Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/quite/humla-spongycastle.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'prov/src/main/jdk1.1/org/bouncycastle/x509')
-rw-r--r--prov/src/main/jdk1.1/org/bouncycastle/x509/AttributeCertificateHolder.java406
-rw-r--r--prov/src/main/jdk1.1/org/bouncycastle/x509/AttributeCertificateIssuer.java212
-rw-r--r--prov/src/main/jdk1.1/org/bouncycastle/x509/X509AttributeCertStoreSelector.java488
-rw-r--r--prov/src/main/jdk1.1/org/bouncycastle/x509/X509CRLStoreSelector.java26
-rw-r--r--prov/src/main/jdk1.1/org/bouncycastle/x509/X509CertStoreSelector.java26
-rw-r--r--prov/src/main/jdk1.1/org/bouncycastle/x509/X509Util.java397
-rw-r--r--prov/src/main/jdk1.1/org/bouncycastle/x509/X509V1CertificateGenerator.java345
-rw-r--r--prov/src/main/jdk1.1/org/bouncycastle/x509/X509V2AttributeCertificateGenerator.java281
-rw-r--r--prov/src/main/jdk1.1/org/bouncycastle/x509/X509V2CRLGenerator.java434
-rw-r--r--prov/src/main/jdk1.1/org/bouncycastle/x509/X509V3CertificateGenerator.java495
10 files changed, 0 insertions, 3110 deletions
diff --git a/prov/src/main/jdk1.1/org/bouncycastle/x509/AttributeCertificateHolder.java b/prov/src/main/jdk1.1/org/bouncycastle/x509/AttributeCertificateHolder.java
deleted file mode 100644
index ee24f8c8..00000000
--- a/prov/src/main/jdk1.1/org/bouncycastle/x509/AttributeCertificateHolder.java
+++ /dev/null
@@ -1,406 +0,0 @@
-package org.bouncycastle.x509;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.MessageDigest;
-import java.security.Principal;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateParsingException;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.List;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1Integer;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.GeneralNames;
-import org.bouncycastle.asn1.x509.Holder;
-import org.bouncycastle.asn1.x509.IssuerSerial;
-import org.bouncycastle.asn1.x509.ObjectDigestInfo;
-import org.bouncycastle.jce.PrincipalUtil;
-import org.bouncycastle.jce.X509Principal;
-import java.security.cert.CertSelector;
-import org.bouncycastle.util.Arrays;
-import org.bouncycastle.util.Selector;
-
-/**
- * The Holder object.
- *
- * <pre>
- * Holder ::= SEQUENCE {
- * baseCertificateID [0] IssuerSerial OPTIONAL,
- * -- the issuer and serial number of
- * -- the holder's Public Key Certificate
- * entityName [1] GeneralNames OPTIONAL,
- * -- the name of the claimant or role
- * objectDigestInfo [2] ObjectDigestInfo OPTIONAL
- * -- used to directly authenticate the holder,
- * -- for example, an executable
- * }
- * </pre>
- * @deprecated use org.bouncycastle.cert.AttributeCertificateHolder
- */
-public class AttributeCertificateHolder
- implements CertSelector, Selector
-{
- final Holder holder;
-
- AttributeCertificateHolder(ASN1Sequence seq)
- {
- holder = Holder.getInstance(seq);
- }
-
- public AttributeCertificateHolder(X509Principal issuerName,
- BigInteger serialNumber)
- {
- holder = new org.bouncycastle.asn1.x509.Holder(new IssuerSerial(
- new GeneralNames(new GeneralName(issuerName)),
- new ASN1Integer(serialNumber)));
- }
-
- public AttributeCertificateHolder(X509Certificate cert)
- throws CertificateParsingException
- {
- X509Principal name;
-
- try
- {
- name = PrincipalUtil.getIssuerX509Principal(cert);
- }
- catch (Exception e)
- {
- throw new CertificateParsingException(e.getMessage());
- }
-
- holder = new Holder(new IssuerSerial(generateGeneralNames(name),
- new ASN1Integer(cert.getSerialNumber())));
- }
-
- public AttributeCertificateHolder(X509Principal principal)
- {
- holder = new Holder(generateGeneralNames(principal));
- }
-
- /**
- * Constructs a holder for v2 attribute certificates with a hash value for
- * some type of object.
- * <p>
- * <code>digestedObjectType</code> can be one of the following:
- * <ul>
- * <li>0 - publicKey - A hash of the public key of the holder must be
- * passed.
- * <li>1 - publicKeyCert - A hash of the public key certificate of the
- * holder must be passed.
- * <li>2 - otherObjectDigest - A hash of some other object type must be
- * passed. <code>otherObjectTypeID</code> must not be empty.
- * </ul>
- * <p>
- * This cannot be used if a v1 attribute certificate is used.
- *
- * @param digestedObjectType The digest object type.
- * @param digestAlgorithm The algorithm identifier for the hash.
- * @param otherObjectTypeID The object type ID if
- * <code>digestedObjectType</code> is
- * <code>otherObjectDigest</code>.
- * @param objectDigest The hash value.
- */
- public AttributeCertificateHolder(int digestedObjectType,
- String digestAlgorithm, String otherObjectTypeID, byte[] objectDigest)
- {
- holder = new Holder(new ObjectDigestInfo(digestedObjectType,
- new ASN1ObjectIdentifier(otherObjectTypeID), new AlgorithmIdentifier(digestAlgorithm), Arrays
- .clone(objectDigest)));
- }
-
- /**
- * Returns the digest object type if an object digest info is used.
- * <p>
- * <ul>
- * <li>0 - publicKey - A hash of the public key of the holder must be
- * passed.
- * <li>1 - publicKeyCert - A hash of the public key certificate of the
- * holder must be passed.
- * <li>2 - otherObjectDigest - A hash of some other object type must be
- * passed. <code>otherObjectTypeID</code> must not be empty.
- * </ul>
- *
- * @return The digest object type or -1 if no object digest info is set.
- */
- public int getDigestedObjectType()
- {
- if (holder.getObjectDigestInfo() != null)
- {
- return holder.getObjectDigestInfo().getDigestedObjectType()
- .getValue().intValue();
- }
- return -1;
- }
-
- /**
- * Returns the other object type ID if an object digest info is used.
- *
- * @return The other object type ID or <code>null</code> if no object
- * digest info is set.
- */
- public String getDigestAlgorithm()
- {
- if (holder.getObjectDigestInfo() != null)
- {
- return holder.getObjectDigestInfo().getDigestAlgorithm().getObjectId()
- .getId();
- }
- return null;
- }
-
- /**
- * Returns the hash if an object digest info is used.
- *
- * @return The hash or <code>null</code> if no object digest info is set.
- */
- public byte[] getObjectDigest()
- {
- if (holder.getObjectDigestInfo() != null)
- {
- return holder.getObjectDigestInfo().getObjectDigest().getBytes();
- }
- return null;
- }
-
- /**
- * Returns the digest algorithm ID if an object digest info is used.
- *
- * @return The digest algorithm ID or <code>null</code> if no object
- * digest info is set.
- */
- public String getOtherObjectTypeID()
- {
- if (holder.getObjectDigestInfo() != null)
- {
- holder.getObjectDigestInfo().getOtherObjectTypeID().getId();
- }
- return null;
- }
-
- private GeneralNames generateGeneralNames(X509Principal principal)
- {
- return new GeneralNames(new GeneralName(principal));
- }
-
- private boolean matchesDN(X509Principal subject, GeneralNames targets)
- {
- GeneralName[] names = targets.getNames();
-
- for (int i = 0; i != names.length; i++)
- {
- GeneralName gn = names[i];
-
- if (gn.getTagNo() == GeneralName.directoryName)
- {
- try
- {
- if (new X509Principal(((ASN1Encodable)gn.getName()).toASN1Primitive()
- .getEncoded()).equals(subject))
- {
- return true;
- }
- }
- catch (IOException e)
- {
- }
- }
- }
-
- return false;
- }
-
- private Object[] getNames(GeneralName[] names)
- {
- List l = new ArrayList(names.length);
-
- for (int i = 0; i != names.length; i++)
- {
- if (names[i].getTagNo() == GeneralName.directoryName)
- {
- try
- {
- l.add(new X509Principal(
- ((ASN1Encodable)names[i].getName()).toASN1Primitive().getEncoded()));
- }
- catch (IOException e)
- {
- throw new RuntimeException("badly formed Name object");
- }
- }
- }
-
- return l.toArray(new Object[l.size()]);
- }
-
- private Principal[] getPrincipals(GeneralNames names)
- {
- Object[] p = this.getNames(names.getNames());
- List l = new ArrayList();
-
- for (int i = 0; i != p.length; i++)
- {
- if (p[i] instanceof Principal)
- {
- l.add(p[i]);
- }
- }
-
- return (Principal[])l.toArray(new Principal[l.size()]);
- }
-
- /**
- * Return any principal objects inside the attribute certificate holder
- * entity names field.
- *
- * @return an array of Principal objects (usually X509Principal), null if no
- * entity names field is set.
- */
- public Principal[] getEntityNames()
- {
- if (holder.getEntityName() != null)
- {
- return getPrincipals(holder.getEntityName());
- }
-
- return null;
- }
-
- /**
- * Return the principals associated with the issuer attached to this holder
- *
- * @return an array of principals, null if no BaseCertificateID is set.
- */
- public Principal[] getIssuer()
- {
- if (holder.getBaseCertificateID() != null)
- {
- return getPrincipals(holder.getBaseCertificateID().getIssuer());
- }
-
- return null;
- }
-
- /**
- * Return the serial number associated with the issuer attached to this
- * holder.
- *
- * @return the certificate serial number, null if no BaseCertificateID is
- * set.
