diff options
| author | Brian Carlstrom <bdc@google.com> | 2010-06-17 13:40:05 -0700 |
|---|---|---|
| committer | Jean-Baptiste Queru <jbq@google.com> | 2010-06-18 11:06:18 -0700 |
| commit | 845cc0816af30c6753dee2fb33f8c3ece638bd66 (patch) | |
| tree | e47968660072f0c87cd76842b5d3bb23e37ba83d /luni/src/main/java | |
| parent | 32a84bfee7611f4553de46465a7fc00ecff99b81 (diff) | |
| download | libcore-845cc0816af30c6753dee2fb33f8c3ece638bd66.zip libcore-845cc0816af30c6753dee2fb33f8c3ece638bd66.tar.gz libcore-845cc0816af30c6753dee2fb33f8c3ece638bd66.tar.bz2 | |
libcore/luni/src/main/java/org/bouncycastle moved to external/bouncycastle/src/main/java/org/bouncycastle
Change-Id: I288db1607ad6f45dea71e7496d4d94c9707779f6
Diffstat (limited to 'luni/src/main/java')
471 files changed, 0 insertions, 76664 deletions
diff --git a/luni/src/main/java/org/bouncycastle/asn1/ASN1Choice.java b/luni/src/main/java/org/bouncycastle/asn1/ASN1Choice.java deleted file mode 100644 index 603131d..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/ASN1Choice.java +++ /dev/null @@ -1,14 +0,0 @@ -package org.bouncycastle.asn1; - -/** - * Marker interface for CHOICE objects - if you implement this in a role your - * own object any attempt to tag the object implicitly will convert the tag to - * an explicit one as the encoding rules require. - * <p> - * If you use this interface your class should also implement the getInstance - * pattern which takes a tag object and the tagging mode used. - */ -public interface ASN1Choice -{ - // marker interface -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/ASN1Collection.java b/luni/src/main/java/org/bouncycastle/asn1/ASN1Collection.java deleted file mode 100644 index a51dda1..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/ASN1Collection.java +++ /dev/null @@ -1,298 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.util.Enumeration; -import java.util.ConcurrentModificationException; - -// BEGIN android-note -/* - * This is a new class that was synthesized from ASN1Sequence and - * ASN1Set, but with extra smarts about efficiently storing its - * elements. - */ -// END android-note - -/** - * Base class for collection-like <code>DERObject</code>s. Instances - * of this class will keep up to four elements directly, resorting to - * an external collection only if more elements than that need to be - * stored. - */ -public abstract class ASN1Collection - extends DERObject -{ - /** >= 0; size of the collection */ - private int size; - - /** null-ok; element #0 */ - private DEREncodable obj0; - - /** null-ok; element #1 */ - private DEREncodable obj1; - - /** null-ok; element #2 */ - private DEREncodable obj2; - - /** null-ok; element #3 */ - private DEREncodable obj3; - - /** null-ok; elements #4 and higher */ - private DEREncodable[] rest; - - /** - * Returns the object at the postion indicated by index. - * - * @param index the index (starting at zero) of the object - * @return the object at the postion indicated by index - */ - public final DEREncodable getObjectAt(int index) { - if ((index < 0) || (index >= size)) { - throw new IndexOutOfBoundsException(Integer.toString(index)); - } - - switch (index) { - case 0: return obj0; - case 1: return obj1; - case 2: return obj2; - case 3: return obj3; - default: return rest[index - 4]; - } - } - - /** - * Returns the number of objects in this instance. - * - * @return the number of objects in this instance - */ - public final int size() { - return size; - } - - /** {@inheritDoc} */ - public final int hashCode() { - Enumeration e = this.getObjects(); - int hashCode = 0; - - while (e.hasMoreElements()) { - Object o = e.nextElement(); - - if (o != null) { - hashCode ^= o.hashCode(); - } - } - - return hashCode; - } - - /** - * Adds a new element to this instance. - * - * @param obj non-null; the instance to add - */ - protected void addObject(DEREncodable obj) { - if (obj == null) { - throw new NullPointerException("obj == null"); - } - - int sz = size; - - switch (sz) { - case 0: obj0 = obj; break; - case 1: obj1 = obj; break; - case 2: obj2 = obj; break; - case 3: obj3 = obj; break; - case 4: { - // Initial allocation of rest. - rest = new DEREncodable[5]; - rest[0] = obj; - break; - } - default: { - int index = sz - 4; - if (index >= rest.length) { - // Grow rest. - DEREncodable[] newRest = new DEREncodable[index * 2 + 10]; - System.arraycopy(rest, 0, newRest, 0, rest.length); - rest = newRest; - } - rest[index] = obj; - break; - } - } - - size++; - } - - /** - * Sets the element at a given index (used by {@link #sort}). - * - * @param obj non-null; the object to set - * @param index >= 0; the index - */ - private void setObjectAt(DEREncodable obj, int index) { - switch (index) { - case 0: obj0 = obj; break; - case 1: obj1 = obj; break; - case 2: obj2 = obj; break; - case 3: obj3 = obj; break; - default: { - rest[index - 4] = obj; - break; - } - } - } - - /** - * Encodes this instance to the given stream. - * - * @param out non-null; stream to encode to - */ - /*package*/ abstract void encode(DEROutputStream out) throws IOException; - - /** - * Gets an enumeration of all the objects in this collection. - * - * @return non-null; the enumeration - */ - public final Enumeration getObjects() { - return new ASN1CollectionEnumeration(); - } - - /** - * Associated enumeration class. - */ - private class ASN1CollectionEnumeration implements Enumeration { - /** original size; used for modification detection */ - private final int origSize = size; - - /** >= 0; current cursor */ - private int at = 0; - - /** {@inheritDoc} */ - public boolean hasMoreElements() { - if (size != origSize) { - throw new ConcurrentModificationException(); - } - - return at < origSize; - } - - /** {@inheritDoc} */ - public Object nextElement() { - if (size != origSize) { - throw new ConcurrentModificationException(); - } - - switch (at++) { - case 0: return obj0; - case 1: return obj1; - case 2: return obj2; - case 3: return obj3; - default: return rest[at - 5]; - } - } - } - - /** - * Sorts the elements in this instance. - */ - protected void sort() { - if (size <= 1) { - return; - } - - boolean swapped = true; - - // TODO: This is bubble sort. Probably not the best choice. - while (swapped) { - int index = 0; - byte[] a = getEncoded(getObjectAt(0)); - - swapped = false; - - while (index != size - 1) { - int nextIndex = index + 1; - byte[] b = getEncoded(getObjectAt(nextIndex)); - - if (lessThanOrEqual(a, b)) { - a = b; - } else { - DEREncodable o = getObjectAt(index); - - setObjectAt(getObjectAt(nextIndex), index); - setObjectAt(o, nextIndex); - - swapped = true; - } - - index++; - } - } - } - - /** - * Returns true if a <= b (arrays are assumed padded with zeros). - */ - private static boolean lessThanOrEqual(byte[] a, byte[] b) { - if (a.length <= b.length) { - for (int i = 0; i != a.length; i++) { - int l = a[i] & 0xff; - int r = b[i] & 0xff; - - if (r > l) { - return true; - } else if (l > r) { - return false; - } - } - - return true; - } else { - for (int i = 0; i != b.length; i++) { - int l = a[i] & 0xff; - int r = b[i] & 0xff; - - if (r > l) { - return true; - } else if (l > r) { - return false; - } - } - - return false; - } - } - - /** - * Gets the encoded form of an object. - * - * @param obj non-null; object to encode - * @return non-null; the encoded form - */ - private static byte[] getEncoded(DEREncodable obj) { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - ASN1OutputStream aOut = new ASN1OutputStream(bOut); - - try { - aOut.writeObject(obj); - } catch (IOException e) { - throw new IllegalArgumentException( - "cannot encode object added to collection"); - } - - return bOut.toByteArray(); - } - - /** {@inheritDoc} */ - public final String toString() { - StringBuilder sb = new StringBuilder(); - sb.append('['); - for (int i = 0; i < size; i++) { - if (i != 0) sb.append(", "); - sb.append(getObjectAt(i)); - } - sb.append(']'); - return sb.toString(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/ASN1Encodable.java b/luni/src/main/java/org/bouncycastle/asn1/ASN1Encodable.java deleted file mode 100644 index 2b993c5..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/ASN1Encodable.java +++ /dev/null @@ -1,81 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; - -public abstract class ASN1Encodable - implements DEREncodable -{ - public static final String DER = "DER"; - public static final String BER = "BER"; - - public byte[] getEncoded() - throws IOException - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - ASN1OutputStream aOut = new ASN1OutputStream(bOut); - - aOut.writeObject(this); - - return bOut.toByteArray(); - } - - public byte[] getEncoded( - String encoding) - throws IOException - { - if (encoding.equals(DER)) - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - - dOut.writeObject(this); - - return bOut.toByteArray(); - } - - return this.getEncoded(); - } - - /** - * Return the DER encoding of the object, null if the DER encoding can not be made. - * - * @return a DER byte array, null otherwise. - */ - public byte[] getDEREncoded() - { - try - { - return this.getEncoded(DER); - } - catch (IOException e) - { - return null; - } - } - - public int hashCode() - { - return this.toASN1Object().hashCode(); - } - - public boolean equals( - Object o) - { - if ((o == null) || !(o instanceof DEREncodable)) - { - return false; - } - - DEREncodable other = (DEREncodable)o; - - return this.toASN1Object().equals(other.getDERObject()); - } - - public DERObject getDERObject() - { - return this.toASN1Object(); - } - - public abstract DERObject toASN1Object(); -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/ASN1EncodableVector.java b/luni/src/main/java/org/bouncycastle/asn1/ASN1EncodableVector.java deleted file mode 100644 index d74e56b..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/ASN1EncodableVector.java +++ /dev/null @@ -1,10 +0,0 @@ -package org.bouncycastle.asn1; - -/** - * the parent class for this will eventually disappear. Use this one! - */ -public class ASN1EncodableVector - extends DEREncodableVector -{ - // migrating from DEREncodeableVector -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/ASN1InputStream.java b/luni/src/main/java/org/bouncycastle/asn1/ASN1InputStream.java deleted file mode 100644 index 03f06fe..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/ASN1InputStream.java +++ /dev/null @@ -1,531 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.EOFException; -import java.io.FilterInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.util.Vector; - -/** - * a general purpose ASN.1 decoder - note: this class differs from the - * others in that it returns null after it has read the last object in - * the stream. If an ASN.1 NULL is encountered a DER/BER Null object is - * returned. - */ -public class ASN1InputStream - extends FilterInputStream - implements DERTags -{ - private DERObject END_OF_STREAM = new DERObject() - { - void encode( - DEROutputStream out) - throws IOException - { - throw new IOException("Eeek!"); - } - public int hashCode() - { - return 0; - } - public boolean equals( - Object o) - { - return o == this; - } - }; - - boolean eofFound = false; - int limit = Integer.MAX_VALUE; - - public ASN1InputStream( - InputStream is) - { - super(is); - } - - /** - * Create an ASN1InputStream based on the input byte array. The length of DER objects in - * the stream is automatically limited to the length of the input array. - * - * @param input array containing ASN.1 encoded data. - */ - public ASN1InputStream( - byte[] input) - { - this(new ByteArrayInputStream(input), input.length); - } - - /** - * Create an ASN1InputStream where no DER object will be longer than limit. - * - * @param input stream containing ASN.1 encoded data. - * @param limit maximum size of a DER encoded object. - */ - public ASN1InputStream( - InputStream input, - int limit) - { - super(input); - this.limit = limit; - } - - protected int readLength() - throws IOException - { - int length = read(); - if (length < 0) - { - throw new IOException("EOF found when length expected"); - } - - if (length == 0x80) - { - return -1; // indefinite-length encoding - } - - if (length > 127) - { - int size = length & 0x7f; - - if (size > 4) - { - throw new IOException("DER length more than 4 bytes"); - } - - length = 0; - for (int i = 0; i < size; i++) - { - int next = read(); - - if (next < 0) - { - throw new IOException("EOF found reading length"); - } - - length = (length << 8) + next; - } - - if (length < 0) - { - throw new IOException("corrupted steam - negative length found"); - } - - if (length >= limit) // after all we must have read at least 1 byte - { - throw new IOException("corrupted steam - out of bounds length found"); - } - } - - return length; - } - - protected void readFully( - byte[] bytes) - throws IOException - { - int left = bytes.length; - int len; - - if (left == 0) - { - return; - } - - while ((len = read(bytes, bytes.length - left, left)) > 0) - { - if ((left -= len) == 0) - { - return; - } - } - - if (left != 0) - { - throw new EOFException("EOF encountered in middle of object"); - } - } - - /** - * build an object given its tag and a byte stream to construct it - * from. - */ - protected DERObject buildObject( - int tag, - int tagNo, - byte[] bytes) - throws IOException - { - if ((tag & APPLICATION) != 0) - { - return new DERApplicationSpecific(tag, bytes); - } - - switch (tag) - { - case NULL: - // BEGIN android-changed - return DERNull.THE_ONE; - //END android-changed - case SEQUENCE | CONSTRUCTED: - ASN1InputStream aIn = new ASN1InputStream(bytes); - ASN1EncodableVector v = new ASN1EncodableVector(); - - DERObject obj = aIn.readObject(); - - while (obj != null) - { - v.add(obj); - obj = aIn.readObject(); - } - - return new DERSequence(v); - case SET | CONSTRUCTED: - aIn = new ASN1InputStream(bytes); - v = new ASN1EncodableVector(); - - obj = aIn.readObject(); - - while (obj != null) - { - v.add(obj); - obj = aIn.readObject(); - } - - return new DERSet(v, false); - case BOOLEAN: - // BEGIN android-changed - return DERBoolean.getInstance(bytes); - // END android-changed - case INTEGER: - return new DERInteger(bytes); - case ENUMERATED: - return new DEREnumerated(bytes); - case OBJECT_IDENTIFIER: - return new DERObjectIdentifier(bytes); - case BIT_STRING: - int padBits = bytes[0]; - byte[] data = new byte[bytes.length - 1]; - - System.arraycopy(bytes, 1, data, 0, bytes.length - 1); - - return new DERBitString(data, padBits); - case NUMERIC_STRING: - return new DERNumericString(bytes); - case UTF8_STRING: - return new DERUTF8String(bytes); - case PRINTABLE_STRING: - return new DERPrintableString(bytes); - case IA5_STRING: - return new DERIA5String(bytes); - case T61_STRING: - return new DERT61String(bytes); - case VISIBLE_STRING: - return new DERVisibleString(bytes); - case GENERAL_STRING: - return new DERGeneralString(bytes); - case UNIVERSAL_STRING: - return new DERUniversalString(bytes); - case BMP_STRING: - return new DERBMPString(bytes); - case OCTET_STRING: - return new DEROctetString(bytes); - case OCTET_STRING | CONSTRUCTED: - return buildDerConstructedOctetString(bytes); - case UTC_TIME: - return new DERUTCTime(bytes); - case GENERALIZED_TIME: - return new DERGeneralizedTime(bytes); - default: - // - // with tagged object tag number is bottom 5 bits - // - - if ((tag & TAGGED) != 0) - { - if (bytes.length == 0) // empty tag! - { - if ((tag & CONSTRUCTED) == 0) - { - // BEGIN android-changed - return new DERTaggedObject(false, tagNo, DERNull.THE_ONE); - // END android-changed - } - else - { - return new DERTaggedObject(false, tagNo, new DERSequence()); - } - } - - // - // simple type - implicit... return an octet string - // - if ((tag & CONSTRUCTED) == 0) - { - return new DERTaggedObject(false, tagNo, new DEROctetString(bytes)); - } - - aIn = new ASN1InputStream(bytes); - - DEREncodable dObj = aIn.readObject(); - - // - // explicitly tagged (probably!) - if it isn't we'd have to - // tell from the context - // - if (aIn.available() == 0) - { - return new DERTaggedObject(tagNo, dObj); - } - - // - // another implicit object, we'll create a sequence... - // - v = new ASN1EncodableVector(); - - while (dObj != null) - { - v.add(dObj); - dObj = aIn.readObject(); - } - - return new DERTaggedObject(false, tagNo, new DERSequence(v)); - } - - return new DERUnknownTag(tag, bytes); - } - } - - /** - * read a string of bytes representing an indefinite length object. - */ - private byte[] readIndefiniteLengthFully() - throws IOException - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - int b, b1; - - b1 = read(); - - while ((b = read()) >= 0) - { - if (b1 == 0 && b == 0) - { - break; - } - - bOut.write(b1); - b1 = b; - } - - return bOut.toByteArray(); - } - - private BERConstructedOctetString buildConstructedOctetString() - throws IOException - { - Vector octs = new Vector(); - - for (;;) - { - DERObject o = readObject(); - - if (o == END_OF_STREAM) - { - break; - } - - octs.addElement(o); - } - - return new BERConstructedOctetString(octs); - } - - // - // yes, people actually do this... - // - private BERConstructedOctetString buildDerConstructedOctetString(byte[] input) - throws IOException - { - Vector octs = new Vector(); - ASN1InputStream aIn = new ASN1InputStream(input); - DERObject o; - - while ((o = aIn.readObject()) != null) - { - octs.addElement(o); - } - - return new BERConstructedOctetString(octs); - } - - public DERObject readObject() - throws IOException - { - int tag = read(); - if (tag == -1) - { - if (eofFound) - { - throw new EOFException("attempt to read past end of file."); - } - - eofFound = true; - - return null; - } - - int tagNo = 0; - - if ((tag & TAGGED) != 0) - { - tagNo = readTagNumber(tag); - } - - int length = readLength(); - - if (length < 0) // indefinite length method - { - switch (tag) - { - case NULL: - // BEGIN android-changed - return BERNull.THE_ONE; - // END android-changed - case SEQUENCE | CONSTRUCTED: - ASN1EncodableVector v = new ASN1EncodableVector(); - - for (;;) - { - DERObject obj = readObject(); - - if (obj == END_OF_STREAM) - { - break; - } - - v.add(obj); - } - return new BERSequence(v); - case SET | CONSTRUCTED: - v = new ASN1EncodableVector(); - - for (;;) - { - DERObject obj = readObject(); - - if (obj == END_OF_STREAM) - { - break; - } - - v.add(obj); - } - return new BERSet(v, false); - case OCTET_STRING | CONSTRUCTED: - return buildConstructedOctetString(); - default: - // - // with tagged object tag number is bottom 5 bits - // - if ((tag & TAGGED) != 0) - { - // - // simple type - implicit... return an octet string - // - if ((tag & CONSTRUCTED) == 0) - { - byte[] bytes = readIndefiniteLengthFully(); - - return new BERTaggedObject(false, tagNo, new DEROctetString(bytes)); - } - - // - // either constructed or explicitly tagged - // - DERObject dObj = readObject(); - - if (dObj == END_OF_STREAM) // empty tag! - { - return new DERTaggedObject(tagNo); - } - - DERObject next = readObject(); - - // - // explicitly tagged (probably!) - if it isn't we'd have to - // tell from the context - // - if (next == END_OF_STREAM) - { - return new BERTaggedObject(tagNo, dObj); - } - - // - // another implicit object, we'll create a sequence... - // - v = new ASN1EncodableVector(); - - v.add(dObj); - - do - { - v.add(next); - next = readObject(); - } - while (next != END_OF_STREAM); - - return new BERTaggedObject(false, tagNo, new BERSequence(v)); - } - - throw new IOException("unknown BER object encountered"); - } - } - else - { - if (tag == 0 && length == 0) // end of contents marker. - { - return END_OF_STREAM; - } - - byte[] bytes = new byte[length]; - - readFully(bytes); - - return buildObject(tag, tagNo, bytes); - } - } - - private int readTagNumber(int tag) - throws IOException - { - int tagNo = tag & 0x1f; - - if (tagNo == 0x1f) - { - int b = read(); - - tagNo = 0; - - while ((b >= 0) && ((b & 0x80) != 0)) - { - tagNo |= (b & 0x7f); - tagNo <<= 7; - b = read(); - } - - if (b < 0) - { - eofFound = true; - throw new EOFException("EOF found inside tag value."); - } - - tagNo |= (b & 0x7f); - } - - return tagNo; - } -} - diff --git a/luni/src/main/java/org/bouncycastle/asn1/ASN1Null.java b/luni/src/main/java/org/bouncycastle/asn1/ASN1Null.java deleted file mode 100644 index dcb823d..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/ASN1Null.java +++ /dev/null @@ -1,40 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -/** - * A NULL object. - */ -public abstract class ASN1Null - extends DERObject -{ - // BEGIN android-changed - /*package*/ ASN1Null() - { - } - // END android-changed - - public int hashCode() - { - return 0; - } - - public boolean equals( - Object o) - { - if ((o == null) || !(o instanceof ASN1Null)) - { - return false; - } - - return true; - } - - abstract void encode(DEROutputStream out) - throws IOException; - - public String toString() - { - return "NULL"; - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/ASN1OctetString.java b/luni/src/main/java/org/bouncycastle/asn1/ASN1OctetString.java deleted file mode 100644 index a65d268..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/ASN1OctetString.java +++ /dev/null @@ -1,147 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.util.Enumeration; -import java.util.Vector; -import org.bouncycastle.util.encoders.Hex; - -public abstract class ASN1OctetString - extends DERObject -{ - byte[] string; - - /** - * return an Octet String from a tagged object. - * - * @param obj the tagged object holding the object we want. - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the tagged object cannot - * be converted. - */ - public static ASN1OctetString getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(obj.getObject()); - } - - /** - * return an Octet String from the given object. - * - * @param obj the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static ASN1OctetString getInstance( - Object obj) - { - if (obj == null || obj instanceof ASN1OctetString) - { - return (ASN1OctetString)obj; - } - - if (obj instanceof ASN1TaggedObject) - { - return getInstance(((ASN1TaggedObject)obj).getObject()); - } - - if (obj instanceof ASN1Sequence) - { - Vector v = new Vector(); - Enumeration e = ((ASN1Sequence)obj).getObjects(); - - while (e.hasMoreElements()) - { - v.addElement(e.nextElement()); - } - - return new BERConstructedOctetString(v); - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - /** - * @param string the octets making up the octet string. - */ - public ASN1OctetString( - byte[] string) - { - this.string = string; - } - - public ASN1OctetString( - DEREncodable obj) - { - try - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - - dOut.writeObject(obj); - dOut.close(); - - this.string = bOut.toByteArray(); - } - catch (IOException e) - { - throw new IllegalArgumentException("Error processing object : " + e.toString()); - } - } - - public byte[] getOctets() - { - return string; - } - - public int hashCode() - { - byte[] b = this.getOctets(); - int value = 0; - - for (int i = 0; i != b.length; i++) - { - value ^= (b[i] & 0xff) << (i % 4); - } - - return value; - } - - public boolean equals( - Object o) - { - if (!(o instanceof DEROctetString)) - { - return false; - } - - DEROctetString other = (DEROctetString)o; - - byte[] b1 = other.getOctets(); - byte[] b2 = this.getOctets(); - - if (b1.length != b2.length) - { - return false; - } - - for (int i = 0; i != b1.length; i++) - { - if (b1[i] != b2[i]) - { - return false; - } - } - - return true; - } - - abstract void encode(DEROutputStream out) - throws IOException; - - public String toString() - { - return "#"+new String(Hex.encode(string)); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/ASN1OutputStream.java b/luni/src/main/java/org/bouncycastle/asn1/ASN1OutputStream.java deleted file mode 100644 index 5897d09..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/ASN1OutputStream.java +++ /dev/null @@ -1,36 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; -import java.io.OutputStream; - -public class ASN1OutputStream - extends DEROutputStream -{ - public ASN1OutputStream( - OutputStream os) - { - super(os); - } - - public void writeObject( - Object obj) - throws IOException - { - if (obj == null) - { - writeNull(); - } - else if (obj instanceof DERObject) - { - ((DERObject)obj).encode(this); - } - else if (obj instanceof DEREncodable) - { - ((DEREncodable)obj).getDERObject().encode(this); - } - else - { - throw new IOException("object not ASN1Encodable"); - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/ASN1Sequence.java b/luni/src/main/java/org/bouncycastle/asn1/ASN1Sequence.java deleted file mode 100644 index 400b1dc..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/ASN1Sequence.java +++ /dev/null @@ -1,216 +0,0 @@ -package org.bouncycastle.asn1; - -// BEGIN android-removed -//import java.io.IOException; -// END android-removed -import java.util.Enumeration; -// BEGIN android-removed -//import java.util.Vector; -// END android-removed - -// BEGIN android-note -// Changed inheritence of class. -// END android-note - -public abstract class ASN1Sequence - extends ASN1Collection -{ - // BEGIN android-removed - // private Vector seq = new Vector(); - // END android-removed - - /** - * return an ASN1Sequence from the given object. - * - * @param obj the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static ASN1Sequence getInstance( - Object obj) - { - if (obj == null || obj instanceof ASN1Sequence) - { - return (ASN1Sequence)obj; - } - - throw new IllegalArgumentException("unknown object in getInstance"); - } - - /** - * Return an ASN1 sequence from a tagged object. There is a special - * case here, if an object appears to have been explicitly tagged on - * reading but we were expecting it to be implictly tagged in the - * normal course of events it indicates that we lost the surrounding - * sequence - so we need to add it back (this will happen if the tagged - * object is a sequence that contains other sequences). If you are - * dealing with implicitly tagged sequences you really <b>should</b> - * be using this method. - * - * @param obj the tagged object. - * @param explicit true if the object is meant to be explicitly tagged, - * false otherwise. - * @exception IllegalArgumentException if the tagged object cannot - * be converted. - */ - public static ASN1Sequence getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - if (explicit) - { - if (!obj.isExplicit()) - { - throw new IllegalArgumentException("object implicit - explicit expected."); - } - - return (ASN1Sequence)obj.getObject(); - } - else - { - // - // constructed object which appears to be explicitly tagged - // when it should be implicit means we have to add the - // surrounding sequence. - // - if (obj.isExplicit()) - { - if (obj instanceof BERTaggedObject) - { - return new BERSequence(obj.getObject()); - } - else - { - return new DERSequence(obj.getObject()); - } - } - else - { - if (obj.getObject() instanceof ASN1Sequence) - { - return (ASN1Sequence)obj.getObject(); - } - } - } - - throw new IllegalArgumentException( - "unknown object in getInstanceFromTagged"); - } - - // BEGIN android-removed - //public Enumeration getObjects() - //{ - // return seq.elements(); - //} - - ///** - // * return the object at the sequence postion indicated by index. - // * - // * @param index the sequence number (starting at zero) of the object - // * @return the object at the sequence postion indicated by index. - // */ - //public DEREncodable getObjectAt( - // int index) - //{ - // return (DEREncodable)seq.elementAt(index); - //} - - ///** - // * return the number of objects in this sequence. - // * - // * @return the number of objects in this sequence. - // */ - //public int size() - //{ - // return seq.size(); - //} - - //public int hashCode() - //{ - // Enumeration e = this.getObjects(); - // int hashCode = 0; - - // while (e.hasMoreElements()) - // { - // Object o = e.nextElement(); - // - // if (o != null) - // { - // hashCode ^= o.hashCode(); - // } - // } - - // return hashCode; - //} - // END android-removed - - public boolean equals( - Object o) - { - if (o == this) - { - return true; - } - - if (!(o instanceof DEREncodable)) - { - return false; - } - - DERObject dObj = ((DEREncodable)o).getDERObject(); - - if (!(dObj instanceof ASN1Sequence)) - { - return false; - } - - ASN1Sequence other = (ASN1Sequence)dObj; - - if (this.size() != other.size()) - { - return false; - } - - Enumeration s1 = this.getObjects(); - Enumeration s2 = other.getObjects(); - - while (s1.hasMoreElements()) - { - Object o1 = s1.nextElement(); - Object o2 = s2.nextElement(); - - if (o1 != null && o2 != null) - { - if (!o1.equals(o2)) - { - return false; - } - } - else if (o1 == null && o2 == null) - { - continue; - } - else - { - return false; - } - } - - return true; - } - - // BEGIN android-removed - //protected void addObject( - // DEREncodable obj) - //{ - // seq.addElement(obj); - //} - - //abstract void encode(DEROutputStream out) - // throws IOException; - - //public String toString() - //{ - // return seq.toString(); - //} - // END android-removed -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/ASN1Set.java b/luni/src/main/java/org/bouncycastle/asn1/ASN1Set.java deleted file mode 100644 index 9e6c55f..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/ASN1Set.java +++ /dev/null @@ -1,318 +0,0 @@ -package org.bouncycastle.asn1; - -// BEGIN android-removed -//import java.io.ByteArrayOutputStream; -//import java.io.IOException; -// END android-removed -import java.util.Enumeration; -// BEGIN android-removed -//import java.util.Vector; -// END android-removed; - -// BEGIN android-note -// Changed inheritence of class. -// END android-note - -abstract public class ASN1Set - extends ASN1Collection -{ - // BEGIN android-removed - //protected Vector set = new Vector(); - // END android-removed - - /** - * return an ASN1Set from the given object. - * - * @param obj the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static ASN1Set getInstance( - Object obj) - { - if (obj == null || obj instanceof ASN1Set) - { - return (ASN1Set)obj; - } - - throw new IllegalArgumentException("unknown object in getInstance"); - } - - /** - * Return an ASN1 set from a tagged object. There is a special - * case here, if an object appears to have been explicitly tagged on - * reading but we were expecting it to be implictly tagged in the - * normal course of events it indicates that we lost the surrounding - * set - so we need to add it back (this will happen if the tagged - * object is a sequence that contains other sequences). If you are - * dealing with implicitly tagged sets you really <b>should</b> - * be using this method. - * - * @param obj the tagged object. - * @param explicit true if the object is meant to be explicitly tagged - * false otherwise. - * @exception IllegalArgumentException if the tagged object cannot - * be converted. - */ - public static ASN1Set getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - if (explicit) - { - if (!obj.isExplicit()) - { - throw new IllegalArgumentException("object implicit - explicit expected."); - } - - return (ASN1Set)obj.getObject(); - } - else - { - // - // constructed object which appears to be explicitly tagged - // and it's really implicit means we have to add the - // surrounding sequence. - // - if (obj.isExplicit()) - { - ASN1Set set = new DERSet(obj.getObject()); - - return set; - } - else - { - if (obj.getObject() instanceof ASN1Set) - { - return (ASN1Set)obj.getObject(); - } - - // - // in this case the parser returns a sequence, convert it - // into a set. - // - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (obj.getObject() instanceof ASN1Sequence) - { - ASN1Sequence s = (ASN1Sequence)obj.getObject(); - Enumeration e = s.getObjects(); - - while (e.hasMoreElements()) - { - v.add((DEREncodable)e.nextElement()); - } - - return new DERSet(v, false); - } - } - } - - throw new IllegalArgumentException( - "unknown object in getInstanceFromTagged"); - } - - public ASN1Set() - { - } - - // BEGIN android-removed - //public Enumeration getObjects() - //{ - // return set.elements(); - //} - - ///** - // * return the object at the set postion indicated by index. - // * - // * @param index the set number (starting at zero) of the object - // * @return the object at the set postion indicated by index. - // */ - //public DEREncodable getObjectAt( - // int index) - //{ - // return (DEREncodable)set.elementAt(index); - //} - - ///** - // * return the number of objects in this set. - // * - // * @return the number of objects in this set. - // */ - //public int size() - //{ - // return set.size(); - //} - - //public int hashCode() - //{ - // Enumeration e = this.getObjects(); - // int hashCode = 0; - - // while (e.hasMoreElements()) - // { - // hashCode ^= e.nextElement().hashCode(); - // } - - // return hashCode; - //} - // END android-removed - - public boolean equals( - Object o) - { - if (o == this) - { - return true; - } - - if (!(o instanceof DEREncodable)) - { - return false; - } - - DERObject dObj = ((DEREncodable)o).getDERObject(); - - if (!(dObj instanceof ASN1Set)) - { - return false; - } - - ASN1Set other = (ASN1Set)dObj; - - if (this.size() != other.size()) - { - return false; - } - - Enumeration s1 = this.getObjects(); - Enumeration s2 = other.getObjects(); - - while (s1.hasMoreElements()) - { - if (!s1.nextElement().equals(s2.nextElement())) - { - return false; - } - } - - return true; - } - - // BEGIN android-removed - ///** - // * return true if a <= b (arrays are assumed padded with zeros). - // */ - //private boolean lessThanOrEqual( - // byte[] a, - // byte[] b) - //{ - // if (a.length <= b.length) - // { - // for (int i = 0; i != a.length; i++) - // { - // int l = a[i] & 0xff; - // int r = b[i] & 0xff; - // - // if (r > l) - // { - // return true; - // } - // else if (l > r) - // { - // return false; - // } - // } - - // return true; - // } - // else - // { - // for (int i = 0; i != b.length; i++) - // { - // int l = a[i] & 0xff; - // int r = b[i] & 0xff; - // - // if (r > l) - // { - // return true; - // } - // else if (l > r) - // { - // return false; - // } - // } - - // return false; - // } - //} - - //private byte[] getEncoded( - // DEREncodable obj) - //{ - // ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - // ASN1OutputStream aOut = new ASN1OutputStream(bOut); - - // try - // { - // aOut.writeObject(obj); - // } - // catch (IOException e) - // { - // throw new IllegalArgumentException("cannot encode object added to SET"); - // } - - // return bOut.toByteArray(); - //} - - //protected void sort() - //{ - // if (set.size() > 1) - // { - // boolean swapped = true; - - // while (swapped) - // { - // int index = 0; - // byte[] a = getEncoded((DEREncodable)set.elementAt(0)); - // - // swapped = false; - // - // while (index != set.size() - 1) - // { - // byte[] b = getEncoded((DEREncodable)set.elementAt(index + 1)); - - // if (lessThanOrEqual(a, b)) - // { - // a = b; - // } - // else - // { - // Object o = set.elementAt(index); - - // set.setElementAt(set.elementAt(index + 1), index); - // set.setElementAt(o, index + 1); - - // swapped = true; - // } - - // index++; - // } - // } - // } - //} - - //protected void addObject( - // DEREncodable obj) - //{ - // set.addElement(obj); - //} - - //abstract void encode(DEROutputStream out) - // throws IOException; - - //public String toString() - //{ - // return set.toString(); - //} - // END android-removed -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/ASN1TaggedObject.java b/luni/src/main/java/org/bouncycastle/asn1/ASN1TaggedObject.java deleted file mode 100644 index 5d6a2a4..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/ASN1TaggedObject.java +++ /dev/null @@ -1,177 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -/** - * ASN.1 TaggedObject - in ASN.1 nottation this is any object proceeded by - * a [n] where n is some number - these are assume to follow the construction - * rules (as with sequences). - */ -public abstract class ASN1TaggedObject - extends DERObject -{ - int tagNo; - boolean empty = false; - boolean explicit = true; - DEREncodable obj = null; - - static public ASN1TaggedObject getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - if (explicit) - { - return (ASN1TaggedObject)obj.getObject(); - } - - throw new IllegalArgumentException("implicitly tagged tagged object"); - } - - static public ASN1TaggedObject getInstance( - Object obj) - { - if (obj == null || obj instanceof ASN1TaggedObject) - { - return (ASN1TaggedObject)obj; - } - - throw new IllegalArgumentException("unknown object in getInstance"); - } - - /** - * Create a tagged object in the explicit style. - * - * @param tagNo the tag number for this object. - * @param obj the tagged object. - */ - public ASN1TaggedObject( - int tagNo, - DEREncodable obj) - { - this.explicit = true; - this.tagNo = tagNo; - this.obj = obj; - } - - /** - * Create a tagged object with the style given by the value of explicit. - * <p> - * If the object implements ASN1Choice the tag style will always be changed - * to explicit in accordance with the ASN.1 encoding rules. - * </p> - * @param explicit true if the object is explicitly tagged. - * @param tagNo the tag number for this object. - * @param obj the tagged object. - */ - public ASN1TaggedObject( - boolean explicit, - int tagNo, - DEREncodable obj) - { - if (obj instanceof ASN1Choice) - { - this.explicit = true; - } - else - { - this.explicit = explicit; - } - - this.tagNo = tagNo; - this.obj = obj; - } - - public boolean equals( - Object o) - { - if (!(o instanceof ASN1TaggedObject)) - { - return false; - } - - ASN1TaggedObject other = (ASN1TaggedObject)o; - - if (tagNo != other.tagNo || empty != other.empty || explicit != other.explicit) - { - return false; - } - - if(obj == null) - { - if(other.obj != null) - { - return false; - } - } - else - { - if(!(obj.equals(other.obj))) - { - return false; - } - } - - return true; - } - - public int hashCode() - { - int code = tagNo; - - if (obj != null) - { - code ^= obj.hashCode(); - } - - return code; - } - - public int getTagNo() - { - return tagNo; - } - - /** - * return whether or not the object may be explicitly tagged. - * <p> - * Note: if the object has been read from an input stream, the only - * time you can be sure if isExplicit is returning the true state of - * affairs is if it returns false. An implicitly tagged object may appear - * to be explicitly tagged, so you need to understand the context under - * which the reading was done as well, see getObject below. - */ - public boolean isExplicit() - { - return explicit; - } - - public boolean isEmpty() - { - return empty; - } - - /** - * return whatever was following the tag. - * <p> - * Note: tagged objects are generally context dependent if you're - * trying to extract a tagged object you should be going via the - * appropriate getInstance method. - */ - public DERObject getObject() - { - if (obj != null) - { - return obj.getDERObject(); - } - - return null; - } - - abstract void encode(DEROutputStream out) - throws IOException; - - public String toString() - { - return "[" + tagNo + "]" + obj; - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/BERConstructedOctetString.java b/luni/src/main/java/org/bouncycastle/asn1/BERConstructedOctetString.java deleted file mode 100644 index c9518a6..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/BERConstructedOctetString.java +++ /dev/null @@ -1,172 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.util.Enumeration; -import java.util.Vector; - -public class BERConstructedOctetString - extends DEROctetString -{ - /** - * convert a vector of octet strings into a single byte string - */ - static private byte[] toBytes( - Vector octs) - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - for (int i = 0; i != octs.size(); i++) - { - try - { - DEROctetString o = (DEROctetString)octs.elementAt(i); - - bOut.write(o.getOctets()); - } - catch (ClassCastException e) - { - throw new IllegalArgumentException(octs.elementAt(i).getClass().getName() + " found in input should only contain DEROctetString"); - } - catch (IOException e) - { - throw new IllegalArgumentException("exception converting octets " + e.toString()); - } - } - - return bOut.toByteArray(); - } - - private Vector octs; - - /** - * @param string the octets making up the octet string. - */ - public BERConstructedOctetString( - byte[] string) - { - super(string); - } - - public BERConstructedOctetString( - Vector octs) - { - super(toBytes(octs)); - - this.octs = octs; - } - - public BERConstructedOctetString( - DERObject obj) - { - super(obj); - } - - public BERConstructedOctetString( - DEREncodable obj) - { - super(obj.getDERObject()); - } - - public byte[] getOctets() - { - return string; - } - - /** - * return the DER octets that make up this string. - */ - public Enumeration getObjects() - { - if (octs == null) - { - return generateOcts().elements(); - } - - return octs.elements(); - } - - private Vector generateOcts() - { - int start = 0; - int end = 0; - Vector vec = new Vector(); - - while ((end + 1) < string.length) - { - if (string[end] == 0 && string[end + 1] == 0) - { - byte[] nStr = new byte[end - start + 1]; - - System.arraycopy(string, start, nStr, 0, nStr.length); - - vec.addElement(new DEROctetString(nStr)); - start = end + 1; - } - end++; - } - - byte[] nStr = new byte[string.length - start]; - - System.arraycopy(string, start, nStr, 0, nStr.length); - - vec.addElement(new DEROctetString(nStr)); - - return vec; - } - - public void encode( - DEROutputStream out) - throws IOException - { - if (out instanceof ASN1OutputStream || out instanceof BEROutputStream) - { - out.write(CONSTRUCTED | OCTET_STRING); - - out.write(0x80); - - // - // write out the octet array - // - if (octs != null) - { - for (int i = 0; i != octs.size(); i++) - { - out.writeObject(octs.elementAt(i)); - } - } - else - { - int start = 0; - int end = 0; - - while ((end + 1) < string.length) - { - if (string[end] == 0 && string[end + 1] == 0) - { - byte[] nStr = new byte[end - start + 1]; - - System.arraycopy(string, start, nStr, 0, nStr.length); - - out.writeObject(new DEROctetString(nStr)); - start = end + 1; - } - end++; - } - - byte[] nStr = new byte[string.length - start]; - - System.arraycopy(string, start, nStr, 0, nStr.length); - - out.writeObject(new DEROctetString(nStr)); - } - - out.write(0x00); - out.write(0x00); - } - else - { - super.encode(out); - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/BERConstructedSequence.java b/luni/src/main/java/org/bouncycastle/asn1/BERConstructedSequence.java deleted file mode 100644 index 998eaeb..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/BERConstructedSequence.java +++ /dev/null @@ -1,37 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; -import java.util.Enumeration; - -/** - * @deprecated use BERSequence - */ -public class BERConstructedSequence - extends DERConstructedSequence -{ - /* - */ - void encode( - DEROutputStream out) - throws IOException - { - if (out instanceof ASN1OutputStream || out instanceof BEROutputStream) - { - out.write(SEQUENCE | CONSTRUCTED); - out.write(0x80); - - Enumeration e = getObjects(); - while (e.hasMoreElements()) - { - out.writeObject(e.nextElement()); - } - - out.write(0x00); - out.write(0x00); - } - else - { - super.encode(out); - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/BERInputStream.java b/luni/src/main/java/org/bouncycastle/asn1/BERInputStream.java deleted file mode 100644 index 088f915..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/BERInputStream.java +++ /dev/null @@ -1,209 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.ByteArrayOutputStream; -import java.io.EOFException; -import java.io.IOException; -import java.io.InputStream; -import java.util.Vector; - -/** - * @deprecated use ASN1InputStream - */ -public class BERInputStream - extends DERInputStream -{ - private DERObject END_OF_STREAM = new DERObject() - { - void encode( - DEROutputStream out) - throws IOException - { - throw new IOException("Eeek!"); - } - public int hashCode() - { - return 0; - } - public boolean equals( - Object o) - { - return o == this; - } - }; - public BERInputStream( - InputStream is) - { - super(is); - } - - /** - * read a string of bytes representing an indefinite length object. - */ - private byte[] readIndefiniteLengthFully() - throws IOException - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - int b, b1; - - b1 = read(); - - while ((b = read()) >= 0) - { - if (b1 == 0 && b == 0) - { - break; - } - - bOut.write(b1); - b1 = b; - } - - return bOut.toByteArray(); - } - - private BERConstructedOctetString buildConstructedOctetString() - throws IOException - { - Vector octs = new Vector(); - - for (;;) - { - DERObject o = readObject(); - - if (o == END_OF_STREAM) - { - break; - } - - octs.addElement(o); - } - - return new BERConstructedOctetString(octs); - } - - public DERObject readObject() - throws IOException - { - int tag = read(); - if (tag == -1) - { - throw new EOFException(); - } - - int length = readLength(); - - if (length < 0) // indefinite length method - { - switch (tag) - { - case NULL: - return null; - case SEQUENCE | CONSTRUCTED: - BERConstructedSequence seq = new BERConstructedSequence(); - - for (;;) - { - DERObject obj = readObject(); - - if (obj == END_OF_STREAM) - { - break; - } - - seq.addObject(obj); - } - return seq; - case OCTET_STRING | CONSTRUCTED: - return buildConstructedOctetString(); - case SET | CONSTRUCTED: - ASN1EncodableVector v = new ASN1EncodableVector(); - - for (;;) - { - DERObject obj = readObject(); - - if (obj == END_OF_STREAM) - { - break; - } - - v.add(obj); - } - return new BERSet(v); - default: - // - // with tagged object tag number is bottom 5 bits - // - if ((tag & TAGGED) != 0) - { - if ((tag & 0x1f) == 0x1f) - { - throw new IOException("unsupported high tag encountered"); - } - - // - // simple type - implicit... return an octet string - // - if ((tag & CONSTRUCTED) == 0) - { - byte[] bytes = readIndefiniteLengthFully(); - - return new BERTaggedObject(false, tag & 0x1f, new DEROctetString(bytes)); - } - - // - // either constructed or explicitly tagged - // - DERObject dObj = readObject(); - - if (dObj == END_OF_STREAM) // empty tag! - { - return new DERTaggedObject(tag & 0x1f); - } - - DERObject next = readObject(); - - // - // explicitly tagged (probably!) - if it isn't we'd have to - // tell from the context - // - if (next == END_OF_STREAM) - { - return new BERTaggedObject(tag & 0x1f, dObj); - } - - // - // another implicit object, we'll create a sequence... - // - seq = new BERConstructedSequence(); - - seq.addObject(dObj); - - do - { - seq.addObject(next); - next = readObject(); - } - while (next != END_OF_STREAM); - - return new BERTaggedObject(false, tag & 0x1f, seq); - } - - throw new IOException("unknown BER object encountered"); - } - } - else - { - if (tag == 0 && length == 0) // end of contents marker. - { - return END_OF_STREAM; - } - - byte[] bytes = new byte[length]; - - readFully(bytes); - - return buildObject(tag, bytes); - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/BERNull.java b/luni/src/main/java/org/bouncycastle/asn1/BERNull.java deleted file mode 100644 index 697dd4b..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/BERNull.java +++ /dev/null @@ -1,35 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -/** - * A BER NULL object. - */ -public class BERNull - extends DERNull -{ - // BEGIN android-added - /** non-null; unique instance of this class */ - static public final BERNull THE_ONE = new BERNull(); - // END android-added - - // BEGIN android-changed - private BERNull() - { - } - // END android-changed - - void encode( - DEROutputStream out) - throws IOException - { - if (out instanceof ASN1OutputStream || out instanceof BEROutputStream) - { - out.write(NULL); - } - else - { - super.encode(out); - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/BEROutputStream.java b/luni/src/main/java/org/bouncycastle/asn1/BEROutputStream.java deleted file mode 100644 index c2e8da4..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/BEROutputStream.java +++ /dev/null @@ -1,36 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; -import java.io.OutputStream; - -public class BEROutputStream - extends DEROutputStream -{ - public BEROutputStream( - OutputStream os) - { - super(os); - } - - public void writeObject( - Object obj) - throws IOException - { - if (obj == null) - { - writeNull(); - } - else if (obj instanceof DERObject) - { - ((DERObject)obj).encode(this); - } - else if (obj instanceof DEREncodable) - { - ((DEREncodable)obj).getDERObject().encode(this); - } - else - { - throw new IOException("object not BEREncodable"); - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/BERSequence.java b/luni/src/main/java/org/bouncycastle/asn1/BERSequence.java deleted file mode 100644 index c389fa8..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/BERSequence.java +++ /dev/null @@ -1,59 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; -import java.util.Enumeration; - -public class BERSequence - extends DERSequence -{ - /** - * create an empty sequence - */ - public BERSequence() - { - } - - /** - * create a sequence containing one object - */ - public BERSequence( - DEREncodable obj) - { - super(obj); - } - - /** - * create a sequence containing a vector of objects. - */ - public BERSequence( - DEREncodableVector v) - { - super(v); - } - - /* - */ - void encode( - DEROutputStream out) - throws IOException - { - if (out instanceof ASN1OutputStream || out instanceof BEROutputStream) - { - out.write(SEQUENCE | CONSTRUCTED); - out.write(0x80); - - Enumeration e = getObjects(); - while (e.hasMoreElements()) - { - out.writeObject(e.nextElement()); - } - - out.write(0x00); - out.write(0x00); - } - else - { - super.encode(out); - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/BERSet.java b/luni/src/main/java/org/bouncycastle/asn1/BERSet.java deleted file mode 100644 index 1ccf0fd..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/BERSet.java +++ /dev/null @@ -1,69 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; -import java.util.Enumeration; - -public class BERSet - extends DERSet -{ - /** - * create an empty sequence - */ - public BERSet() - { - } - - /** - * create a set containing one object - */ - public BERSet( - DEREncodable obj) - { - super(obj); - } - - /** - * @param v - a vector of objects making up the set. - */ - public BERSet( - DEREncodableVector v) - { - super(v, false); - } - - /** - * @param v - a vector of objects making up the set. - */ - BERSet( - DEREncodableVector v, - boolean needsSorting) - { - super(v, needsSorting); - } - - /* - */ - void encode( - DEROutputStream out) - throws IOException - { - if (out instanceof ASN1OutputStream || out instanceof BEROutputStream) - { - out.write(SET | CONSTRUCTED); - out.write(0x80); - - Enumeration e = getObjects(); - while (e.hasMoreElements()) - { - out.writeObject(e.nextElement()); - } - - out.write(0x00); - out.write(0x00); - } - else - { - super.encode(out); - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/BERTaggedObject.java b/luni/src/main/java/org/bouncycastle/asn1/BERTaggedObject.java deleted file mode 100644 index 2e06c40..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/BERTaggedObject.java +++ /dev/null @@ -1,119 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; -import java.util.Enumeration; - -/** - * BER TaggedObject - in ASN.1 nottation this is any object proceeded by - * a [n] where n is some number - these are assume to follow the construction - * rules (as with sequences). - */ -public class BERTaggedObject - extends DERTaggedObject -{ - /** - * @param tagNo the tag number for this object. - * @param obj the tagged object. - */ - public BERTaggedObject( - int tagNo, - DEREncodable obj) - { - super(tagNo, obj); - } - - /** - * @param explicit true if an explicitly tagged object. - * @param tagNo the tag number for this object. - * @param obj the tagged object. - */ - public BERTaggedObject( - boolean explicit, - int tagNo, - DEREncodable obj) - { - super(explicit, tagNo, obj); - } - - /** - * create an implicitly tagged object that contains a zero - * length sequence. - */ - public BERTaggedObject( - int tagNo) - { - super(false, tagNo, new BERSequence()); - } - - void encode( - DEROutputStream out) - throws IOException - { - if (out instanceof ASN1OutputStream || out instanceof BEROutputStream) - { - out.write(CONSTRUCTED | TAGGED | tagNo); - out.write(0x80); - - if (!empty) - { - if (!explicit) - { - if (obj instanceof ASN1OctetString) - { - Enumeration e; - - if (obj instanceof BERConstructedOctetString) - { - e = ((BERConstructedOctetString)obj).getObjects(); - } - else - { - ASN1OctetString octs = (ASN1OctetString)obj; - BERConstructedOctetString berO = new BERConstructedOctetString(octs.getOctets()); - - e = berO.getObjects(); - } - - while (e.hasMoreElements()) - { - out.writeObject(e.nextElement()); - } - } - else if (obj instanceof ASN1Sequence) - { - Enumeration e = ((ASN1Sequence)obj).getObjects(); - - while (e.hasMoreElements()) - { - out.writeObject(e.nextElement()); - } - } - else if (obj instanceof ASN1Set) - { - Enumeration e = ((ASN1Set)obj).getObjects(); - - while (e.hasMoreElements()) - { - out.writeObject(e.nextElement()); - } - } - else - { - throw new RuntimeException("not implemented: " + obj.getClass().getName()); - } - } - else - { - out.writeObject(obj); - } - } - - out.write(0x00); - out.write(0x00); - } - else - { - super.encode(out); - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/DERApplicationSpecific.java b/luni/src/main/java/org/bouncycastle/asn1/DERApplicationSpecific.java deleted file mode 100644 index ad4f9ed..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/DERApplicationSpecific.java +++ /dev/null @@ -1,110 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; - -/** - * Base class for an application specific object - */ -public class DERApplicationSpecific - extends DERObject -{ - private int tag; - private byte[] octets; - - public DERApplicationSpecific( - int tag, - byte[] octets) - { - this.tag = tag; - this.octets = octets; - } - - public DERApplicationSpecific( - int tag, - DEREncodable object) - throws IOException - { - this.tag = tag | DERTags.CONSTRUCTED; - - ByteArrayOutputStream baos = new ByteArrayOutputStream(); - DEROutputStream dos = new DEROutputStream(baos); - - dos.writeObject(object); - - this.octets = baos.toByteArray(); - } - - public boolean isConstructed() - { - return (tag & DERTags.CONSTRUCTED) != 0; - } - - public byte[] getContents() - { - return octets; - } - - public int getApplicationTag() - { - return tag & 0x1F; - } - - public DERObject getObject() - throws IOException - { - return new ASN1InputStream(getContents()).readObject(); - } - - /* (non-Javadoc) - * @see org.bouncycastle.asn1.DERObject#encode(org.bouncycastle.asn1.DEROutputStream) - */ - void encode(DEROutputStream out) throws IOException - { - out.writeEncoded(DERTags.APPLICATION | tag, octets); - } - - public boolean equals( - Object o) - { - if ((o == null) || !(o instanceof DERApplicationSpecific)) - { - return false; - } - - DERApplicationSpecific other = (DERApplicationSpecific)o; - - if (tag != other.tag) - { - return false; - } - - if (octets.length != other.octets.length) - { - return false; - } - - for (int i = 0; i < octets.length; i++) - { - if (octets[i] != other.octets[i]) - { - return false; - } - } - - return true; - } - - public int hashCode() - { - byte[] b = this.getContents(); - int value = 0; - - for (int i = 0; i != b.length; i++) - { - value ^= (b[i] & 0xff) << (i % 4); - } - - return value ^ this.getApplicationTag(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/DERBMPString.java b/luni/src/main/java/org/bouncycastle/asn1/DERBMPString.java deleted file mode 100644 index 77ed252..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/DERBMPString.java +++ /dev/null @@ -1,121 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -/** - * DER BMPString object. - */ -public class DERBMPString - extends DERObject - implements DERString -{ - String string; - - /** - * return a BMP String from the given object. - * - * @param obj the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static DERBMPString getInstance( - Object obj) - { - if (obj == null || obj instanceof DERBMPString) - { - return (DERBMPString)obj; - } - - if (obj instanceof ASN1OctetString) - { - return new DERBMPString(((ASN1OctetString)obj).getOctets()); - } - - if (obj instanceof ASN1TaggedObject) - { - return getInstance(((ASN1TaggedObject)obj).getObject()); - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - /** - * return a BMP String from a tagged object. - * - * @param obj the tagged object holding the object we want - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the tagged object cannot - * be converted. - */ - public static DERBMPString getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(obj.getObject()); - } - - - /** - * basic constructor - byte encoded string. - */ - public DERBMPString( - byte[] string) - { - char[] cs = new char[string.length / 2]; - - for (int i = 0; i != cs.length; i++) - { - cs[i] = (char)((string[2 * i] << 8) | (string[2 * i + 1] & 0xff)); - } - - this.string = new String(cs); - } - - /** - * basic constructor - */ - public DERBMPString( - String string) - { - this.string = string; - } - - public String getString() - { - return string; - } - - public int hashCode() - { - return this.getString().hashCode(); - } - - public boolean equals( - Object o) - { - if (!(o instanceof DERBMPString)) - { - return false; - } - - DERBMPString s = (DERBMPString)o; - - return this.getString().equals(s.getString()); - } - - void encode( - DEROutputStream out) - throws IOException - { - char[] c = string.toCharArray(); - byte[] b = new byte[c.length * 2]; - - for (int i = 0; i != c.length; i++) - { - b[2 * i] = (byte)(c[i] >> 8); - b[2 * i + 1] = (byte)c[i]; - } - - out.writeEncoded(BMP_STRING, b); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/DERBitString.java b/luni/src/main/java/org/bouncycastle/asn1/DERBitString.java deleted file mode 100644 index 367a297..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/DERBitString.java +++ /dev/null @@ -1,289 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; - -public class DERBitString - extends DERObject - implements DERString -{ - private static final char[] table = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' }; - - protected byte[] data; - protected int padBits; - - /** - * return the correct number of pad bits for a bit string defined in - * a 32 bit constant - */ - static protected int getPadBits( - int bitString) - { - int val = 0; - for (int i = 3; i >= 0; i--) - { - // - // this may look a little odd, but if it isn't done like this pre jdk1.2 - // JVM's break! - // - if (i != 0) - { - if ((bitString >> (i * 8)) != 0) - { - val = (bitString >> (i * 8)) & 0xFF; - break; - } - } - else - { - if (bitString != 0) - { - val = bitString & 0xFF; - break; - } - } - } - - if (val == 0) - { - return 7; - } - - - int bits = 1; - - while (((val <<= 1) & 0xFF) != 0) - { - bits++; - } - - return 8 - bits; - } - - /** - * return the correct number of bytes for a bit string defined in - * a 32 bit constant - */ - static protected byte[] getBytes(int bitString) - { - int bytes = 4; - for (int i = 3; i >= 1; i--) - { - if ((bitString & (0xFF << (i * 8))) != 0) - { - break; - } - bytes--; - } - - byte[] result = new byte[bytes]; - for (int i = 0; i < bytes; i++) - { - result[i] = (byte) ((bitString >> (i * 8)) & 0xFF); - } - - return result; - } - - /** - * return a Bit String from the passed in object - * - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static DERBitString getInstance( - Object obj) - { - if (obj == null || obj instanceof DERBitString) - { - return (DERBitString)obj; - } - - if (obj instanceof ASN1OctetString) - { - byte[] bytes = ((ASN1OctetString)obj).getOctets(); - int padBits = bytes[0]; - byte[] data = new byte[bytes.length - 1]; - - System.arraycopy(bytes, 1, data, 0, bytes.length - 1); - - return new DERBitString(data, padBits); - } - - if (obj instanceof ASN1TaggedObject) - { - return getInstance(((ASN1TaggedObject)obj).getObject()); - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - /** - * return a Bit String from a tagged object. - * - * @param obj the tagged object holding the object we want - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the tagged object cannot - * be converted. - */ - public static DERBitString getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(obj.getObject()); - } - - protected DERBitString( - byte data, - int padBits) - { - this.data = new byte[1]; - this.data[0] = data; - this.padBits = padBits; - } - - /** - * @param data the octets making up the bit string. - * @param padBits the number of extra bits at the end of the string. - */ - public DERBitString( - byte[] data, - int padBits) - { - this.data = data; - this.padBits = padBits; - } - - public DERBitString( - byte[] data) - { - this(data, 0); - } - - public DERBitString( - DEREncodable obj) - { - try - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - - dOut.writeObject(obj); - dOut.close(); - - this.data = bOut.toByteArray(); - this.padBits = 0; - } - catch (IOException e) - { - throw new IllegalArgumentException("Error processing object : " + e.toString()); - } - } - - public byte[] getBytes() - { - return data; - } - - public int getPadBits() - { - return padBits; - } - - - /** - * @return the value of the bit string as an int (truncating if necessary) - */ - public int intValue() - { - int value = 0; - - for (int i = 0; i != data.length && i != 4; i++) - { - value |= (data[i] & 0xff) << (8 * i); - } - - return value; - } - - void encode( - DEROutputStream out) - throws IOException - { - byte[] bytes = new byte[getBytes().length + 1]; - - bytes[0] = (byte)getPadBits(); - System.arraycopy(getBytes(), 0, bytes, 1, bytes.length - 1); - - out.writeEncoded(BIT_STRING, bytes); - } - - public int hashCode() - { - int value = 0; - - for (int i = 0; i != data.length; i++) - { - value ^= (data[i] & 0xff) << (i % 4); - } - - return value; - } - - public boolean equals( - Object o) - { - if (!(o instanceof DERBitString)) - { - return false; - } - - DERBitString other = (DERBitString)o; - - if (data.length != other.data.length) - { - return false; - } - - for (int i = 0; i != data.length; i++) - { - if (data[i] != other.data[i]) - { - return false; - } - } - - return (padBits == other.padBits); - } - - public String getString() - { - StringBuffer buf = new StringBuffer("#"); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - ASN1OutputStream aOut = new ASN1OutputStream(bOut); - - try - { - aOut.writeObject(this); - } - catch (IOException e) - { - throw new RuntimeException("internal error encoding BitString"); - } - - byte[] string = bOut.toByteArray(); - - for (int i = 0; i != string.length; i++) - { - buf.append(table[(string[i] >>> 4) % 0xf]); - buf.append(table[string[i] & 0xf]); - } - - return buf.toString(); - } - - public String toString() - { - return getString(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/DERBoolean.java b/luni/src/main/java/org/bouncycastle/asn1/DERBoolean.java deleted file mode 100644 index 2aa93f1..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/DERBoolean.java +++ /dev/null @@ -1,132 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -public class DERBoolean - extends DERObject -{ - // BEGIN android-changed - private final byte value; - // END android-changed - - public static final DERBoolean FALSE = new DERBoolean(false); - public static final DERBoolean TRUE = new DERBoolean(true); - - /** - * return a boolean from the passed in object. - * - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static DERBoolean getInstance( - Object obj) - { - if (obj == null || obj instanceof DERBoolean) - { - return (DERBoolean)obj; - } - - if (obj instanceof ASN1OctetString) - { - // BEGIN android-changed - return getInstance(((ASN1OctetString)obj).getOctets()); - // END android-changed - } - - if (obj instanceof ASN1TaggedObject) - { - return getInstance(((ASN1TaggedObject)obj).getObject()); - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - /** - * return a DERBoolean from the passed in boolean. - */ - public static DERBoolean getInstance( - boolean value) - { - return (value ? TRUE : FALSE); - } - - // BEGIN android-added - /** - * return a DERBoolean from the passed in array. - */ - public static DERBoolean getInstance( - byte[] octets) - { - return (octets[0] != 0) ? TRUE : FALSE; - } - // END android-added - - /** - * return a Boolean from a tagged object. - * - * @param obj the tagged object holding the object we want - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the tagged object cannot - * be converted. - */ - public static DERBoolean getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(obj.getObject()); - } - - // BEGIN android-removed - //private DERBoolean( - // byte[] value) - //{ - // this.value = value[0]; - //} - // END android-removed - - // BEGIN android-changed - private DERBoolean( - boolean value) - { - this.value = (value) ? (byte)0xff : (byte)0; - } - // END android-changed - - public boolean isTrue() - { - return (value != 0); - } - - void encode( - DEROutputStream out) - throws IOException - { - byte[] bytes = new byte[1]; - - bytes[0] = value; - - out.writeEncoded(BOOLEAN, bytes); - } - - public boolean equals( - Object o) - { - if ((o == null) || !(o instanceof DERBoolean)) - { - return false; - } - - return (value == ((DERBoolean)o).value); - } - - public int hashCode() - { - return value; - } - - - public String toString() - { - return (value != 0) ? "TRUE" : "FALSE"; - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/DERConstructedSequence.java b/luni/src/main/java/org/bouncycastle/asn1/DERConstructedSequence.java deleted file mode 100644 index 99a493e..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/DERConstructedSequence.java +++ /dev/null @@ -1,53 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.util.Enumeration; - -/** - * @deprecated use DERSequence. - */ -public class DERConstructedSequence - extends ASN1Sequence -{ - public void addObject( - DEREncodable obj) - { - super.addObject(obj); - } - - public int getSize() - { - return size(); - } - - /* - * A note on the implementation: - * <p> - * As DER requires the constructed, definite-length model to - * be used for structured types, this varies slightly from the - * ASN.1 descriptions given. Rather than just outputing SEQUENCE, - * we also have to specify CONSTRUCTED, and the objects length. - */ - void encode( - DEROutputStream out) - throws IOException - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - Enumeration e = this.getObjects(); - - while (e.hasMoreElements()) - { - Object obj = e.nextElement(); - - dOut.writeObject(obj); - } - - dOut.close(); - - byte[] bytes = bOut.toByteArray(); - - out.writeEncoded(SEQUENCE | CONSTRUCTED, bytes); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/DERConstructedSet.java b/luni/src/main/java/org/bouncycastle/asn1/DERConstructedSet.java deleted file mode 100644 index 695cef3..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/DERConstructedSet.java +++ /dev/null @@ -1,79 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.util.Enumeration; - -/** - * - * @deprecated use DERSet - */ -public class DERConstructedSet - extends ASN1Set -{ - public DERConstructedSet() - { - } - - /** - * @param obj - a single object that makes up the set. - */ - public DERConstructedSet( - DEREncodable obj) - { - this.addObject(obj); - } - - /** - * @param v - a vector of objects making up the set. - */ - public DERConstructedSet( - DEREncodableVector v) - { - for (int i = 0; i != v.size(); i++) - { - this.addObject(v.get(i)); - } - } - - public void addObject( - DEREncodable obj) - { - super.addObject(obj); - } - - public int getSize() - { - return size(); - } - - /* - * A note on the implementation: - * <p> - * As DER requires the constructed, definite-length model to - * be used for structured types, this varies slightly from the - * ASN.1 descriptions given. Rather than just outputing SET, - * we also have to specify CONSTRUCTED, and the objects length. - */ - void encode( - DEROutputStream out) - throws IOException - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - Enumeration e = this.getObjects(); - - while (e.hasMoreElements()) - { - Object obj = e.nextElement(); - - dOut.writeObject(obj); - } - - dOut.close(); - - byte[] bytes = bOut.toByteArray(); - - out.writeEncoded(SET | CONSTRUCTED, bytes); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/DEREncodable.java b/luni/src/main/java/org/bouncycastle/asn1/DEREncodable.java deleted file mode 100644 index d89305a..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/DEREncodable.java +++ /dev/null @@ -1,6 +0,0 @@ -package org.bouncycastle.asn1; - -public interface DEREncodable -{ - public DERObject getDERObject(); -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/DEREncodableVector.java b/luni/src/main/java/org/bouncycastle/asn1/DEREncodableVector.java deleted file mode 100644 index 49f3a17..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/DEREncodableVector.java +++ /dev/null @@ -1,30 +0,0 @@ -package org.bouncycastle.asn1; - -import java.util.Vector; - -/** - * a general class for building up a vector of DER encodable objects - - * this will eventually be superceded by ASN1EncodableVector so you should - * use that class in preference. - */ -public class DEREncodableVector -{ - private Vector v = new Vector(); - - public void add( - DEREncodable obj) - { - v.addElement(obj); - } - - public DEREncodable get( - int i) - { - return (DEREncodable)v.elementAt(i); - } - - public int size() - { - return v.size(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/DEREnumerated.java b/luni/src/main/java/org/bouncycastle/asn1/DEREnumerated.java deleted file mode 100644 index 170fd97..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/DEREnumerated.java +++ /dev/null @@ -1,113 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; -import java.math.BigInteger; - -public class DEREnumerated - extends DERObject -{ - byte[] bytes; - - /** - * return an integer from the passed in object - * - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static DEREnumerated getInstance( - Object obj) - { - if (obj == null || obj instanceof DEREnumerated) - { - return (DEREnumerated)obj; - } - - if (obj instanceof ASN1OctetString) - { - return new DEREnumerated(((ASN1OctetString)obj).getOctets()); - } - - if (obj instanceof ASN1TaggedObject) - { - return getInstance(((ASN1TaggedObject)obj).getObject()); - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - /** - * return an Enumerated from a tagged object. - * - * @param obj the tagged object holding the object we want - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the tagged object cannot - * be converted. - */ - public static DEREnumerated getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(obj.getObject()); - } - - public DEREnumerated( - int value) - { - bytes = BigInteger.valueOf(value).toByteArray(); - } - - public DEREnumerated( - BigInteger value) - { - bytes = value.toByteArray(); - } - - public DEREnumerated( - byte[] bytes) - { - this.bytes = bytes; - } - - public BigInteger getValue() - { - return new BigInteger(bytes); - } - - void encode( - DEROutputStream out) - throws IOException - { - out.writeEncoded(ENUMERATED, bytes); - } - - public boolean equals( - Object o) - { - if (!(o instanceof DEREnumerated)) - { - return false; - } - - DEREnumerated other = (DEREnumerated)o; - - if (bytes.length != other.bytes.length) - { - return false; - } - - for (int i = 0; i != bytes.length; i++) - { - if (bytes[i] != other.bytes[i]) - { - return false; - } - } - - return true; - } - - public int hashCode() - { - return this.getValue().hashCode(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/DERGeneralString.java b/luni/src/main/java/org/bouncycastle/asn1/DERGeneralString.java deleted file mode 100644 index c93fe96..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/DERGeneralString.java +++ /dev/null @@ -1,87 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -public class DERGeneralString - extends DERObject implements DERString -{ - private String string; - - public static DERGeneralString getInstance( - Object obj) - { - if (obj == null || obj instanceof DERGeneralString) - { - return (DERGeneralString) obj; - } - if (obj instanceof ASN1OctetString) - { - return new DERGeneralString(((ASN1OctetString) obj).getOctets()); - } - if (obj instanceof ASN1TaggedObject) - { - return getInstance(((ASN1TaggedObject) obj).getObject()); - } - throw new IllegalArgumentException("illegal object in getInstance: " - + obj.getClass().getName()); - } - - public static DERGeneralString getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(obj.getObject()); - } - - public DERGeneralString(byte[] string) - { - char[] cs = new char[string.length]; - for (int i = 0; i != cs.length; i++) - { - cs[i] = (char)(string[i] & 0xff); - } - this.string = new String(cs); - } - - public DERGeneralString(String string) - { - this.string = string; - } - - public String getString() - { - return string; - } - - public byte[] getOctets() - { - char[] cs = string.toCharArray(); - byte[] bs = new byte[cs.length]; - for (int i = 0; i != cs.length; i++) - { - bs[i] = (byte) cs[i]; - } - return bs; - } - - void encode(DEROutputStream out) - throws IOException - { - out.writeEncoded(GENERAL_STRING, this.getOctets()); - } - - public int hashCode() - { - return this.getString().hashCode(); - } - - public boolean equals(Object o) - { - if (!(o instanceof DERGeneralString)) - { - return false; - } - DERGeneralString s = (DERGeneralString) o; - return this.getString().equals(s.getString()); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/DERGeneralizedTime.java b/luni/src/main/java/org/bouncycastle/asn1/DERGeneralizedTime.java deleted file mode 100644 index c70574b..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/DERGeneralizedTime.java +++ /dev/null @@ -1,202 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; -import java.text.ParseException; -import java.text.SimpleDateFormat; -import java.util.Date; -import java.util.SimpleTimeZone; - -/** - * Generalized time object. - */ -public class DERGeneralizedTime - extends DERObject -{ - String time; - - /** - * return a generalized time from the passed in object - * - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static DERGeneralizedTime getInstance( - Object obj) - { - if (obj == null || obj instanceof DERGeneralizedTime) - { - return (DERGeneralizedTime)obj; - } - - if (obj instanceof ASN1OctetString) - { - return new DERGeneralizedTime(((ASN1OctetString)obj).getOctets()); - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - /** - * return a Generalized Time object from a tagged object. - * - * @param obj the tagged object holding the object we want - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the tagged object cannot - * be converted. - */ - public static DERGeneralizedTime getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(obj.getObject()); - } - - /** - * The correct format for this is YYYYMMDDHHMMSSZ, or without the Z - * for local time, or Z+-HHMM on the end, for difference between local - * time and UTC time. - * <p> - * - * @param time the time string. - */ - public DERGeneralizedTime( - String time) - { - this.time = time; - } - - /** - * base constructer from a java.util.date object - */ - public DERGeneralizedTime( - Date time) - { - SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'"); - - dateF.setTimeZone(new SimpleTimeZone(0,"Z")); - - this.time = dateF.format(time); - } - - DERGeneralizedTime( - byte[] bytes) - { - // - // explicitly convert to characters - // - char[] dateC = new char[bytes.length]; - - for (int i = 0; i != dateC.length; i++) - { - dateC[i] = (char)(bytes[i] & 0xff); - } - - this.time = new String(dateC); - } - - /** - * return the time - always in the form of - * YYYYMMDDhhmmssGMT(+hh:mm|-hh:mm). - * <p> - * Normally in a certificate we would expect "Z" rather than "GMT", - * however adding the "GMT" means we can just use: - * <pre> - * dateF = new SimpleDateFormat("yyyyMMddHHmmssz"); - * </pre> - * To read in the time and get a date which is compatible with our local - * time zone. - */ - public String getTime() - { - // - // standardise the format. - // - if (time.charAt(time.length() - 1) == 'Z') - { - return time.substring(0, time.length() - 1) + "GMT+00:00"; - } - else - { - int signPos = time.length() - 5; - char sign = time.charAt(signPos); - if (sign == '-' || sign == '+') - { - return time.substring(0, signPos) - + "GMT" - + time.substring(signPos, signPos + 3) - + ":" - + time.substring(signPos + 3); - } - else - { - signPos = time.length() - 3; - sign = time.charAt(signPos); - if (sign == '-' || sign == '+') - { - return time.substring(0, signPos) - + "GMT" - + time.substring(signPos) - + ":00"; - } - } - } - - return time; - } - - public Date getDate() - throws ParseException - { - SimpleDateFormat dateF; - - if (time.indexOf('.') == 14) - { - dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSS'Z'"); - } - else - { - dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'"); - } - - dateF.setTimeZone(new SimpleTimeZone(0, "Z")); - - return dateF.parse(time); - } - - private byte[] getOctets() - { - char[] cs = time.toCharArray(); - byte[] bs = new byte[cs.length]; - - for (int i = 0; i != cs.length; i++) - { - bs[i] = (byte)cs[i]; - } - - return bs; - } - - - void encode( - DEROutputStream out) - throws IOException - { - out.writeEncoded(GENERALIZED_TIME, this.getOctets()); - } - - public boolean equals( - Object o) - { - if ((o == null) || !(o instanceof DERGeneralizedTime)) - { - return false; - } - - return time.equals(((DERGeneralizedTime)o).time); - } - - public int hashCode() - { - return time.hashCode(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/DERIA5String.java b/luni/src/main/java/org/bouncycastle/asn1/DERIA5String.java deleted file mode 100644 index a75ab1e..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/DERIA5String.java +++ /dev/null @@ -1,123 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -/** - * DER IA5String object - this is an ascii string. - */ -public class DERIA5String - extends DERObject - implements DERString -{ - String string; - - /** - * return a IA5 string from the passed in object - * - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static DERIA5String getInstance( - Object obj) - { - if (obj == null || obj instanceof DERIA5String) - { - return (DERIA5String)obj; - } - - if (obj instanceof ASN1OctetString) - { - return new DERIA5String(((ASN1OctetString)obj).getOctets()); - } - - if (obj instanceof ASN1TaggedObject) - { - return getInstance(((ASN1TaggedObject)obj).getObject()); - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - /** - * return an IA5 String from a tagged object. - * - * @param obj the tagged object holding the object we want - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the tagged object cannot - * be converted. - */ - public static DERIA5String getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(obj.getObject()); - } - - /** - * basic constructor - with bytes. - */ - public DERIA5String( - byte[] string) - { - char[] cs = new char[string.length]; - - for (int i = 0; i != cs.length; i++) - { - cs[i] = (char)(string[i] & 0xff); - } - - this.string = new String(cs); - } - - /** - * basic constructor - with string. - */ - public DERIA5String( - String string) - { - this.string = string; - } - - public String getString() - { - return string; - } - - public byte[] getOctets() - { - char[] cs = string.toCharArray(); - byte[] bs = new byte[cs.length]; - - for (int i = 0; i != cs.length; i++) - { - bs[i] = (byte)cs[i]; - } - - return bs; - } - - void encode( - DEROutputStream out) - throws IOException - { - out.writeEncoded(IA5_STRING, this.getOctets()); - } - - public int hashCode() - { - return this.getString().hashCode(); - } - - public boolean equals( - Object o) - { - if (!(o instanceof DERIA5String)) - { - return false; - } - - DERIA5String s = (DERIA5String)o; - - return this.getString().equals(s.getString()); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/DERInputStream.java b/luni/src/main/java/org/bouncycastle/asn1/DERInputStream.java deleted file mode 100644 index 37763e4..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/DERInputStream.java +++ /dev/null @@ -1,276 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.ByteArrayInputStream; -import java.io.EOFException; -import java.io.FilterInputStream; -import java.io.IOException; -import java.io.InputStream; - -/** - * Don't use this class. It will eventually disappear, use ASN1InputStream. - * <br> - * This class is scheduled for removal. - * @deprecated use ASN1InputStream - */ -public class DERInputStream - extends FilterInputStream implements DERTags -{ - /** - * @deprecated use ASN1InputStream - */ - public DERInputStream( - InputStream is) - { - super(is); - } - - protected int readLength() - throws IOException - { - int length = read(); - if (length < 0) - { - throw new IOException("EOF found when length expected"); - } - - if (length == 0x80) - { - return -1; // indefinite-length encoding - } - - if (length > 127) - { - int size = length & 0x7f; - - if (size > 4) - { - throw new IOException("DER length more than 4 bytes"); - } - - length = 0; - for (int i = 0; i < size; i++) - { - int next = read(); - - if (next < 0) - { - throw new IOException("EOF found reading length"); - } - - length = (length << 8) + next; - } - - if (length < 0) - { - throw new IOException("corrupted steam - negative length found"); - } - } - - return length; - } - - protected void readFully( - byte[] bytes) - throws IOException - { - int left = bytes.length; - - if (left == 0) - { - return; - } - - while (left > 0) - { - int l = read(bytes, bytes.length - left, left); - - if (l < 0) - { - throw new EOFException("unexpected end of stream"); - } - - left -= l; - } - } - - /** - * build an object given its tag and a byte stream to construct it - * from. - */ - protected DERObject buildObject( - int tag, - byte[] bytes) - throws IOException - { - switch (tag) - { - case NULL: - return null; - case SEQUENCE | CONSTRUCTED: - ByteArrayInputStream bIn = new ByteArrayInputStream(bytes); - BERInputStream dIn = new BERInputStream(bIn); - DERConstructedSequence seq = new DERConstructedSequence(); - - try - { - for (;;) - { - DERObject obj = dIn.readObject(); - - seq.addObject(obj); - } - } - catch (EOFException ex) - { - return seq; - } - case SET | CONSTRUCTED: - bIn = new ByteArrayInputStream(bytes); - dIn = new BERInputStream(bIn); - - ASN1EncodableVector v = new ASN1EncodableVector(); - - try - { - for (;;) - { - DERObject obj = dIn.readObject(); - - v.add(obj); - } - } - catch (EOFException ex) - { - return new DERConstructedSet(v); - } - case BOOLEAN: - // BEGIN android-changed - return DERBoolean.getInstance(bytes); - // BEGIN android-changed - case INTEGER: - return new DERInteger(bytes); - case ENUMERATED: - return new DEREnumerated(bytes); - case OBJECT_IDENTIFIER: - return new DERObjectIdentifier(bytes); - case BIT_STRING: - int padBits = bytes[0]; - byte[] data = new byte[bytes.length - 1]; - - System.arraycopy(bytes, 1, data, 0, bytes.length - 1); - - return new DERBitString(data, padBits); - case UTF8_STRING: - return new DERUTF8String(bytes); - case PRINTABLE_STRING: - return new DERPrintableString(bytes); - case IA5_STRING: - return new DERIA5String(bytes); - case T61_STRING: - return new DERT61String(bytes); - case VISIBLE_STRING: - return new DERVisibleString(bytes); - case UNIVERSAL_STRING: - return new DERUniversalString(bytes); - case GENERAL_STRING: - return new DERGeneralString(bytes); - case BMP_STRING: - return new DERBMPString(bytes); - case OCTET_STRING: - return new DEROctetString(bytes); - case UTC_TIME: - return new DERUTCTime(bytes); - case GENERALIZED_TIME: - return new DERGeneralizedTime(bytes); - default: - // - // with tagged object tag number is bottom 5 bits - // - if ((tag & TAGGED) != 0) - { - if ((tag & 0x1f) == 0x1f) - { - throw new IOException("unsupported high tag encountered"); - } - - if (bytes.length == 0) // empty tag! - { - if ((tag & CONSTRUCTED) == 0) - { - // BEGIN android-changed - return new DERTaggedObject(false, tag & 0x1f, DERNull.THE_ONE); - // END android-changed - } - else - { - return new DERTaggedObject(false, tag & 0x1f, new DERConstructedSequence()); - } - } - - // - // simple type - implicit... return an octet string - // - if ((tag & CONSTRUCTED) == 0) - { - return new DERTaggedObject(false, tag & 0x1f, new DEROctetString(bytes)); - } - - bIn = new ByteArrayInputStream(bytes); - dIn = new BERInputStream(bIn); - - DEREncodable dObj = dIn.readObject(); - - // - // explicitly tagged (probably!) - if it isn't we'd have to - // tell from the context - // - if (dIn.available() == 0) - { - return new DERTaggedObject(tag & 0x1f, dObj); - } - - // - // another implicit object, we'll create a sequence... - // - seq = new DERConstructedSequence(); - - seq.addObject(dObj); - - try - { - for (;;) - { - dObj = dIn.readObject(); - - seq.addObject(dObj); - } - } - catch (EOFException ex) - { - // ignore -- - } - - return new DERTaggedObject(false, tag & 0x1f, seq); - } - - return new DERUnknownTag(tag, bytes); - } - } - - public DERObject readObject() - throws IOException - { - int tag = read(); - if (tag == -1) - { - throw new EOFException(); - } - - int length = readLength(); - byte[] bytes = new byte[length]; - - readFully(bytes); - - return buildObject(tag, bytes); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/DERInteger.java b/luni/src/main/java/org/bouncycastle/asn1/DERInteger.java deleted file mode 100644 index e80d895..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/DERInteger.java +++ /dev/null @@ -1,134 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; -import java.math.BigInteger; - -public class DERInteger - extends DERObject -{ - byte[] bytes; - - /** - * return an integer from the passed in object - * - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static DERInteger getInstance( - Object obj) - { - if (obj == null || obj instanceof DERInteger) - { - return (DERInteger)obj; - } - - if (obj instanceof ASN1OctetString) - { - return new DERInteger(((ASN1OctetString)obj).getOctets()); - } - - if (obj instanceof ASN1TaggedObject) - { - return getInstance(((ASN1TaggedObject)obj).getObject()); - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - /** - * return an Integer from a tagged object. - * - * @param obj the tagged object holding the object we want - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the tagged object cannot - * be converted. - */ - public static DERInteger getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(obj.getObject()); - } - - public DERInteger( - int value) - { - bytes = BigInteger.valueOf(value).toByteArray(); - } - - public DERInteger( - BigInteger value) - { - bytes = value.toByteArray(); - } - - public DERInteger( - byte[] bytes) - { - this.bytes = bytes; - } - - public BigInteger getValue() - { - return new BigInteger(bytes); - } - - /** - * in some cases positive values get crammed into a space, - * that's not quite big enough... - */ - public BigInteger getPositiveValue() - { - return new BigInteger(1, bytes); - } - - void encode( - DEROutputStream out) - throws IOException - { - out.writeEncoded(INTEGER, bytes); - } - - public int hashCode() - { - int value = 0; - - for (int i = 0; i != bytes.length; i++) - { - value ^= (bytes[i] & 0xff) << (i % 4); - } - - return value; - } - - public boolean equals( - Object o) - { - if (!