From ca0c5ea98037cc3dc99a7315ddc7adc3b7023169 Mon Sep 17 00:00:00 2001 From: David Hook Date: Sat, 25 May 2013 07:27:15 +1000 Subject: fixed invalidity date added "crypto" FixedSecureRandom for commitment processing. --- .../asn1/x509/V2TBSCertListGenerator.java | 6 +- .../crypto/prng/FixedSecureRandom.java | 135 +++++++++++++++++++++ .../org/bouncycastle/asn1/test/GenerationTest.java | 57 ++++++++- 3 files changed, 194 insertions(+), 4 deletions(-) create mode 100644 src/main/java/org/bouncycastle/crypto/prng/FixedSecureRandom.java diff --git a/src/main/java/org/bouncycastle/asn1/x509/V2TBSCertListGenerator.java b/src/main/java/org/bouncycastle/asn1/x509/V2TBSCertListGenerator.java index 388ca30d..869f5bc5 100644 --- a/src/main/java/org/bouncycastle/asn1/x509/V2TBSCertListGenerator.java +++ b/src/main/java/org/bouncycastle/asn1/x509/V2TBSCertListGenerator.java @@ -149,7 +149,7 @@ public class V2TBSCertListGenerator if (invalidityDate != null) { - v.add(createInvalidityDateExtension(revocationDate)); + v.add(createInvalidityDateExtension(invalidityDate)); } internalAddCRLEntry(userCertificate, revocationDate, new DERSequence(v)); @@ -158,7 +158,7 @@ public class V2TBSCertListGenerator { ASN1EncodableVector v = new ASN1EncodableVector(); - v.add(createInvalidityDateExtension(revocationDate)); + v.add(createInvalidityDateExtension(invalidityDate)); internalAddCRLEntry(userCertificate, revocationDate, new DERSequence(v)); } @@ -262,7 +262,7 @@ public class V2TBSCertListGenerator return new DERSequence(v); } - private static ASN1Sequence createInvalidityDateExtension(Time invalidityDate) + private static ASN1Sequence createInvalidityDateExtension(ASN1GeneralizedTime invalidityDate) { ASN1EncodableVector v = new ASN1EncodableVector(); diff --git a/src/main/java/org/bouncycastle/crypto/prng/FixedSecureRandom.java b/src/main/java/org/bouncycastle/crypto/prng/FixedSecureRandom.java new file mode 100644 index 00000000..209b5e21 --- /dev/null +++ b/src/main/java/org/bouncycastle/crypto/prng/FixedSecureRandom.java @@ -0,0 +1,135 @@ +package org.bouncycastle.crypto.prng; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.security.SecureRandom; + +public class FixedSecureRandom + extends SecureRandom +{ + private byte[] _data; + + private int _index; + private int _intPad; + + public FixedSecureRandom(byte[] value) + { + this(false, new byte[][] { value }); + } + + public FixedSecureRandom( + byte[][] values) + { + this(false, values); + } + + /** + * Pad the data on integer boundaries. This is necessary for the classpath project's BigInteger + * implementation. + */ + public FixedSecureRandom( + boolean intPad, + byte[] value) + { + this(intPad, new byte[][] { value }); + } + + /** + * Pad the data on integer boundaries. This is necessary for the classpath project's BigInteger + * implementation. + */ + public FixedSecureRandom( + boolean intPad, + byte[][] values) + { + ByteArrayOutputStream bOut = new ByteArrayOutputStream(); + + for (int i = 0; i != values.length; i++) + { + try + { + bOut.write(values[i]); + } + catch (IOException e) + { + throw new IllegalArgumentException("can't save value array."); + } + } + + _data = bOut.toByteArray(); + + if (intPad) + { + _intPad = _data.length % 4; + } + } + + public void nextBytes(byte[] bytes) + { + System.arraycopy(_data, _index, bytes, 0, bytes.length); + + _index += bytes.length; + } + + // + // classpath's implementation of SecureRandom doesn't currently go back to nextBytes + // when next is called. We can't override next as it's a final method. + // + public int nextInt() + { + int val = 0; + + val |= nextValue() << 24; + val |= nextValue() << 16; + + if (_intPad == 2) + { + _intPad--; + } + else + { + val |= nextValue() << 8; + } + + if (_intPad == 1) + { + _intPad--; + } + else + { + val |= nextValue(); + } + + return val; + } + + // + // classpath's implementation of SecureRandom doesn't currently go back to nextBytes + // when next is called. We can't override next as it's a final method. + // + public long nextLong() + { + long val = 0; + + val |= (long)nextValue() << 56; + val |= (long)nextValue() << 48; + val |= (long)nextValue() << 40; + val |= (long)nextValue() << 32; + val |= (long)nextValue() << 24; + val |= (long)nextValue() << 16; + val |= (long)nextValue() << 8; + val |= (long)nextValue(); + + return val; + } + + public boolean isExhausted() + { + return _index == _data.length; + } + + private int nextValue() + { + return _data[_index++] & 0xff; + } +} diff --git a/src/test/java/org/bouncycastle/asn1/test/GenerationTest.java b/src/test/java/org/bouncycastle/asn1/test/GenerationTest.java index 7d4f7497..5c122a69 100644 --- a/src/test/java/org/bouncycastle/asn1/test/GenerationTest.java +++ b/src/test/java/org/bouncycastle/asn1/test/GenerationTest.java @@ -4,11 +4,13 @@ import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.math.BigInteger; +import java.text.ParseException; import java.util.Date; import java.util.Hashtable; import java.util.Vector; import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1GeneralizedTime; import org.bouncycastle.asn1.ASN1InputStream; import org.bouncycastle.asn1.ASN1Integer; import org.bouncycastle.asn1.ASN1OutputStream; @@ -348,7 +350,60 @@ public class GenerationTest // // check we can add a custom reason // - gen.addCRLEntry(new ASN1Integer(1), new Time(new Date(1000)), 128); + gen.addCRLEntry(new ASN1Integer(1), new Time(new Date(1000)), CRLReason.aACompromise); + + // + // check invalidity date + gen.addCRLEntry(new ASN1Integer(2), new Time(new Date(1000)), CRLReason.affiliationChanged, new ASN1GeneralizedTime(new Date(2000))); + + TBSCertList crl = gen.generateTBSCertList(); + + TBSCertList.CRLEntry[] entries = crl.getRevokedCertificates(); + for (int i = 0; i != entries.length; i++) + { + TBSCertList.CRLEntry entry = entries[i]; + + if (entry.getUserCertificate().equals(new ASN1Integer(1))) + { + Extensions extensions = entry.getExtensions(); + Extension ext = extensions.getExtension(Extension.reasonCode); + + CRLReason r = CRLReason.getInstance(ext.getParsedValue()); + + if (r.getValue().intValue() != CRLReason.aACompromise) + { + fail("reason code mismatch"); + } + } + else if (entry.getUserCertificate().equals(new ASN1Integer(2))) + { + Extensions extensions = entry.getExtensions(); + Extension ext = extensions.getExtension(Extension.reasonCode); + + CRLReason r = CRLReason.getInstance(ext.getParsedValue()); + + if (r.getValue().intValue() != CRLReason.affiliationChanged) + { + fail("reason code mismatch"); + } + + ext = extensions.getExtension(Extension.invalidityDate); + + ASN1GeneralizedTime t = ASN1GeneralizedTime.getInstance(ext.getParsedValue()); + + try + { + if (!t.getDate().equals(new Date(2000))) + { + fail("invalidity date mismatch"); + } + } + catch (ParseException e) + { + fail("can't parse date", e); + } + } + } } public void performTest() -- cgit v1.2.3