- */
- public BigInteger getSerialNumber()
- {
- if (holder.getBaseCertificateID() != null)
- {
- return holder.getBaseCertificateID().getSerial().getValue();
- }
-
- return null;
- }
-
- public Object clone()
- {
- return new AttributeCertificateHolder((ASN1Sequence)holder
- .toASN1Object());
- }
-
- public boolean match(Certificate cert)
- {
- if (!(cert instanceof X509Certificate))
- {
- return false;
- }
-
- X509Certificate x509Cert = (X509Certificate)cert;
-
- try
- {
- if (holder.getBaseCertificateID() != null)
- {
- return holder.getBaseCertificateID().getSerial().getValue().equals(x509Cert.getSerialNumber())
- && matchesDN(PrincipalUtil.getIssuerX509Principal(x509Cert), holder.getBaseCertificateID().getIssuer());
- }
-
- if (holder.getEntityName() != null)
- {
- if (matchesDN(PrincipalUtil.getSubjectX509Principal(x509Cert),
- holder.getEntityName()))
- {
- return true;
- }
- }
- if (holder.getObjectDigestInfo() != null)
- {
- MessageDigest md = null;
- try
- {
- md = MessageDigest.getInstance(getDigestAlgorithm(), "BC");
-
- }
- catch (Exception e)
- {
- return false;
- }
- switch (getDigestedObjectType())
- {
- case ObjectDigestInfo.publicKey:
- // TODO: DSA Dss-parms
- md.update(cert.getPublicKey().getEncoded());
- break;
- case ObjectDigestInfo.publicKeyCert:
- md.update(cert.getEncoded());
- break;
- }
- if (!Arrays.areEqual(md.digest(), getObjectDigest()))
- {
- return false;
- }
- }
- }
- catch (CertificateEncodingException e)
- {
- return false;
- }
-
- return false;
- }
-
- public boolean equals(Object obj)
- {
- if (obj == this)
- {
- return true;
- }
-
- if (!(obj instanceof AttributeCertificateHolder))
- {
- return false;
- }
-
- AttributeCertificateHolder other = (AttributeCertificateHolder)obj;
-
- return this.holder.equals(other.holder);
- }
-
- public int hashCode()
- {
- return this.holder.hashCode();
- }
-
- public boolean match(Object obj)
- {
- if (!(obj instanceof X509Certificate))
- {
- return false;
- }
-
- return match((Certificate)obj);
- }
-}
diff --git a/prov/src/main/jdk1.1/org/bouncycastle/x509/AttributeCertificateIssuer.java b/prov/src/main/jdk1.1/org/bouncycastle/x509/AttributeCertificateIssuer.java
deleted file mode 100644
index 7e2672dc..00000000
--- a/prov/src/main/jdk1.1/org/bouncycastle/x509/AttributeCertificateIssuer.java
+++ /dev/null
@@ -1,212 +0,0 @@
-package org.bouncycastle.x509;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.x509.AttCertIssuer;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.GeneralNames;
-import org.bouncycastle.asn1.x509.V2Form;
-import org.bouncycastle.jce.PrincipalUtil;
-import org.bouncycastle.jce.X509Principal;
-import org.bouncycastle.util.Selector;
-
-import java.io.IOException;
-import java.security.Principal;
-import java.security.cert.CertSelector;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.List;
-
-/**
- * Carrying class for an attribute certificate issuer.
- */
-public class AttributeCertificateIssuer
- implements CertSelector, Selector
-{
- final ASN1Encodable form;
-
- /**
- * @param issuer
- */
- AttributeCertificateIssuer(
- AttCertIssuer issuer)
- {
- form = issuer.getIssuer();
- }
-
- public AttributeCertificateIssuer(
- X509Principal principal)
- {
- form = new V2Form(new GeneralNames(new GeneralName(principal)));
- }
-
- private Object[] getNames()
- {
- GeneralNames name;
-
- if (form instanceof V2Form)
- {
- name = ((V2Form)form).getIssuerName();
- }
- else
- {
- name = (GeneralNames)form;
- }
-
- GeneralName[] names = name.getNames();
-
- List l = new ArrayList(names.length);
-
- for (int i = 0; i != names.length; i++)
- {
- if (names[i].getTagNo() == GeneralName.directoryName)
- {
- try
- {
- l.add(new X509Principal(((ASN1Encodable)names[i].getName()).toASN1Primitive().getEncoded()));
- }
- catch (IOException e)
- {
- throw new RuntimeException("badly formed Name object");
- }
- }
- }
-
- return l.toArray(new Object[l.size()]);
- }
-
- /**
- * Return any principal objects inside the attribute certificate issuer object.
- *
- * @return an array of Principal objects (usually X509Principal)
- */
- public Principal[] getPrincipals()
- {
- Object[] p = this.getNames();
- List l = new ArrayList();
-
- for (int i = 0; i != p.length; i++)
- {
- if (p[i] instanceof Principal)
- {
- l.add(p[i]);
- }
- }
-
- return (Principal[])l.toArray(new Principal[l.size()]);
- }
-
- private boolean matchesDN(X509Principal subject, GeneralNames targets)
- {
- GeneralName[] names = targets.getNames();
-
- for (int i = 0; i != names.length; i++)
- {
- GeneralName gn = names[i];
-
- if (gn.getTagNo() == GeneralName.directoryName)
- {
- try
- {
- if (new X509Principal(((ASN1Encodable)gn.getName()).toASN1Primitive().getEncoded()).equals(subject))
- {
- return true;
- }
- }
- catch (IOException e)
- {
- }
- }
- }
-
- return false;
- }
-
- /* (non-Javadoc)
- * @see java.security.cert.CertSelector#clone()
- */
- public Object clone()
- {
- return new AttributeCertificateIssuer(AttCertIssuer.getInstance(form));
- }
-
- /* (non-Javadoc)
- * @see java.security.cert.CertSelector#match(java.security.cert.Certificate)
- */
- public boolean match(Certificate cert)
- {
- if (!(cert instanceof X509Certificate))
- {
- return false;
- }
-
- X509Certificate x509Cert = (X509Certificate)cert;
-
- try
- {
- if (form instanceof V2Form)
- {
- V2Form issuer = (V2Form)form;
- if (issuer.getBaseCertificateID() != null)
- {
- return issuer.getBaseCertificateID().getSerial().getValue().equals(x509Cert.getSerialNumber())
- && matchesDN(PrincipalUtil.getIssuerX509Principal(x509Cert), issuer.getBaseCertificateID().getIssuer());
- }
-
- GeneralNames name = issuer.getIssuerName();
- if (matchesDN(PrincipalUtil.getSubjectX509Principal(x509Cert), name))
- {
- return true;
- }
- }
- else
- {
- GeneralNames name = (GeneralNames)form;
- if (matchesDN(PrincipalUtil.getSubjectX509Principal(x509Cert), name))
- {
- return true;
- }
- }
- }
- catch (CertificateEncodingException e)
- {
- return false;
- }
-
- return false;
- }
-
- public boolean equals(Object obj)
- {
- if (obj == this)
- {
- return true;
- }
-
- if (!(obj instanceof AttributeCertificateIssuer))
- {
- return false;
- }
-
- AttributeCertificateIssuer other = (AttributeCertificateIssuer)obj;
-
- return this.form.equals(other.form);
- }
-
- public int hashCode()
- {
- return this.form.hashCode();
- }
-
- public boolean match(Object obj)
- {
- if (!(obj instanceof X509Certificate))
- {
- return false;
- }
-
- return match((Certificate)obj);
- }
-}
diff --git a/prov/src/main/jdk1.1/org/bouncycastle/x509/X509AttributeCertStoreSelector.java b/prov/src/main/jdk1.1/org/bouncycastle/x509/X509AttributeCertStoreSelector.java
deleted file mode 100644
index 6ff41cbd..00000000
--- a/prov/src/main/jdk1.1/org/bouncycastle/x509/X509AttributeCertStoreSelector.java
+++ /dev/null
@@ -1,488 +0,0 @@
-package org.bouncycastle.x509;
-
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Object;
-import org.bouncycastle.asn1.ASN1Primitive;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.Target;
-import org.bouncycastle.asn1.x509.TargetInformation;
-import org.bouncycastle.asn1.x509.Targets;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.util.Selector;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.cert.CertificateExpiredException;
-import java.security.cert.CertificateNotYetValidException;
-import java.security.cert.X509CertSelector;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Date;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Set;
-
-/**
- * This class is an <code>Selector</code> like implementation to select
- * attribute certificates from a given set of criteria.
- *
- * @see org.bouncycastle.x509.X509AttributeCertificate
- * @see org.bouncycastle.x509.X509Store
- */
-public class X509AttributeCertStoreSelector
- implements Selector
-{
-
- // TODO: name constraints???
-
- private AttributeCertificateHolder holder;
-
- private AttributeCertificateIssuer issuer;
-
- private BigInteger serialNumber;
-
- private Date attributeCertificateValid;
-
- private X509AttributeCertificate attributeCert;
-
- private Collection targetNames = new HashSet();
-
- private Collection targetGroups = new HashSet();
-
- public X509AttributeCertStoreSelector()
- {
- super();
- }
-
- /**
- * Decides if the given attribute certificate should be selected.
- *
- * @param obj The attribute certificate which should be checked.
- * @return <code>true</code> if the attribute certificate can be selected,
- * <code>false</code> otherwise.
- */
- public boolean match(Object obj)
- {
- if (!(obj instanceof X509AttributeCertificate))
- {
- return false;
- }
-
- X509AttributeCertificate attrCert = (X509AttributeCertificate) obj;
-
- if (this.attributeCert != null)
- {
- if (!this.attributeCert.equals(attrCert))
- {
- return false;
- }
- }
- if (serialNumber != null)
- {
- if (!attrCert.getSerialNumber().equals(serialNumber))
- {
- return false;
- }
- }
- if (holder != null)
- {
- if (!attrCert.getHolder().equals(holder))
- {
- return false;
- }
- }
- if (issuer != null)
- {
- if (!attrCert.getIssuer().equals(issuer))
- {
- return false;
- }
- }
-
- if (attributeCertificateValid != null)
- {
- try
- {
- attrCert.checkValidity(attributeCertificateValid);
- }
- catch (CertificateExpiredException e)
- {
- return false;
- }
- catch (CertificateNotYetValidException e)
- {
- return false;
- }
- }
- if (!targetNames.isEmpty() || !targetGroups.isEmpty())
- {
-
- byte[] targetInfoExt = attrCert
- .getExtensionValue(X509Extensions.TargetInformation.getId());
- if (targetInfoExt != null)
- {
- TargetInformation targetinfo;
- try
- {
- targetinfo = TargetInformation
- .getInstance(new ASN1InputStream(
- ((DEROctetString) DEROctetString
- .fromByteArray(targetInfoExt)).getOctets())
- .readObject());
- }
- catch (IOException e)
- {
- return false;
- }
- catch (IllegalArgumentException e)
- {
- return false;
- }
- Targets[] targetss = targetinfo.getTargetsObjects();
- if (!targetNames.isEmpty())
- {
- boolean found = false;
-
- for (int i=0; i<targetss.length; i++)
- {
- Targets t = targetss[i];
- Target[] targets = t.getTargets();
- for (int j=0; j<targets.length; j++)
- {
- if (targetNames.contains(targets[j]
- .getTargetName()))
- {
- found = true;
- break;
- }
- }
- }
- if (!found)
- {
- return false;
- }
- }
- if (!targetGroups.isEmpty())
- {
- boolean found = false;
-
- for (int i=0; i<targetss.length; i++)
- {
- Targets t = targetss[i];
- Target[] targets = t.getTargets();
- for (int j=0; j<targets.length; j++)
- {
- if (targetGroups.contains(targets[j]
- .getTargetGroup()))
- {
- found = true;
- break;
- }
- }
- }
- if (!found)
- {
- return false;
- }
- }
- }
- }
- return true;
- }
-
- /**
- * Returns a clone of this object.