(o instanceof DERInteger)) - { - return false; - } - - DERInteger other = (DERInteger)o; - - if (bytes.length != other.bytes.length) - { - return false; - } - - for (int i = 0; i != bytes.length; i++) - { - if (bytes[i] != other.bytes[i]) - { - return false; - } - } - - return true; - } - - public String toString() - { - return getValue().toString(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/DERNull.java b/luni/src/main/java/org/bouncycastle/asn1/DERNull.java deleted file mode 100644 index 2be5c80..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/DERNull.java +++ /dev/null @@ -1,46 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -/** - * A NULL object. - */ -public class DERNull - extends ASN1Null -{ - // BEGIN android-added - /** non-null; unique instance of this class */ - static public final DERNull THE_ONE = new DERNull(); - // END android-added - - // BEGIN android-changed - private static final byte[] zeroBytes = new byte[0]; - - /*package*/ DERNull() - { - } - // END android-changed - - void encode( - DEROutputStream out) - throws IOException - { - out.writeEncoded(NULL, zeroBytes); - } - - public boolean equals( - Object o) - { - if ((o == null) || !(o instanceof DERNull)) - { - return false; - } - - return true; - } - - public int hashCode() - { - return 0; - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/DERNumericString.java b/luni/src/main/java/org/bouncycastle/asn1/DERNumericString.java deleted file mode 100644 index b53716a..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/DERNumericString.java +++ /dev/null @@ -1,123 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -/** - * DER NumericString object - this is an ascii string of characters {0,1,2,3,4,5,6,7,8,9, }. - */ -public class DERNumericString - extends DERObject - implements DERString -{ - String string; - - /** - * return a Numeric string from the passed in object - * - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static DERNumericString getInstance( - Object obj) - { - if (obj == null || obj instanceof DERNumericString) - { - return (DERNumericString)obj; - } - - if (obj instanceof ASN1OctetString) - { - return new DERNumericString(((ASN1OctetString)obj).getOctets()); - } - - if (obj instanceof ASN1TaggedObject) - { - return getInstance(((ASN1TaggedObject)obj).getObject()); - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - /** - * return an Numeric String from a tagged object. - * - * @param obj the tagged object holding the object we want - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the tagged object cannot - * be converted. - */ - public static DERNumericString getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(obj.getObject()); - } - - /** - * basic constructor - with bytes. - */ - public DERNumericString( - byte[] string) - { - char[] cs = new char[string.length]; - - for (int i = 0; i != cs.length; i++) - { - cs[i] = (char)(string[i] & 0xff); - } - - this.string = new String(cs); - } - - /** - * basic constructor - with string. - */ - public DERNumericString( - String string) - { - this.string = string; - } - - public String getString() - { - return string; - } - - public byte[] getOctets() - { - char[] cs = string.toCharArray(); - byte[] bs = new byte[cs.length]; - - for (int i = 0; i != cs.length; i++) - { - bs[i] = (byte)cs[i]; - } - - return bs; - } - - void encode( - DEROutputStream out) - throws IOException - { - out.writeEncoded(NUMERIC_STRING, this.getOctets()); - } - - public int hashCode() - { - return this.getString().hashCode(); - } - - public boolean equals( - Object o) - { - if (!(o instanceof DERNumericString)) - { - return false; - } - - DERNumericString s = (DERNumericString)o; - - return this.getString().equals(s.getString()); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/DERObject.java b/luni/src/main/java/org/bouncycastle/asn1/DERObject.java deleted file mode 100644 index 42e2487..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/DERObject.java +++ /dev/null @@ -1,20 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -public abstract class DERObject - extends ASN1Encodable - implements DERTags -{ - public DERObject toASN1Object() - { - return this; - } - - public abstract int hashCode(); - - public abstract boolean equals(Object o); - - abstract void encode(DEROutputStream out) - throws IOException; -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/DERObjectIdentifier.java b/luni/src/main/java/org/bouncycastle/asn1/DERObjectIdentifier.java deleted file mode 100644 index 190d727..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/DERObjectIdentifier.java +++ /dev/null @@ -1,293 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.OutputStream; -import java.math.BigInteger; - -public class DERObjectIdentifier - extends DERObject -{ - String identifier; - - /** - * return an OID from the passed in object - * - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static DERObjectIdentifier getInstance( - Object obj) - { - if (obj == null || obj instanceof DERObjectIdentifier) - { - return (DERObjectIdentifier)obj; - } - - if (obj instanceof ASN1OctetString) - { - return new DERObjectIdentifier(((ASN1OctetString)obj).getOctets()); - } - - if (obj instanceof ASN1TaggedObject) - { - return getInstance(((ASN1TaggedObject)obj).getObject()); - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - /** - * return an Object Identifier from a tagged object. - * - * @param obj the tagged object holding the object we want - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the tagged object cannot - * be converted. - */ - public static DERObjectIdentifier getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(obj.getObject()); - } - - - DERObjectIdentifier( - byte[] bytes) - { - StringBuffer objId = new StringBuffer(); - long value = 0; - BigInteger bigValue = null; - boolean first = true; - - for (int i = 0; i != bytes.length; i++) - { - int b = bytes[i] & 0xff; - - if (value < 0x80000000000000L) - { - value = value * 128 + (b & 0x7f); - if ((b & 0x80) == 0) // end of number reached - { - if (first) - { - switch ((int)value / 40) - { - case 0: - objId.append('0'); - break; - case 1: - objId.append('1'); - value -= 40; - break; - default: - objId.append('2'); - value -= 80; - } - first = false; - } - - objId.append('.'); - objId.append(value); - value = 0; - } - } - else - { - if (bigValue == null) - { - bigValue = BigInteger.valueOf(value); - } - bigValue = bigValue.shiftLeft(7); - bigValue = bigValue.or(BigInteger.valueOf(b & 0x7f)); - if ((b & 0x80) == 0) - { - objId.append('.'); - objId.append(bigValue); - bigValue = null; - value = 0; - } - } - } - - // BEGIN android-changed - /* - * Intern the identifier so there aren't hundreds of duplicates - * (in practice). - */ - this.identifier = objId.toString().intern(); - // END android-changed - } - - public DERObjectIdentifier( - String identifier) - { - if (!isValidIdentifier(identifier)) - { - throw new IllegalArgumentException("string " + identifier + " not an OID"); - } - - // BEGIN android-changed - /* - * Intern the identifier so there aren't hundreds of duplicates - * (in practice). - */ - this.identifier = identifier.intern(); - // END android-changed - } - - public String getId() - { - return identifier; - } - - private void writeField( - OutputStream out, - long fieldValue) - throws IOException - { - if (fieldValue >= (1L << 7)) - { - if (fieldValue >= (1L << 14)) - { - if (fieldValue >= (1L << 21)) - { - if (fieldValue >= (1L << 28)) - { - if (fieldValue >= (1L << 35)) - { - if (fieldValue >= (1L << 42)) - { - if (fieldValue >= (1L << 49)) - { - if (fieldValue >= (1L << 56)) - { - out.write((int)(fieldValue >> 56) | 0x80); - } - out.write((int)(fieldValue >> 49) | 0x80); - } - out.write((int)(fieldValue >> 42) | 0x80); - } - out.write((int)(fieldValue >> 35) | 0x80); - } - out.write((int)(fieldValue >> 28) | 0x80); - } - out.write((int)(fieldValue >> 21) | 0x80); - } - out.write((int)(fieldValue >> 14) | 0x80); - } - out.write((int)(fieldValue >> 7) | 0x80); - } - out.write((int)fieldValue & 0x7f); - } - - private void writeField( - OutputStream out, - BigInteger fieldValue) - throws IOException - { - int byteCount = (fieldValue.bitLength()+6)/7; - if (byteCount == 0) - { - out.write(0); - } - else - { - BigInteger tmpValue = fieldValue; - byte[] tmp = new byte[byteCount]; - for (int i = byteCount-1; i >= 0; i--) - { - tmp[i] = (byte) ((tmpValue.intValue() & 0x7f) | 0x80); - tmpValue = tmpValue.shiftRight(7); - } - tmp[byteCount-1] &= 0x7f; - out.write(tmp); - } - - } - - void encode( - DEROutputStream out) - throws IOException - { - OIDTokenizer tok = new OIDTokenizer(identifier); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - - writeField(bOut, - Integer.parseInt(tok.nextToken()) * 40 - + Integer.parseInt(tok.nextToken())); - - while (tok.hasMoreTokens()) - { - String token = tok.nextToken(); - if (token.length() < 18) - { - writeField(bOut, Long.parseLong(token)); - } - else - { - writeField(bOut, new BigInteger(token)); - } - } - - dOut.close(); - - byte[] bytes = bOut.toByteArray(); - - out.writeEncoded(OBJECT_IDENTIFIER, bytes); - } - - public int hashCode() - { - return identifier.hashCode(); - } - - public boolean equals( - Object o) - { - if ((o == null) || !(o instanceof DERObjectIdentifier)) - { - return false; - } - - return identifier.equals(((DERObjectIdentifier)o).identifier); - } - - public String toString() - { - return getId(); - } - - private static boolean isValidIdentifier( - String identifier) - { - boolean periodAllowed = false; - for (int i = identifier.length() - 1; i >= 0; i--) - { - char ch = identifier.charAt(i); - - if ('0' <= ch && ch <= '9') - { - periodAllowed = true; - continue; - } - - if (ch == '.') - { - if (!periodAllowed) - { - return false; - } - - periodAllowed = false; - continue; - } - - return false; - } - - return periodAllowed; - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/DEROctetString.java b/luni/src/main/java/org/bouncycastle/asn1/DEROctetString.java deleted file mode 100644 index bf7a86b..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/DEROctetString.java +++ /dev/null @@ -1,29 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -public class DEROctetString - extends ASN1OctetString -{ - /** - * @param string the octets making up the octet string. - */ - public DEROctetString( - byte[] string) - { - super(string); - } - - public DEROctetString( - DEREncodable obj) - { - super(obj); - } - - void encode( - DEROutputStream out) - throws IOException - { - out.writeEncoded(OCTET_STRING, string); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/DEROutputStream.java b/luni/src/main/java/org/bouncycastle/asn1/DEROutputStream.java deleted file mode 100644 index f55142c..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/DEROutputStream.java +++ /dev/null @@ -1,81 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.FilterOutputStream; -import java.io.IOException; -import java.io.OutputStream; - -public class DEROutputStream - extends FilterOutputStream implements DERTags -{ - public DEROutputStream( - OutputStream os) - { - super(os); - } - - private void writeLength( - int length) - throws IOException - { - if (length > 127) - { - int size = 1; - int val = length; - - while ((val >>>= 8) != 0) - { - size++; - } - - write((byte)(size | 0x80)); - - for (int i = (size - 1) * 8; i >= 0; i -= 8) - { - write((byte)(length >> i)); - } - } - else - { - write((byte)length); - } - } - - void writeEncoded( - int tag, - byte[] bytes) - throws IOException - { - write(tag); - writeLength(bytes.length); - write(bytes); - } - - protected void writeNull() - throws IOException - { - write(NULL); - write(0x00); - } - - public void writeObject( - Object obj) - throws IOException - { - if (obj == null) - { - writeNull(); - } - else if (obj instanceof DERObject) - { - ((DERObject)obj).encode(this); - } - else if (obj instanceof DEREncodable) - { - ((DEREncodable)obj).getDERObject().encode(this); - } - else - { - throw new IOException("object not DEREncodable"); - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/DERPrintableString.java b/luni/src/main/java/org/bouncycastle/asn1/DERPrintableString.java deleted file mode 100644 index 00aec9b..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/DERPrintableString.java +++ /dev/null @@ -1,134 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -/** - * DER PrintableString object. - */ -public class DERPrintableString - extends DERObject - implements DERString -{ - // BEGIN android-changed - private final String string; - // END android-changed - - /** - * return a printable string from the passed in object. - * - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static DERPrintableString getInstance( - Object obj) - { - if (obj == null || obj instanceof DERPrintableString) - { - return (DERPrintableString)obj; - } - - if (obj instanceof ASN1OctetString) - { - return new DERPrintableString(((ASN1OctetString)obj).getOctets()); - } - - if (obj instanceof ASN1TaggedObject) - { - return getInstance(((ASN1TaggedObject)obj).getObject()); - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - /** - * return a Printable String from a tagged object. - * - * @param obj the tagged object holding the object we want - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the tagged object cannot - * be converted. - */ - public static DERPrintableString getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(obj.getObject()); - } - - /** - * basic constructor - byte encoded string. - */ - public DERPrintableString( - byte[] string) - { - char[] cs = new char[string.length]; - - for (int i = 0; i != cs.length; i++) - { - cs[i] = (char)(string[i] & 0xff); - } - - // BEGIN android-changed - this.string = new String(cs).intern(); - // END android-changed - } - - /** - * basic constructor - */ - public DERPrintableString( - String string) - { - // BEGIN android-changed - this.string = string.intern(); - // END android-changed - } - - public String getString() - { - return string; - } - - public byte[] getOctets() - { - char[] cs = string.toCharArray(); - byte[] bs = new byte[cs.length]; - - for (int i = 0; i != cs.length; i++) - { - bs[i] = (byte)cs[i]; - } - - return bs; - } - - void encode( - DEROutputStream out) - throws IOException - { - out.writeEncoded(PRINTABLE_STRING, this.getOctets()); - } - - public int hashCode() - { - return this.getString().hashCode(); - } - - public boolean equals( - Object o) - { - if (!(o instanceof DERPrintableString)) - { - return false; - } - - DERPrintableString s = (DERPrintableString)o; - - return this.getString().equals(s.getString()); - } - - public String toString() - { - return string; - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/DERSequence.java b/luni/src/main/java/org/bouncycastle/asn1/DERSequence.java deleted file mode 100644 index 1cfd38d..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/DERSequence.java +++ /dev/null @@ -1,79 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.util.Enumeration; - -public class DERSequence - extends ASN1Sequence -{ - /** - * create an empty sequence - */ - public DERSequence() - { - } - - /** - * create a sequence containing one object - */ - public DERSequence( - DEREncodable obj) - { - this.addObject(obj); - } - - /** - * create a sequence containing a vector of objects. - */ - public DERSequence( - DEREncodableVector v) - { - for (int i = 0; i != v.size(); i++) - { - this.addObject(v.get(i)); - } - } - - /** - * create a sequence containing an array of objects. - */ - public DERSequence( - ASN1Encodable[] a) - { - for (int i = 0; i != a.length; i++) - { - this.addObject(a[i]); - } - } - - /* - * A note on the implementation: - * <p> - * As DER requires the constructed, definite-length model to - * be used for structured types, this varies slightly from the - * ASN.1 descriptions given. Rather than just outputing SEQUENCE, - * we also have to specify CONSTRUCTED, and the objects length. - */ - void encode( - DEROutputStream out) - throws IOException - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - Enumeration e = this.getObjects(); - - while (e.hasMoreElements()) - { - Object obj = e.nextElement(); - - dOut.writeObject(obj); - } - - dOut.close(); - - byte[] bytes = bOut.toByteArray(); - - out.writeEncoded(SEQUENCE | CONSTRUCTED, bytes); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/DERSet.java b/luni/src/main/java/org/bouncycastle/asn1/DERSet.java deleted file mode 100644 index e1aa1d5..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/DERSet.java +++ /dev/null @@ -1,99 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.util.Enumeration; - -/** - * A DER encoded set object - */ -public class DERSet - extends ASN1Set -{ - /** - * create an empty set - */ - public DERSet() - { - } - - /** - * @param obj - a single object that makes up the set. - */ - public DERSet( - DEREncodable obj) - { - this.addObject(obj); - } - - /** - * @param v - a vector of objects making up the set. - */ - public DERSet( - DEREncodableVector v) - { - this(v, true); - } - - /** - * create a set from an array of objects. - */ - public DERSet( - ASN1Encodable[] a) - { - for (int i = 0; i != a.length; i++) - { - this.addObject(a[i]); - } - - this.sort(); - } - - /** - * @param v - a vector of objects making up the set. - */ - DERSet( - DEREncodableVector v, - boolean needsSorting) - { - for (int i = 0; i != v.size(); i++) - { - this.addObject(v.get(i)); - } - - if (needsSorting) - { - this.sort(); - } - } - - /* - * A note on the implementation: - * <p> - * As DER requires the constructed, definite-length model to - * be used for structured types, this varies slightly from the - * ASN.1 descriptions given. Rather than just outputing SET, - * we also have to specify CONSTRUCTED, and the objects length. - */ - void encode( - DEROutputStream out) - throws IOException - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - Enumeration e = this.getObjects(); - - while (e.hasMoreElements()) - { - Object obj = e.nextElement(); - - dOut.writeObject(obj); - } - - dOut.close(); - - byte[] bytes = bOut.toByteArray(); - - out.writeEncoded(SET | CONSTRUCTED, bytes); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/DERString.java b/luni/src/main/java/org/bouncycastle/asn1/DERString.java deleted file mode 100644 index 3143be9..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/DERString.java +++ /dev/null @@ -1,9 +0,0 @@ -package org.bouncycastle.asn1; - -/** - * basic interface for DER string objects. - */ -public interface DERString -{ - public String getString(); -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/DERT61String.java b/luni/src/main/java/org/bouncycastle/asn1/DERT61String.java deleted file mode 100644 index 8c7c99a..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/DERT61String.java +++ /dev/null @@ -1,121 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -/** - * DER T61String (also the teletex string) - */ -public class DERT61String - extends DERObject - implements DERString -{ - String string; - - /** - * return a T61 string from the passed in object. - * - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static DERT61String getInstance( - Object obj) - { - if (obj == null || obj instanceof DERT61String) - { - return (DERT61String)obj; - } - - if (obj instanceof ASN1OctetString) - { - return new DERT61String(((ASN1OctetString)obj).getOctets()); - } - - if (obj instanceof ASN1TaggedObject) - { - return getInstance(((ASN1TaggedObject)obj).getObject()); - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - /** - * return an T61 String from a tagged object. - * - * @param obj the tagged object holding the object we want - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the tagged object cannot - * be converted. - */ - public static DERT61String getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(obj.getObject()); - } - - /** - * basic constructor - with bytes. - */ - public DERT61String( - byte[] string) - { - char[] cs = new char[string.length]; - - for (int i = 0; i != cs.length; i++) - { - cs[i] = (char)(string[i] & 0xff); - } - - this.string = new String(cs); - } - - /** - * basic constructor - with string. - */ - public DERT61String( - String string) - { - this.string = string; - } - - public String getString() - { - return string; - } - - void encode( - DEROutputStream out) - throws IOException - { - out.writeEncoded(T61_STRING, this.getOctets()); - } - - public byte[] getOctets() - { - char[] cs = string.toCharArray(); - byte[] bs = new byte[cs.length]; - - for (int i = 0; i != cs.length; i++) - { - bs[i] = (byte)cs[i]; - } - - return bs; - } - - public boolean equals( - Object o) - { - if ((o == null) || !(o instanceof DERT61String)) - { - return false; - } - - return this.getString().equals(((DERT61String)o).getString()); - } - - public int hashCode() - { - return this.getString().hashCode(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/DERTaggedObject.java b/luni/src/main/java/org/bouncycastle/asn1/DERTaggedObject.java deleted file mode 100644 index d42f0d6..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/DERTaggedObject.java +++ /dev/null @@ -1,88 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; - -/** - * DER TaggedObject - in ASN.1 nottation this is any object proceeded by - * a [n] where n is some number - these are assume to follow the construction - * rules (as with sequences). - */ -public class DERTaggedObject - extends ASN1TaggedObject -{ - /** - * @param tagNo the tag number for this object. - * @param obj the tagged object. - */ - public DERTaggedObject( - int tagNo, - DEREncodable obj) - { - super(tagNo, obj); - } - - /** - * @param explicit true if an explicitly tagged object. - * @param tagNo the tag number for this object. - * @param obj the tagged object. - */ - public DERTaggedObject( - boolean explicit, - int tagNo, - DEREncodable obj) - { - super(explicit, tagNo, obj); - } - - /** - * create an implicitly tagged object that contains a zero - * length sequence. - */ - public DERTaggedObject( - int tagNo) - { - super(false, tagNo, new DERSequence()); - } - - void encode( - DEROutputStream out) - throws IOException - { - if (!empty) - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - - dOut.writeObject(obj); - dOut.close(); - - byte[] bytes = bOut.toByteArray(); - - if (explicit) - { - out.writeEncoded(CONSTRUCTED | TAGGED | tagNo, bytes); - } - else - { - // - // need to mark constructed types... - // - if ((bytes[0] & CONSTRUCTED) != 0) - { - bytes[0] = (byte)(CONSTRUCTED | TAGGED | tagNo); - } - else - { - bytes[0] = (byte)(TAGGED | tagNo); - } - - out.write(bytes); - } - } - else - { - out.writeEncoded(CONSTRUCTED | TAGGED | tagNo, new byte[0]); - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/DERTags.java b/luni/src/main/java/org/bouncycastle/asn1/DERTags.java deleted file mode 100644 index ef441ef..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/DERTags.java +++ /dev/null @@ -1,36 +0,0 @@ -package org.bouncycastle.asn1; - -public interface DERTags -{ - public static final int BOOLEAN = 0x01; - public static final int INTEGER = 0x02; - public static final int BIT_STRING = 0x03; - public static final int OCTET_STRING = 0x04; - public static final int NULL = 0x05; - public static final int OBJECT_IDENTIFIER = 0x06; - public static final int EXTERNAL = 0x08; - public static final int ENUMERATED = 0x0a; - public static final int SEQUENCE = 0x10; - public static final int SEQUENCE_OF = 0x10; // for completeness - public static final int SET = 0x11; - public static final int SET_OF = 0x11; // for completeness - - - public static final int NUMERIC_STRING = 0x12; - public static final int PRINTABLE_STRING = 0x13; - public static final int T61_STRING = 0x14; - public static final int VIDEOTEX_STRING = 0x15; - public static final int IA5_STRING = 0x16; - public static final int UTC_TIME = 0x17; - public static final int GENERALIZED_TIME = 0x18; - public static final int GRAPHIC_STRING = 0x19; - public static final int VISIBLE_STRING = 0x1a; - public static final int GENERAL_STRING = 0x1b; - public static final int UNIVERSAL_STRING = 0x1c; - public static final int BMP_STRING = 0x1e; - public static final int UTF8_STRING = 0x0c; - - public static final int CONSTRUCTED = 0x20; - public static final int APPLICATION = 0x40; - public static final int TAGGED = 0x80; -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/DERUTCTime.java b/luni/src/main/java/org/bouncycastle/asn1/DERUTCTime.java deleted file mode 100644 index a6d0cc7..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/DERUTCTime.java +++ /dev/null @@ -1,193 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; -import java.text.SimpleDateFormat; -import java.util.Date; -import java.util.SimpleTimeZone; - -/** - * UTC time object. - */ -public class DERUTCTime - extends DERObject -{ - String time; - - /** - * return an UTC Time from the passed in object. - * - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static DERUTCTime getInstance( - Object obj) - { - if (obj == null || obj instanceof DERUTCTime) - { - return (DERUTCTime)obj; - } - - if (obj instanceof ASN1OctetString) - { - return new DERUTCTime(((ASN1OctetString)obj).getOctets()); - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - /** - * return an UTC Time from a tagged object. - * - * @param obj the tagged object holding the object we want - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the tagged object cannot - * be converted. - */ - public static DERUTCTime getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(obj.getObject()); - } - - /** - * The correct format for this is YYMMDDHHMMSSZ (it used to be that seconds were - * never encoded. When you're creating one of these objects from scratch, that's - * what you want to use, otherwise we'll try to deal with whatever gets read from - * the input stream... (this is why the input format is different from the getTime() - * method output). - * <p> - * - * @param time the time string. - */ - public DERUTCTime( - String time) - { - this.time = time; - } - - /** - * base constructer from a java.util.date object - */ - public DERUTCTime( - Date time) - { - SimpleDateFormat dateF = new SimpleDateFormat("yyMMddHHmmss'Z'"); - - dateF.setTimeZone(new SimpleTimeZone(0,"Z")); - - this.time = dateF.format(time); - } - - DERUTCTime( - byte[] bytes) - { - // - // explicitly convert to characters - // - char[] dateC = new char[bytes.length]; - - for (int i = 0; i != dateC.length; i++) - { - dateC[i] = (char)(bytes[i] & 0xff); - } - - this.time = new String(dateC); - } - - /** - * return the time - always in the form of - * YYMMDDhhmmssGMT(+hh:mm|-hh:mm). - * <p> - * Normally in a certificate we would expect "Z" rather than "GMT", - * however adding the "GMT" means we can just use: - * <pre> - * dateF = new SimpleDateFormat("yyMMddHHmmssz"); - * </pre> - * To read in the time and get a date which is compatible with our local - * time zone. - * <p> - * <b>Note:</b> In some cases, due to the local date processing, this - * may lead to unexpected results. If you want to stick the normal - * convention of 1950 to 2049 use the getAdjustedTime() method. - */ - public String getTime() - { - // - // standardise the format. - // - if (time.length() == 11) - { - return time.substring(0, 10) + "00GMT+00:00"; - } - else if (time.length() == 13) - { - return time.substring(0, 12) + "GMT+00:00"; - } - else if (time.length() == 17) - { - return time.substring(0, 12) + "GMT" + time.substring(12, 15) + ":" + time.substring(15, 17); - } - - return time; - } - - /** - * return the time as an adjusted date with a 4 digit year. This goes - * in the range of 1950 - 2049. - */ - public String getAdjustedTime() - { - String d = this.getTime(); - - if (d.charAt(0) < '5') - { - return "20" + d; - } - else - { - return "19" + d; - } - } - - private byte[] getOctets() - { - char[] cs = time.toCharArray(); - byte[] bs = new byte[cs.length]; - - for (int i = 0; i != cs.length; i++) - { - bs[i] = (byte)cs[i]; - } - - return bs; - } - - void encode( - DEROutputStream out) - throws IOException - { - out.writeEncoded(UTC_TIME, this.getOctets()); - } - - public boolean equals( - Object o) - { - if ((o == null) || !(o instanceof DERUTCTime)) - { - return false; - } - - return time.equals(((DERUTCTime)o).time); - } - - public int hashCode() - { - return time.hashCode(); - } - - public String toString() - { - return time; - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/DERUTF8String.java b/luni/src/main/java/org/bouncycastle/asn1/DERUTF8String.java deleted file mode 100644 index 1402d38..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/DERUTF8String.java +++ /dev/null @@ -1,104 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -import org.bouncycastle.util.Strings; - -/** - * DER UTF8String object. - */ -public class DERUTF8String - extends DERObject - implements DERString -{ - String string; - - /** - * return an UTF8 string from the passed in object. - * - * @exception IllegalArgumentException - * if the object cannot be converted. - */ - public static DERUTF8String getInstance(Object obj) - { - if (obj == null || obj instanceof DERUTF8String) - { - return (DERUTF8String)obj; - } - - if (obj instanceof ASN1OctetString) - { - return new DERUTF8String(((ASN1OctetString)obj).getOctets()); - } - - if (obj instanceof ASN1TaggedObject) - { - return getInstance(((ASN1TaggedObject)obj).getObject()); - } - - throw new IllegalArgumentException("illegal object in getInstance: " - + obj.getClass().getName()); - } - - /** - * return an UTF8 String from a tagged object. - * - * @param obj - * the tagged object holding the object we want - * @param explicit - * true if the object is meant to be explicitly tagged false - * otherwise. - * @exception IllegalArgumentException - * if the tagged object cannot be converted. - */ - public static DERUTF8String getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(obj.getObject()); - } - - /** - * basic constructor - byte encoded string. - */ - DERUTF8String(byte[] string) - { - this.string = Strings.fromUTF8ByteArray(string); - } - - /** - * basic constructor - */ - public DERUTF8String(String string) - { - this.string = string; - } - - public String getString() - { - return string; - } - - public int hashCode() - { - return this.getString().hashCode(); - } - - public boolean equals(Object o) - { - if (!(o instanceof DERUTF8String)) - { - return false; - } - - DERUTF8String s = (DERUTF8String)o; - - return this.getString().equals(s.getString()); - } - - void encode(DEROutputStream out) - throws IOException - { - out.writeEncoded(UTF8_STRING, Strings.toUTF8ByteArray(string)); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/DERUniversalString.java b/luni/src/main/java/org/bouncycastle/asn1/DERUniversalString.java deleted file mode 100644 index ec8c519..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/DERUniversalString.java +++ /dev/null @@ -1,115 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; - -/** - * DER UniversalString object. - */ -public class DERUniversalString - extends DERObject - implements DERString -{ - private static final char[] table = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' }; - private byte[] string; - - /** - * return a Universal String from the passed in object. - * - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static DERUniversalString getInstance( - Object obj) - { - if (obj == null || obj instanceof DERUniversalString) - { - return (DERUniversalString)obj; - } - - if (obj instanceof ASN1OctetString) - { - return new DERUniversalString(((ASN1OctetString)obj).getOctets()); - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - /** - * return a Universal String from a tagged object. - * - * @param obj the tagged object holding the object we want - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the tagged object cannot - * be converted. - */ - public static DERUniversalString getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(obj.getObject()); - } - - /** - * basic constructor - byte encoded string. - */ - public DERUniversalString( - byte[] string) - { - this.string = string; - } - - public String getString() - { - StringBuffer buf = new StringBuffer("#"); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - ASN1OutputStream aOut = new ASN1OutputStream(bOut); - - try - { - aOut.writeObject(this); - } - catch (IOException e) - { - throw new RuntimeException("internal error encoding BitString"); - } - - byte[] string = bOut.toByteArray(); - - for (int i = 0; i != string.length; i++) - { - buf.append(table[(string[i] >>> 4) % 0xf]); - buf.append(table[string[i] & 0xf]); - } - - return buf.toString(); - } - - public byte[] getOctets() - { - return string; - } - - void encode( - DEROutputStream out) - throws IOException - { - out.writeEncoded(UNIVERSAL_STRING, this.getOctets()); - } - - public boolean equals( - Object o) - { - if ((o == null) || !(o instanceof DERUniversalString)) - { - return false; - } - - return this.getString().equals(((DERUniversalString)o).getString()); - } - - public int hashCode() - { - return this.getString().hashCode(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/DERUnknownTag.java b/luni/src/main/java/org/bouncycastle/asn1/DERUnknownTag.java deleted file mode 100644 index 8b0631c..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/DERUnknownTag.java +++ /dev/null @@ -1,86 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -/** - * We insert one of these when we find a tag we don't recognise. - */ -public class DERUnknownTag - extends DERObject -{ - int tag; - byte[] data; - - /** - * @param tag the tag value. - * @param data the octets making up the time. - */ - public DERUnknownTag( - int tag, - byte[] data) - { - this.tag = tag; - this.data = data; - } - - public int getTag() - { - return tag; - } - - public byte[] getData() - { - return data; - } - - void encode( - DEROutputStream out) - throws IOException - { - out.writeEncoded(tag, data); - } - - public boolean equals( - Object o) - { - if ((o == null) || !(o instanceof DERUnknownTag)) - { - return false; - } - - DERUnknownTag other = (DERUnknownTag)o; - - if (tag != other.tag) - { - return false; - } - - if (data.length != other.data.length) - { - return false; - } - - for (int i = 0; i < data.length; i++) - { - if(data[i] != other.data[i]) - { - return false; - } - } - - return true; - } - - public int hashCode() - { - byte[] b = this.getData(); - int value = 0; - - for (int i = 0; i != b.length; i++) - { - value ^= (b[i] & 0xff) << (i % 4); - } - - return value ^ this.getTag(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/DERVisibleString.java b/luni/src/main/java/org/bouncycastle/asn1/DERVisibleString.java deleted file mode 100644 index 1660eb2..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/DERVisibleString.java +++ /dev/null @@ -1,121 +0,0 @@ -package org.bouncycastle.asn1; - -import java.io.IOException; - -/** - * DER VisibleString object. - */ -public class DERVisibleString - extends DERObject - implements DERString -{ - String string; - - /** - * return a Visible String from the passed in object. - * - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static DERVisibleString getInstance( - Object obj) - { - if (obj == null || obj instanceof DERVisibleString) - { - return (DERVisibleString)obj; - } - - if (obj instanceof ASN1OctetString) - { - return new DERVisibleString(((ASN1OctetString)obj).getOctets()); - } - - if (obj instanceof ASN1TaggedObject) - { - return getInstance(((ASN1TaggedObject)obj).getObject()); - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - /** - * return a Visible String from a tagged object. - * - * @param obj the tagged object holding the object we want - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the tagged object cannot - * be converted. - */ - public static DERVisibleString getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(obj.getObject()); - } - - /** - * basic constructor - byte encoded string. - */ - public DERVisibleString( - byte[] string) - { - char[] cs = new char[string.length]; - - for (int i = 0; i != cs.length; i++) - { - cs[i] = (char)(string[i] & 0xff); - } - - this.string = new String(cs); - } - - /** - * basic constructor - */ - public DERVisibleString( - String string) - { - this.string = string; - } - - public String getString() - { - return string; - } - - public byte[] getOctets() - { - char[] cs = string.toCharArray(); - byte[] bs = new byte[cs.length]; - - for (int i = 0; i != cs.length; i++) - { - bs[i] = (byte)cs[i]; - } - - return bs; - } - - void encode( - DEROutputStream out) - throws IOException - { - out.writeEncoded(VISIBLE_STRING, this.getOctets()); - } - - public boolean equals( - Object o) - { - if ((o == null) || !(o instanceof DERVisibleString)) - { - return false; - } - - return this.getString().equals(((DERVisibleString)o).getString()); - } - - public int hashCode() - { - return this.getString().hashCode(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/OIDTokenizer.java b/luni/src/main/java/org/bouncycastle/asn1/OIDTokenizer.java deleted file mode 100644 index 5467944..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/OIDTokenizer.java +++ /dev/null @@ -1,48 +0,0 @@ -package org.bouncycastle.asn1; - -/** - * class for breaking up an OID into it's component tokens, ala - * java.util.StringTokenizer. We need this class as some of the - * lightweight Java environment don't support classes like - * StringTokenizer. - */ -public class OIDTokenizer -{ - private String oid; - private int index; - - public OIDTokenizer( - String oid) - { - this.oid = oid; - this.index = 0; - } - - public boolean hasMoreTokens() - { - return (index != -1); - } - - public String nextToken() - { - if (index == -1) - { - return null; - } - - String token; - int end = oid.indexOf('.', index); - - if (end == -1) - { - token = oid.substring(index); - index = -1; - return token; - } - - token = oid.substring(index, end); - - index = end + 1; - return token; - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/OrderedTable.java b/luni/src/main/java/org/bouncycastle/asn1/OrderedTable.java deleted file mode 100644 index 511aba2..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/OrderedTable.java +++ /dev/null @@ -1,224 +0,0 @@ -package org.bouncycastle.asn1; - -import java.util.Enumeration; -import java.util.ConcurrentModificationException; - -// BEGIN android-note -/* - * This is a new class that was synthesized from the observed - * requirement for a lookup table that preserves order. Since in - * practice the element count is typically very low, we just use a - * flat list rather than doing any hashing / bucketing. - */ -// END android-note - -/** - * Ordered lookup table. Instances of this class will keep up to four - * key-value pairs directly, resorting to an external collection only - * if more elements than that need to be stored. - */ -public final class OrderedTable { - /** null-ok; key #0 */ - private DERObjectIdentifier key0; - - /** null-ok; key #1 */ - private DERObjectIdentifier key1; - - /** null-ok; key #2 */ - private DERObjectIdentifier key2; - - /** null-ok; key #3 */ - private DERObjectIdentifier key3; - - /** null-ok; value #0 */ - private Object value0; - - /** null-ok; value #1 */ - private Object value1; - - /** null-ok; value #2 */ - private Object value2; - - /** null-ok; value #3 */ - private Object value3; - - /** - * null-ok; array of additional keys and values, alternating - * key then value, etc. - */ - private Object[] rest; - - /** >= 0; number of elements in the list */ - private int size; - - // Note: Default public constructor. - - /** - * Adds an element. - * - * @param key non-null; the key - * @param value non-null; the value - */ - public void add(DERObjectIdentifier key, Object value) { - if (key == null) { - throw new NullPointerException("key == null"); - } - - if (value == null) { - throw new NullPointerException("value == null"); - } - - int sz = size; - - switch (sz) { - case 0: { - key0 = key; - value0 = value; - break; - } - case 1: { - key1 = key; - value1 = value; - break; - } - case 2: { - key2 = key; - value2 = value; - break; - } - case 3: { - key3 = key; - value3 = value; - break; - } - case 4: { - // Do initial allocation of rest. - rest = new Object[10]; - rest[0] = key; - rest[1] = value; - break; - } - default: { - int index = (sz - 4) * 2; - int index1 = index + 1; - if (index1 >= rest.length) { - // Grow rest. - Object[] newRest = new Object[index1 * 2 + 10]; - System.arraycopy(rest, 0, newRest, 0, rest.length); - rest = newRest; - } - rest[index] = key; - rest[index1] = value; - break; - } - } - - size = sz + 1; - } - - /** - * Gets the number of elements in this instance. - */ - public int size() { - return size; - } - - /** - * Look up the given key, returning the associated value if found. - * - * @param key non-null; the key to look up - * @return null-ok; the associated value - */ - public Object get(DERObjectIdentifier key) { - int keyHash = key.hashCode(); - int sz = size; - - for (int i = 0; i < size; i++) { - DERObjectIdentifier probe = getKey(i); - if ((probe.hashCode() == keyHash) && - probe.equals(key)) { - return getValue(i); - } - } - - return null; - } - - /** - * Gets the nth key. - * - * @param n index - * @return non-null; the nth key - */ - public DERObjectIdentifier getKey(int n) { - if ((n < 0) || (n >= size)) { - throw new IndexOutOfBoundsException(Integer.toString(n)); - } - - switch (n) { - case 0: return key0; - case 1: return key1; - case 2: return key2; - case 3: return key3; - default: return (DERObjectIdentifier) rest[(n - 4) * 2]; - } - } - - /** - * Gets the nth value. - * - * @param n index - * @return non-null; the nth value - */ - public Object getValue(int n) { - if ((n < 0) || (n >= size)) { - throw new IndexOutOfBoundsException(Integer.toString(n)); - } - - switch (n) { - case 0: return value0; - case 1: return value1; - case 2: return value2; - case 3: return value3; - default: return rest[((n - 4) * 2) + 1]; - } - } - - /** - * Gets an enumeration of the keys, in order. - * - * @return non-null; an enumeration of the keys - */ - public Enumeration getKeys() { - return new KeyEnumeration(); - } - - /** - * Associated enumeration class. - */ - private class KeyEnumeration implements Enumeration { - /** original size; used for modification detection */ - private final int origSize = size; - - /** >= 0; current cursor */ - private int at = 0; - - /** {@inheritDoc} */ - public boolean hasMoreElements() { - if (size != origSize) { - throw new ConcurrentModificationException(); - } - - return at < origSize; - } - - /** {@inheritDoc} */ - public Object nextElement() { - if (size != origSize) { - throw new ConcurrentModificationException(); - } - - return getKey(at++); - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/cmp/PKIFailureInfo.java b/luni/src/main/java/org/bouncycastle/asn1/cmp/PKIFailureInfo.java deleted file mode 100644 index 5d97e0a..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/cmp/PKIFailureInfo.java +++ /dev/null @@ -1,104 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import org.bouncycastle.asn1.DERBitString; - -/** - * <pre> - * PKIFailureInfo ::= BIT STRING { - * badAlg (0), - * -- unrecognized or unsupported Algorithm Identifier - * badMessageCheck (1), -- integrity check failed (e.g., signature did not verify) - * badRequest (2), - * -- transaction not permitted or supported - * badTime (3), -- messageTime was not sufficiently close to the system time, as defined by local policy - * badCertId (4), -- no certificate could be found matching the provided criteria - * badDataFormat (5), - * -- the data submitted has the wrong format - * wrongAuthority (6), -- the authority indicated in the request is different from the one creating the response token - * incorrectData (7), -- the requester's data is incorrect (for notary services) - * missingTimeStamp (8), -- when the timestamp is missing but should be there (by policy) - * badPOP (9) -- the proof-of-possession failed - * timeNotAvailable (14), - * -- the TSA's time source is not available - * unacceptedPolicy (15), - * -- the requested TSA policy is not supported by the TSA - * unacceptedExtension (16), - * -- the requested extension is not supported by the TSA - * addInfoNotAvailable (17) - * -- the additional information requested could not be understood - * -- or is not available - * systemFailure (25) - * -- the request cannot be handled due to system failure - * </pre> - */ -public class PKIFailureInfo - extends DERBitString -{ - - - public static final int badAlg = (1 << 7); // unrecognized or unsupported Algorithm Identifier - public static final int badMessageCheck = (1 << 6); // integrity check failed (e.g., signature did not verify) - public static final int badRequest = (1 << 5); - public static final int badTime = (1 << 4); // -- messageTime was not sufficiently close to the system time, as defined by local policy - public static final int badCertId = (1 << 3); // no certificate could be found matching the provided criteria - public static final int badDataFormat = (1 << 2); - public static final int wrongAuthority = (1 << 1); // the authority indicated in the request is different from the one creating the response token - public static final int incorrectData = 1; // the requester's data is incorrect (for notary services) - public static final int missingTimeStamp = (1 << 15); // when the timestamp is missing but should be there (by policy) - public static final int badPOP = (1 << 14); // the proof-of-possession failed - public static final int timeNotAvailable = (1 << 9); // the TSA's time source is not available - public static final int unacceptedPolicy = (1 << 8); // the requested TSA policy is not supported by the TSA - public static final int unacceptedExtension = (1 << 23); //the requested extension is not supported by the TSA - public static final int addInfoNotAvailable = (1 << 22); //the additional information requested could not be understood or is not available - public static final int systemFailure = (1 << 30); //the request cannot be handled due to system failure - - /** @deprecated use lower case version */ - public static final int BAD_ALG = badAlg; // unrecognized or unsupported Algorithm Identifier - /** @deprecated use lower case version */ - public static final int BAD_MESSAGE_CHECK = badMessageCheck; - /** @deprecated use lower case version */ - public static final int BAD_REQUEST = badRequest; // transaction not permitted or supported - /** @deprecated use lower case version */ - public static final int BAD_TIME = badTime; - /** @deprecated use lower case version */ - public static final int BAD_CERT_ID = badCertId; - /** @deprecated use lower case version */ - public static final int BAD_DATA_FORMAT = badDataFormat; // the data submitted has the wrong format - /** @deprecated use lower case version */ - public static final int WRONG_AUTHORITY = wrongAuthority; - /** @deprecated use lower case version */ - public static final int INCORRECT_DATA = incorrectData; - /** @deprecated use lower case version */ - public static final int MISSING_TIME_STAMP = missingTimeStamp; - /** @deprecated use lower case version */ - public static final int BAD_POP = badPOP; - /** @deprecated use lower case version */ - public static final int TIME_NOT_AVAILABLE = timeNotAvailable; - /** @deprecated use lower case version */ - public static final int UNACCEPTED_POLICY = unacceptedPolicy; - /** @deprecated use lower case version */ - public static final int UNACCEPTED_EXTENSION = unacceptedExtension; - /** @deprecated use lower case version */ - public static final int ADD_INFO_NOT_AVAILABLE = addInfoNotAvailable; - /** @deprecated use lower case version */ - public static final int SYSTEM_FAILURE = systemFailure; - /** - * Basic constructor. - */ - public PKIFailureInfo( - int info) - { - super(getBytes(info), getPadBits(info)); - } - - public PKIFailureInfo( - DERBitString info) - { - super(info.getBytes(), info.getPadBits()); - } - - public String toString() - { - return "PKIFailureInfo: 0x" + Integer.toHexString(this.intValue()); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/cmp/PKIFreeText.java b/luni/src/main/java/org/bouncycastle/asn1/cmp/PKIFreeText.java deleted file mode 100644 index f821071..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/cmp/PKIFreeText.java +++ /dev/null @@ -1,91 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERUTF8String; - -public class PKIFreeText - extends ASN1Encodable -{ - ASN1Sequence strings; - - public static PKIFreeText getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static PKIFreeText getInstance( - Object obj) - { - if (obj instanceof PKIFreeText) - { - return (PKIFreeText)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new PKIFreeText((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("Unknown object in factory"); - } - - public PKIFreeText( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - while (e.hasMoreElements()) - { - if (!(e.nextElement() instanceof DERUTF8String)) - { - throw new IllegalArgumentException("attempt to insert non UTF8 STRING into PKIFreeText"); - } - } - - strings = seq; - } - - public PKIFreeText( - DERUTF8String p) - { - strings = new DERSequence(p); - } - - /** - * Return the number of string elements present. - * - * @return number of elements present. - */ - public int size() - { - return strings.size(); - } - - /** - * Return the UTF8STRING at index i. - * - * @param i index of the string of interest - * @return the string at index i. - */ - public DERUTF8String getStringAt( - int i) - { - return (DERUTF8String)strings.getObjectAt(i); - } - - /** - * <pre> - * PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String - * </pre> - */ - public DERObject toASN1Object() - { - return strings; - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/cmp/PKIStatus.java b/luni/src/main/java/org/bouncycastle/asn1/cmp/PKIStatus.java deleted file mode 100644 index 58b2b69..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/cmp/PKIStatus.java +++ /dev/null @@ -1,13 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -public interface PKIStatus -{ - - public static final int GRANTED = 0; - public static final int GRANTED_WITH_MODS = 1; - public static final int REJECTION = 2; - public static final int WAITING = 3; - public static final int REVOCATION_WARNING = 4; - public static final int REVOCATION_NOTIFICATION = 5; - -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/cmp/PKIStatusInfo.java b/luni/src/main/java/org/bouncycastle/asn1/cmp/PKIStatusInfo.java deleted file mode 100644 index b4f37cc..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/cmp/PKIStatusInfo.java +++ /dev/null @@ -1,164 +0,0 @@ -package org.bouncycastle.asn1.cmp; - -import java.math.BigInteger; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class PKIStatusInfo - extends ASN1Encodable -{ - DERInteger status; - PKIFreeText statusString; - DERBitString failInfo; - - public static PKIStatusInfo getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static PKIStatusInfo getInstance( - Object obj) - { - if (obj instanceof PKIStatusInfo) - { - return (PKIStatusInfo)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new PKIStatusInfo((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass()); - } - - public PKIStatusInfo( - ASN1Sequence seq) - { - this.status = DERInteger.getInstance(seq.getObjectAt(0)); - - this.statusString = null; - this.failInfo = null; - - if (seq.size() > 2) - { - this.statusString = PKIFreeText.getInstance(seq.getObjectAt(1)); - this.failInfo = DERBitString.getInstance(seq.getObjectAt(2)); - } - else if (seq.size() > 1) - { - Object obj = seq.getObjectAt(1); - if (obj instanceof DERBitString) - { - this.failInfo = DERBitString.getInstance(obj); - } - else - { - this.statusString = PKIFreeText.getInstance(obj); - } - } - } - - /** - * @param status - */ - public PKIStatusInfo(int status) - { - this.status = new DERInteger(status); - } - - /** - * @param status - * @param statusString - */ - public PKIStatusInfo( - int status, - PKIFreeText statusString) - { - this.status = new DERInteger(status); - this.statusString = statusString; - } - - public PKIStatusInfo( - int status, - PKIFreeText statusString, - PKIFailureInfo failInfo) - { - this.status = new DERInteger(status); - this.statusString = statusString; - this.failInfo = failInfo; - } - - public BigInteger getStatus() - { - return status.getValue(); - } - - public PKIFreeText getStatusString() - { - return statusString; - } - - public DERBitString getFailInfo() - { - return failInfo; - } - - /** - * <pre> - * PKIStatusInfo ::= SEQUENCE { - * status PKIStatus, (INTEGER) - * statusString PKIFreeText OPTIONAL, - * failInfo PKIFailureInfo OPTIONAL (BIT STRING) - * } - * - * PKIStatus: - * granted (0), -- you got exactly what you asked for - * grantedWithMods (1), -- you got something like what you asked for - * rejection (2), -- you don't get it, more information elsewhere in the message - * waiting (3), -- the request body part has not yet been processed, expect to hear more later - * revocationWarning (4), -- this message contains a warning that a revocation is imminent - * revocationNotification (5), -- notification that a revocation has occurred - * keyUpdateWarning (6) -- update already done for the oldCertId specified in CertReqMsg - * - * PKIFailureInfo: - * badAlg (0), -- unrecognized or unsupported Algorithm Identifier - * badMessageCheck (1), -- integrity check failed (e.g., signature did not verify) - * badRequest (2), -- transaction not permitted or supported - * badTime (3), -- messageTime was not sufficiently close to the system time, as defined by local policy - * badCertId (4), -- no certificate could be found matching the provided criteria - * badDataFormat (5), -- the data submitted has the wrong format - * wrongAuthority (6), -- the authority indicated in the request is different from the one creating the response token - * incorrectData (7), -- the requester's data is incorrect (for notary services) - * missingTimeStamp (8), -- when the timestamp is missing but should be there (by policy) - * badPOP (9) -- the proof-of-possession failed - * - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(status); - - if (statusString != null) - { - v.add(statusString); - } - - if (failInfo!= null) - { - v.add(failInfo); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/cms/Attribute.java b/luni/src/main/java/org/bouncycastle/asn1/cms/Attribute.java deleted file mode 100644 index dbec62e..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/cms/Attribute.java +++ /dev/null @@ -1,82 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -public class Attribute - extends ASN1Encodable -{ - private DERObjectIdentifier attrType; - private ASN1Set attrValues; - - /** - * return an Attribute object from the given object. - * - * @param o the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static Attribute getInstance( - Object o) - { - if (o == null || o instanceof Attribute) - { - return (Attribute)o; - } - - if (o instanceof ASN1Sequence) - { - return new Attribute((ASN1Sequence)o); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public Attribute( - ASN1Sequence seq) - { - attrType = (DERObjectIdentifier)seq.getObjectAt(0); - attrValues = (ASN1Set)seq.getObjectAt(1); - } - - public Attribute( - DERObjectIdentifier attrType, - ASN1Set attrValues) - { - this.attrType = attrType; - this.attrValues = attrValues; - } - - public DERObjectIdentifier getAttrType() - { - return attrType; - } - - public ASN1Set getAttrValues() - { - return attrValues; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * Attribute ::= SEQUENCE { - * attrType OBJECT IDENTIFIER, - * attrValues SET OF AttributeValue - * } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(attrType); - v.add(attrValues); - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/cms/AttributeTable.java b/luni/src/main/java/org/bouncycastle/asn1/cms/AttributeTable.java deleted file mode 100644 index 9b4d79f..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/cms/AttributeTable.java +++ /dev/null @@ -1,173 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import java.util.Enumeration; -import java.util.Hashtable; -import java.util.Vector; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.DEREncodableVector; -import org.bouncycastle.asn1.DERObjectIdentifier; - -public class AttributeTable -{ - private Hashtable attributes = new Hashtable(); - - public AttributeTable( - Hashtable attrs) - { - attributes = copyTable(attrs); - } - - public AttributeTable( - DEREncodableVector v) - { - for (int i = 0; i != v.size(); i++) - { - Attribute a = Attribute.getInstance(v.get(i)); - - addAttribute(a.getAttrType(), a); - } - } - - public AttributeTable( - ASN1Set s) - { - for (int i = 0; i != s.size(); i++) - { - Attribute a = Attribute.getInstance(s.getObjectAt(i)); - - addAttribute(a.getAttrType(), a); - } - } - - private void addAttribute( - DERObjectIdentifier oid, - Attribute a) - { - Object value = attributes.get(oid); - - if (value == null) - { - attributes.put(oid, a); - } - else - { - Vector v; - - if (value instanceof Attribute) - { - v = new Vector(); - - v.addElement(value); - v.addElement(a); - } - else - { - v = (Vector)value; - - v.addElement(a); - } - - attributes.put(oid, v); - } - } - - /** - * Return the first attribute matching the OBJECT IDENTIFIER oid. - * - * @param oid type of attribute required. - * @return first attribute found of type oid. - */ - public Attribute get( - DERObjectIdentifier oid) - { - Object value = attributes.get(oid); - - if (value instanceof Vector) - { - return (Attribute)((Vector)value).elementAt(0); - } - - return (Attribute)value; - } - - /** - * Return all the attributes matching the OBJECT IDENTIFIER oid. The vector will be - * empty if there are no attributes of the required type present. - * - * @param oid type of attribute required. - * @return a vector of all the attributes found of type oid. - */ - public ASN1EncodableVector getAll( - DERObjectIdentifier oid) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - Object value = attributes.get(oid); - - if (value instanceof Vector) - { - Enumeration e = ((Vector)value).elements(); - - while (e.hasMoreElements()) - { - v.add((Attribute)e.nextElement()); - } - } - else if (value != null) - { - v.add((Attribute)value); - } - - return v; - } - - public Hashtable toHashtable() - { - return copyTable(attributes); - } - - public ASN1EncodableVector toASN1EncodableVector() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - Enumeration e = attributes.elements(); - - while (e.hasMoreElements()) - { - Object value = e.nextElement(); - - if (value instanceof Vector) - { - Enumeration en = ((Vector)value).elements(); - - while (en.hasMoreElements()) - { - v.add(Attribute.getInstance(en.nextElement())); - } - } - else - { - v.add(Attribute.getInstance(value)); - } - } - - return v; - } - - private Hashtable copyTable( - Hashtable in) - { - Hashtable out = new Hashtable(); - Enumeration e = in.keys(); - - while (e.hasMoreElements()) - { - Object key = e.nextElement(); - - out.put(key, in.get(key)); - } - - return out; - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/cms/CMSAttributes.java b/luni/src/main/java/org/bouncycastle/asn1/cms/CMSAttributes.java deleted file mode 100644 index bdcca6a..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/cms/CMSAttributes.java +++ /dev/null @@ -1,12 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; - -public interface CMSAttributes -{ - public static final DERObjectIdentifier contentType = PKCSObjectIdentifiers.pkcs_9_at_contentType; - public static final DERObjectIdentifier messageDigest = PKCSObjectIdentifiers.pkcs_9_at_messageDigest; - public static final DERObjectIdentifier signingTime = PKCSObjectIdentifiers.pkcs_9_at_signingTime; - public static final DERObjectIdentifier counterSignature = PKCSObjectIdentifiers.pkcs_9_at_counterSignature; -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/cms/CMSObjectIdentifiers.java b/luni/src/main/java/org/bouncycastle/asn1/cms/CMSObjectIdentifiers.java deleted file mode 100644 index 2e6b312..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/cms/CMSObjectIdentifiers.java +++ /dev/null @@ -1,15 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; - -public interface CMSObjectIdentifiers -{ - static final DERObjectIdentifier data = PKCSObjectIdentifiers.data; - static final DERObjectIdentifier signedData = PKCSObjectIdentifiers.signedData; - static final DERObjectIdentifier envelopedData = PKCSObjectIdentifiers.envelopedData; - static final DERObjectIdentifier signedAndEnvelopedData = PKCSObjectIdentifiers.signedAndEnvelopedData; - static final DERObjectIdentifier digestedData = PKCSObjectIdentifiers.digestedData; - static final DERObjectIdentifier encryptedData = PKCSObjectIdentifiers.encryptedData; - static final DERObjectIdentifier compressedData = PKCSObjectIdentifiers.id_ct_compressedData; -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/cms/CompressedData.java b/luni/src/main/java/org/bouncycastle/asn1/cms/CompressedData.java deleted file mode 100644 index 2331059..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/cms/CompressedData.java +++ /dev/null @@ -1,110 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.BERSequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -/** - * RFC 3274 - CMS Compressed Data. - * <pre> - * CompressedData ::= SEQUENCE { - * version CMSVersion, - * compressionAlgorithm CompressionAlgorithmIdentifier, - * encapContentInfo EncapsulatedContentInfo - * } - * </pre> - */ -public class CompressedData - extends ASN1Encodable -{ - private DERInteger version; - private AlgorithmIdentifier compressionAlgorithm; - private ContentInfo encapContentInfo; - - public CompressedData( - AlgorithmIdentifier compressionAlgorithm, - ContentInfo encapContentInfo) - { - this.version = new DERInteger(0); - this.compressionAlgorithm = compressionAlgorithm; - this.encapContentInfo = encapContentInfo; - } - - public CompressedData( - ASN1Sequence seq) - { - this.version = (DERInteger)seq.getObjectAt(0); - this.compressionAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(1)); - this.encapContentInfo = ContentInfo.getInstance(seq.getObjectAt(2)); - - } - - /** - * return a CompressedData object from a tagged object. - * - * @param _ato the tagged object holding the object we want. - * @param _explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the object held by the - * tagged object cannot be converted. - */ - public static CompressedData getInstance( - ASN1TaggedObject _ato, - boolean _explicit) - { - return getInstance(ASN1Sequence.getInstance(_ato, _explicit)); - } - - /** - * return a CompressedData object from the given object. - * - * @param _obj the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static CompressedData getInstance( - Object _obj) - { - if (_obj == null || _obj instanceof CompressedData) - { - return (CompressedData)_obj; - } - - if (_obj instanceof ASN1Sequence) - { - return new CompressedData((ASN1Sequence)_obj); - } - - throw new IllegalArgumentException("Invalid CompressedData: " + _obj.getClass().getName()); - } - - public DERInteger getVersion() - { - return version; - } - - public AlgorithmIdentifier getCompressionAlgorithmIdentifier() - { - return compressionAlgorithm; - } - - public ContentInfo getEncapContentInfo() - { - return encapContentInfo; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(version); - v.add(compressionAlgorithm); - v.add(encapContentInfo); - - return new BERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java b/luni/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java deleted file mode 100644 index 76801a3..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java +++ /dev/null @@ -1,90 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.BERSequence; -import org.bouncycastle.asn1.BERTaggedObject; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; - -public class ContentInfo - extends ASN1Encodable - implements CMSObjectIdentifiers -{ - private DERObjectIdentifier contentType; - private DEREncodable content; - - public static ContentInfo getInstance( - Object obj) - { - if (obj instanceof ContentInfo) - { - return (ContentInfo)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new ContentInfo((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass().getName()); - } - - public ContentInfo( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - contentType = (DERObjectIdentifier)e.nextElement(); - - if (e.hasMoreElements()) - { - content = ((ASN1TaggedObject)e.nextElement()).getObject(); - } - } - - public ContentInfo( - DERObjectIdentifier contentType, - DEREncodable content) - { - this.contentType = contentType; - this.content = content; - } - - public DERObjectIdentifier getContentType() - { - return contentType; - } - - public DEREncodable getContent() - { - return content; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * ContentInfo ::= SEQUENCE { - * contentType ContentType, - * content - * [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(contentType); - - if (content != null) - { - v.add(new BERTaggedObject(0, content)); - } - - return new BERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/cms/EncryptedContentInfo.java b/luni/src/main/java/org/bouncycastle/asn1/cms/EncryptedContentInfo.java deleted file mode 100644 index 22ac839..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/cms/EncryptedContentInfo.java +++ /dev/null @@ -1,106 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.BERSequence; -import org.bouncycastle.asn1.BERTaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class EncryptedContentInfo - extends ASN1Encodable -{ - private DERObjectIdentifier contentType; - private AlgorithmIdentifier contentEncryptionAlgorithm; - private ASN1OctetString encryptedContent; - - public EncryptedContentInfo( - DERObjectIdentifier contentType, - AlgorithmIdentifier contentEncryptionAlgorithm, - ASN1OctetString encryptedContent) - { - this.contentType = contentType; - this.contentEncryptionAlgorithm = contentEncryptionAlgorithm; - this.encryptedContent = encryptedContent; - } - - public EncryptedContentInfo( - ASN1Sequence seq) - { - contentType = (DERObjectIdentifier)seq.getObjectAt(0); - contentEncryptionAlgorithm = AlgorithmIdentifier.getInstance( - seq.getObjectAt(1)); - if (seq.size() > 2) - { - encryptedContent = ASN1OctetString.getInstance( - (ASN1TaggedObject)seq.getObjectAt(2), false); - } - } - - /** - * return an EncryptedContentInfo object from the given object. - * - * @param obj the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static EncryptedContentInfo getInstance( - Object obj) - { - if (obj == null || obj instanceof EncryptedContentInfo) - { - return (EncryptedContentInfo)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new EncryptedContentInfo((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("Invalid EncryptedContentInfo: " - + obj.getClass().getName()); - } - - public DERObjectIdentifier getContentType() - { - return contentType; - } - - public AlgorithmIdentifier getContentEncryptionAlgorithm() - { - return contentEncryptionAlgorithm; - } - - public ASN1OctetString getEncryptedContent() - { - return encryptedContent; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * EncryptedContentInfo ::= SEQUENCE { - * contentType ContentType, - * contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier, - * encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL - * } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(contentType); - v.add(contentEncryptionAlgorithm); - - if (encryptedContent != null) - { - v.add(new BERTaggedObject(false, 0, encryptedContent)); - } - - return new BERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/cms/EnvelopedData.java b/luni/src/main/java/org/bouncycastle/asn1/cms/EnvelopedData.java deleted file mode 100644 index f4ac42c..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/cms/EnvelopedData.java +++ /dev/null @@ -1,179 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.BERSequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERTaggedObject; - -public class EnvelopedData - extends ASN1Encodable -{ - private DERInteger version; - private OriginatorInfo originatorInfo; - private ASN1Set recipientInfos; - private EncryptedContentInfo encryptedContentInfo; - private ASN1Set unprotectedAttrs; - - public EnvelopedData( - OriginatorInfo originatorInfo, - ASN1Set recipientInfos, - EncryptedContentInfo encryptedContentInfo, - ASN1Set unprotectedAttrs) - { - if (originatorInfo != null || unprotectedAttrs != null) - { - version = new DERInteger(2); - } - else - { - version = new DERInteger(0); - - Enumeration e = recipientInfos.getObjects(); - - while (e.hasMoreElements()) - { - RecipientInfo ri = RecipientInfo.getInstance(e.nextElement()); - - if (!ri.getVersion().equals(version)) - { - version = new DERInteger(2); - break; - } - } - } - - this.originatorInfo = originatorInfo; - this.recipientInfos = recipientInfos; - this.encryptedContentInfo = encryptedContentInfo; - this.unprotectedAttrs = unprotectedAttrs; - } - - public EnvelopedData( - ASN1Sequence seq) - { - int index = 0; - - version = (DERInteger)seq.getObjectAt(index++); - - Object tmp = seq.getObjectAt(index++); - - if (tmp instanceof ASN1TaggedObject) - { - originatorInfo = OriginatorInfo.getInstance((ASN1TaggedObject)tmp, false); - tmp = seq.getObjectAt(index++); - } - - recipientInfos = ASN1Set.getInstance(tmp); - - encryptedContentInfo = EncryptedContentInfo.getInstance(seq.getObjectAt(index++)); - - if(seq.size() > index) - { - unprotectedAttrs = ASN1Set.getInstance((ASN1TaggedObject)seq.getObjectAt(index), false); - } - } - - /** - * return an EnvelopedData object from a tagged object. - * - * @param obj the tagged object holding the object we want. - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the object held by the - * tagged object cannot be converted. - */ - public static EnvelopedData getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - /** - * return an EnvelopedData object from the given object. - * - * @param obj the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static EnvelopedData getInstance( - Object obj) - { - if (obj == null || obj instanceof EnvelopedData) - { - return (EnvelopedData)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new EnvelopedData((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("Invalid EnvelopedData: " + obj.getClass().getName()); - } - - public DERInteger getVersion() - { - return version; - } - - public OriginatorInfo getOriginatorInfo() - { - return originatorInfo; - } - - public ASN1Set getRecipientInfos() - { - return recipientInfos; - } - - public EncryptedContentInfo getEncryptedContentInfo() - { - return encryptedContentInfo; - } - - public ASN1Set getUnprotectedAttrs() - { - return unprotectedAttrs; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * EnvelopedData ::= SEQUENCE { - * version CMSVersion, - * originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL, - * recipientInfos RecipientInfos, - * encryptedContentInfo EncryptedContentInfo, - * unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL - * } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(version); - - if (originatorInfo != null) - { - v.add(new DERTaggedObject(false, 0, originatorInfo)); - } - - v.add(recipientInfos); - v.add(encryptedContentInfo); - - if (unprotectedAttrs != null) - { - v.add(new DERTaggedObject(false, 1, unprotectedAttrs)); - } - - return new BERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/cms/IssuerAndSerialNumber.java b/luni/src/main/java/org/bouncycastle/asn1/cms/IssuerAndSerialNumber.java deleted file mode 100644 index f02b1aa..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/cms/IssuerAndSerialNumber.java +++ /dev/null @@ -1,77 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import java.math.BigInteger; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.X509Name; - -public class IssuerAndSerialNumber - extends ASN1Encodable -{ - X509Name name; - DERInteger serialNumber; - - public static IssuerAndSerialNumber getInstance( - Object obj) - { - if (obj instanceof IssuerAndSerialNumber) - { - return (IssuerAndSerialNumber)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new IssuerAndSerialNumber((ASN1Sequence)obj); - } - - throw new IllegalArgumentException( - "Illegal object in IssuerAndSerialNumber: " + obj.getClass().getName()); - } - - public IssuerAndSerialNumber( - ASN1Sequence seq) - { - this.name = X509Name.getInstance(seq.getObjectAt(0)); - this.serialNumber = (DERInteger)seq.getObjectAt(1); - } - - public IssuerAndSerialNumber( - X509Name name, - BigInteger serialNumber) - { - this.name = name; - this.serialNumber = new DERInteger(serialNumber); - } - - public IssuerAndSerialNumber( - X509Name name, - DERInteger serialNumber) - { - this.name = name; - this.serialNumber = serialNumber; - } - - public X509Name getName() - { - return name; - } - - public DERInteger getSerialNumber() - { - return serialNumber; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(name); - v.add(serialNumber); - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/cms/KEKIdentifier.java b/luni/src/main/java/org/bouncycastle/asn1/cms/KEKIdentifier.java deleted file mode 100644 index 708487e..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/cms/KEKIdentifier.java +++ /dev/null @@ -1,139 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; - -public class KEKIdentifier - extends ASN1Encodable -{ - private ASN1OctetString keyIdentifier; - private DERGeneralizedTime date; - private OtherKeyAttribute other; - - public KEKIdentifier( - byte[] keyIdentifier, - DERGeneralizedTime date, - OtherKeyAttribute other) - { - this.keyIdentifier = new DEROctetString(keyIdentifier); - this.date = date; - this.other = other; - } - - public KEKIdentifier( - ASN1Sequence seq) - { - keyIdentifier = (ASN1OctetString)seq.getObjectAt(0); - - switch (seq.size()) - { - case 1: - break; - case 2: - if (seq.getObjectAt(1) instanceof DERGeneralizedTime) - { - date = (DERGeneralizedTime)seq.getObjectAt(1); - } - else - { - other = OtherKeyAttribute.getInstance(seq.getObjectAt(1)); - } - break; - case 3: - date = (DERGeneralizedTime)seq.getObjectAt(1); - other = OtherKeyAttribute.getInstance(seq.getObjectAt(2)); - break; - default: - throw new IllegalArgumentException("Invalid KEKIdentifier"); - } - } - - /** - * return a KEKIdentifier object from a tagged object. - * - * @param obj the tagged object holding the object we want. - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the object held by the - * tagged object cannot be converted. - */ - public static KEKIdentifier getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - /** - * return a KEKIdentifier object from the given object. - * - * @param obj the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static KEKIdentifier getInstance( - Object obj) - { - if (obj == null || obj instanceof KEKIdentifier) - { - return (KEKIdentifier)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new KEKIdentifier((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("Invalid KEKIdentifier: " + obj.getClass().getName()); - } - - public ASN1OctetString getKeyIdentifier() - { - return keyIdentifier; - } - - public DERGeneralizedTime getDate() - { - return date; - } - - public OtherKeyAttribute getOther() - { - return other; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * KEKIdentifier ::= SEQUENCE { - * keyIdentifier OCTET STRING, - * date GeneralizedTime OPTIONAL, - * other OtherKeyAttribute OPTIONAL - * } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(keyIdentifier); - - if (date != null) - { - v.add(date); - } - - if (other != null) - { - v.add(other); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/cms/KEKRecipientInfo.java b/luni/src/main/java/org/bouncycastle/asn1/cms/KEKRecipientInfo.java deleted file mode 100644 index ddbcf13..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/cms/KEKRecipientInfo.java +++ /dev/null @@ -1,121 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class KEKRecipientInfo - extends ASN1Encodable -{ - private DERInteger version; - private KEKIdentifier kekid; - private AlgorithmIdentifier keyEncryptionAlgorithm; - private ASN1OctetString encryptedKey; - - public KEKRecipientInfo( - KEKIdentifier kekid, - AlgorithmIdentifier keyEncryptionAlgorithm, - ASN1OctetString encryptedKey) - { - this.version = new DERInteger(4); - this.kekid = kekid; - this.keyEncryptionAlgorithm = keyEncryptionAlgorithm; - this.encryptedKey = encryptedKey; - } - - public KEKRecipientInfo( - ASN1Sequence seq) - { - version = (DERInteger)seq.getObjectAt(0); - kekid = KEKIdentifier.getInstance(seq.getObjectAt(1)); - keyEncryptionAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(2)); - encryptedKey = (ASN1OctetString)seq.getObjectAt(3); - } - - /** - * return a KEKRecipientInfo object from a tagged object. - * - * @param obj the tagged object holding the object we want. - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the object held by the - * tagged object cannot be converted. - */ - public static KEKRecipientInfo getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - /** - * return a KEKRecipientInfo object from the given object. - * - * @param obj the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static KEKRecipientInfo getInstance( - Object obj) - { - if (obj == null || obj instanceof KEKRecipientInfo) - { - return (KEKRecipientInfo)obj; - } - - if(obj instanceof ASN1Sequence) - { - return new KEKRecipientInfo((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("Invalid KEKRecipientInfo: " + obj.getClass().getName()); - } - - public DERInteger getVersion() - { - return version; - } - - public KEKIdentifier getKekid() - { - return kekid; - } - - public AlgorithmIdentifier getKeyEncryptionAlgorithm() - { - return keyEncryptionAlgorithm; - } - - public ASN1OctetString getEncryptedKey() - { - return encryptedKey; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * KEKRecipientInfo ::= SEQUENCE { - * version CMSVersion, -- always set to 4 - * kekid KEKIdentifier, - * keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, - * encryptedKey EncryptedKey - * } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(version); - v.add(kekid); - v.add(keyEncryptionAlgorithm); - v.add(encryptedKey); - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/cms/KeyAgreeRecipientInfo.java b/luni/src/main/java/org/bouncycastle/asn1/cms/KeyAgreeRecipientInfo.java deleted file mode 100644 index 5ebf4dc..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/cms/KeyAgreeRecipientInfo.java +++ /dev/null @@ -1,151 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class KeyAgreeRecipientInfo - extends ASN1Encodable -{ - private DERInteger version; - private OriginatorIdentifierOrKey originator; - private ASN1OctetString ukm; - private AlgorithmIdentifier keyEncryptionAlgorithm; - private ASN1Sequence recipientEncryptedKeys; - - public KeyAgreeRecipientInfo( - OriginatorIdentifierOrKey originator, - ASN1OctetString ukm, - AlgorithmIdentifier keyEncryptionAlgorithm, - ASN1Sequence recipientEncryptedKeys) - { - this.version = new DERInteger(3); - this.originator = originator; - this.ukm = ukm; - this.keyEncryptionAlgorithm = keyEncryptionAlgorithm; - this.recipientEncryptedKeys = recipientEncryptedKeys; - } - - public KeyAgreeRecipientInfo( - ASN1Sequence seq) - { - int index = 0; - - version = (DERInteger)seq.getObjectAt(index++); - originator = OriginatorIdentifierOrKey.getInstance( - (ASN1TaggedObject)seq.getObjectAt(index++), true); - - if (seq.getObjectAt(index) instanceof ASN1TaggedObject) - { - ukm = ASN1OctetString.getInstance( - (ASN1TaggedObject)seq.getObjectAt(index++), true); - } - - keyEncryptionAlgorithm = AlgorithmIdentifier.getInstance( - seq.getObjectAt(index++)); - - recipientEncryptedKeys = (ASN1Sequence)seq.getObjectAt(index++); - } - - /** - * return a KeyAgreeRecipientInfo object from a tagged object. - * - * @param obj the tagged object holding the object we want. - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the object held by the - * tagged object cannot be converted. - */ - public static KeyAgreeRecipientInfo getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - /** - * return a KeyAgreeRecipientInfo object from the given object. - * - * @param obj the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static KeyAgreeRecipientInfo getInstance( - Object obj) - { - if (obj == null || obj instanceof KeyAgreeRecipientInfo) - { - return (KeyAgreeRecipientInfo)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new KeyAgreeRecipientInfo((ASN1Sequence)obj); - } - - throw new IllegalArgumentException( - "Illegal object in KeyAgreeRecipientInfo: " + obj.getClass().getName()); - - } - - public DERInteger getVersion() - { - return version; - } - - public OriginatorIdentifierOrKey getOriginator() - { - return originator; - } - - public ASN1OctetString getUserKeyingMaterial() - { - return ukm; - } - - public AlgorithmIdentifier getKeyEncryptionAlgorithm() - { - return keyEncryptionAlgorithm; - } - - public ASN1Sequence getRecipientEncryptedKeys() - { - return recipientEncryptedKeys; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * KeyAgreeRecipientInfo ::= SEQUENCE { - * version CMSVersion, -- always set to 3 - * originator [0] EXPLICIT OriginatorIdentifierOrKey, - * ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL, - * keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, - * recipientEncryptedKeys RecipientEncryptedKeys - * } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(version); - v.add(new DERTaggedObject(true, 0, originator)); - - if (ukm != null) - { - v.add(new DERTaggedObject(true, 1, ukm)); - } - - v.add(keyEncryptionAlgorithm); - v.add(recipientEncryptedKeys); - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/cms/KeyTransRecipientInfo.java b/luni/src/main/java/org/bouncycastle/asn1/cms/KeyTransRecipientInfo.java deleted file mode 100644 index 70553b7..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/cms/KeyTransRecipientInfo.java +++ /dev/null @@ -1,114 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class KeyTransRecipientInfo - extends ASN1Encodable -{ - private DERInteger version; - private RecipientIdentifier rid; - private AlgorithmIdentifier keyEncryptionAlgorithm; - private ASN1OctetString encryptedKey; - - public KeyTransRecipientInfo( - RecipientIdentifier rid, - AlgorithmIdentifier keyEncryptionAlgorithm, - ASN1OctetString encryptedKey) - { - if (rid.getDERObject() instanceof ASN1TaggedObject) - { - this.version = new DERInteger(2); - } - else - { - this.version = new DERInteger(0); - } - - this.rid = rid; - this.keyEncryptionAlgorithm = keyEncryptionAlgorithm; - this.encryptedKey = encryptedKey; - } - - public KeyTransRecipientInfo( - ASN1Sequence seq) - { - this.version = (DERInteger)seq.getObjectAt(0); - this.rid = RecipientIdentifier.getInstance(seq.getObjectAt(1)); - this.keyEncryptionAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(2)); - this.encryptedKey = (ASN1OctetString)seq.getObjectAt(3); - } - - /** - * return a KeyTransRecipientInfo object from the given object. - * - * @param obj the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static KeyTransRecipientInfo getInstance( - Object obj) - { - if (obj == null || obj instanceof KeyTransRecipientInfo) - { - return (KeyTransRecipientInfo)obj; - } - - if(obj instanceof ASN1Sequence) - { - return new KeyTransRecipientInfo((ASN1Sequence)obj); - } - - throw new IllegalArgumentException( - "Illegal object in KeyTransRecipientInfo: " + obj.getClass().getName()); - } - - public DERInteger getVersion() - { - return version; - } - - public RecipientIdentifier getRecipientIdentifier() - { - return rid; - } - - public AlgorithmIdentifier getKeyEncryptionAlgorithm() - { - return keyEncryptionAlgorithm; - } - - public ASN1OctetString getEncryptedKey() - { - return encryptedKey; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * KeyTransRecipientInfo ::= SEQUENCE { - * version CMSVersion, -- always set to 0 or 2 - * rid RecipientIdentifier, - * keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, - * encryptedKey EncryptedKey - * } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(version); - v.add(rid); - v.add(keyEncryptionAlgorithm); - v.add(encryptedKey); - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/cms/OriginatorIdentifierOrKey.java b/luni/src/main/java/org/bouncycastle/asn1/cms/OriginatorIdentifierOrKey.java deleted file mode 100644 index f9d3c21..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/cms/OriginatorIdentifierOrKey.java +++ /dev/null @@ -1,104 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERTaggedObject; - -public class OriginatorIdentifierOrKey - extends ASN1Encodable -{ - private DEREncodable id; - - public OriginatorIdentifierOrKey( - IssuerAndSerialNumber id) - { - this.id = id; - } - - public OriginatorIdentifierOrKey( - ASN1OctetString id) - { - this.id = new DERTaggedObject(false, 0, id); - } - - public OriginatorIdentifierOrKey( - OriginatorPublicKey id) - { - this.id = new DERTaggedObject(false, 1, id); - } - - public OriginatorIdentifierOrKey( - DERObject id) - { - this.id = id; - } - - /** - * return an OriginatorIdentifierOrKey object from a tagged object. - * - * @param o the tagged object holding the object we want. - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the object held by the - * tagged object cannot be converted. - */ - public static OriginatorIdentifierOrKey getInstance( - ASN1TaggedObject o, - boolean explicit) - { - if (!explicit) - { - throw new IllegalArgumentException( - "Can't implicitly tag OriginatorIdentifierOrKey"); - } - - return getInstance(o.getObject()); - } - - /** - * return an OriginatorIdentifierOrKey object from the given object. - * - * @param o the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static OriginatorIdentifierOrKey getInstance( - Object o) - { - if (o == null || o instanceof OriginatorIdentifierOrKey) - { - return (OriginatorIdentifierOrKey)o; - } - - if (o instanceof DERObject) - { - return new OriginatorIdentifierOrKey((DERObject)o); - } - - throw new IllegalArgumentException("Invalid OriginatorIdentifierOrKey: " + o.getClass().getName()); - } - - public DEREncodable getId() - { - return id; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * OriginatorIdentifierOrKey ::= CHOICE { - * issuerAndSerialNumber IssuerAndSerialNumber, - * subjectKeyIdentifier [0] SubjectKeyIdentifier, - * originatorKey [1] OriginatorPublicKey - * } - * - * SubjectKeyIdentifier ::= OCTET STRING - * </pre> - */ - public DERObject toASN1Object() - { - return id.getDERObject(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/cms/OriginatorInfo.java b/luni/src/main/java/org/bouncycastle/asn1/cms/OriginatorInfo.java deleted file mode 100644 index 50d2edc..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/cms/OriginatorInfo.java +++ /dev/null @@ -1,129 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; - -public class OriginatorInfo - extends ASN1Encodable -{ - private ASN1Set certs; - private ASN1Set crls; - - public OriginatorInfo( - ASN1Set certs, - ASN1Set crls) - { - this.certs = certs; - this.crls = crls; - } - - public OriginatorInfo( - ASN1Sequence seq) - { - switch (seq.size()) - { - case 0: // empty - break; - case 1: - ASN1TaggedObject o = (ASN1TaggedObject)seq.getObjectAt(0); - switch (o.getTagNo()) - { - case 0 : - certs = ASN1Set.getInstance(o, false); - break; - case 1 : - crls = ASN1Set.getInstance(o, false); - break; - default: - throw new IllegalArgumentException("Bad tag in OriginatorInfo: " + o.getTagNo()); - } - break; - case 2: - certs = ASN1Set.getInstance((ASN1TaggedObject)seq.getObjectAt(0), false); - crls = ASN1Set.getInstance((ASN1TaggedObject)seq.getObjectAt(1), false); - break; - default: - throw new IllegalArgumentException("OriginatorInfo too big"); - } - } - - /** - * return an OriginatorInfo object from a tagged object. - * - * @param obj the tagged object holding the object we want. - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the object held by the - * tagged object cannot be converted. - */ - public static OriginatorInfo getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - /** - * return an OriginatorInfo object from the given object. - * - * @param obj the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static OriginatorInfo getInstance( - Object obj) - { - if (obj == null || obj instanceof OriginatorInfo) - { - return (OriginatorInfo)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new OriginatorInfo((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("Invalid OriginatorInfo: " + obj.getClass().getName()); - } - - public ASN1Set getCertificates() - { - return certs; - } - - public ASN1Set getCRLs() - { - return crls; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * OriginatorInfo ::= SEQUENCE { - * certs [0] IMPLICIT CertificateSet OPTIONAL, - * crls [1] IMPLICIT CertificateRevocationLists OPTIONAL - * } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (certs != null) - { - v.add(new DERTaggedObject(false, 0, certs)); - } - - if (crls != null) - { - v.add(new DERTaggedObject(false, 1, crls)); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/cms/OriginatorPublicKey.java b/luni/src/main/java/org/bouncycastle/asn1/cms/OriginatorPublicKey.java deleted file mode 100644 index 826761d..