection with certificates. - * @throws StoreException - */ - public Collection getUserCertificates(X509CertStoreSelector selector) - throws StoreException - { - String[] attrs = splitString(params.getUserCertificateAttribute()); - String attrNames[] = splitString(params.getLdapUserCertificateAttributeName()); - String subjectAttributeNames[] = splitString(params - .getUserCertificateSubjectAttributeName()); - - List list = certSubjectSerialSearch(selector, attrs, attrNames, - subjectAttributeNames); - Set resultSet = createCerts(list, selector); - if (resultSet.size() == 0) - { - X509CertStoreSelector emptySelector = new X509CertStoreSelector(); - list = certSubjectSerialSearch(emptySelector, attrs, attrNames, - subjectAttributeNames); - resultSet.addAll(createCerts(list, selector)); - } - - return resultSet; - } - - /** - * Returns attribute certificates for an attribute authority - * <p/> - * The aAcertificate holds the privileges of an attribute authority. - * - * @param selector The selector to find the attribute certificates. - * @return A possible empty collection with attribute certificates. - * @throws StoreException - */ - public Collection getAACertificates(X509AttributeCertStoreSelector selector) - throws StoreException - { - String[] attrs = splitString(params.getAACertificateAttribute()); - String attrNames[] = splitString(params.getLdapAACertificateAttributeName()); - String subjectAttributeNames[] = splitString(params.getAACertificateSubjectAttributeName()); - - List list = attrCertSubjectSerialSearch(selector, attrs, attrNames, - subjectAttributeNames); - Set resultSet = createAttributeCertificates(list, selector); - if (resultSet.size() == 0) - { - X509AttributeCertStoreSelector emptySelector = new X509AttributeCertStoreSelector(); - list = attrCertSubjectSerialSearch(emptySelector, attrs, attrNames, - subjectAttributeNames); - resultSet.addAll(createAttributeCertificates(list, selector)); - } - - return resultSet; - } - - /** - * Returns an attribute certificate for an authority - * <p/> - * The attributeDescriptorCertificate is self signed by a source of - * authority and holds a description of the privilege and its delegation - * rules. - * - * @param selector The selector to find the attribute certificates. - * @return A possible empty collection with attribute certificates. - * @throws StoreException - */ - public Collection getAttributeDescriptorCertificates( - X509AttributeCertStoreSelector selector) throws StoreException - { - String[] attrs = splitString(params.getAttributeDescriptorCertificateAttribute()); - String attrNames[] = splitString(params - .getLdapAttributeDescriptorCertificateAttributeName()); - String subjectAttributeNames[] = splitString(params - .getAttributeDescriptorCertificateSubjectAttributeName()); - - List list = attrCertSubjectSerialSearch(selector, attrs, attrNames, - subjectAttributeNames); - Set resultSet = createAttributeCertificates(list, selector); - if (resultSet.size() == 0) - { - X509AttributeCertStoreSelector emptySelector = new X509AttributeCertStoreSelector(); - list = attrCertSubjectSerialSearch(emptySelector, attrs, attrNames, - subjectAttributeNames); - resultSet.addAll(createAttributeCertificates(list, selector)); - } - - return resultSet; - } - - /** - * Returns CA certificates. - * <p/> - * The cACertificate attribute of a CA's directory entry shall be used to - * store self-issued certificates (if any) and certificates issued to this - * CA by CAs in the same realm as this CA. - * - * @param selector The selector to find the certificates. - * @return A possible empty collection with certificates. - * @throws StoreException - */ - public Collection getCACertificates(X509CertStoreSelector selector) - throws StoreException - { - String[] attrs = splitString(params.getCACertificateAttribute()); - String attrNames[] = splitString(params.getLdapCACertificateAttributeName()); - String subjectAttributeNames[] = splitString(params - .getCACertificateSubjectAttributeName()); - List list = certSubjectSerialSearch(selector, attrs, attrNames, - subjectAttributeNames); - Set resultSet = createCerts(list, selector); - if (resultSet.size() == 0) - { - X509CertStoreSelector emptySelector = new X509CertStoreSelector(); - list = certSubjectSerialSearch(emptySelector, attrs, attrNames, - subjectAttributeNames); - resultSet.addAll(createCerts(list, selector)); - } - return resultSet; - } - - /** - * Returns the delta revocation list for revoked certificates. - * - * @param selector The CRL selector to use to find the CRLs. - * @return A possible empty collection with CRLs. - * @throws StoreException - */ - public Collection getDeltaCertificateRevocationLists( - X509CRLStoreSelector selector) throws StoreException - { - String[] attrs = splitString(params.getDeltaRevocationListAttribute()); - String attrNames[] = splitString(params.getLdapDeltaRevocationListAttributeName()); - String issuerAttributeNames[] = splitString(params - .getDeltaRevocationListIssuerAttributeName()); - List list = cRLIssuerSearch(selector, attrs, attrNames, - issuerAttributeNames); - Set resultSet = createCRLs(list, selector); - if (resultSet.size() == 0) - { - X509CRLStoreSelector emptySelector = new X509CRLStoreSelector(); - list = cRLIssuerSearch(emptySelector, attrs, attrNames, - issuerAttributeNames); - - resultSet.addAll(createCRLs(list, selector)); - } - return resultSet; - } - - /** - * Returns an attribute certificate for an user. - * <p/> - * The attributeCertificateAttribute holds the privileges of a user - * - * @param selector The selector to find the attribute certificates. - * @return A possible empty collection with attribute certificates. - * @throws StoreException - */ - public Collection getAttributeCertificateAttributes( - X509AttributeCertStoreSelector selector) throws StoreException - { - String[] attrs = splitString(params.getAttributeCertificateAttributeAttribute()); - String attrNames[] = splitString(params - .getLdapAttributeCertificateAttributeAttributeName()); - String subjectAttributeNames[] = splitString(params - .getAttributeCertificateAttributeSubjectAttributeName()); - List list = attrCertSubjectSerialSearch(selector, attrs, attrNames, - subjectAttributeNames); - Set resultSet = createAttributeCertificates(list, selector); - if (resultSet.size() == 0) - { - X509AttributeCertStoreSelector emptySelector = new X509AttributeCertStoreSelector(); - list = attrCertSubjectSerialSearch(emptySelector, attrs, attrNames, - subjectAttributeNames); - resultSet.addAll(createAttributeCertificates(list, selector)); - } - - return resultSet; - } - - /** - * Returns the certificate revocation lists for revoked certificates. - * - * @param selector The CRL selector to use to find the CRLs. - * @return A possible empty collection with CRLs. - * @throws StoreException - */ - public Collection getCertificateRevocationLists( - X509CRLStoreSelector selector) throws StoreException - { - String[] attrs = splitString(params.getCertificateRevocationListAttribute()); - String attrNames[] = splitString(params - .getLdapCertificateRevocationListAttributeName()); - String issuerAttributeNames[] = splitString(params - .getCertificateRevocationListIssuerAttributeName()); - List list = cRLIssuerSearch(selector, attrs, attrNames, - issuerAttributeNames); - Set resultSet = createCRLs(list, selector); - if (resultSet.size() == 0) - { - X509CRLStoreSelector emptySelector = new X509CRLStoreSelector(); - list = cRLIssuerSearch(emptySelector, attrs, attrNames, - issuerAttributeNames); - - resultSet.addAll(createCRLs(list, selector)); - } - return resultSet; - } - - private Map cacheMap = new HashMap(cacheSize); - - private static int cacheSize = 32; - - private static long lifeTime = 60 * 1000; - - private synchronized void addToCache(String searchCriteria, List list) - { - Date now = new Date(System.currentTimeMillis()); - List cacheEntry = new ArrayList(); - cacheEntry.add(now); - cacheEntry.add(list); - if (cacheMap.containsKey(searchCriteria)) - { - cacheMap.put(searchCriteria, cacheEntry); - } - else - { - if (cacheMap.size() >= cacheSize) - { - // replace oldest - Iterator it = cacheMap.entrySet().iterator(); - long oldest = now.getTime(); - Object replace = null; - while (it.hasNext()) - { - Map.Entry entry = (Map.Entry)it.next(); - long current = ((Date)((List)entry.getValue()).get(0)) - .getTime(); - if (current < oldest) - { - oldest = current; - replace = entry.getKey(); - } - } - cacheMap.remove(replace); - } - cacheMap.put(searchCriteria, cacheEntry); - } - } - - private List getFromCache(String searchCriteria) - { - List entry = (List)cacheMap.get(searchCriteria); - long now = System.currentTimeMillis(); - if (entry != null) - { - // too old - if (((Date)entry.get(0)).getTime() < (now - lifeTime)) - { - return null; - } - return (List)entry.get(1); - } - return null; - } - - /* - * spilt string based on spaces - */ - private String[] splitString(String str) - { - return str.split("\\s+"); - } - - private String getSubjectAsString(X509CertStoreSelector xselector) - { - try - { - byte[] encSubject = xselector.getSubjectAsBytes(); - if (encSubject != null) - { - return new X500Principal(encSubject).getName("RFC1779"); - } - } - catch (IOException e) - { - throw new StoreException("exception processing name: " + e.getMessage(), e); - } - return null; - } - - private X500Principal getCertificateIssuer(X509Certificate cert) - { - return cert.getIssuerX500Principal(); - } -} diff --git a/prov/src/main/java/org/bouncycastle/x509/util/StreamParser.java b/prov/src/main/java/org/bouncycastle/x509/util/StreamParser.java deleted file mode 100644 index 26048946..00000000 --- a/prov/src/main/java/org/bouncycastle/x509/util/StreamParser.java +++ /dev/null @@ -1,10 +0,0 @@ -package org.bouncycastle.x509.util; - -import java.util.Collection; - -public interface StreamParser -{ - Object read() throws StreamParsingException; - - Collection readAll() throws StreamParsingException; -} diff --git a/prov/src/main/java/org/bouncycastle/x509/util/StreamParsingException.java b/prov/src/main/java/org/bouncycastle/x509/util/StreamParsingException.java deleted file mode 100644 index 8f69ff6c..00000000 --- a/prov/src/main/java/org/bouncycastle/x509/util/StreamParsingException.java +++ /dev/null @@ -1,18 +0,0 @@ -package org.bouncycastle.x509.util; - -public class StreamParsingException - extends Exception -{ - Throwable _e; - - public StreamParsingException(String message, Throwable e) - { - super(message); - _e = e; - } - - public Throwable getCause() - { - return _e; - } -} |