- *
- * @return the clone.
- */
- public Object clone()
- {
- X509AttributeCertStoreSelector sel = new X509AttributeCertStoreSelector();
- sel.attributeCert = attributeCert;
- sel.attributeCertificateValid = getAttributeCertificateValid();
- sel.holder = holder;
- sel.issuer = issuer;
- sel.serialNumber = serialNumber;
- sel.targetGroups = getTargetGroups();
- sel.targetNames = getTargetNames();
- return sel;
- }
-
- /**
- * Returns the attribute certificate which must be matched.
- *
- * @return Returns the attribute certificate.
- */
- public X509AttributeCertificate getAttributeCert()
- {
- return attributeCert;
- }
-
- /**
- * Set the attribute certificate to be matched. If <code>null</code> is
- * given any will do.
- *
- * @param attributeCert The attribute certificate to set.
- */
- public void setAttributeCert(X509AttributeCertificate attributeCert)
- {
- this.attributeCert = attributeCert;
- }
-
- /**
- * Get the criteria for the validity.
- *
- * @return Returns the attributeCertificateValid.
- */
- public Date getAttributeCertificateValid()
- {
- if (attributeCertificateValid != null)
- {
- return new Date(attributeCertificateValid.getTime());
- }
-
- return null;
- }
-
- /**
- * Set the time, when the certificate must be valid. If <code>null</code>
- * is given any will do.
- *
- * @param attributeCertificateValid The attribute certificate validation
- * time to set.
- */
- public void setAttributeCertificateValid(Date attributeCertificateValid)
- {
- if (attributeCertificateValid != null)
- {
- this.attributeCertificateValid = new Date(attributeCertificateValid
- .getTime());
- }
- else
- {
- this.attributeCertificateValid = null;
- }
- }
-
- /**
- * Gets the holder.
- *
- * @return Returns the holder.
- */
- public AttributeCertificateHolder getHolder()
- {
- return holder;
- }
-
- /**
- * Sets the holder. If <code>null</code> is given any will do.
- *
- * @param holder The holder to set.
- */
- public void setHolder(AttributeCertificateHolder holder)
- {
- this.holder = holder;
- }
-
- /**
- * Returns the issuer criterion.
- *
- * @return Returns the issuer.
- */
- public AttributeCertificateIssuer getIssuer()
- {
- return issuer;
- }
-
- /**
- * Sets the issuer the attribute certificate must have. If <code>null</code>
- * is given any will do.
- *
- * @param issuer The issuer to set.
- */
- public void setIssuer(AttributeCertificateIssuer issuer)
- {
- this.issuer = issuer;
- }
-
- /**
- * Gets the serial number the attribute certificate must have.
- *
- * @return Returns the serialNumber.
- */
- public BigInteger getSerialNumber()
- {
- return serialNumber;
- }
-
- /**
- * Sets the serial number the attribute certificate must have. If
- * <code>null</code> is given any will do.
- *
- * @param serialNumber The serialNumber to set.
- */
- public void setSerialNumber(BigInteger serialNumber)
- {
- this.serialNumber = serialNumber;
- }
-
- /**
- * Adds a target name criterion for the attribute certificate to the target
- * information extension criteria. The <code>X509AttributeCertificate</code>
- * must contain at least one of the specified target names.
- * <p>
- * Each attribute certificate may contain a target information extension
- * limiting the servers where this attribute certificate can be used. If
- * this extension is not present, the attribute certificate is not targeted
- * and may be accepted by any server.
- *
- * @param name The name as a GeneralName (not <code>null</code>)
- */
- public void addTargetName(GeneralName name)
- {
- targetNames.add(name);
- }
-
- /**
- * Adds a target name criterion for the attribute certificate to the target
- * information extension criteria. The <code>X509AttributeCertificate</code>
- * must contain at least one of the specified target names.
- * <p>
- * Each attribute certificate may contain a target information extension
- * limiting the servers where this attribute certificate can be used. If
- * this extension is not present, the attribute certificate is not targeted
- * and may be accepted by any server.
- *
- * @param name a byte array containing the name in ASN.1 DER encoded form of a GeneralName
- * @throws IOException if a parsing error occurs.
- */
- public void addTargetName(byte[] name) throws IOException
- {
- addTargetName(GeneralName.getInstance(ASN1Primitive.fromByteArray(name)));
- }
-
- /**
- * Adds a collection with target names criteria. If <code>null</code> is
- * given any will do.
- * <p>
- * The collection consists of either GeneralName objects or byte[] arrays representing
- * DER encoded GeneralName structures.
- *
- * @param names A collection of target names.
- * @throws IOException if a parsing error occurs.
- * @see #addTargetName(byte[])
- * @see #addTargetName(GeneralName)
- */
- public void setTargetNames(Collection names) throws IOException
- {
- targetNames = extractGeneralNames(names);
- }
-
- /**
- * Gets the target names. The collection consists of <code>List</code>s
- * made up of an <code>Integer</code> in the first entry and a DER encoded
- * byte array or a <code>String</code> in the second entry.
- * <p>
- * The returned collection is immutable.
- *
- * @return The collection of target names
- * @see #setTargetNames(Collection)
- */
- public Collection getTargetNames()
- {
- return Collections.unmodifiableCollection(targetNames);
- }
-
- /**
- * Adds a target group criterion for the attribute certificate to the target
- * information extension criteria. The <code>X509AttributeCertificate</code>
- * must contain at least one of the specified target groups.
- * <p>
- * Each attribute certificate may contain a target information extension
- * limiting the servers where this attribute certificate can be used. If
- * this extension is not present, the attribute certificate is not targeted
- * and may be accepted by any server.
- *
- * @param group The group as GeneralName form (not <code>null</code>)
- */
- public void addTargetGroup(GeneralName group)
- {
- targetGroups.add(group);
- }
-
- /**
- * Adds a target group criterion for the attribute certificate to the target
- * information extension criteria. The <code>X509AttributeCertificate</code>
- * must contain at least one of the specified target groups.
- * <p>
- * Each attribute certificate may contain a target information extension
- * limiting the servers where this attribute certificate can be used. If
- * this extension is not present, the attribute certificate is not targeted
- * and may be accepted by any server.
- *
- * @param name a byte array containing the group in ASN.1 DER encoded form of a GeneralName
- * @throws IOException if a parsing error occurs.
- */
- public void addTargetGroup(byte[] name) throws IOException
- {
- addTargetGroup(GeneralName.getInstance(ASN1Primitive.fromByteArray(name)));
- }
-
- /**
- * Adds a collection with target groups criteria. If <code>null</code> is
- * given any will do.
- * <p>
- * The collection consists of <code>GeneralName</code> objects or <code>byte[]</code representing DER
- * encoded GeneralNames.
- *
- * @param names A collection of target groups.
- * @throws IOException if a parsing error occurs.
- * @see #addTargetGroup(byte[])
- * @see #addTargetGroup(GeneralName)
- */
- public void setTargetGroups(Collection names) throws IOException
- {
- targetGroups = extractGeneralNames(names);
- }
-
-
-
- /**
- * Gets the target groups. The collection consists of <code>List</code>s
- * made up of an <code>Integer</code> in the first entry and a DER encoded
- * byte array or a <code>String</code> in the second entry.
- * <p>
- * The returned collection is immutable.
- *
- * @return The collection of target groups.