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/cms/OriginatorPublicKey.java +++ /dev/null @@ -1,100 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - - -public class OriginatorPublicKey - extends ASN1Encodable -{ - private AlgorithmIdentifier algorithm; - private DERBitString publicKey; - - public OriginatorPublicKey( - AlgorithmIdentifier algorithm, - byte[] publicKey) - { - this.algorithm = algorithm; - this.publicKey = new DERBitString(publicKey); - } - - public OriginatorPublicKey( - ASN1Sequence seq) - { - algorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(0)); - publicKey = (DERBitString)seq.getObjectAt(1); - } - - /** - * return an OriginatorPublicKey object from a tagged object. - * - * @param obj the tagged object holding the object we want. - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the object held by the - * tagged object cannot be converted. - */ - public static OriginatorPublicKey getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - /** - * return an OriginatorPublicKey object from the given object. - * - * @param obj the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static OriginatorPublicKey getInstance( - Object obj) - { - if (obj == null || obj instanceof OriginatorPublicKey) - { - return (OriginatorPublicKey)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new OriginatorPublicKey((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("Invalid OriginatorPublicKey: " + obj.getClass().getName()); - } - - public AlgorithmIdentifier getAlgorithm() - { - return algorithm; - } - - public DERBitString getPublicKey() - { - return publicKey; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * OriginatorPublicKey ::= SEQUENCE { - * algorithm AlgorithmIdentifier, - * publicKey BIT STRING - * } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(algorithm); - v.add(publicKey); - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/cms/OtherKeyAttribute.java b/luni/src/main/java/org/bouncycastle/asn1/cms/OtherKeyAttribute.java deleted file mode 100644 index 1232363..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/cms/OtherKeyAttribute.java +++ /dev/null @@ -1,82 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -public class OtherKeyAttribute - extends ASN1Encodable -{ - private DERObjectIdentifier keyAttrId; - private DEREncodable keyAttr; - - /** - * return an OtherKeyAttribute object from the given object. - * - * @param o the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static OtherKeyAttribute getInstance( - Object o) - { - if (o == null || o instanceof OtherKeyAttribute) - { - return (OtherKeyAttribute)o; - } - - if (o instanceof ASN1Sequence) - { - return new OtherKeyAttribute((ASN1Sequence)o); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public OtherKeyAttribute( - ASN1Sequence seq) - { - keyAttrId = (DERObjectIdentifier)seq.getObjectAt(0); - keyAttr = seq.getObjectAt(1); - } - - public OtherKeyAttribute( - DERObjectIdentifier keyAttrId, - DEREncodable keyAttr) - { - this.keyAttrId = keyAttrId; - this.keyAttr = keyAttr; - } - - public DERObjectIdentifier getKeyAttrId() - { - return keyAttrId; - } - - public DEREncodable getKeyAttr() - { - return keyAttr; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * OtherKeyAttribute ::= SEQUENCE { - * keyAttrId OBJECT IDENTIFIER, - * keyAttr ANY DEFINED BY keyAttrId OPTIONAL - * } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(keyAttrId); - v.add(keyAttr); - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/cms/OtherRecipientInfo.java b/luni/src/main/java/org/bouncycastle/asn1/cms/OtherRecipientInfo.java deleted file mode 100644 index e70c43c..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/cms/OtherRecipientInfo.java +++ /dev/null @@ -1,98 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -public class OtherRecipientInfo - extends ASN1Encodable -{ - private DERObjectIdentifier oriType; - private DEREncodable oriValue; - - public OtherRecipientInfo( - DERObjectIdentifier oriType, - DEREncodable oriValue) - { - this.oriType = oriType; - this.oriValue = oriValue; - } - - public OtherRecipientInfo( - ASN1Sequence seq) - { - oriType = DERObjectIdentifier.getInstance(seq.getObjectAt(1)); - oriValue = seq.getObjectAt(2); - } - - /** - * return a OtherRecipientInfo object from a tagged object. - * - * @param obj the tagged object holding the object we want. - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the object held by the - * tagged object cannot be converted. - */ - public static OtherRecipientInfo getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - /** - * return a OtherRecipientInfo object from the given object. - * - * @param obj the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static OtherRecipientInfo getInstance( - Object obj) - { - if (obj == null || obj instanceof OtherRecipientInfo) - { - return (OtherRecipientInfo)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new OtherRecipientInfo((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("Invalid OtherRecipientInfo: " + obj.getClass().getName()); - } - - public DERObjectIdentifier getType() - { - return oriType; - } - - public DEREncodable getValue() - { - return oriValue; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * OtherRecipientInfo ::= SEQUENCE { - * oriType OBJECT IDENTIFIER, - * oriValue ANY DEFINED BY oriType } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(oriType); - v.add(oriValue); - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/cms/PasswordRecipientInfo.java b/luni/src/main/java/org/bouncycastle/asn1/cms/PasswordRecipientInfo.java deleted file mode 100644 index 555a820..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/cms/PasswordRecipientInfo.java +++ /dev/null @@ -1,143 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class PasswordRecipientInfo - extends ASN1Encodable -{ - private DERInteger version; - private AlgorithmIdentifier keyDerivationAlgorithm; - private AlgorithmIdentifier keyEncryptionAlgorithm; - private ASN1OctetString encryptedKey; - - public PasswordRecipientInfo( - AlgorithmIdentifier keyEncryptionAlgorithm, - ASN1OctetString encryptedKey) - { - this.version = new DERInteger(0); - this.keyEncryptionAlgorithm = keyEncryptionAlgorithm; - this.encryptedKey = encryptedKey; - } - - public PasswordRecipientInfo( - AlgorithmIdentifier keyDerivationAlgorithm, - AlgorithmIdentifier keyEncryptionAlgorithm, - ASN1OctetString encryptedKey) - { - this.version = new DERInteger(0); - this.keyDerivationAlgorithm = keyDerivationAlgorithm; - this.keyEncryptionAlgorithm = keyEncryptionAlgorithm; - this.encryptedKey = encryptedKey; - } - - public PasswordRecipientInfo( - ASN1Sequence seq) - { - version = (DERInteger)seq.getObjectAt(0); - if (seq.getObjectAt(1) instanceof ASN1TaggedObject) - { - keyDerivationAlgorithm = AlgorithmIdentifier.getInstance((ASN1TaggedObject)seq.getObjectAt(1), false); - keyEncryptionAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(2)); - encryptedKey = (ASN1OctetString)seq.getObjectAt(3); - } - else - { - keyEncryptionAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(1)); - encryptedKey = (ASN1OctetString)seq.getObjectAt(2); - } - } - - /** - * return a PasswordRecipientInfo object from a tagged object. - * - * @param obj the tagged object holding the object we want. - * @param explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the object held by the - * tagged object cannot be converted. - */ - public static PasswordRecipientInfo getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - /** - * return a PasswordRecipientInfo object from the given object. - * - * @param obj the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static PasswordRecipientInfo getInstance( - Object obj) - { - if (obj == null || obj instanceof PasswordRecipientInfo) - { - return (PasswordRecipientInfo)obj; - } - - if(obj instanceof ASN1Sequence) - { - return new PasswordRecipientInfo((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("Invalid PasswordRecipientInfo: " + obj.getClass().getName()); - } - - public DERInteger getVersion() - { - return version; - } - - public AlgorithmIdentifier getKeyDerivationAlgorithm() - { - return keyDerivationAlgorithm; - } - - public AlgorithmIdentifier getKeyEncryptionAlgorithm() - { - return keyEncryptionAlgorithm; - } - - public ASN1OctetString getEncryptedKey() - { - return encryptedKey; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * PasswordRecipientInfo ::= SEQUENCE { - * version CMSVersion, -- Always set to 0 - * keyDerivationAlgorithm [0] KeyDerivationAlgorithmIdentifier - * OPTIONAL, - * keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, - * encryptedKey EncryptedKey } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(version); - - if (keyDerivationAlgorithm != null) - { - v.add(new DERTaggedObject(false, 0, keyDerivationAlgorithm)); - } - v.add(keyEncryptionAlgorithm); - v.add(encryptedKey); - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/cms/RecipientIdentifier.java b/luni/src/main/java/org/bouncycastle/asn1/cms/RecipientIdentifier.java deleted file mode 100644 index 2578583..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/cms/RecipientIdentifier.java +++ /dev/null @@ -1,96 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERTaggedObject; - -public class RecipientIdentifier - extends ASN1Encodable -{ - private DEREncodable id; - - public RecipientIdentifier( - IssuerAndSerialNumber id) - { - this.id = id; - } - - public RecipientIdentifier( - ASN1OctetString id) - { - this.id = new DERTaggedObject(false, 0, id); - } - - public RecipientIdentifier( - DERObject id) - { - this.id = id; - } - - /** - * return a RecipientIdentifier object from the given object. - * - * @param o the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static RecipientIdentifier getInstance( - Object o) - { - if (o == null || o instanceof RecipientIdentifier) - { - return (RecipientIdentifier)o; - } - - if (o instanceof IssuerAndSerialNumber) - { - return new RecipientIdentifier((IssuerAndSerialNumber)o); - } - - if (o instanceof ASN1OctetString) - { - return new RecipientIdentifier((ASN1OctetString)o); - } - - if (o instanceof DERObject) - { - return new RecipientIdentifier((DERObject)o); - } - - throw new IllegalArgumentException( - "Illegal object in RecipientIdentifier: " + o.getClass().getName()); - } - - public boolean isTagged() - { - return (id instanceof ASN1TaggedObject); - } - - public DEREncodable getId() - { - if (id instanceof ASN1TaggedObject) - { - return ASN1OctetString.getInstance((ASN1TaggedObject)id, false); - } - - return IssuerAndSerialNumber.getInstance(id); - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * RecipientIdentifier ::= CHOICE { - * issuerAndSerialNumber IssuerAndSerialNumber, - * subjectKeyIdentifier [0] SubjectKeyIdentifier - * } - * - * SubjectKeyIdentifier ::= OCTET STRING - * </pre> - */ - public DERObject toASN1Object() - { - return id.getDERObject(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/cms/RecipientInfo.java b/luni/src/main/java/org/bouncycastle/asn1/cms/RecipientInfo.java deleted file mode 100644 index 13f98f2..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/cms/RecipientInfo.java +++ /dev/null @@ -1,140 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERTaggedObject; - -public class RecipientInfo - extends ASN1Encodable -{ - DEREncodable info; - - public RecipientInfo( - KeyTransRecipientInfo info) - { - this.info = info; - } - - public RecipientInfo( - KeyAgreeRecipientInfo info) - { - this.info = new DERTaggedObject(true, 1, info); - } - - public RecipientInfo( - KEKRecipientInfo info) - { - this.info = new DERTaggedObject(true, 2, info); - } - - public RecipientInfo( - PasswordRecipientInfo info) - { - this.info = new DERTaggedObject(true, 3, info); - } - - public RecipientInfo( - OtherRecipientInfo info) - { - this.info = new DERTaggedObject(true, 4, info); - } - - public RecipientInfo( - DERObject info) - { - this.info = info; - } - - public static RecipientInfo getInstance( - Object o) - { - if (o == null || o instanceof RecipientInfo) - { - return (RecipientInfo)o; - } - else if (o instanceof ASN1Sequence) - { - return new RecipientInfo((ASN1Sequence)o); - } - else if (o instanceof ASN1TaggedObject) - { - return new RecipientInfo((ASN1TaggedObject)o); - } - - throw new IllegalArgumentException("unknown object in factory: " - + o.getClass().getName()); - } - - public DERInteger getVersion() - { - if (info instanceof ASN1TaggedObject) - { - ASN1TaggedObject o = (ASN1TaggedObject)info; - - switch (o.getTagNo()) - { - case 1: - return KeyAgreeRecipientInfo.getInstance(o, true).getVersion(); - case 2: - return KEKRecipientInfo.getInstance(o, true).getVersion(); - case 3: - return PasswordRecipientInfo.getInstance(o, true).getVersion(); - case 4: - return new DERInteger(0); // no syntax version for OtherRecipientInfo - default: - throw new IllegalStateException("unknown tag"); - } - } - - return KeyTransRecipientInfo.getInstance(info).getVersion(); - } - - public boolean isTagged() - { - return (info instanceof ASN1TaggedObject); - } - - public DEREncodable getInfo() - { - if (info instanceof ASN1TaggedObject) - { - ASN1TaggedObject o = (ASN1TaggedObject)info; - - switch (o.getTagNo()) - { - case 1: - return KeyAgreeRecipientInfo.getInstance(o, true); - case 2: - return KEKRecipientInfo.getInstance(o, true); - case 3: - return PasswordRecipientInfo.getInstance(o, true); - case 4: - return OtherRecipientInfo.getInstance(o, true); - default: - throw new IllegalStateException("unknown tag"); - } - } - - return KeyTransRecipientInfo.getInstance(info); - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * RecipientInfo ::= CHOICE { - * ktri KeyTransRecipientInfo, - * kari [1] KeyAgreeRecipientInfo, - * kekri [2] KEKRecipientInfo, - * pwri [3] PasswordRecipientInfo, - * ori [4] OtherRecipientInfo } - * </pre> - */ - public DERObject toASN1Object() - { - return info.getDERObject(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/cms/RecipientKeyIdentifier.java b/luni/src/main/java/org/bouncycastle/asn1/cms/RecipientKeyIdentifier.java deleted file mode 100644 index f7e3b19..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/cms/RecipientKeyIdentifier.java +++ /dev/null @@ -1,139 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class RecipientKeyIdentifier - extends ASN1Encodable -{ - private ASN1OctetString subjectKeyIdentifier; - private DERGeneralizedTime date; - private OtherKeyAttribute other; - - public RecipientKeyIdentifier( - ASN1OctetString subjectKeyIdentifier, - DERGeneralizedTime date, - OtherKeyAttribute other) - { - this.subjectKeyIdentifier = subjectKeyIdentifier; - this.date = date; - this.other = other; - } - - public RecipientKeyIdentifier( - ASN1Sequence seq) - { - subjectKeyIdentifier = ASN1OctetString.getInstance( - seq.getObjectAt(0)); - - switch(seq.size()) - { - case 1: - break; - case 2: - if (seq.getObjectAt(1) instanceof DERGeneralizedTime) - { - date = (DERGeneralizedTime)seq.getObjectAt(1); - } - else - { - other = OtherKeyAttribute.getInstance(seq.getObjectAt(2)); - } - break; - case 3: - date = (DERGeneralizedTime)seq.getObjectAt(1); - other = OtherKeyAttribute.getInstance(seq.getObjectAt(2)); - break; - default: - throw new IllegalArgumentException("Invalid KEKIdentifier"); - } - } - - /** - * return a RecipientKeyIdentifier object from a tagged object. - * - * @param _ato the tagged object holding the object we want. - * @param _explicit true if the object is meant to be explicitly - * tagged false otherwise. - * @exception IllegalArgumentException if the object held by the - * tagged object cannot be converted. - */ - public static RecipientKeyIdentifier getInstance(ASN1TaggedObject _ato, boolean _explicit) - { - return getInstance(ASN1Sequence.getInstance(_ato, _explicit)); - } - - /** - * return a RecipientKeyIdentifier object from the given object. - * - * @param _obj the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static RecipientKeyIdentifier getInstance(Object _obj) - { - if(_obj == null || _obj instanceof RecipientKeyIdentifier) - { - return (RecipientKeyIdentifier)_obj; - } - - if(_obj instanceof ASN1Sequence) - { - return new RecipientKeyIdentifier((ASN1Sequence)_obj); - } - - throw new IllegalArgumentException("Invalid RecipientKeyIdentifier: " + _obj.getClass().getName()); - } - - public ASN1OctetString getSubjectKeyIdentifier() - { - return subjectKeyIdentifier; - } - - public DERGeneralizedTime getDate() - { - return date; - } - - public OtherKeyAttribute getOtherKeyAttribute() - { - return other; - } - - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * RecipientKeyIdentifier ::= SEQUENCE { - * subjectKeyIdentifier SubjectKeyIdentifier, - * date GeneralizedTime OPTIONAL, - * other OtherKeyAttribute OPTIONAL - * } - * - * SubjectKeyIdentifier ::= OCTET STRING - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(subjectKeyIdentifier); - - if (date != null) - { - v.add(date); - } - - if (other != null) - { - v.add(other); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/cms/SignedData.java b/luni/src/main/java/org/bouncycastle/asn1/cms/SignedData.java deleted file mode 100644 index 434395c..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/cms/SignedData.java +++ /dev/null @@ -1,215 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.BERSequence; -import org.bouncycastle.asn1.BERTaggedObject; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERTaggedObject; - -/** - * a signed data object. - */ -public class SignedData - extends ASN1Encodable -{ - private DERInteger version; - private ASN1Set digestAlgorithms; - private ContentInfo contentInfo; - private ASN1Set certificates; - private ASN1Set crls; - private ASN1Set signerInfos; - private boolean certBer; - private boolean crlsBer; - - public static SignedData getInstance( - Object o) - { - if (o instanceof SignedData) - { - return (SignedData)o; - } - else if (o instanceof ASN1Sequence) - { - return new SignedData((ASN1Sequence)o); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public SignedData( - ASN1Set digestAlgorithms, - ContentInfo contentInfo, - ASN1Set certificates, - ASN1Set crls, - ASN1Set signerInfos) - { - if (contentInfo.getContentType().equals(CMSObjectIdentifiers.data)) - { - // - // we should also be looking for attribute certificates here, - // later. - // - Enumeration e = signerInfos.getObjects(); - boolean v3Found = false; - - while (e.hasMoreElements()) - { - SignerInfo s = SignerInfo.getInstance(e.nextElement()); - - if (s.getVersion().getValue().intValue() == 3) - { - v3Found = true; - } - } - - if (v3Found) - { - this.version = new DERInteger(3); - } - else - { - this.version = new DERInteger(1); - } - } - else - { - this.version = new DERInteger(3); - } - - this.digestAlgorithms = digestAlgorithms; - this.contentInfo = contentInfo; - this.certificates = certificates; - this.crls = crls; - this.signerInfos = signerInfos; - } - - public SignedData( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - version = (DERInteger)e.nextElement(); - digestAlgorithms = ((ASN1Set)e.nextElement()); - contentInfo = ContentInfo.getInstance(e.nextElement()); - - while (e.hasMoreElements()) - { - DERObject o = (DERObject)e.nextElement(); - - // - // an interesting feature of SignedData is that there appear - // to be varying implementations... - // for the moment we ignore anything which doesn't fit. - // - if (o instanceof ASN1TaggedObject) - { - ASN1TaggedObject tagged = (ASN1TaggedObject)o; - - switch (tagged.getTagNo()) - { - case 0: - certBer = tagged instanceof BERTaggedObject; - certificates = ASN1Set.getInstance(tagged, false); - break; - case 1: - crlsBer = tagged instanceof BERTaggedObject; - crls = ASN1Set.getInstance(tagged, false); - break; - default: - throw new IllegalArgumentException("unknown tag value " + tagged.getTagNo()); - } - } - else - { - signerInfos = (ASN1Set)o; - } - } - } - - public DERInteger getVersion() - { - return version; - } - - public ASN1Set getDigestAlgorithms() - { - return digestAlgorithms; - } - - public ContentInfo getEncapContentInfo() - { - return contentInfo; - } - - public ASN1Set getCertificates() - { - return certificates; - } - - public ASN1Set getCRLs() - { - return crls; - } - - public ASN1Set getSignerInfos() - { - return signerInfos; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * SignedData ::= SEQUENCE { - * version CMSVersion, - * digestAlgorithms DigestAlgorithmIdentifiers, - * encapContentInfo EncapsulatedContentInfo, - * certificates [0] IMPLICIT CertificateSet OPTIONAL, - * crls [1] IMPLICIT CertificateRevocationLists OPTIONAL, - * signerInfos SignerInfos - * } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(version); - v.add(digestAlgorithms); - v.add(contentInfo); - - if (certificates != null) - { - if (certBer) - { - v.add(new BERTaggedObject(false, 0, certificates)); - } - else - { - v.add(new DERTaggedObject(false, 0, certificates)); - } - } - - if (crls != null) - { - if (crlsBer) - { - v.add(new BERTaggedObject(false, 1, crls)); - } - else - { - v.add(new DERTaggedObject(false, 1, crls)); - } - } - - v.add(signerInfos); - - return new BERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/cms/SignerIdentifier.java b/luni/src/main/java/org/bouncycastle/asn1/cms/SignerIdentifier.java deleted file mode 100644 index 41b8c57..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/cms/SignerIdentifier.java +++ /dev/null @@ -1,96 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERTaggedObject; - -public class SignerIdentifier - extends ASN1Encodable -{ - private DEREncodable id; - - public SignerIdentifier( - IssuerAndSerialNumber id) - { - this.id = id; - } - - public SignerIdentifier( - ASN1OctetString id) - { - this.id = new DERTaggedObject(false, 0, id); - } - - public SignerIdentifier( - DERObject id) - { - this.id = id; - } - - /** - * return a SignerIdentifier object from the given object. - * - * @param o the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static SignerIdentifier getInstance( - Object o) - { - if (o == null || o instanceof SignerIdentifier) - { - return (SignerIdentifier)o; - } - - if (o instanceof IssuerAndSerialNumber) - { - return new SignerIdentifier((IssuerAndSerialNumber)o); - } - - if (o instanceof ASN1OctetString) - { - return new SignerIdentifier((ASN1OctetString)o); - } - - if (o instanceof DERObject) - { - return new SignerIdentifier((DERObject)o); - } - - throw new IllegalArgumentException( - "Illegal object in SignerIdentifier: " + o.getClass().getName()); - } - - public boolean isTagged() - { - return (id instanceof ASN1TaggedObject); - } - - public DEREncodable getId() - { - if (id instanceof ASN1TaggedObject) - { - return ASN1OctetString.getInstance((ASN1TaggedObject)id, false); - } - - return id; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * SignerIdentifier ::= CHOICE { - * issuerAndSerialNumber IssuerAndSerialNumber, - * subjectKeyIdentifier [0] SubjectKeyIdentifier - * } - * - * SubjectKeyIdentifier ::= OCTET STRING - * </pre> - */ - public DERObject toASN1Object() - { - return id.getDERObject(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/cms/SignerInfo.java b/luni/src/main/java/org/bouncycastle/asn1/cms/SignerInfo.java deleted file mode 100644 index 83a1f53..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/cms/SignerInfo.java +++ /dev/null @@ -1,172 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.*; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class SignerInfo - extends ASN1Encodable -{ - private DERInteger version; - private SignerIdentifier sid; - private AlgorithmIdentifier digAlgorithm; - private ASN1Set authenticatedAttributes; - private AlgorithmIdentifier digEncryptionAlgorithm; - private ASN1OctetString encryptedDigest; - private ASN1Set unauthenticatedAttributes; - - public static SignerInfo getInstance( - Object o) - { - if (o == null || o instanceof SignerInfo) - { - return (SignerInfo)o; - } - else if (o instanceof ASN1Sequence) - { - return new SignerInfo((ASN1Sequence)o); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public SignerInfo( - SignerIdentifier sid, - AlgorithmIdentifier digAlgorithm, - ASN1Set authenticatedAttributes, - AlgorithmIdentifier digEncryptionAlgorithm, - ASN1OctetString encryptedDigest, - ASN1Set unauthenticatedAttributes) - { - if (sid.isTagged()) - { - this.version = new DERInteger(3); - } - else - { - this.version = new DERInteger(1); - } - - this.sid = sid; - this.digAlgorithm = digAlgorithm; - this.authenticatedAttributes = authenticatedAttributes; - this.digEncryptionAlgorithm = digEncryptionAlgorithm; - this.encryptedDigest = encryptedDigest; - this.unauthenticatedAttributes = unauthenticatedAttributes; - } - - public SignerInfo( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - version = (DERInteger)e.nextElement(); - sid = SignerIdentifier.getInstance(e.nextElement()); - digAlgorithm = AlgorithmIdentifier.getInstance(e.nextElement()); - - Object obj = e.nextElement(); - - if (obj instanceof ASN1TaggedObject) - { - authenticatedAttributes = ASN1Set.getInstance((ASN1TaggedObject)obj, false); - - digEncryptionAlgorithm = AlgorithmIdentifier.getInstance(e.nextElement()); - } - else - { - authenticatedAttributes = null; - digEncryptionAlgorithm = AlgorithmIdentifier.getInstance(obj); - } - - encryptedDigest = DEROctetString.getInstance(e.nextElement()); - - if (e.hasMoreElements()) - { - unauthenticatedAttributes = ASN1Set.getInstance((ASN1TaggedObject)e.nextElement(), false); - } - else - { - unauthenticatedAttributes = null; - } - } - - public DERInteger getVersion() - { - return version; - } - - public SignerIdentifier getSID() - { - return sid; - } - - public ASN1Set getAuthenticatedAttributes() - { - return authenticatedAttributes; - } - - public AlgorithmIdentifier getDigestAlgorithm() - { - return digAlgorithm; - } - - public ASN1OctetString getEncryptedDigest() - { - return encryptedDigest; - } - - public AlgorithmIdentifier getDigestEncryptionAlgorithm() - { - return digEncryptionAlgorithm; - } - - public ASN1Set getUnauthenticatedAttributes() - { - return unauthenticatedAttributes; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * SignerInfo ::= SEQUENCE { - * version Version, - * SignerIdentifier sid, - * digestAlgorithm DigestAlgorithmIdentifier, - * authenticatedAttributes [0] IMPLICIT Attributes OPTIONAL, - * digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier, - * encryptedDigest EncryptedDigest, - * unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL - * } - * - * EncryptedDigest ::= OCTET STRING - * - * DigestAlgorithmIdentifier ::= AlgorithmIdentifier - * - * DigestEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(version); - v.add(sid); - v.add(digAlgorithm); - - if (authenticatedAttributes != null) - { - v.add(new DERTaggedObject(false, 0, authenticatedAttributes)); - } - - v.add(digEncryptionAlgorithm); - v.add(encryptedDigest); - - if (unauthenticatedAttributes != null) - { - v.add(new DERTaggedObject(false, 1, unauthenticatedAttributes)); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/cms/Time.java b/luni/src/main/java/org/bouncycastle/asn1/cms/Time.java deleted file mode 100644 index 6b8817c..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/cms/Time.java +++ /dev/null @@ -1,114 +0,0 @@ -package org.bouncycastle.asn1.cms; - -import java.text.ParsePosition; -import java.text.SimpleDateFormat; -import java.util.Date; -import java.util.SimpleTimeZone; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERUTCTime; - -public class Time - extends ASN1Encodable -{ - DERObject time; - - public static Time getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(obj.getObject()); - } - - public Time( - DERObject time) - { - if (!(time instanceof DERUTCTime) - && !(time instanceof DERGeneralizedTime)) - { - throw new IllegalArgumentException("unknown object passed to Time"); - } - - this.time = time; - } - - /** - * creates a time object from a given date - if the date is between 1950 - * and 2049 a UTCTime object is generated, otherwise a GeneralizedTime - * is used. - */ - public Time( - Date date) - { - SimpleTimeZone tz = new SimpleTimeZone(0, "Z"); - SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmss"); - - dateF.setTimeZone(tz); - - String d = dateF.format(date) + "Z"; - int year = Integer.parseInt(d.substring(0, 4)); - - if (year < 1950 || year > 2049) - { - time = new DERGeneralizedTime(d); - } - else - { - time = new DERUTCTime(d.substring(2)); - } - } - - public static Time getInstance( - Object obj) - { - if (obj instanceof Time) - { - return (Time)obj; - } - else if (obj instanceof DERUTCTime) - { - return new Time((DERUTCTime)obj); - } - else if (obj instanceof DERGeneralizedTime) - { - return new Time((DERGeneralizedTime)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public String getTime() - { - if (time instanceof DERUTCTime) - { - return ((DERUTCTime)time).getAdjustedTime(); - } - else - { - return ((DERGeneralizedTime)time).getTime(); - } - } - - public Date getDate() - { - SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmssz"); - - return dateF.parse(this.getTime(), new ParsePosition(0)); - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * Time ::= CHOICE { - * utcTime UTCTime, - * generalTime GeneralizedTime } - * </pre> - */ - public DERObject toASN1Object() - { - return time; - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/cryptopro/CryptoProObjectIdentifiers.java b/luni/src/main/java/org/bouncycastle/asn1/cryptopro/CryptoProObjectIdentifiers.java deleted file mode 100644 index b5d6c1f..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/cryptopro/CryptoProObjectIdentifiers.java +++ /dev/null @@ -1,45 +0,0 @@ -package org.bouncycastle.asn1.cryptopro; - -import org.bouncycastle.asn1.DERObjectIdentifier; - -public interface CryptoProObjectIdentifiers -{ - // GOST Algorithms OBJECT IDENTIFIERS : - // { iso(1) member-body(2) ru(643) rans(2) cryptopro(2)} - static final String GOST_id = "1.2.643.2.2"; - - static final DERObjectIdentifier gostR3411 = new DERObjectIdentifier(GOST_id+".9"); - - static final DERObjectIdentifier gostR28147_cbc = new DERObjectIdentifier(GOST_id+".21"); - - static final DERObjectIdentifier gostR3410_94 = new DERObjectIdentifier(GOST_id+".20"); - static final DERObjectIdentifier gostR3410_2001 = new DERObjectIdentifier(GOST_id+".19"); - static final DERObjectIdentifier gostR3411_94_with_gostR3410_94 = new DERObjectIdentifier(GOST_id+".4"); - static final DERObjectIdentifier gostR3411_94_with_gostR3410_2001 = new DERObjectIdentifier(GOST_id+".3"); - - // { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) hashes(30) } - static final DERObjectIdentifier gostR3411_94_CryptoProParamSet = new DERObjectIdentifier(GOST_id+".30.1"); - - // { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) signs(32) } - static final DERObjectIdentifier gostR3410_94_CryptoPro_A = new DERObjectIdentifier(GOST_id+".32.2"); - static final DERObjectIdentifier gostR3410_94_CryptoPro_B = new DERObjectIdentifier(GOST_id+".32.3"); - static final DERObjectIdentifier gostR3410_94_CryptoPro_C = new DERObjectIdentifier(GOST_id+".32.4"); - static final DERObjectIdentifier gostR3410_94_CryptoPro_D = new DERObjectIdentifier(GOST_id+".32.5"); - - // { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) exchanges(33) } - static final DERObjectIdentifier gostR3410_94_CryptoPro_XchA = new DERObjectIdentifier(GOST_id+".33.1"); - static final DERObjectIdentifier gostR3410_94_CryptoPro_XchB = new DERObjectIdentifier(GOST_id+".33.2"); - static final DERObjectIdentifier gostR3410_94_CryptoPro_XchC = new DERObjectIdentifier(GOST_id+".33.3"); - - //{ iso(1) member-body(2)ru(643) rans(2) cryptopro(2) ecc-signs(35) } - static final DERObjectIdentifier gostR3410_2001_CryptoPro_A = new DERObjectIdentifier(GOST_id+".35.1"); - static final DERObjectIdentifier gostR3410_2001_CryptoPro_B = new DERObjectIdentifier(GOST_id+".35.2"); - static final DERObjectIdentifier gostR3410_2001_CryptoPro_C = new DERObjectIdentifier(GOST_id+".35.3"); - - // { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) ecc-exchanges(36) } - static final DERObjectIdentifier gostR3410_2001_CryptoPro_XchA = new DERObjectIdentifier(GOST_id+".36.0"); - static final DERObjectIdentifier gostR3410_2001_CryptoPro_XchB = new DERObjectIdentifier(GOST_id+".36.1"); - - static final DERObjectIdentifier gost_ElSgDH3410_default = new DERObjectIdentifier(GOST_id+".36.0"); - static final DERObjectIdentifier gost_ElSgDH3410_1 = new DERObjectIdentifier(GOST_id+".36.1"); -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/esf/CommitmentTypeIdentifier.java b/luni/src/main/java/org/bouncycastle/asn1/esf/CommitmentTypeIdentifier.java deleted file mode 100644 index 90e90d4..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/esf/CommitmentTypeIdentifier.java +++ /dev/null @@ -1,14 +0,0 @@ -package org.bouncycastle.asn1.esf; - -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; - -public interface CommitmentTypeIdentifier -{ - public static final DERObjectIdentifier proofOfOrigin = PKCSObjectIdentifiers.id_cti_ets_proofOfOrigin; - public static final DERObjectIdentifier proofOfReceipt = PKCSObjectIdentifiers.id_cti_ets_proofOfReceipt; - public static final DERObjectIdentifier proofOfDelivery = PKCSObjectIdentifiers.id_cti_ets_proofOfDelivery; - public static final DERObjectIdentifier proofOfSender = PKCSObjectIdentifiers.id_cti_ets_proofOfSender; - public static final DERObjectIdentifier proofOfApproval = PKCSObjectIdentifiers.id_cti_ets_proofOfApproval; - public static final DERObjectIdentifier proofOfCreation = PKCSObjectIdentifiers.id_cti_ets_proofOfCreation; -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/esf/CommitmentTypeIndication.java b/luni/src/main/java/org/bouncycastle/asn1/esf/CommitmentTypeIndication.java deleted file mode 100644 index 76616ea..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/esf/CommitmentTypeIndication.java +++ /dev/null @@ -1,83 +0,0 @@ -package org.bouncycastle.asn1.esf; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -public class CommitmentTypeIndication - extends ASN1Encodable -{ - private DERObjectIdentifier commitmentTypeId; - private ASN1Sequence commitmentTypeQualifier; - - public CommitmentTypeIndication( - ASN1Sequence seq) - { - commitmentTypeId = (DERObjectIdentifier)seq.getObjectAt(0); - - if (seq.size() > 1) - { - commitmentTypeQualifier = (ASN1Sequence)seq.getObjectAt(1); - } - } - - public CommitmentTypeIndication( - DERObjectIdentifier commitmentTypeId) - { - this.commitmentTypeId = commitmentTypeId; - } - - public CommitmentTypeIndication( - DERObjectIdentifier commitmentTypeId, - ASN1Sequence commitmentTypeQualifier) - { - this.commitmentTypeId = commitmentTypeId; - this.commitmentTypeQualifier = commitmentTypeQualifier; - } - - public static CommitmentTypeIndication getInstance( - Object obj) - { - if (obj == null || obj instanceof CommitmentTypeIndication) - { - return (CommitmentTypeIndication)obj; - } - - return new CommitmentTypeIndication(ASN1Sequence.getInstance(obj)); - } - - public DERObjectIdentifier getCommitmentTypeId() - { - return commitmentTypeId; - } - - public ASN1Sequence getCommitmentTypeQualifier() - { - return commitmentTypeQualifier; - } - - /** - * <pre> - * CommitmentTypeIndication ::= SEQUENCE { - * commitmentTypeId CommitmentTypeIdentifier, - * commitmentTypeQualifier SEQUENCE SIZE (1..MAX) OF - * CommitmentTypeQualifier OPTIONAL } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(commitmentTypeId); - - if (commitmentTypeQualifier != null) - { - v.add(commitmentTypeQualifier); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/esf/CommitmentTypeQualifier.java b/luni/src/main/java/org/bouncycastle/asn1/esf/CommitmentTypeQualifier.java deleted file mode 100644 index 7895e76..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/esf/CommitmentTypeQualifier.java +++ /dev/null @@ -1,108 +0,0 @@ -package org.bouncycastle.asn1.esf; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -/** - * Commitment type qualifiers, used in the Commitment-Type-Indication attribute (RFC3126). - * - * <pre> - * CommitmentTypeQualifier ::= SEQUENCE { - * commitmentTypeIdentifier CommitmentTypeIdentifier, - * qualifier ANY DEFINED BY commitmentTypeIdentifier OPTIONAL } - * </pre> - */ -public class CommitmentTypeQualifier - extends ASN1Encodable -{ - private DERObjectIdentifier commitmentTypeIdentifier; - private DEREncodable qualifier; - - /** - * Creates a new <code>CommitmentTypeQualifier</code> instance. - * - * @param commitmentTypeIdentifier a <code>CommitmentTypeIdentifier</code> value - */ - public CommitmentTypeQualifier( - DERObjectIdentifier commitmentTypeIdentifier) - { - this(commitmentTypeIdentifier, null); - } - - /** - * Creates a new <code>CommitmentTypeQualifier</code> instance. - * - * @param commitmentTypeIdentifier a <code>CommitmentTypeIdentifier</code> value - * @param qualifier the qualifier, defined by the above field. - */ - public CommitmentTypeQualifier( - DERObjectIdentifier commitmentTypeIdentifier, - DEREncodable qualifier) - { - this.commitmentTypeIdentifier = commitmentTypeIdentifier; - this.qualifier = qualifier; - } - - /** - * Creates a new <code>CommitmentTypeQualifier</code> instance. - * - * @param as <code>CommitmentTypeQualifier</code> structure - * encoded as an ASN1Sequence. - */ - public CommitmentTypeQualifier( - ASN1Sequence as) - { - commitmentTypeIdentifier = (DERObjectIdentifier)as.getObjectAt(0); - - if (as.size() > 1) - { - qualifier = as.getObjectAt(1); - } - } - - public static CommitmentTypeQualifier getInstance(Object as) - { - if (as instanceof CommitmentTypeQualifier || as == null) - { - return (CommitmentTypeQualifier)as; - } - else if (as instanceof ASN1Sequence) - { - return new CommitmentTypeQualifier((ASN1Sequence)as); - } - - throw new IllegalArgumentException("unknown object in getInstance."); - } - - public DERObjectIdentifier getCommitmentTypeIdentifier() - { - return commitmentTypeIdentifier; - } - - public DEREncodable getQualifier() - { - return qualifier; - } - - /** - * Returns a DER-encodable representation of this instance. - * - * @return a <code>DERObject</code> value - */ - public DERObject toASN1Object() - { - ASN1EncodableVector dev = new ASN1EncodableVector(); - dev.add(commitmentTypeIdentifier); - if (qualifier != null) - { - dev.add(qualifier); - } - - return new DERSequence(dev); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/esf/ESFAttributes.java b/luni/src/main/java/org/bouncycastle/asn1/esf/ESFAttributes.java deleted file mode 100644 index 6d652e0..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/esf/ESFAttributes.java +++ /dev/null @@ -1,11 +0,0 @@ -package org.bouncycastle.asn1.esf; - -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; - -public interface ESFAttributes -{ - public static final DERObjectIdentifier sigPolicyId = PKCSObjectIdentifiers.id_aa_sigPolicyId; - public static final DERObjectIdentifier commitmentType = PKCSObjectIdentifiers.id_aa_commitmentType; - public static final DERObjectIdentifier signerLocation = PKCSObjectIdentifiers.id_aa_signerLocation; -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/esf/SignerLocation.java b/luni/src/main/java/org/bouncycastle/asn1/esf/SignerLocation.java deleted file mode 100644 index 49bd819..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/esf/SignerLocation.java +++ /dev/null @@ -1,146 +0,0 @@ -package org.bouncycastle.asn1.esf; - -import org.bouncycastle.asn1.*; - -import java.util.Enumeration; - -/** - * Signer-Location attribute (RFC3126). - * - * <pre> - * SignerLocation ::= SEQUENCE { - * countryName [0] DirectoryString OPTIONAL, - * localityName [1] DirectoryString OPTIONAL, - * postalAddress [2] PostalAddress OPTIONAL } - * - * PostalAddress ::= SEQUENCE SIZE(1..6) OF DirectoryString - * </pre> - */ -public class SignerLocation - extends ASN1Encodable -{ - private DERUTF8String countryName; - private DERUTF8String localityName; - private ASN1Sequence postalAddress; - - public SignerLocation( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - while (e.hasMoreElements()) - { - DERTaggedObject o = (DERTaggedObject)e.nextElement(); - - switch (o.getTagNo()) - { - case 0: - this.countryName = DERUTF8String.getInstance(o, true); - break; - case 1: - this.localityName = DERUTF8String.getInstance(o, true); - break; - case 2: - this.postalAddress = ASN1Sequence.getInstance(o, true); - if (postalAddress != null && postalAddress.size() > 6) - { - throw new IllegalArgumentException("postal address must contain less than 6 strings"); - } - break; - default: - throw new IllegalArgumentException("illegal tag"); - } - } - } - - public SignerLocation( - DERUTF8String countryName, - DERUTF8String localityName, - ASN1Sequence postalAddress) - { - if (postalAddress != null && postalAddress.size() > 6) - { - throw new IllegalArgumentException("postal address must contain less than 6 strings"); - } - - if (countryName != null) - { - this.countryName = DERUTF8String.getInstance(countryName.toASN1Object()); - } - - if (localityName != null) - { - this.localityName = DERUTF8String.getInstance(localityName.toASN1Object()); - } - - if (postalAddress != null) - { - this.postalAddress = ASN1Sequence.getInstance(postalAddress.toASN1Object()); - } - } - - public static SignerLocation getInstance( - Object obj) - { - if (obj == null || obj instanceof SignerLocation) - { - return (SignerLocation)obj; - } - - return new SignerLocation(ASN1Sequence.getInstance(obj)); - } - - public DERUTF8String getCountryName() - { - return countryName; - } - - public DERUTF8String getLocalityName() - { - return localityName; - } - - public ASN1Sequence getPostalAddress() - { - return postalAddress; - } - - /** - * <pre> - * SignerLocation ::= SEQUENCE { - * countryName [0] DirectoryString OPTIONAL, - * localityName [1] DirectoryString OPTIONAL, - * postalAddress [2] PostalAddress OPTIONAL } - * - * PostalAddress ::= SEQUENCE SIZE(1..6) OF DirectoryString - * - * DirectoryString ::= CHOICE { - * teletexString TeletexString (SIZE (1..MAX)), - * printableString PrintableString (SIZE (1..MAX)), - * universalString UniversalString (SIZE (1..MAX)), - * utf8String UTF8String (SIZE (1.. MAX)), - * bmpString BMPString (SIZE (1..MAX)) } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (countryName != null) - { - v.add(new DERTaggedObject(true, 0, countryName)); - } - - if (localityName != null) - { - v.add(new DERTaggedObject(true, 1, localityName)); - } - - if (postalAddress != null) - { - v.add(new DERTaggedObject(true, 2, postalAddress)); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/ess/ContentIdentifier.java b/luni/src/main/java/org/bouncycastle/asn1/ess/ContentIdentifier.java deleted file mode 100644 index 88b4f45..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/ess/ContentIdentifier.java +++ /dev/null @@ -1,65 +0,0 @@ -package org.bouncycastle.asn1.ess; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROctetString; - -public class ContentIdentifier - extends ASN1Encodable -{ - ASN1OctetString value; - - public static ContentIdentifier getInstance(Object o) - { - if (o == null || o instanceof ContentIdentifier) - { - return (ContentIdentifier) o; - } - else if (o instanceof ASN1OctetString) - { - return new ContentIdentifier((ASN1OctetString) o); - } - - throw new IllegalArgumentException( - "unknown object in 'ContentIdentifier' factory : " - + o.getClass().getName() + "."); - } - - /** - * Create from OCTET STRING whose octets represent the identifier. - */ - public ContentIdentifier( - ASN1OctetString value) - { - this.value = value; - } - - /** - * Create from byte array representing the identifier. - */ - public ContentIdentifier( - byte[] value) - { - this(new DEROctetString(value)); - } - - public ASN1OctetString getValue() - { - return value; - } - - /** - * The definition of ContentIdentifier is - * <pre> - * ContentIdentifier ::= OCTET STRING - * </pre> - * id-aa-contentIdentifier OBJECT IDENTIFIER ::= { iso(1) - * member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) - * smime(16) id-aa(2) 7 } - */ - public DERObject toASN1Object() - { - return value; - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/ess/ESSCertID.java b/luni/src/main/java/org/bouncycastle/asn1/ess/ESSCertID.java deleted file mode 100644 index 69b107a..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/ess/ESSCertID.java +++ /dev/null @@ -1,97 +0,0 @@ -package org.bouncycastle.asn1.ess; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.IssuerSerial; - -public class ESSCertID - extends ASN1Encodable -{ - private ASN1OctetString certHash; - - private IssuerSerial issuerSerial; - - public static ESSCertID getInstance(Object o) - { - if (o == null || o instanceof ESSCertID) - { - return (ESSCertID)o; - } - else if (o instanceof ASN1Sequence) - { - return new ESSCertID((ASN1Sequence)o); - } - - throw new IllegalArgumentException( - "unknown object in 'ESSCertID' factory : " - + o.getClass().getName() + "."); - } - - /** - * constructor - */ - public ESSCertID(ASN1Sequence seq) - { - if (seq.size() < 1 || seq.size() > 2) - { - throw new IllegalArgumentException("Bad sequence size: " + seq.size()); - } - - certHash = ASN1OctetString.getInstance(seq.getObjectAt(0)); - - if (seq.size() > 1) - { - issuerSerial = IssuerSerial.getInstance(seq.getObjectAt(1)); - } - } - - public ESSCertID( - byte[] hash) - { - certHash = new DEROctetString(hash); - } - - public ESSCertID( - byte[] hash, - IssuerSerial issuerSerial) - { - this.certHash = new DEROctetString(hash); - this.issuerSerial = issuerSerial; - } - - public byte[] getCertHash() - { - return certHash.getOctets(); - } - - public IssuerSerial getIssuerSerial() - { - return issuerSerial; - } - - /** - * <pre> - * ESSCertID ::= SEQUENCE { - * certHash Hash, - * issuerSerial IssuerSerial OPTIONAL } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(certHash); - - if (issuerSerial != null) - { - v.add(issuerSerial); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/ess/OtherCertID.java b/luni/src/main/java/org/bouncycastle/asn1/ess/OtherCertID.java deleted file mode 100644 index dcd5d50..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/ess/OtherCertID.java +++ /dev/null @@ -1,138 +0,0 @@ -package org.bouncycastle.asn1.ess; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.IssuerSerial; -import org.bouncycastle.asn1.x509.DigestInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class OtherCertID - extends ASN1Encodable -{ - private ASN1Encodable otherCertHash; - private IssuerSerial issuerSerial; - - public static OtherCertID getInstance(Object o) - { - if (o == null || o instanceof OtherCertID) - { - return (OtherCertID) o; - } - else if (o instanceof ASN1Sequence) - { - return new OtherCertID((ASN1Sequence) o); - } - - throw new IllegalArgumentException( - "unknown object in 'OtherCertID' factory : " - + o.getClass().getName() + "."); - } - - /** - * constructor - */ - public OtherCertID(ASN1Sequence seq) - { - if (seq.size() < 1 || seq.size() > 2) - { - throw new IllegalArgumentException("Bad sequence size: " - + seq.size()); - } - - if (seq.getObjectAt(0).getDERObject() instanceof ASN1OctetString) - { - otherCertHash = ASN1OctetString.getInstance(seq.getObjectAt(0)); - } - else - { - otherCertHash = DigestInfo.getInstance(seq.getObjectAt(0)); - - } - - if (seq.size() > 1) - { - issuerSerial = new IssuerSerial(ASN1Sequence.getInstance(seq.getObjectAt(1))); - } - } - - public OtherCertID( - AlgorithmIdentifier algId, - byte[] digest) - { - this.otherCertHash = new DigestInfo(algId, digest); - } - - public OtherCertID( - AlgorithmIdentifier algId, - byte[] digest, - IssuerSerial issuerSerial) - { - this.otherCertHash = new DigestInfo(algId, digest); - this.issuerSerial = issuerSerial; - } - - public AlgorithmIdentifier getAlgorithmHash() - { - if (otherCertHash.getDERObject() instanceof ASN1OctetString) - { - // SHA-1 - return new AlgorithmIdentifier("1.3.14.3.2.26"); - } - else - { - return DigestInfo.getInstance(otherCertHash).getAlgorithmId(); - } - } - - public byte[] getCertHash() - { - if (otherCertHash.getDERObject() instanceof ASN1OctetString) - { - // SHA-1 - return ((ASN1OctetString)otherCertHash.getDERObject()).getOctets(); - } - else - { - return DigestInfo.getInstance(otherCertHash).getDigest(); - } - } - - public IssuerSerial getIssuerSerial() - { - return issuerSerial; - } - - /** - * <pre> - * OtherCertID ::= SEQUENCE { - * otherCertHash OtherHash, - * issuerSerial IssuerSerial OPTIONAL } - * - * OtherHash ::= CHOICE { - * sha1Hash OCTET STRING, - * otherHash OtherHashAlgAndValue } - * - * OtherHashAlgAndValue ::= SEQUENCE { - * hashAlgorithm AlgorithmIdentifier, - * hashValue OCTET STRING } - * - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(otherCertHash); - - if (issuerSerial != null) - { - v.add(issuerSerial); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/ess/OtherSigningCertificate.java b/luni/src/main/java/org/bouncycastle/asn1/ess/OtherSigningCertificate.java deleted file mode 100644 index 4bc12a4..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/ess/OtherSigningCertificate.java +++ /dev/null @@ -1,111 +0,0 @@ -package org.bouncycastle.asn1.ess; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.PolicyInformation; - -public class OtherSigningCertificate - extends ASN1Encodable -{ - ASN1Sequence certs; - ASN1Sequence policies; - - public static OtherSigningCertificate getInstance(Object o) - { - if (o == null || o instanceof OtherSigningCertificate) - { - return (OtherSigningCertificate) o; - } - else if (o instanceof ASN1Sequence) - { - return new OtherSigningCertificate((ASN1Sequence) o); - } - - throw new IllegalArgumentException( - "unknown object in 'OtherSigningCertificate' factory : " - + o.getClass().getName() + "."); - } - - /** - * constructeurs - */ - public OtherSigningCertificate(ASN1Sequence seq) - { - if (seq.size() < 1 || seq.size() > 2) - { - throw new IllegalArgumentException("Bad sequence size: " - + seq.size()); - } - - this.certs = ASN1Sequence.getInstance(seq.getObjectAt(0)); - - if (seq.size() > 1) - { - this.policies = ASN1Sequence.getInstance(seq.getObjectAt(1)); - } - } - - public OtherSigningCertificate( - OtherCertID otherCertID) - { - certs = new DERSequence(otherCertID); - } - - public OtherCertID[] getCerts() - { - OtherCertID[] cs = new OtherCertID[certs.size()]; - - for (int i = 0; i != certs.size(); i++) - { - cs[i] = OtherCertID.getInstance(certs.getObjectAt(i)); - } - - return cs; - } - - public PolicyInformation[] getPolicies() - { - if (policies == null) - { - return null; - } - - PolicyInformation[] ps = new PolicyInformation[policies.size()]; - - for (int i = 0; i != policies.size(); i++) - { - ps[i] = PolicyInformation.getInstance(policies.getObjectAt(i)); - } - - return ps; - } - - /** - * The definition of OtherSigningCertificate is - * <pre> - * OtherSigningCertificate ::= SEQUENCE { - * certs SEQUENCE OF OtherCertID, - * policies SEQUENCE OF PolicyInformation OPTIONAL - * } - * </pre> - * id-aa-otherSigCert OBJECT IDENTIFIER ::= { iso(1) - * member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) - * smime(16) id-aa(2) 19 } - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(certs); - - if (policies != null) - { - v.add(policies); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/ess/SigningCertificate.java b/luni/src/main/java/org/bouncycastle/asn1/ess/SigningCertificate.java deleted file mode 100644 index bd3c904..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/ess/SigningCertificate.java +++ /dev/null @@ -1,111 +0,0 @@ -package org.bouncycastle.asn1.ess; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.PolicyInformation; - - -public class SigningCertificate - extends ASN1Encodable -{ - ASN1Sequence certs; - ASN1Sequence policies; - - public static SigningCertificate getInstance(Object o) - { - if (o == null || o instanceof SigningCertificate) - { - return (SigningCertificate) o; - } - else if (o instanceof ASN1Sequence) - { - return new SigningCertificate((ASN1Sequence) o); - } - - throw new IllegalArgumentException( - "unknown object in 'SigningCertificate' factory : " - + o.getClass().getName() + "."); - } - - /** - * constructeurs - */ - public SigningCertificate(ASN1Sequence seq) - { - if (seq.size() < 1 || seq.size() > 2) - { - throw new IllegalArgumentException("Bad sequence size: " - + seq.size()); - } - this.certs = ASN1Sequence.getInstance(seq.getObjectAt(0)); - - if (seq.size() > 1) - { - this.policies = ASN1Sequence.getInstance(seq.getObjectAt(1)); - } - } - - public SigningCertificate( - ESSCertID essCertID) - { - certs = new DERSequence(essCertID); - } - - public ESSCertID[] getCerts() - { - ESSCertID[] cs = new ESSCertID[certs.size()]; - - for (int i = 0; i != certs.size(); i++) - { - cs[i] = ESSCertID.getInstance(certs.getObjectAt(i)); - } - - return cs; - } - - public PolicyInformation[] getPolicies() - { - if (policies == null) - { - return null; - } - - PolicyInformation[] ps = new PolicyInformation[policies.size()]; - - for (int i = 0; i != policies.size(); i++) - { - ps[i] = PolicyInformation.getInstance(policies.getObjectAt(i)); - } - - return ps; - } - - /** - * The definition of SigningCertificate is - * <pre> - * SigningCertificate ::= SEQUENCE { - * certs SEQUENCE OF ESSCertID, - * policies SEQUENCE OF PolicyInformation OPTIONAL - * } - * </pre> - * id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1) - * member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) - * smime(16) id-aa(2) 12 } - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(certs); - - if (policies != null) - { - v.add(policies); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/gnu/GNUObjectIdentifiers.java b/luni/src/main/java/org/bouncycastle/asn1/gnu/GNUObjectIdentifiers.java deleted file mode 100644 index d375f90..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/gnu/GNUObjectIdentifiers.java +++ /dev/null @@ -1,30 +0,0 @@ -package org.bouncycastle.asn1.gnu; - -import org.bouncycastle.asn1.DERObjectIdentifier; - -public interface GNUObjectIdentifiers -{ - public static final DERObjectIdentifier GNU = new DERObjectIdentifier("1.3.6.1.4.1.11591.1"); // GNU Radius - public static final DERObjectIdentifier GnuPG = new DERObjectIdentifier("1.3.6.1.4.1.11591.2"); // GnuPG (Aegypten) - public static final DERObjectIdentifier notation = new DERObjectIdentifier("1.3.6.1.4.1.11591.2.1"); // notation - public static final DERObjectIdentifier pkaAddress = new DERObjectIdentifier("1.3.6.1.4.1.11591.2.1.1"); // pkaAddress - public static final DERObjectIdentifier GnuRadar = new DERObjectIdentifier("1.3.6.1.4.1.11591.3"); // GNU Radar - public static final DERObjectIdentifier digestAlgorithm = new DERObjectIdentifier("1.3.6.1.4.1.11591.12"); // digestAlgorithm - public static final DERObjectIdentifier Tiger_192 = new DERObjectIdentifier("1.3.6.1.4.1.11591.12.2"); // TIGER/192 - public static final DERObjectIdentifier encryptionAlgorithm = new DERObjectIdentifier("1.3.6.1.4.1.11591.13"); // encryptionAlgorithm - public static final DERObjectIdentifier Serpent = new DERObjectIdentifier("1.3.6.1.4.1.11591.13.2"); // Serpent - public static final DERObjectIdentifier Serpent_128_ECB = new DERObjectIdentifier("1.3.6.1.4.1.11591.13.2.1"); // Serpent-128-ECB - public static final DERObjectIdentifier Serpent_128_CBC = new DERObjectIdentifier("1.3.6.1.4.1.11591.13.2.2"); // Serpent-128-CBC - public static final DERObjectIdentifier Serpent_128_OFB = new DERObjectIdentifier("1.3.6.1.4.1.11591.13.2.3"); // Serpent-128-OFB - public static final DERObjectIdentifier Serpent_128_CFB = new DERObjectIdentifier("1.3.6.1.4.1.11591.13.2.4"); // Serpent-128-CFB - public static final DERObjectIdentifier Serpent_192_ECB = new DERObjectIdentifier("1.3.6.1.4.1.11591.13.2.21"); // Serpent-192-ECB - public static final DERObjectIdentifier Serpent_192_CBC = new DERObjectIdentifier("1.3.6.1.4.1.11591.13.2.22"); // Serpent-192-CBC - public static final DERObjectIdentifier Serpent_192_OFB = new DERObjectIdentifier("1.3.6.1.4.1.11591.13.2.23"); // Serpent-192-OFB - public static final DERObjectIdentifier Serpent_192_CFB = new DERObjectIdentifier("1.3.6.1.4.1.11591.13.2.24"); // Serpent-192-CFB - public static final DERObjectIdentifier Serpent_256_ECB = new DERObjectIdentifier("1.3.6.1.4.1.11591.13.2.41"); // Serpent-256-ECB - public static final DERObjectIdentifier Serpent_256_CBC = new DERObjectIdentifier("1.3.6.1.4.1.11591.13.2.42"); // Serpent-256-CBC - public static final DERObjectIdentifier Serpent_256_OFB = new DERObjectIdentifier("1.3.6.1.4.1.11591.13.2.43"); // Serpent-256-OFB - public static final DERObjectIdentifier Serpent_256_CFB = new DERObjectIdentifier("1.3.6.1.4.1.11591.13.2.44"); // Serpent-256-CFB - public static final DERObjectIdentifier CRC = new DERObjectIdentifier("1.3.6.1.4.1.11591.14"); // CRC algorithms - public static final DERObjectIdentifier CRC32 = new DERObjectIdentifier("1.3.6.1.4.1.11591.14.1"); // CRC 32 -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/iana/IANAObjectIdentifiers.java b/luni/src/main/java/org/bouncycastle/asn1/iana/IANAObjectIdentifiers.java deleted file mode 100644 index 6faa597..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/iana/IANAObjectIdentifiers.java +++ /dev/null @@ -1,20 +0,0 @@ -package org.bouncycastle.asn1.iana; - -import org.bouncycastle.asn1.DERObjectIdentifier; - -public interface IANAObjectIdentifiers -{ - // id-SHA1 OBJECT IDENTIFIER ::= - // {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) ipsec(8) isakmpOakley(1)} - // - - static final DERObjectIdentifier isakmpOakley = new DERObjectIdentifier("1.3.6.1.5.5.8.1"); - - static final DERObjectIdentifier hmacMD5 = new DERObjectIdentifier(isakmpOakley + ".1"); - static final DERObjectIdentifier hmacSHA1 = new DERObjectIdentifier(isakmpOakley + ".2"); - - static final DERObjectIdentifier hmacTIGER = new DERObjectIdentifier(isakmpOakley + ".3"); - - static final DERObjectIdentifier hmacRIPEMD160 = new DERObjectIdentifier(isakmpOakley + ".4"); - -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/icao/DataGroupHash.java b/luni/src/main/java/org/bouncycastle/asn1/icao/DataGroupHash.java deleted file mode 100644 index 3413126..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/icao/DataGroupHash.java +++ /dev/null @@ -1,100 +0,0 @@ -package org.bouncycastle.asn1.icao; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -/** - * The DataGroupHash object. - * <pre> - * DataGroupHash ::= SEQUENCE { - * dataGroupNumber DataGroupNumber, - * dataGroupHashValue OCTET STRING } - * - * DataGroupNumber ::= INTEGER { - * dataGroup1 (1), - * dataGroup1 (2), - * dataGroup1 (3), - * dataGroup1 (4), - * dataGroup1 (5), - * dataGroup1 (6), - * dataGroup1 (7), - * dataGroup1 (8), - * dataGroup1 (9), - * dataGroup1 (10), - * dataGroup1 (11), - * dataGroup1 (12), - * dataGroup1 (13), - * dataGroup1 (14), - * dataGroup1 (15), - * dataGroup1 (16) } - * - * </pre> - */ -public class DataGroupHash - extends ASN1Encodable -{ - DERInteger dataGroupNumber; - ASN1OctetString dataGroupHashValue; - - public static DataGroupHash getInstance( - Object obj) - { - if (obj == null || obj instanceof DataGroupHash) - { - return (DataGroupHash)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new DataGroupHash(ASN1Sequence.getInstance(obj)); - } - else - { - throw new IllegalArgumentException("unknown object in getInstance"); - } - } - - public DataGroupHash(ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - // dataGroupNumber - dataGroupNumber = DERInteger.getInstance(e.nextElement()); - // dataGroupHashValue - dataGroupHashValue = ASN1OctetString.getInstance(e.nextElement()); - } - - public DataGroupHash( - int dataGroupNumber, - ASN1OctetString dataGroupHashValue) - { - this.dataGroupNumber = new DERInteger(dataGroupNumber); - this.dataGroupHashValue = dataGroupHashValue; - } - - public int getDataGroupNumber() - { - return dataGroupNumber.getValue().intValue(); - } - - public ASN1OctetString getDataGroupHashValue() - { - return dataGroupHashValue; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector seq = new ASN1EncodableVector(); - seq.add(dataGroupNumber); - seq.add(dataGroupHashValue); - - return new DERSequence(seq); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/icao/ICAOObjectIdentifiers.java b/luni/src/main/java/org/bouncycastle/asn1/icao/ICAOObjectIdentifiers.java deleted file mode 100644 index 957993a..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/icao/ICAOObjectIdentifiers.java +++ /dev/null @@ -1,15 +0,0 @@ -package org.bouncycastle.asn1.icao; - -import org.bouncycastle.asn1.DERObjectIdentifier; - -public interface ICAOObjectIdentifiers -{ - // - // base id - // - static final String id_icao = "1.3.27"; - - static final DERObjectIdentifier id_icao_mrtd = new DERObjectIdentifier(id_icao+".1"); - static final DERObjectIdentifier id_icao_mrtd_security = new DERObjectIdentifier(id_icao_mrtd+".1"); - static final DERObjectIdentifier id_icao_ldsSecurityObject = new DERObjectIdentifier(id_icao_mrtd_security+".1"); -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/icao/LDSSecurityObject.java b/luni/src/main/java/org/bouncycastle/asn1/icao/LDSSecurityObject.java deleted file mode 100644 index 177fdcf..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/icao/LDSSecurityObject.java +++ /dev/null @@ -1,125 +0,0 @@ -package org.bouncycastle.asn1.icao; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -/** - * The LDSSecurityObject object. - * <pre> - * LDSSecurityObject ::= SEQUENCE { - * version LDSSecurityObjectVersion, - * hashAlgorithm DigestAlgorithmIdentifier, - * dataGroupHashValues SEQUENCE SIZE (2..ub-DataGroups) OF DataHashGroup} - * - * DigestAlgorithmIdentifier ::= AlgorithmIdentifier, - * - * LDSSecurityObjectVersion :: INTEGER {V0(0)} - * </pre> - */ - -public class LDSSecurityObject - extends ASN1Encodable - implements ICAOObjectIdentifiers -{ - - public static final int ub_DataGroups = 16; - - DERInteger version = new DERInteger(0); - AlgorithmIdentifier digestAlgorithmIdentifier; - DataGroupHash[] datagroupHash; - - public static LDSSecurityObject getInstance( - Object obj) - { - if (obj == null || obj instanceof LDSSecurityObject) - { - return (LDSSecurityObject)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new LDSSecurityObject(ASN1Sequence.getInstance(obj)); - } - - throw new IllegalArgumentException("unknown object in getInstance"); - } - - public LDSSecurityObject( - ASN1Sequence seq) - { - if (seq == null || seq.size() == 0) - { - throw new IllegalArgumentException("null or empty sequence passed."); - } - - Enumeration e = seq.getObjects(); - - // version - version = DERInteger.getInstance(e.nextElement()); - // digestAlgorithmIdentifier - digestAlgorithmIdentifier = AlgorithmIdentifier.getInstance(e.nextElement()); - - ASN1Sequence datagroupHashSeq = ASN1Sequence.getInstance(e.nextElement()); - - checkDatagroupHashSeqSize(datagroupHashSeq.size()); - - datagroupHash = new DataGroupHash[datagroupHashSeq.size()]; - for (int i= 0; i< datagroupHashSeq.size();i++) - { - datagroupHash[i] = DataGroupHash.getInstance(datagroupHashSeq.getObjectAt(i)); - } - - } - - public LDSSecurityObject( - AlgorithmIdentifier digestAlgorithmIdentifier, - DataGroupHash[] datagroupHash) - { - this.digestAlgorithmIdentifier = digestAlgorithmIdentifier; - this.datagroupHash = datagroupHash; - - checkDatagroupHashSeqSize(datagroupHash.length); - } - - private void checkDatagroupHashSeqSize(int size) - { - if ((size < 2) || (size > ub_DataGroups)) - { - throw new IllegalArgumentException("wrong size in DataGroupHashValues : not in (2.."+ ub_DataGroups +")"); - } - } - - public AlgorithmIdentifier getDigestAlgorithmIdentifier() - { - return digestAlgorithmIdentifier; - } - - public DataGroupHash[] getDatagroupHash() - { - return datagroupHash; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector seq = new ASN1EncodableVector(); - - seq.add(version); - seq.add(digestAlgorithmIdentifier); - - ASN1EncodableVector seqname = new ASN1EncodableVector(); - for (int i = 0; i < datagroupHash.length; i++) - { - seqname.add(datagroupHash[i]); - } - seq.add(new DERSequence(seqname)); - - return new DERSequence(seq); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/misc/IDEACBCPar.java b/luni/src/main/java/org/bouncycastle/asn1/misc/IDEACBCPar.java deleted file mode 100644 index c384e8a..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/misc/IDEACBCPar.java +++ /dev/null @@ -1,75 +0,0 @@ -package org.bouncycastle.asn1.misc; - -import org.bouncycastle.asn1.*; - -public class IDEACBCPar - extends ASN1Encodable -{ - ASN1OctetString iv; - - public static IDEACBCPar getInstance( - Object o) - { - if (o instanceof IDEACBCPar) - { - return (IDEACBCPar)o; - } - else if (o instanceof ASN1Sequence) - { - return new IDEACBCPar((ASN1Sequence)o); - } - - throw new IllegalArgumentException("unknown object in IDEACBCPar factory"); - } - - public IDEACBCPar( - byte[] iv) - { - this.iv = new DEROctetString(iv); - } - - public IDEACBCPar( - ASN1Sequence seq) - { - if (seq.size() == 1) - { - iv = (ASN1OctetString)seq.getObjectAt(0); - } - else - { - iv = null; - } - } - - public byte[] getIV() - { - if (iv != null) - { - return iv.getOctets(); - } - else - { - return null; - } - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * IDEA-CBCPar ::= SEQUENCE { - * iv OCTET STRING OPTIONAL -- exactly 8 octets - * } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (iv != null) - { - v.add(iv); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/misc/MiscObjectIdentifiers.java b/luni/src/main/java/org/bouncycastle/asn1/misc/MiscObjectIdentifiers.java deleted file mode 100644 index b2d46e2..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/misc/MiscObjectIdentifiers.java +++ /dev/null @@ -1,30 +0,0 @@ -package org.bouncycastle.asn1.misc; - -import org.bouncycastle.asn1.DERObjectIdentifier; - -public interface MiscObjectIdentifiers -{ - // - // Netscape - // iso/itu(2) joint-assign(16) us(840) uscompany(1) netscape(113730) cert-extensions(1) } - // - static final String netscape = "2.16.840.1.113730.1"; - static final DERObjectIdentifier netscapeCertType = new DERObjectIdentifier(netscape + ".1"); - static final DERObjectIdentifier netscapeBaseURL = new DERObjectIdentifier(netscape + ".2"); - static final DERObjectIdentifier netscapeRevocationURL = new DERObjectIdentifier(netscape + ".3"); - static final DERObjectIdentifier netscapeCARevocationURL = new DERObjectIdentifier(netscape + ".4"); - static final DERObjectIdentifier netscapeRenewalURL = new DERObjectIdentifier(netscape + ".7"); - static final DERObjectIdentifier netscapeCApolicyURL = new DERObjectIdentifier(netscape + ".8"); - static final DERObjectIdentifier netscapeSSLServerName = new DERObjectIdentifier(netscape + ".12"); - static final DERObjectIdentifier netscapeCertComment = new DERObjectIdentifier(netscape + ".13"); - // - // Verisign - // iso/itu(2) joint-assign(16) us(840) uscompany(1) verisign(113733) cert-extensions(1) } - // - static final String verisign = "2.16.840.1.113733.1"; - - // - // CZAG - country, zip, age, and gender - // - static final DERObjectIdentifier verisignCzagExtension = new DERObjectIdentifier(verisign + ".6.3"); -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/misc/NetscapeCertType.java b/luni/src/main/java/org/bouncycastle/asn1/misc/NetscapeCertType.java deleted file mode 100644 index 61a851a..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/misc/NetscapeCertType.java +++ /dev/null @@ -1,54 +0,0 @@ -package org.bouncycastle.asn1.misc; - -import org.bouncycastle.asn1.*; - -/** - * The NetscapeCertType object. - * <pre> - * NetscapeCertType ::= BIT STRING { - * SSLClient (0), - * SSLServer (1), - * S/MIME (2), - * Object Signing (3), - * Reserved (4), - * SSL CA (5), - * S/MIME CA (6), - * Object Signing CA (7) } - * </pre> - */ -public class NetscapeCertType - extends DERBitString -{ - public static final int sslClient = (1 << 7); - public static final int sslServer = (1 << 6); - public static final int smime = (1 << 5); - public static final int objectSigning = (1 << 4); - public static final int reserved = (1 << 3); - public static final int sslCA = (1 << 2); - public static final int smimeCA = (1 << 1); - public static final int objectSigningCA = (1 << 0); - - /** - * Basic constructor. - * - * @param usage - the bitwise OR of the Key Usage flags giving the - * allowed uses for the key. - * e.g. (X509NetscapeCertType.sslCA | X509NetscapeCertType.smimeCA) - */ - public NetscapeCertType( - int usage) - { - super(getBytes(usage), getPadBits(usage)); - } - - public NetscapeCertType( - DERBitString usage) - { - super(usage.getBytes(), usage.getPadBits()); - } - - public String toString() - { - return "NetscapeCertType: 0x" + Integer.toHexString(data[0] & 0xff); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/misc/NetscapeRevocationURL.java b/luni/src/main/java/org/bouncycastle/asn1/misc/NetscapeRevocationURL.java deleted file mode 100644 index ba35d08..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/misc/NetscapeRevocationURL.java +++ /dev/null @@ -1,18 +0,0 @@ -package org.bouncycastle.asn1.misc; - -import org.bouncycastle.asn1.*; - -public class NetscapeRevocationURL - extends DERIA5String -{ - public NetscapeRevocationURL( - DERIA5String str) - { - super(str.getString()); - } - - public String toString() - { - return "NetscapeRevocationURL: " + this.getString(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/misc/VerisignCzagExtension.java b/luni/src/main/java/org/bouncycastle/asn1/misc/VerisignCzagExtension.java deleted file mode 100644 index 5066ec5..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/misc/VerisignCzagExtension.java +++ /dev/null @@ -1,18 +0,0 @@ -package org.bouncycastle.asn1.misc; - -import org.bouncycastle.asn1.*; - -public class VerisignCzagExtension - extends DERIA5String -{ - public VerisignCzagExtension( - DERIA5String str) - { - super(str.getString()); - } - - public String toString() - { - return "VerisignCzagExtension: " + this.getString(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/mozilla/PublicKeyAndChallenge.java b/luni/src/main/java/org/bouncycastle/asn1/mozilla/PublicKeyAndChallenge.java deleted file mode 100644 index 57df8b0..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/mozilla/PublicKeyAndChallenge.java +++ /dev/null @@ -1,63 +0,0 @@ -package org.bouncycastle.asn1.mozilla; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; - -/** - * This is designed to parse - * the PublicKeyAndChallenge created by the KEYGEN tag included by - * Mozilla based browsers. - * <pre> - * PublicKeyAndChallenge ::= SEQUENCE { - * spki SubjectPublicKeyInfo, - * challenge IA5STRING - * } - * - * </pre> - */ -public class PublicKeyAndChallenge - extends ASN1Encodable -{ - private ASN1Sequence pkacSeq; - private SubjectPublicKeyInfo spki; - private DERIA5String challenge; - - public static PublicKeyAndChallenge getInstance(Object obj) - { - if (obj instanceof PublicKeyAndChallenge) - { - return (PublicKeyAndChallenge)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new PublicKeyAndChallenge((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unkown object in factory"); - } - - public PublicKeyAndChallenge(ASN1Sequence seq) - { - pkacSeq = seq; - spki = SubjectPublicKeyInfo.getInstance(seq.getObjectAt(0)); - challenge = DERIA5String.getInstance(seq.getObjectAt(1)); - } - - public DERObject toASN1Object() - { - return pkacSeq; - } - - public SubjectPublicKeyInfo getSubjectPublicKeyInfo() - { - return spki; - } - - public DERIA5String getChallenge() - { - return challenge; - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/nist/NISTObjectIdentifiers.java b/luni/src/main/java/org/bouncycastle/asn1/nist/NISTObjectIdentifiers.java deleted file mode 100644 index e4a2777..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/nist/NISTObjectIdentifiers.java +++ /dev/null @@ -1,48 +0,0 @@ -package org.bouncycastle.asn1.nist; - -import org.bouncycastle.asn1.DERObjectIdentifier; - -public interface NISTObjectIdentifiers -{ - // - // NIST - // iso/itu(2) joint-assign(16) us(840) organization(1) gov(101) csor(3) - - // - // nistalgorithms(4) - // - static final String nistAlgorithm = "2.16.840.1.101.3.4"; - - static final DERObjectIdentifier id_sha256 = new DERObjectIdentifier(nistAlgorithm + ".2.1"); - static final DERObjectIdentifier id_sha384 = new DERObjectIdentifier(nistAlgorithm + ".2.2"); - static final DERObjectIdentifier id_sha512 = new DERObjectIdentifier(nistAlgorithm + ".2.3"); - static final DERObjectIdentifier id_sha224 = new DERObjectIdentifier(nistAlgorithm + ".2.4"); - - static final String aes = nistAlgorithm + ".1"; - - static final DERObjectIdentifier id_aes128_ECB = new DERObjectIdentifier(aes + ".1"); - static final DERObjectIdentifier id_aes128_CBC = new DERObjectIdentifier(aes + ".2"); - static final DERObjectIdentifier id_aes128_OFB = new DERObjectIdentifier(aes + ".3"); - static final DERObjectIdentifier id_aes128_CFB = new DERObjectIdentifier(aes + ".4"); - static final DERObjectIdentifier id_aes128_wrap = new DERObjectIdentifier(aes + ".5"); - - static final DERObjectIdentifier id_aes192_ECB = new DERObjectIdentifier(aes + ".21"); - static final DERObjectIdentifier id_aes192_CBC = new DERObjectIdentifier(aes + ".22"); - static final DERObjectIdentifier id_aes192_OFB = new DERObjectIdentifier(aes + ".23"); - static final DERObjectIdentifier id_aes192_CFB = new DERObjectIdentifier(aes + ".24"); - static final DERObjectIdentifier id_aes192_wrap = new DERObjectIdentifier(aes + ".25"); - - static final DERObjectIdentifier id_aes256_ECB = new DERObjectIdentifier(aes + ".41"); - static final DERObjectIdentifier id_aes256_CBC = new DERObjectIdentifier(aes + ".42"); - static final DERObjectIdentifier id_aes256_OFB = new DERObjectIdentifier(aes + ".43"); - static final DERObjectIdentifier id_aes256_CFB = new DERObjectIdentifier(aes + ".44"); - static final DERObjectIdentifier id_aes256_wrap = new DERObjectIdentifier(aes + ".45"); - - // - // signatures - // - static final DERObjectIdentifier id_dsa_with_sha2 = new DERObjectIdentifier(nistAlgorithm + ".3"); - - static final DERObjectIdentifier dsa_with_sha224 = new DERObjectIdentifier(id_dsa_with_sha2 + ".1"); - static final DERObjectIdentifier dsa_with_sha256 = new DERObjectIdentifier(id_dsa_with_sha2 + ".2"); -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/ocsp/BasicOCSPResponse.java b/luni/src/main/java/org/bouncycastle/asn1/ocsp/BasicOCSPResponse.java deleted file mode 100644 index c78e193..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/ocsp/BasicOCSPResponse.java +++ /dev/null @@ -1,112 +0,0 @@ -package org.bouncycastle.asn1.ocsp; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class BasicOCSPResponse - extends ASN1Encodable -{ - private ResponseData tbsResponseData; - private AlgorithmIdentifier signatureAlgorithm; - private DERBitString signature; - private ASN1Sequence certs; - - public BasicOCSPResponse( - ResponseData tbsResponseData, - AlgorithmIdentifier signatureAlgorithm, - DERBitString signature, - ASN1Sequence certs) - { - this.tbsResponseData = tbsResponseData; - this.signatureAlgorithm = signatureAlgorithm; - this.signature = signature; - this.certs = certs; - } - - public BasicOCSPResponse( - ASN1Sequence seq) - { - this.tbsResponseData = ResponseData.getInstance(seq.getObjectAt(0)); - this.signatureAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(1)); - this.signature = (DERBitString)seq.getObjectAt(2); - - if (seq.size() > 3) - { - this.certs = ASN1Sequence.getInstance((ASN1TaggedObject)seq.getObjectAt(3), true); - } - } - - public static BasicOCSPResponse getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static BasicOCSPResponse getInstance( - Object obj) - { - if (obj == null || obj instanceof BasicOCSPResponse) - { - return (BasicOCSPResponse)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new BasicOCSPResponse((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public ResponseData getTbsResponseData() - { - return tbsResponseData; - } - - public AlgorithmIdentifier getSignatureAlgorithm() - { - return signatureAlgorithm; - } - - public DERBitString getSignature() - { - return signature; - } - - public ASN1Sequence getCerts() - { - return certs; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * BasicOCSPResponse ::= SEQUENCE { - * tbsResponseData ResponseData, - * signatureAlgorithm AlgorithmIdentifier, - * signature BIT STRING, - * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(tbsResponseData); - v.add(signatureAlgorithm); - v.add(signature); - if (certs != null) - { - v.add(new DERTaggedObject(true, 0, certs)); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/ocsp/CertID.java b/luni/src/main/java/org/bouncycastle/asn1/ocsp/CertID.java deleted file mode 100644 index 2f5fe85..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/ocsp/CertID.java +++ /dev/null @@ -1,105 +0,0 @@ -package org.bouncycastle.asn1.ocsp; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class CertID - extends ASN1Encodable -{ - AlgorithmIdentifier hashAlgorithm; - ASN1OctetString issuerNameHash; - ASN1OctetString issuerKeyHash; - DERInteger serialNumber; - - public CertID( - AlgorithmIdentifier hashAlgorithm, - ASN1OctetString issuerNameHash, - ASN1OctetString issuerKeyHash, - DERInteger serialNumber) - { - this.hashAlgorithm = hashAlgorithm; - this.issuerNameHash = issuerNameHash; - this.issuerKeyHash = issuerKeyHash; - this.serialNumber = serialNumber; - } - - public CertID( - ASN1Sequence seq) - { - hashAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(0)); - issuerNameHash = (ASN1OctetString)seq.getObjectAt(1); - issuerKeyHash = (ASN1OctetString)seq.getObjectAt(2); - serialNumber = (DERInteger)seq.getObjectAt(3); - } - - public static CertID getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static CertID getInstance( - Object obj) - { - if (obj == null || obj instanceof CertID) - { - return (CertID)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new CertID((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public AlgorithmIdentifier getHashAlgorithm() - { - return hashAlgorithm; - } - - public ASN1OctetString getIssuerNameHash() - { - return issuerNameHash; - } - - public ASN1OctetString getIssuerKeyHash() - { - return issuerKeyHash; - } - - public DERInteger getSerialNumber() - { - return serialNumber; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * CertID ::= SEQUENCE { - * hashAlgorithm AlgorithmIdentifier, - * issuerNameHash OCTET STRING, -- Hash of Issuer's DN - * issuerKeyHash OCTET STRING, -- Hash of Issuers public key - * serialNumber CertificateSerialNumber } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(hashAlgorithm); - v.add(issuerNameHash); - v.add(issuerKeyHash); - v.add(serialNumber); - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/ocsp/CertStatus.java b/luni/src/main/java/org/bouncycastle/asn1/ocsp/CertStatus.java deleted file mode 100644 index 1868bfc..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/ocsp/CertStatus.java +++ /dev/null @@ -1,111 +0,0 @@ -package org.bouncycastle.asn1.ocsp; - -import org.bouncycastle.asn1.ASN1Choice; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERTaggedObject; - -public class CertStatus - extends ASN1Encodable - implements ASN1Choice -{ - private int tagNo; - private DEREncodable value; - - /** - * create a CertStatus object with a tag of zero. - */ - public CertStatus() - { - tagNo = 0; - // BEGIN android-changed - value = DERNull.THE_ONE; - // END android-changed - } - - public CertStatus( - RevokedInfo info) - { - tagNo = 1; - value = info; - } - - public CertStatus( - int tagNo, - DEREncodable value) - { - this.tagNo = tagNo; - this.value = value; - } - - public CertStatus( - ASN1TaggedObject choice) - { - this.tagNo = choice.getTagNo(); - - switch (choice.getTagNo()) - { - case 0: - // BEGIN android-changed - value = DERNull.THE_ONE; - // END android-changed - break; - case 1: - value = RevokedInfo.getInstance(choice, false); - break; - case 2: - // BEGIN android-changed - value = DERNull.THE_ONE; - // END android-changed - } - } - - public static CertStatus getInstance( - Object obj) - { - if (obj == null || obj instanceof CertStatus) - { - return (CertStatus)obj; - } - else if (obj instanceof ASN1TaggedObject) - { - return new CertStatus((ASN1TaggedObject)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public static CertStatus getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(obj.getObject()); // must be explicitly tagged - } - - public int getTagNo() - { - return tagNo; - } - - public DEREncodable getStatus() - { - return value; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * CertStatus ::= CHOICE { - * good [0] IMPLICIT NULL, - * revoked [1] IMPLICIT RevokedInfo, - * unknown [2] IMPLICIT UnknownInfo } - * </pre> - */ - public DERObject toASN1Object() - { - return new DERTaggedObject(false, tagNo, value); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/ocsp/CrlID.java b/luni/src/main/java/org/bouncycastle/asn1/ocsp/CrlID.java deleted file mode 100644 index c933ac0..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/ocsp/CrlID.java +++ /dev/null @@ -1,86 +0,0 @@ -package org.bouncycastle.asn1.ocsp; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.*; - -public class CrlID - extends ASN1Encodable -{ - DERIA5String crlUrl; - DERInteger crlNum; - DERGeneralizedTime crlTime; - - public CrlID( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - while (e.hasMoreElements()) - { - ASN1TaggedObject o = (ASN1TaggedObject)e.nextElement(); - - switch (o.getTagNo()) - { - case 0: - crlUrl = DERIA5String.getInstance(o, true); - break; - case 1: - crlNum = DERInteger.getInstance(o, true); - break; - case 2: - crlTime = DERGeneralizedTime.getInstance(o, true); - break; - default: - throw new IllegalArgumentException( - "unknown tag number: " + o.getTagNo()); - } - } - } - - public DERIA5String getCrlUrl() - { - return crlUrl; - } - - public DERInteger getCrlNum() - { - return crlNum; - } - - public DERGeneralizedTime getCrlTime() - { - return crlTime; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * CrlID ::= SEQUENCE { - * crlUrl [0] EXPLICIT IA5String OPTIONAL, - * crlNum [1] EXPLICIT INTEGER OPTIONAL, - * crlTime [2] EXPLICIT GeneralizedTime OPTIONAL } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (crlUrl != null) - { - v.add(new DERTaggedObject(true, 0, crlUrl)); - } - - if (crlNum != null) - { - v.add(new DERTaggedObject(true, 1, crlNum)); - } - - if (crlTime != null) - { - v.add(new DERTaggedObject(true, 2, crlTime)); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/ocsp/OCSPObjectIdentifiers.java b/luni/src/main/java/org/bouncycastle/asn1/ocsp/OCSPObjectIdentifiers.java deleted file mode 100644 index f247270..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/ocsp/OCSPObjectIdentifiers.java +++ /dev/null @@ -1,22 +0,0 @@ -package org.bouncycastle.asn1.ocsp; - -import org.bouncycastle.asn1.DERObjectIdentifier; - -public interface OCSPObjectIdentifiers -{ - public static final String pkix_ocsp = "1.3.6.1.5.5.7.48.1"; - - public static final DERObjectIdentifier id_pkix_ocsp = new DERObjectIdentifier(pkix_ocsp); - public static final DERObjectIdentifier id_pkix_ocsp_basic = new DERObjectIdentifier(pkix_ocsp + ".1"); - - // - // extensions - // - public static final DERObjectIdentifier id_pkix_ocsp_nonce = new DERObjectIdentifier(pkix_ocsp + ".2"); - public static final DERObjectIdentifier id_pkix_ocsp_crl = new DERObjectIdentifier(pkix_ocsp + ".3"); - - public static final DERObjectIdentifier id_pkix_ocsp_response = new DERObjectIdentifier(pkix_ocsp + ".4"); - public static final DERObjectIdentifier id_pkix_ocsp_nocheck = new DERObjectIdentifier(pkix_ocsp + ".5"); - public static final DERObjectIdentifier id_pkix_ocsp_archive_cutoff = new DERObjectIdentifier(pkix_ocsp + ".6"); - public static final DERObjectIdentifier id_pkix_ocsp_service_locator = new DERObjectIdentifier(pkix_ocsp + ".7"); -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/ocsp/OCSPRequest.java b/luni/src/main/java/org/bouncycastle/asn1/ocsp/OCSPRequest.java deleted file mode 100644 index 3f379de..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/ocsp/OCSPRequest.java +++ /dev/null @@ -1,90 +0,0 @@ -package org.bouncycastle.asn1.ocsp; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; - -public class OCSPRequest - extends ASN1Encodable -{ - TBSRequest tbsRequest; - Signature optionalSignature; - - public OCSPRequest( - TBSRequest tbsRequest, - Signature optionalSignature) - { - this.tbsRequest = tbsRequest; - this.optionalSignature = optionalSignature; - } - - public OCSPRequest( - ASN1Sequence seq) - { - tbsRequest = TBSRequest.getInstance(seq.getObjectAt(0)); - - if (seq.size() == 2) - { - optionalSignature = Signature.getInstance( - (ASN1TaggedObject)seq.getObjectAt(1), true); - } - } - - public static OCSPRequest getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static OCSPRequest getInstance( - Object obj) - { - if (obj == null || obj instanceof OCSPRequest) - { - return (OCSPRequest)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new OCSPRequest((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public TBSRequest getTbsRequest() - { - return tbsRequest; - } - - public Signature getOptionalSignature() - { - return optionalSignature; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * OCSPRequest ::= SEQUENCE { - * tbsRequest TBSRequest, - * optionalSignature [0] EXPLICIT Signature OPTIONAL } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(tbsRequest); - - if (optionalSignature != null) - { - v.add(new DERTaggedObject(true, 0, optionalSignature)); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/ocsp/OCSPResponse.java b/luni/src/main/java/org/bouncycastle/asn1/ocsp/OCSPResponse.java deleted file mode 100644 index 9fbf740..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/ocsp/OCSPResponse.java +++ /dev/null @@ -1,92 +0,0 @@ -package org.bouncycastle.asn1.ocsp; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DEREnumerated; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; - -public class OCSPResponse - extends ASN1Encodable -{ - OCSPResponseStatus responseStatus; - ResponseBytes responseBytes; - - public OCSPResponse( - OCSPResponseStatus responseStatus, - ResponseBytes responseBytes) - { - this.responseStatus = responseStatus; - this.responseBytes = responseBytes; - } - - public OCSPResponse( - ASN1Sequence seq) - { - responseStatus = new OCSPResponseStatus( - DEREnumerated.getInstance(seq.getObjectAt(0))); - - if (seq.size() == 2) - { - responseBytes = ResponseBytes.getInstance( - (ASN1TaggedObject)seq.getObjectAt(1), true); - } - } - - public static OCSPResponse getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static OCSPResponse getInstance( - Object obj) - { - if (obj == null || obj instanceof OCSPResponse) - { - return (OCSPResponse)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new OCSPResponse((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public OCSPResponseStatus getResponseStatus() - { - return responseStatus; - } - - public ResponseBytes getResponseBytes() - { - return responseBytes; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * OCSPResponse ::= SEQUENCE { - * responseStatus OCSPResponseStatus, - * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(responseStatus); - - if (responseBytes != null) - { - v.add(new DERTaggedObject(true, 0, responseBytes)); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/ocsp/OCSPResponseStatus.java b/luni/src/main/java/org/bouncycastle/asn1/ocsp/OCSPResponseStatus.java deleted file mode 100644 index 7185235..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/ocsp/OCSPResponseStatus.java +++ /dev/null @@ -1,40 +0,0 @@ -package org.bouncycastle.asn1.ocsp; - -import org.bouncycastle.asn1.DEREnumerated; - -public class OCSPResponseStatus - extends DEREnumerated -{ - public static final int SUCCESSFUL = 0; - public static final int MALFORMED_REQUEST = 1; - public static final int INTERNAL_ERROR = 2; - public static final int TRY_LATER = 3; - public static final int SIG_REQUIRED = 5; - public static final int UNAUTHORIZED = 6; - - /** - * The OCSPResponseStatus enumeration. - * <pre> - * OCSPResponseStatus ::= ENUMERATED { - * successful (0), --Response has valid confirmations - * malformedRequest (1), --Illegal confirmation request - * internalError (2), --Internal error in issuer - * tryLater (3), --Try again later - * --(4) is not used - * sigRequired (5), --Must sign the request - * unauthorized (6) --Request unauthorized - * } - * </pre> - */ - public OCSPResponseStatus( - int value) - { - super(value); - } - - public OCSPResponseStatus( - DEREnumerated value) - { - super(value.getValue().intValue()); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/ocsp/Request.java b/luni/src/main/java/org/bouncycastle/asn1/ocsp/Request.java deleted file mode 100644 index 350fa17..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/ocsp/Request.java +++ /dev/null @@ -1,91 +0,0 @@ -package org.bouncycastle.asn1.ocsp; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x509.X509Extensions; - -public class Request - extends ASN1Encodable -{ - CertID reqCert; - X509Extensions singleRequestExtensions; - - public Request( - CertID reqCert, - X509Extensions singleRequestExtensions) - { - this.reqCert = reqCert; - this.singleRequestExtensions = singleRequestExtensions; - } - - public Request( - ASN1Sequence seq) - { - reqCert = CertID.getInstance(seq.getObjectAt(0)); - - if (seq.size() == 2) - { - singleRequestExtensions = X509Extensions.getInstance( - (ASN1TaggedObject)seq.getObjectAt(1), true); - } - } - - public static Request getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static Request getInstance( - Object obj) - { - if (obj == null || obj instanceof Request) - { - return (Request)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new Request((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public CertID getReqCert() - { - return reqCert; - } - - public X509Extensions getSingleRequestExtensions() - { - return singleRequestExtensions; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * Request ::= SEQUENCE { - * reqCert CertID, - * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(reqCert); - - if (singleRequestExtensions != null) - { - v.add(new DERTaggedObject(true, 0, singleRequestExtensions)); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/ocsp/ResponderID.java b/luni/src/main/java/org/bouncycastle/asn1/ocsp/ResponderID.java deleted file mode 100644 index 09cdf11..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/ocsp/ResponderID.java +++ /dev/null @@ -1,83 +0,0 @@ -package org.bouncycastle.asn1.ocsp; - -import org.bouncycastle.asn1.ASN1Choice; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x509.X509Name; - -public class ResponderID - extends ASN1Encodable - implements ASN1Choice -{ - private DEREncodable value; - - public ResponderID( - ASN1OctetString value) - { - this.value = value; - } - - public ResponderID( - X509Name value) - { - this.value = value; - } - - public static ResponderID getInstance( - Object obj) - { - if (obj == null || obj instanceof ResponderID) - { - return (ResponderID)obj; - } - else if (obj instanceof DEROctetString) - { - return new ResponderID((DEROctetString)obj); - } - else if (obj instanceof ASN1TaggedObject) - { - ASN1TaggedObject o = (ASN1TaggedObject)obj; - - if (o.getTagNo() == 1) - { - return new ResponderID(X509Name.getInstance(o, true)); - } - else - { - return new ResponderID(ASN1OctetString.getInstance(o, true)); - } - } - - return new ResponderID(X509Name.getInstance(obj)); - } - - public static ResponderID getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(obj.getObject()); // must be explicitly tagged - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * ResponderID ::= CHOICE { - * byName [1] Name, - * byKey [2] KeyHash } - * </pre> - */ - public DERObject toASN1Object() - { - if (value instanceof ASN1OctetString) - { - return new DERTaggedObject(true, 2, value); - } - - return new DERTaggedObject(true, 1, value); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/ocsp/ResponseBytes.java b/luni/src/main/java/org/bouncycastle/asn1/ocsp/ResponseBytes.java deleted file mode 100644 index 997f41f..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/ocsp/ResponseBytes.java +++ /dev/null @@ -1,82 +0,0 @@ -package org.bouncycastle.asn1.ocsp; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -public class ResponseBytes - extends ASN1Encodable -{ - DERObjectIdentifier responseType; - ASN1OctetString response; - - public ResponseBytes( - DERObjectIdentifier responseType, - ASN1OctetString response) - { - this.responseType = responseType; - this.response = response; - } - - public ResponseBytes( - ASN1Sequence seq) - { - responseType = (DERObjectIdentifier)seq.getObjectAt(0); - response = (ASN1OctetString)seq.getObjectAt(1); - } - - public static ResponseBytes getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static ResponseBytes getInstance( - Object obj) - { - if (obj == null || obj instanceof ResponseBytes) - { - return (ResponseBytes)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new ResponseBytes((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public DERObjectIdentifier getResponseType() - { - return responseType; - } - - public ASN1OctetString getResponse() - { - return response; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * ResponseBytes ::= SEQUENCE { - * responseType OBJECT IDENTIFIER, - * response OCTET STRING } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(responseType); - v.add(response); - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/ocsp/ResponseData.java b/luni/src/main/java/org/bouncycastle/asn1/ocsp/ResponseData.java deleted file mode 100644 index db0e586..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/ocsp/ResponseData.java +++ /dev/null @@ -1,164 +0,0 @@ -package org.bouncycastle.asn1.ocsp; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x509.X509Extensions; - -public class ResponseData - extends ASN1Encodable -{ - private static final DERInteger V1 = new DERInteger(0); - - private boolean versionPresent; - - private DERInteger version; - private ResponderID responderID; - private DERGeneralizedTime producedAt; - private ASN1Sequence responses; - private X509Extensions responseExtensions; - - public ResponseData( - DERInteger version, - ResponderID responderID, - DERGeneralizedTime producedAt, - ASN1Sequence responses, - X509Extensions responseExtensions) - { - this.version = version; - this.responderID = responderID; - this.producedAt = producedAt; - this.responses = responses; - this.responseExtensions = responseExtensions; - } - - public ResponseData( - ResponderID responderID, - DERGeneralizedTime producedAt, - ASN1Sequence responses, - X509Extensions responseExtensions) - { - this(V1, responderID, producedAt, responses, responseExtensions); - } - - public ResponseData( - ASN1Sequence seq) - { - int index = 0; - - if (seq.getObjectAt(0) instanceof ASN1TaggedObject) - { - ASN1TaggedObject o = (ASN1TaggedObject)seq.getObjectAt(0); - - if (o.getTagNo() == 0) - { - this.versionPresent = true; - this.version = DERInteger.getInstance( - (ASN1TaggedObject)seq.getObjectAt(0), true); - index++; - } - else - { - this.version = V1; - } - } - else - { - this.version = V1; - } - - this.responderID = ResponderID.getInstance(seq.getObjectAt(index++)); - this.producedAt = (DERGeneralizedTime)seq.getObjectAt(index++); - this.responses = (ASN1Sequence)seq.getObjectAt(index++); - - if (seq.size() > index) - { - this.responseExtensions = X509Extensions.getInstance( - (ASN1TaggedObject)seq.getObjectAt(index), true); - } - } - - public static ResponseData getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static ResponseData getInstance( - Object obj) - { - if (obj == null || obj instanceof ResponseData) - { - return (ResponseData)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new ResponseData((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public DERInteger getVersion() - { - return version; - } - - public ResponderID getResponderID() - { - return responderID; - } - - public DERGeneralizedTime getProducedAt() - { - return producedAt; - } - - public ASN1Sequence getResponses() - { - return responses; - } - - public X509Extensions getResponseExtensions() - { - return responseExtensions; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * ResponseData ::= SEQUENCE { - * version [0] EXPLICIT Version DEFAULT v1, - * responderID ResponderID, - * producedAt GeneralizedTime, - * responses SEQUENCE OF SingleResponse, - * responseExtensions [1] EXPLICIT Extensions OPTIONAL } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (versionPresent || !version.equals(V1)) - { - v.add(new DERTaggedObject(true, 0, version)); - } - - v.add(responderID); - v.add(producedAt); - v.add(responses); - if (responseExtensions != null) - { - v.add(new DERTaggedObject(true, 1, responseExtensions)); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/ocsp/RevokedInfo.java b/luni/src/main/java/org/bouncycastle/asn1/ocsp/RevokedInfo.java deleted file mode 100644 index 501a117..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/ocsp/RevokedInfo.java +++ /dev/null @@ -1,92 +0,0 @@ -package org.bouncycastle.asn1.ocsp; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DEREnumerated; -import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x509.CRLReason; - -public class RevokedInfo - extends ASN1Encodable -{ - private DERGeneralizedTime revocationTime; - private CRLReason revocationReason; - - public RevokedInfo( - DERGeneralizedTime revocationTime, - CRLReason revocationReason) - { - this.revocationTime = revocationTime; - this.revocationReason = revocationReason; - } - - public RevokedInfo( - ASN1Sequence seq) - { - this.revocationTime = (DERGeneralizedTime)seq.getObjectAt(0); - - if (seq.size() > 1) - { - this.revocationReason = new CRLReason(DEREnumerated.getInstance( - (ASN1TaggedObject)seq.getObjectAt(1), true)); - } - } - - public static RevokedInfo getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static RevokedInfo getInstance( - Object obj) - { - if (obj == null || obj instanceof RevokedInfo) - { - return (RevokedInfo)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new RevokedInfo((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public DERGeneralizedTime getRevocationTime() - { - return revocationTime; - } - - public CRLReason getRevocationReason() - { - return revocationReason; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * RevokedInfo ::= SEQUENCE { - * revocationTime GeneralizedTime, - * revocationReason [0] EXPLICIT CRLReason OPTIONAL } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(revocationTime); - if (revocationReason != null) - { - v.add(new DERTaggedObject(true, 0, revocationReason)); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/ocsp/ServiceLocator.java b/luni/src/main/java/org/bouncycastle/asn1/ocsp/ServiceLocator.java deleted file mode 100644 index 296dd53..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/ocsp/ServiceLocator.java +++ /dev/null @@ -1,36 +0,0 @@ -package org.bouncycastle.asn1.ocsp; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.X509Name; - -public class ServiceLocator - extends ASN1Encodable -{ - X509Name issuer; - DERObject locator; - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * ServiceLocator ::= SEQUENCE { - * issuer Name, - * locator AuthorityInfoAccessSyntax OPTIONAL } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(issuer); - - if (locator != null) - { - v.add(locator); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/ocsp/Signature.java b/luni/src/main/java/org/bouncycastle/asn1/ocsp/Signature.java deleted file mode 100644 index 907fd9b..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/ocsp/Signature.java +++ /dev/null @@ -1,111 +0,0 @@ -package org.bouncycastle.asn1.ocsp; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class Signature - extends ASN1Encodable -{ - AlgorithmIdentifier signatureAlgorithm; - DERBitString signature; - ASN1Sequence certs; - - public Signature( - AlgorithmIdentifier signatureAlgorithm, - DERBitString signature) - { - this.signatureAlgorithm = signatureAlgorithm; - this.signature = signature; - } - - public Signature( - AlgorithmIdentifier signatureAlgorithm, - DERBitString signature, - ASN1Sequence certs) - { - this.signatureAlgorithm = signatureAlgorithm; - this.signature = signature; - this.certs = certs; - } - - public Signature( - ASN1Sequence seq) - { - signatureAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(0)); - signature = (DERBitString)seq.getObjectAt(1); - - if (seq.size() == 3) - { - certs = ASN1Sequence.getInstance( - (ASN1TaggedObject)seq.getObjectAt(2), true); - } - } - - public static Signature getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static Signature getInstance( - Object obj) - { - if (obj == null || obj instanceof Signature) - { - return (Signature)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new Signature((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public AlgorithmIdentifier getSignatureAlgorithm() - { - return signatureAlgorithm; - } - - public DERBitString getSignature() - { - return signature; - } - - public ASN1Sequence getCerts() - { - return certs; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * Signature ::= SEQUENCE { - * signatureAlgorithm AlgorithmIdentifier, - * signature BIT STRING, - * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL} - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(signatureAlgorithm); - v.add(signature); - - if (certs != null) - { - v.add(new DERTaggedObject(true, 0, certs)); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/ocsp/SingleResponse.java b/luni/src/main/java/org/bouncycastle/asn1/ocsp/SingleResponse.java deleted file mode 100644 index a16f14b..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/ocsp/SingleResponse.java +++ /dev/null @@ -1,143 +0,0 @@ -package org.bouncycastle.asn1.ocsp; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x509.X509Extensions; - -public class SingleResponse - extends ASN1Encodable -{ - private CertID certID; - private CertStatus certStatus; - private DERGeneralizedTime thisUpdate; - private DERGeneralizedTime nextUpdate; - private X509Extensions singleExtensions; - - public SingleResponse( - CertID certID, - CertStatus certStatus, - DERGeneralizedTime thisUpdate, - DERGeneralizedTime nextUpdate, - X509Extensions singleExtensions) - { - this.certID = certID; - this.certStatus = certStatus; - this.thisUpdate = thisUpdate; - this.nextUpdate = nextUpdate; - this.singleExtensions = singleExtensions; - } - - public SingleResponse( - ASN1Sequence seq) - { - this.certID = CertID.getInstance(seq.getObjectAt(0)); - this.certStatus = CertStatus.getInstance(seq.getObjectAt(1)); - this.thisUpdate = (DERGeneralizedTime)seq.getObjectAt(2); - - if (seq.size() > 4) - { - this.nextUpdate = DERGeneralizedTime.getInstance( - (ASN1TaggedObject)seq.getObjectAt(3), true); - this.singleExtensions = X509Extensions.getInstance( - (ASN1TaggedObject)seq.getObjectAt(4), true); - } - else if (seq.size() > 3) - { - ASN1TaggedObject o = (ASN1TaggedObject)seq.getObjectAt(3); - - if (o.getTagNo() == 0) - { - this.nextUpdate = DERGeneralizedTime.getInstance(o, true); - } - else - { - this.singleExtensions = X509Extensions.getInstance(o, true); - } - } - } - - public static SingleResponse getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static SingleResponse getInstance( - Object obj) - { - if (obj == null || obj instanceof SingleResponse) - { - return (SingleResponse)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new SingleResponse((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public CertID getCertID() - { - return certID; - } - - public CertStatus getCertStatus() - { - return certStatus; - } - - public DERGeneralizedTime getThisUpdate() - { - return thisUpdate; - } - - public DERGeneralizedTime getNextUpdate() - { - return nextUpdate; - } - - public X509Extensions getSingleExtensions() - { - return singleExtensions; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * SingleResponse ::= SEQUENCE { - * certID CertID, - * certStatus CertStatus, - * thisUpdate GeneralizedTime, - * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, - * singleExtensions [1] EXPLICIT Extensions OPTIONAL } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(certID); - v.add(certStatus); - v.add(thisUpdate); - - if (nextUpdate != null) - { - v.add(new DERTaggedObject(true, 0, nextUpdate)); - } - - if (singleExtensions != null) - { - v.add(new DERTaggedObject(true, 1, singleExtensions)); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/ocsp/TBSRequest.java b/luni/src/main/java/org/bouncycastle/asn1/ocsp/TBSRequest.java deleted file mode 100644 index fd4e86b..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/ocsp/TBSRequest.java +++ /dev/null @@ -1,150 +0,0 @@ -package org.bouncycastle.asn1.ocsp; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.X509Extensions; - -public class TBSRequest - extends ASN1Encodable -{ - private static final DERInteger V1 = new DERInteger(0); - - DERInteger version; - GeneralName requestorName; - ASN1Sequence requestList; - X509Extensions requestExtensions; - - public TBSRequest( - GeneralName requestorName, - ASN1Sequence requestList, - X509Extensions requestExtensions) - { - this.version = V1; - this.requestorName = requestorName; - this.requestList = requestList; - this.requestExtensions = requestExtensions; - } - - public TBSRequest( - ASN1Sequence seq) - { - int index = 0; - - if (seq.getObjectAt(0) instanceof ASN1TaggedObject) - { - ASN1TaggedObject o = (ASN1TaggedObject)seq.getObjectAt(0); - - if (o.getTagNo() == 0) - { - version = DERInteger.getInstance((ASN1TaggedObject)seq.getObjectAt(0), true); - index++; - } - else - { - version = V1; - } - } - else - { - version = V1; - } - - if (seq.getObjectAt(index) instanceof ASN1TaggedObject) - { - requestorName = GeneralName.getInstance((ASN1TaggedObject)seq.getObjectAt(index++), true); - } - - requestList = (ASN1Sequence)seq.getObjectAt(index++); - - if (seq.size() == (index + 1)) - { - requestExtensions = X509Extensions.getInstance((ASN1TaggedObject)seq.getObjectAt(index), true); - } - } - - public static TBSRequest getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static TBSRequest getInstance( - Object obj) - { - if (obj == null || obj instanceof TBSRequest) - { - return (TBSRequest)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new TBSRequest((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public DERInteger getVersion() - { - return version; - } - - public GeneralName getRequestorName() - { - return requestorName; - } - - public ASN1Sequence getRequestList() - { - return requestList; - } - - public X509Extensions getRequestExtensions() - { - return requestExtensions; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * TBSRequest ::= SEQUENCE { - * version [0] EXPLICIT Version DEFAULT v1, - * requestorName [1] EXPLICIT GeneralName OPTIONAL, - * requestList SEQUENCE OF Request, - * requestExtensions [2] EXPLICIT Extensions OPTIONAL } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - // - // if default don't include. - // - if (!version.equals(V1)) - { - v.add(new DERTaggedObject(true, 0, version)); - } - - if (requestorName != null) - { - v.add(new DERTaggedObject(true, 1, requestorName)); - } - - v.add(requestList); - - if (requestExtensions != null) - { - v.add(new DERTaggedObject(true, 2, requestExtensions)); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/oiw/OIWObjectIdentifiers.java b/luni/src/main/java/org/bouncycastle/asn1/oiw/OIWObjectIdentifiers.java deleted file mode 100644 index 4174e4d..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/oiw/OIWObjectIdentifiers.java +++ /dev/null @@ -1,26 +0,0 @@ -package org.bouncycastle.asn1.oiw; - -import org.bouncycastle.asn1.DERObjectIdentifier; - -public interface OIWObjectIdentifiers -{ - // id-SHA1 OBJECT IDENTIFIER ::= - // {iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } // - static final DERObjectIdentifier md4WithRSA = new DERObjectIdentifier("1.3.14.3.2.2"); - static final DERObjectIdentifier md5WithRSA = new DERObjectIdentifier("1.3.14.3.2.3"); - static final DERObjectIdentifier md4WithRSAEncryption = new DERObjectIdentifier("1.3.14.3.2.4"); - - static final DERObjectIdentifier desCBC = new DERObjectIdentifier("1.3.14.3.2.7"); - - static final DERObjectIdentifier idSHA1 = new DERObjectIdentifier("1.3.14.3.2.26"); - - static final DERObjectIdentifier dsaWithSHA1 = new DERObjectIdentifier("1.3.14.3.2.27"); - - static final DERObjectIdentifier sha1WithRSA = new DERObjectIdentifier("1.3.14.3.2.29"); - - // ElGamal Algorithm OBJECT IDENTIFIER ::= - // {iso(1) identified-organization(3) oiw(14) dirservsig(7) algorithm(2) encryption(1) 1 } - // - static final DERObjectIdentifier elGamalAlgorithm = new DERObjectIdentifier("1.3.14.7.2.1.1"); - -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/pkcs/Attribute.java b/luni/src/main/java/org/bouncycastle/asn1/pkcs/Attribute.java deleted file mode 100644 index 56d6870..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/pkcs/Attribute.java +++ /dev/null @@ -1,82 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -public class Attribute - extends ASN1Encodable -{ - private DERObjectIdentifier attrType; - private ASN1Set attrValues; - - /** - * return an Attribute object from the given object. - * - * @param o the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static Attribute getInstance( - Object o) - { - if (o == null || o instanceof Attribute) - { - return (Attribute)o; - } - - if (o instanceof ASN1Sequence) - { - return new Attribute((ASN1Sequence)o); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public Attribute( - ASN1Sequence seq) - { - attrType = (DERObjectIdentifier)seq.getObjectAt(0); - attrValues = (ASN1Set)seq.getObjectAt(1); - } - - public Attribute( - DERObjectIdentifier attrType, - ASN1Set attrValues) - { - this.attrType = attrType; - this.attrValues = attrValues; - } - - public DERObjectIdentifier getAttrType() - { - return attrType; - } - - public ASN1Set getAttrValues() - { - return attrValues; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * Attribute ::= SEQUENCE { - * attrType OBJECT IDENTIFIER, - * attrValues SET OF AttributeValue - * } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(attrType); - v.add(attrValues); - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/pkcs/AuthenticatedSafe.java b/luni/src/main/java/org/bouncycastle/asn1/pkcs/AuthenticatedSafe.java deleted file mode 100644 index fe04a5c..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/pkcs/AuthenticatedSafe.java +++ /dev/null @@ -1,47 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.BERSequence; -import org.bouncycastle.asn1.DERObject; - -public class AuthenticatedSafe - extends ASN1Encodable -{ - ContentInfo[] info; - - public AuthenticatedSafe( - ASN1Sequence seq) - { - info = new ContentInfo[seq.size()]; - - for (int i = 0; i != info.length; i++) - { - info[i] = ContentInfo.getInstance(seq.getObjectAt(i)); - } - } - - public AuthenticatedSafe( - ContentInfo[] info) - { - this.info = info; - } - - public ContentInfo[] getContentInfo() - { - return info; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - for (int i = 0; i != info.length; i++) - { - v.add(info[i]); - } - - return new BERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/pkcs/CertBag.java b/luni/src/main/java/org/bouncycastle/asn1/pkcs/CertBag.java deleted file mode 100644 index c781b4c..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/pkcs/CertBag.java +++ /dev/null @@ -1,53 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; - -public class CertBag - extends ASN1Encodable -{ - ASN1Sequence seq; - DERObjectIdentifier certId; - DERObject certValue; - - public CertBag( - ASN1Sequence seq) - { - this.seq = seq; - this.certId = (DERObjectIdentifier)seq.getObjectAt(0); - this.certValue = ((DERTaggedObject)seq.getObjectAt(1)).getObject(); - } - - public CertBag( - DERObjectIdentifier certId, - DERObject certValue) - { - this.certId = certId; - this.certValue = certValue; - } - - public DERObjectIdentifier getCertId() - { - return certId; - } - - public DERObject getCertValue() - { - return certValue; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(certId); - v.add(new DERTaggedObject(0, certValue)); - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequest.java b/luni/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequest.java deleted file mode 100644 index ba28f54..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequest.java +++ /dev/null @@ -1,76 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -/** - * PKCS10 Certification request object. - * <pre> - * CertificationRequest ::= SEQUENCE { - * certificationRequestInfo CertificationRequestInfo, - * signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }}, - * signature BIT STRING - * } - * </pre> - */ -public class CertificationRequest - extends ASN1Encodable -{ - protected CertificationRequestInfo reqInfo = null; - protected AlgorithmIdentifier sigAlgId = null; - protected DERBitString sigBits = null; - - protected CertificationRequest() - { - } - - public CertificationRequest( - CertificationRequestInfo requestInfo, - AlgorithmIdentifier algorithm, - DERBitString signature) - { - this.reqInfo = requestInfo; - this.sigAlgId = algorithm; - this.sigBits = signature; - } - - public CertificationRequest( - ASN1Sequence seq) - { - reqInfo = CertificationRequestInfo.getInstance(seq.getObjectAt(0)); - sigAlgId = AlgorithmIdentifier.getInstance(seq.getObjectAt(1)); - sigBits = (DERBitString)seq.getObjectAt(2); - } - - public CertificationRequestInfo getCertificationRequestInfo() - { - return reqInfo; - } - - public AlgorithmIdentifier getSignatureAlgorithm() - { - return sigAlgId; - } - - public DERBitString getSignature() - { - return sigBits; - } - - public DERObject toASN1Object() - { - // Construct the CertificateRequest - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(reqInfo); - v.add(sigAlgId); - v.add(sigBits); - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java b/luni/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java deleted file mode 100644 index 3b9314d..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java +++ /dev/null @@ -1,129 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x509.X509Name; - -/** - * PKCS10 CertificationRequestInfo object. - * <pre> - * CertificationRequestInfo ::= SEQUENCE { - * version INTEGER { v1(0) } (v1,...), - * subject Name, - * subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }}, - * attributes [0] Attributes{{ CRIAttributes }} - * } - * - * Attributes { ATTRIBUTE:IOSet } ::= SET OF Attribute{{ IOSet }} - * - * Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE { - * type ATTRIBUTE.&id({IOSet}), - * values SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{\@type}) - * } - * </pre> - */ -public class CertificationRequestInfo - extends ASN1Encodable -{ - DERInteger version = new DERInteger(0); - X509Name subject; - SubjectPublicKeyInfo subjectPKInfo; - ASN1Set attributes = null; - - public static CertificationRequestInfo getInstance( - Object obj) - { - if (obj instanceof CertificationRequestInfo) - { - return (CertificationRequestInfo)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new CertificationRequestInfo((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public CertificationRequestInfo( - X509Name subject, - SubjectPublicKeyInfo pkInfo, - ASN1Set attributes) - { - this.subject = subject; - this.subjectPKInfo = pkInfo; - this.attributes = attributes; - - if ((subject == null) || (version == null) || (subjectPKInfo == null)) - { - throw new IllegalArgumentException("Not all mandatory fields set in CertificationRequestInfo generator."); - } - } - - public CertificationRequestInfo( - ASN1Sequence seq) - { - version = (DERInteger)seq.getObjectAt(0); - - subject = X509Name.getInstance(seq.getObjectAt(1)); - subjectPKInfo = SubjectPublicKeyInfo.getInstance(seq.getObjectAt(2)); - - // - // some CertificationRequestInfo objects seem to treat this field - // as optional. - // - if (seq.size() > 3) - { - DERTaggedObject tagobj = (DERTaggedObject)seq.getObjectAt(3); - attributes = ASN1Set.getInstance(tagobj, false); - } - - if ((subject == null) || (version == null) || (subjectPKInfo == null)) - { - throw new IllegalArgumentException("Not all mandatory fields set in CertificationRequestInfo generator."); - } - } - - public DERInteger getVersion() - { - return version; - } - - public X509Name getSubject() - { - return subject; - } - - public SubjectPublicKeyInfo getSubjectPublicKeyInfo() - { - return subjectPKInfo; - } - - public ASN1Set getAttributes() - { - return attributes; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(version); - v.add(subject); - v.add(subjectPKInfo); - - if (attributes != null) - { - v.add(new DERTaggedObject(false, 0, attributes)); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/pkcs/ContentInfo.java b/luni/src/main/java/org/bouncycastle/asn1/pkcs/ContentInfo.java deleted file mode 100644 index 49b3a70..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/pkcs/ContentInfo.java +++ /dev/null @@ -1,90 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.BERSequence; -import org.bouncycastle.asn1.BERTaggedObject; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERTaggedObject; - -public class ContentInfo - extends ASN1Encodable - implements PKCSObjectIdentifiers -{ - private DERObjectIdentifier contentType; - private DEREncodable content; - - public static ContentInfo getInstance( - Object obj) - { - if (obj instanceof ContentInfo) - { - return (ContentInfo)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new ContentInfo((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public ContentInfo( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - contentType = (DERObjectIdentifier)e.nextElement(); - - if (e.hasMoreElements()) - { - content = ((DERTaggedObject)e.nextElement()).getObject(); - } - } - - public ContentInfo( - DERObjectIdentifier contentType, - DEREncodable content) - { - this.contentType = contentType; - this.content = content; - } - - public DERObjectIdentifier getContentType() - { - return contentType; - } - - public DEREncodable getContent() - { - return content; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * ContentInfo ::= SEQUENCE { - * contentType ContentType, - * content - * [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(contentType); - - if (content != null) - { - v.add(new BERTaggedObject(0, content)); - } - - return new BERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/pkcs/DHParameter.java b/luni/src/main/java/org/bouncycastle/asn1/pkcs/DHParameter.java deleted file mode 100644 index 34537fa..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/pkcs/DHParameter.java +++ /dev/null @@ -1,88 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import java.math.BigInteger; -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class DHParameter - extends ASN1Encodable -{ - DERInteger p, g, l; - - public DHParameter( - BigInteger p, - BigInteger g, - int l) - { - this.p = new DERInteger(p); - this.g = new DERInteger(g); - - if (l != 0) - { - this.l = new DERInteger(l); - } - else - { - this.l = null; - } - } - - public DHParameter( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - p = (DERInteger)e.nextElement(); - g = (DERInteger)e.nextElement(); - - if (e.hasMoreElements()) - { - l = (DERInteger)e.nextElement(); - } - else - { - l = null; - } - } - - public BigInteger getP() - { - return p.getPositiveValue(); - } - - public BigInteger getG() - { - return g.getPositiveValue(); - } - - public BigInteger getL() - { - if (l == null) - { - return null; - } - - return l.getPositiveValue(); - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(p); - v.add(g); - - if (this.getL() != null) - { - v.add(l); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/pkcs/EncryptedData.java b/luni/src/main/java/org/bouncycastle/asn1/pkcs/EncryptedData.java deleted file mode 100644 index 37d1303..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/pkcs/EncryptedData.java +++ /dev/null @@ -1,104 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import org.bouncycastle.asn1.*; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -/** - * The EncryptedData object. - * <pre> - * EncryptedData ::= SEQUENCE { - * version Version, - * encryptedContentInfo EncryptedContentInfo - * } - * - * - * EncryptedContentInfo ::= SEQUENCE { - * contentType ContentType, - * contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier, - * encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL - * } - * - * EncryptedContent ::= OCTET STRING - * </pre> - */ -public class EncryptedData - extends ASN1Encodable -{ - ASN1Sequence data; - DERObjectIdentifier bagId; - DERObject bagValue; - - public static EncryptedData getInstance( - Object obj) - { - if (obj instanceof EncryptedData) - { - return (EncryptedData)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new EncryptedData((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public EncryptedData( - ASN1Sequence seq) - { - int version = ((DERInteger)seq.getObjectAt(0)).getValue().intValue(); - - if (version != 0) - { - throw new IllegalArgumentException("sequence not version 0"); - } - - this.data = (ASN1Sequence)seq.getObjectAt(1); - } - - public EncryptedData( - DERObjectIdentifier contentType, - AlgorithmIdentifier encryptionAlgorithm, - DEREncodable content) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(contentType); - v.add(encryptionAlgorithm.getDERObject()); - v.add(new BERTaggedObject(false, 0, content)); - - data = new BERSequence(v); - } - - public DERObjectIdentifier getContentType() - { - return (DERObjectIdentifier)data.getObjectAt(0); - } - - public AlgorithmIdentifier getEncryptionAlgorithm() - { - return AlgorithmIdentifier.getInstance(data.getObjectAt(1)); - } - - public ASN1OctetString getContent() - { - if (data.size() == 3) - { - DERTaggedObject o = (DERTaggedObject)data.getObjectAt(2); - - return ASN1OctetString.getInstance(o.getObject()); - } - - return null; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(new DERInteger(0)); - v.add(data); - - return new BERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java b/luni/src/main/java/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java deleted file mode 100644 index b46c13f..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java +++ /dev/null @@ -1,86 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class EncryptedPrivateKeyInfo - extends ASN1Encodable -{ - private AlgorithmIdentifier algId; - private ASN1OctetString data; - - public EncryptedPrivateKeyInfo( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - algId = AlgorithmIdentifier.getInstance(e.nextElement()); - data = (ASN1OctetString)e.nextElement(); - } - - public EncryptedPrivateKeyInfo( - AlgorithmIdentifier algId, - byte[] encoding) - { - this.algId = algId; - this.data = new DEROctetString(encoding); - } - - public static EncryptedPrivateKeyInfo getInstance( - Object obj) - { - if (obj instanceof EncryptedData) - { - return (EncryptedPrivateKeyInfo)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new EncryptedPrivateKeyInfo((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public AlgorithmIdentifier getEncryptionAlgorithm() - { - return algId; - } - - public byte[] getEncryptedData() - { - return data.getOctets(); - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * EncryptedPrivateKeyInfo ::= SEQUENCE { - * encryptionAlgorithm AlgorithmIdentifier {{KeyEncryptionAlgorithms}}, - * encryptedData EncryptedData - * } - * - * EncryptedData ::= OCTET STRING - * - * KeyEncryptionAlgorithms ALGORITHM-IDENTIFIER ::= { - * ... -- For local profiles - * } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(algId); - v.add(data); - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/pkcs/EncryptionScheme.java b/luni/src/main/java/org/bouncycastle/asn1/pkcs/EncryptionScheme.java deleted file mode 100644 index eb9b326..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/pkcs/EncryptionScheme.java +++ /dev/null @@ -1,38 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class EncryptionScheme - extends AlgorithmIdentifier -{ - DERObject objectId; - DERObject obj; - - EncryptionScheme( - ASN1Sequence seq) - { - super(seq); - - objectId = (DERObject)seq.getObjectAt(0); - obj = (DERObject)seq.getObjectAt(1); - } - - public DERObject getObject() - { - return obj; - } - - public DERObject getDERObject() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(objectId); - v.add(obj); - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/pkcs/IssuerAndSerialNumber.java b/luni/src/main/java/org/bouncycastle/asn1/pkcs/IssuerAndSerialNumber.java deleted file mode 100644 index 088d213..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/pkcs/IssuerAndSerialNumber.java +++ /dev/null @@ -1,76 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import java.math.BigInteger; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.X509Name; - -public class IssuerAndSerialNumber - extends ASN1Encodable -{ - X509Name name; - DERInteger certSerialNumber; - - public static IssuerAndSerialNumber getInstance( - Object obj) - { - if (obj instanceof IssuerAndSerialNumber) - { - return (IssuerAndSerialNumber)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new IssuerAndSerialNumber((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public IssuerAndSerialNumber( - ASN1Sequence seq) - { - this.name = X509Name.getInstance(seq.getObjectAt(0)); - this.certSerialNumber = (DERInteger)seq.getObjectAt(1); - } - - public IssuerAndSerialNumber( - X509Name name, - BigInteger certSerialNumber) - { - this.name = name; - this.certSerialNumber = new DERInteger(certSerialNumber); - } - - public IssuerAndSerialNumber( - X509Name name, - DERInteger certSerialNumber) - { - this.name = name; - this.certSerialNumber = certSerialNumber; - } - - public X509Name getName() - { - return name; - } - - public DERInteger getCertificateSerialNumber() - { - return certSerialNumber; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(name); - v.add(certSerialNumber); - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/pkcs/KeyDerivationFunc.java b/luni/src/main/java/org/bouncycastle/asn1/pkcs/KeyDerivationFunc.java deleted file mode 100644 index 50c9ef2..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/pkcs/KeyDerivationFunc.java +++ /dev/null @@ -1,23 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class KeyDerivationFunc - extends AlgorithmIdentifier -{ - KeyDerivationFunc( - ASN1Sequence seq) - { - super(seq); - } - - KeyDerivationFunc( - DERObjectIdentifier id, - ASN1Encodable params) - { - super(id, params); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/pkcs/MacData.java b/luni/src/main/java/org/bouncycastle/asn1/pkcs/MacData.java deleted file mode 100644 index 8f58c82..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/pkcs/MacData.java +++ /dev/null @@ -1,89 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import java.math.BigInteger; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.DigestInfo; - -public class MacData - extends ASN1Encodable -{ - DigestInfo digInfo; - byte[] salt; - BigInteger iterationCount; - - public static MacData getInstance( - Object obj) - { - if (obj instanceof MacData) - { - return (MacData)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new MacData((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public MacData( - ASN1Sequence seq) - { - this.digInfo = DigestInfo.getInstance(seq.getObjectAt(0)); - - this.salt = ((ASN1OctetString)seq.getObjectAt(1)).getOctets(); - - if (seq.size() == 3) - { - this.iterationCount = ((DERInteger)seq.getObjectAt(2)).getValue(); - } - else - { - this.iterationCount = BigInteger.valueOf(1); - } - } - - public MacData( - DigestInfo digInfo, - byte[] salt, - int iterationCount) - { - this.digInfo = digInfo; - this.salt = salt; - this.iterationCount = BigInteger.valueOf(iterationCount); - } - - public DigestInfo getMac() - { - return digInfo; - } - - public byte[] getSalt() - { - return salt; - } - - public BigInteger getIterationCount() - { - return iterationCount; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(digInfo); - v.add(new DEROctetString(salt)); - v.add(new DERInteger(iterationCount)); - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Algorithms.java b/luni/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Algorithms.java deleted file mode 100644 index 2817903..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Algorithms.java +++ /dev/null @@ -1,77 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -/** - * @deprecated - use AlgorithmIdentifier and PBES2Parameters - */ -public class PBES2Algorithms - extends AlgorithmIdentifier implements PKCSObjectIdentifiers -{ - private DERObjectIdentifier objectId; - private KeyDerivationFunc func; - private EncryptionScheme scheme; - - public PBES2Algorithms( - ASN1Sequence obj) - { - super(obj); - - Enumeration e = obj.getObjects(); - - objectId = (DERObjectIdentifier)e.nextElement(); - - ASN1Sequence seq = (ASN1Sequence)e.nextElement(); - - e = seq.getObjects(); - - ASN1Sequence funcSeq = (ASN1Sequence)e.nextElement(); - - if (funcSeq.getObjectAt(0).equals(id_PBKDF2)) - { - func = new KeyDerivationFunc(id_PBKDF2, PBKDF2Params.getInstance(funcSeq.getObjectAt(1))); - } - else - { - func = new KeyDerivationFunc(funcSeq); - } - - scheme = new EncryptionScheme((ASN1Sequence)e.nextElement()); - } - - public DERObjectIdentifier getObjectId() - { - return objectId; - } - - public KeyDerivationFunc getKeyDerivationFunc() - { - return func; - } - - public EncryptionScheme getEncryptionScheme() - { - return scheme; - } - - public DERObject getDERObject() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - ASN1EncodableVector subV = new ASN1EncodableVector(); - - v.add(objectId); - - subV.add(func); - subV.add(scheme); - v.add(new DERSequence(subV)); - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Parameters.java b/luni/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Parameters.java deleted file mode 100644 index 57c773c..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/pkcs/PBES2Parameters.java +++ /dev/null @@ -1,55 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class PBES2Parameters - extends ASN1Encodable - implements PKCSObjectIdentifiers -{ - private KeyDerivationFunc func; - private EncryptionScheme scheme; - - public PBES2Parameters( - ASN1Sequence obj) - { - Enumeration e = obj.getObjects(); - ASN1Sequence funcSeq = (ASN1Sequence)e.nextElement(); - - if (funcSeq.getObjectAt(0).equals(id_PBKDF2)) - { - func = new KeyDerivationFunc(id_PBKDF2, PBKDF2Params.getInstance(funcSeq.getObjectAt(1))); - } - else - { - func = new KeyDerivationFunc(funcSeq); - } - - scheme = new EncryptionScheme((ASN1Sequence)e.nextElement()); - } - - public KeyDerivationFunc getKeyDerivationFunc() - { - return func; - } - - public EncryptionScheme getEncryptionScheme() - { - return scheme; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(func); - v.add(scheme); - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/pkcs/PBKDF2Params.java b/luni/src/main/java/org/bouncycastle/asn1/pkcs/PBKDF2Params.java deleted file mode 100644 index 311766e..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/pkcs/PBKDF2Params.java +++ /dev/null @@ -1,98 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import java.math.BigInteger; -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; - -public class PBKDF2Params - extends ASN1Encodable -{ - ASN1OctetString octStr; - DERInteger iterationCount; - DERInteger keyLength; - - public static PBKDF2Params getInstance( - Object obj) - { - if (obj instanceof PBKDF2Params) - { - return (PBKDF2Params)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new PBKDF2Params((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public PBKDF2Params( - byte[] salt, - int iterationCount) - { - this.octStr = new DEROctetString(salt); - this.iterationCount = new DERInteger(iterationCount); - } - - public PBKDF2Params( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - octStr = (ASN1OctetString)e.nextElement(); - iterationCount = (DERInteger)e.nextElement(); - - if (e.hasMoreElements()) - { - keyLength = (DERInteger)e.nextElement(); - } - else - { - keyLength = null; - } - } - - public byte[] getSalt() - { - return octStr.getOctets(); - } - - public BigInteger getIterationCount() - { - return iterationCount.getValue(); - } - - public BigInteger getKeyLength() - { - if (keyLength != null) - { - return keyLength.getValue(); - } - - return null; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(octStr); - v.add(iterationCount); - - if (keyLength != null) - { - v.add(keyLength); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/pkcs/PKCS12PBEParams.java b/luni/src/main/java/org/bouncycastle/asn1/pkcs/PKCS12PBEParams.java deleted file mode 100644 index 5dc3a5d..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/pkcs/PKCS12PBEParams.java +++ /dev/null @@ -1,69 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import java.math.BigInteger; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; - -public class PKCS12PBEParams - extends ASN1Encodable -{ - DERInteger iterations; - ASN1OctetString iv; - - public PKCS12PBEParams( - byte[] salt, - int iterations) - { - this.iv = new DEROctetString(salt); - this.iterations = new DERInteger(iterations); - } - - public PKCS12PBEParams( - ASN1Sequence seq) - { - iv = (ASN1OctetString)seq.getObjectAt(0); - iterations = (DERInteger)seq.getObjectAt(1); - } - - public static PKCS12PBEParams getInstance( - Object obj) - { - if (obj instanceof PKCS12PBEParams) - { - return (PKCS12PBEParams)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new PKCS12PBEParams((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public BigInteger getIterations() - { - return iterations.getValue(); - } - - public byte[] getIV() - { - return iv.getOctets(); - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(iv); - v.add(iterations); - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java b/luni/src/main/java/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java deleted file mode 100644 index 1a7a553..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java +++ /dev/null @@ -1,210 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import org.bouncycastle.asn1.DERObjectIdentifier; - -public interface PKCSObjectIdentifiers -{ - // - // pkcs-1 OBJECT IDENTIFIER ::= { - // iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } - // - static final String pkcs_1 = "1.2.840.113549.1.1"; - static final DERObjectIdentifier rsaEncryption = new DERObjectIdentifier(pkcs_1 + ".1"); - // BEGIN android-removed - // Dropping MD2 - // static final DERObjectIdentifier md2WithRSAEncryption = new DERObjectIdentifier(pkcs_1 + ".2"); - // END android-removed - static final DERObjectIdentifier md4WithRSAEncryption = new DERObjectIdentifier(pkcs_1 + ".3"); - static final DERObjectIdentifier md5WithRSAEncryption = new DERObjectIdentifier(pkcs_1 + ".4"); - static final DERObjectIdentifier sha1WithRSAEncryption = new DERObjectIdentifier(pkcs_1 + ".5"); - static final DERObjectIdentifier srsaOAEPEncryptionSET = new DERObjectIdentifier(pkcs_1 + ".6"); - static final DERObjectIdentifier id_RSAES_OAEP = new DERObjectIdentifier(pkcs_1 + ".7"); - static final DERObjectIdentifier id_mgf1 = new DERObjectIdentifier(pkcs_1 + ".8"); - static final DERObjectIdentifier id_pSpecified = new DERObjectIdentifier(pkcs_1 + ".9"); - static final DERObjectIdentifier id_RSASSA_PSS = new DERObjectIdentifier(pkcs_1 + ".10"); - static final DERObjectIdentifier sha256WithRSAEncryption = new DERObjectIdentifier(pkcs_1 + ".11"); - static final DERObjectIdentifier sha384WithRSAEncryption = new DERObjectIdentifier(pkcs_1 + ".12"); - static final DERObjectIdentifier sha512WithRSAEncryption = new DERObjectIdentifier(pkcs_1 + ".13"); - static final DERObjectIdentifier sha224WithRSAEncryption = new DERObjectIdentifier(pkcs_1 + ".14"); - - // - // pkcs-3 OBJECT IDENTIFIER ::= { - // iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 3 } - // - static final String pkcs_3 = "1.2.840.113549.1.3"; - static final DERObjectIdentifier dhKeyAgreement = new DERObjectIdentifier(pkcs_3 + ".1"); - - // - // pkcs-5 OBJECT IDENTIFIER ::= { - // iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 } - // - static final String pkcs_5 = "1.2.840.113549.1.5"; - - static final DERObjectIdentifier pbeWithMD2AndDES_CBC = new DERObjectIdentifier(pkcs_5 + ".1"); - static final DERObjectIdentifier pbeWithMD2AndRC2_CBC = new DERObjectIdentifier(pkcs_5 + ".4"); - static final DERObjectIdentifier pbeWithMD5AndDES_CBC = new DERObjectIdentifier(pkcs_5 + ".3"); - static final DERObjectIdentifier pbeWithMD5AndRC2_CBC = new DERObjectIdentifier(pkcs_5 + ".6"); - static final DERObjectIdentifier pbeWithSHA1AndDES_CBC = new DERObjectIdentifier(pkcs_5 + ".10"); - static final DERObjectIdentifier pbeWithSHA1AndRC2_CBC = new DERObjectIdentifier(pkcs_5 + ".11"); - - static final DERObjectIdentifier id_PBES2 = new DERObjectIdentifier(pkcs_5 + ".13"); - - static final DERObjectIdentifier id_PBKDF2 = new DERObjectIdentifier(pkcs_5 + ".12"); - - // - // encryptionAlgorithm OBJECT IDENTIFIER ::= { - // iso(1) member-body(2) us(840) rsadsi(113549) 3 } - // - static final String encryptionAlgorithm = "1.2.840.113549.3"; - - static final DERObjectIdentifier des_EDE3_CBC = new DERObjectIdentifier(encryptionAlgorithm + ".7"); - static final DERObjectIdentifier RC2_CBC = new DERObjectIdentifier(encryptionAlgorithm + ".2"); - - // - // object identifiers for digests - // - static final String digestAlgorithm = "1.2.840.113549.2"; - // - // md2 OBJECT IDENTIFIER ::= - // {iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) 2} - // - // BEGIN android-removed - // Dropping MD2 - // static final DERObjectIdentifier md2 = new DERObjectIdentifier(digestAlgorithm + ".2"); - // END android-removed - - // - // md4 OBJECT IDENTIFIER ::= - // {iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) 4} - // - static final DERObjectIdentifier md4 = new DERObjectIdentifier(digestAlgorithm + ".4"); - - // - // md5 OBJECT IDENTIFIER ::= - // {iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) 5} - // - static final DERObjectIdentifier md5 = new DERObjectIdentifier(digestAlgorithm + ".5"); - - static final DERObjectIdentifier id_hmacWithSHA1 = new DERObjectIdentifier(digestAlgorithm + ".7"); - static final DERObjectIdentifier id_hmacWithSHA224 = new DERObjectIdentifier(digestAlgorithm + ".8"); - static final DERObjectIdentifier id_hmacWithSHA256 = new DERObjectIdentifier(digestAlgorithm + ".9"); - static final DERObjectIdentifier id_hmacWithSHA384 = new DERObjectIdentifier(digestAlgorithm + ".10"); - static final DERObjectIdentifier id_hmacWithSHA512 = new DERObjectIdentifier(digestAlgorithm + ".11"); - - // - // pkcs-7 OBJECT IDENTIFIER ::= { - // iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 7 } - // - static final String pkcs_7 = "1.2.840.113549.1.7"; - static final DERObjectIdentifier data = new DERObjectIdentifier(pkcs_7 + ".1"); - static final DERObjectIdentifier signedData = new DERObjectIdentifier(pkcs_7 + ".2"); - static final DERObjectIdentifier envelopedData = new DERObjectIdentifier(pkcs_7 + ".3"); - static final DERObjectIdentifier signedAndEnvelopedData = new DERObjectIdentifier(pkcs_7 + ".4"); - static final DERObjectIdentifier digestedData = new DERObjectIdentifier(pkcs_7 + ".5"); - static final DERObjectIdentifier encryptedData = new DERObjectIdentifier(pkcs_7 + ".6"); - - // - // pkcs-9 OBJECT IDENTIFIER ::= { - // iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } - // - static final String pkcs_9 = "1.2.840.113549.1.9"; - - static final DERObjectIdentifier pkcs_9_at_emailAddress = new DERObjectIdentifier(pkcs_9 + ".1"); - static final DERObjectIdentifier pkcs_9_at_unstructuredName = new DERObjectIdentifier(pkcs_9 + ".2"); - static final DERObjectIdentifier pkcs_9_at_contentType = new DERObjectIdentifier(pkcs_9 + ".3"); - static final DERObjectIdentifier pkcs_9_at_messageDigest = new DERObjectIdentifier(pkcs_9 + ".4"); - static final DERObjectIdentifier pkcs_9_at_signingTime = new DERObjectIdentifier(pkcs_9 + ".5"); - static final DERObjectIdentifier pkcs_9_at_counterSignature = new DERObjectIdentifier(pkcs_9 + ".6"); - static final DERObjectIdentifier pkcs_9_at_challengePassword = new DERObjectIdentifier(pkcs_9 + ".7"); - static final DERObjectIdentifier pkcs_9_at_unstructuredAddress = new DERObjectIdentifier(pkcs_9 + ".8"); - static final DERObjectIdentifier pkcs_9_at_extendedCertificateAttributes = new DERObjectIdentifier(pkcs_9 + ".9"); - - static final DERObjectIdentifier pkcs_9_at_signingDescription = new DERObjectIdentifier(pkcs_9 + ".13"); - static final DERObjectIdentifier pkcs_9_at_extensionRequest = new DERObjectIdentifier(pkcs_9 + ".14"); - static final DERObjectIdentifier pkcs_9_at_smimeCapabilities = new DERObjectIdentifier(pkcs_9 + ".15"); - - static final DERObjectIdentifier pkcs_9_at_friendlyName = new DERObjectIdentifier(pkcs_9 + ".20"); - static final DERObjectIdentifier pkcs_9_at_localKeyId = new DERObjectIdentifier(pkcs_9 + ".21"); - - static final DERObjectIdentifier x509certType = new DERObjectIdentifier(pkcs_9 + ".22.1"); - - static final DERObjectIdentifier id_alg_PWRI_KEK = new DERObjectIdentifier(pkcs_9 + ".16.3.9"); - - // - // SMIME capability sub oids. - // - static final DERObjectIdentifier preferSignedData = new DERObjectIdentifier(pkcs_9 + ".15.1"); - static final DERObjectIdentifier canNotDecryptAny = new DERObjectIdentifier(pkcs_9 + ".15.2"); - static final DERObjectIdentifier sMIMECapabilitiesVersions = new DERObjectIdentifier(pkcs_9 + ".15.3"); - - // - // other SMIME attributes - // - static final DERObjectIdentifier id_aa_receiptRequest = new DERObjectIdentifier(pkcs_9 + ".16.2.1"); - - // - // id-ct OBJECT IDENTIFIER ::= {iso(1) member-body(2) usa(840) - // rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1)} - // - static String id_ct = "1.2.840.113549.1.9.16.1"; - - static final DERObjectIdentifier id_ct_TSTInfo = new DERObjectIdentifier(id_ct + ".4"); - static final DERObjectIdentifier id_ct_compressedData = new DERObjectIdentifier(id_ct + ".9"); - - // - // id-cti OBJECT IDENTIFIER ::= {iso(1) member-body(2) usa(840) - // rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) cti(6)} - // - static String id_cti = "1.2.840.113549.1.9.16.6"; - - static final DERObjectIdentifier id_cti_ets_proofOfOrigin = new DERObjectIdentifier(id_cti + ".1"); - static final DERObjectIdentifier id_cti_ets_proofOfReceipt = new DERObjectIdentifier(id_cti + ".2"); - static final DERObjectIdentifier id_cti_ets_proofOfDelivery = new DERObjectIdentifier(id_cti + ".3"); - static final DERObjectIdentifier id_cti_ets_proofOfSender = new DERObjectIdentifier(id_cti + ".4"); - static final DERObjectIdentifier id_cti_ets_proofOfApproval = new DERObjectIdentifier(id_cti + ".5"); - static final DERObjectIdentifier id_cti_ets_proofOfCreation = new DERObjectIdentifier(id_cti + ".6"); - - // - // id-aa OBJECT IDENTIFIER ::= {iso(1) member-body(2) usa(840) - // rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) attributes(2)} - // - static String id_aa = "1.2.840.113549.1.9.16.2"; - - /* - * id-aa-encrypKeyPref OBJECT IDENTIFIER ::= {id-aa 11} - * - */ - static DERObjectIdentifier id_aa_encrypKeyPref = new DERObjectIdentifier(id_aa + ".11"); - static DERObjectIdentifier id_aa_signingCertificate = new DERObjectIdentifier(id_aa + ".12"); - - static final DERObjectIdentifier id_aa_contentIdentifier = new DERObjectIdentifier(id_aa + ".7"); // See RFC 2634 - static final DERObjectIdentifier id_aa_signatureTimeStampToken = new DERObjectIdentifier(id_aa + ".14"); // See RFC 3126 - static final DERObjectIdentifier id_aa_sigPolicyId = new DERObjectIdentifier(id_aa + ".15"); // See RFC 3126 - static final DERObjectIdentifier id_aa_commitmentType = new DERObjectIdentifier(id_aa + ".16"); // See RFC 3126 - static final DERObjectIdentifier id_aa_signerLocation = new DERObjectIdentifier(id_aa + ".17"); // See RFC 3126 - static final DERObjectIdentifier id_aa_otherSigCert = new DERObjectIdentifier(id_aa + ".19"); // See RFC 3126 - // - // pkcs-12 OBJECT IDENTIFIER ::= { - // iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 12 } - // - static final String pkcs_12 = "1.2.840.113549.1.12"; - static final String bagtypes = pkcs_12 + ".10.1"; - - static final DERObjectIdentifier keyBag = new DERObjectIdentifier(bagtypes + ".1"); - static final DERObjectIdentifier pkcs8ShroudedKeyBag = new DERObjectIdentifier(bagtypes + ".2"); - static final DERObjectIdentifier certBag = new DERObjectIdentifier(bagtypes + ".3"); - static final DERObjectIdentifier crlBag = new DERObjectIdentifier(bagtypes + ".4"); - static final DERObjectIdentifier secretBag = new DERObjectIdentifier(bagtypes + ".5"); - static final DERObjectIdentifier safeContentsBag = new DERObjectIdentifier(bagtypes + ".6"); - - static final String pkcs_12PbeIds = pkcs_12 + ".1"; - - static final DERObjectIdentifier pbeWithSHAAnd128BitRC4 = new DERObjectIdentifier(pkcs_12PbeIds + ".1"); - static final DERObjectIdentifier pbeWithSHAAnd40BitRC4 = new DERObjectIdentifier(pkcs_12PbeIds + ".2"); - static final DERObjectIdentifier pbeWithSHAAnd3_KeyTripleDES_CBC = new DERObjectIdentifier(pkcs_12PbeIds + ".3"); - static final DERObjectIdentifier pbeWithSHAAnd2_KeyTripleDES_CBC = new DERObjectIdentifier(pkcs_12PbeIds + ".4"); - static final DERObjectIdentifier pbeWithSHAAnd128BitRC2_CBC = new DERObjectIdentifier(pkcs_12PbeIds + ".5"); - static final DERObjectIdentifier pbewithSHAAnd40BitRC2_CBC = new DERObjectIdentifier(pkcs_12PbeIds + ".6"); - -} - diff --git a/luni/src/main/java/org/bouncycastle/asn1/pkcs/Pfx.java b/luni/src/main/java/org/bouncycastle/asn1/pkcs/Pfx.java deleted file mode 100644 index ba5292c..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/pkcs/Pfx.java +++ /dev/null @@ -1,71 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import java.math.BigInteger; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.BERSequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; - -/** - * the infamous Pfx from PKCS12 - */ -public class Pfx - extends ASN1Encodable - implements PKCSObjectIdentifiers -{ - private ContentInfo contentInfo; - private MacData macData = null; - - public Pfx( - ASN1Sequence seq) - { - BigInteger version = ((DERInteger)seq.getObjectAt(0)).getValue(); - if (version.intValue() != 3) - { - throw new IllegalArgumentException("wrong version for PFX PDU"); - } - - contentInfo = ContentInfo.getInstance(seq.getObjectAt(1)); - - if (seq.size() == 3) - { - macData = MacData.getInstance(seq.getObjectAt(2)); - } - } - - public Pfx( - ContentInfo contentInfo, - MacData macData) - { - this.contentInfo = contentInfo; - this.macData = macData; - } - - public ContentInfo getAuthSafe() - { - return contentInfo; - } - - public MacData getMacData() - { - return macData; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(new DERInteger(3)); - v.add(contentInfo); - - if (macData != null) - { - v.add(macData); - } - - return new BERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java b/luni/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java deleted file mode 100644 index 5c384d8..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java +++ /dev/null @@ -1,135 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import java.io.IOException; -import java.math.BigInteger; -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class PrivateKeyInfo - extends ASN1Encodable -{ - private DERObject privKey; - private AlgorithmIdentifier algId; - private ASN1Set attributes; - - public static PrivateKeyInfo getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static PrivateKeyInfo getInstance( - Object obj) - { - if (obj instanceof PrivateKeyInfo) - { - return (PrivateKeyInfo)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new PrivateKeyInfo((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public PrivateKeyInfo( - AlgorithmIdentifier algId, - DERObject privateKey) - { - this.privKey = privateKey; - this.algId = algId; - } - - public PrivateKeyInfo( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - BigInteger version = ((DERInteger)e.nextElement()).getValue(); - if (version.intValue() != 0) - { - throw new IllegalArgumentException("wrong version for private key info"); - } - - algId = new AlgorithmIdentifier((ASN1Sequence)e.nextElement()); - - try - { - ASN1InputStream aIn = new ASN1InputStream(((ASN1OctetString)e.nextElement()).getOctets()); - - privKey = aIn.readObject(); - } - catch (IOException ex) - { - throw new IllegalArgumentException("Error recoverying private key from sequence"); - } - - if (e.hasMoreElements()) - { - attributes = ASN1Set.getInstance((ASN1TaggedObject)e.nextElement(), false); - } - } - - public AlgorithmIdentifier getAlgorithmId() - { - return algId; - } - - public DERObject getPrivateKey() - { - return privKey; - } - - public ASN1Set getAttributes() - { - return attributes; - } - - /** - * write out an RSA private key with it's asscociated information - * as described in PKCS8. - * <pre> - * PrivateKeyInfo ::= SEQUENCE { - * version Version, - * privateKeyAlgorithm AlgorithmIdentifier {{PrivateKeyAlgorithms}}, - * privateKey PrivateKey, - * attributes [0] IMPLICIT Attributes OPTIONAL - * } - * Version ::= INTEGER {v1(0)} (v1,...) - * - * PrivateKey ::= OCTET STRING - * - * Attributes ::= SET OF Attribute - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(new DERInteger(0)); - v.add(algId); - v.add(new DEROctetString(privKey)); - - if (attributes != null) - { - v.add(new DERTaggedObject(false, 0, attributes)); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/pkcs/RC2CBCParameter.java b/luni/src/main/java/org/bouncycastle/asn1/pkcs/RC2CBCParameter.java deleted file mode 100644 index 23508a4..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/pkcs/RC2CBCParameter.java +++ /dev/null @@ -1,89 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import java.math.BigInteger; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; - -public class RC2CBCParameter - extends ASN1Encodable -{ - DERInteger version; - ASN1OctetString iv; - - public static RC2CBCParameter getInstance( - Object o) - { - if (o instanceof ASN1Sequence) - { - return new RC2CBCParameter((ASN1Sequence)o); - } - - throw new IllegalArgumentException("unknown object in RC2CBCParameter factory"); - } - - public RC2CBCParameter( - byte[] iv) - { - this.version = null; - this.iv = new DEROctetString(iv); - } - - public RC2CBCParameter( - int parameterVersion, - byte[] iv) - { - this.version = new DERInteger(parameterVersion); - this.iv = new DEROctetString(iv); - } - - public RC2CBCParameter( - ASN1Sequence seq) - { - if (seq.size() == 1) - { - version = null; - iv = (ASN1OctetString)seq.getObjectAt(0); - } - else - { - version = (DERInteger)seq.getObjectAt(0); - iv = (ASN1OctetString)seq.getObjectAt(1); - } - } - - public BigInteger getRC2ParameterVersion() - { - if (version == null) - { - return null; - } - - return version.getValue(); - } - - public byte[] getIV() - { - return iv.getOctets(); - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (version != null) - { - v.add(version); - } - - v.add(iv); - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java b/luni/src/main/java/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java deleted file mode 100644 index 87537ff..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java +++ /dev/null @@ -1,153 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class RSAESOAEPparams - extends ASN1Encodable -{ - private AlgorithmIdentifier hashAlgorithm; - private AlgorithmIdentifier maskGenAlgorithm; - private AlgorithmIdentifier pSourceAlgorithm; - - // BEGIN android-changed - public final static AlgorithmIdentifier DEFAULT_HASH_ALGORITHM = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.THE_ONE); - // END android-changed - public final static AlgorithmIdentifier DEFAULT_MASK_GEN_FUNCTION = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, DEFAULT_HASH_ALGORITHM); - public final static AlgorithmIdentifier DEFAULT_P_SOURCE_ALGORITHM = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_pSpecified, new DEROctetString(new byte[0])); - - public static RSAESOAEPparams getInstance( - Object obj) - { - if (obj instanceof RSAESOAEPparams) - { - return (RSAESOAEPparams)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new RSAESOAEPparams((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - /** - * The default version - */ - public RSAESOAEPparams() - { - hashAlgorithm = DEFAULT_HASH_ALGORITHM; - maskGenAlgorithm = DEFAULT_MASK_GEN_FUNCTION; - pSourceAlgorithm = DEFAULT_P_SOURCE_ALGORITHM; - } - - public RSAESOAEPparams( - AlgorithmIdentifier hashAlgorithm, - AlgorithmIdentifier maskGenAlgorithm, - AlgorithmIdentifier pSourceAlgorithm) - { - this.hashAlgorithm = hashAlgorithm; - this.maskGenAlgorithm = maskGenAlgorithm; - this.pSourceAlgorithm = pSourceAlgorithm; - } - - public RSAESOAEPparams( - ASN1Sequence seq) - { - hashAlgorithm = DEFAULT_HASH_ALGORITHM; - maskGenAlgorithm = DEFAULT_MASK_GEN_FUNCTION; - pSourceAlgorithm = DEFAULT_P_SOURCE_ALGORITHM; - - for (int i = 0; i != seq.size(); i++) - { - ASN1TaggedObject o = (ASN1TaggedObject)seq.getObjectAt(i); - - switch (o.getTagNo()) - { - case 0: - hashAlgorithm = AlgorithmIdentifier.getInstance(o, true); - break; - case 1: - maskGenAlgorithm = AlgorithmIdentifier.getInstance(o, true); - break; - case 2: - pSourceAlgorithm = AlgorithmIdentifier.getInstance(o, true); - break; - default: - throw new IllegalArgumentException("unknown tag"); - } - } - } - - public AlgorithmIdentifier getHashAlgorithm() - { - return hashAlgorithm; - } - - public AlgorithmIdentifier getMaskGenAlgorithm() - { - return maskGenAlgorithm; - } - - public AlgorithmIdentifier getPSourceAlgorithm() - { - return pSourceAlgorithm; - } - - /** - * <pre> - * RSAES-OAEP-params ::= SEQUENCE { - * hashAlgorithm [0] OAEP-PSSDigestAlgorithms DEFAULT sha1, - * maskGenAlgorithm [1] PKCS1MGFAlgorithms DEFAULT mgf1SHA1, - * pSourceAlgorithm [2] PKCS1PSourceAlgorithms DEFAULT pSpecifiedEmpty - * } - * - * OAEP-PSSDigestAlgorithms ALGORITHM-IDENTIFIER ::= { - * { OID id-sha1 PARAMETERS NULL }| - * { OID id-sha256 PARAMETERS NULL }| - * { OID id-sha384 PARAMETERS NULL }| - * { OID id-sha512 PARAMETERS NULL }, - * ... -- Allows for future expansion -- - * } - * PKCS1MGFAlgorithms ALGORITHM-IDENTIFIER ::= { - * { OID id-mgf1 PARAMETERS OAEP-PSSDigestAlgorithms }, - * ... -- Allows for future expansion -- - * } - * PKCS1PSourceAlgorithms ALGORITHM-IDENTIFIER ::= { - * { OID id-pSpecified PARAMETERS OCTET STRING }, - * ... -- Allows for future expansion -- - * } - * </pre> - * @return the asn1 primitive representing the parameters. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (!hashAlgorithm.equals(DEFAULT_HASH_ALGORITHM)) - { - v.add(new DERTaggedObject(true, 0, hashAlgorithm)); - } - - if (!maskGenAlgorithm.equals(DEFAULT_MASK_GEN_FUNCTION)) - { - v.add(new DERTaggedObject(true, 1, maskGenAlgorithm)); - } - - if (!pSourceAlgorithm.equals(DEFAULT_P_SOURCE_ALGORITHM)) - { - v.add(new DERTaggedObject(true, 2, pSourceAlgorithm)); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/pkcs/RSAPrivateKeyStructure.java b/luni/src/main/java/org/bouncycastle/asn1/pkcs/RSAPrivateKeyStructure.java deleted file mode 100644 index 998b7c6..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/pkcs/RSAPrivateKeyStructure.java +++ /dev/null @@ -1,186 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import java.math.BigInteger; -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class RSAPrivateKeyStructure - extends ASN1Encodable -{ - private int version; - private BigInteger modulus; - private BigInteger publicExponent; - private BigInteger privateExponent; - private BigInteger prime1; - private BigInteger prime2; - private BigInteger exponent1; - private BigInteger exponent2; - private BigInteger coefficient; - private ASN1Sequence otherPrimeInfos = null; - - public static RSAPrivateKeyStructure getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static RSAPrivateKeyStructure getInstance( - Object obj) - { - if (obj instanceof RSAPrivateKeyStructure) - { - return (RSAPrivateKeyStructure)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new RSAPrivateKeyStructure((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public RSAPrivateKeyStructure( - BigInteger modulus, - BigInteger publicExponent, - BigInteger privateExponent, - BigInteger prime1, - BigInteger prime2, - BigInteger exponent1, - BigInteger exponent2, - BigInteger coefficient) - { - this.version = 0; - this.modulus = modulus; - this.publicExponent = publicExponent; - this.privateExponent = privateExponent; - this.prime1 = prime1; - this.prime2 = prime2; - this.exponent1 = exponent1; - this.exponent2 = exponent2; - this.coefficient = coefficient; - } - - public RSAPrivateKeyStructure( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - BigInteger v = ((DERInteger)e.nextElement()).getValue(); - if (v.intValue() != 0 && v.intValue() != 1) - { - throw new IllegalArgumentException("wrong version for RSA private key"); - } - - version = v.intValue(); - modulus = ((DERInteger)e.nextElement()).getValue(); - publicExponent = ((DERInteger)e.nextElement()).getValue(); - privateExponent = ((DERInteger)e.nextElement()).getValue(); - prime1 = ((DERInteger)e.nextElement()).getValue(); - prime2 = ((DERInteger)e.nextElement()).getValue(); - exponent1 = ((DERInteger)e.nextElement()).getValue(); - exponent2 = ((DERInteger)e.nextElement()).getValue(); - coefficient = ((DERInteger)e.nextElement()).getValue(); - - if (e.hasMoreElements()) - { - otherPrimeInfos = (ASN1Sequence)e.nextElement(); - } - } - - public int getVersion() - { - return version; - } - - public BigInteger getModulus() - { - return modulus; - } - - public BigInteger getPublicExponent() - { - return publicExponent; - } - - public BigInteger getPrivateExponent() - { - return privateExponent; - } - - public BigInteger getPrime1() - { - return prime1; - } - - public BigInteger getPrime2() - { - return prime2; - } - - public BigInteger getExponent1() - { - return exponent1; - } - - public BigInteger getExponent2() - { - return exponent2; - } - - public BigInteger getCoefficient() - { - return coefficient; - } - - /** - * This outputs the key in PKCS1v2 format. - * <pre> - * RSAPrivateKey ::= SEQUENCE { - * version Version, - * modulus INTEGER, -- n - * publicExponent INTEGER, -- e - * privateExponent INTEGER, -- d - * prime1 INTEGER, -- p - * prime2 INTEGER, -- q - * exponent1 INTEGER, -- d mod (p-1) - * exponent2 INTEGER, -- d mod (q-1) - * coefficient INTEGER, -- (inverse of q) mod p - * otherPrimeInfos OtherPrimeInfos OPTIONAL - * } - * - * Version ::= INTEGER { two-prime(0), multi(1) } - * (CONSTRAINED BY {-- version must be multi if otherPrimeInfos present --}) - * </pre> - * <p> - * This routine is written to output PKCS1 version 2.1, private keys. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(new DERInteger(version)); // version - v.add(new DERInteger(getModulus())); - v.add(new DERInteger(getPublicExponent())); - v.add(new DERInteger(getPrivateExponent())); - v.add(new DERInteger(getPrime1())); - v.add(new DERInteger(getPrime2())); - v.add(new DERInteger(getExponent1())); - v.add(new DERInteger(getExponent2())); - v.add(new DERInteger(getCoefficient())); - - if (otherPrimeInfos != null) - { - v.add(otherPrimeInfos); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java b/luni/src/main/java/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java deleted file mode 100644 index 684aabd..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java +++ /dev/null @@ -1,172 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class RSASSAPSSparams - extends ASN1Encodable -{ - private AlgorithmIdentifier hashAlgorithm; - private AlgorithmIdentifier maskGenAlgorithm; - private DERInteger saltLength; - private DERInteger trailerField; - - // BEGIN android-changed - public final static AlgorithmIdentifier DEFAULT_HASH_ALGORITHM = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.THE_ONE); - // END android-changed - public final static AlgorithmIdentifier DEFAULT_MASK_GEN_FUNCTION = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, DEFAULT_HASH_ALGORITHM); - public final static DERInteger DEFAULT_SALT_LENGTH = new DERInteger(20); - public final static DERInteger DEFAULT_TRAILER_FIELD = new DERInteger(1); - - public static RSASSAPSSparams getInstance( - Object obj) - { - if (obj instanceof RSASSAPSSparams) - { - return (RSASSAPSSparams)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new RSASSAPSSparams((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - /** - * The default version - */ - public RSASSAPSSparams() - { - hashAlgorithm = DEFAULT_HASH_ALGORITHM; - maskGenAlgorithm = DEFAULT_MASK_GEN_FUNCTION; - saltLength = DEFAULT_SALT_LENGTH; - trailerField = DEFAULT_TRAILER_FIELD; - } - - public RSASSAPSSparams( - AlgorithmIdentifier hashAlgorithm, - AlgorithmIdentifier maskGenAlgorithm, - DERInteger saltLength, - DERInteger trailerField) - { - this.hashAlgorithm = hashAlgorithm; - this.maskGenAlgorithm = maskGenAlgorithm; - this.saltLength = saltLength; - this.trailerField = trailerField; - } - - public RSASSAPSSparams( - ASN1Sequence seq) - { - hashAlgorithm = DEFAULT_HASH_ALGORITHM; - maskGenAlgorithm = DEFAULT_MASK_GEN_FUNCTION; - saltLength = DEFAULT_SALT_LENGTH; - trailerField = DEFAULT_TRAILER_FIELD; - - for (int i = 0; i != seq.size(); i++) - { - ASN1TaggedObject o = (ASN1TaggedObject)seq.getObjectAt(i); - - switch (o.getTagNo()) - { - case 0: - hashAlgorithm = AlgorithmIdentifier.getInstance(o, true); - break; - case 1: - maskGenAlgorithm = AlgorithmIdentifier.getInstance(o, true); - break; - case 2: - saltLength = DERInteger.getInstance(o, true); - break; - case 3: - trailerField = DERInteger.getInstance(o, true); - break; - default: - throw new IllegalArgumentException("unknown tag"); - } - } - } - - public AlgorithmIdentifier getHashAlgorithm() - { - return hashAlgorithm; - } - - public AlgorithmIdentifier getMaskGenAlgorithm() - { - return maskGenAlgorithm; - } - - public DERInteger getSaltLength() - { - return saltLength; - } - - public DERInteger getTrailerField() - { - return trailerField; - } - - /** - * <pre> - * RSASSA-PSS-params ::= SEQUENCE { - * hashAlgorithm [0] OAEP-PSSDigestAlgorithms DEFAULT sha1, - * maskGenAlgorithm [1] PKCS1MGFAlgorithms DEFAULT mgf1SHA1, - * saltLength [2] INTEGER DEFAULT 20, - * trailerField [3] TrailerField DEFAULT trailerFieldBC - * } - * - * OAEP-PSSDigestAlgorithms ALGORITHM-IDENTIFIER ::= { - * { OID id-sha1 PARAMETERS NULL }| - * { OID id-sha256 PARAMETERS NULL }| - * { OID id-sha384 PARAMETERS NULL }| - * { OID id-sha512 PARAMETERS NULL }, - * ... -- Allows for future expansion -- - * } - * - * PKCS1MGFAlgorithms ALGORITHM-IDENTIFIER ::= { - * { OID id-mgf1 PARAMETERS OAEP-PSSDigestAlgorithms }, - * ... -- Allows for future expansion -- - * } - * - * TrailerField ::= INTEGER { trailerFieldBC(1) } - * </pre> - * @return the asn1 primitive representing the parameters. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (!hashAlgorithm.equals(DEFAULT_HASH_ALGORITHM)) - { - v.add(new DERTaggedObject(true, 0, hashAlgorithm)); - } - - if (!maskGenAlgorithm.equals(DEFAULT_MASK_GEN_FUNCTION)) - { - v.add(new DERTaggedObject(true, 1, maskGenAlgorithm)); - } - - if (!saltLength.equals(DEFAULT_SALT_LENGTH)) - { - v.add(new DERTaggedObject(true, 2, saltLength)); - } - - if (!trailerField.equals(DEFAULT_TRAILER_FIELD)) - { - v.add(new DERTaggedObject(true, 3, trailerField)); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/pkcs/SafeBag.java b/luni/src/main/java/org/bouncycastle/asn1/pkcs/SafeBag.java deleted file mode 100644 index 2808d92..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/pkcs/SafeBag.java +++ /dev/null @@ -1,78 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; - -public class SafeBag - extends ASN1Encodable -{ - DERObjectIdentifier bagId; - DERObject bagValue; - ASN1Set bagAttributes; - - public SafeBag( - DERObjectIdentifier oid, - DERObject obj) - { - this.bagId = oid; - this.bagValue = obj; - this.bagAttributes = null; - } - - public SafeBag( - DERObjectIdentifier oid, - DERObject obj, - ASN1Set bagAttributes) - { - this.bagId = oid; - this.bagValue = obj; - this.bagAttributes = bagAttributes; - } - - public SafeBag( - ASN1Sequence seq) - { - this.bagId = (DERObjectIdentifier)seq.getObjectAt(0); - this.bagValue = ((DERTaggedObject)seq.getObjectAt(1)).getObject(); - if (seq.size() == 3) - { - this.bagAttributes = (ASN1Set)seq.getObjectAt(2); - } - } - - public DERObjectIdentifier getBagId() - { - return bagId; - } - - public DERObject getBagValue() - { - return bagValue; - } - - public ASN1Set getBagAttributes() - { - return bagAttributes; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(bagId); - v.add(new DERTaggedObject(0, bagValue)); - - if (bagAttributes != null) - { - v.add(bagAttributes); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/pkcs/SignedData.java b/luni/src/main/java/org/bouncycastle/asn1/pkcs/SignedData.java deleted file mode 100644 index 136ad11..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/pkcs/SignedData.java +++ /dev/null @@ -1,166 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.BERSequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERTaggedObject; - -/** - * a PKCS#7 signed data object. - */ -public class SignedData - extends ASN1Encodable - implements PKCSObjectIdentifiers -{ - private DERInteger version; - private ASN1Set digestAlgorithms; - private ContentInfo contentInfo; - private ASN1Set certificates; - private ASN1Set crls; - private ASN1Set signerInfos; - - public static SignedData getInstance( - Object o) - { - if (o instanceof SignedData) - { - return (SignedData)o; - } - else if (o instanceof ASN1Sequence) - { - return new SignedData((ASN1Sequence)o); - } - - throw new IllegalArgumentException("unknown object in factory: " + o); - } - - public SignedData( - DERInteger _version, - ASN1Set _digestAlgorithms, - ContentInfo _contentInfo, - ASN1Set _certificates, - ASN1Set _crls, - ASN1Set _signerInfos) - { - version = _version; - digestAlgorithms = _digestAlgorithms; - contentInfo = _contentInfo; - certificates = _certificates; - crls = _crls; - signerInfos = _signerInfos; - } - - public SignedData( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - version = (DERInteger)e.nextElement(); - digestAlgorithms = ((ASN1Set)e.nextElement()); - contentInfo = ContentInfo.getInstance(e.nextElement()); - - while (e.hasMoreElements()) - { - DERObject o = (DERObject)e.nextElement(); - - // - // an interesting feature of SignedData is that there appear to be varying implementations... - // for the moment we ignore anything which doesn't fit. - // - if (o instanceof DERTaggedObject) - { - DERTaggedObject tagged = (DERTaggedObject)o; - - switch (tagged.getTagNo()) - { - case 0: - certificates = ASN1Set.getInstance(tagged, false); - break; - case 1: - crls = ASN1Set.getInstance(tagged, false); - break; - default: - throw new IllegalArgumentException("unknown tag value " + tagged.getTagNo()); - } - } - else - { - signerInfos = (ASN1Set)o; - } - } - } - - public DERInteger getVersion() - { - return version; - } - - public ASN1Set getDigestAlgorithms() - { - return digestAlgorithms; - } - - public ContentInfo getContentInfo() - { - return contentInfo; - } - - public ASN1Set getCertificates() - { - return certificates; - } - - public ASN1Set getCRLs() - { - return crls; - } - - public ASN1Set getSignerInfos() - { - return signerInfos; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * SignedData ::= SEQUENCE { - * version Version, - * digestAlgorithms DigestAlgorithmIdentifiers, - * contentInfo ContentInfo, - * certificates - * [0] IMPLICIT ExtendedCertificatesAndCertificates - * OPTIONAL, - * crls - * [1] IMPLICIT CertificateRevocationLists OPTIONAL, - * signerInfos SignerInfos } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(version); - v.add(digestAlgorithms); - v.add(contentInfo); - - if (certificates != null) - { - v.add(new DERTaggedObject(false, 0, certificates)); - } - - if (crls != null) - { - v.add(new DERTaggedObject(false, 1, crls)); - } - - v.add(signerInfos); - - return new BERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/pkcs/SignerInfo.java b/luni/src/main/java/org/bouncycastle/asn1/pkcs/SignerInfo.java deleted file mode 100644 index 8e4ccbb..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/pkcs/SignerInfo.java +++ /dev/null @@ -1,168 +0,0 @@ -package org.bouncycastle.asn1.pkcs; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.*; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -/** - * a PKCS#7 signer info object. - */ -public class SignerInfo - extends ASN1Encodable -{ - private DERInteger version; - private IssuerAndSerialNumber issuerAndSerialNumber; - private AlgorithmIdentifier digAlgorithm; - private ASN1Set authenticatedAttributes; - private AlgorithmIdentifier digEncryptionAlgorithm; - private ASN1OctetString encryptedDigest; - private ASN1Set unauthenticatedAttributes; - - public static SignerInfo getInstance( - Object o) - { - if (o instanceof SignerInfo) - { - return (SignerInfo)o; - } - else if (o instanceof ASN1Sequence) - { - return new SignerInfo((ASN1Sequence)o); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public SignerInfo( - DERInteger version, - IssuerAndSerialNumber issuerAndSerialNumber, - AlgorithmIdentifier digAlgorithm, - ASN1Set authenticatedAttributes, - AlgorithmIdentifier digEncryptionAlgorithm, - ASN1OctetString encryptedDigest, - ASN1Set unauthenticatedAttributes) - { - this.version = version; - this.issuerAndSerialNumber = issuerAndSerialNumber; - this.digAlgorithm = digAlgorithm; - this.authenticatedAttributes = authenticatedAttributes; - this.digEncryptionAlgorithm = digEncryptionAlgorithm; - this.encryptedDigest = encryptedDigest; - this.unauthenticatedAttributes = unauthenticatedAttributes; - } - - public SignerInfo( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - version = (DERInteger)e.nextElement(); - issuerAndSerialNumber = IssuerAndSerialNumber.getInstance(e.nextElement()); - digAlgorithm = AlgorithmIdentifier.getInstance(e.nextElement()); - - Object obj = e.nextElement(); - - if (obj instanceof ASN1TaggedObject) - { - authenticatedAttributes = ASN1Set.getInstance((ASN1TaggedObject)obj, false); - - digEncryptionAlgorithm = AlgorithmIdentifier.getInstance(e.nextElement()); - } - else - { - authenticatedAttributes = null; - digEncryptionAlgorithm = AlgorithmIdentifier.getInstance(obj); - } - - encryptedDigest = DEROctetString.getInstance(e.nextElement()); - - if (e.hasMoreElements()) - { - unauthenticatedAttributes = ASN1Set.getInstance((ASN1TaggedObject)e.nextElement(), false); - } - else - { - unauthenticatedAttributes = null; - } - } - - public DERInteger getVersion() - { - return version; - } - - public IssuerAndSerialNumber getIssuerAndSerialNumber() - { - return issuerAndSerialNumber; - } - - public ASN1Set getAuthenticatedAttributes() - { - return authenticatedAttributes; - } - - public AlgorithmIdentifier getDigestAlgorithm() - { - return digAlgorithm; - } - - public ASN1OctetString getEncryptedDigest() - { - return encryptedDigest; - } - - public AlgorithmIdentifier getDigestEncryptionAlgorithm() - { - return digEncryptionAlgorithm; - } - - public ASN1Set getUnauthenticatedAttributes() - { - return unauthenticatedAttributes; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * SignerInfo ::= SEQUENCE { - * version Version, - * issuerAndSerialNumber IssuerAndSerialNumber, - * digestAlgorithm DigestAlgorithmIdentifier, - * authenticatedAttributes [0] IMPLICIT Attributes OPTIONAL, - * digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier, - * encryptedDigest EncryptedDigest, - * unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL - * } - * - * EncryptedDigest ::= OCTET STRING - * - * DigestAlgorithmIdentifier ::= AlgorithmIdentifier - * - * DigestEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(version); - v.add(issuerAndSerialNumber); - v.add(digAlgorithm); - - if (authenticatedAttributes != null) - { - v.add(new DERTaggedObject(false, 0, authenticatedAttributes)); - } - - v.add(digEncryptionAlgorithm); - v.add(encryptedDigest); - - if (unauthenticatedAttributes != null) - { - v.add(new DERTaggedObject(false, 1, unauthenticatedAttributes)); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/teletrust/TeleTrusTObjectIdentifiers.java b/luni/src/main/java/org/bouncycastle/asn1/teletrust/TeleTrusTObjectIdentifiers.java deleted file mode 100644 index 58098e1..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/teletrust/TeleTrusTObjectIdentifiers.java +++ /dev/null @@ -1,18 +0,0 @@ -package org.bouncycastle.asn1.teletrust; - -import org.bouncycastle.asn1.DERObjectIdentifier; - -public interface TeleTrusTObjectIdentifiers -{ - static final String teleTrusTAlgorithm = "1.3.36.3"; - - static final DERObjectIdentifier ripemd160 = new DERObjectIdentifier(teleTrusTAlgorithm + ".2.1"); - static final DERObjectIdentifier ripemd128 = new DERObjectIdentifier(teleTrusTAlgorithm + ".2.2"); - static final DERObjectIdentifier ripemd256 = new DERObjectIdentifier(teleTrusTAlgorithm + ".2.3"); - - static final String teleTrusTRSAsignatureAlgorithm = teleTrusTAlgorithm + ".3.1"; - - static final DERObjectIdentifier rsaSignatureWithripemd160 = new DERObjectIdentifier(teleTrusTRSAsignatureAlgorithm + ".2"); - static final DERObjectIdentifier rsaSignatureWithripemd128 = new DERObjectIdentifier(teleTrusTRSAsignatureAlgorithm + ".3"); - static final DERObjectIdentifier rsaSignatureWithripemd256 = new DERObjectIdentifier(teleTrusTRSAsignatureAlgorithm + ".4"); -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/tsp/Accuracy.java b/luni/src/main/java/org/bouncycastle/asn1/tsp/Accuracy.java deleted file mode 100644 index 18f4c15..