- * @see #setTargetGroups(Collection)
- */
- public Collection getTargetGroups()
- {
- return Collections.unmodifiableCollection(targetGroups);
- }
-
- private Set extractGeneralNames(Collection names)
- throws IOException
- {
- if (names == null || names.isEmpty())
- {
- return new HashSet();
- }
- Set temp = new HashSet();
- for (Iterator it = names.iterator(); it.hasNext();)
- {
- Object o = it.next();
- if (o instanceof GeneralName)
- {
- temp.add(o);
- }
- else
- {
- temp.add(GeneralName.getInstance(ASN1Primitive.fromByteArray((byte[])o)));
- }
- }
- return temp;
- }
-}
diff --git a/prov/src/main/jdk1.1/org/bouncycastle/x509/X509CRLStoreSelector.java b/prov/src/main/jdk1.1/org/bouncycastle/x509/X509CRLStoreSelector.java
deleted file mode 100644
index 4f0849f0..00000000
--- a/prov/src/main/jdk1.1/org/bouncycastle/x509/X509CRLStoreSelector.java
+++ /dev/null
@@ -1,26 +0,0 @@
-package org.bouncycastle.x509;
-
-import org.bouncycastle.util.Selector;
-
-import java.security.cert.X509CRLSelector;
-import java.security.cert.CRL;
-
-public class X509CRLStoreSelector
- extends X509CRLSelector
- implements Selector
-{
- public boolean match(Object obj)
- {
- if (!(obj instanceof CRL))
- {
- return false;
- }
-
- return super.match((CRL)obj);
- }
-
- public boolean match(CRL obj)
- {
- return this.match((Object)obj);
- }
-}
diff --git a/prov/src/main/jdk1.1/org/bouncycastle/x509/X509CertStoreSelector.java b/prov/src/main/jdk1.1/org/bouncycastle/x509/X509CertStoreSelector.java
deleted file mode 100644
index dbb4c556..00000000
--- a/prov/src/main/jdk1.1/org/bouncycastle/x509/X509CertStoreSelector.java
+++ /dev/null
@@ -1,26 +0,0 @@
-package org.bouncycastle.x509;
-
-import org.bouncycastle.util.Selector;
-
-import java.security.cert.X509CertSelector;
-import java.security.cert.Certificate;
-
-public class X509CertStoreSelector
- extends X509CertSelector
- implements Selector
-{
- public boolean match(Object obj)
- {
- if (!(obj instanceof Certificate))
- {
- return false;
- }
-
- return super.match((Certificate)obj);
- }
-
- public boolean match(Certificate obj)
- {
- return this.match((Object)obj);
- }
-}
diff --git a/prov/src/main/jdk1.1/org/bouncycastle/x509/X509Util.java b/prov/src/main/jdk1.1/org/bouncycastle/x509/X509Util.java
deleted file mode 100644
index 21dbcad7..00000000
--- a/prov/src/main/jdk1.1/org/bouncycastle/x509/X509Util.java
+++ /dev/null
@@ -1,397 +0,0 @@
-package org.bouncycastle.x509;
-
-import java.io.IOException;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.Provider;
-import java.security.SecureRandom;
-import java.security.Security;
-import java.security.Signature;
-import java.security.SignatureException;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.HashSet;
-import java.util.Hashtable;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Set;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1Encoding;
-import org.bouncycastle.asn1.ASN1Integer;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
-import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
-import org.bouncycastle.jce.X509Principal;
-import org.bouncycastle.util.Strings;
-
-class X509Util
-{
- private static Hashtable algorithms = new Hashtable();
- private static Hashtable params = new Hashtable();
- private static Set noParams = new HashSet();
-
- static
- {
- algorithms.put("MD2WITHRSAENCRYPTION", PKCSObjectIdentifiers.md2WithRSAEncryption);
- algorithms.put("MD2WITHRSA", PKCSObjectIdentifiers.md2WithRSAEncryption);
- algorithms.put("MD5WITHRSAENCRYPTION", PKCSObjectIdentifiers.md5WithRSAEncryption);
- algorithms.put("MD5WITHRSA", PKCSObjectIdentifiers.md5WithRSAEncryption);
- algorithms.put("SHA1WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha1WithRSAEncryption);
- algorithms.put("SHA1WITHRSA", PKCSObjectIdentifiers.sha1WithRSAEncryption);
- algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption);
- algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption);
- algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption);
- algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption);
- algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption);
- algorithms.put("SHA384WITHRSA", PKCSObjectIdentifiers.sha384WithRSAEncryption);
- algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption);
- algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption);
- algorithms.put("SHA1WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
- algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
- algorithms.put("SHA256WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
- algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
- algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
- algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
- algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
- algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
- algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
- algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
- algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
- algorithms.put("SHA1WITHDSA", X9ObjectIdentifiers.id_dsa_with_sha1);
- algorithms.put("DSAWITHSHA1", X9ObjectIdentifiers.id_dsa_with_sha1);
- algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
- algorithms.put("SHA256WITHDSA", NISTObjectIdentifiers.dsa_with_sha256);
- algorithms.put("SHA384WITHDSA", NISTObjectIdentifiers.dsa_with_sha384);
- algorithms.put("SHA512WITHDSA", NISTObjectIdentifiers.dsa_with_sha512);
- algorithms.put("SHA1WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1);
- algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1);
- algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224);
- algorithms.put("SHA256WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256);
- algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384);
- algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512);
- algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
- algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
- algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
- algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
- algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-
- //
- // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field.
- // The parameters field SHALL be NULL for RSA based signature algorithms.
- //
- noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA1);
- noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224);
- noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA256);
- noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA384);
- noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA512);
- noParams.add(X9ObjectIdentifiers.id_dsa_with_sha1);
- noParams.add(NISTObjectIdentifiers.dsa_with_sha224);
- noParams.add(NISTObjectIdentifiers.dsa_with_sha256);
- noParams.add(NISTObjectIdentifiers.dsa_with_sha384);
- noParams.add(NISTObjectIdentifiers.dsa_with_sha512);
-
- //
- // RFC 4491
- //
- noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
- noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-
- //
- // explicit params
- //
- AlgorithmIdentifier sha1AlgId = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, new DERNull());
- params.put("SHA1WITHRSAANDMGF1", creatPSSParams(sha1AlgId, 20));
-
- AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, new DERNull());
- params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28));
-
- AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, new DERNull());
- params.put("SHA256WITHRSAANDMGF1", creatPSSParams(sha256AlgId, 32));
-
- AlgorithmIdentifier sha384AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha384, new DERNull());
- params.put("SHA384WITHRSAANDMGF1", creatPSSParams(sha384AlgId, 48));
-
- AlgorithmIdentifier sha512AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha512, new DERNull());
- params.put("SHA512WITHRSAANDMGF1", creatPSSParams(sha512AlgId, 64));
- }
-
- private static RSASSAPSSparams creatPSSParams(AlgorithmIdentifier hashAlgId, int saltSize)
- {
- return new RSASSAPSSparams(
- hashAlgId,
- new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, hashAlgId),
- new ASN1Integer(saltSize),
- new ASN1Integer(1));
- }
-
- static ASN1ObjectIdentifier getAlgorithmOID(
- String algorithmName)
- {
- algorithmName = Strings.toUpperCase(algorithmName);
-
- if (algorithms.containsKey(algorithmName))
- {
- return (ASN1ObjectIdentifier)algorithms.get(algorithmName);
- }
-
- return new ASN1ObjectIdentifier(algorithmName);
- }
-
- static AlgorithmIdentifier getSigAlgID(
- ASN1ObjectIdentifier sigOid,
- String algorithmName)
- {
- if (noParams.contains(sigOid))
- {
- return new AlgorithmIdentifier(sigOid);
- }
-
- algorithmName = Strings.toUpperCase(algorithmName);
-
- if (params.containsKey(algorithmName))
- {
- return new AlgorithmIdentifier(sigOid, (ASN1Encodable)params.get(algorithmName));
- }
- else
- {
- return new AlgorithmIdentifier(sigOid, new DERNull());
- }
- }
-
- static Iterator getAlgNames()
- {
- Enumeration e = algorithms.keys();
- List l = new ArrayList();
-
- while (e.hasMoreElements())
- {
- l.add(e.nextElement());
- }
-
- return l.iterator();
- }
-
- static Signature getSignatureInstance(
- String algorithm)
- throws NoSuchAlgorithmException
- {
- return Signature.getInstance(algorithm);
- }
-
- static Signature getSignatureInstance(
- String algorithm,
- String provider)
- throws NoSuchProviderException, NoSuchAlgorithmException
- {
- if (provider != null)
- {
- return Signature.getInstance(algorithm, provider);
- }
- else
- {
- return Signature.getInstance(algorithm);
- }
- }
-
- static byte[] calculateSignature(
- ASN1ObjectIdentifier sigOid,
- String sigName,
- PrivateKey key,
- SecureRandom random,
- ASN1Encodable object)
- throws IOException, NoSuchAlgorithmException, InvalidKeyException, SignatureException
- {
- Signature sig;
-
- if (sigOid == null)
- {
- throw new IllegalStateException("no signature algorithm specified");
- }
-
- sig = X509Util.getSignatureInstance(sigName);
-
- if (random != null)
- {
- sig.initSign(key);
- }
- else
- {
- sig.initSign(key);
- }
-
- sig.update(object.toASN1Primitive().getEncoded(ASN1Encoding.DER));
-
- return sig.sign();
- }
-
- static byte[] calculateSignature(
- ASN1ObjectIdentifier sigOid,
- String sigName,
- String provider,
- PrivateKey key,
- SecureRandom random,
- ASN1Encodable object)
- throws IOException, NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, SignatureException
- {
- Signature sig;
-
- if (sigOid == null)
- {
- throw new IllegalStateException("no signature algorithm specified");
- }
-
- sig = X509Util.getSignatureInstance(sigName, provider);
-
- if (random != null)
- {
- sig.initSign(key);
- }
- else
- {
- sig.initSign(key);
- }
-
- sig.update(object.toASN1Primitive().getEncoded(ASN1Encoding.DER));
-
- return sig.sign();
- }
-
- static class Implementation
- {
- Object engine;
- Provider provider;
-
- Implementation(
- Object engine,
- Provider provider)
- {
- this.engine = engine;
- this.provider = provider;
- }
-
- Object getEngine()
- {
- return engine;
- }
-
- Provider getProvider()
- {
- return provider;
- }
- }
-
- /**
- * see if we can find an algorithm (or its alias and what it represents) in
- * the property table for the given provider.
- */
- static Implementation getImplementation(
- String baseName,
- String algorithm,
- Provider prov)
- throws NoSuchAlgorithmException
- {
- algorithm = Strings.toUpperCase(algorithm);
-
- String alias;
-
- while ((alias = prov.getProperty("Alg.Alias." + baseName + "." + algorithm)) != null)
- {
- algorithm = alias;
- }
-
- String className = prov.getProperty(baseName + "." + algorithm);
-
- if (className != null)
- {
- try
- {
- Class cls;
- ClassLoader clsLoader = prov.getClass().getClassLoader();
-
- if (clsLoader != null)
- {
- cls = clsLoader.loadClass(className);
- }
- else
- {
- cls = Class.forName(className);
- }
-
- return new Implementation(cls.newInstance(), prov);
- }
- catch (ClassNotFoundException e)
- {
- throw new IllegalStateException(
- "algorithm " + algorithm + " in provider " + prov.getName() + " but no class \"" + className + "\" found!");
- }
- catch (Exception e)
- {
- throw new IllegalStateException(
- "algorithm " + algorithm + " in provider " + prov.getName() + " but class \"" + className + "\" inaccessible!");
- }
- }
-
- throw new NoSuchAlgorithmException("cannot find implementation " + algorithm + " for provider " + prov.getName());
- }
-
- /**
- * return an implementation for a given algorithm/provider.
- * If the provider is null, we grab the first avalaible who has the required algorithm.
- */
- static Implementation getImplementation(
- String baseName,
- String algorithm)
- throws NoSuchAlgorithmException
- {
- Provider[] prov = Security.getProviders();
-
- //
- // search every provider looking for the algorithm we want.