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/tsp/Accuracy.java +++ /dev/null @@ -1,174 +0,0 @@ -package org.bouncycastle.asn1.tsp; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; - - -public class Accuracy - extends ASN1Encodable -{ - DERInteger seconds; - - DERInteger millis; - - DERInteger micros; - - // constantes - protected static final int MIN_MILLIS = 1; - - protected static final int MAX_MILLIS = 999; - - protected static final int MIN_MICROS = 1; - - protected static final int MAX_MICROS = 999; - - protected Accuracy() - { - } - - public Accuracy( - DERInteger seconds, - DERInteger millis, - DERInteger micros) - { - this.seconds = seconds; - - //Verifications - if (millis != null - && (millis.getValue().intValue() < MIN_MILLIS || millis - .getValue().intValue() > MAX_MILLIS)) - { - throw new IllegalArgumentException( - "Invalid millis field : not in (1..999)"); - } - else - { - this.millis = millis; - } - - if (micros != null - && (micros.getValue().intValue() < MIN_MICROS || micros - .getValue().intValue() > MAX_MICROS)) - { - throw new IllegalArgumentException( - "Invalid micros field : not in (1..999)"); - } - else - { - this.micros = micros; - } - - } - - public Accuracy(ASN1Sequence seq) - { - seconds = null; - millis = null; - micros = null; - - for (int i = 0; i < seq.size(); i++) - { - // seconds - if (seq.getObjectAt(i) instanceof DERInteger) - { - seconds = (DERInteger) seq.getObjectAt(i); - } - else if (seq.getObjectAt(i) instanceof DERTaggedObject) - { - DERTaggedObject extra = (DERTaggedObject) seq.getObjectAt(i); - - switch (extra.getTagNo()) - { - case 0: - millis = DERInteger.getInstance(extra, false); - if (millis.getValue().intValue() < MIN_MILLIS - || millis.getValue().intValue() > MAX_MILLIS) - { - throw new IllegalArgumentException( - "Invalid millis field : not in (1..999)."); - } - break; - case 1: - micros = DERInteger.getInstance(extra, false); - if (micros.getValue().intValue() < MIN_MICROS - || micros.getValue().intValue() > MAX_MICROS) - { - throw new IllegalArgumentException( - "Invalid micros field : not in (1..999)."); - } - break; - default: - throw new IllegalArgumentException("Invalig tag number"); - } - } - } - } - - public static Accuracy getInstance(Object o) - { - if (o == null || o instanceof Accuracy) - { - return (Accuracy) o; - } - else if (o instanceof ASN1Sequence) - { - return new Accuracy((ASN1Sequence) o); - } - - throw new IllegalArgumentException( - "Unknown object in 'Accuracy' factory : " - + o.getClass().getName() + "."); - } - - public DERInteger getSeconds() - { - return seconds; - } - - public DERInteger getMillis() - { - return millis; - } - - public DERInteger getMicros() - { - return micros; - } - - /** - * <pre> - * Accuracy ::= SEQUENCE { - * seconds INTEGER OPTIONAL, - * millis [0] INTEGER (1..999) OPTIONAL, - * micros [1] INTEGER (1..999) OPTIONAL - * } - * </pre> - */ - public DERObject toASN1Object() - { - - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (seconds != null) - { - v.add(seconds); - } - - if (millis != null) - { - v.add(new DERTaggedObject(false, 0, millis)); - } - - if (micros != null) - { - v.add(new DERTaggedObject(false, 1, micros)); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/tsp/MessageImprint.java b/luni/src/main/java/org/bouncycastle/asn1/tsp/MessageImprint.java deleted file mode 100644 index 46b8dc1..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/tsp/MessageImprint.java +++ /dev/null @@ -1,77 +0,0 @@ -package org.bouncycastle.asn1.tsp; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public class MessageImprint - extends ASN1Encodable -{ - AlgorithmIdentifier hashAlgorithm; - byte[] hashedMessage; - - /** - * @param o - * @return a MessageImprint object. - */ - public static MessageImprint getInstance(Object o) - { - if (o == null || o instanceof MessageImprint) - { - return (MessageImprint)o; - } - else if (o instanceof ASN1Sequence) - { - return new MessageImprint((ASN1Sequence)o); - } - - throw new IllegalArgumentException("Bad object in factory."); - } - - public MessageImprint( - ASN1Sequence seq) - { - this.hashAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(0)); - this.hashedMessage = ASN1OctetString.getInstance(seq.getObjectAt(1)).getOctets(); - } - - public MessageImprint( - AlgorithmIdentifier hashAlgorithm, - byte[] hashedMessage) - { - this.hashAlgorithm = hashAlgorithm; - this.hashedMessage = hashedMessage; - } - - public AlgorithmIdentifier getHashAlgorithm() - { - return hashAlgorithm; - } - - public byte[] getHashedMessage() - { - return hashedMessage; - } - - /** - * <pre> - * MessageImprint ::= SEQUENCE { - * hashAlgorithm AlgorithmIdentifier, - * hashedMessage OCTET STRING } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(hashAlgorithm); - v.add(new DEROctetString(hashedMessage)); - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/tsp/TSTInfo.java b/luni/src/main/java/org/bouncycastle/asn1/tsp/TSTInfo.java deleted file mode 100644 index e81ea3a..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/tsp/TSTInfo.java +++ /dev/null @@ -1,256 +0,0 @@ -package org.bouncycastle.asn1.tsp; - -import java.io.IOException; -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBoolean; -import org.bouncycastle.asn1.DEREncodableVector; -import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.X509Extensions; - -public class TSTInfo - extends ASN1Encodable -{ - DERInteger version; - - DERObjectIdentifier tsaPolicyId; - - MessageImprint messageImprint; - - DERInteger serialNumber; - - DERGeneralizedTime genTime; - - Accuracy accuracy; - - DERBoolean ordering; - - DERInteger nonce; - - GeneralName tsa; - - X509Extensions extensions; - - public static TSTInfo getInstance(Object o) - { - if (o == null || o instanceof TSTInfo) - { - return (TSTInfo) o; - } - else if (o instanceof ASN1Sequence) - { - return new TSTInfo((ASN1Sequence) o); - } - else if (o instanceof ASN1OctetString) - { - try - { - return getInstance(new ASN1InputStream(((ASN1OctetString)o).getOctets()).readObject()); - } - catch (IOException ioEx) - { - throw new IllegalArgumentException( - "Bad object format in 'TSTInfo' factory."); - } - } - - throw new IllegalArgumentException( - "Unknown object in 'TSTInfo' factory : " - + o.getClass().getName() + "."); - } - - public TSTInfo(ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - // version - version = DERInteger.getInstance(e.nextElement()); - - // tsaPolicy - tsaPolicyId = DERObjectIdentifier.getInstance(e.nextElement()); - - // messageImprint - messageImprint = MessageImprint.getInstance(e.nextElement()); - - // serialNumber - serialNumber = DERInteger.getInstance(e.nextElement()); - - // genTime - genTime = DERGeneralizedTime.getInstance(e.nextElement()); - - // default for ordering - // BEGIN android-changed - ordering = DERBoolean.FALSE; - // END android-changed - - while (e.hasMoreElements()) - { - DERObject o = (DERObject) e.nextElement(); - - if (o instanceof ASN1TaggedObject) - { - DERTaggedObject tagged = (DERTaggedObject) o; - - switch (tagged.getTagNo()) - { - case 0: - tsa = GeneralName.getInstance(tagged, true); - break; - case 1: - extensions = X509Extensions.getInstance(tagged, false); - break; - default: - throw new IllegalArgumentException("Unknown tag value " + tagged.getTagNo()); - } - } - else if (o instanceof DERSequence) - { - accuracy = Accuracy.getInstance(o); - } - else if (o instanceof DERBoolean) - { - ordering = DERBoolean.getInstance(o); - } - else if (o instanceof DERInteger) - { - nonce = DERInteger.getInstance(o); - } - - } - } - - public TSTInfo(DERObjectIdentifier tsaPolicyId, MessageImprint messageImprint, - DERInteger serialNumber, DERGeneralizedTime genTime, - Accuracy accuracy, DERBoolean ordering, DERInteger nonce, - GeneralName tsa, X509Extensions extensions) - { - version = new DERInteger(1); - this.tsaPolicyId = tsaPolicyId; - this.messageImprint = messageImprint; - this.serialNumber = serialNumber; - this.genTime = genTime; - - this.accuracy = accuracy; - this.ordering = ordering; - this.nonce = nonce; - this.tsa = tsa; - this.extensions = extensions; - } - - public MessageImprint getMessageImprint() - { - return messageImprint; - } - - public DERObjectIdentifier getPolicy() - { - return tsaPolicyId; - } - - public DERInteger getSerialNumber() - { - return serialNumber; - } - - public Accuracy getAccuracy() - { - return accuracy; - } - - public DERGeneralizedTime getGenTime() - { - return genTime; - } - - public DERBoolean getOrdering() - { - return ordering; - } - - public DERInteger getNonce() - { - return nonce; - } - - public GeneralName getTsa() - { - return tsa; - } - - public X509Extensions getExtensions() - { - return extensions; - } - - /** - * <pre> - * - * TSTInfo ::= SEQUENCE { - * version INTEGER { v1(1) }, - * policy TSAPolicyId, - * messageImprint MessageImprint, - * -- MUST have the same value as the similar field in - * -- TimeStampReq - * serialNumber INTEGER, - * -- Time-Stamping users MUST be ready to accommodate integers - * -- up to 160 bits. - * genTime GeneralizedTime, - * accuracy Accuracy OPTIONAL, - * ordering BOOLEAN DEFAULT FALSE, - * nonce INTEGER OPTIONAL, - * -- MUST be present if the similar field was present - * -- in TimeStampReq. In that case it MUST have the same value. - * tsa [0] GeneralName OPTIONAL, - * extensions [1] IMPLICIT Extensions OPTIONAL } - * - * </pre> - */ - public DERObject toASN1Object() - { - DEREncodableVector seq = new DEREncodableVector(); - seq.add(version); - - seq.add(tsaPolicyId); - seq.add(messageImprint); - seq.add(serialNumber); - seq.add(genTime); - - if (accuracy != null) - { - seq.add(accuracy); - } - - if (ordering != null && ordering.isTrue()) - { - seq.add(ordering); - } - - if (nonce != null) - { - seq.add(nonce); - } - - if (tsa != null) - { - seq.add(new DERTaggedObject(true, 0, tsa)); - } - - if (extensions != null) - { - seq.add(new DERTaggedObject(false, 1, extensions)); - } - - return new DERSequence(seq); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/tsp/TimeStampReq.java b/luni/src/main/java/org/bouncycastle/asn1/tsp/TimeStampReq.java deleted file mode 100644 index 46565e7..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/tsp/TimeStampReq.java +++ /dev/null @@ -1,181 +0,0 @@ -package org.bouncycastle.asn1.tsp; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBoolean; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.x509.X509Extensions; - -public class TimeStampReq - extends ASN1Encodable -{ - DERInteger version; - - MessageImprint messageImprint; - - DERObjectIdentifier tsaPolicy; - - DERInteger nonce; - - DERBoolean certReq; - - X509Extensions extensions; - - public static TimeStampReq getInstance(Object o) - { - if (o == null || o instanceof TimeStampReq) - { - return (TimeStampReq) o; - } - else if (o instanceof ASN1Sequence) - { - return new TimeStampReq((ASN1Sequence) o); - } - - throw new IllegalArgumentException( - "Unknown object in 'TimeStampReq' factory : " - + o.getClass().getName() + "."); - } - - public TimeStampReq(ASN1Sequence seq) - { - int nbObjects = seq.size(); - - int seqStart = 0; - - // version - version = DERInteger.getInstance(seq.getObjectAt(seqStart)); - - seqStart++; - - // messageImprint - messageImprint = MessageImprint.getInstance(seq.getObjectAt(seqStart)); - - seqStart++; - - for (int opt = seqStart; opt < nbObjects; opt++) - { - // tsaPolicy - if (seq.getObjectAt(opt) instanceof DERObjectIdentifier) - { - tsaPolicy = DERObjectIdentifier.getInstance(seq.getObjectAt(opt)); - } - // nonce - else if (seq.getObjectAt(opt) instanceof DERInteger) - { - nonce = DERInteger.getInstance(seq.getObjectAt(opt)); - } - // certReq - else if (seq.getObjectAt(opt) instanceof DERBoolean) - { - certReq = DERBoolean.getInstance(seq.getObjectAt(opt)); - } - // extensions - else if (seq.getObjectAt(opt) instanceof ASN1TaggedObject) - { - ASN1TaggedObject tagged = (ASN1TaggedObject)seq.getObjectAt(opt); - if (tagged.getTagNo() == 0) - { - extensions = X509Extensions.getInstance(tagged, false); - } - } - } - } - - public TimeStampReq( - MessageImprint messageImprint, - DERObjectIdentifier tsaPolicy, - DERInteger nonce, - DERBoolean certReq, - X509Extensions extensions) - { - // default - version = new DERInteger(1); - - this.messageImprint = messageImprint; - this.tsaPolicy = tsaPolicy; - this.nonce = nonce; - this.certReq = certReq; - this.extensions = extensions; - } - - public DERInteger getVersion() - { - return version; - } - - public MessageImprint getMessageImprint() - { - return messageImprint; - } - - public DERObjectIdentifier getReqPolicy() - { - return tsaPolicy; - } - - public DERInteger getNonce() - { - return nonce; - } - - public DERBoolean getCertReq() - { - return certReq; - } - - public X509Extensions getExtensions() - { - return extensions; - } - - /** - * <pre> - * TimeStampReq ::= SEQUENCE { - * version INTEGER { v1(1) }, - * messageImprint MessageImprint, - * --a hash algorithm OID and the hash value of the data to be - * --time-stamped - * reqPolicy TSAPolicyId OPTIONAL, - * nonce INTEGER OPTIONAL, - * certReq BOOLEAN DEFAULT FALSE, - * extensions [0] IMPLICIT Extensions OPTIONAL - * } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(version); - v.add(messageImprint); - - if (tsaPolicy != null) - { - v.add(tsaPolicy); - } - - if (nonce != null) - { - v.add(nonce); - } - - if (certReq != null && certReq.isTrue()) - { - v.add(certReq); - } - - if (extensions != null) - { - v.add(new DERTaggedObject(false, 0, extensions)); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/tsp/TimeStampResp.java b/luni/src/main/java/org/bouncycastle/asn1/tsp/TimeStampResp.java deleted file mode 100644 index f5bfa7e..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/tsp/TimeStampResp.java +++ /dev/null @@ -1,86 +0,0 @@ -package org.bouncycastle.asn1.tsp; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.cms.ContentInfo; -import org.bouncycastle.asn1.cmp.PKIStatusInfo; - - -public class TimeStampResp - extends ASN1Encodable -{ - PKIStatusInfo pkiStatusInfo; - - ContentInfo timeStampToken; - - public static TimeStampResp getInstance(Object o) - { - if (o == null || o instanceof TimeStampResp) - { - return (TimeStampResp) o; - } - else if (o instanceof ASN1Sequence) - { - return new TimeStampResp((ASN1Sequence) o); - } - - throw new IllegalArgumentException( - "unknown object in 'TimeStampResp' factory : " - + o.getClass().getName() + "."); - } - - public TimeStampResp(ASN1Sequence seq) - { - - Enumeration e = seq.getObjects(); - - // status - pkiStatusInfo = PKIStatusInfo.getInstance(e.nextElement()); - - if (e.hasMoreElements()) - { - timeStampToken = ContentInfo.getInstance(e.nextElement()); - } - } - - public TimeStampResp(PKIStatusInfo pkiStatusInfo, ContentInfo timeStampToken) - { - this.pkiStatusInfo = pkiStatusInfo; - this.timeStampToken = timeStampToken; - } - - public PKIStatusInfo getStatus() - { - return pkiStatusInfo; - } - - public ContentInfo getTimeStampToken() - { - return timeStampToken; - } - - /** - * <pre> - * TimeStampResp ::= SEQUENCE { - * status PKIStatusInfo, - * timeStampToken TimeStampToken OPTIONAL } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(pkiStatusInfo); - if (timeStampToken != null) - { - v.add(timeStampToken); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java b/luni/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java deleted file mode 100644 index 97dca60..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java +++ /dev/null @@ -1,292 +0,0 @@ -package org.bouncycastle.asn1.util; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.*; -import org.bouncycastle.util.encoders.Hex; - -public class ASN1Dump -{ - private static String TAB = " "; - - /** - * dump a DER object as a formatted string with indentation - * - * @param obj the DERObject to be dumped out. - */ - static String _dumpAsString( - String indent, - DERObject obj) - { - if (obj instanceof ASN1Sequence) - { - StringBuffer buf = new StringBuffer(); - Enumeration e = ((ASN1Sequence)obj).getObjects(); - String tab = indent + TAB; - - buf.append(indent); - if (obj instanceof BERConstructedSequence) - { - buf.append("BER ConstructedSequence"); - } - else if (obj instanceof DERConstructedSequence) - { - buf.append("DER ConstructedSequence"); - } - else if (obj instanceof BERSequence) - { - buf.append("BER Sequence"); - } - else if (obj instanceof DERSequence) - { - buf.append("DER Sequence"); - } - else - { - buf.append("Sequence"); - } - - buf.append(System.getProperty("line.separator")); - - while (e.hasMoreElements()) - { - Object o = e.nextElement(); - - // BEGIN android-changed - if (o == null || o.equals(DERNull.THE_ONE)) - { - buf.append(tab); - buf.append("NULL"); - buf.append(System.getProperty("line.separator")); - } - else if (o instanceof DERObject) - { - buf.append(_dumpAsString(tab, (DERObject)o)); - } - else - { - buf.append(_dumpAsString(tab, ((DEREncodable)o).getDERObject())); - } - // END android-changed - } - return buf.toString(); - } - else if (obj instanceof DERTaggedObject) - { - StringBuffer buf = new StringBuffer(); - String tab = indent + TAB; - - buf.append(indent); - if (obj instanceof BERTaggedObject) - { - buf.append("BER Tagged ["); - } - else - { - buf.append("Tagged ["); - } - - DERTaggedObject o = (DERTaggedObject)obj; - - buf.append(Integer.toString(o.getTagNo())); - buf.append(']'); - - if (!o.isExplicit()) - { - buf.append(" IMPLICIT "); - } - - buf.append(System.getProperty("line.separator")); - - if (o.isEmpty()) - { - buf.append(tab); - buf.append("EMPTY"); - buf.append(System.getProperty("line.separator")); - } - else - { - buf.append(_dumpAsString(tab, o.getObject())); - } - - return buf.toString(); - } - else if (obj instanceof DERConstructedSet) - { - StringBuffer buf = new StringBuffer(); - Enumeration e = ((ASN1Set)obj).getObjects(); - String tab = indent + TAB; - - buf.append(indent); - buf.append("ConstructedSet"); - buf.append(System.getProperty("line.separator")); - - while (e.hasMoreElements()) - { - Object o = e.nextElement(); - - if (o == null) - { - buf.append(tab); - buf.append("NULL"); - buf.append(System.getProperty("line.separator")); - } - else if (o instanceof DERObject) - { - buf.append(_dumpAsString(tab, (DERObject)o)); - } - else - { - buf.append(_dumpAsString(tab, ((DEREncodable)o).getDERObject())); - } - } - return buf.toString(); - } - else if (obj instanceof BERSet) - { - StringBuffer buf = new StringBuffer(); - Enumeration e = ((ASN1Set)obj).getObjects(); - String tab = indent + TAB; - - buf.append(indent); - buf.append("BER Set"); - buf.append(System.getProperty("line.separator")); - - while (e.hasMoreElements()) - { - Object o = e.nextElement(); - - if (o == null) - { - buf.append(tab); - buf.append("NULL"); - buf.append(System.getProperty("line.separator")); - } - else if (o instanceof DERObject) - { - buf.append(_dumpAsString(tab, (DERObject)o)); - } - else - { - buf.append(_dumpAsString(tab, ((DEREncodable)o).getDERObject())); - } - } - return buf.toString(); - } - else if (obj instanceof DERSet) - { - StringBuffer buf = new StringBuffer(); - Enumeration e = ((ASN1Set)obj).getObjects(); - String tab = indent + TAB; - - buf.append(indent); - buf.append("DER Set"); - buf.append(System.getProperty("line.separator")); - - while (e.hasMoreElements()) - { - Object o = e.nextElement(); - - if (o == null) - { - buf.append(tab); - buf.append("NULL"); - buf.append(System.getProperty("line.separator")); - } - else if (o instanceof DERObject) - { - buf.append(_dumpAsString(tab, (DERObject)o)); - } - else - { - buf.append(_dumpAsString(tab, ((DEREncodable)o).getDERObject())); - } - } - return buf.toString(); - } - else if (obj instanceof DERObjectIdentifier) - { - return indent + "ObjectIdentifier(" + ((DERObjectIdentifier)obj).getId() + ")" + System.getProperty("line.separator"); - } - else if (obj instanceof DERBoolean) - { - return indent + "Boolean(" + ((DERBoolean)obj).isTrue() + ")" + System.getProperty("line.separator"); - } - else if (obj instanceof DERInteger) - { - return indent + "Integer(" + ((DERInteger)obj).getValue() + ")" + System.getProperty("line.separator"); - } - else if (obj instanceof BERConstructedOctetString) - { - return indent + "BER Constructed Octet String" + "[" + ((ASN1OctetString)obj).getOctets().length + "] " + System.getProperty("line.separator"); - } - else if (obj instanceof DEROctetString) - { - return indent + "DER Octet String" + "[" + ((ASN1OctetString)obj).getOctets().length + "] " + System.getProperty("line.separator"); - } - else if (obj instanceof DERBitString) - { - return indent + "DER Bit String" + "[" + ((DERBitString)obj).getBytes().length + ", " + ((DERBitString)obj).getPadBits() + "] " + System.getProperty("line.separator"); - } - else if (obj instanceof DERIA5String) - { - return indent + "IA5String(" + ((DERIA5String)obj).getString() + ") " + System.getProperty("line.separator"); - } - else if (obj instanceof DERUTF8String) - { - return indent + "UTF8String(" + ((DERUTF8String)obj).getString() + ") " + System.getProperty("line.separator"); - } - else if (obj instanceof DERPrintableString) - { - return indent + "PrintableString(" + ((DERPrintableString)obj).getString() + ") " + System.getProperty("line.separator"); - } - else if (obj instanceof DERVisibleString) - { - return indent + "VisibleString(" + ((DERVisibleString)obj).getString() + ") " + System.getProperty("line.separator"); - } - else if (obj instanceof DERBMPString) - { - return indent + "BMPString(" + ((DERBMPString)obj).getString() + ") " + System.getProperty("line.separator"); - } - else if (obj instanceof DERT61String) - { - return indent + "T61String(" + ((DERT61String)obj).getString() + ") " + System.getProperty("line.separator"); - } - else if (obj instanceof DERUTCTime) - { - return indent + "UTCTime(" + ((DERUTCTime)obj).getTime() + ") " + System.getProperty("line.separator"); - } - else if (obj instanceof DERGeneralizedTime) - { - return indent + "GeneralizedTime(" + ((DERGeneralizedTime)obj).getTime() + ") " + System.getProperty("line.separator"); - } - else if (obj instanceof DERUnknownTag) - { - return indent + "Unknown " + Integer.toString(((DERUnknownTag)obj).getTag(), 16) + " " + new String(Hex.encode(((DERUnknownTag)obj).getData())) + System.getProperty("line.separator"); - } - else - { - return indent + obj.toString() + System.getProperty("line.separator"); - } - } - - /** - * dump out a DER object as a formatted string - * - * @param obj the DERObject to be dumped out. - */ - public static String dumpAsString( - Object obj) - { - if (obj instanceof DERObject) - { - return _dumpAsString("", (DERObject)obj); - } - else if (obj instanceof DEREncodable) - { - return _dumpAsString("", ((DEREncodable)obj).getDERObject()); - } - - return "unknown object type " + obj.toString(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/util/DERDump.java b/luni/src/main/java/org/bouncycastle/asn1/util/DERDump.java deleted file mode 100644 index e9d307a..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/util/DERDump.java +++ /dev/null @@ -1,33 +0,0 @@ -package org.bouncycastle.asn1.util; - -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; - -/** - * @deprecated use ASN1Dump. - */ -public class DERDump - extends ASN1Dump -{ - /** - * dump out a DER object as a formatted string - * - * @param obj the DERObject to be dumped out. - */ - public static String dumpAsString( - DERObject obj) - { - return _dumpAsString("", obj); - } - - /** - * dump out a DER object as a formatted string - * - * @param obj the DERObject to be dumped out. - */ - public static String dumpAsString( - DEREncodable obj) - { - return _dumpAsString("", obj.getDERObject()); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/util/Dump.java b/luni/src/main/java/org/bouncycastle/asn1/util/Dump.java deleted file mode 100644 index 27a37f3..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/util/Dump.java +++ /dev/null @@ -1,22 +0,0 @@ -package org.bouncycastle.asn1.util; - -import java.io.FileInputStream; - -import org.bouncycastle.asn1.ASN1InputStream; - -public class Dump -{ - public static void main( - String args[]) - throws Exception - { - FileInputStream fIn = new FileInputStream(args[0]); - ASN1InputStream bIn = new ASN1InputStream(fIn); - Object obj = null; - - while ((obj = bIn.readObject()) != null) - { - System.out.println(ASN1Dump.dumpAsString(obj)); - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/AccessDescription.java b/luni/src/main/java/org/bouncycastle/asn1/x509/AccessDescription.java deleted file mode 100644 index ae13f55..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/AccessDescription.java +++ /dev/null @@ -1,98 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -/** - * The AccessDescription object. - * <pre> - * AccessDescription ::= SEQUENCE { - * accessMethod OBJECT IDENTIFIER, - * accessLocation GeneralName } - * </pre> - */ -public class AccessDescription - extends ASN1Encodable -{ - public final static DERObjectIdentifier id_ad_caIssuers = new DERObjectIdentifier("1.3.6.1.5.5.7.48.2"); - - public final static DERObjectIdentifier id_ad_ocsp = new DERObjectIdentifier("1.3.6.1.5.5.7.48.1"); - - DERObjectIdentifier accessMethod = null; - GeneralName accessLocation = null; - - public static AccessDescription getInstance( - Object obj) - { - if (obj instanceof AccessDescription) - { - return (AccessDescription)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new AccessDescription((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public AccessDescription( - ASN1Sequence seq) - { - if (seq.size() != 2) - { - throw new IllegalArgumentException("wrong number of elements in inner sequence"); - } - - accessMethod = DERObjectIdentifier.getInstance(seq.getObjectAt(0)); - accessLocation = GeneralName.getInstance(seq.getObjectAt(1)); - } - - /** - * create an AccessDescription with the oid and location provided. - */ - public AccessDescription( - DERObjectIdentifier oid, - GeneralName location) - { - accessMethod = oid; - accessLocation = location; - } - - /** - * - * @return the access method. - */ - public DERObjectIdentifier getAccessMethod() - { - return accessMethod; - } - - /** - * - * @return the access location - */ - public GeneralName getAccessLocation() - { - return accessLocation; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector accessDescription = new ASN1EncodableVector(); - - accessDescription.add(accessMethod); - accessDescription.add(accessLocation); - - return new DERSequence(accessDescription); - } - - public String toString() - { - return ("AccessDescription: Oid(" + this.accessMethod.getId() + ")"); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/AlgorithmIdentifier.java b/luni/src/main/java/org/bouncycastle/asn1/x509/AlgorithmIdentifier.java deleted file mode 100644 index 501dc9c..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/AlgorithmIdentifier.java +++ /dev/null @@ -1,126 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -public class AlgorithmIdentifier - extends ASN1Encodable -{ - private DERObjectIdentifier objectId; - private DEREncodable parameters; - private boolean parametersDefined = false; - - public static AlgorithmIdentifier getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static AlgorithmIdentifier getInstance( - Object obj) - { - if (obj== null || obj instanceof AlgorithmIdentifier) - { - return (AlgorithmIdentifier)obj; - } - - if (obj instanceof DERObjectIdentifier) - { - return new AlgorithmIdentifier((DERObjectIdentifier)obj); - } - - if (obj instanceof String) - { - return new AlgorithmIdentifier((String)obj); - } - - if (obj instanceof ASN1Sequence) - { - return new AlgorithmIdentifier((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public AlgorithmIdentifier( - DERObjectIdentifier objectId) - { - this.objectId = objectId; - } - - public AlgorithmIdentifier( - String objectId) - { - this.objectId = new DERObjectIdentifier(objectId); - } - - public AlgorithmIdentifier( - DERObjectIdentifier objectId, - DEREncodable parameters) - { - parametersDefined = true; - this.objectId = objectId; - this.parameters = parameters; - } - - public AlgorithmIdentifier( - ASN1Sequence seq) - { - if (seq.size() < 1 || seq.size() > 2) - { - throw new IllegalArgumentException("Bad sequence size: " - + seq.size()); - } - - objectId = DERObjectIdentifier.getInstance(seq.getObjectAt(0)); - - if (seq.size() == 2) - { - parametersDefined = true; - parameters = seq.getObjectAt(1); - } - else - { - parameters = null; - } - } - - public DERObjectIdentifier getObjectId() - { - return objectId; - } - - public DEREncodable getParameters() - { - return parameters; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * AlgorithmIdentifier ::= SEQUENCE { - * algorithm OBJECT IDENTIFIER, - * parameters ANY DEFINED BY algorithm OPTIONAL } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(objectId); - - if (parametersDefined) - { - v.add(parameters); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/AttCertIssuer.java b/luni/src/main/java/org/bouncycastle/asn1/x509/AttCertIssuer.java deleted file mode 100644 index c973b37..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/AttCertIssuer.java +++ /dev/null @@ -1,89 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Choice; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERTaggedObject; - -public class AttCertIssuer - extends ASN1Encodable - implements ASN1Choice -{ - ASN1Encodable obj; - DERObject choiceObj; - - public static AttCertIssuer getInstance( - Object obj) - { - if (obj instanceof AttCertIssuer) - { - return (AttCertIssuer)obj; - } - else if (obj instanceof V2Form) - { - return new AttCertIssuer(V2Form.getInstance(obj)); - } - else if (obj instanceof GeneralNames) - { - return new AttCertIssuer((GeneralNames)obj); - } - else if (obj instanceof ASN1TaggedObject) - { - return new AttCertIssuer(V2Form.getInstance((ASN1TaggedObject)obj, false)); - } - else if (obj instanceof ASN1Sequence) - { - return new AttCertIssuer(GeneralNames.getInstance(obj)); - } - - throw new IllegalArgumentException("unknown object in factory: " + obj.getClass()); - } - - public static AttCertIssuer getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(obj.getObject()); // must be explicitly tagged - } - - /** - * Don't use this one if you are trying to be RFC compliant. - * - * @param names our GeneralNames structure - */ - public AttCertIssuer( - GeneralNames names) - { - obj = names; - choiceObj = obj.getDERObject(); - } - - public AttCertIssuer( - V2Form v2Form) - { - obj = v2Form; - choiceObj = new DERTaggedObject(false, 0, obj); - } - - public ASN1Encodable getIssuer() - { - return obj; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * AttCertIssuer ::= CHOICE { - * v1Form GeneralNames, -- MUST NOT be used in this - * -- profile - * v2Form [0] V2Form -- v2 only - * } - * </pre> - */ - public DERObject toASN1Object() - { - return choiceObj; - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/AttCertValidityPeriod.java b/luni/src/main/java/org/bouncycastle/asn1/x509/AttCertValidityPeriod.java deleted file mode 100644 index de4e684..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/AttCertValidityPeriod.java +++ /dev/null @@ -1,84 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class AttCertValidityPeriod - extends ASN1Encodable -{ - DERGeneralizedTime notBeforeTime; - DERGeneralizedTime notAfterTime; - - public static AttCertValidityPeriod getInstance( - Object obj) - { - if (obj instanceof AttCertValidityPeriod) - { - return (AttCertValidityPeriod)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new AttCertValidityPeriod((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public AttCertValidityPeriod( - ASN1Sequence seq) - { - if (seq.size() != 2) - { - throw new IllegalArgumentException("Bad sequence size: " - + seq.size()); - } - - notBeforeTime = DERGeneralizedTime.getInstance(seq.getObjectAt(0)); - notAfterTime = DERGeneralizedTime.getInstance(seq.getObjectAt(1)); - } - - /** - * @param notBeforeTime - * @param notAfterTime - */ - public AttCertValidityPeriod( - DERGeneralizedTime notBeforeTime, - DERGeneralizedTime notAfterTime) - { - this.notBeforeTime = notBeforeTime; - this.notAfterTime = notAfterTime; - } - - public DERGeneralizedTime getNotBeforeTime() - { - return notBeforeTime; - } - - public DERGeneralizedTime getNotAfterTime() - { - return notAfterTime; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * AttCertValidityPeriod ::= SEQUENCE { - * notBeforeTime GeneralizedTime, - * notAfterTime GeneralizedTime - * } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(notBeforeTime); - v.add(notAfterTime); - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/Attribute.java b/luni/src/main/java/org/bouncycastle/asn1/x509/Attribute.java deleted file mode 100644 index c8cbcf7..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/Attribute.java +++ /dev/null @@ -1,87 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -public class Attribute - extends ASN1Encodable -{ - private DERObjectIdentifier attrType; - private ASN1Set attrValues; - - /** - * return an Attribute object from the given object. - * - * @param o the object we want converted. - * @exception IllegalArgumentException if the object cannot be converted. - */ - public static Attribute getInstance( - Object o) - { - if (o == null || o instanceof Attribute) - { - return (Attribute)o; - } - - if (o instanceof ASN1Sequence) - { - return new Attribute((ASN1Sequence)o); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public Attribute( - ASN1Sequence seq) - { - if (seq.size() != 2) - { - throw new IllegalArgumentException("Bad sequence size: " + seq.size()); - } - - attrType = DERObjectIdentifier.getInstance(seq.getObjectAt(0)); - attrValues = ASN1Set.getInstance(seq.getObjectAt(1)); - } - - public Attribute( - DERObjectIdentifier attrType, - ASN1Set attrValues) - { - this.attrType = attrType; - this.attrValues = attrValues; - } - - public DERObjectIdentifier getAttrType() - { - return attrType; - } - - public ASN1Set getAttrValues() - { - return attrValues; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * Attribute ::= SEQUENCE { - * attrType OBJECT IDENTIFIER, - * attrValues SET OF AttributeValue - * } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(attrType); - v.add(attrValues); - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/AttributeCertificate.java b/luni/src/main/java/org/bouncycastle/asn1/x509/AttributeCertificate.java deleted file mode 100644 index 6dcb7c6..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/AttributeCertificate.java +++ /dev/null @@ -1,94 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class AttributeCertificate - extends ASN1Encodable -{ - AttributeCertificateInfo acinfo; - AlgorithmIdentifier signatureAlgorithm; - DERBitString signatureValue; - - /** - * @param obj - * @return an AttributeCertificate object - */ - public static AttributeCertificate getInstance(Object obj) - { - if (obj instanceof AttributeCertificate) - { - return (AttributeCertificate)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new AttributeCertificate((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public AttributeCertificate( - AttributeCertificateInfo acinfo, - AlgorithmIdentifier signatureAlgorithm, - DERBitString signatureValue) - { - this.acinfo = acinfo; - this.signatureAlgorithm = signatureAlgorithm; - this.signatureValue = signatureValue; - } - - public AttributeCertificate( - ASN1Sequence seq) - { - if (seq.size() != 3) - { - throw new IllegalArgumentException("Bad sequence size: " - + seq.size()); - } - - this.acinfo = AttributeCertificateInfo.getInstance(seq.getObjectAt(0)); - this.signatureAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(1)); - this.signatureValue = DERBitString.getInstance(seq.getObjectAt(2)); - } - - public AttributeCertificateInfo getAcinfo() - { - return acinfo; - } - - public AlgorithmIdentifier getSignatureAlgorithm() - { - return signatureAlgorithm; - } - - public DERBitString getSignatureValue() - { - return signatureValue; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * AttributeCertificate ::= SEQUENCE { - * acinfo AttributeCertificateInfo, - * signatureAlgorithm AlgorithmIdentifier, - * signatureValue BIT STRING - * } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(acinfo); - v.add(signatureAlgorithm); - v.add(signatureValue); - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/AttributeCertificateInfo.java b/luni/src/main/java/org/bouncycastle/asn1/x509/AttributeCertificateInfo.java deleted file mode 100644 index 74770f5..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/AttributeCertificateInfo.java +++ /dev/null @@ -1,165 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class AttributeCertificateInfo - extends ASN1Encodable -{ - private DERInteger version; - private Holder holder; - private AttCertIssuer issuer; - private AlgorithmIdentifier signature; - private DERInteger serialNumber; - private AttCertValidityPeriod attrCertValidityPeriod; - private ASN1Sequence attributes; - private DERBitString issuerUniqueID; - private X509Extensions extensions; - - public static AttributeCertificateInfo getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static AttributeCertificateInfo getInstance( - Object obj) - { - if (obj instanceof AttributeCertificateInfo) - { - return (AttributeCertificateInfo)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new AttributeCertificateInfo((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public AttributeCertificateInfo( - ASN1Sequence seq) - { - if (seq.size() < 7 || seq.size() > 9) - { - throw new IllegalArgumentException("Bad sequence size: " + seq.size()); - } - - this.version = DERInteger.getInstance(seq.getObjectAt(0)); - this.holder = Holder.getInstance(seq.getObjectAt(1)); - this.issuer = AttCertIssuer.getInstance(seq.getObjectAt(2)); - this.signature = AlgorithmIdentifier.getInstance(seq.getObjectAt(3)); - this.serialNumber = DERInteger.getInstance(seq.getObjectAt(4)); - this.attrCertValidityPeriod = AttCertValidityPeriod.getInstance(seq.getObjectAt(5)); - this.attributes = ASN1Sequence.getInstance(seq.getObjectAt(6)); - - for (int i = 7; i < seq.size(); i++) - { - ASN1Encodable obj = (ASN1Encodable)seq.getObjectAt(i); - - if (obj instanceof DERBitString) - { - this.issuerUniqueID = DERBitString.getInstance(seq.getObjectAt(i)); - } - else if (obj instanceof ASN1Sequence || obj instanceof X509Extensions) - { - this.extensions = X509Extensions.getInstance(seq.getObjectAt(i)); - } - } - } - - public DERInteger getVersion() - { - return version; - } - - public Holder getHolder() - { - return holder; - } - - public AttCertIssuer getIssuer() - { - return issuer; - } - - public AlgorithmIdentifier getSignature() - { - return signature; - } - - public DERInteger getSerialNumber() - { - return serialNumber; - } - - public AttCertValidityPeriod getAttrCertValidityPeriod() - { - return attrCertValidityPeriod; - } - - public ASN1Sequence getAttributes() - { - return attributes; - } - - public DERBitString getIssuerUniqueID() - { - return issuerUniqueID; - } - - public X509Extensions getExtensions() - { - return extensions; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * AttributeCertificateInfo ::= SEQUENCE { - * version AttCertVersion -- version is v2, - * holder Holder, - * issuer AttCertIssuer, - * signature AlgorithmIdentifier, - * serialNumber CertificateSerialNumber, - * attrCertValidityPeriod AttCertValidityPeriod, - * attributes SEQUENCE OF Attribute, - * issuerUniqueID UniqueIdentifier OPTIONAL, - * extensions Extensions OPTIONAL - * } - * - * AttCertVersion ::= INTEGER { v2(1) } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(version); - v.add(holder); - v.add(issuer); - v.add(signature); - v.add(serialNumber); - v.add(attrCertValidityPeriod); - v.add(attributes); - - if (issuerUniqueID != null) - { - v.add(issuerUniqueID); - } - - if (extensions != null) - { - v.add(extensions); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/AuthorityInformationAccess.java b/luni/src/main/java/org/bouncycastle/asn1/x509/AuthorityInformationAccess.java deleted file mode 100644 index 9f34436..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/AuthorityInformationAccess.java +++ /dev/null @@ -1,95 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -/** - * The AuthorityInformationAccess object. - * <pre> - * id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 } - * - * AuthorityInfoAccessSyntax ::= - * SEQUENCE SIZE (1..MAX) OF AccessDescription - * AccessDescription ::= SEQUENCE { - * accessMethod OBJECT IDENTIFIER, - * accessLocation GeneralName } - * - * id-ad OBJECT IDENTIFIER ::= { id-pkix 48 } - * id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 } - * id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 } - * </pre> - */ -public class AuthorityInformationAccess - extends ASN1Encodable -{ - private AccessDescription[] descriptions; - - public static AuthorityInformationAccess getInstance( - Object obj) - { - if (obj instanceof AuthorityInformationAccess) - { - return (AuthorityInformationAccess)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new AuthorityInformationAccess((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public AuthorityInformationAccess( - ASN1Sequence seq) - { - descriptions = new AccessDescription[seq.size()]; - - for (int i = 0; i != seq.size(); i++) - { - descriptions[i] = AccessDescription.getInstance(seq.getObjectAt(i)); - } - } - - /** - * create an AuthorityInformationAccess with the oid and location provided. - */ - public AuthorityInformationAccess( - DERObjectIdentifier oid, - GeneralName location) - { - descriptions = new AccessDescription[1]; - - descriptions[0] = new AccessDescription(oid, location); - } - - - /** - * - * @return the access descriptions contained in this object. - */ - public AccessDescription[] getAccessDescriptions() - { - return descriptions; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector vec = new ASN1EncodableVector(); - - for (int i = 0; i != descriptions.length; i++) - { - vec.add(descriptions[i]); - } - - return new DERSequence(vec); - } - - public String toString() - { - return ("AuthorityInformationAccess: Oid(" + this.descriptions[0].getAccessMethod().getId() + ")"); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java b/luni/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java deleted file mode 100644 index 2e5107b..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java +++ /dev/null @@ -1,207 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import java.math.BigInteger; -import java.util.Enumeration; - -import org.bouncycastle.asn1.*; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; - -/** - * The AuthorityKeyIdentifier object. - * <pre> - * id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } - * - * AuthorityKeyIdentifier ::= SEQUENCE { - * keyIdentifier [0] IMPLICIT KeyIdentifier OPTIONAL, - * authorityCertIssuer [1] IMPLICIT GeneralNames OPTIONAL, - * authorityCertSerialNumber [2] IMPLICIT CertificateSerialNumber OPTIONAL } - * - * KeyIdentifier ::= OCTET STRING - * </pre> - * - */ -public class AuthorityKeyIdentifier - extends ASN1Encodable -{ - ASN1OctetString keyidentifier=null; - GeneralNames certissuer=null; - DERInteger certserno=null; - - public static AuthorityKeyIdentifier getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static AuthorityKeyIdentifier getInstance( - Object obj) - { - if (obj instanceof AuthorityKeyIdentifier) - { - return (AuthorityKeyIdentifier)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new AuthorityKeyIdentifier((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public AuthorityKeyIdentifier( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - while (e.hasMoreElements()) - { - ASN1TaggedObject o = DERTaggedObject.getInstance(e.nextElement()); - - switch (o.getTagNo()) - { - case 0: - this.keyidentifier = ASN1OctetString.getInstance(o, false); - break; - case 1: - this.certissuer = GeneralNames.getInstance(o, false); - break; - case 2: - this.certserno = DERInteger.getInstance(o, false); - break; - default: - throw new IllegalArgumentException("illegal tag"); - } - } - } - - /** - * - * Calulates the keyidentifier using a SHA1 hash over the BIT STRING - * from SubjectPublicKeyInfo as defined in RFC2459. - * - * Example of making a AuthorityKeyIdentifier: - * <pre> - * SubjectPublicKeyInfo apki = new SubjectPublicKeyInfo((ASN1Sequence)new ASN1InputStream( - * publicKey.getEncoded()).readObject()); - * AuthorityKeyIdentifier aki = new AuthorityKeyIdentifier(apki); - * </pre> - * - **/ - public AuthorityKeyIdentifier( - SubjectPublicKeyInfo spki) - { - Digest digest = new SHA1Digest(); - byte[] resBuf = new byte[digest.getDigestSize()]; - - byte[] bytes = spki.getPublicKeyData().getBytes(); - digest.update(bytes, 0, bytes.length); - digest.doFinal(resBuf, 0); - this.keyidentifier = new DEROctetString(resBuf); - } - - /** - * create an AuthorityKeyIdentifier with the GeneralNames tag and - * the serial number provided as well. - */ - public AuthorityKeyIdentifier( - SubjectPublicKeyInfo spki, - GeneralNames name, - BigInteger serialNumber) - { - Digest digest = new SHA1Digest(); - byte[] resBuf = new byte[digest.getDigestSize()]; - - byte[] bytes = spki.getPublicKeyData().getBytes(); - digest.update(bytes, 0, bytes.length); - digest.doFinal(resBuf, 0); - - this.keyidentifier = new DEROctetString(resBuf); - this.certissuer = GeneralNames.getInstance(name.toASN1Object()); - this.certserno = new DERInteger(serialNumber); - } - - /** - * create an AuthorityKeyIdentifier with the GeneralNames tag and - * the serial number provided. - */ - public AuthorityKeyIdentifier( - GeneralNames name, - BigInteger serialNumber) - { - this.keyidentifier = null; - this.certissuer = GeneralNames.getInstance(name.toASN1Object()); - this.certserno = new DERInteger(serialNumber); - } - - /** - * create an AuthorityKeyIdentifier with a precomupted key identifier - * and the GeneralNames tag and the serial number provided as well. - */ - public AuthorityKeyIdentifier( - byte[] keyIdentifier, - GeneralNames name, - BigInteger serialNumber) - { - this.keyidentifier = new DEROctetString(keyIdentifier); - this.certissuer = GeneralNames.getInstance(name.toASN1Object()); - this.certserno = new DERInteger(serialNumber); - } - - public byte[] getKeyIdentifier() - { - if (keyidentifier != null) - { - return keyidentifier.getOctets(); - } - - return null; - } - - public GeneralNames getAuthorityCertIssuer() - { - return certissuer; - } - - public BigInteger getAuthorityCertSerialNumber() - { - if (certserno != null) - { - return certserno.getValue(); - } - - return null; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (keyidentifier != null) - { - v.add(new DERTaggedObject(false, 0, keyidentifier)); - } - - if (certissuer != null) - { - v.add(new DERTaggedObject(false, 1, certissuer)); - } - - if (certserno != null) - { - v.add(new DERTaggedObject(false, 2, certserno)); - } - - - return new DERSequence(v); - } - - public String toString() - { - return ("AuthorityKeyIdentifier: KeyID(" + this.keyidentifier.getOctets() + ")"); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/BasicConstraints.java b/luni/src/main/java/org/bouncycastle/asn1/x509/BasicConstraints.java deleted file mode 100644 index c97b6cd..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/BasicConstraints.java +++ /dev/null @@ -1,168 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import java.math.BigInteger; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBoolean; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class BasicConstraints - extends ASN1Encodable -{ - // BEGIN android-changed - DERBoolean cA = DERBoolean.FALSE; - // END android-changed - DERInteger pathLenConstraint = null; - - public static BasicConstraints getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static BasicConstraints getInstance( - Object obj) - { - if (obj == null || obj instanceof BasicConstraints) - { - return (BasicConstraints)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new BasicConstraints((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public BasicConstraints( - ASN1Sequence seq) - { - if (seq.size() == 0) - { - this.cA = null; - this.pathLenConstraint = null; - } - else - { - this.cA = DERBoolean.getInstance(seq.getObjectAt(0)); - if (seq.size() > 1) - { - this.pathLenConstraint = DERInteger.getInstance(seq.getObjectAt(1)); - } - } - } - - /** - * @deprecated use one of the other two unambigous constructors. - * @param cA - * @param pathLenConstraint - */ - public BasicConstraints( - boolean cA, - int pathLenConstraint) - { - if (cA) - { - // BEGIN android-changed - this.cA = DERBoolean.getInstance(cA); - // END android-changed - this.pathLenConstraint = new DERInteger(pathLenConstraint); - } - else - { - this.cA = null; - this.pathLenConstraint = null; - } - } - - public BasicConstraints( - boolean cA) - { - if (cA) - { - // BEGIN android-changed - this.cA = DERBoolean.TRUE; - // END android-changed - } - else - { - this.cA = null; - } - this.pathLenConstraint = null; - } - - /** - * create a cA=true object for the given path length constraint. - * - * @param pathLenConstraint - */ - public BasicConstraints( - int pathLenConstraint) - { - // BEGIN android-changed - this.cA = DERBoolean.TRUE; - // END android-changed - this.pathLenConstraint = new DERInteger(pathLenConstraint); - } - - public boolean isCA() - { - return (cA != null) && cA.isTrue(); - } - - public BigInteger getPathLenConstraint() - { - if (pathLenConstraint != null) - { - return pathLenConstraint.getValue(); - } - - return null; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * BasicConstraints := SEQUENCE { - * cA BOOLEAN DEFAULT FALSE, - * pathLenConstraint INTEGER (0..MAX) OPTIONAL - * } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (cA != null) - { - v.add(cA); - - if (pathLenConstraint != null) - { - v.add(pathLenConstraint); - } - } - - return new DERSequence(v); - } - - public String toString() - { - if (pathLenConstraint == null) - { - if (cA == null) - { - return "BasicConstraints: isCa(false)"; - } - return "BasicConstraints: isCa(" + this.isCA() + ")"; - } - return "BasicConstraints: isCa(" + this.isCA() + "), pathLenConstraint = " + pathLenConstraint.getValue(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/CRLDistPoint.java b/luni/src/main/java/org/bouncycastle/asn1/x509/CRLDistPoint.java deleted file mode 100644 index ed8ab58..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/CRLDistPoint.java +++ /dev/null @@ -1,83 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class CRLDistPoint - extends ASN1Encodable -{ - ASN1Sequence seq = null; - - public static CRLDistPoint getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static CRLDistPoint getInstance( - Object obj) - { - if (obj instanceof CRLDistPoint) - { - return (CRLDistPoint)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new CRLDistPoint((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public CRLDistPoint( - ASN1Sequence seq) - { - this.seq = seq; - } - - public CRLDistPoint( - DistributionPoint[] points) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - for (int i = 0; i != points.length; i++) - { - v.add(points[i]); - } - - seq = new DERSequence(v); - } - - /** - * Return the distribution points making up the sequence. - * - * @return DistributionPoint[] - */ - public DistributionPoint[] getDistributionPoints() - { - DistributionPoint[] dp = new DistributionPoint[seq.size()]; - - for (int i = 0; i != seq.size(); i++) - { - dp[i] = DistributionPoint.getInstance(seq.getObjectAt(i)); - } - - return dp; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * CRLDistPoint ::= SEQUENCE SIZE {1..MAX} OF DistributionPoint - * </pre> - */ - public DERObject toASN1Object() - { - return seq; - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/CRLNumber.java b/luni/src/main/java/org/bouncycastle/asn1/x509/CRLNumber.java deleted file mode 100644 index e488086..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/CRLNumber.java +++ /dev/null @@ -1,27 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import java.math.BigInteger; - -import org.bouncycastle.asn1.DERInteger; - -/** - * The CRLNumber object. - * <pre> - * CRLNumber::= INTEGER(0..MAX) - * </pre> - */ -public class CRLNumber - extends DERInteger -{ - - public CRLNumber( - BigInteger number) - { - super(number); - } - - public BigInteger getCRLNumber() - { - return getPositiveValue(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/CRLReason.java b/luni/src/main/java/org/bouncycastle/asn1/x509/CRLReason.java deleted file mode 100644 index 265c662..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/CRLReason.java +++ /dev/null @@ -1,88 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.DEREnumerated; - -/** - * The CRLReason enumeration. - * <pre> - * CRLReason ::= ENUMERATED { - * unspecified (0), - * keyCompromise (1), - * cACompromise (2), - * affiliationChanged (3), - * superseded (4), - * cessationOfOperation (5), - * certificateHold (6), - * removeFromCRL (8), - * privilegeWithdrawn (9), - * aACompromise (10) - * } - * </pre> - */ -public class CRLReason - extends DEREnumerated -{ - /** - * @deprecated use lower case version - */ - public static final int UNSPECIFIED = 0; - /** - * @deprecated use lower case version - */ - public static final int KEY_COMPROMISE = 1; - /** - * @deprecated use lower case version - */ - public static final int CA_COMPROMISE = 2; - /** - * @deprecated use lower case version - */ - public static final int AFFILIATION_CHANGED = 3; - /** - * @deprecated use lower case version - */ - public static final int SUPERSEDED = 4; - /** - * @deprecated use lower case version - */ - public static final int CESSATION_OF_OPERATION = 5; - /** - * @deprecated use lower case version - */ - public static final int CERTIFICATE_HOLD = 6; - /** - * @deprecated use lower case version - */ - public static final int REMOVE_FROM_CRL = 8; - /** - * @deprecated use lower case version - */ - public static final int PRIVILEGE_WITHDRAWN = 9; - /** - * @deprecated use lower case version - */ - public static final int AA_COMPROMISE = 10; - - public static final int unspecified = 0; - public static final int keyCompromise = 1; - public static final int cACompromise = 2; - public static final int affiliationChanged = 3; - public static final int superseded = 4; - public static final int cessationOfOperation = 5; - public static final int certificateHold = 6; - public static final int removeFromCRL = 8; - public static final int privilegeWithdrawn = 9; - public static final int aACompromise = 10; - - public CRLReason( - int reason) - { - super(reason); - } - - public CRLReason( - DEREnumerated reason) - { - super(reason.getValue().intValue()); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/CertPolicyId.java b/luni/src/main/java/org/bouncycastle/asn1/x509/CertPolicyId.java deleted file mode 100644 index 3e85dbd..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/CertPolicyId.java +++ /dev/null @@ -1,20 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.DERObjectIdentifier; - - -/** - * CertPolicyId, used in the CertificatePolicies and PolicyMappings - * X509V3 Extensions. - * - * <pre> - * CertPolicyId ::= OBJECT IDENTIFIER - * </pre> - */ -public class CertPolicyId extends DERObjectIdentifier -{ - public CertPolicyId (String id) - { - super(id); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/CertificateList.java b/luni/src/main/java/org/bouncycastle/asn1/x509/CertificateList.java deleted file mode 100644 index c7f890b..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/CertificateList.java +++ /dev/null @@ -1,119 +0,0 @@ - -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -/** - * PKIX RFC-2459 - * - * The X.509 v2 CRL syntax is as follows. For signature calculation, - * the data that is to be signed is ASN.1 DER encoded. - * - * <pre> - * CertificateList ::= SEQUENCE { - * tbsCertList TBSCertList, - * signatureAlgorithm AlgorithmIdentifier, - * signatureValue BIT STRING } - * </pre> - */ -public class CertificateList - extends ASN1Encodable -{ - TBSCertList tbsCertList; - AlgorithmIdentifier sigAlgId; - DERBitString sig; - - public static CertificateList getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static CertificateList getInstance( - Object obj) - { - if (obj instanceof CertificateList) - { - return (CertificateList)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new CertificateList((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public CertificateList( - ASN1Sequence seq) - { - if (seq.size() == 3) - { - tbsCertList = TBSCertList.getInstance(seq.getObjectAt(0)); - sigAlgId = AlgorithmIdentifier.getInstance(seq.getObjectAt(1)); - sig = DERBitString.getInstance(seq.getObjectAt(2)); - } - else - { - throw new IllegalArgumentException("sequence wrong size for CertificateList"); - } - } - - public TBSCertList getTBSCertList() - { - return tbsCertList; - } - - public TBSCertList.CRLEntry[] getRevokedCertificates() - { - return tbsCertList.getRevokedCertificates(); - } - - public AlgorithmIdentifier getSignatureAlgorithm() - { - return sigAlgId; - } - - public DERBitString getSignature() - { - return sig; - } - - public int getVersion() - { - return tbsCertList.getVersion(); - } - - public X509Name getIssuer() - { - return tbsCertList.getIssuer(); - } - - public Time getThisUpdate() - { - return tbsCertList.getThisUpdate(); - } - - public Time getNextUpdate() - { - return tbsCertList.getNextUpdate(); - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(tbsCertList); - v.add(sigAlgId); - v.add(sig); - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/CertificatePolicies.java b/luni/src/main/java/org/bouncycastle/asn1/x509/CertificatePolicies.java deleted file mode 100644 index b59e08e..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/CertificatePolicies.java +++ /dev/null @@ -1,147 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import java.util.Enumeration; -import java.util.Vector; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -public class CertificatePolicies - extends ASN1Encodable -{ - static final DERObjectIdentifier anyPolicy = new DERObjectIdentifier("2.5.29.32.0"); - - Vector policies = new Vector(); - -/** - * @deprecated use an ASN1Sequence of PolicyInformation - */ - public static CertificatePolicies getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - -/** - * @deprecated use an ASN1Sequence of PolicyInformation - */ - public static CertificatePolicies getInstance( - Object obj) - { - if (obj instanceof CertificatePolicies) - { - return (CertificatePolicies)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new CertificatePolicies((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - -/** - * @deprecated use an ASN1Sequence of PolicyInformation - */ - public CertificatePolicies( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - while (e.hasMoreElements()) - { - ASN1Sequence s = ASN1Sequence.getInstance(e.nextElement()); - policies.addElement(s.getObjectAt(0)); - } - // For now we just don't handle PolicyQualifiers - } - - /** - * create a certificate policy with the given OID. - * @deprecated use an ASN1Sequence of PolicyInformation - */ - public CertificatePolicies( - DERObjectIdentifier p) - { - policies.addElement(p); - } - - /** - * create a certificate policy with the policy given by the OID represented - * by the string p. - * @deprecated use an ASN1Sequence of PolicyInformation - */ - public CertificatePolicies( - String p) - { - this(new DERObjectIdentifier(p)); - } - - public void addPolicy( - String p) - { - policies.addElement(new DERObjectIdentifier(p)); - } - - public String getPolicy(int nr) - { - if (policies.size() > nr) - { - return ((DERObjectIdentifier)policies.elementAt(nr)).getId(); - } - - return null; - } - - /** - * <pre> - * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation - * - * PolicyInformation ::= SEQUENCE { - * policyIdentifier CertPolicyId, - * policyQualifiers SEQUENCE SIZE (1..MAX) OF - * PolicyQualifierInfo OPTIONAL } - * - * CertPolicyId ::= OBJECT IDENTIFIER - * - * PolicyQualifierInfo ::= SEQUENCE { - * policyQualifierId PolicyQualifierId, - * qualifier ANY DEFINED BY policyQualifierId } - * - * PolicyQualifierId ::= - * OBJECT IDENTIFIER (id-qt-cps | id-qt-unotice) - * </pre> - * @deprecated use an ASN1Sequence of PolicyInformation - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - // We only do policyIdentifier yet... - for (int i=0;i<policies.size();i++) - { - v.add(new DERSequence((DERObjectIdentifier)policies.elementAt(i))); - } - - return new DERSequence(v); - } - - public String toString() - { - String p = null; - for (int i=0;i<policies.size();i++) - { - if (p != null) - { - p += ", "; - } - p += ((DERObjectIdentifier)policies.elementAt(i)).getId(); - } - return "CertificatePolicies: "+p; - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/DSAParameter.java b/luni/src/main/java/org/bouncycastle/asn1/x509/DSAParameter.java deleted file mode 100644 index 50822d6..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/DSAParameter.java +++ /dev/null @@ -1,92 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import java.math.BigInteger; -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class DSAParameter - extends ASN1Encodable -{ - DERInteger p, q, g; - - public static DSAParameter getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static DSAParameter getInstance( - Object obj) - { - if(obj == null || obj instanceof DSAParameter) - { - return (DSAParameter)obj; - } - - if(obj instanceof ASN1Sequence) - { - return new DSAParameter((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("Invalid DSAParameter: " + obj.getClass().getName()); - } - - public DSAParameter( - BigInteger p, - BigInteger q, - BigInteger g) - { - this.p = new DERInteger(p); - this.q = new DERInteger(q); - this.g = new DERInteger(g); - } - - public DSAParameter( - ASN1Sequence seq) - { - if (seq.size() != 3) - { - throw new IllegalArgumentException("Bad sequence size: " + seq.size()); - } - - Enumeration e = seq.getObjects(); - - p = DERInteger.getInstance(e.nextElement()); - q = DERInteger.getInstance(e.nextElement()); - g = DERInteger.getInstance(e.nextElement()); - } - - public BigInteger getP() - { - return p.getPositiveValue(); - } - - public BigInteger getQ() - { - return q.getPositiveValue(); - } - - public BigInteger getG() - { - return g.getPositiveValue(); - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(p); - v.add(q); - v.add(g); - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/DigestInfo.java b/luni/src/main/java/org/bouncycastle/asn1/x509/DigestInfo.java deleted file mode 100644 index 882e71e..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/DigestInfo.java +++ /dev/null @@ -1,86 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; - -/** - * The DigestInfo object. - * <pre> - * DigestInfo::=SEQUENCE{ - * digestAlgorithm AlgorithmIdentifier, - * digest OCTET STRING } - * </pre> - */ -public class DigestInfo - extends ASN1Encodable -{ - private byte[] digest; - private AlgorithmIdentifier algId; - - public static DigestInfo getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static DigestInfo getInstance( - Object obj) - { - if (obj instanceof DigestInfo) - { - return (DigestInfo)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new DigestInfo((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public DigestInfo( - AlgorithmIdentifier algId, - byte[] digest) - { - this.digest = digest; - this.algId = algId; - } - - public DigestInfo( - ASN1Sequence obj) - { - Enumeration e = obj.getObjects(); - - algId = AlgorithmIdentifier.getInstance(e.nextElement()); - digest = ASN1OctetString.getInstance(e.nextElement()).getOctets(); - } - - public AlgorithmIdentifier getAlgorithmId() - { - return algId; - } - - public byte[] getDigest() - { - return digest; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(algId); - v.add(new DEROctetString(digest)); - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/DisplayText.java b/luni/src/main/java/org/bouncycastle/asn1/x509/DisplayText.java deleted file mode 100644 index 90b025e..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/DisplayText.java +++ /dev/null @@ -1,165 +0,0 @@ - -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Choice; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERBMPString; -import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.DERUTF8String; -import org.bouncycastle.asn1.DERVisibleString; -import org.bouncycastle.asn1.DERString; - -/** - * <code>DisplayText</code> class, used in - * <code>CertificatePolicies</code> X509 V3 extensions (in policy qualifiers). - * - * <p>It stores a string in a chosen encoding. - * <pre> - * DisplayText ::= CHOICE { - * ia5String IA5String (SIZE (1..200)), - * visibleString VisibleString (SIZE (1..200)), - * bmpString BMPString (SIZE (1..200)), - * utf8String UTF8String (SIZE (1..200)) } - * </pre> - * @see PolicyQualifierInfo - * @see PolicyInformation - */ -public class DisplayText - extends ASN1Encodable - implements ASN1Choice -{ - /** - * Constant corresponding to ia5String encoding. - * - */ - public static final int CONTENT_TYPE_IA5STRING = 0; - /** - * Constant corresponding to bmpString encoding. - * - */ - public static final int CONTENT_TYPE_BMPSTRING = 1; - /** - * Constant corresponding to utf8String encoding. - * - */ - public static final int CONTENT_TYPE_UTF8STRING = 2; - /** - * Constant corresponding to visibleString encoding. - * - */ - public static final int CONTENT_TYPE_VISIBLESTRING = 3; - - /** - * Describe constant <code>DISPLAY_TEXT_MAXIMUM_SIZE</code> here. - * - */ - public static final int DISPLAY_TEXT_MAXIMUM_SIZE = 200; - - int contentType; - DERString contents; - - /** - * Creates a new <code>DisplayText</code> instance. - * - * @param type the desired encoding type for the text. - * @param text the text to store. Strings longer than 200 - * characters are truncated. - */ - public DisplayText (int type, String text) - { - if (text.length() > DISPLAY_TEXT_MAXIMUM_SIZE) - { - // RFC3280 limits these strings to 200 chars - // truncate the string - text = text.substring (0, DISPLAY_TEXT_MAXIMUM_SIZE); - } - - contentType = type; - switch (type) - { - case CONTENT_TYPE_IA5STRING: - contents = (DERString)new DERIA5String (text); - break; - case CONTENT_TYPE_UTF8STRING: - contents = (DERString)new DERUTF8String(text); - break; - case CONTENT_TYPE_VISIBLESTRING: - contents = (DERString)new DERVisibleString(text); - break; - case CONTENT_TYPE_BMPSTRING: - contents = (DERString)new DERBMPString(text); - break; - default: - contents = (DERString)new DERUTF8String(text); - break; - } - } - - /** - * Creates a new <code>DisplayText</code> instance. - * - * @param text the text to encapsulate. Strings longer than 200 - * characters are truncated. - */ - public DisplayText (String text) - { - // by default use UTF8String - if (text.length() > DISPLAY_TEXT_MAXIMUM_SIZE) - { - text = text.substring(0, DISPLAY_TEXT_MAXIMUM_SIZE); - } - - contentType = CONTENT_TYPE_UTF8STRING; - contents = new DERUTF8String(text); - } - - /** - * Creates a new <code>DisplayText</code> instance. - * <p>Useful when reading back a <code>DisplayText</code> class - * from it's ASN1Encodable/DEREncodable form. - * - * @param de a <code>DEREncodable</code> instance. - */ - public DisplayText(DERString de) - { - contents = de; - } - - public static DisplayText getInstance(Object de) - { - if (de instanceof DERString) - { - return new DisplayText((DERString)de); - } - else if (de instanceof DisplayText) - { - return (DisplayText)de; - } - - throw new IllegalArgumentException("illegal object in getInstance"); - } - - public static DisplayText getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(obj.getObject()); // must be explicitly tagged - } - - public DERObject toASN1Object() - { - return (DERObject)contents; - } - - /** - * Returns the stored <code>String</code> object. - * - * @return the stored text as a <code>String</code>. - */ - public String getString() - { - return contents.getString(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/DistributionPoint.java b/luni/src/main/java/org/bouncycastle/asn1/x509/DistributionPoint.java deleted file mode 100644 index ea5aa0b..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/DistributionPoint.java +++ /dev/null @@ -1,121 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; - -/** - * The DistributionPoint object. - * <pre> - * DistributionPoint ::= SEQUENCE { - * distributionPoint [0] DistributionPointName OPTIONAL, - * reasons [1] ReasonFlags OPTIONAL, - * cRLIssuer [2] GeneralNames OPTIONAL - * } - * </pre> - */ -public class DistributionPoint - extends ASN1Encodable -{ - DistributionPointName distributionPoint; - ReasonFlags reasons; - GeneralNames cRLIssuer; - - public static DistributionPoint getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static DistributionPoint getInstance( - Object obj) - { - if(obj == null || obj instanceof DistributionPoint) - { - return (DistributionPoint)obj; - } - - if(obj instanceof ASN1Sequence) - { - return new DistributionPoint((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("Invalid DistributionPoint: " + obj.getClass().getName()); - } - - public DistributionPoint( - ASN1Sequence seq) - { - for (int i = 0; i != seq.size(); i++) - { - ASN1TaggedObject t = ASN1TaggedObject.getInstance(seq.getObjectAt(i)); - switch (t.getTagNo()) - { - case 0: - distributionPoint = DistributionPointName.getInstance(t, true); - break; - case 1: - reasons = new ReasonFlags(DERBitString.getInstance(t, false)); - break; - case 2: - cRLIssuer = GeneralNames.getInstance(t, false); - } - } - } - - public DistributionPoint( - DistributionPointName distributionPoint, - ReasonFlags reasons, - GeneralNames cRLIssuer) - { - this.distributionPoint = distributionPoint; - this.reasons = reasons; - this.cRLIssuer = cRLIssuer; - } - - public DistributionPointName getDistributionPoint() - { - return distributionPoint; - } - - public ReasonFlags getReasons() - { - return reasons; - } - - public GeneralNames getCRLIssuer() - { - return cRLIssuer; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (distributionPoint != null) - { - // - // as this is a CHOICE it must be explicitly tagged - // - v.add(new DERTaggedObject(0, distributionPoint)); - } - - if (reasons != null) - { - v.add(new DERTaggedObject(false, 1, reasons)); - } - - if (cRLIssuer != null) - { - v.add(new DERTaggedObject(false, 2, cRLIssuer)); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/DistributionPointName.java b/luni/src/main/java/org/bouncycastle/asn1/x509/DistributionPointName.java deleted file mode 100644 index 91ef110..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/DistributionPointName.java +++ /dev/null @@ -1,110 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Choice; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERTaggedObject; - -/** - * The DistributionPointName object. - * <pre> - * DistributionPointName ::= CHOICE { - * fullName [0] GeneralNames, - * nameRelativeToCRLIssuer [1] RelativeDistinguishedName - * } - * </pre> - */ -public class DistributionPointName - extends ASN1Encodable - implements ASN1Choice -{ - DEREncodable name; - int type; - - public static final int FULL_NAME = 0; - public static final int NAME_RELATIVE_TO_CRL_ISSUER = 1; - - public static DistributionPointName getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1TaggedObject.getInstance(obj, true)); - } - - public static DistributionPointName getInstance( - Object obj) - { - if (obj == null || obj instanceof DistributionPointName) - { - return (DistributionPointName)obj; - } - else if (obj instanceof ASN1TaggedObject) - { - return new DistributionPointName((ASN1TaggedObject)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - /* - * @deprecated use ASN1Encodable - */ - public DistributionPointName( - int type, - DEREncodable name) - { - this.type = type; - this.name = name; - } - - public DistributionPointName( - int type, - ASN1Encodable name) - { - this.type = type; - this.name = name; - } - - /** - * Return the tag number applying to the underlying choice. - * - * @return the tag number for this point name. - */ - public int getType() - { - return this.type; - } - - /** - * Return the tagged object inside the distribution point name. - * - * @return the underlying choice item. - */ - public ASN1Encodable getName() - { - return (ASN1Encodable)name; - } - - public DistributionPointName( - ASN1TaggedObject obj) - { - this.type = obj.getTagNo(); - - if (type == 0) - { - this.name = GeneralNames.getInstance(obj, false); - } - else - { - this.name = ASN1Set.getInstance(obj, false); - } - } - - public DERObject toASN1Object() - { - return new DERTaggedObject(false, type, name); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/ExtendedKeyUsage.java b/luni/src/main/java/org/bouncycastle/asn1/x509/ExtendedKeyUsage.java deleted file mode 100644 index a84b97f..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/ExtendedKeyUsage.java +++ /dev/null @@ -1,104 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import java.util.Enumeration; -import java.util.Hashtable; -import java.util.Vector; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -/** - * The extendedKeyUsage object. - * <pre> - * extendedKeyUsage ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId - * </pre> - */ -public class ExtendedKeyUsage - extends ASN1Encodable -{ - Hashtable usageTable = new Hashtable(); - ASN1Sequence seq; - - public static ExtendedKeyUsage getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static ExtendedKeyUsage getInstance( - Object obj) - { - if(obj == null || obj instanceof ExtendedKeyUsage) - { - return (ExtendedKeyUsage)obj; - } - - if(obj instanceof ASN1Sequence) - { - return new ExtendedKeyUsage((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("Invalid ExtendedKeyUsage: " + obj.getClass().getName()); - } - - public ExtendedKeyUsage( - KeyPurposeId usage) - { - this.seq = new DERSequence(usage); - - this.usageTable.put(usage, usage); - } - - public ExtendedKeyUsage( - ASN1Sequence seq) - { - this.seq = seq; - - Enumeration e = seq.getObjects(); - - while (e.hasMoreElements()) - { - Object o = e.nextElement(); - - this.usageTable.put(o, o); - } - } - - public ExtendedKeyUsage( - Vector usages) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - Enumeration e = usages.elements(); - - while (e.hasMoreElements()) - { - DERObject o = (DERObject)e.nextElement(); - - v.add(o); - this.usageTable.put(o, o); - } - - this.seq = new DERSequence(v); - } - - public boolean hasKeyPurposeId( - KeyPurposeId keyPurposeId) - { - return (usageTable.get(keyPurposeId) != null); - } - - public int size() - { - return usageTable.size(); - } - - public DERObject toASN1Object() - { - return seq; - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/GeneralName.java b/luni/src/main/java/org/bouncycastle/asn1/x509/GeneralName.java deleted file mode 100644 index e015cee..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/GeneralName.java +++ /dev/null @@ -1,201 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Choice; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERTaggedObject; - -/** - * The GeneralName object. - * <pre> - * GeneralName ::= CHOICE { - * otherName [0] OtherName, - * rfc822Name [1] IA5String, - * dNSName [2] IA5String, - * x400Address [3] ORAddress, - * directoryName [4] Name, - * ediPartyName [5] EDIPartyName, - * uniformResourceIdentifier [6] IA5String, - * iPAddress [7] OCTET STRING, - * registeredID [8] OBJECT IDENTIFIER} - * - * OtherName ::= SEQUENCE { - * type-id OBJECT IDENTIFIER, - * value [0] EXPLICIT ANY DEFINED BY type-id } - * - * EDIPartyName ::= SEQUENCE { - * nameAssigner [0] DirectoryString OPTIONAL, - * partyName [1] DirectoryString } - * - * Name ::= CHOICE { RDNSequence } - * </pre> - */ -public class GeneralName - extends ASN1Encodable - implements ASN1Choice -{ - public static final int otherName = 0; - public static final int rfc822Name = 1; - public static final int dNSName = 2; - public static final int x400Address = 3; - public static final int directoryName = 4; - public static final int ediPartyName = 5; - public static final int uniformResourceIdentifier = 6; - public static final int iPAddress = 7; - public static final int registeredID = 8; - - DEREncodable obj; - int tag; - - public GeneralName( - X509Name dirName) - { - this.obj = dirName; - this.tag = 4; - } - - /** - * @deprecated this constructor seems the wrong way round! Use GeneralName(tag, name). - */ - public GeneralName( - DERObject name, int tag) - { - this.obj = name; - this.tag = tag; - } - - /** - * When the subjectAltName extension contains an Internet mail address, - * the address MUST be included as an rfc822Name. The format of an - * rfc822Name is an "addr-spec" as defined in RFC 822 [RFC 822]. - * - * When the subjectAltName extension contains a domain name service - * label, the domain name MUST be stored in the dNSName (an IA5String). - * The name MUST be in the "preferred name syntax," as specified by RFC - * 1034 [RFC 1034]. - * - * When the subjectAltName extension contains a URI, the name MUST be - * stored in the uniformResourceIdentifier (an IA5String). The name MUST - * be a non-relative URL, and MUST follow the URL syntax and encoding - * rules specified in [RFC 1738]. The name must include both a scheme - * (e.g., "http" or "ftp") and a scheme-specific-part. The scheme- - * specific-part must include a fully qualified domain name or IP - * address as the host. - * - * When the subjectAltName extension contains a iPAddress, the address - * MUST be stored in the octet string in "network byte order," as - * specified in RFC 791 [RFC 791]. The least significant bit (LSB) of - * each octet is the LSB of the corresponding byte in the network - * address. For IP Version 4, as specified in RFC 791, the octet string - * MUST contain exactly four octets. For IP Version 6, as specified in - * RFC 1883, the octet string MUST contain exactly sixteen octets [RFC - * 1883]. - */ - public GeneralName( - int tag, - ASN1Encodable name) - { - this.obj = name; - this.tag = tag; - } - - /** - * Create a General name for the given tag from the passed in String. - * - * @param tag tag number - * @param name string representation of name - */ - public GeneralName( - int tag, - String name) - { - if (tag == rfc822Name || tag == dNSName || tag == uniformResourceIdentifier) - { - this.tag = tag; - this.obj = new DERIA5String(name); - } - else if (tag == registeredID) - { - this.tag = tag; - this.obj = new DERObjectIdentifier(name); - } - else - { - throw new IllegalArgumentException("can't process String for tag: " + tag); - } - } - - public static GeneralName getInstance( - Object obj) - { - if (obj == null || obj instanceof GeneralName) - { - return (GeneralName)obj; - } - - if (obj instanceof ASN1TaggedObject) - { - ASN1TaggedObject tagObj = (ASN1TaggedObject)obj; - int tag = tagObj.getTagNo(); - - switch (tag) - { - case otherName: - return new GeneralName(ASN1Sequence.getInstance(tagObj, false), tag); - case rfc822Name: - return new GeneralName(DERIA5String.getInstance(tagObj, false), tag); - case dNSName: - return new GeneralName(DERIA5String.getInstance(tagObj, false), tag); - case x400Address: - throw new IllegalArgumentException("unknown tag: " + tag); - case directoryName: - return new GeneralName(ASN1Sequence.getInstance(tagObj, true), tag); - case ediPartyName: - return new GeneralName(ASN1Sequence.getInstance(tagObj, false), tag); - case uniformResourceIdentifier: - return new GeneralName(DERIA5String.getInstance(tagObj, false), tag); - case iPAddress: - return new GeneralName(ASN1OctetString.getInstance(tagObj, false), tag); - case registeredID: - return new GeneralName(DERObjectIdentifier.getInstance(tagObj, false), tag); - } - } - - throw new IllegalArgumentException("unknown object in getInstance"); - } - - public static GeneralName getInstance( - ASN1TaggedObject tagObj, - boolean explicit) - { - return GeneralName.getInstance(ASN1TaggedObject.getInstance(tagObj, true)); - } - - public int getTagNo() - { - return tag; - } - - public DEREncodable getName() - { - return obj; - } - - public DERObject toASN1Object() - { - if (tag == directoryName) // directoryName is explicitly tagged as it is a CHOICE - { - return new DERTaggedObject(true, tag, obj); - } - else - { - return new DERTaggedObject(false, tag, obj); - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/GeneralNames.java b/luni/src/main/java/org/bouncycastle/asn1/x509/GeneralNames.java deleted file mode 100644 index d2f8d7d..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/GeneralNames.java +++ /dev/null @@ -1,76 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class GeneralNames - extends ASN1Encodable -{ - ASN1Sequence seq; - - public static GeneralNames getInstance( - Object obj) - { - if (obj == null || obj instanceof GeneralNames) - { - return (GeneralNames)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new GeneralNames((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - public static GeneralNames getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - /** - * Construct a GeneralNames object containing one GeneralName. - * - * @param name the name to be contained. - */ - public GeneralNames( - GeneralName name) - { - this.seq = new DERSequence(name); - } - - public GeneralNames( - ASN1Sequence seq) - { - this.seq = seq; - } - - public GeneralName[] getNames() - { - GeneralName[] names = new GeneralName[seq.size()]; - - for (int i = 0; i != seq.size(); i++) - { - names[i] = GeneralName.getInstance(seq.getObjectAt(i)); - } - - return names; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * GeneralNames ::= SEQUENCE SIZE {1..MAX} OF GeneralName - * </pre> - */ - public DERObject toASN1Object() - { - return seq; - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/GeneralSubtree.java b/luni/src/main/java/org/bouncycastle/asn1/x509/GeneralSubtree.java deleted file mode 100644 index e3e4240..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/GeneralSubtree.java +++ /dev/null @@ -1,195 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import java.math.BigInteger; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; - -/** - * Class for containing a restriction object subtrees in NameConstraints. See - * RFC 3280. - * - * <pre> - * - * GeneralSubtree ::= SEQUENCE - * { - * base GeneralName, - * minimum [0] BaseDistance DEFAULT 0, - * maximum [1] BaseDistance OPTIONAL - * } - * </pre> - * - * @see org.bouncycastle.asn1.x509.NameConstraints - * - */ -public class GeneralSubtree - extends ASN1Encodable -{ - private static final BigInteger ZERO = BigInteger.valueOf(0); - - private GeneralName base; - - private DERInteger minimum; - - private DERInteger maximum; - - public GeneralSubtree( - ASN1Sequence seq) - { - base = GeneralName.getInstance(seq.getObjectAt(0)); - - switch (seq.size()) - { - case 1: - break; - case 2: - ASN1TaggedObject o = ASN1TaggedObject.getInstance(seq.getObjectAt(1)); - switch (o.getTagNo()) - { - case 0: - minimum = DERInteger.getInstance(o, false); - break; - case 1: - maximum = DERInteger.getInstance(o, false); - break; - default: - throw new IllegalArgumentException("Bad tag number: " - + o.getTagNo()); - } - break; - case 3: - minimum = DERInteger.getInstance(ASN1TaggedObject.getInstance(seq.getObjectAt(1))); - maximum = DERInteger.getInstance(ASN1TaggedObject.getInstance(seq.getObjectAt(2))); - break; - default: - throw new IllegalArgumentException("Bad sequence size: " - + seq.size()); - } - } - - /** - * Constructor from a given details. - * - * According RFC 3280, the minimum and maximum fields are not used with any - * name forms, thus minimum MUST be zero, and maximum MUST be absent. - * <p> - * If minimum is <code>null</code>, zero is assumed, if - * maximum is <code>null</code>, maximum is absent. - * - * @param base - * A restriction. - * @param minimum - * Minimum - * - * @param maximum - * Maximum - */ - public GeneralSubtree( - GeneralName base, - BigInteger minimum, - BigInteger maximum) - { - this.base = base; - if (maximum != null) - { - this.maximum = new DERInteger(maximum); - } - if (minimum == null) - { - this.minimum = null; - } - else - { - this.minimum = new DERInteger(minimum); - } - } - - public static GeneralSubtree getInstance( - ASN1TaggedObject o, - boolean explicit) - { - return new GeneralSubtree(ASN1Sequence.getInstance(o, explicit)); - } - - public static GeneralSubtree getInstance( - Object obj) - { - if (obj == null) - { - return null; - } - - if (obj instanceof GeneralSubtree) - { - return (GeneralSubtree) obj; - } - - return new GeneralSubtree(ASN1Sequence.getInstance(obj)); - } - - public GeneralName getBase() - { - return base; - } - - public BigInteger getMinimum() - { - if (minimum == null) - { - return ZERO; - } - - return minimum.getValue(); - } - - public BigInteger getMaximum() - { - if (maximum == null) - { - return null; - } - - return maximum.getValue(); - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * - * Returns: - * - * <pre> - * GeneralSubtree ::= SEQUENCE - * { - * base GeneralName, - * minimum [0] BaseDistance DEFAULT 0, - * maximum [1] BaseDistance OPTIONAL - * } - * </pre> - * - * @return a DERObject - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(base); - - if (minimum != null && !minimum.getValue().equals(ZERO)) - { - v.add(new DERTaggedObject(false, 0, minimum)); - } - - if (maximum != null) - { - v.add(new DERTaggedObject(false, 1, maximum)); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/Holder.java b/luni/src/main/java/org/bouncycastle/asn1/x509/Holder.java deleted file mode 100644 index 8b9a08c..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/Holder.java +++ /dev/null @@ -1,126 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; - -/** - * The Holder object. - * <pre> - * Holder ::= SEQUENCE { - * baseCertificateID [0] IssuerSerial OPTIONAL, - * -- the issuer and serial number of - * -- the holder's Public Key Certificate - * entityName [1] GeneralNames OPTIONAL, - * -- the name of the claimant or role - * objectDigestInfo [2] ObjectDigestInfo OPTIONAL - * -- used to directly authenticate the holder, - * -- for example, an executable - * } - * </pre> - */ -public class Holder - extends ASN1Encodable -{ - IssuerSerial baseCertificateID; - GeneralNames entityName; - ObjectDigestInfo objectDigestInfo; - - public static Holder getInstance( - Object obj) - { - if (obj instanceof Holder) - { - return (Holder)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new Holder((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public Holder( - ASN1Sequence seq) - { - if (seq.size() > 3) - { - throw new IllegalArgumentException("Bad sequence size: " - + seq.size()); - } - - for (int i = 0; i != seq.size(); i++) - { - ASN1TaggedObject tObj = ASN1TaggedObject.getInstance(seq.getObjectAt(i)); - - switch (tObj.getTagNo()) - { - case 0: - baseCertificateID = IssuerSerial.getInstance(tObj, false); - break; - case 1: - entityName = GeneralNames.getInstance(tObj, false); - break; - case 2: - objectDigestInfo = ObjectDigestInfo.getInstance(tObj, false); - break; - default: - throw new IllegalArgumentException("unknown tag in Holder"); - } - } - } - - public Holder( - IssuerSerial baseCertificateID) - { - this.baseCertificateID = baseCertificateID; - } - - public Holder( - GeneralNames entityName) - { - this.entityName = entityName; - } - - public IssuerSerial getBaseCertificateID() - { - return baseCertificateID; - } - - public GeneralNames getEntityName() - { - return entityName; - } - - public ObjectDigestInfo getObjectDigestInfo() - { - return objectDigestInfo; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (baseCertificateID != null) - { - v.add(new DERTaggedObject(false, 0, baseCertificateID)); - } - - if (entityName != null) - { - v.add(new DERTaggedObject(false, 1, entityName)); - } - - if (objectDigestInfo != null) - { - v.add(new DERTaggedObject(false, 2, objectDigestInfo)); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/IetfAttrSyntax.java b/luni/src/main/java/org/bouncycastle/asn1/x509/IetfAttrSyntax.java deleted file mode 100644 index 07e07cf..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/IetfAttrSyntax.java +++ /dev/null @@ -1,174 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import java.util.Enumeration; -import java.util.Vector; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.DERUTF8String; - -/** - * Implementation of <code>IetfAttrSyntax</code> as specified by RFC3281. - */ -public class IetfAttrSyntax - extends ASN1Encodable -{ - public static final int VALUE_OCTETS = 1; - public static final int VALUE_OID = 2; - public static final int VALUE_UTF8 = 3; - GeneralNames policyAuthority = null; - Vector values = new Vector(); - int valueChoice = -1; - - /** - * - */ - public IetfAttrSyntax(ASN1Sequence seq) - { - int i = 0; - - if (seq.getObjectAt(0) instanceof ASN1TaggedObject) - { - policyAuthority = GeneralNames.getInstance(((ASN1TaggedObject)seq.getObjectAt(0)), false); - i++; - } - else if (seq.size() == 2) - { // VOMS fix - policyAuthority = GeneralNames.getInstance(seq.getObjectAt(0)); - i++; - } - - if (!(seq.getObjectAt(i) instanceof ASN1Sequence)) - { - throw new IllegalArgumentException("Non-IetfAttrSyntax encoding"); - } - - seq = (ASN1Sequence)seq.getObjectAt(i); - - for (Enumeration e = seq.getObjects(); e.hasMoreElements();) - { - DERObject obj = (DERObject)e.nextElement(); - int type; - - if (obj instanceof DERObjectIdentifier) - { - type = VALUE_OID; - } - else if (obj instanceof DERUTF8String) - { - type = VALUE_UTF8; - } - else if (obj instanceof DEROctetString) - { - type = VALUE_OCTETS; - } - else - { - throw new IllegalArgumentException("Bad value type encoding IetfAttrSyntax"); - } - - if (valueChoice < 0) - { - valueChoice = type; - } - - if (type != valueChoice) - { - throw new IllegalArgumentException("Mix of value types in IetfAttrSyntax"); - } - - values.addElement(obj); - } - } - - public GeneralNames getPolicyAuthority() - { - return policyAuthority; - } - - public int getValueType() - { - return valueChoice; - } - - public Object[] getValues() - { - if (this.getValueType() == VALUE_OCTETS) - { - ASN1OctetString[] tmp = new ASN1OctetString[values.size()]; - - for (int i = 0; i != tmp.length; i++) - { - tmp[i] = (ASN1OctetString)values.elementAt(i); - } - - return tmp; - } - else if (this.getValueType() == VALUE_OID) - { - DERObjectIdentifier[] tmp = new DERObjectIdentifier[values.size()]; - - for (int i = 0; i != tmp.length; i++) - { - tmp[i] = (DERObjectIdentifier)values.elementAt(i); - } - - return tmp; - } - else - { - DERUTF8String[] tmp = new DERUTF8String[values.size()]; - - for (int i = 0; i != tmp.length; i++) - { - tmp[i] = (DERUTF8String)values.elementAt(i); - } - - return tmp; - } - } - - /** - * - * <pre> - * - * IetfAttrSyntax ::= SEQUENCE { - * policyAuthority [0] GeneralNames OPTIONAL, - * values SEQUENCE OF CHOICE { - * octets OCTET STRING, - * oid OBJECT IDENTIFIER, - * string UTF8String - * } - * } - * - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (policyAuthority != null) - { - v.add(new DERTaggedObject(0, policyAuthority)); - } - - ASN1EncodableVector v2 = new ASN1EncodableVector(); - - for (Enumeration i = values.elements(); i.hasMoreElements();) - { - v2.add((ASN1Encodable)i.nextElement()); - } - - v.add(new DERSequence(v2)); - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/IssuerSerial.java b/luni/src/main/java/org/bouncycastle/asn1/x509/IssuerSerial.java deleted file mode 100644 index ceb639f..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/IssuerSerial.java +++ /dev/null @@ -1,106 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class IssuerSerial - extends ASN1Encodable -{ - GeneralNames issuer; - DERInteger serial; - DERBitString issuerUID; - - public static IssuerSerial getInstance( - Object obj) - { - if (obj == null || obj instanceof IssuerSerial) - { - return (IssuerSerial)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new IssuerSerial((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - public static IssuerSerial getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public IssuerSerial( - ASN1Sequence seq) - { - if (seq.size() != 2 && seq.size() != 3) - { - throw new IllegalArgumentException("Bad sequence size: " + seq.size()); - } - - issuer = GeneralNames.getInstance(seq.getObjectAt(0)); - serial = DERInteger.getInstance(seq.getObjectAt(1)); - - if (seq.size() == 3) - { - issuerUID = DERBitString.getInstance(seq.getObjectAt(2)); - } - } - - public IssuerSerial( - GeneralNames issuer, - DERInteger serial) - { - this.issuer = issuer; - this.serial = serial; - } - - public GeneralNames getIssuer() - { - return issuer; - } - - public DERInteger getSerial() - { - return serial; - } - - public DERBitString getIssuerUID() - { - return issuerUID; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * IssuerSerial ::= SEQUENCE { - * issuer GeneralNames, - * serial CertificateSerialNumber, - * issuerUID UniqueIdentifier OPTIONAL - * } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(issuer); - v.add(serial); - - if (issuerUID != null) - { - v.add(issuerUID); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java b/luni/src/main/java/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java deleted file mode 100644 index 07e468f..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java +++ /dev/null @@ -1,110 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBoolean; -import org.bouncycastle.asn1.DERObject; - -/** - * IssuingDistributionPoint ::= SEQUENCE { - * distributionPoint [0] DistributionPointName OPTIONAL, - * onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE, - * onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE, - * onlySomeReasons [3] ReasonFlags OPTIONAL, - * indirectCRL [4] BOOLEAN DEFAULT FALSE, - * onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE } - */ -public class IssuingDistributionPoint - extends ASN1Encodable -{ - private boolean onlyContainsUserCerts; - private boolean onlyContainsCACerts; - private boolean indirectCRL; - private boolean onlyContainsAttributeCerts; - - private ASN1Sequence seq; - - public static IssuingDistributionPoint getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static IssuingDistributionPoint getInstance( - Object obj) - { - if (obj == null || obj instanceof IssuingDistributionPoint) - { - return (IssuingDistributionPoint)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new IssuingDistributionPoint((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - /** - * Constructor from ASN1Sequence - */ - public IssuingDistributionPoint( - ASN1Sequence seq) - { - this.seq = seq; - - for (int i = 0; i != seq.size(); i++) - { - ASN1TaggedObject o = ASN1TaggedObject.getInstance(seq.getObjectAt(i)); - - switch (o.getTagNo()) - { - case 0: - break; - case 1: - onlyContainsUserCerts = DERBoolean.getInstance(o, false).isTrue(); - break; - case 2: - onlyContainsCACerts = DERBoolean.getInstance(o, false).isTrue(); - break; - case 3: - break; - case 4: - indirectCRL = DERBoolean.getInstance(o, false).isTrue(); - break; - case 5: - onlyContainsAttributeCerts = DERBoolean.getInstance(o, false).isTrue(); - break; - default: - throw new IllegalArgumentException("unknown tag in IssuingDistributionPoint"); - } - } - } - - public boolean onlyContainsUserCerts() - { - return onlyContainsUserCerts; - } - - public boolean onlyContainsCACerts() - { - return onlyContainsCACerts; - } - - public boolean isIndirectCRL() - { - return indirectCRL; - } - - public boolean onlyContainsAttributeCerts() - { - return onlyContainsAttributeCerts; - } - - public DERObject toASN1Object() - { - return seq; - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/KeyPurposeId.java b/luni/src/main/java/org/bouncycastle/asn1/x509/KeyPurposeId.java deleted file mode 100644 index b247e09..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/KeyPurposeId.java +++ /dev/null @@ -1,37 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.DERObjectIdentifier; - -/** - * The KeyPurposeId object. - * <pre> - * KeyPurposeId ::= OBJECT IDENTIFIER - * </pre> - */ -public class KeyPurposeId - extends DERObjectIdentifier -{ - private static final String id_kp = "1.3.6.1.5.5.7.3"; - - private KeyPurposeId( - String id) - { - super(id); - } - - public static final KeyPurposeId anyExtendedKeyUsage = new KeyPurposeId(X509Extensions.ExtendedKeyUsage.getId() + ".0"); - public static final KeyPurposeId id_kp_serverAuth = new KeyPurposeId(id_kp + ".1"); - public static final KeyPurposeId id_kp_clientAuth = new KeyPurposeId(id_kp + ".2"); - public static final KeyPurposeId id_kp_codeSigning = new KeyPurposeId(id_kp + ".3"); - public static final KeyPurposeId id_kp_emailProtection = new KeyPurposeId(id_kp + ".4"); - public static final KeyPurposeId id_kp_ipsecEndSystem = new KeyPurposeId(id_kp + ".5"); - public static final KeyPurposeId id_kp_ipsecTunnel = new KeyPurposeId(id_kp + ".6"); - public static final KeyPurposeId id_kp_ipsecUser = new KeyPurposeId(id_kp + ".7"); - public static final KeyPurposeId id_kp_timeStamping = new KeyPurposeId(id_kp + ".8"); - public static final KeyPurposeId id_kp_OCSPSigning = new KeyPurposeId(id_kp + ".9"); - - // - // microsoft key purpose ids - // - public static final KeyPurposeId id_kp_smartcardlogon = new KeyPurposeId("1.3.6.1.4.1.311.20.2.2"); -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/KeyUsage.java b/luni/src/main/java/org/bouncycastle/asn1/x509/KeyUsage.java deleted file mode 100644 index e56424f..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/KeyUsage.java +++ /dev/null @@ -1,62 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.DERBitString; - -/** - * The KeyUsage object. - * <pre> - * id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } - * - * KeyUsage ::= BIT STRING { - * digitalSignature (0), - * nonRepudiation (1), - * keyEncipherment (2), - * dataEncipherment (3), - * keyAgreement (4), - * keyCertSign (5), - * cRLSign (6), - * encipherOnly (7), - * decipherOnly (8) } - * </pre> - */ -public class KeyUsage - extends DERBitString -{ - public static final int digitalSignature = (1 << 7); - public static final int nonRepudiation = (1 << 6); - public static final int keyEncipherment = (1 << 5); - public static final int dataEncipherment = (1 << 4); - public static final int keyAgreement = (1 << 3); - public static final int keyCertSign = (1 << 2); - public static final int cRLSign = (1 << 1); - public static final int encipherOnly = (1 << 0); - public static final int decipherOnly = (1 << 15); - - /** - * Basic constructor. - * - * @param usage - the bitwise OR of the Key Usage flags giving the - * allowed uses for the key. - * e.g. (KeyUsage.keyEncipherment | KeyUsage.dataEncipherment) - */ - public KeyUsage( - int usage) - { - super(getBytes(usage), getPadBits(usage)); - } - - public KeyUsage( - DERBitString usage) - { - super(usage.getBytes(), usage.getPadBits()); - } - - public String toString() - { - if (data.length == 1) - { - return "KeyUsage: 0x" + Integer.toHexString(data[0] & 0xff); - } - return "KeyUsage: 0x" + Integer.toHexString((data[1] & 0xff) << 8 | (data[0] & 0xff)); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/NameConstraints.java b/luni/src/main/java/org/bouncycastle/asn1/x509/NameConstraints.java deleted file mode 100644 index 1383d39..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/NameConstraints.java +++ /dev/null @@ -1,104 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import java.util.Enumeration; -import java.util.Vector; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; - -public class NameConstraints - extends ASN1Encodable -{ - private ASN1Sequence permitted, excluded; - - public NameConstraints(ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - while (e.hasMoreElements()) - { - ASN1TaggedObject o = ASN1TaggedObject.getInstance(e.nextElement()); - switch (o.getTagNo()) - { - case 0: - permitted = ASN1Sequence.getInstance(o, false); - break; - case 1: - excluded = ASN1Sequence.getInstance(o, false); - break; - } - } - } - - /** - * Constructor from a given details. - * - * <p> - * permitted and excluded are Vectors of GeneralSubtree objects. - * - * @param permitted - * Permitted subtrees - * @param excluded - * Excludes subtrees - */ - public NameConstraints( - Vector permitted, - Vector excluded) - { - if (permitted != null) - { - this.permitted = createSequence(permitted); - } - if (excluded != null) - { - this.excluded = createSequence(excluded); - } - } - - private DERSequence createSequence(Vector subtree) - { - ASN1EncodableVector vec = new ASN1EncodableVector(); - Enumeration e = subtree.elements(); - while (e.hasMoreElements()) - { - vec.add((GeneralSubtree)e.nextElement()); - } - - return new DERSequence(vec); - } - - public ASN1Sequence getPermittedSubtrees() - { - return permitted; - } - - public ASN1Sequence getExcludedSubtrees() - { - return excluded; - } - - /* - * NameConstraints ::= SEQUENCE { permittedSubtrees [0] GeneralSubtrees - * OPTIONAL, excludedSubtrees [1] GeneralSubtrees OPTIONAL } - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (permitted != null) - { - v.add(new DERTaggedObject(false, 0, permitted)); - } - - if (excluded != null) - { - v.add(new DERTaggedObject(false, 1, excluded)); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/NoticeReference.java b/luni/src/main/java/org/bouncycastle/asn1/x509/NoticeReference.java deleted file mode 100644 index 0bc639a..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/NoticeReference.java +++ /dev/null @@ -1,155 +0,0 @@ - -package org.bouncycastle.asn1.x509; - -import java.util.Enumeration; -import java.util.Vector; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -/** - * <code>NoticeReference</code> class, used in - * <code>CertificatePolicies</code> X509 V3 extensions - * (in policy qualifiers). - * - * <pre> - * NoticeReference ::= SEQUENCE { - * organization DisplayText, - * noticeNumbers SEQUENCE OF INTEGER } - * - * </pre> - * - * @see PolicyQualifierInfo - * @see PolicyInformation - */ -public class NoticeReference - extends ASN1Encodable -{ - private DisplayText organization; - private ASN1Sequence noticeNumbers; - - /** - * Creates a new <code>NoticeReference</code> instance. - * - * @param orgName a <code>String</code> value - * @param numbers a <code>Vector</code> value - */ - public NoticeReference( - String orgName, - Vector numbers) - { - organization = new DisplayText(orgName); - - Object o = numbers.elementAt(0); - - ASN1EncodableVector av = new ASN1EncodableVector(); - if (o instanceof Integer) - { - Enumeration it = numbers.elements(); - - while (it.hasMoreElements()) - { - Integer nm = (Integer) it.nextElement(); - DERInteger di = new DERInteger(nm.intValue()); - av.add (di); - } - } - - noticeNumbers = new DERSequence(av); - } - - /** - * Creates a new <code>NoticeReference</code> instance. - * - * @param orgName a <code>String</code> value - * @param numbers an <code>ASN1EncodableVector</code> value - */ - public NoticeReference( - String orgName, - ASN1Sequence numbers) - { - organization = new DisplayText (orgName); - noticeNumbers = numbers; - } - - /** - * Creates a new <code>NoticeReference</code> instance. - * - * @param displayTextType an <code>int</code> value - * @param orgName a <code>String</code> value - * @param numbers an <code>ASN1EncodableVector</code> value - */ - public NoticeReference( - int displayTextType, - String orgName, - ASN1Sequence numbers) - { - organization = new DisplayText(displayTextType, - orgName); - noticeNumbers = numbers; - } - - /** - * Creates a new <code>NoticeReference</code> instance. - * <p>Useful for reconstructing a <code>NoticeReference</code> - * instance from its encodable/encoded form. - * - * @param as an <code>ASN1Sequence</code> value obtained from either - * calling @{link toASN1Object()} for a <code>NoticeReference</code> - * instance or from parsing it from a DER-encoded stream. - */ - public NoticeReference( - ASN1Sequence as) - { - if (as.size() != 2) - { - throw new IllegalArgumentException("Bad sequence size: " - + as.size()); - } - - organization = DisplayText.getInstance(as.getObjectAt(0)); - noticeNumbers = ASN1Sequence.getInstance(as.getObjectAt(1)); - } - - public static NoticeReference getInstance( - Object as) - { - if (as instanceof NoticeReference) - { - return (NoticeReference)as; - } - else if (as instanceof ASN1Sequence) - { - return new NoticeReference((ASN1Sequence)as); - } - - throw new IllegalArgumentException("unknown object in getInstance."); - } - - public DisplayText getOrganization() - { - return organization; - } - - public ASN1Sequence getNoticeNumbers() - { - return noticeNumbers; - } - - /** - * Describe <code>toASN1Object</code> method here. - * - * @return a <code>DERObject</code> value - */ - public DERObject toASN1Object() - { - ASN1EncodableVector av = new ASN1EncodableVector(); - av.add (organization); - av.add (noticeNumbers); - return new DERSequence (av); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/ObjectDigestInfo.java b/luni/src/main/java/org/bouncycastle/asn1/x509/ObjectDigestInfo.java deleted file mode 100644 index 048922b..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/ObjectDigestInfo.java +++ /dev/null @@ -1,127 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DEREnumerated; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - - -public class ObjectDigestInfo - extends ASN1Encodable -{ - DEREnumerated digestedObjectType; - - DERObjectIdentifier otherObjectTypeID; - - AlgorithmIdentifier digestAlgorithm; - - DERBitString objectDigest; - - public static ObjectDigestInfo getInstance( - Object obj) - { - if (obj == null || obj instanceof ObjectDigestInfo) - { - return (ObjectDigestInfo)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new ObjectDigestInfo((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - public static ObjectDigestInfo getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public ObjectDigestInfo(ASN1Sequence seq) - { - if (seq.size() > 4 || seq.size() < 3) - { - throw new IllegalArgumentException("Bad sequence size: " - + seq.size()); - } - - digestedObjectType = DEREnumerated.getInstance(seq.getObjectAt(0)); - - int offset = 0; - - if (seq.size() == 4) - { - otherObjectTypeID = DERObjectIdentifier.getInstance(seq.getObjectAt(1)); - offset++; - } - - digestAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(1 + offset)); - - objectDigest = DERBitString.getInstance(seq.getObjectAt(2 + offset)); - } - - public DEREnumerated getDigestedObjectType() - { - return digestedObjectType; - } - - public DERObjectIdentifier getOtherObjectTypeID() - { - return otherObjectTypeID; - } - - public AlgorithmIdentifier getDigestAlgorithm() - { - return digestAlgorithm; - } - - public DERBitString getObjectDigest() - { - return objectDigest; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * - * <pre> - * - * ObjectDigestInfo ::= SEQUENCE { - * digestedObjectType ENUMERATED { - * publicKey (0), - * publicKeyCert (1), - * otherObjectTypes (2) }, - * -- otherObjectTypes MUST NOT - * -- be used in this profile - * otherObjectTypeID OBJECT IDENTIFIER OPTIONAL, - * digestAlgorithm AlgorithmIdentifier, - * objectDigest BIT STRING - * } - * - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(digestedObjectType); - - if (otherObjectTypeID != null) - { - v.add(otherObjectTypeID); - } - - v.add(digestAlgorithm); - v.add(objectDigest); - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/PolicyInformation.java b/luni/src/main/java/org/bouncycastle/asn1/x509/PolicyInformation.java deleted file mode 100644 index b4373b0..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/PolicyInformation.java +++ /dev/null @@ -1,87 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -public class PolicyInformation - extends ASN1Encodable -{ - private DERObjectIdentifier policyIdentifier; - private ASN1Sequence policyQualifiers; - - public PolicyInformation( - ASN1Sequence seq) - { - if (seq.size() < 1 || seq.size() > 2) - { - throw new IllegalArgumentException("Bad sequence size: " - + seq.size()); - } - - policyIdentifier = DERObjectIdentifier.getInstance(seq.getObjectAt(0)); - - if (seq.size() > 1) - { - policyQualifiers = ASN1Sequence.getInstance(seq.getObjectAt(1)); - } - } - - public PolicyInformation( - DERObjectIdentifier policyIdentifier) - { - this.policyIdentifier = policyIdentifier; - } - - public PolicyInformation( - DERObjectIdentifier policyIdentifier, - ASN1Sequence policyQualifiers) - { - this.policyIdentifier = policyIdentifier; - this.policyQualifiers = policyQualifiers; - } - - public static PolicyInformation getInstance( - Object obj) - { - if (obj == null || obj instanceof PolicyInformation) - { - return (PolicyInformation)obj; - } - - return new PolicyInformation(ASN1Sequence.getInstance(obj)); - } - - public DERObjectIdentifier getPolicyIdentifier() - { - return policyIdentifier; - } - - public ASN1Sequence getPolicyQualifiers() - { - return policyQualifiers; - } - - /* - * PolicyInformation ::= SEQUENCE { - * policyIdentifier CertPolicyId, - * policyQualifiers SEQUENCE SIZE (1..MAX) OF - * PolicyQualifierInfo OPTIONAL } - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(policyIdentifier); - - if (policyQualifiers != null) - { - v.add(policyQualifiers); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/PolicyMappings.java b/luni/src/main/java/org/bouncycastle/asn1/x509/PolicyMappings.java deleted file mode 100644 index df78ec4..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/PolicyMappings.java +++ /dev/null @@ -1,68 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import java.util.Hashtable; -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -/** - * PolicyMappings V3 extension, described in RFC3280. - * <pre> - * PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE { - * issuerDomainPolicy CertPolicyId, - * subjectDomainPolicy CertPolicyId } - * </pre> - * - * @see <a href="http://www.faqs.org/rfc/rfc3280.txt">RFC 3280, section 4.2.1.6</a> - */ -public class PolicyMappings - extends ASN1Encodable -{ - ASN1Sequence seq = null; - - /** - * Creates a new <code>PolicyMappings</code> instance. - * - * @param seq an <code>ASN1Sequence</code> constructed as specified - * in RFC 3280 - */ - public PolicyMappings (ASN1Sequence seq) - { - this.seq = seq; - } - - /** - * Creates a new <code>PolicyMappings</code> instance. - * - * @param mappings a <code>HashMap</code> value that maps - * <code>String</code> oids - * to other <code>String</code> oids. - */ - public PolicyMappings (Hashtable mappings) - { - ASN1EncodableVector dev = new ASN1EncodableVector(); - Enumeration it = mappings.keys(); - - while (it.hasMoreElements()) - { - String idp = (String) it.nextElement(); - String sdp = (String) mappings.get(idp); - ASN1EncodableVector dv = new ASN1EncodableVector(); - dv.add(new DERObjectIdentifier(idp)); - dv.add(new DERObjectIdentifier(sdp)); - dev.add(new DERSequence(dv)); - } - - seq = new DERSequence(dev); - } - - public DERObject toASN1Object() - { - return seq; - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/PolicyQualifierId.java b/luni/src/main/java/org/bouncycastle/asn1/x509/PolicyQualifierId.java deleted file mode 100644 index 2678057..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/PolicyQualifierId.java +++ /dev/null @@ -1,31 +0,0 @@ - -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.DERObjectIdentifier; - -/** - * PolicyQualifierId, used in the CertificatePolicies - * X509V3 extension. - * - * <pre> - * id-qt OBJECT IDENTIFIER ::= { id-pkix 2 } - * id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 } - * id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 } - * PolicyQualifierId ::= - * OBJECT IDENTIFIER (id-qt-cps | id-qt-unotice) - * </pre> - */ -public class PolicyQualifierId extends DERObjectIdentifier -{ - private static final String id_qt = "1.3.6.1.5.5.7.2"; - - private PolicyQualifierId(String id) - { - super(id); - } - - public static final PolicyQualifierId id_qt_cps = - new PolicyQualifierId(id_qt + ".1"); - public static final PolicyQualifierId id_qt_unotice = - new PolicyQualifierId(id_qt + ".2"); -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/PolicyQualifierInfo.java b/luni/src/main/java/org/bouncycastle/asn1/x509/PolicyQualifierInfo.java deleted file mode 100644 index 6e97f70..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/PolicyQualifierInfo.java +++ /dev/null @@ -1,114 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -/** - * Policy qualifiers, used in the X509V3 CertificatePolicies - * extension. - * - * <pre> - * PolicyQualifierInfo ::= SEQUENCE { - * policyQualifierId PolicyQualifierId, - * qualifier ANY DEFINED BY policyQualifierId } - * </pre> - */ -public class PolicyQualifierInfo - extends ASN1Encodable -{ - private DERObjectIdentifier policyQualifierId; - private DEREncodable qualifier; - - /** - * Creates a new <code>PolicyQualifierInfo</code> instance. - * - * @param policyQualifierId a <code>PolicyQualifierId</code> value - * @param qualifier the qualifier, defined by the above field. - */ - public PolicyQualifierInfo( - DERObjectIdentifier policyQualifierId, - DEREncodable qualifier) - { - this.policyQualifierId = policyQualifierId; - this.qualifier = qualifier; - } - - /** - * Creates a new <code>PolicyQualifierInfo</code> containing a - * cPSuri qualifier. - * - * @param cps the CPS (certification practice statement) uri as a - * <code>String</code>. - */ - public PolicyQualifierInfo( - String cps) - { - policyQualifierId = PolicyQualifierId.id_qt_cps; - qualifier = new DERIA5String (cps); - } - - /** - * Creates a new <code>PolicyQualifierInfo</code> instance. - * - * @param as <code>PolicyQualifierInfo</code> X509 structure - * encoded as an ASN1Sequence. - */ - public PolicyQualifierInfo( - ASN1Sequence as) - { - if (as.size() != 2) - { - throw new IllegalArgumentException("Bad sequence size: " - + as.size()); - } - - policyQualifierId = DERObjectIdentifier.getInstance(as.getObjectAt(0)); - qualifier = as.getObjectAt(1); - } - - public static PolicyQualifierInfo getInstance( - Object as) - { - if (as instanceof PolicyQualifierInfo) - { - return (PolicyQualifierInfo)as; - } - else if (as instanceof ASN1Sequence) - { - return new PolicyQualifierInfo((ASN1Sequence)as); - } - - throw new IllegalArgumentException("unknown object in getInstance."); - } - - - public DERObjectIdentifier getPolicyQualifierId() - { - return policyQualifierId; - } - - public DEREncodable getQualifier() - { - return qualifier; - } - - /** - * Returns a DER-encodable representation of this instance. - * - * @return a <code>DERObject</code> value - */ - public DERObject toASN1Object() - { - ASN1EncodableVector dev = new ASN1EncodableVector(); - dev.add(policyQualifierId); - dev.add(qualifier); - - return new DERSequence(dev); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/RSAPublicKeyStructure.java b/luni/src/main/java/org/bouncycastle/asn1/x509/RSAPublicKeyStructure.java deleted file mode 100644 index 0047f6a..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/RSAPublicKeyStructure.java +++ /dev/null @@ -1,95 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import java.math.BigInteger; -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -public class RSAPublicKeyStructure - extends ASN1Encodable -{ - private BigInteger modulus; - private BigInteger publicExponent; - - public static RSAPublicKeyStructure getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static RSAPublicKeyStructure getInstance( - Object obj) - { - if(obj == null || obj instanceof RSAPublicKeyStructure) - { - return (RSAPublicKeyStructure)obj; - } - - if(obj instanceof ASN1Sequence) - { - return new RSAPublicKeyStructure((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("Invalid RSAPublicKeyStructure: " + obj.getClass().getName()); - } - - public RSAPublicKeyStructure( - BigInteger modulus, - BigInteger publicExponent) - { - this.modulus = modulus; - this.publicExponent = publicExponent; - } - - public RSAPublicKeyStructure( - ASN1Sequence seq) - { - if (seq.size() != 2) - { - throw new IllegalArgumentException("Bad sequence size: " - + seq.size()); - } - - Enumeration e = seq.getObjects(); - - modulus = DERInteger.getInstance(e.nextElement()).getPositiveValue(); - publicExponent = DERInteger.getInstance(e.nextElement()).getPositiveValue(); - } - - public BigInteger getModulus() - { - return modulus; - } - - public BigInteger getPublicExponent() - { - return publicExponent; - } - - /** - * This outputs the key in PKCS1v2 format. - * <pre> - * RSAPublicKey ::= SEQUENCE { - * modulus INTEGER, -- n - * publicExponent INTEGER, -- e - * } - * </pre> - * <p> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(new DERInteger(getModulus())); - v.add(new DERInteger(getPublicExponent())); - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/ReasonFlags.java b/luni/src/main/java/org/bouncycastle/asn1/x509/ReasonFlags.java deleted file mode 100644 index 612e2c5..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/ReasonFlags.java +++ /dev/null @@ -1,85 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.DERBitString; - -/** - * The ReasonFlags object. - * <pre> - * ReasonFlags ::= BIT STRING { - * unused (0), - * keyCompromise (1), - * cACompromise (2), - * affiliationChanged (3), - * superseded (4), - * cessationOfOperation (5), - * certificateHold (6), - * privilegeWithdrawn (7), - * aACompromise (8) } - * </pre> - */ -public class ReasonFlags - extends DERBitString -{ - /** - * @deprecated use lower case version - */ - public static final int UNUSED = (1 << 7); - /** - * @deprecated use lower case version - */ - public static final int KEY_COMPROMISE = (1 << 6); - /** - * @deprecated use lower case version - */ - public static final int CA_COMPROMISE = (1 << 5); - /** - * @deprecated use lower case version - */ - public static final int AFFILIATION_CHANGED = (1 << 4); - /** - * @deprecated use lower case version - */ - public static final int SUPERSEDED = (1 << 3); - /** - * @deprecated use lower case version - */ - public static final int CESSATION_OF_OPERATION = (1 << 2); - /** - * @deprecated use lower case version - */ - public static final int CERTIFICATE_HOLD = (1 << 1); - /** - * @deprecated use lower case version - */ - public static final int PRIVILEGE_WITHDRAWN = (1 << 0); - /** - * @deprecated use lower case version - */ - public static final int AA_COMPROMISE = (1 << 15); - - public static final int unused = (1 << 7); - public static final int keyCompromise = (1 << 6); - public static final int cACompromise = (1 << 5); - public static final int affiliationChanged = (1 << 4); - public static final int superseded = (1 << 3); - public static final int cessationOfOperation = (1 << 2); - public static final int certificateHold = (1 << 1); - public static final int privilegeWithdrawn = (1 << 0); - public static final int aACompromise = (1 << 15); - - /** - * @param reasons - the bitwise OR of the Key Reason flags giving the - * allowed uses for the key. - */ - public ReasonFlags( - int reasons) - { - super(getBytes(reasons), getPadBits(reasons)); - } - - public ReasonFlags( - DERBitString reasons) - { - super(reasons.getBytes(), reasons.getPadBits()); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/RoleSyntax.java b/luni/src/main/java/org/bouncycastle/asn1/x509/RoleSyntax.java deleted file mode 100644 index fe227d9..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/RoleSyntax.java +++ /dev/null @@ -1,236 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERString; -import org.bouncycastle.asn1.DERTaggedObject; - -/** - * Implementation of the RoleSyntax object as specified by the RFC3281. - * - * <pre> - * RoleSyntax ::= SEQUENCE { - * roleAuthority [0] GeneralNames OPTIONAL, - * roleName [1] GeneralName - * } - * </pre> - */ -public class RoleSyntax - extends ASN1Encodable -{ - private GeneralNames roleAuthority; - private GeneralName roleName; - - /** - * RoleSyntax factory method. - * @param obj the object used to construct an instance of <code> - * RoleSyntax</code>. It must be an instance of <code>RoleSyntax - * </code> or <code>ASN1Sequence</code>. - * @return the instance of <code>RoleSyntax</code> built from the - * supplied object. - * @throws java.lang.IllegalArgumentException if the object passed - * to the factory is not an instance of <code>RoleSyntax</code> or - * <code>ASN1Sequence</code>. - */ - public static RoleSyntax getInstance( - Object obj) - { - - if(obj == null || obj instanceof RoleSyntax) - { - return (RoleSyntax)obj; - } - else if(obj instanceof ASN1Sequence) - { - return new RoleSyntax((ASN1Sequence)obj); - } - throw new IllegalArgumentException("Unknown object in RoleSyntax factory."); - } - - /** - * Constructor. - * @param roleAuthority the role authority of this RoleSyntax. - * @param roleName the role name of this RoleSyntax. - */ - public RoleSyntax( - GeneralNames roleAuthority, - GeneralName roleName) - { - if(roleName == null || - roleName.getTagNo() != GeneralName.uniformResourceIdentifier || - ((DERString)roleName.getName()).getString().equals("")) - { - throw new IllegalArgumentException("the role name MUST be non empty and MUST " + - "use the URI option of GeneralName"); - } - this.roleAuthority = roleAuthority; - this.roleName = roleName; - } - - /** - * Constructor. Invoking this constructor is the same as invoking - * <code>new RoleSyntax(null, roleName)</code>. - * @param roleName the role name of this RoleSyntax. - */ - public RoleSyntax( - GeneralName roleName) - { - this(null, roleName); - } - - /** - * Utility constructor. Takes a <code>String</code> argument representing - * the role name, builds a <code>GeneralName</code> to hold the role name - * and calls the constructor that takes a <code>GeneralName</code>. - * @param roleName - */ - public RoleSyntax( - String roleName) - { - this(new GeneralName(GeneralName.uniformResourceIdentifier, - (roleName == null)? "": roleName)); - } - - /** - * Constructor that builds an instance of <code>RoleSyntax</code> by - * extracting the encoded elements from the <code>ASN1Sequence</code> - * object supplied. - * @param seq an instance of <code>ASN1Sequence</code> that holds - * the encoded elements used to build this <code>RoleSyntax</code>. - */ - public RoleSyntax( - ASN1Sequence seq) - { - if (seq.size() < 1 || seq.size() > 2) - { - throw new IllegalArgumentException("Bad sequence size: " - + seq.size()); - } - - for (int i = 0; i != seq.size(); i++) - { - ASN1TaggedObject taggedObject = ASN1TaggedObject.getInstance(seq.getObjectAt(i)); - switch (taggedObject.getTagNo()) - { - case 0: - roleAuthority = GeneralNames.getInstance(taggedObject, false); - break; - case 1: - roleName = GeneralName.getInstance(taggedObject, false); - break; - default: - throw new IllegalArgumentException("Unknown tag in RoleSyntax"); - } - } - } - - /** - * Gets the role authority of this RoleSyntax. - * @return an instance of <code>GeneralNames</code> holding the - * role authority of this RoleSyntax. - */ - public GeneralNames getRoleAuthority() - { - return this.roleAuthority; - } - - /** - * Gets the role name of this RoleSyntax. - * @return an instance of <code>GeneralName</code> holding the - * role name of this RoleSyntax. - */ - public GeneralName getRoleName() - { - return this.roleName; - } - - /** - * Gets the role name as a <code>java.lang.String</code> object. - * @return the role name of this RoleSyntax represented as a - * <code>java.lang.String</code> object. - */ - public String getRoleNameAsString() - { - DERString str = (DERString)this.roleName.getName(); - - return str.getString(); - } - - /** - * Gets the role authority as a <code>String[]</code> object. - * @return the role authority of this RoleSyntax represented as a - * <code>String[]<code> array. - */ - public String[] getRoleAuthorityAsString() - { - if(roleAuthority == null) - { - return new String[0]; - } - - GeneralName[] names = roleAuthority.getNames(); - String[] namesString = new String[names.length]; - for(int i = 0; i < names.length; i++) - { - DEREncodable value = names[i].getName(); - if(value instanceof DERString) - { - namesString[i] = ((DERString)value).getString(); - } - else - { - namesString[i] = value.toString(); - } - } - return namesString; - } - - /** - * Implementation of the method <code>toASN1Object</code> as - * required by the superclass <code>ASN1Encodable</code>. - * - * <pre> - * RoleSyntax ::= SEQUENCE { - * roleAuthority [0] GeneralNames OPTIONAL, - * roleName [1] GeneralName - * } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - if(this.roleAuthority != null) - { - v.add(new DERTaggedObject(false, 0, roleAuthority)); - } - v.add(new DERTaggedObject(false, 1, roleName)); - - return new DERSequence(v); - } - - public String toString() - { - StringBuffer buff = new StringBuffer("Name: " + this.getRoleNameAsString() + - " - Auth: "); - if(this.roleAuthority == null || roleAuthority.getNames().length == 0) - { - buff.append("N/A"); - } - else - { - String[] names = this.getRoleAuthorityAsString(); - buff.append('[').append(names[0]); - for(int i = 1; i < names.length; i++) - { - buff.append(", ").append(names[i]); - } - buff.append(']'); - } - return buff.toString(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/SubjectDirectoryAttributes.java b/luni/src/main/java/org/bouncycastle/asn1/x509/SubjectDirectoryAttributes.java deleted file mode 100644 index 3dede65..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/SubjectDirectoryAttributes.java +++ /dev/null @@ -1,144 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import java.util.Enumeration; -import java.util.Vector; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -/** - * This extension may contain further X.500 attributes of the subject. See also - * RFC 3039. - * - * <pre> - * SubjectDirectoryAttributes ::= Attributes - * Attributes ::= SEQUENCE SIZE (1..MAX) OF Attribute - * Attribute ::= SEQUENCE - * { - * type AttributeType - * values SET OF AttributeValue - * } - * - * AttributeType ::= OBJECT IDENTIFIER - * AttributeValue ::= ANY DEFINED BY AttributeType - * </pre> - * - * @see org.bouncycastle.asn1.x509.X509Name for AttributeType ObjectIdentifiers. - */ -public class SubjectDirectoryAttributes - extends ASN1Encodable -{ - private Vector attributes = new Vector(); - - public static SubjectDirectoryAttributes getInstance( - Object obj) - { - if (obj == null || obj instanceof SubjectDirectoryAttributes) - { - return (SubjectDirectoryAttributes)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new SubjectDirectoryAttributes((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - /** - * Constructor from ASN1Sequence. - * - * The sequence is of type SubjectDirectoryAttributes: - * - * <pre> - * SubjectDirectoryAttributes ::= Attributes - * Attributes ::= SEQUENCE SIZE (1..MAX) OF Attribute - * Attribute ::= SEQUENCE - * { - * type AttributeType - * values SET OF AttributeValue - * } - * - * AttributeType ::= OBJECT IDENTIFIER - * AttributeValue ::= ANY DEFINED BY AttributeType - * </pre> - * - * @param seq - * The ASN.1 sequence. - */ - public SubjectDirectoryAttributes(ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - while (e.hasMoreElements()) - { - ASN1Sequence s = ASN1Sequence.getInstance(e.nextElement()); - attributes.addElement(new Attribute(s)); - } - } - - /** - * Constructor from a vector of attributes. - * - * The vector consists of attributes of type {@link Attribute Attribute} - * - * @param attributes - * The attributes. - * - */ - public SubjectDirectoryAttributes(Vector attributes) - { - Enumeration e = attributes.elements(); - - while (e.hasMoreElements()) - { - this.attributes.addElement(e.nextElement()); - } - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * - * Returns: - * - * <pre> - * SubjectDirectoryAttributes ::= Attributes - * Attributes ::= SEQUENCE SIZE (1..MAX) OF Attribute - * Attribute ::= SEQUENCE - * { - * type AttributeType - * values SET OF AttributeValue - * } - * - * AttributeType ::= OBJECT IDENTIFIER - * AttributeValue ::= ANY DEFINED BY AttributeType - * </pre> - * - * @return a DERObject - */ - public DERObject toASN1Object() - { - ASN1EncodableVector vec = new ASN1EncodableVector(); - Enumeration e = attributes.elements(); - - while (e.hasMoreElements()) - { - - vec.add((Attribute)e.nextElement()); - } - - return new DERSequence(vec); - } - - /** - * @return Returns the attributes. - */ - public Vector getAttributes() - { - return attributes; - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java b/luni/src/main/java/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java deleted file mode 100644 index ca7ad42..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java +++ /dev/null @@ -1,90 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; - -/** - * The SubjectKeyIdentifier object. - * <pre> - * SubjectKeyIdentifier::= OCTET STRING - * </pre> - */ -public class SubjectKeyIdentifier - extends ASN1Encodable -{ - private byte[] keyidentifier; - - public static SubjectKeyIdentifier getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1OctetString.getInstance(obj, explicit)); - } - - public static SubjectKeyIdentifier getInstance( - Object obj) - { - if (obj == null || obj instanceof SubjectKeyIdentifier) - { - return (SubjectKeyIdentifier)obj; - } - - if (obj instanceof SubjectPublicKeyInfo) - { - return new SubjectKeyIdentifier((SubjectPublicKeyInfo)obj); - } - - if (obj instanceof ASN1OctetString) - { - return new SubjectKeyIdentifier((ASN1OctetString)obj); - } - - throw new IllegalArgumentException("Invalid SubjectKeyIdentifier: " + obj.getClass().getName()); - } - - public SubjectKeyIdentifier( - byte[] keyid) - { - this.keyidentifier=keyid; - } - - public SubjectKeyIdentifier( - ASN1OctetString keyid) - { - this.keyidentifier=keyid.getOctets(); - - } - - /** - * - * Calulates the keyidentifier using a SHA1 hash over the BIT STRING - * from SubjectPublicKeyInfo as defined in RFC2459. - * - **/ - public SubjectKeyIdentifier( - SubjectPublicKeyInfo spki) - { - Digest digest = new SHA1Digest(); - byte[] resBuf = new byte[digest.getDigestSize()]; - - byte[] bytes = spki.getPublicKeyData().getBytes(); - digest.update(bytes, 0, bytes.length); - digest.doFinal(resBuf, 0); - this.keyidentifier=resBuf; - } - - public byte[] getKeyIdentifier() - { - return keyidentifier; - } - - public DERObject toASN1Object() - { - return new DEROctetString(keyidentifier); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/SubjectPublicKeyInfo.java b/luni/src/main/java/org/bouncycastle/asn1/x509/SubjectPublicKeyInfo.java deleted file mode 100644 index a733727..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/SubjectPublicKeyInfo.java +++ /dev/null @@ -1,126 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import java.io.IOException; -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -/** - * The object that contains the public key stored in a certficate. - * <p> - * The getEncoded() method in the public keys in the JCE produces a DER - * encoded one of these. - */ -public class SubjectPublicKeyInfo - extends ASN1Encodable -{ - private AlgorithmIdentifier algId; - private DERBitString keyData; - - public static SubjectPublicKeyInfo getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static SubjectPublicKeyInfo getInstance( - Object obj) - { - if (obj instanceof SubjectPublicKeyInfo) - { - return (SubjectPublicKeyInfo)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new SubjectPublicKeyInfo((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public SubjectPublicKeyInfo( - AlgorithmIdentifier algId, - DEREncodable publicKey) - { - this.keyData = new DERBitString(publicKey); - this.algId = algId; - } - - public SubjectPublicKeyInfo( - AlgorithmIdentifier algId, - byte[] publicKey) - { - this.keyData = new DERBitString(publicKey); - this.algId = algId; - } - - public SubjectPublicKeyInfo( - ASN1Sequence seq) - { - if (seq.size() != 2) - { - throw new IllegalArgumentException("Bad sequence size: " - + seq.size()); - } - - Enumeration e = seq.getObjects(); - - this.algId = AlgorithmIdentifier.getInstance(e.nextElement()); - this.keyData = DERBitString.getInstance(e.nextElement()); - } - - public AlgorithmIdentifier getAlgorithmId() - { - return algId; - } - - /** - * for when the public key is an encoded object - if the bitstring - * can't be decoded this routine throws an IOException. - * - * @exception IOException - if the bit string doesn't represent a DER - * encoded object. - */ - public DERObject getPublicKey() - throws IOException - { - ASN1InputStream aIn = new ASN1InputStream(keyData.getBytes()); - - return aIn.readObject(); - } - - /** - * for when the public key is raw bits... - */ - public DERBitString getPublicKeyData() - { - return keyData; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * SubjectPublicKeyInfo ::= SEQUENCE { - * algorithm AlgorithmIdentifier, - * publicKey BIT STRING } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(algId); - v.add(keyData); - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/TBSCertList.java b/luni/src/main/java/org/bouncycastle/asn1/x509/TBSCertList.java deleted file mode 100644 index 6c5afd8..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/TBSCertList.java +++ /dev/null @@ -1,212 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.DERUTCTime; - -/** - * PKIX RFC-2459 - TBSCertList object. - * <pre> - * TBSCertList ::= SEQUENCE { - * version Version OPTIONAL, - * -- if present, shall be v2 - * signature AlgorithmIdentifier, - * issuer Name, - * thisUpdate Time, - * nextUpdate Time OPTIONAL, - * revokedCertificates SEQUENCE OF SEQUENCE { - * userCertificate CertificateSerialNumber, - * revocationDate Time, - * crlEntryExtensions Extensions OPTIONAL - * -- if present, shall be v2 - * } OPTIONAL, - * crlExtensions [0] EXPLICIT Extensions OPTIONAL - * -- if present, shall be v2 - * } - * </pre> - */ -public class TBSCertList - extends ASN1Encodable -{ - public class CRLEntry - extends ASN1Encodable - { - ASN1Sequence seq; - - DERInteger userCertificate; - Time revocationDate; - X509Extensions crlEntryExtensions; - - public CRLEntry( - ASN1Sequence seq) - { - if (seq.size() < 2 || seq.size() > 3) - { - throw new IllegalArgumentException("Bad sequence size: " + seq.size()); - } - - this.seq = seq; - - userCertificate = DERInteger.getInstance(seq.getObjectAt(0)); - revocationDate = Time.getInstance(seq.getObjectAt(1)); - if (seq.size() == 3) - { - crlEntryExtensions = X509Extensions.getInstance(seq.getObjectAt(2)); - } - } - - public DERInteger getUserCertificate() - { - return userCertificate; - } - - public Time getRevocationDate() - { - return revocationDate; - } - - public X509Extensions getExtensions() - { - return crlEntryExtensions; - } - - public DERObject toASN1Object() - { - return seq; - } - } - - ASN1Sequence seq; - - DERInteger version; - AlgorithmIdentifier signature; - X509Name issuer; - Time thisUpdate; - Time nextUpdate; - CRLEntry[] revokedCertificates; - X509Extensions crlExtensions; - - public static TBSCertList getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static TBSCertList getInstance( - Object obj) - { - if (obj instanceof TBSCertList) - { - return (TBSCertList)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new TBSCertList((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public TBSCertList( - ASN1Sequence seq) - { - if (seq.size() < 3 || seq.size() > 7) - { - throw new IllegalArgumentException("Bad sequence size: " + seq.size()); - } - - int seqPos = 0; - - this.seq = seq; - - if (seq.getObjectAt(seqPos) instanceof DERInteger) - { - version = DERInteger.getInstance(seq.getObjectAt(seqPos++)); - } - else - { - version = new DERInteger(0); - } - - signature = AlgorithmIdentifier.getInstance(seq.getObjectAt(seqPos++)); - issuer = X509Name.getInstance(seq.getObjectAt(seqPos++)); - thisUpdate = Time.getInstance(seq.getObjectAt(seqPos++)); - - if (seqPos < seq.size() - && (seq.getObjectAt(seqPos) instanceof DERUTCTime - || seq.getObjectAt(seqPos) instanceof DERGeneralizedTime - || seq.getObjectAt(seqPos) instanceof Time)) - { - nextUpdate = Time.getInstance(seq.getObjectAt(seqPos++)); - } - - if (seqPos < seq.size() - && !(seq.getObjectAt(seqPos) instanceof DERTaggedObject)) - { - ASN1Sequence certs = ASN1Sequence.getInstance(seq.getObjectAt(seqPos++)); - revokedCertificates = new CRLEntry[certs.size()]; - - for (int i = 0; i < revokedCertificates.length; i++) - { - revokedCertificates[i] = new CRLEntry(ASN1Sequence.getInstance(certs.getObjectAt(i))); - } - } - - if (seqPos < seq.size() - && seq.getObjectAt(seqPos) instanceof DERTaggedObject) - { - crlExtensions = X509Extensions.getInstance(seq.getObjectAt(seqPos++)); - } - } - - public int getVersion() - { - return version.getValue().intValue() + 1; - } - - public DERInteger getVersionNumber() - { - return version; - } - - public AlgorithmIdentifier getSignature() - { - return signature; - } - - public X509Name getIssuer() - { - return issuer; - } - - public Time getThisUpdate() - { - return thisUpdate; - } - - public Time getNextUpdate() - { - return nextUpdate; - } - - public CRLEntry[] getRevokedCertificates() - { - return revokedCertificates; - } - - public X509Extensions getExtensions() - { - return crlExtensions; - } - - public DERObject toASN1Object() - { - return seq; - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/TBSCertificateStructure.java b/luni/src/main/java/org/bouncycastle/asn1/x509/TBSCertificateStructure.java deleted file mode 100644 index cc3c0e4..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/TBSCertificateStructure.java +++ /dev/null @@ -1,193 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; - -/** - * The TBSCertificate object. - * <pre> - * TBSCertificate ::= SEQUENCE { - * version [ 0 ] Version DEFAULT v1(0), - * serialNumber CertificateSerialNumber, - * signature AlgorithmIdentifier, - * issuer Name, - * validity Validity, - * subject Name, - * subjectPublicKeyInfo SubjectPublicKeyInfo, - * issuerUniqueID [ 1 ] IMPLICIT UniqueIdentifier OPTIONAL, - * subjectUniqueID [ 2 ] IMPLICIT UniqueIdentifier OPTIONAL, - * extensions [ 3 ] Extensions OPTIONAL - * } - * </pre> - * <p> - * Note: issuerUniqueID and subjectUniqueID are both deprecated by the IETF. This class - * will parse them, but you really shouldn't be creating new ones. - */ -public class TBSCertificateStructure - extends ASN1Encodable - implements X509ObjectIdentifiers, PKCSObjectIdentifiers -{ - ASN1Sequence seq; - - DERInteger version; - DERInteger serialNumber; - AlgorithmIdentifier signature; - X509Name issuer; - Time startDate, endDate; - X509Name subject; - SubjectPublicKeyInfo subjectPublicKeyInfo; - DERBitString issuerUniqueId; - DERBitString subjectUniqueId; - X509Extensions extensions; - - public static TBSCertificateStructure getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static TBSCertificateStructure getInstance( - Object obj) - { - if (obj instanceof TBSCertificateStructure) - { - return (TBSCertificateStructure)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new TBSCertificateStructure((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public TBSCertificateStructure( - ASN1Sequence seq) - { - int seqStart = 0; - - this.seq = seq; - - // - // some certficates don't include a version number - we assume v1 - // - if (seq.getObjectAt(0) instanceof DERTaggedObject) - { - version = DERInteger.getInstance(seq.getObjectAt(0)); - } - else - { - seqStart = -1; // field 0 is missing! - version = new DERInteger(0); - } - - serialNumber = DERInteger.getInstance(seq.getObjectAt(seqStart + 1)); - - signature = AlgorithmIdentifier.getInstance(seq.getObjectAt(seqStart + 2)); - issuer = X509Name.getInstance(seq.getObjectAt(seqStart + 3)); - - // - // before and after dates - // - ASN1Sequence dates = (ASN1Sequence)seq.getObjectAt(seqStart + 4); - - startDate = Time.getInstance(dates.getObjectAt(0)); - endDate = Time.getInstance(dates.getObjectAt(1)); - - subject = X509Name.getInstance(seq.getObjectAt(seqStart + 5)); - - // - // public key info. - // - subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(seq.getObjectAt(seqStart + 6)); - - for (int extras = seq.size() - (seqStart + 6) - 1; extras > 0; extras--) - { - DERTaggedObject extra = (DERTaggedObject)seq.getObjectAt(seqStart + 6 + extras); - - switch (extra.getTagNo()) - { - case 1: - issuerUniqueId = DERBitString.getInstance(extra, false); - break; - case 2: - subjectUniqueId = DERBitString.getInstance(extra, false); - break; - case 3: - extensions = X509Extensions.getInstance(extra); - } - } - } - - public int getVersion() - { - return version.getValue().intValue() + 1; - } - - public DERInteger getVersionNumber() - { - return version; - } - - public DERInteger getSerialNumber() - { - return serialNumber; - } - - public AlgorithmIdentifier getSignature() - { - return signature; - } - - public X509Name getIssuer() - { - return issuer; - } - - public Time getStartDate() - { - return startDate; - } - - public Time getEndDate() - { - return endDate; - } - - public X509Name getSubject() - { - return subject; - } - - public SubjectPublicKeyInfo getSubjectPublicKeyInfo() - { - return subjectPublicKeyInfo; - } - - public DERBitString getIssuerUniqueId() - { - return issuerUniqueId; - } - - public DERBitString getSubjectUniqueId() - { - return subjectUniqueId; - } - - public X509Extensions getExtensions() - { - return extensions; - } - - public DERObject toASN1Object() - { - return seq; - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/Time.java b/luni/src/main/java/org/bouncycastle/asn1/x509/Time.java deleted file mode 100644 index 7662ee4..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/Time.java +++ /dev/null @@ -1,116 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import java.text.ParsePosition; -import java.text.SimpleDateFormat; -import java.util.Date; -import java.util.SimpleTimeZone; - -import org.bouncycastle.asn1.ASN1Choice; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERUTCTime; - -public class Time - extends ASN1Encodable - implements ASN1Choice -{ - DERObject time; - - public static Time getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(obj.getObject()); // must be explicitly tagged - } - - public Time( - DERObject time) - { - if (!(time instanceof DERUTCTime) - && !(time instanceof DERGeneralizedTime)) - { - throw new IllegalArgumentException("unknown object passed to Time"); - } - - this.time = time; - } - - /** - * creates a time object from a given date - if the date is between 1950 - * and 2049 a UTCTime object is generated, otherwise a GeneralizedTime - * is used. - */ - public Time( - Date date) - { - SimpleTimeZone tz = new SimpleTimeZone(0, "Z"); - SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmss"); - - dateF.setTimeZone(tz); - - String d = dateF.format(date) + "Z"; - int year = Integer.parseInt(d.substring(0, 4)); - - if (year < 1950 || year > 2049) - { - time = new DERGeneralizedTime(d); - } - else - { - time = new DERUTCTime(d.substring(2)); - } - } - - public static Time getInstance( - Object obj) - { - if (obj instanceof Time) - { - return (Time)obj; - } - else if (obj instanceof DERUTCTime) - { - return new Time((DERUTCTime)obj); - } - else if (obj instanceof DERGeneralizedTime) - { - return new Time((DERGeneralizedTime)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public String getTime() - { - if (time instanceof DERUTCTime) - { - return ((DERUTCTime)time).getAdjustedTime(); - } - else - { - return ((DERGeneralizedTime)time).getTime(); - } - } - - public Date getDate() - { - SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmssz"); - - return dateF.parse(this.getTime(), new ParsePosition(0)); - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * Time ::= CHOICE { - * utcTime UTCTime, - * generalTime GeneralizedTime } - * </pre> - */ - public DERObject toASN1Object() - { - return time; - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/UserNotice.java b/luni/src/main/java/org/bouncycastle/asn1/x509/UserNotice.java deleted file mode 100644 index b3785ff..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/UserNotice.java +++ /dev/null @@ -1,117 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -/** - * <code>UserNotice</code> class, used in - * <code>CertificatePolicies</code> X509 extensions (in policy - * qualifiers). - * <pre> - * UserNotice ::= SEQUENCE { - * noticeRef NoticeReference OPTIONAL, - * explicitText DisplayText OPTIONAL} - * - * </pre> - * - * @see PolicyQualifierId - * @see PolicyInformation - */ -public class UserNotice - extends ASN1Encodable -{ - private NoticeReference noticeRef; - private DisplayText explicitText; - - /** - * Creates a new <code>UserNotice</code> instance. - * - * @param noticeRef a <code>NoticeReference</code> value - * @param explicitText a <code>DisplayText</code> value - */ - public UserNotice( - NoticeReference noticeRef, - DisplayText explicitText) - { - this.noticeRef = noticeRef; - this.explicitText = explicitText; - } - - /** - * Creates a new <code>UserNotice</code> instance. - * - * @param noticeRef a <code>NoticeReference</code> value - * @param str the explicitText field as a String. - */ - public UserNotice( - NoticeReference noticeRef, - String str) - { - this.noticeRef = noticeRef; - this.explicitText = new DisplayText(str); - } - - /** - * Creates a new <code>UserNotice</code> instance. - * <p>Useful from reconstructing a <code>UserNotice</code> instance - * from its encodable/encoded form. - * - * @param as an <code>ASN1Sequence</code> value obtained from either - * calling @{link toASN1Object()} for a <code>UserNotice</code> - * instance or from parsing it from a DER-encoded stream. - */ - public UserNotice( - ASN1Sequence as) - { - if (as.size() == 2) - { - noticeRef = NoticeReference.getInstance(as.getObjectAt(0)); - explicitText = DisplayText.getInstance(as.getObjectAt(1)); - } - else if (as.size() == 1) - { - if (as.getObjectAt(0).getDERObject() instanceof ASN1Sequence) - { - noticeRef = NoticeReference.getInstance(as.getObjectAt(0)); - } - else - { - explicitText = DisplayText.getInstance(as.getObjectAt(0)); - } - } - else - { - throw new IllegalArgumentException("Bad sequence size: " + as.size()); - } - } - - public NoticeReference getNoticeRef() - { - return noticeRef; - } - - public DisplayText getExplicitText() - { - return explicitText; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector av = new ASN1EncodableVector(); - - if (noticeRef != null) - { - av.add(noticeRef); - } - - if (explicitText != null) - { - av.add(explicitText); - } - - return new DERSequence(av); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/V1TBSCertificateGenerator.java b/luni/src/main/java/org/bouncycastle/asn1/x509/V1TBSCertificateGenerator.java deleted file mode 100644 index 53505d1..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/V1TBSCertificateGenerator.java +++ /dev/null @@ -1,125 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.DERUTCTime; - -/** - * Generator for Version 1 TBSCertificateStructures. - * <pre> - * TBSCertificate ::= SEQUENCE { - * version [ 0 ] Version DEFAULT v1(0), - * serialNumber CertificateSerialNumber, - * signature AlgorithmIdentifier, - * issuer Name, - * validity Validity, - * subject Name, - * subjectPublicKeyInfo SubjectPublicKeyInfo, - * } - * </pre> - * - */ -public class V1TBSCertificateGenerator -{ - DERTaggedObject version = new DERTaggedObject(0, new DERInteger(0)); - - DERInteger serialNumber; - AlgorithmIdentifier signature; - X509Name issuer; - Time startDate, endDate; - X509Name subject; - SubjectPublicKeyInfo subjectPublicKeyInfo; - - public V1TBSCertificateGenerator() - { - } - - public void setSerialNumber( - DERInteger serialNumber) - { - this.serialNumber = serialNumber; - } - - public void setSignature( - AlgorithmIdentifier signature) - { - this.signature = signature; - } - - public void setIssuer( - X509Name issuer) - { - this.issuer = issuer; - } - - public void setStartDate( - Time startDate) - { - this.startDate = startDate; - } - - public void setStartDate( - DERUTCTime startDate) - { - this.startDate = new Time(startDate); - } - - public void setEndDate( - Time endDate) - { - this.endDate = endDate; - } - - public void setEndDate( - DERUTCTime endDate) - { - this.endDate = new Time(endDate); - } - - public void setSubject( - X509Name subject) - { - this.subject = subject; - } - - public void setSubjectPublicKeyInfo( - SubjectPublicKeyInfo pubKeyInfo) - { - this.subjectPublicKeyInfo = pubKeyInfo; - } - - public TBSCertificateStructure generateTBSCertificate() - { - if ((serialNumber == null) || (signature == null) - || (issuer == null) || (startDate == null) || (endDate == null) - || (subject == null) || (subjectPublicKeyInfo == null)) - { - throw new IllegalStateException("not all mandatory fields set in V1 TBScertificate generator"); - } - - ASN1EncodableVector seq = new ASN1EncodableVector(); - - // seq.add(version); - not required as default value. - seq.add(serialNumber); - seq.add(signature); - seq.add(issuer); - - // - // before and after dates - // - ASN1EncodableVector validity = new ASN1EncodableVector(); - - validity.add(startDate); - validity.add(endDate); - - seq.add(new DERSequence(validity)); - - seq.add(subject); - - seq.add(subjectPublicKeyInfo); - - return new TBSCertificateStructure(new DERSequence(seq)); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/V2AttributeCertificateInfoGenerator.java b/luni/src/main/java/org/bouncycastle/asn1/x509/V2AttributeCertificateInfoGenerator.java deleted file mode 100644 index 5931f77..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/V2AttributeCertificateInfoGenerator.java +++ /dev/null @@ -1,146 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERSet; - -/** - * Generator for Version 2 AttributeCertificateInfo - * <pre> - * AttributeCertificateInfo ::= SEQUENCE { - * version AttCertVersion -- version is v2, - * holder Holder, - * issuer AttCertIssuer, - * signature AlgorithmIdentifier, - * serialNumber CertificateSerialNumber, - * attrCertValidityPeriod AttCertValidityPeriod, - * attributes SEQUENCE OF Attribute, - * issuerUniqueID UniqueIdentifier OPTIONAL, - * extensions Extensions OPTIONAL - * } - * </pre> - * - */ -public class V2AttributeCertificateInfoGenerator -{ - private DERInteger version; - private Holder holder; - private AttCertIssuer issuer; - private AlgorithmIdentifier signature; - private DERInteger serialNumber; - private AttCertValidityPeriod attrCertValidityPeriod; - private ASN1EncodableVector attributes; - private DERBitString issuerUniqueID; - private X509Extensions extensions; - private DERGeneralizedTime startDate, endDate; - - public V2AttributeCertificateInfoGenerator() - { - this.version = new DERInteger(1); - attributes = new ASN1EncodableVector(); - } - - public void setHolder(Holder holder) - { - this.holder = holder; - } - - public void addAttribute(String oid, ASN1Encodable value) - { - attributes.add(new Attribute(new DERObjectIdentifier(oid), new DERSet(value))); - } - - /** - * @param attribute - */ - public void addAttribute(Attribute attribute) - { - attributes.add(attribute); - } - - public void setSerialNumber( - DERInteger serialNumber) - { - this.serialNumber = serialNumber; - } - - public void setSignature( - AlgorithmIdentifier signature) - { - this.signature = signature; - } - - public void setIssuer( - AttCertIssuer issuer) - { - this.issuer = issuer; - } - - public void setStartDate( - DERGeneralizedTime startDate) - { - this.startDate = startDate; - } - - public void setEndDate( - DERGeneralizedTime endDate) - { - this.endDate = endDate; - } - - public void setIssuerUniqueID( - DERBitString issuerUniqueID) - { - this.issuerUniqueID = issuerUniqueID; - } - - public void setExtensions( - X509Extensions extensions) - { - this.extensions = extensions; - } - - public AttributeCertificateInfo generateAttributeCertificateInfo() - { - if ((serialNumber == null) || (signature == null) - || (issuer == null) || (startDate == null) || (endDate == null) - || (holder == null) || (attributes == null)) - { - throw new IllegalStateException("not all mandatory fields set in V2 AttributeCertificateInfo generator"); - } - - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(version); - v.add(holder); - v.add(issuer); - v.add(signature); - v.add(serialNumber); - - // - // before and after dates => AttCertValidityPeriod - // - AttCertValidityPeriod validity = new AttCertValidityPeriod(startDate, endDate); - v.add(validity); - - // Attributes - v.add(new DERSequence(attributes)); - - if (issuerUniqueID != null) - { - v.add(issuerUniqueID); - } - - if (extensions != null) - { - v.add(extensions); - } - - return new AttributeCertificateInfo(new DERSequence(v)); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/V2Form.java b/luni/src/main/java/org/bouncycastle/asn1/x509/V2Form.java deleted file mode 100644 index 6a229dd..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/V2Form.java +++ /dev/null @@ -1,130 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; - -public class V2Form - extends ASN1Encodable -{ - GeneralNames issuerName; - IssuerSerial baseCertificateID; - ObjectDigestInfo objectDigestInfo; - - public static V2Form getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static V2Form getInstance( - Object obj) - { - if (obj == null || obj instanceof V2Form) - { - return (V2Form)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new V2Form((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public V2Form( - GeneralNames issuerName) - { - this.issuerName = issuerName; - } - - public V2Form( - ASN1Sequence seq) - { - if (seq.size() > 3) - { - throw new IllegalArgumentException("Bad sequence size: " + seq.size()); - } - - int index = 0; - - if (!(seq.getObjectAt(0) instanceof ASN1TaggedObject)) - { - index++; - this.issuerName = GeneralNames.getInstance(seq.getObjectAt(0)); - } - - for (int i = index; i != seq.size(); i++) - { - ASN1TaggedObject o = ASN1TaggedObject.getInstance(seq.getObjectAt(i)); - if (o.getTagNo() == 0) - { - baseCertificateID = IssuerSerial.getInstance(o, false); - } - else if (o.getTagNo() == 1) - { - objectDigestInfo = ObjectDigestInfo.getInstance(o, false); - } - else - { - throw new IllegalArgumentException("Bad tag number: " - + o.getTagNo()); - } - } - } - - public GeneralNames getIssuerName() - { - return issuerName; - } - - public IssuerSerial getBaseCertificateID() - { - return baseCertificateID; - } - - public ObjectDigestInfo getObjectDigestInfo() - { - return objectDigestInfo; - } - - /** - * Produce an object suitable for an ASN1OutputStream. - * <pre> - * V2Form ::= SEQUENCE { - * issuerName GeneralNames OPTIONAL, - * baseCertificateID [0] IssuerSerial OPTIONAL, - * objectDigestInfo [1] ObjectDigestInfo OPTIONAL - * -- issuerName MUST be present in this profile - * -- baseCertificateID and objectDigestInfo MUST NOT - * -- be present in this profile - * } - * </pre> - */ - public DERObject toASN1Object() - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - if (issuerName != null) - { - v.add(issuerName); - } - - if (baseCertificateID != null) - { - v.add(new DERTaggedObject(false, 0, baseCertificateID)); - } - - if (objectDigestInfo != null) - { - v.add(new DERTaggedObject(false, 1, objectDigestInfo)); - } - - return new DERSequence(v); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/V2TBSCertListGenerator.java b/luni/src/main/java/org/bouncycastle/asn1/x509/V2TBSCertListGenerator.java deleted file mode 100644 index f50a3b8..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/V2TBSCertListGenerator.java +++ /dev/null @@ -1,213 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import java.io.IOException; -import java.util.Enumeration; -import java.util.Vector; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.DERUTCTime; - -/** - * Generator for Version 2 TBSCertList structures. - * <pre> - * TBSCertList ::= SEQUENCE { - * version Version OPTIONAL, - * -- if present, shall be v2 - * signature AlgorithmIdentifier, - * issuer Name, - * thisUpdate Time, - * nextUpdate Time OPTIONAL, - * revokedCertificates SEQUENCE OF SEQUENCE { - * userCertificate CertificateSerialNumber, - * revocationDate Time, - * crlEntryExtensions Extensions OPTIONAL - * -- if present, shall be v2 - * } OPTIONAL, - * crlExtensions [0] EXPLICIT Extensions OPTIONAL - * -- if present, shall be v2 - * } - * </pre> - * - * <b>Note: This class may be subject to change</b> - */ -public class V2TBSCertListGenerator -{ - DERInteger version = new DERInteger(1); - - AlgorithmIdentifier signature; - X509Name issuer; - Time thisUpdate, nextUpdate=null; - X509Extensions extensions=null; - private Vector crlentries=null; - - public V2TBSCertListGenerator() - { - } - - - public void setSignature( - AlgorithmIdentifier signature) - { - this.signature = signature; - } - - public void setIssuer( - X509Name issuer) - { - this.issuer = issuer; - } - - public void setThisUpdate( - DERUTCTime thisUpdate) - { - this.thisUpdate = new Time(thisUpdate); - } - - public void setNextUpdate( - DERUTCTime nextUpdate) - { - this.nextUpdate = new Time(nextUpdate); - } - - public void setThisUpdate( - Time thisUpdate) - { - this.thisUpdate = thisUpdate; - } - - public void setNextUpdate( - Time nextUpdate) - { - this.nextUpdate = nextUpdate; - } - - public void addCRLEntry( - ASN1Sequence crlEntry) - { - if (crlentries == null) - { - crlentries = new Vector(); - } - - crlentries.addElement(crlEntry); - } - - public void addCRLEntry(DERInteger userCertificate, DERUTCTime revocationDate, int reason) - { - addCRLEntry(userCertificate, new Time(revocationDate), reason); - } - - public void addCRLEntry(DERInteger userCertificate, Time revocationDate, int reason) - { - addCRLEntry(userCertificate, revocationDate, reason, null); - } - - public void addCRLEntry(DERInteger userCertificate, Time revocationDate, int reason, DERGeneralizedTime invalidityDate) - { - Vector extOids = new Vector(); - Vector extValues = new Vector(); - - if (reason != 0) - { - CRLReason crlReason = new CRLReason(reason); - - try - { - extOids.addElement(X509Extensions.ReasonCode); - extValues.addElement(new X509Extension(false, new DEROctetString(crlReason.getEncoded()))); - } - catch (IOException e) - { - throw new IllegalArgumentException("error encoding reason: " + e); - } - } - - if (invalidityDate != null) - { - try - { - extOids.addElement(X509Extensions.InvalidityDate); - extValues.addElement(new X509Extension(false, new DEROctetString(invalidityDate.getEncoded()))); - } - catch (IOException e) - { - throw new IllegalArgumentException("error encoding invalidityDate: " + e); - } - } - - if (extOids.size() != 0) - { - addCRLEntry(userCertificate, revocationDate, new X509Extensions(extOids, extValues)); - } - else - { - addCRLEntry(userCertificate, revocationDate, null); - } - } - - public void addCRLEntry(DERInteger userCertificate, Time revocationDate, X509Extensions extensions) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(userCertificate); - v.add(revocationDate); - - if (extensions != null) - { - v.add(extensions); - } - - addCRLEntry(new DERSequence(v)); - } - - public void setExtensions( - X509Extensions extensions) - { - this.extensions = extensions; - } - - public TBSCertList generateTBSCertList() - { - if ((signature == null) || (issuer == null) || (thisUpdate == null)) - { - throw new IllegalStateException("Not all mandatory fields set in V2 TBSCertList generator."); - } - - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(version); - v.add(signature); - v.add(issuer); - - v.add(thisUpdate); - if (nextUpdate != null) - { - v.add(nextUpdate); - } - - // Add CRLEntries if they exist - if (crlentries != null) - { - ASN1EncodableVector certs = new ASN1EncodableVector(); - Enumeration it = crlentries.elements(); - while(it.hasMoreElements()) - { - certs.add((ASN1Sequence)it.nextElement()); - } - v.add(new DERSequence(certs)); - } - - if (extensions != null) - { - v.add(new DERTaggedObject(0, extensions)); - } - - return new TBSCertList(new DERSequence(v)); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/V3TBSCertificateGenerator.java b/luni/src/main/java/org/bouncycastle/asn1/x509/V3TBSCertificateGenerator.java deleted file mode 100644 index 149d680..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/V3TBSCertificateGenerator.java +++ /dev/null @@ -1,140 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERTaggedObject; -import org.bouncycastle.asn1.DERUTCTime; - -/** - * Generator for Version 3 TBSCertificateStructures. - * <pre> - * TBSCertificate ::= SEQUENCE { - * version [ 0 ] Version DEFAULT v1(0), - * serialNumber CertificateSerialNumber, - * signature AlgorithmIdentifier, - * issuer Name, - * validity Validity, - * subject Name, - * subjectPublicKeyInfo SubjectPublicKeyInfo, - * issuerUniqueID [ 1 ] IMPLICIT UniqueIdentifier OPTIONAL, - * subjectUniqueID [ 2 ] IMPLICIT UniqueIdentifier OPTIONAL, - * extensions [ 3 ] Extensions OPTIONAL - * } - * </pre> - * - */ -public class V3TBSCertificateGenerator -{ - DERTaggedObject version = new DERTaggedObject(0, new DERInteger(2)); - - DERInteger serialNumber; - AlgorithmIdentifier signature; - X509Name issuer; - Time startDate, endDate; - X509Name subject; - SubjectPublicKeyInfo subjectPublicKeyInfo; - X509Extensions extensions; - - public V3TBSCertificateGenerator() - { - } - - public void setSerialNumber( - DERInteger serialNumber) - { - this.serialNumber = serialNumber; - } - - public void setSignature( - AlgorithmIdentifier signature) - { - this.signature = signature; - } - - public void setIssuer( - X509Name issuer) - { - this.issuer = issuer; - } - - public void setStartDate( - DERUTCTime startDate) - { - this.startDate = new Time(startDate); - } - - public void setStartDate( - Time startDate) - { - this.startDate = startDate; - } - - public void setEndDate( - DERUTCTime endDate) - { - this.endDate = new Time(endDate); - } - - public void setEndDate( - Time endDate) - { - this.endDate = endDate; - } - - public void setSubject( - X509Name subject) - { - this.subject = subject; - } - - public void setSubjectPublicKeyInfo( - SubjectPublicKeyInfo pubKeyInfo) - { - this.subjectPublicKeyInfo = pubKeyInfo; - } - - public void setExtensions( - X509Extensions extensions) - { - this.extensions = extensions; - } - - public TBSCertificateStructure generateTBSCertificate() - { - if ((serialNumber == null) || (signature == null) - || (issuer == null) || (startDate == null) || (endDate == null) - || (subject == null) || (subjectPublicKeyInfo == null)) - { - throw new IllegalStateException("not all mandatory fields set in V3 TBScertificate generator"); - } - - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(version); - v.add(serialNumber); - v.add(signature); - v.add(issuer); - - // - // before and after dates - // - ASN1EncodableVector validity = new ASN1EncodableVector(); - - validity.add(startDate); - validity.add(endDate); - - v.add(new DERSequence(validity)); - - v.add(subject); - - v.add(subjectPublicKeyInfo); - - if (extensions != null) - { - v.add(new DERTaggedObject(3, extensions)); - } - - return new TBSCertificateStructure(new DERSequence(v)); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/X509Attributes.java b/luni/src/main/java/org/bouncycastle/asn1/x509/X509Attributes.java deleted file mode 100644 index 8ea18fa..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/X509Attributes.java +++ /dev/null @@ -1,8 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.DERObjectIdentifier; - -public class X509Attributes -{ - public static final DERObjectIdentifier RoleSyntax = new DERObjectIdentifier("2.5.4.72"); -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/X509CertificateStructure.java b/luni/src/main/java/org/bouncycastle/asn1/x509/X509CertificateStructure.java deleted file mode 100644 index 599db32..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/X509CertificateStructure.java +++ /dev/null @@ -1,127 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; - -/** - * an X509Certificate structure. - * <pre> - * Certificate ::= SEQUENCE { - * tbsCertificate TBSCertificate, - * signatureAlgorithm AlgorithmIdentifier, - * signature BIT STRING - * } - * </pre> - */ -public class X509CertificateStructure - extends ASN1Encodable - implements X509ObjectIdentifiers, PKCSObjectIdentifiers -{ - ASN1Sequence seq; - TBSCertificateStructure tbsCert; - AlgorithmIdentifier sigAlgId; - DERBitString sig; - - public static X509CertificateStructure getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static X509CertificateStructure getInstance( - Object obj) - { - if (obj instanceof X509CertificateStructure) - { - return (X509CertificateStructure)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new X509CertificateStructure((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory"); - } - - public X509CertificateStructure( - ASN1Sequence seq) - { - this.seq = seq; - - // - // correct x509 certficate - // - if (seq.size() == 3) - { - tbsCert = TBSCertificateStructure.getInstance(seq.getObjectAt(0)); - sigAlgId = AlgorithmIdentifier.getInstance(seq.getObjectAt(1)); - - sig = DERBitString.getInstance(seq.getObjectAt(2)); - } - else - { - throw new IllegalArgumentException("sequence wrong size for a certificate"); - } - } - - public TBSCertificateStructure getTBSCertificate() - { - return tbsCert; - } - - public int getVersion() - { - return tbsCert.getVersion(); - } - - public DERInteger getSerialNumber() - { - return tbsCert.getSerialNumber(); - } - - public X509Name getIssuer() - { - return tbsCert.getIssuer(); - } - - public Time getStartDate() - { - return tbsCert.getStartDate(); - } - - public Time getEndDate() - { - return tbsCert.getEndDate(); - } - - public X509Name getSubject() - { - return tbsCert.getSubject(); - } - - public SubjectPublicKeyInfo getSubjectPublicKeyInfo() - { - return tbsCert.getSubjectPublicKeyInfo(); - } - - public AlgorithmIdentifier getSignatureAlgorithm() - { - return sigAlgId; - } - - public DERBitString getSignature() - { - return sig; - } - - public DERObject toASN1Object() - { - return seq; - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/X509DefaultEntryConverter.java b/luni/src/main/java/org/bouncycastle/asn1/x509/X509DefaultEntryConverter.java deleted file mode 100644 index a9402b6..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/X509DefaultEntryConverter.java +++ /dev/null @@ -1,52 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import java.io.IOException; - -import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERUTF8String; - -/** - * The default converter for X509 DN entries when going from their - * string value to ASN.1 strings. - */ -public class X509DefaultEntryConverter - extends X509NameEntryConverter -{ - /** - * Apply default coversion for the given value depending on the oid - * and the character range of the value. - * - * @param oid the object identifier for the DN entry - * @param value the value associated with it - * @return the ASN.1 equivalent for the string value. - */ - public DERObject getConvertedValue( - DERObjectIdentifier oid, - String value) - { - if (value.length() != 0 && value.charAt(0) == '#') - { - try - { - return convertHexEncoded(value, 1); - } - catch (IOException e) - { - throw new RuntimeException("can't recode value for oid " + oid.getId()); - } - } - else if (oid.equals(X509Name.EmailAddress) || oid.equals(X509Name.DC)) - { - return new DERIA5String(value); - } - else if (oid.equals(X509Name.DATE_OF_BIRTH)) - { - return new DERGeneralizedTime(value); - } - - return new DERUTF8String(value); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/X509Extension.java b/luni/src/main/java/org/bouncycastle/asn1/x509/X509Extension.java deleted file mode 100644 index 19ff3f3..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/X509Extension.java +++ /dev/null @@ -1,64 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.DERBoolean; - -/** - * an object for the elements in the X.509 V3 extension block. - */ -public class X509Extension -{ - boolean critical; - ASN1OctetString value; - - public X509Extension( - DERBoolean critical, - ASN1OctetString value) - { - this.critical = critical.isTrue(); - this.value = value; - } - - public X509Extension( - boolean critical, - ASN1OctetString value) - { - this.critical = critical; - this.value = value; - } - - public boolean isCritical() - { - return critical; - } - - public ASN1OctetString getValue() - { - return value; - } - - public int hashCode() - { - if (this.isCritical()) - { - return this.getValue().hashCode(); - } - - - return ~this.getValue().hashCode(); - } - - public boolean equals( - Object o) - { - if (!(o instanceof X509Extension)) - { - return false; - } - - X509Extension other = (X509Extension)o; - - return other.getValue().equals(this.getValue()) - && (other.isCritical() == this.isCritical()); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/X509Extensions.java b/luni/src/main/java/org/bouncycastle/asn1/x509/X509Extensions.java deleted file mode 100644 index be1409b..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/X509Extensions.java +++ /dev/null @@ -1,403 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import java.util.Enumeration; -import java.util.Hashtable; -import java.util.Vector; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERBoolean; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; -// BEGIN android-added -import org.bouncycastle.asn1.OrderedTable; -// END android-added - -public class X509Extensions - extends ASN1Encodable -{ - /** - * Subject Directory Attributes - */ - public static final DERObjectIdentifier SubjectDirectoryAttributes = new DERObjectIdentifier("2.5.29.9"); - - /** - * Subject Key Identifier - */ - public static final DERObjectIdentifier SubjectKeyIdentifier = new DERObjectIdentifier("2.5.29.14"); - - /** - * Key Usage - */ - public static final DERObjectIdentifier KeyUsage = new DERObjectIdentifier("2.5.29.15"); - - /** - * Private Key Usage Period - */ - public static final DERObjectIdentifier PrivateKeyUsagePeriod = new DERObjectIdentifier("2.5.29.16"); - - /** - * Subject Alternative Name - */ - public static final DERObjectIdentifier SubjectAlternativeName = new DERObjectIdentifier("2.5.29.17"); - - /** - * Issuer Alternative Name - */ - public static final DERObjectIdentifier IssuerAlternativeName = new DERObjectIdentifier("2.5.29.18"); - - /** - * Basic Constraints - */ - public static final DERObjectIdentifier BasicConstraints = new DERObjectIdentifier("2.5.29.19"); - - /** - * CRL Number - */ - public static final DERObjectIdentifier CRLNumber = new DERObjectIdentifier("2.5.29.20"); - - /** - * Reason code - */ - public static final DERObjectIdentifier ReasonCode = new DERObjectIdentifier("2.5.29.21"); - - /** - * Hold Instruction Code - */ - public static final DERObjectIdentifier InstructionCode = new DERObjectIdentifier("2.5.29.23"); - - /** - * Invalidity Date - */ - public static final DERObjectIdentifier InvalidityDate = new DERObjectIdentifier("2.5.29.24"); - - /** - * Delta CRL indicator - */ - public static final DERObjectIdentifier DeltaCRLIndicator = new DERObjectIdentifier("2.5.29.27"); - - /** - * Issuing Distribution Point - */ - public static final DERObjectIdentifier IssuingDistributionPoint = new DERObjectIdentifier("2.5.29.28"); - - /** - * Certificate Issuer - */ - public static final DERObjectIdentifier CertificateIssuer = new DERObjectIdentifier("2.5.29.29"); - - /** - * Name Constraints - */ - public static final DERObjectIdentifier NameConstraints = new DERObjectIdentifier("2.5.29.30"); - - /** - * CRL Distribution Points - */ - public static final DERObjectIdentifier CRLDistributionPoints = new DERObjectIdentifier("2.5.29.31"); - - /** - * Certificate Policies - */ - public static final DERObjectIdentifier CertificatePolicies = new DERObjectIdentifier("2.5.29.32"); - - /** - * Policy Mappings - */ - public static final DERObjectIdentifier PolicyMappings = new DERObjectIdentifier("2.5.29.33"); - - /** - * Authority Key Identifier - */ - public static final DERObjectIdentifier AuthorityKeyIdentifier = new DERObjectIdentifier("2.5.29.35"); - - /** - * Policy Constraints - */ - public static final DERObjectIdentifier PolicyConstraints = new DERObjectIdentifier("2.5.29.36"); - - /** - * Extended Key Usage - */ - public static final DERObjectIdentifier ExtendedKeyUsage = new DERObjectIdentifier("2.5.29.37"); - - /** - * Freshest CRL - */ - public static final DERObjectIdentifier FreshestCRL = new DERObjectIdentifier("2.5.29.46"); - - /** - * Inhibit Any Policy - */ - public static final DERObjectIdentifier InhibitAnyPolicy = new DERObjectIdentifier("2.5.29.54"); - - /** - * Authority Info Access - */ - public static final DERObjectIdentifier AuthorityInfoAccess = new DERObjectIdentifier("1.3.6.1.5.5.7.1.1"); - - /** - * Subject Info Access - */ - public static final DERObjectIdentifier SubjectInfoAccess = new DERObjectIdentifier("1.3.6.1.5.5.7.1.11"); - - /** - * BiometricInfo - */ - public static final DERObjectIdentifier BiometricInfo = new DERObjectIdentifier("1.3.6.1.5.5.7.1.2"); - - /** - * QCStatements - */ - public static final DERObjectIdentifier QCStatements = new DERObjectIdentifier("1.3.6.1.5.5.7.1.3"); - - // BEGIN android-changed - private OrderedTable table = new OrderedTable(); - // END android-changed - - public static X509Extensions getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static X509Extensions getInstance( - Object obj) - { - if (obj == null || obj instanceof X509Extensions) - { - return (X509Extensions)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new X509Extensions((ASN1Sequence)obj); - } - - if (obj instanceof ASN1TaggedObject) - { - return getInstance(((ASN1TaggedObject)obj).getObject()); - } - - throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName()); - } - - /** - * Constructor from ASN1Sequence. - * - * the extensions are a list of constructed sequences, either with (OID, OctetString) or (OID, Boolean, OctetString) - */ - public X509Extensions( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - while (e.hasMoreElements()) - { - ASN1Sequence s = ASN1Sequence.getInstance(e.nextElement()); - - // BEGIN android-changed - int sSize = s.size(); - DERObjectIdentifier key = (DERObjectIdentifier) s.getObjectAt(0); - Object value; - - if (sSize == 3) - { - value = new X509Extension(DERBoolean.getInstance(s.getObjectAt(1)), ASN1OctetString.getInstance(s.getObjectAt(2))); - } - else if (sSize == 2) - { - value = new X509Extension(false, ASN1OctetString.getInstance(s.getObjectAt(1))); - } - else - { - throw new IllegalArgumentException("Bad sequence size: " + sSize); - } - - table.add(key, value); - // END android-changed - } - } - - /** - * constructor from a table of extensions. - * <p> - * it's is assumed the table contains OID/String pairs. - */ - public X509Extensions( - Hashtable extensions) - { - this(null, extensions); - } - - /** - * Constructor from a table of extensions with ordering. - * <p> - * It's is assumed the table contains OID/String pairs. - */ - public X509Extensions( - Vector ordering, - Hashtable extensions) - { - Enumeration e; - - if (ordering == null) - { - e = extensions.keys(); - } - else - { - e = ordering.elements(); - } - - // BEGIN android-changed - while (e.hasMoreElements()) - { - DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); - X509Extension ext = (X509Extension)extensions.get(oid); - table.add(oid, ext); - } - // END android-changed - } - - /** - * Constructor from two vectors - * - * @param objectIDs a vector of the object identifiers. - * @param values a vector of the extension values. - */ - public X509Extensions( - Vector objectIDs, - Vector values) - { - Enumeration e = objectIDs.elements(); - - // BEGIN android-changed - int count = 0; - - while (e.hasMoreElements()) - { - DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); - X509Extension ext = (X509Extension)values.elementAt(count); - - table.add(oid, ext); - count++; - } - // END android-changed - } - - /** - * return an Enumeration of the extension field's object ids. - */ - public Enumeration oids() - { - // BEGIN android-changed - return table.getKeys(); - // END android-changed - } - - /** - * return the extension represented by the object identifier - * passed in. - * - * @return the extension if it's present, null otherwise. - */ - public X509Extension getExtension( - DERObjectIdentifier oid) - { - // BEGIN android-changed - return (X509Extension)table.get(oid); - // END android-changed - } - - /** - * <pre> - * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension - * - * Extension ::= SEQUENCE { - * extnId EXTENSION.&id ({ExtensionSet}), - * critical BOOLEAN DEFAULT FALSE, - * extnValue OCTET STRING } - * </pre> - */ - public DERObject toASN1Object() - { - // BEGIN android-changed - int size = table.size(); - ASN1EncodableVector vec = new ASN1EncodableVector(); - - for (int i = 0; i < size; i++) { - DERObjectIdentifier oid = table.getKey(i); - X509Extension ext = (X509Extension)table.getValue(i); - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(oid); - - if (ext.isCritical()) - { - v.add(DERBoolean.TRUE); - } - - v.add(ext.getValue()); - - vec.add(new DERSequence(v)); - } - // END android-changed - - return new DERSequence(vec); - } - - public int hashCode() - { - // BEGIN android-changed - int size = table.size(); - int hashCode = 0; - - for (int i = 0; i < size; i++) { - hashCode ^= table.getKey(i).hashCode(); - hashCode ^= table.getValue(i).hashCode(); - } - // END android-changed - - return hashCode; - } - - public boolean equals( - Object o) - { - if (!