- //
- for (int i = 0; i != prov.length; i++)
- {
- //
- // try case insensitive
- //
- Implementation imp = getImplementation(baseName, Strings.toUpperCase(algorithm), prov[i]);
- if (imp != null)
- {
- return imp;
- }
-
- try
- {
- imp = getImplementation(baseName, algorithm, prov[i]);
- }
- catch (NoSuchAlgorithmException e)
- {
- // continue
- }
- }
-
- throw new NoSuchAlgorithmException("cannot find implementation " + algorithm);
- }
-
- static Provider getProvider(String provider)
- throws NoSuchProviderException
- {
- Provider prov = Security.getProvider(provider);
-
- if (prov == null)
- {
- throw new NoSuchProviderException("Provider " + provider + " not found");
- }
-
- return prov;
- }
-}
diff --git a/prov/src/main/jdk1.1/org/bouncycastle/x509/X509V1CertificateGenerator.java b/prov/src/main/jdk1.1/org/bouncycastle/x509/X509V1CertificateGenerator.java
deleted file mode 100644
index 20f24bb9..00000000
--- a/prov/src/main/jdk1.1/org/bouncycastle/x509/X509V1CertificateGenerator.java
+++ /dev/null
@@ -1,345 +0,0 @@
-package org.bouncycastle.x509;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.GeneralSecurityException;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.SignatureException;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateParsingException;
-import java.security.cert.X509Certificate;
-import java.util.Date;
-import java.util.Iterator;
-
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Integer;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x509.TBSCertificate;
-import org.bouncycastle.asn1.x509.Time;
-import org.bouncycastle.asn1.x509.V1TBSCertificateGenerator;
-import org.bouncycastle.asn1.x509.Certificate;
-import org.bouncycastle.asn1.x509.X509Name;
-import org.bouncycastle.jce.provider.X509CertificateObject;
-
-/**
- * class to produce an X.509 Version 1 certificate.
- * @deprecated use org.bouncycastle.cert.X509v1CertificateBuilder.
- */
-public class X509V1CertificateGenerator
-{
- private V1TBSCertificateGenerator tbsGen;
- private ASN1ObjectIdentifier sigOID;
- private AlgorithmIdentifier sigAlgId;
- private String signatureAlgorithm;
-
- public X509V1CertificateGenerator()
- {
- tbsGen = new V1TBSCertificateGenerator();
- }
-
- /**
- * reset the generator
- */
- public void reset()
- {
- tbsGen = new V1TBSCertificateGenerator();
- }
-
- /**
- * set the serial number for the certificate.
- */
- public void setSerialNumber(
- BigInteger serialNumber)
- {
- if (serialNumber.compareTo(BigInteger.valueOf(0)) <= 0)
- {
- throw new IllegalArgumentException("serial number must be a positive integer");
- }
-
- tbsGen.setSerialNumber(new ASN1Integer(serialNumber));
- }
-
- /**
- * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the
- * certificate.
- */
- public void setIssuerDN(
- X509Name issuer)
- {
- tbsGen.setIssuer(issuer);
- }
-
- public void setNotBefore(
- Date date)
- {
- tbsGen.setStartDate(new Time(date));
- }
-
- public void setNotAfter(
- Date date)
- {
- tbsGen.setEndDate(new Time(date));
- }
-
- /**
- * Set the subject distinguished name. The subject describes the entity associated with the public key.
- */
- public void setSubjectDN(
- X509Name subject)
- {
- tbsGen.setSubject(subject);
- }
-
- public void setPublicKey(
- PublicKey key)
- {
- try
- {
- tbsGen.setSubjectPublicKeyInfo(new SubjectPublicKeyInfo((ASN1Sequence)new ASN1InputStream(
- new ByteArrayInputStream(key.getEncoded())).readObject()));
- }
- catch (Exception e)
- {
- throw new IllegalArgumentException("unable to process key - " + e.toString());
- }
- }
-
- /**
- * Set the signature algorithm. This can be either a name or an OID, names
- * are treated as case insensitive.
- *
- * @param signatureAlgorithm string representation of the algorithm name.
- */
- public void setSignatureAlgorithm(
- String signatureAlgorithm)
- {
- this.signatureAlgorithm = signatureAlgorithm;
-
- try
- {
- sigOID = X509Util.getAlgorithmOID(signatureAlgorithm);
- }
- catch (Exception e)
- {
- throw new IllegalArgumentException("Unknown signature type requested");
- }
-
- sigAlgId = X509Util.getSigAlgID(sigOID, signatureAlgorithm);
-
- tbsGen.setSignature(sigAlgId);
- }
-
- /**
- * generate an X509 certificate, based on the current issuer and subject
- * using the default provider "BC".
- * @deprecated use generate(key, "BC")
- */
- public X509Certificate generateX509Certificate(
- PrivateKey key)
- throws SecurityException, SignatureException, InvalidKeyException
- {
- try
- {
- return generateX509Certificate(key, "BC", null);
- }
- catch (NoSuchProviderException e)
- {
- throw new SecurityException("BC provider not installed!");
- }
- }
-
- /**
- * generate an X509 certificate, based on the current issuer and subject
- * using the default provider "BC" and the passed in source of randomness
- * @deprecated use generate(key, random, "BC")
- */
- public X509Certificate generateX509Certificate(
- PrivateKey key,
- SecureRandom random)
- throws SecurityException, SignatureException, InvalidKeyException
- {
- try
- {
- return generateX509Certificate(key, "BC", random);
- }
- catch (NoSuchProviderException e)
- {
- throw new SecurityException("BC provider not installed!");
- }
- }
-
- /**
- * generate an X509 certificate, based on the current issuer and subject,
- * using the passed in provider for the signing, and the passed in source
- * of randomness (if required).
- * @deprecated use generate()
- */
- public X509Certificate generateX509Certificate(
- PrivateKey key,
- String provider)
- throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException
- {
- return generateX509Certificate(key, provider, null);
- }
-
- /**
- * generate an X509 certificate, based on the current issuer and subject,
- * using the passed in provider for the signing, and the passed in source
- * of randomness (if required).
- * @deprecated use generate()
- */
- public X509Certificate generateX509Certificate(
- PrivateKey key,
- String provider,
- SecureRandom random)
- throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException
- {
- try
- {
- return generate(key, provider, random);
- }
- catch (NoSuchProviderException e)
- {
- throw e;
- }
- catch (SignatureException e)
- {
- throw e;
- }
- catch (InvalidKeyException e)
- {
- throw e;
- }
- catch (NoSuchAlgorithmException e)
- {
- throw new SecurityException("exception: " + e);
- }
- catch (GeneralSecurityException e)
- {
- throw new SecurityException("exception: " + e);
- }
- }
-
- /**
- * generate an X509 certificate, based on the current issuer and subject
- * using the default provider.
- * <p>
- * <b>Note:</b> this differs from the deprecated method in that the default provider is
- * used - not "BC".
- * </p>
- */
- public X509Certificate generate(
- PrivateKey key)
- throws CertificateEncodingException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
- {
- return generate(key, (SecureRandom)null);
- }
-
- /**
- * generate an X509 certificate, based on the current issuer and subject
- * using the default provider and the passed in source of randomness
- * <p>
- * <b>Note:</b> this differs from the deprecated method in that the default provider is
- * used - not "BC".
- * </p>
- */
- public X509Certificate generate(
- PrivateKey key,
- SecureRandom random)
- throws CertificateEncodingException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
- {
- TBSCertificate tbsCert = tbsGen.generateTBSCertificate();
- byte[] signature;
-
- try
- {
- signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, key, random, tbsCert);
- }
- catch (IOException e)
- {
- throw new ExtCertificateEncodingException("exception encoding TBS cert", e);
- }
-
- return generateJcaObject(tbsCert, signature);
- }
-
- /**
- * generate an X509 certificate, based on the current issuer and subject,
- * using the passed in provider for the signing, and the passed in source
- * of randomness (if required).
- */
- public X509Certificate generate(
- PrivateKey key,
- String provider)
- throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
- {
- return generate(key, provider, null);
- }
-
- /**
- * generate an X509 certificate, based on the current issuer and subject,
- * using the passed in provider for the signing, and the passed in source
- * of randomness (if required).
- */
- public X509Certificate generate(
- PrivateKey key,
- String provider,
- SecureRandom random)
- throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
- {
- TBSCertificate tbsCert = tbsGen.generateTBSCertificate();
- byte[] signature;
-
- try
- {
- signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, provider, key, random, tbsCert);
- }
- catch (IOException e)
- {
- throw new ExtCertificateEncodingException("exception encoding TBS cert", e);
- }
-
- return generateJcaObject(tbsCert, signature);
- }
-
- private X509Certificate generateJcaObject(TBSCertificate tbsCert, byte[] signature)
- throws CertificateEncodingException
- {
- ASN1EncodableVector v = new ASN1EncodableVector();
-
- v.add(tbsCert);
- v.add(sigAlgId);
- v.add(new DERBitString(signature));
-
- try
- {
- return new X509CertificateObject(Certificate.getInstance((new DERSequence(v))));
- }
- catch (CertificateParsingException e)
- {
- throw new ExtCertificateEncodingException("exception producing certificate object", e);
- }
- }
-
- /**
- * Return an iterator of the signature names supported by the generator.
- *
- * @return an iterator containing recognised names.
- */
- public Iterator getSignatureAlgNames()
- {
- return X509Util.getAlgNames();
- }
-}
diff --git a/prov/src/main/jdk1.1/org/bouncycastle/x509/X509V2AttributeCertificateGenerator.java b/prov/src/main/jdk1.1/org/bouncycastle/x509/X509V2AttributeCertificateGenerator.java
deleted file mode 100644
index 7e2a3f8f..00000000
--- a/prov/src/main/jdk1.1/org/bouncycastle/x509/X509V2AttributeCertificateGenerator.java
+++ /dev/null
@@ -1,281 +0,0 @@
-package org.bouncycastle.x509;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.SecureRandom;
-import java.security.Signature;
-import java.security.SignatureException;
-import java.util.Date;
-import java.util.Hashtable;
-import java.util.Vector;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.ASN1GeneralizedTime;
-import org.bouncycastle.asn1.ASN1Integer;
-import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.DEROutputStream;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.AttCertIssuer;
-import org.bouncycastle.asn1.x509.Attribute;
-import org.bouncycastle.asn1.x509.AttributeCertificate;
-import org.bouncycastle.asn1.x509.V2AttributeCertificateInfoGenerator;
-import org.bouncycastle.asn1.x509.AttributeCertificateInfo;
-import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.util.Strings;
-
-/**
- * class to produce an X.509 Version 2 AttributeCertificate.