(o instanceof X509Extensions)) - { - return false; - } - - X509Extensions other = (X509Extensions)o; - - // BEGIN android-changed - Enumeration e1 = table.getKeys(); - Enumeration e2 = other.table.getKeys(); - // END android-changed - - while (e1.hasMoreElements() && e2.hasMoreElements()) - { - Object o1 = e1.nextElement(); - Object o2 = e2.nextElement(); - - if (!o1.equals(o2)) - { - return false; - } - } - - if (e1.hasMoreElements() || e2.hasMoreElements()) - { - return false; - } - - return true; - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/X509Name.java b/luni/src/main/java/org/bouncycastle/asn1/x509/X509Name.java deleted file mode 100644 index 50b1a60..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/X509Name.java +++ /dev/null @@ -1,1153 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import java.util.Enumeration; -import java.util.Hashtable; -import java.util.Vector; - -import org.bouncycastle.asn1.*; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.util.encoders.Hex; -import org.bouncycastle.util.Strings; - -/** - * <pre> - * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName - * - * RelativeDistinguishedName ::= SET SIZE (1..MAX) OF AttributeTypeAndValue - * - * AttributeTypeAndValue ::= SEQUENCE { - * type OBJECT IDENTIFIER, - * value ANY } - * </pre> - */ -public class X509Name - extends ASN1Encodable -{ - /** - * country code - StringType(SIZE(2)) - */ - public static final DERObjectIdentifier C = new DERObjectIdentifier("2.5.4.6"); - - /** - * organization - StringType(SIZE(1..64)) - */ - public static final DERObjectIdentifier O = new DERObjectIdentifier("2.5.4.10"); - - /** - * organizational unit name - StringType(SIZE(1..64)) - */ - public static final DERObjectIdentifier OU = new DERObjectIdentifier("2.5.4.11"); - - /** - * Title - */ - public static final DERObjectIdentifier T = new DERObjectIdentifier("2.5.4.12"); - - /** - * common name - StringType(SIZE(1..64)) - */ - public static final DERObjectIdentifier CN = new DERObjectIdentifier("2.5.4.3"); - - /** - * device serial number name - StringType(SIZE(1..64)) - */ - public static final DERObjectIdentifier SN = new DERObjectIdentifier("2.5.4.5"); - - /** - * street - StringType(SIZE(1..64)) - */ - public static final DERObjectIdentifier STREET = new DERObjectIdentifier("2.5.4.9"); - - /** - * device serial number name - StringType(SIZE(1..64)) - */ - public static final DERObjectIdentifier SERIALNUMBER = SN; - - /** - * locality name - StringType(SIZE(1..64)) - */ - public static final DERObjectIdentifier L = new DERObjectIdentifier("2.5.4.7"); - - /** - * state, or province name - StringType(SIZE(1..64)) - */ - public static final DERObjectIdentifier ST = new DERObjectIdentifier("2.5.4.8"); - - /** - * Naming attributes of type X520name - */ - public static final DERObjectIdentifier SURNAME = new DERObjectIdentifier("2.5.4.4"); - public static final DERObjectIdentifier GIVENNAME = new DERObjectIdentifier("2.5.4.42"); - public static final DERObjectIdentifier INITIALS = new DERObjectIdentifier("2.5.4.43"); - public static final DERObjectIdentifier GENERATION = new DERObjectIdentifier("2.5.4.44"); - public static final DERObjectIdentifier UNIQUE_IDENTIFIER = new DERObjectIdentifier("2.5.4.45"); - - /** - * businessCategory - DirectoryString(SIZE(1..128) - */ - public static final DERObjectIdentifier BUSINESS_CATEGORY = new DERObjectIdentifier( - "2.5.4.15"); - - /** - * postalCode - DirectoryString(SIZE(1..40) - */ - public static final DERObjectIdentifier POSTAL_CODE = new DERObjectIdentifier( - "2.5.4.17"); - - /** - * dnQualifier - DirectoryString(SIZE(1..64) - */ - public static final DERObjectIdentifier DN_QUALIFIER = new DERObjectIdentifier( - "2.5.4.46"); - - /** - * RFC 3039 Pseudonym - DirectoryString(SIZE(1..64) - */ - public static final DERObjectIdentifier PSEUDONYM = new DERObjectIdentifier( - "2.5.4.65"); - - - /** - * RFC 3039 DateOfBirth - GeneralizedTime - YYYYMMDD000000Z - */ - public static final DERObjectIdentifier DATE_OF_BIRTH = new DERObjectIdentifier( - "1.3.6.1.5.5.7.9.1"); - - /** - * RFC 3039 PlaceOfBirth - DirectoryString(SIZE(1..128) - */ - public static final DERObjectIdentifier PLACE_OF_BIRTH = new DERObjectIdentifier( - "1.3.6.1.5.5.7.9.2"); - - /** - * RFC 3039 Gender - PrintableString (SIZE(1)) -- "M", "F", "m" or "f" - */ - public static final DERObjectIdentifier GENDER = new DERObjectIdentifier( - "1.3.6.1.5.5.7.9.3"); - - /** - * RFC 3039 CountryOfCitizenship - PrintableString (SIZE (2)) -- ISO 3166 - * codes only - */ - public static final DERObjectIdentifier COUNTRY_OF_CITIZENSHIP = new DERObjectIdentifier( - "1.3.6.1.5.5.7.9.4"); - - /** - * RFC 3039 CountryOfResidence - PrintableString (SIZE (2)) -- ISO 3166 - * codes only - */ - public static final DERObjectIdentifier COUNTRY_OF_RESIDENCE = new DERObjectIdentifier( - "1.3.6.1.5.5.7.9.5"); - - - /** - * ISIS-MTT NameAtBirth - DirectoryString(SIZE(1..64) - */ - public static final DERObjectIdentifier NAME_AT_BIRTH = new DERObjectIdentifier("1.3.36.8.3.14"); - - /** - * RFC 3039 PostalAddress - SEQUENCE SIZE (1..6) OF - * DirectoryString(SIZE(1..30)) - */ - public static final DERObjectIdentifier POSTAL_ADDRESS = new DERObjectIdentifier( - "2.5.4.16"); - - /** - * Email address (RSA PKCS#9 extension) - IA5String. - * <p>Note: if you're trying to be ultra orthodox, don't use this! It shouldn't be in here. - */ - public static final DERObjectIdentifier EmailAddress = PKCSObjectIdentifiers.pkcs_9_at_emailAddress; - - /** - * more from PKCS#9 - */ - public static final DERObjectIdentifier UnstructuredName = PKCSObjectIdentifiers.pkcs_9_at_unstructuredName; - public static final DERObjectIdentifier UnstructuredAddress = PKCSObjectIdentifiers.pkcs_9_at_unstructuredAddress; - - /** - * email address in Verisign certificates - */ - public static final DERObjectIdentifier E = EmailAddress; - - /* - * others... - */ - public static final DERObjectIdentifier DC = new DERObjectIdentifier("0.9.2342.19200300.100.1.25"); - - /** - * LDAP User id. - */ - public static final DERObjectIdentifier UID = new DERObjectIdentifier("0.9.2342.19200300.100.1.1"); - - /** - * look up table translating OID values into their common symbols - this static is scheduled for deletion - */ - public static Hashtable OIDLookUp = new Hashtable(); - - /** - * determines whether or not strings should be processed and printed - * from back to front. - */ - public static boolean DefaultReverse = false; - - /** - * default look up table translating OID values into their common symbols following - * the convention in RFC 2253 with a few extras - */ - public static Hashtable DefaultSymbols = OIDLookUp; - - /** - * look up table translating OID values into their common symbols following the convention in RFC 2253 - * - */ - public static Hashtable RFC2253Symbols = new Hashtable(); - - /** - * look up table translating OID values into their common symbols following the convention in RFC 1779 - * - */ - public static Hashtable RFC1779Symbols = new Hashtable(); - - /** - * look up table translating string values into their OIDS - - * this static is scheduled for deletion - */ - public static Hashtable SymbolLookUp = new Hashtable(); - - /** - * look up table translating common symbols into their OIDS. - */ - public static Hashtable DefaultLookUp = SymbolLookUp; - - // BEGIN android-removed - //private static final Boolean TRUE = new Boolean(true); // for J2ME compatibility - //private static final Boolean FALSE = new Boolean(false); - // END android-removed - - static - { - DefaultSymbols.put(C, "C"); - DefaultSymbols.put(O, "O"); - DefaultSymbols.put(T, "T"); - DefaultSymbols.put(OU, "OU"); - DefaultSymbols.put(CN, "CN"); - DefaultSymbols.put(L, "L"); - DefaultSymbols.put(ST, "ST"); - DefaultSymbols.put(SN, "SN"); - DefaultSymbols.put(EmailAddress, "E"); - DefaultSymbols.put(DC, "DC"); - DefaultSymbols.put(UID, "UID"); - DefaultSymbols.put(STREET, "STREET"); - DefaultSymbols.put(SURNAME, "SURNAME"); - DefaultSymbols.put(GIVENNAME, "GIVENNAME"); - DefaultSymbols.put(INITIALS, "INITIALS"); - DefaultSymbols.put(GENERATION, "GENERATION"); - DefaultSymbols.put(UnstructuredAddress, "unstructuredAddress"); - DefaultSymbols.put(UnstructuredName, "unstructuredName"); - DefaultSymbols.put(UNIQUE_IDENTIFIER, "UniqueIdentifier"); - DefaultSymbols.put(DN_QUALIFIER, "DN"); - DefaultSymbols.put(PSEUDONYM, "Pseudonym"); - DefaultSymbols.put(POSTAL_ADDRESS, "PostalAddress"); - DefaultSymbols.put(NAME_AT_BIRTH, "NameAtBirth"); - DefaultSymbols.put(COUNTRY_OF_CITIZENSHIP, "CountryOfCitizenship"); - DefaultSymbols.put(COUNTRY_OF_RESIDENCE, "CountryOfResidence"); - DefaultSymbols.put(GENDER, "Gender"); - DefaultSymbols.put(PLACE_OF_BIRTH, "PlaceOfBirth"); - DefaultSymbols.put(DATE_OF_BIRTH, "DateOfBirth"); - DefaultSymbols.put(POSTAL_CODE, "PostalCode"); - DefaultSymbols.put(BUSINESS_CATEGORY, "BusinessCategory"); - - RFC2253Symbols.put(C, "C"); - RFC2253Symbols.put(O, "O"); - RFC2253Symbols.put(OU, "OU"); - RFC2253Symbols.put(CN, "CN"); - RFC2253Symbols.put(L, "L"); - RFC2253Symbols.put(ST, "ST"); - RFC2253Symbols.put(STREET, "STREET"); - RFC2253Symbols.put(DC, "DC"); - RFC2253Symbols.put(UID, "UID"); - - RFC1779Symbols.put(C, "C"); - RFC1779Symbols.put(O, "O"); - RFC1779Symbols.put(OU, "OU"); - RFC1779Symbols.put(CN, "CN"); - RFC1779Symbols.put(L, "L"); - RFC1779Symbols.put(ST, "ST"); - RFC1779Symbols.put(STREET, "STREET"); - - DefaultLookUp.put("c", C); - DefaultLookUp.put("o", O); - DefaultLookUp.put("t", T); - DefaultLookUp.put("ou", OU); - DefaultLookUp.put("cn", CN); - DefaultLookUp.put("l", L); - DefaultLookUp.put("st", ST); - DefaultLookUp.put("sn", SN); - DefaultLookUp.put("serialnumber", SN); - DefaultLookUp.put("street", STREET); - DefaultLookUp.put("emailaddress", E); - DefaultLookUp.put("dc", DC); - DefaultLookUp.put("e", E); - DefaultLookUp.put("uid", UID); - DefaultLookUp.put("surname", SURNAME); - DefaultLookUp.put("givenname", GIVENNAME); - DefaultLookUp.put("initials", INITIALS); - DefaultLookUp.put("generation", GENERATION); - DefaultLookUp.put("unstructuredaddress", UnstructuredAddress); - DefaultLookUp.put("unstructuredname", UnstructuredName); - DefaultLookUp.put("uniqueidentifier", UNIQUE_IDENTIFIER); - DefaultLookUp.put("dn", DN_QUALIFIER); - DefaultLookUp.put("pseudonym", PSEUDONYM); - DefaultLookUp.put("postaladdress", POSTAL_ADDRESS); - DefaultLookUp.put("nameofbirth", NAME_AT_BIRTH); - DefaultLookUp.put("countryofcitizenship", COUNTRY_OF_CITIZENSHIP); - DefaultLookUp.put("countryofresidence", COUNTRY_OF_RESIDENCE); - DefaultLookUp.put("gender", GENDER); - DefaultLookUp.put("placeofbirth", PLACE_OF_BIRTH); - DefaultLookUp.put("dateofbirth", DATE_OF_BIRTH); - DefaultLookUp.put("postalcode", POSTAL_CODE); - DefaultLookUp.put("businesscategory", BUSINESS_CATEGORY); - } - - private X509NameEntryConverter converter = null; - // BEGIN android-changed - private X509NameElementList elems = new X509NameElementList(); - // END android-changed - - private ASN1Sequence seq; - - /** - * Return a X509Name based on the passed in tagged object. - * - * @param obj tag object holding name. - * @param explicit true if explicitly tagged false otherwise. - * @return the X509Name - */ - public static X509Name getInstance( - ASN1TaggedObject obj, - boolean explicit) - { - return getInstance(ASN1Sequence.getInstance(obj, explicit)); - } - - public static X509Name getInstance( - Object obj) - { - if (obj == null || obj instanceof X509Name) - { - return (X509Name)obj; - } - else if (obj instanceof ASN1Sequence) - { - return new X509Name((ASN1Sequence)obj); - } - - throw new IllegalArgumentException("unknown object in factory \"" + obj.getClass().getName()+"\""); - } - - /** - * Constructor from ASN1Sequence - * - * the principal will be a list of constructed sets, each containing an (OID, String) pair. - */ - public X509Name( - ASN1Sequence seq) - { - this.seq = seq; - - Enumeration e = seq.getObjects(); - - while (e.hasMoreElements()) - { - ASN1Set set = (ASN1Set)e.nextElement(); - - for (int i = 0; i < set.size(); i++) - { - // BEGIN android-changed - ASN1Sequence s = (ASN1Sequence)set.getObjectAt(i); - - DERObjectIdentifier key = - (DERObjectIdentifier) s.getObjectAt(0); - DEREncodable value = s.getObjectAt(1); - String valueStr; - - if (value instanceof DERString) - { - valueStr = ((DERString)value).getString(); - } - else - { - valueStr = "#" + bytesToString(Hex.encode(value.getDERObject().getDEREncoded())); - } - - /* - * The added flag set to (i != 0), to allow earlier JDK - * compatibility. - */ - elems.add(key, valueStr, i != 0); - // END android-changed - } - } - } - - /** - * constructor from a table of attributes. - * <p> - * it's is assumed the table contains OID/String pairs, and the contents - * of the table are copied into an internal table as part of the - * construction process. - * <p> - * <b>Note:</b> if the name you are trying to generate should be - * following a specific ordering, you should use the constructor - * with the ordering specified below. - */ - public X509Name( - Hashtable attributes) - { - this(null, attributes); - } - - /** - * Constructor from a table of attributes with ordering. - * <p> - * it's is assumed the table contains OID/String pairs, and the contents - * of the table are copied into an internal table as part of the - * construction process. The ordering vector should contain the OIDs - * in the order they are meant to be encoded or printed in toString. - */ - public X509Name( - Vector ordering, - Hashtable attributes) - { - this(ordering, attributes, new X509DefaultEntryConverter()); - } - - /** - * Constructor from a table of attributes with ordering. - * <p> - * it's is assumed the table contains OID/String pairs, and the contents - * of the table are copied into an internal table as part of the - * construction process. The ordering vector should contain the OIDs - * in the order they are meant to be encoded or printed in toString. - * <p> - * The passed in converter will be used to convert the strings into their - * ASN.1 counterparts. - */ - public X509Name( - Vector ordering, - Hashtable attributes, - X509DefaultEntryConverter converter) - { - // BEGIN android-changed - DERObjectIdentifier problem = null; - this.converter = converter; - - if (ordering != null) - { - for (int i = 0; i != ordering.size(); i++) - { - DERObjectIdentifier key = - (DERObjectIdentifier) ordering.elementAt(i); - String value = (String) attributes.get(key); - if (value == null) - { - problem = key; - break; - } - elems.add(key, value); - } - } - else - { - Enumeration e = attributes.keys(); - - while (e.hasMoreElements()) - { - DERObjectIdentifier key = - (DERObjectIdentifier) e.nextElement(); - String value = (String) attributes.get(key); - if (value == null) - { - problem = key; - break; - } - elems.add(key, value); - } - } - - if (problem != null) - { - throw new IllegalArgumentException("No attribute for object id - " + problem.getId() + " - passed to distinguished name"); - } - // END android-changed - } - - /** - * Takes two vectors one of the oids and the other of the values. - */ - public X509Name( - Vector oids, - Vector values) - { - this(oids, values, new X509DefaultEntryConverter()); - } - - /** - * Takes two vectors one of the oids and the other of the values. - * <p> - * The passed in converter will be used to convert the strings into their - * ASN.1 counterparts. - */ - public X509Name( - Vector oids, - Vector values, - X509NameEntryConverter converter) - { - this.converter = converter; - - if (oids.size() != values.size()) - { - throw new IllegalArgumentException("oids vector must be same length as values."); - } - - for (int i = 0; i < oids.size(); i++) - { - // BEGIN android-changed - elems.add((DERObjectIdentifier) oids.elementAt(i), - (String) values.elementAt(i)); - // END android-changed - } - } - - /** - * Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or - * some such, converting it into an ordered set of name attributes. - */ - public X509Name( - String dirName) - { - this(DefaultReverse, DefaultLookUp, dirName); - } - - /** - * Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or - * some such, converting it into an ordered set of name attributes with each - * string value being converted to its associated ASN.1 type using the passed - * in converter. - */ - public X509Name( - String dirName, - X509NameEntryConverter converter) - { - this(DefaultReverse, DefaultLookUp, dirName, converter); - } - - /** - * Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or - * some such, converting it into an ordered set of name attributes. If reverse - * is true, create the encoded version of the sequence starting from the - * last element in the string. - */ - public X509Name( - boolean reverse, - String dirName) - { - this(reverse, DefaultLookUp, dirName); - } - - /** - * Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or - * some such, converting it into an ordered set of name attributes with each - * string value being converted to its associated ASN.1 type using the passed - * in converter. If reverse is true the ASN.1 sequence representing the DN will - * be built by starting at the end of the string, rather than the start. - */ - public X509Name( - boolean reverse, - String dirName, - X509NameEntryConverter converter) - { - this(reverse, DefaultLookUp, dirName, converter); - } - - /** - * Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or - * some such, converting it into an ordered set of name attributes. lookUp - * should provide a table of lookups, indexed by lowercase only strings and - * yielding a DERObjectIdentifier, other than that OID. and numeric oids - * will be processed automatically. - * <br> - * If reverse is true, create the encoded version of the sequence - * starting from the last element in the string. - * @param reverse true if we should start scanning from the end (RFC 2553). - * @param lookUp table of names and their oids. - * @param dirName the X.500 string to be parsed. - */ - public X509Name( - boolean reverse, - Hashtable lookUp, - String dirName) - { - this(reverse, lookUp, dirName, new X509DefaultEntryConverter()); - } - - private DERObjectIdentifier decodeOID( - String name, - Hashtable lookUp) - { - if (Strings.toUpperCase(name).startsWith("OID.")) - { - return new DERObjectIdentifier(name.substring(4)); - } - else if (name.charAt(0) >= '0' && name.charAt(0) <= '9') - { - return new DERObjectIdentifier(name); - } - - DERObjectIdentifier oid = (DERObjectIdentifier)lookUp.get(Strings.toLowerCase(name)); - if (oid == null) - { - throw new IllegalArgumentException("Unknown object id - " + name + " - passed to distinguished name"); - } - - return oid; - } - - /** - * Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or - * some such, converting it into an ordered set of name attributes. lookUp - * should provide a table of lookups, indexed by lowercase only strings and - * yielding a DERObjectIdentifier, other than that OID. and numeric oids - * will be processed automatically. The passed in converter is used to convert the - * string values to the right of each equals sign to their ASN.1 counterparts. - * <br> - * @param reverse true if we should start scanning from the end, false otherwise. - * @param lookUp table of names and oids. - * @param dirName the string dirName - * @param converter the converter to convert string values into their ASN.1 equivalents - */ - public X509Name( - boolean reverse, - Hashtable lookUp, - String dirName, - X509NameEntryConverter converter) - { - this.converter = converter; - X509NameTokenizer nTok = new X509NameTokenizer(dirName); - - while (nTok.hasMoreTokens()) - { - String token = nTok.nextToken(); - int index = token.indexOf('='); - - if (index == -1) - { - throw new IllegalArgumentException("badly formatted directory string"); - } - - String name = token.substring(0, index); - String value = token.substring(index + 1); - DERObjectIdentifier oid = decodeOID(name, lookUp); - - if (value.indexOf('+') > 0) - { - X509NameTokenizer vTok = new X509NameTokenizer(value, '+'); - - // BEGIN android-changed - elems.add(oid, vTok.nextToken()); - // END android-changed - - while (vTok.hasMoreTokens()) - { - String sv = vTok.nextToken(); - int ndx = sv.indexOf('='); - - String nm = sv.substring(0, ndx); - String vl = sv.substring(ndx + 1); - // BEGIN android-changed - elems.add(decodeOID(nm, lookUp), vl, true); - // END android-changed - } - } - else - { - // BEGIN android-changed - elems.add(oid, value); - // END android-changed - } - } - - if (reverse) - { - // BEGIN android-changed - elems = elems.reverse(); - // END android-changed - } - } - - /** - * return a vector of the oids in the name, in the order they were found. - */ - public Vector getOIDs() - { - // BEGIN android-changed - Vector v = new Vector(); - int size = elems.size(); - - for (int i = 0; i < size; i++) - { - v.addElement(elems.getKey(i)); - } - - return v; - // END android-changed - } - - /** - * return a vector of the values found in the name, in the order they - * were found. - */ - public Vector getValues() - { - // BEGIN android-changed - Vector v = new Vector(); - int size = elems.size(); - - for (int i = 0; i < size; i++) - { - v.addElement(elems.getValue(i)); - } - - return v; - // END android-changed - } - - public DERObject toASN1Object() - { - if (seq == null) - { - // BEGIN android-changed - ASN1EncodableVector vec = new ASN1EncodableVector(); - ASN1EncodableVector sVec = new ASN1EncodableVector(); - DERObjectIdentifier lstOid = null; - int size = elems.size(); - - for (int i = 0; i != size; i++) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - DERObjectIdentifier oid = elems.getKey(i); - - v.add(oid); - - String str = elems.getValue(i); - - v.add(converter.getConvertedValue(oid, str)); - - if (lstOid == null || elems.getAdded(i)) - { - sVec.add(new DERSequence(v)); - } - else - { - vec.add(new DERSet(sVec)); - sVec = new ASN1EncodableVector(); - - sVec.add(new DERSequence(v)); - } - - lstOid = oid; - } - - vec.add(new DERSet(sVec)); - - seq = new DERSequence(vec); - // END android-changed - } - - return seq; - } - - /** - * @param inOrder if true the order of both X509 names must be the same, - * as well as the values associated with each element. - */ - public boolean equals(Object _obj, boolean inOrder) - { - if (_obj == this) - { - return true; - } - - if (!inOrder) - { - return this.equals(_obj); - } - - if (!(_obj instanceof X509Name)) - { - return false; - } - - X509Name _oxn = (X509Name)_obj; - // BEGIN android-changed - int _orderingSize = elems.size(); - - if (_orderingSize != _oxn.elems.size()) - { - return false; - } - // END android-changed - - for(int i = 0; i < _orderingSize; i++) - { - // BEGIN android-changed - String _oid = elems.getKey(i).getId(); - String _val = elems.getValue(i); - - String _oOID = _oxn.elems.getKey(i).getId(); - String _oVal = _oxn.elems.getValue(i); - // BEGIN android-changed - - if (_oid.equals(_oOID)) - { - _val = Strings.toLowerCase(_val.trim()); - _oVal = Strings.toLowerCase(_oVal.trim()); - if (_val.equals(_oVal)) - { - continue; - } - else - { - StringBuffer v1 = new StringBuffer(); - StringBuffer v2 = new StringBuffer(); - - if (_val.length() != 0) - { - char c1 = _val.charAt(0); - - v1.append(c1); - - for (int k = 1; k < _val.length(); k++) - { - char c2 = _val.charAt(k); - if (!(c1 == ' ' && c2 == ' ')) - { - v1.append(c2); - } - c1 = c2; - } - } - - if (_oVal.length() != 0) - { - char c1 = _oVal.charAt(0); - - v2.append(c1); - - for (int k = 1; k < _oVal.length(); k++) - { - char c2 = _oVal.charAt(k); - if (!(c1 == ' ' && c2 == ' ')) - { - v2.append(c2); - } - c1 = c2; - } - } - - if (!v1.toString().equals(v2.toString())) - { - return false; - } - } - } - else - { - return false; - } - } - - return true; - } - - /** - * test for equality - note: case is ignored. - */ - public boolean equals(Object _obj) - { - if (_obj == this) - { - return true; - } - - if (!(_obj instanceof X509Name || _obj instanceof ASN1Sequence)) - { - return false; - } - - DERObject derO = ((DEREncodable)_obj).getDERObject(); - - if (this.getDERObject().equals(derO)) - { - return true; - } - - if (!(_obj instanceof X509Name)) - { - return false; - } - - X509Name _oxn = (X509Name)_obj; - - // BEGIN android-changed - int _orderingSize = elems.size(); - - if (_orderingSize != _oxn.elems.size()) - { - return false; - } - // END android-changed - - boolean[] _indexes = new boolean[_orderingSize]; - - for(int i = 0; i < _orderingSize; i++) - { - boolean _found = false; - // BEGIN android-changed - String _oid = elems.getKey(i).getId(); - String _val = elems.getValue(i); - // END android-changed - - for(int j = 0; j < _orderingSize; j++) - { - if (_indexes[j]) - { - continue; - } - - // BEGIN android-changed - String _oOID = elems.getKey(j).getId(); - String _oVal = _oxn.elems.getValue(j); - // END android-changed - - if (_oid.equals(_oOID)) - { - _val = Strings.toLowerCase(_val.trim()); - _oVal = Strings.toLowerCase(_oVal.trim()); - if (_val.equals(_oVal)) - { - _indexes[j] = true; - _found = true; - break; - } - else - { - StringBuffer v1 = new StringBuffer(); - StringBuffer v2 = new StringBuffer(); - - if (_val.length() != 0) - { - char c1 = _val.charAt(0); - - v1.append(c1); - - for (int k = 1; k < _val.length(); k++) - { - char c2 = _val.charAt(k); - if (!(c1 == ' ' && c2 == ' ')) - { - v1.append(c2); - } - c1 = c2; - } - } - - if (_oVal.length() != 0) - { - char c1 = _oVal.charAt(0); - - v2.append(c1); - - for (int k = 1; k < _oVal.length(); k++) - { - char c2 = _oVal.charAt(k); - if (!(c1 == ' ' && c2 == ' ')) - { - v2.append(c2); - } - c1 = c2; - } - } - - if (v1.toString().equals(v2.toString())) - { - _indexes[j] = true; - _found = true; - break; - } - } - } - } - - if(!_found) - { - return false; - } - } - - return true; - } - - public int hashCode() - { - ASN1Sequence seq = (ASN1Sequence)this.getDERObject(); - Enumeration e = seq.getObjects(); - int hashCode = 0; - - while (e.hasMoreElements()) - { - hashCode ^= e.nextElement().hashCode(); - } - - return hashCode; - } - - private void appendValue( - StringBuffer buf, - Hashtable oidSymbols, - DERObjectIdentifier oid, - String value) - { - String sym = (String)oidSymbols.get(oid); - - if (sym != null) - { - buf.append(sym); - } - else - { - buf.append(oid.getId()); - } - - buf.append('='); - - int index = buf.length(); - - buf.append(value); - - int end = buf.length(); - - while (index != end) - { - if ((buf.charAt(index) == ',') - || (buf.charAt(index) == '"') - || (buf.charAt(index) == '\\') - || (buf.charAt(index) == '+') - || (buf.charAt(index) == '<') - || (buf.charAt(index) == '>') - || (buf.charAt(index) == ';')) - { - buf.insert(index, "\\"); - index++; - end++; - } - - index++; - } - } - - /** - * convert the structure to a string - if reverse is true the - * oids and values are listed out starting with the last element - * in the sequence (ala RFC 2253), otherwise the string will begin - * with the first element of the structure. If no string definition - * for the oid is found in oidSymbols the string value of the oid is - * added. Two standard symbol tables are provided DefaultSymbols, and - * RFC2253Symbols as part of this class. - * - * @param reverse if true start at the end of the sequence and work back. - * @param oidSymbols look up table strings for oids. - */ - public String toString( - boolean reverse, - Hashtable oidSymbols) - { - StringBuffer buf = new StringBuffer(); - boolean first = true; - - if (reverse) - { - // BEGIN android-changed - for (int i = elems.size() - 1; i >= 0; i--) - { - if (first) - { - first = false; - } - else - { - if (elems.getAdded(i + 1)) - { - buf.append('+'); - } - else - { - buf.append(','); - } - } - - appendValue(buf, oidSymbols, - elems.getKey(i), - elems.getValue(i)); - } - // END android-changed - } - else - { - // BEGIN android-changed - for (int i = 0; i < elems.size(); i++) - { - if (first) - { - first = false; - } - else - { - if (elems.getAdded(i)) - { - buf.append('+'); - } - else - { - buf.append(','); - } - } - - appendValue(buf, oidSymbols, - elems.getKey(i), - elems.getValue(i)); - } - // END android-changed - } - - return buf.toString(); - } - - private String bytesToString( - byte[] data) - { - char[] cs = new char[data.length]; - - for (int i = 0; i != cs.length; i++) - { - cs[i] = (char)(data[i] & 0xff); - } - - return new String(cs); - } - - public String toString() - { - return toString(DefaultReverse, DefaultSymbols); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/X509NameElementList.java b/luni/src/main/java/org/bouncycastle/asn1/x509/X509NameElementList.java deleted file mode 100644 index 377fb8c..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/X509NameElementList.java +++ /dev/null @@ -1,206 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import java.util.ArrayList; -import java.util.BitSet; -import org.bouncycastle.asn1.DERObjectIdentifier; - -// BEGIN android-note -// This class was extracted from X509Name as a way to keep the element -// list in a more controlled fashion. -// END android-note - -/** - * List of elements of an X509 name. Each element has a key, a value, and - * an "added" flag. - */ -public class X509NameElementList { - /** null-ok; key #0 */ - private DERObjectIdentifier key0; - - /** null-ok; key #1 */ - private DERObjectIdentifier key1; - - /** null-ok; key #2 */ - private DERObjectIdentifier key2; - - /** null-ok; key #3 */ - private DERObjectIdentifier key3; - - /** null-ok; value #0 */ - private String value0; - - /** null-ok; value #1 */ - private String value1; - - /** null-ok; value #2 */ - private String value2; - - /** null-ok; value #3 */ - private String value3; - - /** - * null-ok; array of additional keys and values, alternating - * key then value, etc. - */ - private ArrayList<Object> rest; - - /** bit vector for all the "added" bits */ - private BitSet added = new BitSet(); - - /** >= 0; number of elements in the list */ - private int size; - - // Note: Default public constructor. - - /** - * Adds an element. The "added" flag is set to false for the element. - * - * @param key non-null; the key - * @param value non-null; the value - */ - public void add(DERObjectIdentifier key, String value) { - add(key, value, false); - } - - /** - * Adds an element. - * - * @param key non-null; the key - * @param value non-null; the value - * @param added the added bit - */ - public void add(DERObjectIdentifier key, String value, boolean added) { - if (key == null) { - throw new NullPointerException("key == null"); - } - - if (value == null) { - throw new NullPointerException("value == null"); - } - - int sz = size; - - switch (sz) { - case 0: { - key0 = key; - value0 = value; - break; - } - case 1: { - key1 = key; - value1 = value; - break; - } - case 2: { - key2 = key; - value2 = value; - break; - } - case 3: { - key3 = key; - value3 = value; - break; - } - case 4: { - // Do initial allocation of rest. - rest = new ArrayList<Object>(); - // Fall through... - } - default: { - rest.add(key); - rest.add(value); - break; - } - } - - if (added) { - this.added.set(sz); - } - - size = sz + 1; - } - - /** - * Sets the "added" flag on the most recently added element. - */ - public void setLastAddedFlag() { - added.set(size - 1); - } - - /** - * Gets the number of elements in this instance. - */ - public int size() { - return size; - } - - /** - * Gets the nth key. - * - * @param n index - * @return non-null; the nth key - */ - public DERObjectIdentifier getKey(int n) { - if ((n < 0) || (n >= size)) { - throw new IndexOutOfBoundsException(Integer.toString(n)); - } - - switch (n) { - case 0: return key0; - case 1: return key1; - case 2: return key2; - case 3: return key3; - default: return (DERObjectIdentifier) rest.get((n - 4) * 2); - } - } - - /** - * Gets the nth value. - * - * @param n index - * @return non-null; the nth value - */ - public String getValue(int n) { - if ((n < 0) || (n >= size)) { - throw new IndexOutOfBoundsException(Integer.toString(n)); - } - - switch (n) { - case 0: return value0; - case 1: return value1; - case 2: return value2; - case 3: return value3; - default: return (String) rest.get(((n - 4) * 2) + 1); - } - } - - /** - * Gets the nth added flag bit. - * - * @param n index - * @return the nth added flag bit - */ - public boolean getAdded(int n) { - if ((n < 0) || (n >= size)) { - throw new IndexOutOfBoundsException(Integer.toString(n)); - } - - return added.get(n); - } - - /** - * Constructs and returns a new instance which consists of the - * elements of this one in reverse order - * - * @return non-null; the reversed instance - */ - public X509NameElementList reverse() { - X509NameElementList result = new X509NameElementList(); - - for (int i = size - 1; i >= 0; i--) { - result.add(getKey(i), getValue(i), getAdded(i)); - } - - return result; - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/X509NameEntryConverter.java b/luni/src/main/java/org/bouncycastle/asn1/x509/X509NameEntryConverter.java deleted file mode 100644 index 24075f7..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/X509NameEntryConverter.java +++ /dev/null @@ -1,154 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import java.io.IOException; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.util.Strings; - -/** - * It turns out that the number of standard ways the fields in a DN should be - * encoded into their ASN.1 counterparts is rapidly approaching the - * number of machines on the internet. By default the X509Name class - * will produce UTF8Strings in line with the current recommendations (RFC 3280). - * <p> - * An example of an encoder look like below: - * <pre> - * public class X509DirEntryConverter - * extends X509NameEntryConverter - * { - * public DERObject getConvertedValue( - * DERObjectIdentifier oid, - * String value) - * { - * if (str.length() != 0 && str.charAt(0) == '#') - * { - * return convertHexEncoded(str, 1); - * } - * if (oid.equals(EmailAddress)) - * { - * return new DERIA5String(str); - * } - * else if (canBePrintable(str)) - * { - * return new DERPrintableString(str); - * } - * else if (canBeUTF8(str)) - * { - * return new DERUTF8String(str); - * } - * else - * { - * return new DERBMPString(str); - * } - * } - * } - */ -public abstract class X509NameEntryConverter -{ - /** - * Convert an inline encoded hex string rendition of an ASN.1 - * object back into its corresponding ASN.1 object. - * - * @param str the hex encoded object - * @param off the index at which the encoding starts - * @return the decoded object - */ - protected DERObject convertHexEncoded( - String str, - int off) - throws IOException - { - str = Strings.toLowerCase(str); - byte[] data = new byte[(str.length() - off) / 2]; - for (int index = 0; index != data.length; index++) - { - char left = str.charAt((index * 2) + off); - char right = str.charAt((index * 2) + off + 1); - - if (left < 'a') - { - data[index] = (byte)((left - '0') << 4); - } - else - { - data[index] = (byte)((left - 'a' + 10) << 4); - } - if (right < 'a') - { - data[index] |= (byte)(right - '0'); - } - else - { - data[index] |= (byte)(right - 'a' + 10); - } - } - - ASN1InputStream aIn = new ASN1InputStream(data); - - return aIn.readObject(); - } - - /** - * return true if the passed in String can be represented without - * loss as a PrintableString, false otherwise. - */ - protected boolean canBePrintable( - String str) - { - for (int i = str.length() - 1; i >= 0; i--) - { - char ch = str.charAt(i); - - if (str.charAt(i) > 0x007f) - { - return false; - } - - if ('a' <= ch && ch <= 'z') - { - continue; - } - - if ('A' <= ch && ch <= 'Z') - { - continue; - } - - if ('0' <= ch && ch <= '9') - { - continue; - } - - switch (ch) - { - case ' ': - case '\'': - case '(': - case ')': - case '+': - case '-': - case '.': - case ':': - case '=': - case '?': - continue; - } - - return false; - } - - return true; - } - - /** - * Convert the passed in String value into the appropriate ASN.1 - * encoded object. - * - * @param oid the oid associated with the value in the DN. - * @param value the value of the particular DN component. - * @return the ASN.1 equivalent for the value. - */ - public abstract DERObject getConvertedValue(DERObjectIdentifier oid, String value); -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/X509NameTokenizer.java b/luni/src/main/java/org/bouncycastle/asn1/x509/X509NameTokenizer.java deleted file mode 100644 index 8f0d08b..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/X509NameTokenizer.java +++ /dev/null @@ -1,102 +0,0 @@ -package org.bouncycastle.asn1.x509; - -/** - * class for breaking up an X500 Name into it's component tokens, ala - * java.util.StringTokenizer. We need this class as some of the - * lightweight Java environment don't support classes like - * StringTokenizer. - */ -public class X509NameTokenizer -{ - private String value; - private int index; - private char seperator; - private StringBuffer buf = new StringBuffer(); - - public X509NameTokenizer( - String oid) - { - this(oid, ','); - } - - public X509NameTokenizer( - String oid, - char seperator) - { - this.value = oid; - this.index = -1; - this.seperator = seperator; - } - - public boolean hasMoreTokens() - { - return (index != value.length()); - } - - public String nextToken() - { - if (index == value.length()) - { - return null; - } - - int end = index + 1; - boolean quoted = false; - boolean escaped = false; - - buf.setLength(0); - - while (end != value.length()) - { - char c = value.charAt(end); - - if (c == '"') - { - if (!escaped) - { - quoted = !quoted; - } - else - { - buf.append(c); - } - escaped = false; - } - else - { - if (escaped || quoted) - { - // BEGIN android-added - // copied from a newer version of BouncyCastle - if (c == '#' && buf.charAt(buf.length() - 1) == '=') - { - buf.append('\\'); - } - else if (c == '+' && seperator != '+') - { - buf.append('\\'); - } - // END android-added - buf.append(c); - escaped = false; - } - else if (c == '\\') - { - escaped = true; - } - else if (c == seperator) - { - break; - } - else - { - buf.append(c); - } - } - end++; - } - - index = end; - return buf.toString().trim(); - } -}
\ No newline at end of file diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/X509ObjectIdentifiers.java b/luni/src/main/java/org/bouncycastle/asn1/x509/X509ObjectIdentifiers.java deleted file mode 100644 index 1f8b8a2..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/X509ObjectIdentifiers.java +++ /dev/null @@ -1,43 +0,0 @@ -package org.bouncycastle.asn1.x509; - -import org.bouncycastle.asn1.DERObjectIdentifier; - -public interface X509ObjectIdentifiers -{ - // - // base id - // - static final String id = "2.5.4"; - - static final DERObjectIdentifier commonName = new DERObjectIdentifier(id + ".3"); - static final DERObjectIdentifier countryName = new DERObjectIdentifier(id + ".6"); - static final DERObjectIdentifier localityName = new DERObjectIdentifier(id + ".7"); - static final DERObjectIdentifier stateOrProvinceName = new DERObjectIdentifier(id + ".8"); - static final DERObjectIdentifier organization = new DERObjectIdentifier(id + ".10"); - static final DERObjectIdentifier organizationalUnitName = new DERObjectIdentifier(id + ".11"); - - // id-SHA1 OBJECT IDENTIFIER ::= - // {iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } // - static final DERObjectIdentifier id_SHA1 = new DERObjectIdentifier("1.3.14.3.2.26"); - - // - // ripemd160 OBJECT IDENTIFIER ::= - // {iso(1) identified-organization(3) TeleTrust(36) algorithm(3) hashAlgorithm(2) RIPEMD-160(1)} - // - static final DERObjectIdentifier ripemd160 = new DERObjectIdentifier("1.3.36.3.2.1"); - - // - // ripemd160WithRSAEncryption OBJECT IDENTIFIER ::= - // {iso(1) identified-organization(3) TeleTrust(36) algorithm(3) signatureAlgorithm(3) rsaSignature(1) rsaSignatureWithripemd160(2) } - // - static final DERObjectIdentifier ripemd160WithRSAEncryption = new DERObjectIdentifier("1.3.36.3.3.1.2"); - - - static final DERObjectIdentifier id_ea_rsa = new DERObjectIdentifier("2.5.8.1.1"); - - // - // OID for ocsp uri in AuthorityInformationAccess extension - // - static final DERObjectIdentifier ocspAccessMethod = new DERObjectIdentifier("1.3.6.1.5.5.7.48.1"); -} - diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/qualified/BiometricData.java b/luni/src/main/java/org/bouncycastle/asn1/x509/qualified/BiometricData.java deleted file mode 100644 index 9f373fa..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/qualified/BiometricData.java +++ /dev/null @@ -1,124 +0,0 @@ -package org.bouncycastle.asn1.x509.qualified; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -/** - * The BiometricData object. - * <pre> - * BiometricData ::= SEQUENCE { - * typeOfBiometricData TypeOfBiometricData, - * hashAlgorithm AlgorithmIdentifier, - * biometricDataHash OCTET STRING, - * sourceDataUri IA5String OPTIONAL } - * </pre> - */ -public class BiometricData - extends ASN1Encodable -{ - TypeOfBiometricData typeOfBiometricData; - AlgorithmIdentifier hashAlgorithm; - ASN1OctetString biometricDataHash; - DERIA5String sourceDataUri; - - public static BiometricData getInstance( - Object obj) - { - if (obj == null || obj instanceof BiometricData) - { - return (BiometricData)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new BiometricData(ASN1Sequence.getInstance(obj)); - } - else - { - throw new IllegalArgumentException("unknown object in getInstance"); - } - } - - public BiometricData(ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - // typeOfBiometricData - typeOfBiometricData = TypeOfBiometricData.getInstance(e.nextElement()); - // hashAlgorithm - hashAlgorithm = AlgorithmIdentifier.getInstance(e.nextElement()); - // biometricDataHash - biometricDataHash = ASN1OctetString.getInstance(e.nextElement()); - // sourceDataUri - if (e.hasMoreElements()) - { - sourceDataUri = DERIA5String.getInstance(e.nextElement()); - } - } - - public BiometricData( - TypeOfBiometricData typeOfBiometricData, - AlgorithmIdentifier hashAlgorithm, - ASN1OctetString biometricDataHash, - DERIA5String sourceDataUri) - { - this.typeOfBiometricData = typeOfBiometricData; - this.hashAlgorithm = hashAlgorithm; - this.biometricDataHash = biometricDataHash; - this.sourceDataUri = sourceDataUri; - } - - public BiometricData( - TypeOfBiometricData typeOfBiometricData, - AlgorithmIdentifier hashAlgorithm, - ASN1OctetString biometricDataHash) - { - this.typeOfBiometricData = typeOfBiometricData; - this.hashAlgorithm = hashAlgorithm; - this.biometricDataHash = biometricDataHash; - this.sourceDataUri = null; - } - - public TypeOfBiometricData getTypeOfBiometricData() - { - return typeOfBiometricData; - } - - public AlgorithmIdentifier getHashAlgorithm() - { - return hashAlgorithm; - } - - public ASN1OctetString getBiometricDataHash() - { - return biometricDataHash; - } - - public DERIA5String getSourceDataUri() - { - return sourceDataUri; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector seq = new ASN1EncodableVector(); - seq.add(typeOfBiometricData); - seq.add(hashAlgorithm); - seq.add(biometricDataHash); - - if (sourceDataUri != null) - { - seq.add(sourceDataUri); - } - - return new DERSequence(seq); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/qualified/ETSIQCObjectIdentifiers.java b/luni/src/main/java/org/bouncycastle/asn1/x509/qualified/ETSIQCObjectIdentifiers.java deleted file mode 100644 index eef97e3..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/qualified/ETSIQCObjectIdentifiers.java +++ /dev/null @@ -1,16 +0,0 @@ -package org.bouncycastle.asn1.x509.qualified; - -import org.bouncycastle.asn1.DERObjectIdentifier; - -public interface ETSIQCObjectIdentifiers -{ - // - // base id - // - static final String id_etsi_qcs = "0.4.0.1862.1"; - - static final DERObjectIdentifier id_etsi_qcs_QcCompliance = new DERObjectIdentifier(id_etsi_qcs+".1"); - static final DERObjectIdentifier id_etsi_qcs_LimiteValue = new DERObjectIdentifier(id_etsi_qcs+".2"); - static final DERObjectIdentifier id_etsi_qcs_RetentionPeriod = new DERObjectIdentifier(id_etsi_qcs+".3"); - static final DERObjectIdentifier id_etsi_qcs_QcSSCD = new DERObjectIdentifier(id_etsi_qcs+".4"); -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/qualified/Iso4217CurrencyCode.java b/luni/src/main/java/org/bouncycastle/asn1/x509/qualified/Iso4217CurrencyCode.java deleted file mode 100644 index 10ced50..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/qualified/Iso4217CurrencyCode.java +++ /dev/null @@ -1,93 +0,0 @@ -package org.bouncycastle.asn1.x509.qualified; - -import org.bouncycastle.asn1.ASN1Choice; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERPrintableString; - -/** - * The Iso4217CurrencyCode object. - * <pre> - * Iso4217CurrencyCode ::= CHOICE { - * alphabetic PrintableString (SIZE 3), --Recommended - * numeric INTEGER (1..999) } - * -- Alphabetic or numeric currency code as defined in ISO 4217 - * -- It is recommended that the Alphabetic form is used - * </pre> - */ -public class Iso4217CurrencyCode - extends ASN1Encodable - implements ASN1Choice -{ - final int ALPHABETIC_MAXSIZE = 3; - final int NUMERIC_MINSIZE = 1; - final int NUMERIC_MAXSIZE = 999; - - DEREncodable obj; - int numeric; - - public static Iso4217CurrencyCode getInstance( - Object obj) - { - if (obj == null || obj instanceof Iso4217CurrencyCode) - { - return (Iso4217CurrencyCode)obj; - } - - if (obj instanceof DERInteger) - { - DERInteger numericobj = DERInteger.getInstance(obj); - int numeric = numericobj.getValue().intValue(); - return new Iso4217CurrencyCode(numeric); - } - else - if (obj instanceof DERPrintableString) - { - DERPrintableString alphabetic = DERPrintableString.getInstance(obj); - return new Iso4217CurrencyCode(alphabetic.getString()); - } - throw new IllegalArgumentException("unknown object in getInstance"); - } - - public Iso4217CurrencyCode( - int numeric) - { - if (numeric > NUMERIC_MAXSIZE || numeric < NUMERIC_MINSIZE) - { - throw new IllegalArgumentException("wrong size in numeric code : not in (" +NUMERIC_MINSIZE +".."+ NUMERIC_MAXSIZE +")"); - } - obj = new DERInteger(numeric); - } - - public Iso4217CurrencyCode( - String alphabetic) - { - if (alphabetic.length() > ALPHABETIC_MAXSIZE) - { - throw new IllegalArgumentException("wrong size in alphabetic code : max size is " + ALPHABETIC_MAXSIZE); - } - obj = new DERPrintableString(alphabetic); - } - - public boolean isAlphabetic() - { - return obj instanceof DERPrintableString; - } - - public String getAlphabetic() - { - return ((DERPrintableString)obj).getString(); - } - - public int getNumeric() - { - return ((DERInteger)obj).getValue().intValue(); - } - - public DERObject toASN1Object() - { - return obj.getDERObject(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/qualified/MonetaryValue.java b/luni/src/main/java/org/bouncycastle/asn1/x509/qualified/MonetaryValue.java deleted file mode 100644 index c8c0ce3..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/qualified/MonetaryValue.java +++ /dev/null @@ -1,92 +0,0 @@ -package org.bouncycastle.asn1.x509.qualified; - -import java.math.BigInteger; -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERSequence; - -/** - * The MonetaryValue object. - * <pre> - * MonetaryValue ::= SEQUENCE { - * currency Iso4217CurrencyCode, - * amount INTEGER, - * exponent INTEGER } - * -- value = amount * 10^exponent - * </pre> - */ -public class MonetaryValue - extends ASN1Encodable -{ - Iso4217CurrencyCode currency; - DERInteger amount; - DERInteger exponent; - - public static MonetaryValue getInstance( - Object obj) - { - if (obj == null || obj instanceof MonetaryValue) - { - return (MonetaryValue)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new MonetaryValue(ASN1Sequence.getInstance(obj)); - } - - throw new IllegalArgumentException("unknown object in getInstance"); - } - - public MonetaryValue( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - // currency - currency = Iso4217CurrencyCode.getInstance(e.nextElement()); - // hashAlgorithm - amount = DERInteger.getInstance(e.nextElement()); - // exponent - exponent = DERInteger.getInstance(e.nextElement()); - } - - public MonetaryValue( - Iso4217CurrencyCode currency, - int amount, - int exponent) - { - this.currency = currency; - this.amount = new DERInteger(amount); - this.exponent = new DERInteger(exponent); - } - - public Iso4217CurrencyCode getCurrency() - { - return currency; - } - - public BigInteger getAmount() - { - return amount.getValue(); - } - - public BigInteger getExponent() - { - return exponent.getValue(); - } - - public DERObject toASN1Object() - { - ASN1EncodableVector seq = new ASN1EncodableVector(); - seq.add(currency); - seq.add(amount); - seq.add(exponent); - - return new DERSequence(seq); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/qualified/QCStatement.java b/luni/src/main/java/org/bouncycastle/asn1/x509/qualified/QCStatement.java deleted file mode 100644 index 6b87ea0..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/qualified/QCStatement.java +++ /dev/null @@ -1,95 +0,0 @@ -package org.bouncycastle.asn1.x509.qualified; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; - -/** - * The QCStatement object. - * <pre> - * QCStatement ::= SEQUENCE { - * statementId OBJECT IDENTIFIER, - * statementInfo ANY DEFINED BY statementId OPTIONAL} - * </pre> - */ - -public class QCStatement - extends ASN1Encodable - implements ETSIQCObjectIdentifiers, RFC3739QCObjectIdentifiers -{ - DERObjectIdentifier qcStatementId; - ASN1Encodable qcStatementInfo; - - public static QCStatement getInstance( - Object obj) - { - if (obj == null || obj instanceof QCStatement) - { - return (QCStatement)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new QCStatement(ASN1Sequence.getInstance(obj)); - } - - throw new IllegalArgumentException("unknown object in getInstance"); - } - - public QCStatement( - ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - - // qcStatementId - qcStatementId = DERObjectIdentifier.getInstance(e.nextElement()); - // qcstatementInfo - if (e.hasMoreElements()) - { - qcStatementInfo = (ASN1Encodable) e.nextElement(); - } - } - - public QCStatement( - DERObjectIdentifier qcStatementId) - { - this.qcStatementId = qcStatementId; - this.qcStatementInfo = null; - } - - public QCStatement( - DERObjectIdentifier qcStatementId, - ASN1Encodable qcStatementInfo) - { - this.qcStatementId = qcStatementId; - this.qcStatementInfo = qcStatementInfo; - } - - public DERObjectIdentifier getStatementId() - { - return qcStatementId; - } - - public ASN1Encodable getStatementInfo() - { - return qcStatementInfo; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector seq = new ASN1EncodableVector(); - seq.add(qcStatementId); - - if (qcStatementInfo != null) - { - seq.add(qcStatementInfo); - } - - return new DERSequence(seq); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/qualified/RFC3739QCObjectIdentifiers.java b/luni/src/main/java/org/bouncycastle/asn1/x509/qualified/RFC3739QCObjectIdentifiers.java deleted file mode 100644 index 8762f2f..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/qualified/RFC3739QCObjectIdentifiers.java +++ /dev/null @@ -1,14 +0,0 @@ -package org.bouncycastle.asn1.x509.qualified; - -import org.bouncycastle.asn1.DERObjectIdentifier; - -public interface RFC3739QCObjectIdentifiers -{ - // - // base id - // - static final String id_qcs = "1.3.6.1.5.5.7.11"; - - static final DERObjectIdentifier id_qcs_pkixQCSyntax_v1 = new DERObjectIdentifier(id_qcs+".1"); - static final DERObjectIdentifier id_qcs_pkixQCSyntax_v2 = new DERObjectIdentifier(id_qcs+".2"); -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/qualified/SemanticsInformation.java b/luni/src/main/java/org/bouncycastle/asn1/x509/qualified/SemanticsInformation.java deleted file mode 100644 index 445e8b2..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/qualified/SemanticsInformation.java +++ /dev/null @@ -1,130 +0,0 @@ -package org.bouncycastle.asn1.x509.qualified; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.GeneralName; - -/** - * The SemanticsInformation object. - * <pre> - * SemanticsInformation ::= SEQUENCE { - * semanticsIdentifier OBJECT IDENTIFIER OPTIONAL, - * nameRegistrationAuthorities NameRegistrationAuthorities - * OPTIONAL } - * (WITH COMPONENTS {..., semanticsIdentifier PRESENT}| - * WITH COMPONENTS {..., nameRegistrationAuthorities PRESENT}) - * - * NameRegistrationAuthorities ::= SEQUENCE SIZE (1..MAX) OF - * GeneralName - * </pre> - */ -public class SemanticsInformation extends ASN1Encodable -{ - DERObjectIdentifier semanticsIdentifier; - GeneralName[] nameRegistrationAuthorities; - - public static SemanticsInformation getInstance(Object obj) - { - if (obj == null || obj instanceof SemanticsInformation) - { - return (SemanticsInformation)obj; - } - - if (obj instanceof ASN1Sequence) - { - return new SemanticsInformation(ASN1Sequence.getInstance(obj)); - } - - throw new IllegalArgumentException("unknown object in getInstance"); - } - - public SemanticsInformation(ASN1Sequence seq) - { - Enumeration e = seq.getObjects(); - if (seq.size() < 1) - { - throw new IllegalArgumentException("no objects in SemanticsInformation"); - } - - Object object = e.nextElement(); - if (object instanceof DERObjectIdentifier) - { - semanticsIdentifier = DERObjectIdentifier.getInstance(object); - if (e.hasMoreElements()) - { - object = e.nextElement(); - } - else - { - object = null; - } - } - - if (object != null) - { - ASN1Sequence generalNameSeq = ASN1Sequence.getInstance(object); - nameRegistrationAuthorities = new GeneralName[generalNameSeq.size()]; - for (int i= 0; i < generalNameSeq.size(); i++) - { - nameRegistrationAuthorities[i] = GeneralName.getInstance(generalNameSeq.getObjectAt(i)); - } - } - } - - public SemanticsInformation( - DERObjectIdentifier semanticsIdentifier, - GeneralName[] generalNames) - { - this.semanticsIdentifier = semanticsIdentifier; - this.nameRegistrationAuthorities = generalNames; - } - - public SemanticsInformation(DERObjectIdentifier semanticsIdentifier) - { - this.semanticsIdentifier = semanticsIdentifier; - this.nameRegistrationAuthorities = null; - } - - public SemanticsInformation(GeneralName[] generalNames) - { - this.semanticsIdentifier = null; - this.nameRegistrationAuthorities = generalNames; - } - - public DERObjectIdentifier getSemanticsIdentifier() - { - return semanticsIdentifier; - } - - public GeneralName[] getNameRegistrationAuthorities() - { - return nameRegistrationAuthorities; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector seq = new ASN1EncodableVector(); - - if (this.semanticsIdentifier != null) - { - seq.add(semanticsIdentifier); - } - if (this.nameRegistrationAuthorities != null) - { - ASN1EncodableVector seqname = new ASN1EncodableVector(); - for (int i = 0; i < nameRegistrationAuthorities.length; i++) - { - seqname.add(nameRegistrationAuthorities[i]); - } - seq.add(new DERSequence(seqname)); - } - - return new DERSequence(seq); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/qualified/TypeOfBiometricData.java b/luni/src/main/java/org/bouncycastle/asn1/x509/qualified/TypeOfBiometricData.java deleted file mode 100644 index 3ab384a..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/qualified/TypeOfBiometricData.java +++ /dev/null @@ -1,90 +0,0 @@ -package org.bouncycastle.asn1.x509.qualified; - -import org.bouncycastle.asn1.ASN1Choice; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; - -/** - * The TypeOfBiometricData object. - * <pre> - * TypeOfBiometricData ::= CHOICE { - * predefinedBiometricType PredefinedBiometricType, - * biometricDataOid OBJECT IDENTIFIER } - * - * PredefinedBiometricType ::= INTEGER { - * picture(0),handwritten-signature(1)} - * (picture|handwritten-signature) - * </pre> - */ -public class TypeOfBiometricData - extends ASN1Encodable - implements ASN1Choice -{ - public static final int PICTURE = 0; - public static final int HANDWRITTEN_SIGNATURE = 1; - - DEREncodable obj; - - public static TypeOfBiometricData getInstance(Object obj) - { - if (obj == null || obj instanceof TypeOfBiometricData) - { - return (TypeOfBiometricData)obj; - } - - if (obj instanceof DERInteger) - { - DERInteger predefinedBiometricTypeObj = DERInteger.getInstance(obj); - int predefinedBiometricType = predefinedBiometricTypeObj.getValue().intValue(); - - return new TypeOfBiometricData(predefinedBiometricType); - } - else if (obj instanceof DERObjectIdentifier) - { - DERObjectIdentifier BiometricDataID = DERObjectIdentifier.getInstance(obj); - return new TypeOfBiometricData(BiometricDataID); - } - - throw new IllegalArgumentException("unknown object in getInstance"); - } - - public TypeOfBiometricData(int predefinedBiometricType) - { - if (predefinedBiometricType == PICTURE || predefinedBiometricType == HANDWRITTEN_SIGNATURE) - { - obj = new DERInteger(predefinedBiometricType); - } - else - { - throw new IllegalArgumentException("unknow PredefinedBiometricType : " + predefinedBiometricType); - } - } - - public TypeOfBiometricData(DERObjectIdentifier BiometricDataID) - { - obj = BiometricDataID; - } - - public boolean isPredefined() - { - return obj instanceof DERInteger; - } - - public int getPredefinedBiometricType() - { - return ((DERInteger)obj).getValue().intValue(); - } - - public DERObjectIdentifier getBiometricDataOid() - { - return (DERObjectIdentifier)obj; - } - - public DERObject toASN1Object() - { - return obj.getDERObject(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x509/sigi/SigIObjectIdentifiers.java b/luni/src/main/java/org/bouncycastle/asn1/x509/sigi/SigIObjectIdentifiers.java deleted file mode 100644 index 73fc962..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x509/sigi/SigIObjectIdentifiers.java +++ /dev/null @@ -1,49 +0,0 @@ -package org.bouncycastle.asn1.x509.sigi; - -import org.bouncycastle.asn1.DERObjectIdentifier; - -/** - * Object Identifiers of SigI specifciation (German Signature Law - * Interoperability specification). - */ -public final class SigIObjectIdentifiers -{ - private SigIObjectIdentifiers() - { - } - - public final static DERObjectIdentifier id_sigi = new DERObjectIdentifier("1.3.36.8"); - - /** - * Key purpose IDs for German SigI (Signature Interoperability - * Specification) - */ - public final static DERObjectIdentifier id_sigi_kp = new DERObjectIdentifier(id_sigi + ".2"); - - /** - * Certificate policy IDs for German SigI (Signature Interoperability - * Specification) - */ - public final static DERObjectIdentifier id_sigi_cp = new DERObjectIdentifier(id_sigi + ".1"); - - /** - * Other Name IDs for German SigI (Signature Interoperability Specification) - */ - public final static DERObjectIdentifier id_sigi_on = new DERObjectIdentifier(id_sigi + ".4"); - - /** - * To be used for for the generation of directory service certificates. - */ - public static final DERObjectIdentifier id_sigi_kp_directoryService = new DERObjectIdentifier(id_sigi_kp + ".1"); - - /** - * ID for PersonalData - */ - public static final DERObjectIdentifier id_sigi_on_personalData = new DERObjectIdentifier(id_sigi_on + ".1"); - - /** - * Certificate is conform to german signature law. - */ - public static final DERObjectIdentifier id_sigi_cp_sigconform = new DERObjectIdentifier(id_sigi_cp + ".1"); - -} diff --git a/luni/src/main/java/org/bouncycastle/asn1/x9/X9ObjectIdentifiers.java b/luni/src/main/java/org/bouncycastle/asn1/x9/X9ObjectIdentifiers.java deleted file mode 100644 index c313572..0000000 --- a/luni/src/main/java/org/bouncycastle/asn1/x9/X9ObjectIdentifiers.java +++ /dev/null @@ -1,121 +0,0 @@ -package org.bouncycastle.asn1.x9; - -import org.bouncycastle.asn1.DERObjectIdentifier; - -public interface X9ObjectIdentifiers -{ - // - // X9.62 - // - // ansi-X9-62 OBJECT IDENTIFIER ::= { iso(1) member-body(2) - // us(840) ansi-x962(10045) } - // - static final String ansi_X9_62 = "1.2.840.10045"; - static final String id_fieldType = ansi_X9_62 + ".1"; - - static final DERObjectIdentifier prime_field - = new DERObjectIdentifier(id_fieldType + ".1"); - - static final DERObjectIdentifier characteristic_two_field - = new DERObjectIdentifier(id_fieldType + ".2"); - - static final DERObjectIdentifier gnBasis - = new DERObjectIdentifier(id_fieldType + ".2.3.1"); - - static final DERObjectIdentifier tpBasis - = new DERObjectIdentifier(id_fieldType + ".2.3.2"); - - static final DERObjectIdentifier ppBasis - = new DERObjectIdentifier(id_fieldType + ".2.3.3"); - - static final String id_ecSigType = ansi_X9_62 + ".4"; - - static final DERObjectIdentifier ecdsa_with_SHA1 - = new DERObjectIdentifier(id_ecSigType + ".1"); - - static final String id_publicKeyType = ansi_X9_62 + ".2"; - - static final DERObjectIdentifier id_ecPublicKey - = new DERObjectIdentifier(id_publicKeyType + ".1"); - - static final DERObjectIdentifier ecdsa_with_SHA2 - = new DERObjectIdentifier(id_ecSigType + ".3"); - - static final DERObjectIdentifier ecdsa_with_SHA224 - = new DERObjectIdentifier(ecdsa_with_SHA2 + ".1"); - - static final DERObjectIdentifier ecdsa_with_SHA256 - = new DERObjectIdentifier(ecdsa_with_SHA2 + ".2"); - - static final DERObjectIdentifier ecdsa_with_SHA384 - = new DERObjectIdentifier(ecdsa_with_SHA2 + ".3"); - - static final DERObjectIdentifier ecdsa_with_SHA512 - = new DERObjectIdentifier(ecdsa_with_SHA2 + ".4"); - - // - // named curves - // - static final String ellipticCurve = ansi_X9_62 + ".3"; - - // - // Two Curves - // - static final String cTwoCurve = ellipticCurve + ".0"; - - static final DERObjectIdentifier c2pnb163v1 = new DERObjectIdentifier(cTwoCurve + ".1"); - static final DERObjectIdentifier c2pnb163v2 = new DERObjectIdentifier(cTwoCurve + ".2"); - static final DERObjectIdentifier c2pnb163v3 = new DERObjectIdentifier(cTwoCurve + ".3"); - static final DERObjectIdentifier c2pnb176w1 = new DERObjectIdentifier(cTwoCurve + ".4"); - static final DERObjectIdentifier c2tnb191v1 = new DERObjectIdentifier(cTwoCurve + ".5"); - static final DERObjectIdentifier c2tnb191v2 = new DERObjectIdentifier(cTwoCurve + ".6"); - static final DERObjectIdentifier c2tnb191v3 = new DERObjectIdentifier(cTwoCurve + ".7"); - static final DERObjectIdentifier c2onb191v4 = new DERObjectIdentifier(cTwoCurve + ".8"); - static final DERObjectIdentifier c2onb191v5 = new DERObjectIdentifier(cTwoCurve + ".9"); - static final DERObjectIdentifier c2pnb208w1 = new DERObjectIdentifier(cTwoCurve + ".10"); - static final DERObjectIdentifier c2tnb239v1 = new DERObjectIdentifier(cTwoCurve + ".11"); - static final DERObjectIdentifier c2tnb239v2 = new DERObjectIdentifier(cTwoCurve + ".12"); - static final DERObjectIdentifier c2tnb239v3 = new DERObjectIdentifier(cTwoCurve + ".13"); - static final DERObjectIdentifier c2onb239v4 = new DERObjectIdentifier(cTwoCurve + ".14"); - static final DERObjectIdentifier c2onb239v5 = new DERObjectIdentifier(cTwoCurve + ".15"); - static final DERObjectIdentifier c2pnb272w1 = new DERObjectIdentifier(cTwoCurve + ".16"); - static final DERObjectIdentifier c2png304v1 = new DERObjectIdentifier(cTwoCurve + ".17"); - static final DERObjectIdentifier c2tnb359v1 = new DERObjectIdentifier(cTwoCurve + ".18"); - static final DERObjectIdentifier c2pnb368w1 = new DERObjectIdentifier(cTwoCurve + ".19"); - static final DERObjectIdentifier c2tnb431r1 = new DERObjectIdentifier(cTwoCurve + ".20"); - - // - // Prime - // - static final String primeCurve = ellipticCurve + ".1"; - - static final DERObjectIdentifier prime192v1 = new DERObjectIdentifier(primeCurve + ".1"); - static final DERObjectIdentifier prime192v2 = new DERObjectIdentifier(primeCurve + ".2"); - static final DERObjectIdentifier prime192v3 = new DERObjectIdentifier(primeCurve + ".3"); - static final DERObjectIdentifier prime239v1 = new DERObjectIdentifier(primeCurve + ".4"); - static final DERObjectIdentifier prime239v2 = new DERObjectIdentifier(primeCurve + ".5"); - static final DERObjectIdentifier prime239v3 = new DERObjectIdentifier(primeCurve + ".6"); - static final DERObjectIdentifier prime256v1 = new DERObjectIdentifier(primeCurve + ".7"); - - // - // Diffie-Hellman - // - // dhpublicnumber OBJECT IDENTIFIER ::= { iso(1) member-body(2) - // us(840) ansi-x942(10046) number-type(2) 1 } - // - static final DERObjectIdentifier dhpublicnumber = new DERObjectIdentifier("1.2.840.10046.2.1"); - - // - // DSA - // - // dsapublicnumber OBJECT IDENTIFIER ::= { iso(1) member-body(2) - // us(840) ansi-x957(10040) number-type(4) 1 } - static final DERObjectIdentifier id_dsa = new DERObjectIdentifier("1.2.840.10040.4.1"); - - /** - * id-dsa-with-sha1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) - * us(840) x9-57 (10040) x9cm(4) 3 } - */ - public static final DERObjectIdentifier id_dsa_with_sha1 = new DERObjectIdentifier("1.2.840.10040.4.3"); -} - diff --git a/luni/src/main/java/org/bouncycastle/crypto/AsymmetricBlockCipher.java b/luni/src/main/java/org/bouncycastle/crypto/AsymmetricBlockCipher.java deleted file mode 100644 index 565effc..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/AsymmetricBlockCipher.java +++ /dev/null @@ -1,45 +0,0 @@ -package org.bouncycastle.crypto; - - -/** - * base interface that a public/private key block cipher needs - * to conform to. - */ -public interface AsymmetricBlockCipher -{ - /** - * initialise the cipher. - * - * @param forEncryption if true the cipher is initialised for - * encryption, if false for decryption. - * @param param the key and other data required by the cipher. - */ - public void init(boolean forEncryption, CipherParameters param); - - /** - * returns the largest size an input block can be. - * - * @return maximum size for an input block. - */ - public int getInputBlockSize(); - - /** - * returns the maximum size of the block produced by this cipher. - * - * @return maximum size of the output block produced by the cipher. - */ - public int getOutputBlockSize(); - - /** - * process the block of len bytes stored in in from offset inOff. - * - * @param in the input data - * @param inOff offset into the in array where the data starts - * @param len the length of the block to be processed. - * @return the resulting byte array of the encryption/decryption process. - * @exception InvalidCipherTextException data decrypts improperly. - * @exception DataLengthException the input data is too large for the cipher. - */ - public byte[] processBlock(byte[] in, int inOff, int len) - throws InvalidCipherTextException; -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/AsymmetricCipherKeyPair.java b/luni/src/main/java/org/bouncycastle/crypto/AsymmetricCipherKeyPair.java deleted file mode 100644 index 85bec73..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/AsymmetricCipherKeyPair.java +++ /dev/null @@ -1,44 +0,0 @@ -package org.bouncycastle.crypto; - -/** - * a holding class for public/private parameter pairs. - */ -public class AsymmetricCipherKeyPair -{ - private CipherParameters publicParam; - private CipherParameters privateParam; - - /** - * basic constructor. - * - * @param publicParam a public key parameters object. - * @param privateParam the corresponding private key parameters. - */ - public AsymmetricCipherKeyPair( - CipherParameters publicParam, - CipherParameters privateParam) - { - this.publicParam = publicParam; - this.privateParam = privateParam; - } - - /** - * return the public key parameters. - * - * @return the public key parameters. - */ - public CipherParameters getPublic() - { - return publicParam; - } - - /** - * return the private key parameters. - * - * @return the private key parameters. - */ - public CipherParameters getPrivate() - { - return privateParam; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/AsymmetricCipherKeyPairGenerator.java b/luni/src/main/java/org/bouncycastle/crypto/AsymmetricCipherKeyPairGenerator.java deleted file mode 100644 index 919db19..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/AsymmetricCipherKeyPairGenerator.java +++ /dev/null @@ -1,22 +0,0 @@ -package org.bouncycastle.crypto; - -/** - * interface that a public/private key pair generator should conform to. - */ -public interface AsymmetricCipherKeyPairGenerator -{ - /** - * intialise the key pair generator. - * - * @param param the parameters the key pair is to be initialised with. - */ - public void init(KeyGenerationParameters param); - - /** - * return an AsymmetricCipherKeyPair containing the generated keys. - * - * @return an AsymmetricCipherKeyPair containing the generated keys. - */ - public AsymmetricCipherKeyPair generateKeyPair(); -} - diff --git a/luni/src/main/java/org/bouncycastle/crypto/BasicAgreement.java b/luni/src/main/java/org/bouncycastle/crypto/BasicAgreement.java deleted file mode 100644 index 4907427..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/BasicAgreement.java +++ /dev/null @@ -1,21 +0,0 @@ -package org.bouncycastle.crypto; - -import java.math.BigInteger; - -/** - * The basic interface that basic Diffie-Hellman implementations - * conforms to. - */ -public interface BasicAgreement -{ - /** - * initialise the agreement engine. - */ - public void init(CipherParameters param); - - /** - * given a public key from a given party calculate the next - * message in the agreement sequence. - */ - public BigInteger calculateAgreement(CipherParameters pubKey); -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/BlockCipher.java b/luni/src/main/java/org/bouncycastle/crypto/BlockCipher.java deleted file mode 100644 index 3cfa25a..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/BlockCipher.java +++ /dev/null @@ -1,56 +0,0 @@ -package org.bouncycastle.crypto; - - -/** - * Block cipher engines are expected to conform to this interface. - */ -public interface BlockCipher -{ - /** - * Initialise the cipher. - * - * @param forEncryption if true the cipher is initialised for - * encryption, if false for decryption. - * @param params the key and other data required by the cipher. - * @exception IllegalArgumentException if the params argument is - * inappropriate. - */ - public void init(boolean forEncryption, CipherParameters params) - throws IllegalArgumentException; - - /** - * Return the name of the algorithm the cipher implements. - * - * @return the name of the algorithm the cipher implements. - */ - public String getAlgorithmName(); - - /** - * Return the block size for this cipher (in bytes). - * - * @return the block size for this cipher in bytes. - */ - public int getBlockSize(); - - /** - * Process one block of input from the array in and write it to - * the out array. - * - * @param in the array containing the input data. - * @param inOff offset into the in array the data starts at. - * @param out the array the output data will be copied into. - * @param outOff the offset into the out array the output will start at. - * @exception DataLengthException if there isn't enough data in in, or - * space in out. - * @exception IllegalStateException if the cipher isn't initialised. - * @return the number of bytes processed and produced. - */ - public int processBlock(byte[] in, int inOff, byte[] out, int outOff) - throws DataLengthException, IllegalStateException; - - /** - * Reset the cipher. After resetting the cipher is in the same state - * as it was after the last init (if there was one). - */ - public void reset(); -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/BufferedAsymmetricBlockCipher.java b/luni/src/main/java/org/bouncycastle/crypto/BufferedAsymmetricBlockCipher.java deleted file mode 100644 index 205132e..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/BufferedAsymmetricBlockCipher.java +++ /dev/null @@ -1,167 +0,0 @@ -package org.bouncycastle.crypto; - -/** - * a buffer wrapper for an asymmetric block cipher, allowing input - * to be accumulated in a piecemeal fashion until final processing. - */ -public class BufferedAsymmetricBlockCipher -{ - protected byte[] buf; - protected int bufOff; - - private final AsymmetricBlockCipher cipher; - - /** - * base constructor. - * - * @param cipher the cipher this buffering object wraps. - */ - public BufferedAsymmetricBlockCipher( - AsymmetricBlockCipher cipher) - { - this.cipher = cipher; - } - - /** - * return the underlying cipher for the buffer. - * - * @return the underlying cipher for the buffer. - */ - public AsymmetricBlockCipher getUnderlyingCipher() - { - return cipher; - } - - /** - * return the amount of data sitting in the buffer. - * - * @return the amount of data sitting in the buffer. - */ - public int getBufferPosition() - { - return bufOff; - } - - /** - * initialise the buffer and the underlying cipher. - * - * @param forEncryption if true the cipher is initialised for - * encryption, if false for decryption. - * @param params the key and other data required by the cipher. - */ - public void init( - boolean forEncryption, - CipherParameters params) - { - reset(); - - cipher.init(forEncryption, params); - - buf = new byte[cipher.getInputBlockSize()]; - bufOff = 0; - } - - /** - * returns the largest size an input block can be. - * - * @return maximum size for an input block. - */ - public int getInputBlockSize() - { - return cipher.getInputBlockSize(); - } - - /** - * returns the maximum size of the block produced by this cipher. - * - * @return maximum size of the output block produced by the cipher. - */ - public int getOutputBlockSize() - { - return cipher.getOutputBlockSize(); - } - - /** - * add another byte for processing. - * - * @param in the input byte. - */ - public void processByte( - byte in) - { - if (bufOff > buf.length) - { - throw new DataLengthException("attempt to process message to long for cipher"); - } - - buf[bufOff++] = in; - } - - /** - * add len bytes to the buffer for processing. - * - * @param in the input data - * @param inOff offset into the in array where the data starts - * @param len the length of the block to be processed. - */ - public void processBytes( - byte[] in, - int inOff, - int len) - { - if (len == 0) - { - return; - } - - if (len < 0) - { - throw new IllegalArgumentException("Can't have a negative input length!"); - } - - if (bufOff + len > buf.length) - { - throw new DataLengthException("attempt to process message to long for cipher"); - } - - System.arraycopy(in, inOff, buf, bufOff, len); - bufOff += len; - } - - /** - * process the contents of the buffer using the underlying - * cipher. - * - * @return the result of the encryption/decryption process on the - * buffer. - * @exception InvalidCipherTextException if we are given a garbage block. - */ - public byte[] doFinal() - throws InvalidCipherTextException - { - byte[] out = cipher.processBlock(buf, 0, bufOff); - - reset(); - - return out; - } - - /** - * Reset the buffer and the underlying cipher. - */ - public void reset() - { - /* - * clean the buffer. - */ - if (buf != null) - { - for (int i = 0; i < buf.length; i++) - { - buf[0] = 0; - } - } - - bufOff = 0; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/BufferedBlockCipher.java b/luni/src/main/java/org/bouncycastle/crypto/BufferedBlockCipher.java deleted file mode 100644 index 53d776a..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/BufferedBlockCipher.java +++ /dev/null @@ -1,322 +0,0 @@ -package org.bouncycastle.crypto; - - -/** - * A wrapper class that allows block ciphers to be used to process data in - * a piecemeal fashion. The BufferedBlockCipher outputs a block only when the - * buffer is full and more data is being added, or on a doFinal. - * <p> - * Note: in the case where the underlying cipher is either a CFB cipher or an - * OFB one the last block may not be a multiple of the block size. - */ -public class BufferedBlockCipher -{ - protected byte[] buf; - protected int bufOff; - - protected boolean forEncryption; - protected BlockCipher cipher; - - protected boolean partialBlockOkay; - protected boolean pgpCFB; - - /** - * constructor for subclasses - */ - protected BufferedBlockCipher() - { - } - - /** - * Create a buffered block cipher without padding. - * - * @param cipher the underlying block cipher this buffering object wraps. - */ - public BufferedBlockCipher( - BlockCipher cipher) - { - this.cipher = cipher; - - buf = new byte[cipher.getBlockSize()]; - bufOff = 0; - - // - // check if we can handle partial blocks on doFinal. - // - String name = cipher.getAlgorithmName(); - int idx = name.indexOf('/') + 1; - - pgpCFB = (idx > 0 && name.startsWith("PGP", idx)); - - if (pgpCFB) - { - partialBlockOkay = true; - } - else - { - partialBlockOkay = (idx > 0 && (name.startsWith("CFB", idx) || name.startsWith("OFB", idx) || name.startsWith("OpenPGP", idx) || name.startsWith("SIC", idx) || name.startsWith("GCTR", idx))); - } - } - - /** - * return the cipher this object wraps. - * - * @return the cipher this object wraps. - */ - public BlockCipher getUnderlyingCipher() - { - return cipher; - } - - /** - * initialise the cipher. - * - * @param forEncryption if true the cipher is initialised for - * encryption, if false for decryption. - * @param params the key and other data required by the cipher. - * @exception IllegalArgumentException if the params argument is - * inappropriate. - */ - public void init( - boolean forEncryption, - CipherParameters params) - throws IllegalArgumentException - { - this.forEncryption = forEncryption; - - reset(); - - cipher.init(forEncryption, params); - } - - /** - * return the blocksize for the underlying cipher. - * - * @return the blocksize for the underlying cipher. - */ - public int getBlockSize() - { - return cipher.getBlockSize(); - } - - /** - * return the size of the output buffer required for an update - * an input of len bytes. - * - * @param len the length of the input. - * @return the space required to accommodate a call to update - * with len bytes of input. - */ - public int getUpdateOutputSize( - int len) - { - int total = len + bufOff; - int leftOver; - - if (pgpCFB) - { - leftOver = total % buf.length - (cipher.getBlockSize() + 2); - } - else - { - leftOver = total % buf.length; - } - - return total - leftOver; - } - - /** - * return the size of the output buffer required for an update plus a - * doFinal with an input of len bytes. - * - * @param len the length of the input. - * @return the space required to accommodate a call to update and doFinal - * with len bytes of input. - */ - public int getOutputSize( - int len) - { - int total = len + bufOff; - int leftOver; - - if (pgpCFB) - { - leftOver = total % buf.length - (cipher.getBlockSize() + 2); - } - else - { - leftOver = total % buf.length; - if (leftOver == 0) - { - return total; - } - } - - return total - leftOver + buf.length; - } - - /** - * process a single byte, producing an output block if neccessary. - * - * @param in the input byte. - * @param out the space for any output that might be produced. - * @param outOff the offset from which the output will be copied. - * @return the number of output bytes copied to out. - * @exception DataLengthException if there isn't enough space in out. - * @exception IllegalStateException if the cipher isn't initialised. - */ - public int processByte( - byte in, - byte[] out, - int outOff) - throws DataLengthException, IllegalStateException - { - int resultLen = 0; - - buf[bufOff++] = in; - - if (bufOff == buf.length) - { - resultLen = cipher.processBlock(buf, 0, out, outOff); - bufOff = 0; - } - - return resultLen; - } - - /** - * process an array of bytes, producing output if necessary. - * - * @param in the input byte array. - * @param inOff the offset at which the input data starts. - * @param len the number of bytes to be copied out of the input array. - * @param out the space for any output that might be produced. - * @param outOff the offset from which the output will be copied. - * @return the number of output bytes copied to out. - * @exception DataLengthException if there isn't enough space in out. - * @exception IllegalStateException if the cipher isn't initialised. - */ - public int processBytes( - byte[] in, - int inOff, - int len, - byte[] out, - int outOff) - throws DataLengthException, IllegalStateException - { - if (len < 0) - { - throw new IllegalArgumentException("Can't have a negative input length!"); - } - - int blockSize = getBlockSize(); - int length = getUpdateOutputSize(len); - - if (length > 0) - { - if ((outOff + length) > out.length) - { - throw new DataLengthException("output buffer too short"); - } - } - - int resultLen = 0; - int gapLen = buf.length - bufOff; - - if (len > gapLen) - { - System.arraycopy(in, inOff, buf, bufOff, gapLen); - - resultLen += cipher.processBlock(buf, 0, out, outOff); - - bufOff = 0; - len -= gapLen; - inOff += gapLen; - - while (len > buf.length) - { - resultLen += cipher.processBlock(in, inOff, out, outOff + resultLen); - - len -= blockSize; - inOff += blockSize; - } - } - - System.arraycopy(in, inOff, buf, bufOff, len); - - bufOff += len; - - if (bufOff == buf.length) - { - resultLen += cipher.processBlock(buf, 0, out, outOff + resultLen); - bufOff = 0; - } - - return resultLen; - } - - /** - * Process the last block in the buffer. - * - * @param out the array the block currently being held is copied into. - * @param outOff the offset at which the copying starts. - * @return the number of output bytes copied to out. - * @exception DataLengthException if there is insufficient space in out for - * the output, or the input is not block size aligned and should be. - * @exception IllegalStateException if the underlying cipher is not - * initialised. - * @exception InvalidCipherTextException if padding is expected and not found. - * @exception DataLengthException if the input is not block size - * aligned. - */ - public int doFinal( - byte[] out, - int outOff) - throws DataLengthException, IllegalStateException, InvalidCipherTextException - { - int resultLen = 0; - - if (outOff + bufOff > out.length) - { - throw new DataLengthException("output buffer too short for doFinal()"); - } - - if (bufOff != 0 && partialBlockOkay) - { - cipher.processBlock(buf, 0, buf, 0); - resultLen = bufOff; - bufOff = 0; - System.arraycopy(buf, 0, out, outOff, resultLen); - } - else if (bufOff != 0) - { - throw new DataLengthException("data not block size aligned"); - } - - reset(); - - return resultLen; - } - - /** - * Reset the buffer and cipher. After resetting the object is in the same - * state as it was after the last init (if there was one). - */ - public void reset() - { - // - // clean the buffer. - // - for (int i = 0; i < buf.length; i++) - { - buf[i] = 0; - } - - bufOff = 0; - - // - // reset the underlying cipher. - // - cipher.reset(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/CipherKeyGenerator.java b/luni/src/main/java/org/bouncycastle/crypto/CipherKeyGenerator.java deleted file mode 100644 index 451f8e8..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/CipherKeyGenerator.java +++ /dev/null @@ -1,38 +0,0 @@ -package org.bouncycastle.crypto; - -import java.security.SecureRandom; - -/** - * The base class for symmetric, or secret, cipher key generators. - */ -public class CipherKeyGenerator -{ - protected SecureRandom random; - protected int strength; - - /** - * initialise the key generator. - * - * @param param the parameters to be used for key generation - */ - public void init( - KeyGenerationParameters param) - { - this.random = param.getRandom(); - this.strength = (param.getStrength() + 7) / 8; - } - - /** - * generate a secret key. - * - * @return a byte array containing the key value. - */ - public byte[] generateKey() - { - byte[] key = new byte[strength]; - - random.nextBytes(key); - - return key; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/CipherParameters.java b/luni/src/main/java/org/bouncycastle/crypto/CipherParameters.java deleted file mode 100644 index 5be8730..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/CipherParameters.java +++ /dev/null @@ -1,8 +0,0 @@ -package org.bouncycastle.crypto; - -/** - * all parameter classes implement this. - */ -public interface CipherParameters -{ -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/CryptoException.java b/luni/src/main/java/org/bouncycastle/crypto/CryptoException.java deleted file mode 100644 index dc4a8df..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/CryptoException.java +++ /dev/null @@ -1,26 +0,0 @@ -package org.bouncycastle.crypto; - -/** - * the foundation class for the hard exceptions thrown by the crypto packages. - */ -public class CryptoException - extends Exception -{ - /** - * base constructor. - */ - public CryptoException() - { - } - - /** - * create a CryptoException with the given message. - * - * @param message the message to be carried with the exception. - */ - public CryptoException( - String message) - { - super(message); - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/DSA.java b/luni/src/main/java/org/bouncycastle/crypto/DSA.java deleted file mode 100644 index 1f58476..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/DSA.java +++ /dev/null @@ -1,36 +0,0 @@ -package org.bouncycastle.crypto; - -import java.math.BigInteger; - -/** - * interface for classes implementing algorithms modeled similar to the Digital Signature Alorithm. - */ -public interface DSA -{ - /** - * initialise the signer for signature generation or signature - * verification. - * - * @param forSigning true if we are generating a signature, false - * otherwise. - * @param param key parameters for signature generation. - */ - public void init(boolean forSigning, CipherParameters param); - - /** - * sign the passed in message (usually the output of a hash function). - * - * @param message the message to be signed. - * @return two big integers representing the r and s values respectively. - */ - public BigInteger[] generateSignature(byte[] message); - - /** - * verify the message message against the signature values r and s. - * - * @param message the message that was supposed to have been signed. - * @param r the r signature value. - * @param s the s signature value. - */ - public boolean verifySignature(byte[] message, BigInteger r, BigInteger s); -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/DataLengthException.java b/luni/src/main/java/org/bouncycastle/crypto/DataLengthException.java deleted file mode 100644 index fbf047c..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/DataLengthException.java +++ /dev/null @@ -1,29 +0,0 @@ -package org.bouncycastle.crypto; - -/** - * this exception is thrown if a buffer that is meant to have output - * copied into it turns out to be too short, or if we've been given - * insufficient input. In general this exception will get thrown rather - * than an ArrayOutOfBounds exception. - */ -public class DataLengthException - extends RuntimeCryptoException -{ - /** - * base constructor. - */ - public DataLengthException() - { - } - - /** - * create a DataLengthException with the given message. - * - * @param message the message to be carried with the exception. - */ - public DataLengthException( - String message) - { - super(message); - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/DerivationFunction.java b/luni/src/main/java/org/bouncycastle/crypto/DerivationFunction.java deleted file mode 100644 index ef6e29e..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/DerivationFunction.java +++ /dev/null @@ -1,17 +0,0 @@ -package org.bouncycastle.crypto; - -/** - * base interface for general purpose byte derivation functions. - */ -public interface DerivationFunction -{ - public void init(DerivationParameters param); - - /** - * return the message digest used as the basis for the function - */ - public Digest getDigest(); - - public int generateBytes(byte[] out, int outOff, int len) - throws DataLengthException, IllegalArgumentException; -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/DerivationParameters.java b/luni/src/main/java/org/bouncycastle/crypto/DerivationParameters.java deleted file mode 100644 index e11eb86..