- */
-public class X509V2AttributeCertificateGenerator
-{
- private V2AttributeCertificateInfoGenerator acInfoGen;
- private ASN1ObjectIdentifier sigOID;
- private AlgorithmIdentifier sigAlgId;
- private String signatureAlgorithm;
- private Hashtable extensions = null;
- private Vector extOrdering = null;
- private static Hashtable algorithms = new Hashtable();
-
- static
- {
- algorithms.put("MD2WITHRSAENCRYPTION", new ASN1ObjectIdentifier("1.2.840.113549.1.1.2"));
- algorithms.put("MD2WITHRSA", new ASN1ObjectIdentifier("1.2.840.113549.1.1.2"));
- algorithms.put("MD5WITHRSAENCRYPTION", new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"));
- algorithms.put("MD5WITHRSA", new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"));
- algorithms.put("SHA1WITHRSAENCRYPTION", new ASN1ObjectIdentifier("1.2.840.113549.1.1.5"));
- algorithms.put("SHA1WITHRSA", new ASN1ObjectIdentifier("1.2.840.113549.1.1.5"));
- algorithms.put("RIPEMD160WITHRSAENCRYPTION", new ASN1ObjectIdentifier("1.3.36.3.3.1.2"));
- algorithms.put("RIPEMD160WITHRSA", new ASN1ObjectIdentifier("1.3.36.3.3.1.2"));
- algorithms.put("SHA1WITHDSA", new ASN1ObjectIdentifier("1.2.840.10040.4.3"));
- algorithms.put("DSAWITHSHA1", new ASN1ObjectIdentifier("1.2.840.10040.4.3"));
- algorithms.put("SHA1WITHECDSA", new ASN1ObjectIdentifier("1.2.840.10045.4.1"));
- algorithms.put("ECDSAWITHSHA1", new ASN1ObjectIdentifier("1.2.840.10045.4.1"));
- }
-
- public X509V2AttributeCertificateGenerator()
- {
- acInfoGen = new V2AttributeCertificateInfoGenerator();
- }
-
- /**
- * reset the generator
- */
- public void reset()
- {
- acInfoGen = new V2AttributeCertificateInfoGenerator();
- extensions = null;
- extOrdering = null;
- }
-
- /**
- * Set the Holder of this Attribute Certificate
- */
- public void setHolder(
- AttributeCertificateHolder holder)
- {
- acInfoGen.setHolder(holder.holder);
- }
-
- /**
- * Set the issuer
- */
- public void setIssuer(
- AttributeCertificateIssuer issuer)
- {
- acInfoGen.setIssuer(AttCertIssuer.getInstance(issuer.form));
- }
-
- /**
- * Set the Signature inside the AttributeCertificateInfo
- */
- public void setSignature(
- AlgorithmIdentifier sig)
- {
- acInfoGen.setSignature(sig);
- }
-
- /**
- * set the serial number for the certificate.
- */
- public void setSerialNumber(
- BigInteger serialNumber)
- {
- acInfoGen.setSerialNumber(new ASN1Integer(serialNumber));
- }
-
- public void setNotBefore(
- Date date)
- {
- acInfoGen.setStartDate(new ASN1GeneralizedTime(date));
- }
-
- public void setNotAfter(
- Date date)
- {
- acInfoGen.setEndDate(new ASN1GeneralizedTime(date));
- }
-
- public void setSignatureAlgorithm(
- String signatureAlgorithm)
- {
- this.signatureAlgorithm = signatureAlgorithm;
-
- sigOID = (ASN1ObjectIdentifier)algorithms.get(Strings.toUpperCase(signatureAlgorithm));
-
- if (sigOID == null)
- {
- throw new IllegalArgumentException("Unknown signature type requested");
- }
-
- sigAlgId = new AlgorithmIdentifier(this.sigOID, new DERNull());
-
- acInfoGen.setSignature(sigAlgId);
- }
-
- /**
- * add an attribute
- */
- public void addAttribute(
- X509Attribute attribute)
- {
- acInfoGen.addAttribute(Attribute.getInstance(attribute.toASN1Object()));
- }
-
- public void setIssuerUniqueId(
- boolean[] iui)
- {
- // [TODO] convert boolean array to bit string
- //acInfoGen.setIssuerUniqueID(iui);
- }
-
- /**
- * add a given extension field for the standard extensions tag (tag 3)
- * @throws IOException
- */
- public void addExtension(
- String OID,
- boolean critical,
- ASN1Encodable value)
- throws IOException
- {
- this.addExtension(OID, critical, value.toASN1Primitive().getEncoded());
- }
-
- /**
- * add a given extension field for the standard extensions tag (tag 3)
- * The value parameter becomes the contents of the octet string associated
- * with the extension.
- */
- public void addExtension(
- String OID,
- boolean critical,
- byte[] value)
- {
- if (extensions == null)
- {
- extensions = new Hashtable();
- extOrdering = new Vector();
- }
-
- ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier(OID);
-
- extensions.put(oid, new X509Extension(critical, new DEROctetString(value)));
- extOrdering.addElement(oid);
- }
-
- /**
- * generate an X509 certificate, based on the current issuer and subject,
- * using the passed in provider for the signing.
- */
- public X509AttributeCertificate generateCertificate(
- PrivateKey key,
- String provider)
- throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException
- {
- return generateCertificate(key, provider, null);
- }
-
- /**
- * generate an X509 certificate, based on the current issuer and subject,
- * using the passed in provider for the signing and the supplied source
- * of randomness, if required.
- */
- public X509AttributeCertificate generateCertificate(
- PrivateKey key,
- String provider,
- SecureRandom random)
- throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException
- {
- Signature sig = null;
-
- if (sigOID == null)
- {
- throw new IllegalStateException("no signature algorithm specified");
- }
-
- try
- {
- sig = Signature.getInstance(sigOID.getId(), provider);
- }
- catch (NoSuchAlgorithmException ex)
- {
- try
- {
- sig = Signature.getInstance(signatureAlgorithm, provider);
- }
- catch (NoSuchAlgorithmException e)
- {
- throw new SecurityException("exception creating signature: " + e.toString());
- }
- }
-
- sig.initSign(key);
-
- if (extensions != null)
- {
- acInfoGen.setExtensions(new X509Extensions(extOrdering, extensions));
- }
-
- AttributeCertificateInfo acInfo = acInfoGen.generateAttributeCertificateInfo();
-
- try
- {
- ByteArrayOutputStream bOut = new ByteArrayOutputStream();
- DEROutputStream dOut = new DEROutputStream(bOut);
-
- dOut.writeObject(acInfo);
-
- sig.update(bOut.toByteArray());
- }
- catch (Exception e)
- {
- throw new SecurityException("exception encoding Attribute cert - " + e);
- }
-
- ASN1EncodableVector v = new ASN1EncodableVector();
-
- v.add(acInfo);
- v.add(sigAlgId);
- v.add(new DERBitString(sig.sign()));
-
- try
- {
- return new X509V2AttributeCertificate(new AttributeCertificate(new DERSequence(v)));
- }
- catch (IOException e)
- {
- throw new RuntimeException("constructed invalid certificate!");
- }
- }
-}
diff --git a/prov/src/main/jdk1.1/org/bouncycastle/x509/X509V2CRLGenerator.java b/prov/src/main/jdk1.1/org/bouncycastle/x509/X509V2CRLGenerator.java
deleted file mode 100644
index cac67093..00000000
--- a/prov/src/main/jdk1.1/org/bouncycastle/x509/X509V2CRLGenerator.java
+++ /dev/null
@@ -1,434 +0,0 @@
-package org.bouncycastle.x509;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.GeneralSecurityException;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.SecureRandom;
-import java.security.SignatureException;
-import java.security.cert.CRLException;
-import java.security.cert.X509CRL;
-import java.security.cert.X509CRLEntry;
-import java.util.Date;
-import java.util.Iterator;
-import java.util.Set;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.ASN1GeneralizedTime;
-import org.bouncycastle.asn1.ASN1Integer;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.CertificateList;
-import org.bouncycastle.asn1.x509.TBSCertList;
-import org.bouncycastle.asn1.x509.Time;
-import org.bouncycastle.asn1.x509.V2TBSCertListGenerator;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.asn1.x509.Extensions;
-import org.bouncycastle.asn1.x509.X509ExtensionsGenerator;
-import org.bouncycastle.asn1.x509.X509Name;
-import org.bouncycastle.jce.provider.X509CRLObject;
-
-/**
- * class to produce an X.509 Version 2 CRL.
- * @deprecated use org.bouncycastle.cert.X509v2CRLBuilder.
- */
-public class X509V2CRLGenerator
-{
- private V2TBSCertListGenerator tbsGen;
- private ASN1ObjectIdentifier sigOID;
- private AlgorithmIdentifier sigAlgId;
- private String signatureAlgorithm;
- private X509ExtensionsGenerator extGenerator;
-
- public X509V2CRLGenerator()
- {
- tbsGen = new V2TBSCertListGenerator();
- extGenerator = new X509ExtensionsGenerator();
- }
-
- /**
- * reset the generator
- */
- public void reset()
- {
- tbsGen = new V2TBSCertListGenerator();
- extGenerator.reset();
- }
-
- /**
- * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the
- * certificate.
- */
- public void setIssuerDN(
- X509Name issuer)
- {
- tbsGen.setIssuer(issuer);
- }
-
- public void setThisUpdate(
- Date date)
- {
- tbsGen.setThisUpdate(new Time(date));
- }
-
- public void setNextUpdate(
- Date date)
- {
- tbsGen.setNextUpdate(new Time(date));
- }
-
- /**
- * Reason being as indicated by CRLReason, i.e. CRLReason.keyCompromise
- * or 0 if CRLReason is not to be used
- **/
- public void addCRLEntry(BigInteger userCertificate, Date revocationDate, int reason)
- {
- tbsGen.addCRLEntry(new ASN1Integer(userCertificate), new Time(revocationDate), reason);
- }
-
- /**
- * Add a CRL entry with an Invalidity Date extension as well as a CRLReason extension.
- * Reason being as indicated by CRLReason, i.e. CRLReason.keyCompromise
- * or 0 if CRLReason is not to be used
- **/
- public void addCRLEntry(BigInteger userCertificate, Date revocationDate, int reason, Date invalidityDate)
- {
- tbsGen.addCRLEntry(new ASN1Integer(userCertificate), new Time(revocationDate), reason, new ASN1GeneralizedTime(invalidityDate));
- }
-
- /**
- * Add a CRL entry with extensions.
- **/
- public void addCRLEntry(BigInteger userCertificate, Date revocationDate, X509Extensions extensions)
- {
- tbsGen.addCRLEntry(new ASN1Integer(userCertificate), new Time(revocationDate), Extensions.getInstance(extensions));
- }
-
- /**
- * Add the CRLEntry objects contained in a previous CRL.
- *
- * @param other the X509CRL to source the other entries from.
- */
- public void addCRL(X509CRL other)
- throws CRLException
- {
- Set revocations = other.getRevokedCertificates();
-
- if (revocations != null)
- {
- Iterator it = revocations.iterator();
- while (it.hasNext())
- {
- X509CRLEntry entry = (X509CRLEntry)it.next();
-
- ASN1InputStream aIn = new ASN1InputStream(entry.getEncoded());
-
- try
- {
- tbsGen.addCRLEntry(ASN1Sequence.getInstance(aIn.readObject()));
- }
- catch (IOException e)
- {
- throw new CRLException("exception processing encoding of CRL: " + e.toString());
- }
- }
- }
- }
-
- /**
- * Set the signature algorithm. This can be either a name or an OID, names
- * are treated as case insensitive.
- *
- * @param signatureAlgorithm string representation of the algorithm name.
- */
- public void setSignatureAlgorithm(
- String signatureAlgorithm)
- {
- this.signatureAlgorithm = signatureAlgorithm;
-
- try
- {
- sigOID = X509Util.getAlgorithmOID(signatureAlgorithm);
- }
- catch (Exception e)
- {
- throw new IllegalArgumentException("Unknown signature type requested");
- }
-
- sigAlgId = X509Util.getSigAlgID(sigOID, signatureAlgorithm);
-
- tbsGen.setSignature(sigAlgId);
- }
-
- /**
- * add a given extension field for the standard extensions tag (tag 0)
- */
- public void addExtension(
- String oid,
- boolean critical,
- ASN1Encodable value)
- {
- this.addExtension(new ASN1ObjectIdentifier(oid), critical, value);
- }
-
- /**
- * add a given extension field for the standard extensions tag (tag 0)
- */
- public void addExtension(
- ASN1ObjectIdentifier oid,
- boolean critical,
- ASN1Encodable value)
- {
- extGenerator.addExtension(new ASN1ObjectIdentifier(oid.getId()), critical, value);
- }
-
- /**
- * add a given extension field for the standard extensions tag (tag 0)
- */
- public void addExtension(
- String oid,
- boolean critical,
- byte[] value)
- {
- this.addExtension(new ASN1ObjectIdentifier(oid), critical, value);
- }
-
- /**
- * add a given extension field for the standard extensions tag (tag 0)
- */
- public void addExtension(
- ASN1ObjectIdentifier oid,
- boolean critical,
- byte[] value)
- {
- extGenerator.addExtension(new ASN1ObjectIdentifier(oid.getId()), critical, value);
- }
-
- /**
- * generate an X509 CRL, based on the current issuer and subject
- * using the default provider "BC".
- * @deprecated use generate(key, "BC")
- */
- public X509CRL generateX509CRL(
- PrivateKey key)
- throws SecurityException, SignatureException, InvalidKeyException
- {
- try
- {
- return generateX509CRL(key, "BC", null);
- }
- catch (NoSuchProviderException e)
- {
- throw new SecurityException("BC provider not installed!");
- }
- }
-
- /**
- * generate an X509 CRL, based on the current issuer and subject
- * using the default provider "BC" and an user defined SecureRandom object as
- * source of randomness.
- * @deprecated use generate(key, random, "BC")
- */
- public X509CRL generateX509CRL(
- PrivateKey key,
- SecureRandom random)
- throws SecurityException, SignatureException, InvalidKeyException
- {
- try
- {
- return generateX509CRL(key, "BC", random);
- }
- catch (NoSuchProviderException e)
- {
- throw new SecurityException("BC provider not installed!");
- }
- }
-
- /**
- * generate an X509 certificate, based on the current issuer and subject
- * using the passed in provider for the signing.
- * @deprecated use generate()
- */
- public X509CRL generateX509CRL(
- PrivateKey key,
- String provider)
- throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException
- {
- return generateX509CRL(key, provider, null);
- }
-
- /**
- * generate an X509 CRL, based on the current issuer and subject,
- * using the passed in provider for the signing.
- * @deprecated use generate()
- */
- public X509CRL generateX509CRL(
- PrivateKey key,
- String provider,
- SecureRandom random)
- throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException
- {
- try
- {
- return generate(key, provider, random);
- }
- catch (NoSuchProviderException e)
- {
- throw e;
- }
- catch (SignatureException e)
- {
- throw e;
- }
- catch (InvalidKeyException e)
- {
- throw e;
- }
- catch (NoSuchAlgorithmException e)
- {
- throw new SecurityException("exception: " + e);
- }
- catch (GeneralSecurityException e)
- {
- throw new SecurityException("exception: " + e);
- }
- }
-
- /**
- * generate an X509 CRL, based on the current issuer and subject
- * using the default provider.
- * <p>
- * <b>Note:</b> this differs from the deprecated method in that the default provider is
- * used - not "BC".
- * </p>
- */
- public X509CRL generate(
- PrivateKey key)
- throws CRLException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
- {
- return generate(key, (SecureRandom)null);
- }
-
- /**
- * generate an X509 CRL, based on the current issuer and subject
- * using the default provider and an user defined SecureRandom object as
- * source of randomness.
- * <p>
- * <b>Note:</b> this differs from the deprecated method in that the default provider is
- * used - not "BC".
- * </p>
- */
- public X509CRL generate(
- PrivateKey key,
- SecureRandom random)
- throws CRLException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
- {
- TBSCertList tbsCrl = generateCertList();
- byte[] signature;
-
- try
- {
- signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, key, random, tbsCrl);
- }
- catch (IOException e)
- {
- throw new ExtCRLException("cannot generate CRL encoding", e);
- }
-
- return generateJcaObject(tbsCrl, signature);
- }
-
- /**
- * generate an X509 certificate, based on the current issuer and subject
- * using the passed in provider for the signing.
- */
- public X509CRL generate(
- PrivateKey key,
- String provider)
- throws CRLException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
- {
- return generate(key, provider, null);
- }
-
- /**
- * generate an X509 CRL, based on the current issuer and subject,
- * using the passed in provider for the signing.
- */
- public X509CRL generate(
- PrivateKey key,
- String provider,
- SecureRandom random)
- throws CRLException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
- {
- TBSCertList tbsCrl = generateCertList();
- byte[] signature;
-
- try
- {
- signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, provider, key, random, tbsCrl);
- }
- catch (IOException e)
- {
- throw new ExtCRLException("cannot generate CRL encoding", e);
- }
-
- return generateJcaObject(tbsCrl, signature);
- }
-
- private TBSCertList generateCertList()
- {
- if (!extGenerator.isEmpty())
- {
- tbsGen.setExtensions(extGenerator.generate());
- }
-
- return tbsGen.generateTBSCertList();
- }
-
- private X509CRL generateJcaObject(TBSCertList tbsCrl, byte[] signature)
- throws CRLException
- {
- ASN1EncodableVector v = new ASN1EncodableVector();
-
- v.add(tbsCrl);
- v.add(sigAlgId);
- v.add(new DERBitString(signature));
-
- return new X509CRLObject(new CertificateList(new DERSequence(v)));
- }
-
- /**
- * Return an iterator of the signature names supported by the generator.
- *
- * @return an iterator containing recognised names.
- */
- public Iterator getSignatureAlgNames()
- {
- return X509Util.getAlgNames();
- }
-
- private static class ExtCRLException
- extends CRLException
- {
- Throwable cause;
-
- ExtCRLException(String message, Throwable cause)
- {
- super(message);
- this.cause = cause;
- }
-
- public Throwable getCause()
- {
- return cause;
- }
- }
-}
diff --git a/prov/src/main/jdk1.1/org/bouncycastle/x509/X509V3CertificateGenerator.java b/prov/src/main/jdk1.1/org/bouncycastle/x509/X509V3CertificateGenerator.java
deleted file mode 100644
index 60135972..00000000
--- a/prov/src/main/jdk1.1/org/bouncycastle/x509/X509V3CertificateGenerator.java
+++ /dev/null
@@ -1,495 +0,0 @@
-package org.bouncycastle.x509;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.GeneralSecurityException;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.SignatureException;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateParsingException;
-import java.security.cert.X509Certificate;
-import java.util.Date;
-import java.util.Iterator;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1EncodableVector;
-import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Integer;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.asn1.x509.TBSCertificate;
-import org.bouncycastle.asn1.x509.Time;
-import org.bouncycastle.asn1.x509.V3TBSCertificateGenerator;
-import org.bouncycastle.asn1.x509.Certificate;
-import org.bouncycastle.asn1.x509.X509ExtensionsGenerator;
-import org.bouncycastle.asn1.x509.X509Name;
-import org.bouncycastle.jce.provider.X509CertificateObject;
-import org.bouncycastle.x509.extension.X509ExtensionUtil;
-
-/**
- * class to produce an X.509 Version 3 certificate.
- * @deprecated use org.bouncycastle.cert.X509v3CertificateBuilder.
- */
-public class X509V3CertificateGenerator
-{
- private V3TBSCertificateGenerator tbsGen;
- private ASN1ObjectIdentifier sigOID;
- private AlgorithmIdentifier sigAlgId;
- private String signatureAlgorithm;
- private X509ExtensionsGenerator extGenerator;
-
- public X509V3CertificateGenerator()
- {
- tbsGen = new V3TBSCertificateGenerator();
- extGenerator = new X509ExtensionsGenerator();
- }
-
- /**
- * reset the generator
- */
- public void reset()
- {
- tbsGen = new V3TBSCertificateGenerator();
- extGenerator.reset();
- }
-
- /**
- * set the serial number for the certificate.
- */
- public void setSerialNumber(
- BigInteger serialNumber)
- {
- if (serialNumber.compareTo(BigInteger.valueOf(0)) <= 0)
- {
- throw new IllegalArgumentException("serial number must be a positive integer");
- }
-
- tbsGen.setSerialNumber(new ASN1Integer(serialNumber));
- }
-
- /**
- * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the
- * certificate.
- */
- public void setIssuerDN(
- X509Name issuer)
- {
- tbsGen.setIssuer(issuer);
- }
-
- public void setNotBefore(
- Date date)
- {
- tbsGen.setStartDate(new Time(date));
- }
-
- public void setNotAfter(
- Date date)
- {
- tbsGen.setEndDate(new Time(date));
- }
-
- /**
- * Set the subject distinguished name. The subject describes the entity associated with the public key.
- */
- public void setSubjectDN(
- X509Name subject)
- {
- tbsGen.setSubject(subject);
- }
-
- public void setPublicKey(
- PublicKey key)
- throws IllegalArgumentException
- {
- try
- {
- tbsGen.setSubjectPublicKeyInfo(
- SubjectPublicKeyInfo.getInstance(new ASN1InputStream(key.getEncoded()).readObject()));
- }
- catch (Exception e)
- {
- throw new IllegalArgumentException("unable to process key - " + e.toString());
- }
- }
-
- /**
- * Set the signature algorithm. This can be either a name or an OID, names
- * are treated as case insensitive.
- *
- * @param signatureAlgorithm string representation of the algorithm name.
- */
- public void setSignatureAlgorithm(
- String signatureAlgorithm)
- {
- this.signatureAlgorithm = signatureAlgorithm;
-
- try
- {
- sigOID = X509Util.getAlgorithmOID(signatureAlgorithm);
- }
- catch (Exception e)
- {
- throw new IllegalArgumentException("Unknown signature type requested: " + signatureAlgorithm);
- }
-
- sigAlgId = X509Util.getSigAlgID(sigOID, signatureAlgorithm);
-
- tbsGen.setSignature(sigAlgId);
- }
-
- /**
- * Set the subject unique ID - note: it is very rare that it is correct to do this.
- */
- public void setSubjectUniqueID(boolean[] uniqueID)
- {
- tbsGen.setSubjectUniqueID(booleanToBitString(uniqueID));
- }
-
- /**
- * Set the issuer unique ID - note: it is very rare that it is correct to do this.
- */
- public void setIssuerUniqueID(boolean[] uniqueID)
- {
- tbsGen.setIssuerUniqueID(booleanToBitString(uniqueID));
- }
-
- private DERBitString booleanToBitString(boolean[] id)
- {
- byte[] bytes = new byte[(id.length + 7) / 8];
-
- for (int i = 0; i != id.length; i++)
- {
- bytes[i / 8] |= (id[i]) ? (1 << ((7 - (i % 8)))) : 0;
- }
-
- int pad = id.length % 8;
-
- if (pad == 0)
- {
- return new DERBitString(bytes);
- }
- else
- {
- return new DERBitString(bytes, 8 - pad);
- }
- }
-
- /**
- * add a given extension field for the standard extensions tag (tag 3)
- */
- public void addExtension(
- String oid,
- boolean critical,
- ASN1Encodable value)
- {
- this.addExtension(new ASN1ObjectIdentifier(oid), critical, value);
- }
-
- /**
- * add a given extension field for the standard extensions tag (tag 3)
- */
- public void addExtension(
- ASN1ObjectIdentifier oid,
- boolean critical,
- ASN1Encodable value)
- {
- extGenerator.addExtension(new ASN1ObjectIdentifier(oid.getId()), critical, value);
- }
-
- /**
- * add a given extension field for the standard extensions tag (tag 3)
- * The value parameter becomes the contents of the octet string associated
- * with the extension.
- */
- public void addExtension(
- String oid,
- boolean critical,
- byte[] value)
- {
- this.addExtension(new ASN1ObjectIdentifier(oid), critical, value);
- }
-
- /**
- * add a given extension field for the standard extensions tag (tag 3)
- */
- public void addExtension(
- ASN1ObjectIdentifier oid,
- boolean critical,
- byte[] value)
- {
- extGenerator.addExtension(new ASN1ObjectIdentifier(oid.getId()), critical, value);
- }
-
- /**
- * add a given extension field for the standard extensions tag (tag 3)
- * copying the extension value from another certificate.
- * @throws CertificateParsingException if the extension cannot be extracted.
- */
- public void copyAndAddExtension(
- String oid,
- boolean critical,
- X509Certificate cert)
- throws CertificateParsingException
- {
- byte[] extValue = cert.getExtensionValue(oid);
-
- if (extValue == null)
- {
- throw new CertificateParsingException("extension " + oid + " not present");
- }
-
- try
- {
- ASN1Encodable value = X509ExtensionUtil.fromExtensionValue(extValue);
-
- this.addExtension(oid, critical, value);
- }
- catch (IOException e)
- {
- throw new CertificateParsingException(e.toString());
- }
- }
-
- /**
- * add a given extension field for the standard extensions tag (tag 3)
- * copying the extension value from another certificate.
- * @throws CertificateParsingException if the extension cannot be extracted.
- */
- public void copyAndAddExtension(
- ASN1ObjectIdentifier oid,
- boolean critical,
- X509Certificate cert)
- throws CertificateParsingException
- {
- this.copyAndAddExtension(oid.getId(), critical, cert);
- }
-
- /**
- * generate an X509 certificate, based on the current issuer and subject
- * using the default provider "BC".
- * @deprecated use generate(key, "BC")
- */
- public X509Certificate generateX509Certificate(
- PrivateKey key)
- throws SecurityException, SignatureException, InvalidKeyException
- {
- try
- {
- return generateX509Certificate(key, "BC", null);
- }
- catch (NoSuchProviderException e)
- {
- throw new SecurityException("BC provider not installed!");
- }
- }
-
- /**
- * generate an X509 certificate, based on the current issuer and subject
- * using the default provider "BC", and the passed in source of randomness
- * (if required).
- * @deprecated use generate(key, random, "BC")
- */
- public X509Certificate generateX509Certificate(
- PrivateKey key,
- SecureRandom random)
- throws SecurityException, SignatureException, InvalidKeyException
- {
- try
- {
- return generateX509Certificate(key, "BC", random);
- }
- catch (NoSuchProviderException e)
- {
- throw new SecurityException("BC provider not installed!");
- }
- }
-
- /**
- * generate an X509 certificate, based on the current issuer and subject,
- * using the passed in provider for the signing.
- * @deprecated use generate()
- */
- public X509Certificate generateX509Certificate(
- PrivateKey key,
- String provider)
- throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException
- {
- return generateX509Certificate(key, provider, null);
- }
-
- /**
- * generate an X509 certificate, based on the current issuer and subject,
- * using the passed in provider for the signing and the supplied source
- * of randomness, if required.
- * @deprecated use generate()
- */
- public X509Certificate generateX509Certificate(
- PrivateKey key,
- String provider,
- SecureRandom random)
- throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException
- {
- try
- {
- return generate(key, provider, random);
- }
- catch (NoSuchProviderException e)
- {
- throw e;
- }
- catch (SignatureException e)
- {
- throw e;
- }
- catch (InvalidKeyException e)
- {
- throw e;
- }
- catch (NoSuchAlgorithmException e)
- {
- throw new SecurityException("exception: " + e);
- }
- catch (GeneralSecurityException e)
- {
- throw new SecurityException("exception: " + e);
- }
- }
-
- /**
- * generate an X509 certificate, based on the current issuer and subject
- * using the default provider.
- * <p>
- * <b>Note:</b> this differs from the deprecated method in that the default provider is
- * used - not "BC".
- * </p>
- */
- public X509Certificate generate(
- PrivateKey key)
- throws CertificateEncodingException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
- {
- return generate(key, (SecureRandom)null);
- }
-
- /**
- * generate an X509 certificate, based on the current issuer and subject
- * using the default provider, and the passed in source of randomness
- * (if required).
- * <p>
- * <b>Note:</b> this differs from the deprecated method in that the default provider is
- * used - not "BC".
- * </p>
- */
- public X509Certificate generate(
- PrivateKey key,
- SecureRandom random)
- throws CertificateEncodingException, IllegalStateException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
- {
- TBSCertificate tbsCert = generateTbsCert();
- byte[] signature;
-
- try
- {
- signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, key, random, tbsCert);
- }
- catch (IOException e)
- {
- throw new ExtCertificateEncodingException("exception encoding TBS cert", e);
- }
-
- try
- {
- return generateJcaObject(tbsCert, signature);
- }
- catch (CertificateParsingException e)
- {
- throw new ExtCertificateEncodingException("exception producing certificate object", e);
- }
- }
-
- /**
- * generate an X509 certificate, based on the current issuer and subject,
- * using the passed in provider for the signing.
- */
- public X509Certificate generate(
- PrivateKey key,
- String provider)
- throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
- {
- return generate(key, provider, null);
- }
-
- /**
- * generate an X509 certificate, based on the current issuer and subject,
- * using the passed in provider for the signing and the supplied source
- * of randomness, if required.
- */
- public X509Certificate generate(
- PrivateKey key,
- String provider,
- SecureRandom random)
- throws CertificateEncodingException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException
- {
- TBSCertificate tbsCert = generateTbsCert();
- byte[] signature;
-
- try
- {
- signature = X509Util.calculateSignature(sigOID, signatureAlgorithm, provider, key, random, tbsCert);
- }
- catch (IOException e)
- {
- throw new ExtCertificateEncodingException("exception encoding TBS cert", e);
- }
-
- try
- {
- return generateJcaObject(tbsCert, signature);
- }
- catch (CertificateParsingException e)
- {
- throw new ExtCertificateEncodingException("exception producing certificate object", e);
- }
- }
-
- private TBSCertificate generateTbsCert()
- {
- if (!extGenerator.isEmpty())
- {
- tbsGen.setExtensions(extGenerator.generate());
- }
-
- return tbsGen.generateTBSCertificate();
- }
-
- private X509Certificate generateJcaObject(TBSCertificate tbsCert, byte[] signature)
- throws CertificateParsingException
- {
- ASN1EncodableVector v = new ASN1EncodableVector();
-
- v.add(tbsCert);
- v.add(sigAlgId);
- v.add(new DERBitString(signature));
-
- return new X509CertificateObject(Certificate.getInstance(new DERSequence(v)));
- }
-
- /**
- * Return an iterator of the signature names supported by the generator.
- *
- * @return an iterator containing recognised names.
- */
- public Iterator getSignatureAlgNames()
- {
- return X509Util.getAlgNames();
- }
-}