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/DerivationParameters.java +++ /dev/null @@ -1,8 +0,0 @@ -package org.bouncycastle.crypto; - -/** - * Parameters for key/byte stream derivation classes - */ -public interface DerivationParameters -{ -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/Digest.java b/luni/src/main/java/org/bouncycastle/crypto/Digest.java deleted file mode 100644 index f44fad0..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/Digest.java +++ /dev/null @@ -1,51 +0,0 @@ -package org.bouncycastle.crypto; - -/** - * interface that a message digest conforms to. - */ -public interface Digest -{ - /** - * return the algorithm name - * - * @return the algorithm name - */ - public String getAlgorithmName(); - - /** - * return the size, in bytes, of the digest produced by this message digest. - * - * @return the size, in bytes, of the digest produced by this message digest. - */ - public int getDigestSize(); - - /** - * update the message digest with a single byte. - * - * @param in the input byte to be entered. - */ - public void update(byte in); - - /** - * update the message digest with a block of bytes. - * - * @param in the byte array containing the data. - * @param inOff the offset into the byte array where the data starts. - * @param len the length of the data. - */ - public void update(byte[] in, int inOff, int len); - - /** - * close the digest, producing the final digest value. The doFinal - * call leaves the digest reset. - * - * @param out the array the digest is to be copied into. - * @param outOff the offset into the out array the digest is to start at. - */ - public int doFinal(byte[] out, int outOff); - - /** - * reset the digest back to it's initial state. - */ - public void reset(); -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/ExtendedDigest.java b/luni/src/main/java/org/bouncycastle/crypto/ExtendedDigest.java deleted file mode 100644 index c5e9e8b..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/ExtendedDigest.java +++ /dev/null @@ -1,13 +0,0 @@ -package org.bouncycastle.crypto; - -public interface ExtendedDigest - extends Digest -{ - /** - * Return the size in bytes of the internal buffer the digest applies it's compression - * function to. - * - * @return byte length of the digests internal buffer. - */ - public int getByteLength(); -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/InvalidCipherTextException.java b/luni/src/main/java/org/bouncycastle/crypto/InvalidCipherTextException.java deleted file mode 100644 index 59e4b26..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/InvalidCipherTextException.java +++ /dev/null @@ -1,27 +0,0 @@ -package org.bouncycastle.crypto; - -/** - * this exception is thrown whenever we find something we don't expect in a - * message. - */ -public class InvalidCipherTextException - extends CryptoException -{ - /** - * base constructor. - */ - public InvalidCipherTextException() - { - } - - /** - * create a InvalidCipherTextException with the given message. - * - * @param message the message to be carried with the exception. - */ - public InvalidCipherTextException( - String message) - { - super(message); - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/KeyGenerationParameters.java b/luni/src/main/java/org/bouncycastle/crypto/KeyGenerationParameters.java deleted file mode 100644 index 9a63522..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/KeyGenerationParameters.java +++ /dev/null @@ -1,48 +0,0 @@ -package org.bouncycastle.crypto; - -import java.security.SecureRandom; - -/** - * The base class for parameters to key generators. - */ -public class KeyGenerationParameters -{ - private SecureRandom random; - private int strength; - - /** - * initialise the generator with a source of randomness - * and a strength (in bits). - * - * @param random the random byte source. - * @param strength the size, in bits, of the keys we want to produce. - */ - public KeyGenerationParameters( - SecureRandom random, - int strength) - { - this.random = random; - this.strength = strength; - } - - /** - * return the random source associated with this - * generator. - * - * @return the generators random source. - */ - public SecureRandom getRandom() - { - return random; - } - - /** - * return the bit strength for keys produced by this generator, - * - * @return the strength of the keys this generator produces (in bits). - */ - public int getStrength() - { - return strength; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/Mac.java b/luni/src/main/java/org/bouncycastle/crypto/Mac.java deleted file mode 100644 index 8c122c8..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/Mac.java +++ /dev/null @@ -1,71 +0,0 @@ -package org.bouncycastle.crypto; - - -/** - * The base interface for implementations of message authentication codes (MACs). - */ -public interface Mac -{ - /** - * Initialise the MAC. - * - * @param params the key and other data required by the MAC. - * @exception IllegalArgumentException if the params argument is - * inappropriate. - */ - public void init(CipherParameters params) - throws IllegalArgumentException; - - /** - * Return the name of the algorithm the MAC implements. - * - * @return the name of the algorithm the MAC implements. - */ - public String getAlgorithmName(); - - /** - * Return the block size for this MAC (in bytes). - * - * @return the block size for this MAC in bytes. - */ - public int getMacSize(); - - /** - * add a single byte to the mac for processing. - * - * @param in the byte to be processed. - * @exception IllegalStateException if the MAC is not initialised. - */ - public void update(byte in) - throws IllegalStateException; - - /** - * @param in the array containing the input. - * @param inOff the index in the array the data begins at. - * @param len the length of the input starting at inOff. - * @exception IllegalStateException if the MAC is not initialised. - * @exception DataLengthException if there isn't enough data in in. - */ - public void update(byte[] in, int inOff, int len) - throws DataLengthException, IllegalStateException; - - /** - * Compute the final statge of the MAC writing the output to the out - * parameter. - * <p> - * doFinal leaves the MAC in the same state it was after the last init. - * - * @param out the array the MAC is to be output to. - * @param outOff the offset into the out buffer the output is to start at. - * @exception DataLengthException if there isn't enough space in out. - * @exception IllegalStateException if the MAC is not initialised. - */ - public int doFinal(byte[] out, int outOff) - throws DataLengthException, IllegalStateException; - - /** - * Reset the MAC. At the end of resetting the MAC should be in the - * in the same state it was after the last init (if there was one). - */ - public void reset(); -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/PBEParametersGenerator.java b/luni/src/main/java/org/bouncycastle/crypto/PBEParametersGenerator.java deleted file mode 100644 index aaa6015..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/PBEParametersGenerator.java +++ /dev/null @@ -1,144 +0,0 @@ -package org.bouncycastle.crypto; - -/** - * super class for all Password Based Encryption (PBE) parameter generator classes. - */ -public abstract class PBEParametersGenerator -{ - protected byte[] password; - protected byte[] salt; - protected int iterationCount; - - /** - * base constructor. - */ - protected PBEParametersGenerator() - { - } - - /** - * initialise the PBE generator. - * - * @param password the password converted into bytes (see below). - * @param salt the salt to be mixed with the password. - * @param iterationCount the number of iterations the "mixing" function - * is to be applied for. - */ - public void init( - byte[] password, - byte[] salt, - int iterationCount) - { - this.password = password; - this.salt = salt; - this.iterationCount = iterationCount; - } - - /** - * return the password byte array. - * - * @return the password byte array. - */ - public byte[] getPassword() - { - return password; - } - - /** - * return the salt byte array. - * - * @return the salt byte array. - */ - public byte[] getSalt() - { - return salt; - } - - /** - * return the iteration count. - * - * @return the iteration count. - */ - public int getIterationCount() - { - return iterationCount; - } - - /** - * generate derived parameters for a key of length keySize. - * - * @param keySize the length, in bits, of the key required. - * @return a parameters object representing a key. - */ - public abstract CipherParameters generateDerivedParameters(int keySize); - - /** - * generate derived parameters for a key of length keySize, and - * an initialisation vector (IV) of length ivSize. - * - * @param keySize the length, in bits, of the key required. - * @param ivSize the length, in bits, of the iv required. - * @return a parameters object representing a key and an IV. - */ - public abstract CipherParameters generateDerivedParameters(int keySize, int ivSize); - - /** - * generate derived parameters for a key of length keySize, specifically - * for use with a MAC. - * - * @param keySize the length, in bits, of the key required. - * @return a parameters object representing a key. - */ - public abstract CipherParameters generateDerivedMacParameters(int keySize); - - /** - * converts a password to a byte array according to the scheme in - * PKCS5 (ascii, no padding) - * - * @param password a character array reqpresenting the password. - * @return a byte array representing the password. - */ - public static byte[] PKCS5PasswordToBytes( - char[] password) - { - byte[] bytes = new byte[password.length]; - - for (int i = 0; i != bytes.length; i++) - { - bytes[i] = (byte)password[i]; - } - - return bytes; - } - - /** - * converts a password to a byte array according to the scheme in - * PKCS12 (unicode, big endian, 2 zero pad bytes at the end). - * - * @param password a character array reqpresenting the password. - * @return a byte array representing the password. - */ - public static byte[] PKCS12PasswordToBytes( - char[] password) - { - // BEGIN android-changed - if (password != null && password.length > 0) - { - // +1 for extra 2 pad bytes. - byte[] bytes = new byte[(password.length + 1) * 2]; - - for (int i = 0; i != password.length; i ++) - { - bytes[i * 2] = (byte)(password[i] >>> 8); - bytes[i * 2 + 1] = (byte)password[i]; - } - - return bytes; - } - else - { - return new byte[0]; - } - // END android-changed - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/RuntimeCryptoException.java b/luni/src/main/java/org/bouncycastle/crypto/RuntimeCryptoException.java deleted file mode 100644 index c157202..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/RuntimeCryptoException.java +++ /dev/null @@ -1,26 +0,0 @@ -package org.bouncycastle.crypto; - -/** - * the foundation class for the exceptions thrown by the crypto packages. - */ -public class RuntimeCryptoException - extends RuntimeException -{ - /** - * base constructor. - */ - public RuntimeCryptoException() - { - } - - /** - * create a RuntimeCryptoException with the given message. - * - * @param message the message to be carried with the exception. - */ - public RuntimeCryptoException( - String message) - { - super(message); - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/Signer.java b/luni/src/main/java/org/bouncycastle/crypto/Signer.java deleted file mode 100644 index 357b0da..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/Signer.java +++ /dev/null @@ -1,43 +0,0 @@ -package org.bouncycastle.crypto; - -/** - * Generic signer interface for hash based and message recovery signers. - */ -public interface Signer -{ - /** - * Initialise the signer for signing or verification. - * - * @param forSigning true if for signing, false otherwise - * @param param necessary parameters. - */ - public void init(boolean forSigning, CipherParameters param); - - /** - * update the internal digest with the byte b - */ - public void update(byte b); - - /** - * update the internal digest with the byte array in - */ - public void update(byte[] in, int off, int len); - - /** - * generate a signature for the message we've been loaded with using - * the key we were initialised with. - */ - public byte[] generateSignature() - throws CryptoException, DataLengthException; - - /** - * return true if the internal state represents the signature described - * in the passed in array. - */ - public boolean verifySignature(byte[] signature); - - /** - * reset the internal state - */ - public void reset(); -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/SignerWithRecovery.java b/luni/src/main/java/org/bouncycastle/crypto/SignerWithRecovery.java deleted file mode 100644 index 5a1e204..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/SignerWithRecovery.java +++ /dev/null @@ -1,23 +0,0 @@ -package org.bouncycastle.crypto; - -/** - * Signer with message recovery. - */ -public interface SignerWithRecovery - extends Signer -{ - /** - * Returns true if the signer has recovered the full message as - * part of signature verification. - * - * @return true if full message recovered. - */ - public boolean hasFullMessage(); - - /** - * Returns a reference to what message was recovered (if any). - * - * @return full/partial message, null if nothing. - */ - public byte[] getRecoveredMessage(); -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/StreamBlockCipher.java b/luni/src/main/java/org/bouncycastle/crypto/StreamBlockCipher.java deleted file mode 100644 index 8fdd232..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/StreamBlockCipher.java +++ /dev/null @@ -1,108 +0,0 @@ -package org.bouncycastle.crypto; - -/** - * a wrapper for block ciphers with a single byte block size, so that they - * can be treated like stream ciphers. - */ -public class StreamBlockCipher - implements StreamCipher -{ - private BlockCipher cipher; - - private byte[] oneByte = new byte[1]; - - /** - * basic constructor. - * - * @param cipher the block cipher to be wrapped. - * @exception IllegalArgumentException if the cipher has a block size other than - * one. - */ - public StreamBlockCipher( - BlockCipher cipher) - { - if (cipher.getBlockSize() != 1) - { - throw new IllegalArgumentException("block cipher block size != 1."); - } - - this.cipher = cipher; - } - - /** - * initialise the underlying cipher. - * - * @param forEncryption true if we are setting up for encryption, false otherwise. - * @param params the necessary parameters for the underlying cipher to be initialised. - */ - public void init( - boolean forEncryption, - CipherParameters params) - { - cipher.init(forEncryption, params); - } - - /** - * return the name of the algorithm we are wrapping. - * - * @return the name of the algorithm we are wrapping. - */ - public String getAlgorithmName() - { - return cipher.getAlgorithmName(); - } - - /** - * encrypt/decrypt a single byte returning the result. - * - * @param in the byte to be processed. - * @return the result of processing the input byte. - */ - public byte returnByte( - byte in) - { - oneByte[0] = in; - - cipher.processBlock(oneByte, 0, oneByte, 0); - - return oneByte[0]; - } - - /** - * process a block of bytes from in putting the result into out. - * - * @param in the input byte array. - * @param inOff the offset into the in array where the data to be processed starts. - * @param len the number of bytes to be processed. - * @param out the output buffer the processed bytes go into. - * @param outOff the offset into the output byte array the processed data stars at. - * @exception DataLengthException if the output buffer is too small. - */ - public void processBytes( - byte[] in, - int inOff, - int len, - byte[] out, - int outOff) - throws DataLengthException - { - if (outOff + len > out.length) - { - throw new DataLengthException("output buffer too small in processBytes()"); - } - - for (int i = 0; i != len; i++) - { - cipher.processBlock(in, inOff + i, out, outOff + i); - } - } - - /** - * reset the underlying cipher. This leaves it in the same state - * it was at after the last init (if there was one). - */ - public void reset() - { - cipher.reset(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/StreamCipher.java b/luni/src/main/java/org/bouncycastle/crypto/StreamCipher.java deleted file mode 100644 index afa6296..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/StreamCipher.java +++ /dev/null @@ -1,53 +0,0 @@ -package org.bouncycastle.crypto; - -/** - * the interface stream ciphers conform to. - */ -public interface StreamCipher -{ - /** - * Initialise the cipher. - * - * @param forEncryption if true the cipher is initialised for - * encryption, if false for decryption. - * @param params the key and other data required by the cipher. - * @exception IllegalArgumentException if the params argument is - * inappropriate. - */ - public void init(boolean forEncryption, CipherParameters params) - throws IllegalArgumentException; - - /** - * Return the name of the algorithm the cipher implements. - * - * @return the name of the algorithm the cipher implements. - */ - public String getAlgorithmName(); - - /** - * encrypt/decrypt a single byte returning the result. - * - * @param in the byte to be processed. - * @return the result of processing the input byte. - */ - public byte returnByte(byte in); - - /** - * process a block of bytes from in putting the result into out. - * - * @param in the input byte array. - * @param inOff the offset into the in array where the data to be processed starts. - * @param len the number of bytes to be processed. - * @param out the output buffer the processed bytes go into. - * @param outOff the offset into the output byte array the processed data stars at. - * @exception DataLengthException if the output buffer is too small. - */ - public void processBytes(byte[] in, int inOff, int len, byte[] out, int outOff) - throws DataLengthException; - - /** - * reset the cipher. This leaves it in the same state - * it was at after the last init (if there was one). - */ - public void reset(); -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/Wrapper.java b/luni/src/main/java/org/bouncycastle/crypto/Wrapper.java deleted file mode 100644 index 3956a6f..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/Wrapper.java +++ /dev/null @@ -1,18 +0,0 @@ -package org.bouncycastle.crypto; - -public interface Wrapper -{ - public void init(boolean forWrapping, CipherParameters param); - - /** - * Return the name of the algorithm the wrapper implements. - * - * @return the name of the algorithm the wrapper implements. - */ - public String getAlgorithmName(); - - public byte[] wrap(byte[] in, int inOff, int inLen); - - public byte[] unwrap(byte[] in, int inOff, int inLen) - throws InvalidCipherTextException; -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/agreement/DHAgreement.java b/luni/src/main/java/org/bouncycastle/crypto/agreement/DHAgreement.java deleted file mode 100644 index 2b27feb..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/agreement/DHAgreement.java +++ /dev/null @@ -1,86 +0,0 @@ -package org.bouncycastle.crypto.agreement; - -import java.math.BigInteger; -import java.security.SecureRandom; - -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.params.DHParameters; -import org.bouncycastle.crypto.params.DHPublicKeyParameters; -import org.bouncycastle.crypto.params.DHPrivateKeyParameters; -import org.bouncycastle.crypto.params.AsymmetricKeyParameter; -import org.bouncycastle.crypto.params.ParametersWithRandom; - -/** - * a Diffie-Hellman key exchange engine. - * <p> - * note: This uses MTI/A0 key agreement in order to make the key agreement - * secure against passive attacks. If you're doing Diffie-Hellman and both - * parties have long term public keys you should look at using this. For - * further information have a look at RFC 2631. - * <p> - * It's possible to extend this to more than two parties as well, for the moment - * that is left as an exercise for the reader. - */ -public class DHAgreement -{ - private DHPrivateKeyParameters key; - private DHParameters dhParams; - private BigInteger privateValue; - private SecureRandom random; - - public void init( - CipherParameters param) - { - AsymmetricKeyParameter kParam; - - if (param instanceof ParametersWithRandom) - { - ParametersWithRandom rParam = (ParametersWithRandom)param; - - this.random = rParam.getRandom(); - kParam = (AsymmetricKeyParameter)rParam.getParameters(); - } - else - { - this.random = new SecureRandom(); - kParam = (AsymmetricKeyParameter)param; - } - - - if (!(kParam instanceof DHPrivateKeyParameters)) - { - throw new IllegalArgumentException("DHEngine expects DHPrivateKeyParameters"); - } - - this.key = (DHPrivateKeyParameters)kParam; - this.dhParams = key.getParameters(); - } - - /** - * calculate our initial message. - */ - public BigInteger calculateMessage() - { - this.privateValue = new BigInteger( - dhParams.getP().bitLength() - 1, 0, random); - - return dhParams.getG().modPow(privateValue, dhParams.getP()); - } - - /** - * given a message from a given party and the coresponding public key - * calculate the next message in the agreement sequence. In this case - * this will represent the shared secret. - */ - public BigInteger calculateAgreement( - DHPublicKeyParameters pub, - BigInteger message) - { - if (!pub.getParameters().equals(dhParams)) - { - throw new IllegalArgumentException("Diffie-Hellman public key has wrong parameters."); - } - - return message.modPow(key.getX(), dhParams.getP()).multiply(pub.getY().modPow(privateValue, dhParams.getP())).mod(dhParams.getP()); - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/agreement/DHBasicAgreement.java b/luni/src/main/java/org/bouncycastle/crypto/agreement/DHBasicAgreement.java deleted file mode 100644 index 1a39de3..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/agreement/DHBasicAgreement.java +++ /dev/null @@ -1,72 +0,0 @@ -package org.bouncycastle.crypto.agreement; - -import java.math.BigInteger; -import java.security.SecureRandom; - -import org.bouncycastle.crypto.BasicAgreement; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.params.DHParameters; -import org.bouncycastle.crypto.params.DHPublicKeyParameters; -import org.bouncycastle.crypto.params.DHPrivateKeyParameters; -import org.bouncycastle.crypto.params.AsymmetricKeyParameter; -import org.bouncycastle.crypto.params.ParametersWithRandom; - -/** - * a Diffie-Hellman key agreement class. - * <p> - * note: This is only the basic algorithm, it doesn't take advantage of - * long term public keys if they are available. See the DHAgreement class - * for a "better" implementation. - */ -public class DHBasicAgreement - implements BasicAgreement -{ - private DHPrivateKeyParameters key; - private DHParameters dhParams; - private SecureRandom random; - - public void init( - CipherParameters param) - { - AsymmetricKeyParameter kParam; - - if (param instanceof ParametersWithRandom) - { - ParametersWithRandom rParam = (ParametersWithRandom)param; - - this.random = rParam.getRandom(); - kParam = (AsymmetricKeyParameter)rParam.getParameters(); - } - else - { - this.random = new SecureRandom(); - kParam = (AsymmetricKeyParameter)param; - } - - - if (!(kParam instanceof DHPrivateKeyParameters)) - { - throw new IllegalArgumentException("DHEngine expects DHPrivateKeyParameters"); - } - - this.key = (DHPrivateKeyParameters)kParam; - this.dhParams = key.getParameters(); - } - - /** - * given a short term public key from a given party calculate the next - * message in the agreement sequence. - */ - public BigInteger calculateAgreement( - CipherParameters pubKey) - { - DHPublicKeyParameters pub = (DHPublicKeyParameters)pubKey; - - if (!pub.getParameters().equals(dhParams)) - { - throw new IllegalArgumentException("Diffie-Hellman public key has wrong parameters."); - } - - return pub.getY().modPow(key.getX(), dhParams.getP()); - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/digests/GeneralDigest.java b/luni/src/main/java/org/bouncycastle/crypto/digests/GeneralDigest.java deleted file mode 100644 index f2c9967..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/digests/GeneralDigest.java +++ /dev/null @@ -1,135 +0,0 @@ -package org.bouncycastle.crypto.digests; - -import org.bouncycastle.crypto.ExtendedDigest; - -/** - * base implementation of MD4 family style digest as outlined in - * "Handbook of Applied Cryptography", pages 344 - 347. - */ -public abstract class GeneralDigest - implements ExtendedDigest -{ - private static final int BYTE_LENGTH = 64; - private byte[] xBuf; - private int xBufOff; - - private long byteCount; - - /** - * Standard constructor - */ - protected GeneralDigest() - { - xBuf = new byte[4]; - xBufOff = 0; - } - - /** - * Copy constructor. We are using copy constructors in place - * of the Object.clone() interface as this interface is not - * supported by J2ME. - */ - protected GeneralDigest(GeneralDigest t) - { - xBuf = new byte[t.xBuf.length]; - System.arraycopy(t.xBuf, 0, xBuf, 0, t.xBuf.length); - - xBufOff = t.xBufOff; - byteCount = t.byteCount; - } - - public void update( - byte in) - { - xBuf[xBufOff++] = in; - - if (xBufOff == xBuf.length) - { - processWord(xBuf, 0); - xBufOff = 0; - } - - byteCount++; - } - - public void update( - byte[] in, - int inOff, - int len) - { - // - // fill the current word - // - while ((xBufOff != 0) && (len > 0)) - { - update(in[inOff]); - - inOff++; - len--; - } - - // - // process whole words. - // - while (len > xBuf.length) - { - processWord(in, inOff); - - inOff += xBuf.length; - len -= xBuf.length; - byteCount += xBuf.length; - } - - // - // load in the remainder. - // - while (len > 0) - { - update(in[inOff]); - - inOff++; - len--; - } - } - - public void finish() - { - long bitLength = (byteCount << 3); - - // - // add the pad bytes. - // - update((byte)128); - - while (xBufOff != 0) - { - update((byte)0); - } - - processLength(bitLength); - - processBlock(); - } - - public void reset() - { - byteCount = 0; - - xBufOff = 0; - for (int i = 0; i < xBuf.length; i++) - { - xBuf[i] = 0; - } - } - - public int getByteLength() - { - return BYTE_LENGTH; - } - - protected abstract void processWord(byte[] in, int inOff); - - protected abstract void processLength(long bitLength); - - protected abstract void processBlock(); -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/digests/LongDigest.java b/luni/src/main/java/org/bouncycastle/crypto/digests/LongDigest.java deleted file mode 100644 index 23af605..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/digests/LongDigest.java +++ /dev/null @@ -1,375 +0,0 @@ -package org.bouncycastle.crypto.digests; - -import org.bouncycastle.crypto.ExtendedDigest; - -/** - * Base class for SHA-384 and SHA-512. - */ -public abstract class LongDigest - implements ExtendedDigest -{ - private static final int BYTE_LENGTH = 128; - - private byte[] xBuf; - private int xBufOff; - - private long byteCount1; - private long byteCount2; - - protected long H1, H2, H3, H4, H5, H6, H7, H8; - - private long[] W = new long[80]; - private int wOff; - - /** - * Constructor for variable length word - */ - protected LongDigest() - { - xBuf = new byte[8]; - xBufOff = 0; - - reset(); - } - - /** - * Copy constructor. We are using copy constructors in place - * of the Object.clone() interface as this interface is not - * supported by J2ME. - */ - protected LongDigest(LongDigest t) - { - xBuf = new byte[t.xBuf.length]; - System.arraycopy(t.xBuf, 0, xBuf, 0, t.xBuf.length); - - xBufOff = t.xBufOff; - byteCount1 = t.byteCount1; - byteCount2 = t.byteCount2; - - H1 = t.H1; - H2 = t.H2; - H3 = t.H3; - H4 = t.H4; - H5 = t.H5; - H6 = t.H6; - H7 = t.H7; - H8 = t.H8; - - System.arraycopy(t.W, 0, W, 0, t.W.length); - wOff = t.wOff; - } - - public void update( - byte in) - { - xBuf[xBufOff++] = in; - - if (xBufOff == xBuf.length) - { - processWord(xBuf, 0); - xBufOff = 0; - } - - byteCount1++; - } - - public void update( - byte[] in, - int inOff, - int len) - { - // - // fill the current word - // - while ((xBufOff != 0) && (len > 0)) - { - update(in[inOff]); - - inOff++; - len--; - } - - // - // process whole words. - // - while (len > xBuf.length) - { - processWord(in, inOff); - - inOff += xBuf.length; - len -= xBuf.length; - byteCount1 += xBuf.length; - } - - // - // load in the remainder. - // - while (len > 0) - { - update(in[inOff]); - - inOff++; - len--; - } - } - - public void finish() - { - adjustByteCounts(); - - long lowBitLength = byteCount1 << 3; - long hiBitLength = byteCount2; - - // - // add the pad bytes. - // - update((byte)128); - - while (xBufOff != 0) - { - update((byte)0); - } - - processLength(lowBitLength, hiBitLength); - - processBlock(); - } - - public void reset() - { - byteCount1 = 0; - byteCount2 = 0; - - xBufOff = 0; - for (int i = 0; i < xBuf.length; i++) - { - xBuf[i] = 0; - } - - wOff = 0; - for (int i = 0; i != W.length; i++) - { - W[i] = 0; - } - } - - public int getByteLength() - { - return BYTE_LENGTH; - } - - protected void processWord( - byte[] in, - int inOff) - { - W[wOff++] = ((long)(in[inOff] & 0xff) << 56) - | ((long)(in[inOff + 1] & 0xff) << 48) - | ((long)(in[inOff + 2] & 0xff) << 40) - | ((long)(in[inOff + 3] & 0xff) << 32) - | ((long)(in[inOff + 4] & 0xff) << 24) - | ((long)(in[inOff + 5] & 0xff) << 16) - | ((long)(in[inOff + 6] & 0xff) << 8) - | ((in[inOff + 7] & 0xff)); - - if (wOff == 16) - { - processBlock(); - } - } - - protected void unpackWord( - long word, - byte[] out, - int outOff) - { - out[outOff] = (byte)(word >>> 56); - out[outOff + 1] = (byte)(word >>> 48); - out[outOff + 2] = (byte)(word >>> 40); - out[outOff + 3] = (byte)(word >>> 32); - out[outOff + 4] = (byte)(word >>> 24); - out[outOff + 5] = (byte)(word >>> 16); - out[outOff + 6] = (byte)(word >>> 8); - out[outOff + 7] = (byte)word; - } - - /** - * adjust the byte counts so that byteCount2 represents the - * upper long (less 3 bits) word of the byte count. - */ - private void adjustByteCounts() - { - if (byteCount1 > 0x1fffffffffffffffL) - { - byteCount2 += (byteCount1 >>> 61); - byteCount1 &= 0x1fffffffffffffffL; - } - } - - protected void processLength( - long lowW, - long hiW) - { - if (wOff > 14) - { - processBlock(); - } - - W[14] = hiW; - W[15] = lowW; - } - - protected void processBlock() - { - adjustByteCounts(); - - // - // expand 16 word block into 80 word blocks. - // - for (int t = 16; t <= 79; t++) - { - W[t] = Sigma1(W[t - 2]) + W[t - 7] + Sigma0(W[t - 15]) + W[t - 16]; - } - - // - // set up working variables. - // - long a = H1; - long b = H2; - long c = H3; - long d = H4; - long e = H5; - long f = H6; - long g = H7; - long h = H8; - - int t = 0; - for(int i = 0; i < 10; i ++) - { - // t = 8 * i - h += Sum1(e) + Ch(e, f, g) + K[t] + W[t++]; - d += h; - h += Sum0(a) + Maj(a, b, c); - - // t = 8 * i + 1 - g += Sum1(d) + Ch(d, e, f) + K[t] + W[t++]; - c += g; - g += Sum0(h) + Maj(h, a, b); - - // t = 8 * i + 2 - f += Sum1(c) + Ch(c, d, e) + K[t] + W[t++]; - b += f; - f += Sum0(g) + Maj(g, h, a); - - // t = 8 * i + 3 - e += Sum1(b) + Ch(b, c, d) + K[t] + W[t++]; - a += e; - e += Sum0(f) + Maj(f, g, h); - - // t = 8 * i + 4 - d += Sum1(a) + Ch(a, b, c) + K[t] + W[t++]; - h += d; - d += Sum0(e) + Maj(e, f, g); - - // t = 8 * i + 5 - c += Sum1(h) + Ch(h, a, b) + K[t] + W[t++]; - g += c; - c += Sum0(d) + Maj(d, e, f); - - // t = 8 * i + 6 - b += Sum1(g) + Ch(g, h, a) + K[t] + W[t++]; - f += b; - b += Sum0(c) + Maj(c, d, e); - - // t = 8 * i + 7 - a += Sum1(f) + Ch(f, g, h) + K[t] + W[t++]; - e += a; - a += Sum0(b) + Maj(b, c, d); - } - - H1 += a; - H2 += b; - H3 += c; - H4 += d; - H5 += e; - H6 += f; - H7 += g; - H8 += h; - - // - // reset the offset and clean out the word buffer. - // - wOff = 0; - for (int i = 0; i < 16; i++) - { - W[i] = 0; - } - } - - /* SHA-384 and SHA-512 functions (as for SHA-256 but for longs) */ - private long Ch( - long x, - long y, - long z) - { - return ((x & y) ^ ((~x) & z)); - } - - private long Maj( - long x, - long y, - long z) - { - return ((x & y) ^ (x & z) ^ (y & z)); - } - - private long Sum0( - long x) - { - return ((x << 36)|(x >>> 28)) ^ ((x << 30)|(x >>> 34)) ^ ((x << 25)|(x >>> 39)); - } - - private long Sum1( - long x) - { - return ((x << 50)|(x >>> 14)) ^ ((x << 46)|(x >>> 18)) ^ ((x << 23)|(x >>> 41)); - } - - private long Sigma0( - long x) - { - return ((x << 63)|(x >>> 1)) ^ ((x << 56)|(x >>> 8)) ^ (x >>> 7); - } - - private long Sigma1( - long x) - { - return ((x << 45)|(x >>> 19)) ^ ((x << 3)|(x >>> 61)) ^ (x >>> 6); - } - - /* SHA-384 and SHA-512 Constants - * (represent the first 64 bits of the fractional parts of the - * cube roots of the first sixty-four prime numbers) - */ - static final long K[] = { -0x428a2f98d728ae22L, 0x7137449123ef65cdL, 0xb5c0fbcfec4d3b2fL, 0xe9b5dba58189dbbcL, -0x3956c25bf348b538L, 0x59f111f1b605d019L, 0x923f82a4af194f9bL, 0xab1c5ed5da6d8118L, -0xd807aa98a3030242L, 0x12835b0145706fbeL, 0x243185be4ee4b28cL, 0x550c7dc3d5ffb4e2L, -0x72be5d74f27b896fL, 0x80deb1fe3b1696b1L, 0x9bdc06a725c71235L, 0xc19bf174cf692694L, -0xe49b69c19ef14ad2L, 0xefbe4786384f25e3L, 0x0fc19dc68b8cd5b5L, 0x240ca1cc77ac9c65L, -0x2de92c6f592b0275L, 0x4a7484aa6ea6e483L, 0x5cb0a9dcbd41fbd4L, 0x76f988da831153b5L, -0x983e5152ee66dfabL, 0xa831c66d2db43210L, 0xb00327c898fb213fL, 0xbf597fc7beef0ee4L, -0xc6e00bf33da88fc2L, 0xd5a79147930aa725L, 0x06ca6351e003826fL, 0x142929670a0e6e70L, -0x27b70a8546d22ffcL, 0x2e1b21385c26c926L, 0x4d2c6dfc5ac42aedL, 0x53380d139d95b3dfL, -0x650a73548baf63deL, 0x766a0abb3c77b2a8L, 0x81c2c92e47edaee6L, 0x92722c851482353bL, -0xa2bfe8a14cf10364L, 0xa81a664bbc423001L, 0xc24b8b70d0f89791L, 0xc76c51a30654be30L, -0xd192e819d6ef5218L, 0xd69906245565a910L, 0xf40e35855771202aL, 0x106aa07032bbd1b8L, -0x19a4c116b8d2d0c8L, 0x1e376c085141ab53L, 0x2748774cdf8eeb99L, 0x34b0bcb5e19b48a8L, -0x391c0cb3c5c95a63L, 0x4ed8aa4ae3418acbL, 0x5b9cca4f7763e373L, 0x682e6ff3d6b2b8a3L, -0x748f82ee5defb2fcL, 0x78a5636f43172f60L, 0x84c87814a1f0ab72L, 0x8cc702081a6439ecL, -0x90befffa23631e28L, 0xa4506cebde82bde9L, 0xbef9a3f7b2c67915L, 0xc67178f2e372532bL, -0xca273eceea26619cL, 0xd186b8c721c0c207L, 0xeada7dd6cde0eb1eL, 0xf57d4f7fee6ed178L, -0x06f067aa72176fbaL, 0x0a637dc5a2c898a6L, 0x113f9804bef90daeL, 0x1b710b35131c471bL, -0x28db77f523047d84L, 0x32caab7b40c72493L, 0x3c9ebe0a15c9bebcL, 0x431d67c49c100d4cL, -0x4cc5d4becb3e42b6L, 0x597f299cfc657e2aL, 0x5fcb6fab3ad6faecL, 0x6c44198c4a475817L - }; -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/digests/MD4Digest.java b/luni/src/main/java/org/bouncycastle/crypto/digests/MD4Digest.java deleted file mode 100644 index 2a8084f..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/digests/MD4Digest.java +++ /dev/null @@ -1,270 +0,0 @@ -package org.bouncycastle.crypto.digests; - - -/** - * implementation of MD4 as RFC 1320 by R. Rivest, MIT Laboratory for - * Computer Science and RSA Data Security, Inc. - * <p> - * <b>NOTE</b>: This algorithm is only included for backwards compatability - * with legacy applications, it's not secure, don't use it for anything new! - */ -public class MD4Digest - extends GeneralDigest -{ - private static final int DIGEST_LENGTH = 16; - - private int H1, H2, H3, H4; // IV's - - private int[] X = new int[16]; - private int xOff; - - /** - * Standard constructor - */ - public MD4Digest() - { - reset(); - } - - /** - * Copy constructor. This will copy the state of the provided - * message digest. - */ - public MD4Digest(MD4Digest t) - { - super(t); - - H1 = t.H1; - H2 = t.H2; - H3 = t.H3; - H4 = t.H4; - - System.arraycopy(t.X, 0, X, 0, t.X.length); - xOff = t.xOff; - } - - public String getAlgorithmName() - { - return "MD4"; - } - - public int getDigestSize() - { - return DIGEST_LENGTH; - } - - protected void processWord( - byte[] in, - int inOff) - { - X[xOff++] = (in[inOff] & 0xff) | ((in[inOff + 1] & 0xff) << 8) - | ((in[inOff + 2] & 0xff) << 16) | ((in[inOff + 3] & 0xff) << 24); - - if (xOff == 16) - { - processBlock(); - } - } - - protected void processLength( - long bitLength) - { - if (xOff > 14) - { - processBlock(); - } - - X[14] = (int)(bitLength & 0xffffffff); - X[15] = (int)(bitLength >>> 32); - } - - private void unpackWord( - int word, - byte[] out, - int outOff) - { - out[outOff] = (byte)word; - out[outOff + 1] = (byte)(word >>> 8); - out[outOff + 2] = (byte)(word >>> 16); - out[outOff + 3] = (byte)(word >>> 24); - } - - public int doFinal( - byte[] out, - int outOff) - { - finish(); - - unpackWord(H1, out, outOff); - unpackWord(H2, out, outOff + 4); - unpackWord(H3, out, outOff + 8); - unpackWord(H4, out, outOff + 12); - - reset(); - - return DIGEST_LENGTH; - } - - /** - * reset the chaining variables to the IV values. - */ - public void reset() - { - super.reset(); - - H1 = 0x67452301; - H2 = 0xefcdab89; - H3 = 0x98badcfe; - H4 = 0x10325476; - - xOff = 0; - - for (int i = 0; i != X.length; i++) - { - X[i] = 0; - } - } - - // - // round 1 left rotates - // - private static final int S11 = 3; - private static final int S12 = 7; - private static final int S13 = 11; - private static final int S14 = 19; - - // - // round 2 left rotates - // - private static final int S21 = 3; - private static final int S22 = 5; - private static final int S23 = 9; - private static final int S24 = 13; - - // - // round 3 left rotates - // - private static final int S31 = 3; - private static final int S32 = 9; - private static final int S33 = 11; - private static final int S34 = 15; - - /* - * rotate int x left n bits. - */ - private int rotateLeft( - int x, - int n) - { - return (x << n) | (x >>> (32 - n)); - } - - /* - * F, G, H and I are the basic MD4 functions. - */ - private int F( - int u, - int v, - int w) - { - return (u & v) | (~u & w); - } - - private int G( - int u, - int v, - int w) - { - return (u & v) | (u & w) | (v & w); - } - - private int H( - int u, - int v, - int w) - { - return u ^ v ^ w; - } - - protected void processBlock() - { - int a = H1; - int b = H2; - int c = H3; - int d = H4; - - // - // Round 1 - F cycle, 16 times. - // - a = rotateLeft(a + F(b, c, d) + X[ 0], S11); - d = rotateLeft(d + F(a, b, c) + X[ 1], S12); - c = rotateLeft(c + F(d, a, b) + X[ 2], S13); - b = rotateLeft(b + F(c, d, a) + X[ 3], S14); - a = rotateLeft(a + F(b, c, d) + X[ 4], S11); - d = rotateLeft(d + F(a, b, c) + X[ 5], S12); - c = rotateLeft(c + F(d, a, b) + X[ 6], S13); - b = rotateLeft(b + F(c, d, a) + X[ 7], S14); - a = rotateLeft(a + F(b, c, d) + X[ 8], S11); - d = rotateLeft(d + F(a, b, c) + X[ 9], S12); - c = rotateLeft(c + F(d, a, b) + X[10], S13); - b = rotateLeft(b + F(c, d, a) + X[11], S14); - a = rotateLeft(a + F(b, c, d) + X[12], S11); - d = rotateLeft(d + F(a, b, c) + X[13], S12); - c = rotateLeft(c + F(d, a, b) + X[14], S13); - b = rotateLeft(b + F(c, d, a) + X[15], S14); - - // - // Round 2 - G cycle, 16 times. - // - a = rotateLeft(a + G(b, c, d) + X[ 0] + 0x5a827999, S21); - d = rotateLeft(d + G(a, b, c) + X[ 4] + 0x5a827999, S22); - c = rotateLeft(c + G(d, a, b) + X[ 8] + 0x5a827999, S23); - b = rotateLeft(b + G(c, d, a) + X[12] + 0x5a827999, S24); - a = rotateLeft(a + G(b, c, d) + X[ 1] + 0x5a827999, S21); - d = rotateLeft(d + G(a, b, c) + X[ 5] + 0x5a827999, S22); - c = rotateLeft(c + G(d, a, b) + X[ 9] + 0x5a827999, S23); - b = rotateLeft(b + G(c, d, a) + X[13] + 0x5a827999, S24); - a = rotateLeft(a + G(b, c, d) + X[ 2] + 0x5a827999, S21); - d = rotateLeft(d + G(a, b, c) + X[ 6] + 0x5a827999, S22); - c = rotateLeft(c + G(d, a, b) + X[10] + 0x5a827999, S23); - b = rotateLeft(b + G(c, d, a) + X[14] + 0x5a827999, S24); - a = rotateLeft(a + G(b, c, d) + X[ 3] + 0x5a827999, S21); - d = rotateLeft(d + G(a, b, c) + X[ 7] + 0x5a827999, S22); - c = rotateLeft(c + G(d, a, b) + X[11] + 0x5a827999, S23); - b = rotateLeft(b + G(c, d, a) + X[15] + 0x5a827999, S24); - - // - // Round 3 - H cycle, 16 times. - // - a = rotateLeft(a + H(b, c, d) + X[ 0] + 0x6ed9eba1, S31); - d = rotateLeft(d + H(a, b, c) + X[ 8] + 0x6ed9eba1, S32); - c = rotateLeft(c + H(d, a, b) + X[ 4] + 0x6ed9eba1, S33); - b = rotateLeft(b + H(c, d, a) + X[12] + 0x6ed9eba1, S34); - a = rotateLeft(a + H(b, c, d) + X[ 2] + 0x6ed9eba1, S31); - d = rotateLeft(d + H(a, b, c) + X[10] + 0x6ed9eba1, S32); - c = rotateLeft(c + H(d, a, b) + X[ 6] + 0x6ed9eba1, S33); - b = rotateLeft(b + H(c, d, a) + X[14] + 0x6ed9eba1, S34); - a = rotateLeft(a + H(b, c, d) + X[ 1] + 0x6ed9eba1, S31); - d = rotateLeft(d + H(a, b, c) + X[ 9] + 0x6ed9eba1, S32); - c = rotateLeft(c + H(d, a, b) + X[ 5] + 0x6ed9eba1, S33); - b = rotateLeft(b + H(c, d, a) + X[13] + 0x6ed9eba1, S34); - a = rotateLeft(a + H(b, c, d) + X[ 3] + 0x6ed9eba1, S31); - d = rotateLeft(d + H(a, b, c) + X[11] + 0x6ed9eba1, S32); - c = rotateLeft(c + H(d, a, b) + X[ 7] + 0x6ed9eba1, S33); - b = rotateLeft(b + H(c, d, a) + X[15] + 0x6ed9eba1, S34); - - H1 += a; - H2 += b; - H3 += c; - H4 += d; - - // - // reset the offset and clean out the word buffer. - // - xOff = 0; - for (int i = 0; i != X.length; i++) - { - X[i] = 0; - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/digests/MD5Digest.java b/luni/src/main/java/org/bouncycastle/crypto/digests/MD5Digest.java deleted file mode 100644 index 05ed27a..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/digests/MD5Digest.java +++ /dev/null @@ -1,302 +0,0 @@ -package org.bouncycastle.crypto.digests; - - -/** - * implementation of MD5 as outlined in "Handbook of Applied Cryptography", pages 346 - 347. - */ -public class MD5Digest - extends GeneralDigest -{ - private static final int DIGEST_LENGTH = 16; - - private int H1, H2, H3, H4; // IV's - - private int[] X = new int[16]; - private int xOff; - - /** - * Standard constructor - */ - public MD5Digest() - { - reset(); - } - - /** - * Copy constructor. This will copy the state of the provided - * message digest. - */ - public MD5Digest(MD5Digest t) - { - super(t); - - H1 = t.H1; - H2 = t.H2; - H3 = t.H3; - H4 = t.H4; - - System.arraycopy(t.X, 0, X, 0, t.X.length); - xOff = t.xOff; - } - - public String getAlgorithmName() - { - return "MD5"; - } - - public int getDigestSize() - { - return DIGEST_LENGTH; - } - - protected void processWord( - byte[] in, - int inOff) - { - X[xOff++] = (in[inOff] & 0xff) | ((in[inOff + 1] & 0xff) << 8) - | ((in[inOff + 2] & 0xff) << 16) | ((in[inOff + 3] & 0xff) << 24); - - if (xOff == 16) - { - processBlock(); - } - } - - protected void processLength( - long bitLength) - { - if (xOff > 14) - { - processBlock(); - } - - X[14] = (int)(bitLength & 0xffffffff); - X[15] = (int)(bitLength >>> 32); - } - - private void unpackWord( - int word, - byte[] out, - int outOff) - { - out[outOff] = (byte)word; - out[outOff + 1] = (byte)(word >>> 8); - out[outOff + 2] = (byte)(word >>> 16); - out[outOff + 3] = (byte)(word >>> 24); - } - - public int doFinal( - byte[] out, - int outOff) - { - finish(); - - unpackWord(H1, out, outOff); - unpackWord(H2, out, outOff + 4); - unpackWord(H3, out, outOff + 8); - unpackWord(H4, out, outOff + 12); - - reset(); - - return DIGEST_LENGTH; - } - - /** - * reset the chaining variables to the IV values. - */ - public void reset() - { - super.reset(); - - H1 = 0x67452301; - H2 = 0xefcdab89; - H3 = 0x98badcfe; - H4 = 0x10325476; - - xOff = 0; - - for (int i = 0; i != X.length; i++) - { - X[i] = 0; - } - } - - // - // round 1 left rotates - // - private static final int S11 = 7; - private static final int S12 = 12; - private static final int S13 = 17; - private static final int S14 = 22; - - // - // round 2 left rotates - // - private static final int S21 = 5; - private static final int S22 = 9; - private static final int S23 = 14; - private static final int S24 = 20; - - // - // round 3 left rotates - // - private static final int S31 = 4; - private static final int S32 = 11; - private static final int S33 = 16; - private static final int S34 = 23; - - // - // round 4 left rotates - // - private static final int S41 = 6; - private static final int S42 = 10; - private static final int S43 = 15; - private static final int S44 = 21; - - /* - * rotate int x left n bits. - */ - private int rotateLeft( - int x, - int n) - { - return (x << n) | (x >>> (32 - n)); - } - - /* - * F, G, H and I are the basic MD5 functions. - */ - private int F( - int u, - int v, - int w) - { - return (u & v) | (~u & w); - } - - private int G( - int u, - int v, - int w) - { - return (u & w) | (v & ~w); - } - - private int H( - int u, - int v, - int w) - { - return u ^ v ^ w; - } - - private int K( - int u, - int v, - int w) - { - return v ^ (u | ~w); - } - - protected void processBlock() - { - int a = H1; - int b = H2; - int c = H3; - int d = H4; - - // - // Round 1 - F cycle, 16 times. - // - a = rotateLeft(a + F(b, c, d) + X[ 0] + 0xd76aa478, S11) + b; - d = rotateLeft(d + F(a, b, c) + X[ 1] + 0xe8c7b756, S12) + a; - c = rotateLeft(c + F(d, a, b) + X[ 2] + 0x242070db, S13) + d; - b = rotateLeft(b + F(c, d, a) + X[ 3] + 0xc1bdceee, S14) + c; - a = rotateLeft(a + F(b, c, d) + X[ 4] + 0xf57c0faf, S11) + b; - d = rotateLeft(d + F(a, b, c) + X[ 5] + 0x4787c62a, S12) + a; - c = rotateLeft(c + F(d, a, b) + X[ 6] + 0xa8304613, S13) + d; - b = rotateLeft(b + F(c, d, a) + X[ 7] + 0xfd469501, S14) + c; - a = rotateLeft(a + F(b, c, d) + X[ 8] + 0x698098d8, S11) + b; - d = rotateLeft(d + F(a, b, c) + X[ 9] + 0x8b44f7af, S12) + a; - c = rotateLeft(c + F(d, a, b) + X[10] + 0xffff5bb1, S13) + d; - b = rotateLeft(b + F(c, d, a) + X[11] + 0x895cd7be, S14) + c; - a = rotateLeft(a + F(b, c, d) + X[12] + 0x6b901122, S11) + b; - d = rotateLeft(d + F(a, b, c) + X[13] + 0xfd987193, S12) + a; - c = rotateLeft(c + F(d, a, b) + X[14] + 0xa679438e, S13) + d; - b = rotateLeft(b + F(c, d, a) + X[15] + 0x49b40821, S14) + c; - - // - // Round 2 - G cycle, 16 times. - // - a = rotateLeft(a + G(b, c, d) + X[ 1] + 0xf61e2562, S21) + b; - d = rotateLeft(d + G(a, b, c) + X[ 6] + 0xc040b340, S22) + a; - c = rotateLeft(c + G(d, a, b) + X[11] + 0x265e5a51, S23) + d; - b = rotateLeft(b + G(c, d, a) + X[ 0] + 0xe9b6c7aa, S24) + c; - a = rotateLeft(a + G(b, c, d) + X[ 5] + 0xd62f105d, S21) + b; - d = rotateLeft(d + G(a, b, c) + X[10] + 0x02441453, S22) + a; - c = rotateLeft(c + G(d, a, b) + X[15] + 0xd8a1e681, S23) + d; - b = rotateLeft(b + G(c, d, a) + X[ 4] + 0xe7d3fbc8, S24) + c; - a = rotateLeft(a + G(b, c, d) + X[ 9] + 0x21e1cde6, S21) + b; - d = rotateLeft(d + G(a, b, c) + X[14] + 0xc33707d6, S22) + a; - c = rotateLeft(c + G(d, a, b) + X[ 3] + 0xf4d50d87, S23) + d; - b = rotateLeft(b + G(c, d, a) + X[ 8] + 0x455a14ed, S24) + c; - a = rotateLeft(a + G(b, c, d) + X[13] + 0xa9e3e905, S21) + b; - d = rotateLeft(d + G(a, b, c) + X[ 2] + 0xfcefa3f8, S22) + a; - c = rotateLeft(c + G(d, a, b) + X[ 7] + 0x676f02d9, S23) + d; - b = rotateLeft(b + G(c, d, a) + X[12] + 0x8d2a4c8a, S24) + c; - - // - // Round 3 - H cycle, 16 times. - // - a = rotateLeft(a + H(b, c, d) + X[ 5] + 0xfffa3942, S31) + b; - d = rotateLeft(d + H(a, b, c) + X[ 8] + 0x8771f681, S32) + a; - c = rotateLeft(c + H(d, a, b) + X[11] + 0x6d9d6122, S33) + d; - b = rotateLeft(b + H(c, d, a) + X[14] + 0xfde5380c, S34) + c; - a = rotateLeft(a + H(b, c, d) + X[ 1] + 0xa4beea44, S31) + b; - d = rotateLeft(d + H(a, b, c) + X[ 4] + 0x4bdecfa9, S32) + a; - c = rotateLeft(c + H(d, a, b) + X[ 7] + 0xf6bb4b60, S33) + d; - b = rotateLeft(b + H(c, d, a) + X[10] + 0xbebfbc70, S34) + c; - a = rotateLeft(a + H(b, c, d) + X[13] + 0x289b7ec6, S31) + b; - d = rotateLeft(d + H(a, b, c) + X[ 0] + 0xeaa127fa, S32) + a; - c = rotateLeft(c + H(d, a, b) + X[ 3] + 0xd4ef3085, S33) + d; - b = rotateLeft(b + H(c, d, a) + X[ 6] + 0x04881d05, S34) + c; - a = rotateLeft(a + H(b, c, d) + X[ 9] + 0xd9d4d039, S31) + b; - d = rotateLeft(d + H(a, b, c) + X[12] + 0xe6db99e5, S32) + a; - c = rotateLeft(c + H(d, a, b) + X[15] + 0x1fa27cf8, S33) + d; - b = rotateLeft(b + H(c, d, a) + X[ 2] + 0xc4ac5665, S34) + c; - - // - // Round 4 - K cycle, 16 times. - // - a = rotateLeft(a + K(b, c, d) + X[ 0] + 0xf4292244, S41) + b; - d = rotateLeft(d + K(a, b, c) + X[ 7] + 0x432aff97, S42) + a; - c = rotateLeft(c + K(d, a, b) + X[14] + 0xab9423a7, S43) + d; - b = rotateLeft(b + K(c, d, a) + X[ 5] + 0xfc93a039, S44) + c; - a = rotateLeft(a + K(b, c, d) + X[12] + 0x655b59c3, S41) + b; - d = rotateLeft(d + K(a, b, c) + X[ 3] + 0x8f0ccc92, S42) + a; - c = rotateLeft(c + K(d, a, b) + X[10] + 0xffeff47d, S43) + d; - b = rotateLeft(b + K(c, d, a) + X[ 1] + 0x85845dd1, S44) + c; - a = rotateLeft(a + K(b, c, d) + X[ 8] + 0x6fa87e4f, S41) + b; - d = rotateLeft(d + K(a, b, c) + X[15] + 0xfe2ce6e0, S42) + a; - c = rotateLeft(c + K(d, a, b) + X[ 6] + 0xa3014314, S43) + d; - b = rotateLeft(b + K(c, d, a) + X[13] + 0x4e0811a1, S44) + c; - a = rotateLeft(a + K(b, c, d) + X[ 4] + 0xf7537e82, S41) + b; - d = rotateLeft(d + K(a, b, c) + X[11] + 0xbd3af235, S42) + a; - c = rotateLeft(c + K(d, a, b) + X[ 2] + 0x2ad7d2bb, S43) + d; - b = rotateLeft(b + K(c, d, a) + X[ 9] + 0xeb86d391, S44) + c; - - H1 += a; - H2 += b; - H3 += c; - H4 += d; - - // - // reset the offset and clean out the word buffer. - // - xOff = 0; - for (int i = 0; i != X.length; i++) - { - X[i] = 0; - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/digests/SHA1Digest.java b/luni/src/main/java/org/bouncycastle/crypto/digests/SHA1Digest.java deleted file mode 100644 index 9b282e9..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/digests/SHA1Digest.java +++ /dev/null @@ -1,294 +0,0 @@ -package org.bouncycastle.crypto.digests; - -/** - * implementation of SHA-1 as outlined in "Handbook of Applied Cryptography", pages 346 - 349. - * - * It is interesting to ponder why the, apart from the extra IV, the other difference here from MD5 - * is the "endienness" of the word processing! - */ -public class SHA1Digest - extends GeneralDigest -{ - private static final int DIGEST_LENGTH = 20; - - private int H1, H2, H3, H4, H5; - - private int[] X = new int[80]; - private int xOff; - - /** - * Standard constructor - */ - public SHA1Digest() - { - reset(); - } - - /** - * Copy constructor. This will copy the state of the provided - * message digest. - */ - public SHA1Digest(SHA1Digest t) - { - super(t); - - H1 = t.H1; - H2 = t.H2; - H3 = t.H3; - H4 = t.H4; - H5 = t.H5; - - System.arraycopy(t.X, 0, X, 0, t.X.length); - xOff = t.xOff; - } - - public String getAlgorithmName() - { - return "SHA-1"; - } - - public int getDigestSize() - { - return DIGEST_LENGTH; - } - - protected void processWord( - byte[] in, - int inOff) - { - X[xOff++] = (in[inOff] & 0xff) << 24 | (in[inOff + 1] & 0xff) << 16 - | (in[inOff + 2] & 0xff) << 8 | in[inOff + 3] & 0xff; - - if (xOff == 16) - { - processBlock(); - } - } - - private void unpackWord( - int word, - byte[] out, - int outOff) - { - out[outOff++] = (byte)(word >>> 24); - out[outOff++] = (byte)(word >>> 16); - out[outOff++] = (byte)(word >>> 8); - out[outOff++] = (byte)word; - } - - protected void processLength( - long bitLength) - { - if (xOff > 14) - { - processBlock(); - } - - X[14] = (int)(bitLength >>> 32); - X[15] = (int)(bitLength & 0xffffffff); - } - - public int doFinal( - byte[] out, - int outOff) - { - finish(); - - unpackWord(H1, out, outOff); - unpackWord(H2, out, outOff + 4); - unpackWord(H3, out, outOff + 8); - unpackWord(H4, out, outOff + 12); - unpackWord(H5, out, outOff + 16); - - reset(); - - return DIGEST_LENGTH; - } - - /** - * reset the chaining variables - */ - public void reset() - { - super.reset(); - - H1 = 0x67452301; - H2 = 0xefcdab89; - H3 = 0x98badcfe; - H4 = 0x10325476; - H5 = 0xc3d2e1f0; - - xOff = 0; - for (int i = 0; i != X.length; i++) - { - X[i] = 0; - } - } - - // - // Additive constants - // - private static final int Y1 = 0x5a827999; - private static final int Y2 = 0x6ed9eba1; - private static final int Y3 = 0x8f1bbcdc; - private static final int Y4 = 0xca62c1d6; - - private int f( - int u, - int v, - int w) - { - return ((u & v) | ((~u) & w)); - } - - private int h( - int u, - int v, - int w) - { - return (u ^ v ^ w); - } - - private int g( - int u, - int v, - int w) - { - return ((u & v) | (u & w) | (v & w)); - } - - protected void processBlock() - { - // - // expand 16 word block into 80 word block. - // - for (int i = 16; i < 80; i++) - { - int t = X[i - 3] ^ X[i - 8] ^ X[i - 14] ^ X[i - 16]; - X[i] = t << 1 | t >>> 31; - } - - // - // set up working variables. - // - int A = H1; - int B = H2; - int C = H3; - int D = H4; - int E = H5; - - // - // round 1 - // - int idx = 0; - - for (int j = 0; j < 4; j++) - { - // E = rotateLeft(A, 5) + f(B, C, D) + E + X[idx++] + Y1 - // B = rotateLeft(B, 30) - E += (A << 5 | A >>> 27) + f(B, C, D) + X[idx++] + Y1; - B = B << 30 | B >>> 2; - - D += (E << 5 | E >>> 27) + f(A, B, C) + X[idx++] + Y1; - A = A << 30 | A >>> 2; - - C += (D << 5 | D >>> 27) + f(E, A, B) + X[idx++] + Y1; - E = E << 30 | E >>> 2; - - B += (C << 5 | C >>> 27) + f(D, E, A) + X[idx++] + Y1; - D = D << 30 | D >>> 2; - - A += (B << 5 | B >>> 27) + f(C, D, E) + X[idx++] + Y1; - C = C << 30 | C >>> 2; - } - - // - // round 2 - // - for (int j = 0; j < 4; j++) - { - // E = rotateLeft(A, 5) + h(B, C, D) + E + X[idx++] + Y2 - // B = rotateLeft(B, 30) - E += (A << 5 | A >>> 27) + h(B, C, D) + X[idx++] + Y2; - B = B << 30 | B >>> 2; - - D += (E << 5 | E >>> 27) + h(A, B, C) + X[idx++] + Y2; - A = A << 30 | A >>> 2; - - C += (D << 5 | D >>> 27) + h(E, A, B) + X[idx++] + Y2; - E = E << 30 | E >>> 2; - - B += (C << 5 | C >>> 27) + h(D, E, A) + X[idx++] + Y2; - D = D << 30 | D >>> 2; - - A += (B << 5 | B >>> 27) + h(C, D, E) + X[idx++] + Y2; - C = C << 30 | C >>> 2; - } - - // - // round 3 - // - for (int j = 0; j < 4; j++) - { - // E = rotateLeft(A, 5) + g(B, C, D) + E + X[idx++] + Y3 - // B = rotateLeft(B, 30) - E += (A << 5 | A >>> 27) + g(B, C, D) + X[idx++] + Y3; - B = B << 30 | B >>> 2; - - D += (E << 5 | E >>> 27) + g(A, B, C) + X[idx++] + Y3; - A = A << 30 | A >>> 2; - - C += (D << 5 | D >>> 27) + g(E, A, B) + X[idx++] + Y3; - E = E << 30 | E >>> 2; - - B += (C << 5 | C >>> 27) + g(D, E, A) + X[idx++] + Y3; - D = D << 30 | D >>> 2; - - A += (B << 5 | B >>> 27) + g(C, D, E) + X[idx++] + Y3; - C = C << 30 | C >>> 2; - } - - // - // round 4 - // - for (int j = 0; j <= 3; j++) - { - // E = rotateLeft(A, 5) + h(B, C, D) + E + X[idx++] + Y4 - // B = rotateLeft(B, 30) - E += (A << 5 | A >>> 27) + h(B, C, D) + X[idx++] + Y4; - B = B << 30 | B >>> 2; - - D += (E << 5 | E >>> 27) + h(A, B, C) + X[idx++] + Y4; - A = A << 30 | A >>> 2; - - C += (D << 5 | D >>> 27) + h(E, A, B) + X[idx++] + Y4; - E = E << 30 | E >>> 2; - - B += (C << 5 | C >>> 27) + h(D, E, A) + X[idx++] + Y4; - D = D << 30 | D >>> 2; - - A += (B << 5 | B >>> 27) + h(C, D, E) + X[idx++] + Y4; - C = C << 30 | C >>> 2; - } - - - H1 += A; - H2 += B; - H3 += C; - H4 += D; - H5 += E; - - // - // reset start of the buffer. - // - xOff = 0; - for (int i = 0; i < 16; i++) - { - X[i] = 0; - } - } -} - - - - diff --git a/luni/src/main/java/org/bouncycastle/crypto/digests/SHA224Digest.java b/luni/src/main/java/org/bouncycastle/crypto/digests/SHA224Digest.java deleted file mode 100644 index 392d12b..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/digests/SHA224Digest.java +++ /dev/null @@ -1,289 +0,0 @@ -package org.bouncycastle.crypto.digests; - - -import org.bouncycastle.crypto.digests.GeneralDigest; - - -/** - * SHA-224 as described in RFC 3874 - * <pre> - * block word digest - * SHA-1 512 32 160 - * SHA-224 512 32 224 - * SHA-256 512 32 256 - * SHA-384 1024 64 384 - * SHA-512 1024 64 512 - * </pre> - */ -public class SHA224Digest - extends GeneralDigest -{ - private static final int DIGEST_LENGTH = 28; - - private int H1, H2, H3, H4, H5, H6, H7, H8; - - private int[] X = new int[64]; - private int xOff; - - /** - * Standard constructor - */ - public SHA224Digest() - { - reset(); - } - - /** - * Copy constructor. This will copy the state of the provided - * message digest. - */ - public SHA224Digest(SHA224Digest t) - { - super(t); - - H1 = t.H1; - H2 = t.H2; - H3 = t.H3; - H4 = t.H4; - H5 = t.H5; - H6 = t.H6; - H7 = t.H7; - H8 = t.H8; - - System.arraycopy(t.X, 0, X, 0, t.X.length); - xOff = t.xOff; - } - - public String getAlgorithmName() - { - return "SHA-224"; - } - - public int getDigestSize() - { - return DIGEST_LENGTH; - } - - protected void processWord( - byte[] in, - int inOff) - { - X[xOff++] = ((in[inOff] & 0xff) << 24) | ((in[inOff + 1] & 0xff) << 16) - | ((in[inOff + 2] & 0xff) << 8) | ((in[inOff + 3] & 0xff)); - - if (xOff == 16) - { - processBlock(); - } - } - - private void unpackWord( - int word, - byte[] out, - int outOff) - { - out[outOff] = (byte)(word >>> 24); - out[outOff + 1] = (byte)(word >>> 16); - out[outOff + 2] = (byte)(word >>> 8); - out[outOff + 3] = (byte)word; - } - - protected void processLength( - long bitLength) - { - if (xOff > 14) - { - processBlock(); - } - - X[14] = (int)(bitLength >>> 32); - X[15] = (int)(bitLength & 0xffffffff); - } - - public int doFinal( - byte[] out, - int outOff) - { - finish(); - - unpackWord(H1, out, outOff); - unpackWord(H2, out, outOff + 4); - unpackWord(H3, out, outOff + 8); - unpackWord(H4, out, outOff + 12); - unpackWord(H5, out, outOff + 16); - unpackWord(H6, out, outOff + 20); - unpackWord(H7, out, outOff + 24); - - reset(); - - return DIGEST_LENGTH; - } - - /** - * reset the chaining variables - */ - public void reset() - { - super.reset(); - - /* SHA-224 initial hash value - */ - - H1 = 0xc1059ed8; - H2 = 0x367cd507; - H3 = 0x3070dd17; - H4 = 0xf70e5939; - H5 = 0xffc00b31; - H6 = 0x68581511; - H7 = 0x64f98fa7; - H8 = 0xbefa4fa4; - - xOff = 0; - for (int i = 0; i != X.length; i++) - { - X[i] = 0; - } - } - - protected void processBlock() - { - // - // expand 16 word block into 64 word blocks. - // - for (int t = 16; t <= 63; t++) - { - X[t] = Theta1(X[t - 2]) + X[t - 7] + Theta0(X[t - 15]) + X[t - 16]; - } - - // - // set up working variables. - // - int a = H1; - int b = H2; - int c = H3; - int d = H4; - int e = H5; - int f = H6; - int g = H7; - int h = H8; - - - int t = 0; - for(int i = 0; i < 8; i ++) - { - // t = 8 * i - h += Sum1(e) + Ch(e, f, g) + K[t] + X[t++]; - d += h; - h += Sum0(a) + Maj(a, b, c); - - // t = 8 * i + 1 - g += Sum1(d) + Ch(d, e, f) + K[t] + X[t++]; - c += g; - g += Sum0(h) + Maj(h, a, b); - - // t = 8 * i + 2 - f += Sum1(c) + Ch(c, d, e) + K[t] + X[t++]; - b += f; - f += Sum0(g) + Maj(g, h, a); - - // t = 8 * i + 3 - e += Sum1(b) + Ch(b, c, d) + K[t] + X[t++]; - a += e; - e += Sum0(f) + Maj(f, g, h); - - // t = 8 * i + 4 - d += Sum1(a) + Ch(a, b, c) + K[t] + X[t++]; - h += d; - d += Sum0(e) + Maj(e, f, g); - - // t = 8 * i + 5 - c += Sum1(h) + Ch(h, a, b) + K[t] + X[t++]; - g += c; - c += Sum0(d) + Maj(d, e, f); - - // t = 8 * i + 6 - b += Sum1(g) + Ch(g, h, a) + K[t] + X[t++]; - f += b; - b += Sum0(c) + Maj(c, d, e); - - // t = 8 * i + 7 - a += Sum1(f) + Ch(f, g, h) + K[t] + X[t++]; - e += a; - a += Sum0(b) + Maj(b, c, d); - } - - H1 += a; - H2 += b; - H3 += c; - H4 += d; - H5 += e; - H6 += f; - H7 += g; - H8 += h; - - // - // reset the offset and clean out the word buffer. - // - xOff = 0; - for (int i = 0; i < 16; i++) - { - X[i] = 0; - } - } - - /* SHA-224 functions */ - private int Ch( - int x, - int y, - int z) - { - return ((x & y) ^ ((~x) & z)); - } - - private int Maj( - int x, - int y, - int z) - { - return ((x & y) ^ (x & z) ^ (y & z)); - } - - private int Sum0( - int x) - { - return ((x >>> 2) | (x << 30)) ^ ((x >>> 13) | (x << 19)) ^ ((x >>> 22) | (x << 10)); - } - - private int Sum1( - int x) - { - return ((x >>> 6) | (x << 26)) ^ ((x >>> 11) | (x << 21)) ^ ((x >>> 25) | (x << 7)); - } - - private int Theta0( - int x) - { - return ((x >>> 7) | (x << 25)) ^ ((x >>> 18) | (x << 14)) ^ (x >>> 3); - } - - private int Theta1( - int x) - { - return ((x >>> 17) | (x << 15)) ^ ((x >>> 19) | (x << 13)) ^ (x >>> 10); - } - - /* SHA-224 Constants - * (represent the first 32 bits of the fractional parts of the - * cube roots of the first sixty-four prime numbers) - */ - static final int K[] = { - 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, - 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, - 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, - 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, - 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, - 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, - 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 - }; -} - diff --git a/luni/src/main/java/org/bouncycastle/crypto/digests/SHA256Digest.java b/luni/src/main/java/org/bouncycastle/crypto/digests/SHA256Digest.java deleted file mode 100644 index d9cbc44..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/digests/SHA256Digest.java +++ /dev/null @@ -1,291 +0,0 @@ -package org.bouncycastle.crypto.digests; - - -import org.bouncycastle.crypto.digests.GeneralDigest; - - -/** - * FIPS 180-2 implementation of SHA-256. - * - * <pre> - * block word digest - * SHA-1 512 32 160 - * SHA-256 512 32 256 - * SHA-384 1024 64 384 - * SHA-512 1024 64 512 - * </pre> - */ -public class SHA256Digest - extends GeneralDigest -{ - private static final int DIGEST_LENGTH = 32; - - private int H1, H2, H3, H4, H5, H6, H7, H8; - - private int[] X = new int[64]; - private int xOff; - - /** - * Standard constructor - */ - public SHA256Digest() - { - reset(); - } - - /** - * Copy constructor. This will copy the state of the provided - * message digest. - */ - public SHA256Digest(SHA256Digest t) - { - super(t); - - H1 = t.H1; - H2 = t.H2; - H3 = t.H3; - H4 = t.H4; - H5 = t.H5; - H6 = t.H6; - H7 = t.H7; - H8 = t.H8; - - System.arraycopy(t.X, 0, X, 0, t.X.length); - xOff = t.xOff; - } - - public String getAlgorithmName() - { - return "SHA-256"; - } - - public int getDigestSize() - { - return DIGEST_LENGTH; - } - - protected void processWord( - byte[] in, - int inOff) - { - X[xOff++] = ((in[inOff] & 0xff) << 24) | ((in[inOff + 1] & 0xff) << 16) - | ((in[inOff + 2] & 0xff) << 8) | ((in[inOff + 3] & 0xff)); - - if (xOff == 16) - { - processBlock(); - } - } - - private void unpackWord( - int word, - byte[] out, - int outOff) - { - out[outOff] = (byte)(word >>> 24); - out[outOff + 1] = (byte)(word >>> 16); - out[outOff + 2] = (byte)(word >>> 8); - out[outOff + 3] = (byte)word; - } - - protected void processLength( - long bitLength) - { - if (xOff > 14) - { - processBlock(); - } - - X[14] = (int)(bitLength >>> 32); - X[15] = (int)(bitLength & 0xffffffff); - } - - public int doFinal( - byte[] out, - int outOff) - { - finish(); - - unpackWord(H1, out, outOff); - unpackWord(H2, out, outOff + 4); - unpackWord(H3, out, outOff + 8); - unpackWord(H4, out, outOff + 12); - unpackWord(H5, out, outOff + 16); - unpackWord(H6, out, outOff + 20); - unpackWord(H7, out, outOff + 24); - unpackWord(H8, out, outOff + 28); - - reset(); - - return DIGEST_LENGTH; - } - - /** - * reset the chaining variables - */ - public void reset() - { - super.reset(); - - /* SHA-256 initial hash value - * The first 32 bits of the fractional parts of the square roots - * of the first eight prime numbers - */ - - H1 = 0x6a09e667; - H2 = 0xbb67ae85; - H3 = 0x3c6ef372; - H4 = 0xa54ff53a; - H5 = 0x510e527f; - H6 = 0x9b05688c; - H7 = 0x1f83d9ab; - H8 = 0x5be0cd19; - - xOff = 0; - for (int i = 0; i != X.length; i++) - { - X[i] = 0; - } - } - - protected void processBlock() - { - // - // expand 16 word block into 64 word blocks. - // - for (int t = 16; t <= 63; t++) - { - X[t] = Theta1(X[t - 2]) + X[t - 7] + Theta0(X[t - 15]) + X[t - 16]; - } - - // - // set up working variables. - // - int a = H1; - int b = H2; - int c = H3; - int d = H4; - int e = H5; - int f = H6; - int g = H7; - int h = H8; - - int t = 0; - for(int i = 0; i < 8; i ++) - { - // t = 8 * i - h += Sum1(e) + Ch(e, f, g) + K[t] + X[t++]; - d += h; - h += Sum0(a) + Maj(a, b, c); - - // t = 8 * i + 1 - g += Sum1(d) + Ch(d, e, f) + K[t] + X[t++]; - c += g; - g += Sum0(h) + Maj(h, a, b); - - // t = 8 * i + 2 - f += Sum1(c) + Ch(c, d, e) + K[t] + X[t++]; - b += f; - f += Sum0(g) + Maj(g, h, a); - - // t = 8 * i + 3 - e += Sum1(b) + Ch(b, c, d) + K[t] + X[t++]; - a += e; - e += Sum0(f) + Maj(f, g, h); - - // t = 8 * i + 4 - d += Sum1(a) + Ch(a, b, c) + K[t] + X[t++]; - h += d; - d += Sum0(e) + Maj(e, f, g); - - // t = 8 * i + 5 - c += Sum1(h) + Ch(h, a, b) + K[t] + X[t++]; - g += c; - c += Sum0(d) + Maj(d, e, f); - - // t = 8 * i + 6 - b += Sum1(g) + Ch(g, h, a) + K[t] + X[t++]; - f += b; - b += Sum0(c) + Maj(c, d, e); - - // t = 8 * i + 7 - a += Sum1(f) + Ch(f, g, h) + K[t] + X[t++]; - e += a; - a += Sum0(b) + Maj(b, c, d); - } - - H1 += a; - H2 += b; - H3 += c; - H4 += d; - H5 += e; - H6 += f; - H7 += g; - H8 += h; - - // - // reset the offset and clean out the word buffer. - // - xOff = 0; - for (int i = 0; i < 16; i++) - { - X[i] = 0; - } - } - - /* SHA-256 functions */ - private int Ch( - int x, - int y, - int z) - { - return (x & y) ^ ((~x) & z); - } - - private int Maj( - int x, - int y, - int z) - { - return (x & y) ^ (x & z) ^ (y & z); - } - - private int Sum0( - int x) - { - return ((x >>> 2) | (x << 30)) ^ ((x >>> 13) | (x << 19)) ^ ((x >>> 22) | (x << 10)); - } - - private int Sum1( - int x) - { - return ((x >>> 6) | (x << 26)) ^ ((x >>> 11) | (x << 21)) ^ ((x >>> 25) | (x << 7)); - } - - private int Theta0( - int x) - { - return ((x >>> 7) | (x << 25)) ^ ((x >>> 18) | (x << 14)) ^ (x >>> 3); - } - - private int Theta1( - int x) - { - return ((x >>> 17) | (x << 15)) ^ ((x >>> 19) | (x << 13)) ^ (x >>> 10); - } - - /* SHA-256 Constants - * (represent the first 32 bits of the fractional parts of the - * cube roots of the first sixty-four prime numbers) - */ - static final int K[] = { - 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, - 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, - 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, - 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, - 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, - 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, - 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 - }; -} - diff --git a/luni/src/main/java/org/bouncycastle/crypto/digests/SHA384Digest.java b/luni/src/main/java/org/bouncycastle/crypto/digests/SHA384Digest.java deleted file mode 100644 index e2a9faa..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/digests/SHA384Digest.java +++ /dev/null @@ -1,85 +0,0 @@ -package org.bouncycastle.crypto.digests; - - -/** - * FIPS 180-2 implementation of SHA-384. - * - * <pre> - * block word digest - * SHA-1 512 32 160 - * SHA-256 512 32 256 - * SHA-384 1024 64 384 - * SHA-512 1024 64 512 - * </pre> - */ -public class SHA384Digest - extends LongDigest -{ - - private static final int DIGEST_LENGTH = 48; - - /** - * Standard constructor - */ - public SHA384Digest() - { - } - - /** - * Copy constructor. This will copy the state of the provided - * message digest. - */ - public SHA384Digest(SHA384Digest t) - { - super(t); - } - - public String getAlgorithmName() - { - return "SHA-384"; - } - - public int getDigestSize() - { - return DIGEST_LENGTH; - } - - public int doFinal( - byte[] out, - int outOff) - { - finish(); - - unpackWord(H1, out, outOff); - unpackWord(H2, out, outOff + 8); - unpackWord(H3, out, outOff + 16); - unpackWord(H4, out, outOff + 24); - unpackWord(H5, out, outOff + 32); - unpackWord(H6, out, outOff + 40); - - reset(); - - return DIGEST_LENGTH; - } - - /** - * reset the chaining variables - */ - public void reset() - { - super.reset(); - - /* SHA-384 initial hash value - * The first 64 bits of the fractional parts of the square roots - * of the 9th through 16th prime numbers - */ - H1 = 0xcbbb9d5dc1059ed8l; - H2 = 0x629a292a367cd507l; - H3 = 0x9159015a3070dd17l; - H4 = 0x152fecd8f70e5939l; - H5 = 0x67332667ffc00b31l; - H6 = 0x8eb44a8768581511l; - H7 = 0xdb0c2e0d64f98fa7l; - H8 = 0x47b5481dbefa4fa4l; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/digests/SHA512Digest.java b/luni/src/main/java/org/bouncycastle/crypto/digests/SHA512Digest.java deleted file mode 100644 index 1f4ae41..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/digests/SHA512Digest.java +++ /dev/null @@ -1,87 +0,0 @@ -package org.bouncycastle.crypto.digests; - - -/** - * FIPS 180-2 implementation of SHA-512. - * - * <pre> - * block word digest - * SHA-1 512 32 160 - * SHA-256 512 32 256 - * SHA-384 1024 64 384 - * SHA-512 1024 64 512 - * </pre> - */ -public class SHA512Digest - extends LongDigest -{ - private static final int DIGEST_LENGTH = 64; - - /** - * Standard constructor - */ - public SHA512Digest() - { - } - - /** - * Copy constructor. This will copy the state of the provided - * message digest. - */ - public SHA512Digest(SHA512Digest t) - { - super(t); - } - - public String getAlgorithmName() - { - return "SHA-512"; - } - - public int getDigestSize() - { - return DIGEST_LENGTH; - } - - public int doFinal( - byte[] out, - int outOff) - { - finish(); - - unpackWord(H1, out, outOff); - unpackWord(H2, out, outOff + 8); - unpackWord(H3, out, outOff + 16); - unpackWord(H4, out, outOff + 24); - unpackWord(H5, out, outOff + 32); - unpackWord(H6, out, outOff + 40); - unpackWord(H7, out, outOff + 48); - unpackWord(H8, out, outOff + 56); - - reset(); - - return DIGEST_LENGTH; - } - - /** - * reset the chaining variables - */ - public void reset() - { - super.reset(); - - /* SHA-512 initial hash value - * The first 64 bits of the fractional parts of the square roots - * of the first eight prime numbers - */ - H1 = 0x6a09e667f3bcc908L; - H2 = 0xbb67ae8584caa73bL; - H3 = 0x3c6ef372fe94f82bL; - H4 = 0xa54ff53a5f1d36f1L; - H5 = 0x510e527fade682d1L; - H6 = 0x9b05688c2b3e6c1fL; - H7 = 0x1f83d9abfb41bd6bL; - H8 = 0x5be0cd19137e2179L; - } -} - diff --git a/luni/src/main/java/org/bouncycastle/crypto/digests/ShortenedDigest.java b/luni/src/main/java/org/bouncycastle/crypto/digests/ShortenedDigest.java deleted file mode 100644 index 89033e8..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/digests/ShortenedDigest.java +++ /dev/null @@ -1,80 +0,0 @@ -package org.bouncycastle.crypto.digests; - -import org.bouncycastle.crypto.ExtendedDigest; - -/** - * Wrapper class that reduces the output length of a particular digest to - * only the first n bytes of the digest function. - */ -public class ShortenedDigest - implements ExtendedDigest -{ - private ExtendedDigest baseDigest; - private int length; - - /** - * Base constructor. - * - * @param baseDigest underlying digest to use. - * @param length length in bytes of the output of doFinal. - * @exception IllegalArgumentException if baseDigest is null, or length is greater than baseDigest.getDigestSize(). - */ - public ShortenedDigest( - ExtendedDigest baseDigest, - int length) - { - if (baseDigest == null) - { - throw new IllegalArgumentException("baseDigest must not be null"); - } - - if (length > baseDigest.getDigestSize()) - { - throw new IllegalArgumentException("baseDigest output not large enough to support length"); - } - - this.baseDigest = baseDigest; - this.length = length; - } - - public String getAlgorithmName() - { - return baseDigest.getAlgorithmName() + "(" + length * 8 + ")"; - } - - public int getDigestSize() - { - return length; - } - - public void update(byte in) - { - baseDigest.update(in); - } - - public void update(byte[] in, int inOff, int len) - { - baseDigest.update(in, inOff, len); - } - - public int doFinal(byte[] out, int outOff) - { - byte[] tmp = new byte[baseDigest.getDigestSize()]; - - baseDigest.doFinal(tmp, 0); - - System.arraycopy(tmp, 0, out, outOff, length); - - return length; - } - - public void reset() - { - baseDigest.reset(); - } - - public int getByteLength() - { - return baseDigest.getByteLength(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/encodings/ISO9796d1Encoding.java b/luni/src/main/java/org/bouncycastle/crypto/encodings/ISO9796d1Encoding.java deleted file mode 100644 index 7e30023..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/encodings/ISO9796d1Encoding.java +++ /dev/null @@ -1,251 +0,0 @@ -package org.bouncycastle.crypto.encodings; - -import org.bouncycastle.crypto.AsymmetricBlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.InvalidCipherTextException; -import org.bouncycastle.crypto.params.ParametersWithRandom; -import org.bouncycastle.crypto.params.RSAKeyParameters; - -/** - * ISO 9796-1 padding. Note in the light of recent results you should - * only use this with RSA (rather than the "simpler" Rabin keys) and you - * should never use it with anything other than a hash (ie. even if the - * message is small don't sign the message, sign it's hash) or some "random" - * value. See your favorite search engine for details. - */ -public class ISO9796d1Encoding - implements AsymmetricBlockCipher -{ - private static byte[] shadows = { 0xe, 0x3, 0x5, 0x8, 0x9, 0x4, 0x2, 0xf, - 0x0, 0xd, 0xb, 0x6, 0x7, 0xa, 0xc, 0x1 }; - private static byte[] inverse = { 0x8, 0xf, 0x6, 0x1, 0x5, 0x2, 0xb, 0xc, - 0x3, 0x4, 0xd, 0xa, 0xe, 0x9, 0x0, 0x7 }; - - private AsymmetricBlockCipher engine; - private boolean forEncryption; - private int bitSize; - private int padBits = 0; - - public ISO9796d1Encoding( - AsymmetricBlockCipher cipher) - { - this.engine = cipher; - } - - public AsymmetricBlockCipher getUnderlyingCipher() - { - return engine; - } - - public void init( - boolean forEncryption, - CipherParameters param) - { - RSAKeyParameters kParam = null; - - if (param instanceof ParametersWithRandom) - { - ParametersWithRandom rParam = (ParametersWithRandom)param; - - kParam = (RSAKeyParameters)rParam.getParameters(); - } - else - { - kParam = (RSAKeyParameters)param; - } - - engine.init(forEncryption, kParam); - - bitSize = kParam.getModulus().bitLength(); - - this.forEncryption = forEncryption; - } - - /** - * return the input block size. The largest message we can process - * is (key_size_in_bits + 3)/16, which in our world comes to - * key_size_in_bytes / 2. - */ - public int getInputBlockSize() - { - int baseBlockSize = engine.getInputBlockSize(); - - if (forEncryption) - { - return (baseBlockSize + 1) / 2; - } - else - { - return baseBlockSize; - } - } - - /** - * return the maximum possible size for the output. - */ - public int getOutputBlockSize() - { - int baseBlockSize = engine.getOutputBlockSize(); - - if (forEncryption) - { - return baseBlockSize; - } - else - { - return (baseBlockSize + 1) / 2; - } - } - - /** - * set the number of bits in the next message to be treated as - * pad bits. - */ - public void setPadBits( - int padBits) - { - if (padBits > 7) - { - throw new IllegalArgumentException("padBits > 7"); - } - - this.padBits = padBits; - } - - /** - * retrieve the number of pad bits in the last decoded message. - */ - public int getPadBits() - { - return padBits; - } - - public byte[] processBlock( - byte[] in, - int inOff, - int inLen) - throws InvalidCipherTextException - { - if (forEncryption) - { - return encodeBlock(in, inOff, inLen); - } - else - { - return decodeBlock(in, inOff, inLen); - } - } - - private byte[] encodeBlock( - byte[] in, - int inOff, - int inLen) - throws InvalidCipherTextException - { - byte[] block = new byte[(bitSize + 7) / 8]; - int r = padBits + 1; - int z = inLen; - int t = (bitSize + 13) / 16; - - for (int i = 0; i < t; i += z) - { - if (i > t - z) - { - System.arraycopy(in, inOff + inLen - (t - i), - block, block.length - t, t - i); - } - else - { - System.arraycopy(in, inOff, block, block.length - (i + z), z); - } - } - - for (int i = block.length - 2 * t; i != block.length; i += 2) - { - byte val = block[block.length - t + i / 2]; - - block[i] = (byte)((shadows[(val & 0xff) >>> 4] << 4) - | shadows[val & 0x0f]); - block[i + 1] = val; - } - - block[block.length - 2 * z] ^= r; - block[block.length - 1] = (byte)((block[block.length - 1] << 4) | 0x06); - - int maxBit = (8 - (bitSize - 1) % 8); - int offSet = 0; - - if (maxBit != 8) - { - block[0] &= 0xff >>> maxBit; - block[0] |= 0x80 >>> maxBit; - } - else - { - block[0] = 0x00; - block[1] |= 0x80; - offSet = 1; - } - - return engine.processBlock(block, offSet, block.length - offSet); - } - - /** - * @exception InvalidCipherTextException if the decrypted block is not a valid ISO 9796 bit string - */ - private byte[] decodeBlock( - byte[] in, - int inOff, - int inLen) - throws InvalidCipherTextException - { - byte[] block = engine.processBlock(in, inOff, inLen); - int r = 1; - int t = (bitSize + 13) / 16; - - if ((block[block.length - 1] & 0x0f) != 0x6) - { - throw new InvalidCipherTextException("invalid forcing byte in block"); - } - - block[block.length - 1] = (byte)(((block[block.length - 1] & 0xff) >>> 4) | ((inverse[(block[block.length - 2] & 0xff) >> 4]) << 4)); - block[0] = (byte)((shadows[(block[1] & 0xff) >>> 4] << 4) - | shadows[block[1] & 0x0f]); - - boolean boundaryFound = false; - int boundary = 0; - - for (int i = block.length - 1; i >= block.length - 2 * t; i -= 2) - { - int val = ((shadows[(block[i] & 0xff) >>> 4] << 4) - | shadows[block[i] & 0x0f]); - - if (((block[i - 1] ^ val) & 0xff) != 0) - { - if (!boundaryFound) - { - boundaryFound = true; - r = (block[i - 1] ^ val) & 0xff; - boundary = i - 1; - } - else - { - throw new InvalidCipherTextException("invalid tsums in block"); - } - } - } - - block[boundary] = 0; - - byte[] nblock = new byte[(block.length - boundary) / 2]; - - for (int i = 0; i < nblock.length; i++) - { - nblock[i] = block[2 * i + boundary + 1]; - } - - padBits = r - 1; - - return nblock; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/encodings/OAEPEncoding.java b/luni/src/main/java/org/bouncycastle/crypto/encodings/OAEPEncoding.java deleted file mode 100644 index 11821a0..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/encodings/OAEPEncoding.java +++ /dev/null @@ -1,342 +0,0 @@ -package org.bouncycastle.crypto.encodings; - -import java.security.SecureRandom; - -import org.bouncycastle.crypto.AsymmetricBlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.InvalidCipherTextException; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.params.AsymmetricKeyParameter; -import org.bouncycastle.crypto.params.ParametersWithRandom; - -/** - * Optimal Asymmetric Encryption Padding (OAEP) - see PKCS 1 V 2. - */ -public class OAEPEncoding - implements AsymmetricBlockCipher -{ - private byte[] defHash; - private Digest hash; - - private AsymmetricBlockCipher engine; - private SecureRandom random; - private boolean forEncryption; - - public OAEPEncoding( - AsymmetricBlockCipher cipher) - { - this(cipher, new SHA1Digest(), null); - } - - public OAEPEncoding( - AsymmetricBlockCipher cipher, - Digest hash) - { - this(cipher, hash, null); - } - - public OAEPEncoding( - AsymmetricBlockCipher cipher, - Digest hash, - byte[] encodingParams) - { - this.engine = cipher; - this.hash = hash; - this.defHash = new byte[hash.getDigestSize()]; - - if (encodingParams != null) - { - hash.update(encodingParams, 0, encodingParams.length); - } - - hash.doFinal(defHash, 0); - } - - public AsymmetricBlockCipher getUnderlyingCipher() - { - return engine; - } - - public void init( - boolean forEncryption, - CipherParameters param) - { - AsymmetricKeyParameter kParam; - - if (param instanceof ParametersWithRandom) - { - ParametersWithRandom rParam = (ParametersWithRandom)param; - - this.random = rParam.getRandom(); - kParam = (AsymmetricKeyParameter)rParam.getParameters(); - } - else - { - this.random = new SecureRandom(); - kParam = (AsymmetricKeyParameter)param; - } - - engine.init(forEncryption, kParam); - - this.forEncryption = forEncryption; - } - - public int getInputBlockSize() - { - int baseBlockSize = engine.getInputBlockSize(); - - if (forEncryption) - { - return baseBlockSize - 1 - 2 * defHash.length; - } - else - { - return baseBlockSize; - } - } - - public int getOutputBlockSize() - { - int baseBlockSize = engine.getOutputBlockSize(); - - if (forEncryption) - { - return baseBlockSize; - } - else - { - return baseBlockSize - 1 - 2 * defHash.length; - } - } - - public byte[] processBlock( - byte[] in, - int inOff, - int inLen) - throws InvalidCipherTextException - { - if (forEncryption) - { - return encodeBlock(in, inOff, inLen); - } - else - { - return decodeBlock(in, inOff, inLen); - } - } - - public byte[] encodeBlock( - byte[] in, - int inOff, - int inLen) - throws InvalidCipherTextException - { - byte[] block = new byte[getInputBlockSize() + 1 + 2 * defHash.length]; - - // - // copy in the message - // - System.arraycopy(in, inOff, block, block.length - inLen, inLen); - - // - // add sentinel - // - block[block.length - inLen - 1] = 0x01; - - // - // as the block is already zeroed - there's no need to add PS (the >= 0 pad of 0) - // - - // - // add the hash of the encoding params. - // - System.arraycopy(defHash, 0, block, defHash.length, defHash.length); - - // - // generate the seed. - // - byte[] seed = new byte[defHash.length]; - - random.nextBytes(seed); - - // - // mask the message block. - // - byte[] mask = maskGeneratorFunction1(seed, 0, seed.length, block.length - defHash.length); - - for (int i = defHash.length; i != block.length; i++) - { - block[i] ^= mask[i - defHash.length]; - } - - // - // add in the seed - // - System.arraycopy(seed, 0, block, 0, defHash.length); - - // - // mask the seed. - // - mask = maskGeneratorFunction1( - block, defHash.length, block.length - defHash.length, defHash.length); - - for (int i = 0; i != defHash.length; i++) - { - block[i] ^= mask[i]; - } - - return engine.processBlock(block, 0, block.length); - } - - /** - * @exception InvalidCipherTextException if the decrypted block turns out to - * be badly formatted. - */ - public byte[] decodeBlock( - byte[] in, - int inOff, - int inLen) - throws InvalidCipherTextException - { - byte[] data = engine.processBlock(in, inOff, inLen); - byte[] block = null; - - // - // as we may have zeros in our leading bytes for the block we produced - // on encryption, we need to make sure our decrypted block comes back - // the same size. - // - if (data.length < engine.getOutputBlockSize()) - { - block = new byte[engine.getOutputBlockSize()]; - - System.arraycopy(data, 0, block, block.length - data.length, data.length); - } - else - { - block = data; - } - - if (block.length < (2 * defHash.length) + 1) - { - throw new InvalidCipherTextException("data too short"); - } - - // - // unmask the seed. - // - byte[] mask = maskGeneratorFunction1( - block, defHash.length, block.length - defHash.length, defHash.length); - - for (int i = 0; i != defHash.length; i++) - { - block[i] ^= mask[i]; - } - - // - // unmask the message block. - // - mask = maskGeneratorFunction1(block, 0, defHash.length, block.length - defHash.length); - - for (int i = defHash.length; i != block.length; i++) - { - block[i] ^= mask[i - defHash.length]; - } - - // - // check the hash of the encoding params. - // - for (int i = 0; i != defHash.length; i++) - { - if (defHash[i] != block[defHash.length + i]) - { - throw new InvalidCipherTextException("data hash wrong"); - } - } - - // - // find the data block - // - int start; - - for (start = 2 * defHash.length; start != block.length; start++) - { - if (block[start] == 1 || block[start] != 0) - { - break; - } - } - - if (start >= (block.length - 1) || block[start] != 1) - { - throw new InvalidCipherTextException("data start wrong " + start); - } - - start++; - - // - // extract the data block - // - byte[] output = new byte[block.length - start]; - - System.arraycopy(block, start, output, 0, output.length); - - return output; - } - - /** - * int to octet string. - */ - private void ItoOSP( - int i, - byte[] sp) - { - sp[0] = (byte)(i >>> 24); - sp[1] = (byte)(i >>> 16); - sp[2] = (byte)(i >>> 8); - sp[3] = (byte)(i >>> 0); - } - - /** - * mask generator function, as described in PKCS1v2. - */ - private byte[] maskGeneratorFunction1( - byte[] Z, - int zOff, - int zLen, - int length) - { - byte[] mask = new byte[length]; - byte[] hashBuf = new byte[defHash.length]; - byte[] C = new byte[4]; - int counter = 0; - - hash.reset(); - - do - { - ItoOSP(counter, C); - - hash.update(Z, zOff, zLen); - hash.update(C, 0, C.length); - hash.doFinal(hashBuf, 0); - - System.arraycopy(hashBuf, 0, mask, counter * defHash.length, defHash.length); - } - while (++counter < (length / defHash.length)); - - if ((counter * defHash.length) < length) - { - ItoOSP(counter, C); - - hash.update(Z, zOff, zLen); - hash.update(C, 0, C.length); - hash.doFinal(hashBuf, 0); - - System.arraycopy(hashBuf, 0, mask, counter * defHash.length, mask.length - (counter * defHash.length)); - } - - return mask; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/encodings/PKCS1Encoding.java b/luni/src/main/java/org/bouncycastle/crypto/encodings/PKCS1Encoding.java deleted file mode 100644 index 09b32eb..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/encodings/PKCS1Encoding.java +++ /dev/null @@ -1,223 +0,0 @@ -package org.bouncycastle.crypto.encodings; - -import java.security.SecureRandom; - -import org.bouncycastle.crypto.AsymmetricBlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.InvalidCipherTextException; -import org.bouncycastle.crypto.params.AsymmetricKeyParameter; -import org.bouncycastle.crypto.params.ParametersWithRandom; - -/** - * this does your basic PKCS 1 v1.5 padding - whether or not you should be using this - * depends on your application - see PKCS1 Version 2 for details. - */ -public class PKCS1Encoding - implements AsymmetricBlockCipher -{ - /** - * some providers fail to include the leading zero in PKCS1 encoded blocks. If you need to - * work with one of these set the system property org.bouncycastle.pkcs1.strict to false. - * <p> - * The system property is checked during construction of the encoding object, it is set to - * true by default. - * </p> - */ - public static String STRICT_LENGTH_ENABLED_PROPERTY = "org.bouncycastle.pkcs1.strict"; - - private static int HEADER_LENGTH = 10; - - private SecureRandom random; - private AsymmetricBlockCipher engine; - private boolean forEncryption; - private boolean forPrivateKey; - private boolean useStrictLength; - - /** - * Basic constructor. - * @param cipher - */ - public PKCS1Encoding( - AsymmetricBlockCipher cipher) - { - this.engine = cipher; - this.useStrictLength = System.getProperty(STRICT_LENGTH_ENABLED_PROPERTY, "true").equals("true"); - } - - public AsymmetricBlockCipher getUnderlyingCipher() - { - return engine; - } - - public void init( - boolean forEncryption, - CipherParameters param) - { - AsymmetricKeyParameter kParam; - - if (param instanceof ParametersWithRandom) - { - ParametersWithRandom rParam = (ParametersWithRandom)param; - - this.random = rParam.getRandom(); - kParam = (AsymmetricKeyParameter)rParam.getParameters(); - } - else - { - this.random = new SecureRandom(); - kParam = (AsymmetricKeyParameter)param; - } - - engine.init(forEncryption, kParam); - - this.forPrivateKey = kParam.isPrivate(); - this.forEncryption = forEncryption; - } - - public int getInputBlockSize() - { - int baseBlockSize = engine.getInputBlockSize(); - - if (forEncryption) - { - return baseBlockSize - HEADER_LENGTH; - } - else - { - return baseBlockSize; - } - } - - public int getOutputBlockSize() - { - int baseBlockSize = engine.getOutputBlockSize(); - - if (forEncryption) - { - return baseBlockSize; - } - else - { - return baseBlockSize - HEADER_LENGTH; - } - } - - public byte[] processBlock( - byte[] in, - int inOff, - int inLen) - throws InvalidCipherTextException - { - if (forEncryption) - { - return encodeBlock(in, inOff, inLen); - } - else - { - return decodeBlock(in, inOff, inLen); - } - } - - private byte[] encodeBlock( - byte[] in, - int inOff, - int inLen) - throws InvalidCipherTextException - { - byte[] block = new byte[engine.getInputBlockSize()]; - - if (forPrivateKey) - { - block[0] = 0x01; // type code 1 - - for (int i = 1; i != block.length - inLen - 1; i++) - { - block[i] = (byte)0xFF; - } - } - else - { - random.nextBytes(block); // random fill - - block[0] = 0x02; // type code 2 - - // - // a zero byte marks the end of the padding, so all - // the pad bytes must be non-zero. - // - for (int i = 1; i != block.length - inLen - 1; i++) - { - while (block[i] == 0) - { - block[i] = (byte)random.nextInt(); - } - } - } - - block[block.length - inLen - 1] = 0x00; // mark the end of the padding - System.arraycopy(in, inOff, block, block.length - inLen, inLen); - - return engine.processBlock(block, 0, block.length); - } - - /** - * @exception InvalidCipherTextException if the decrypted block is not in PKCS1 format. - */ - private byte[] decodeBlock( - byte[] in, - int inOff, - int inLen) - throws InvalidCipherTextException - { - byte[] block = engine.processBlock(in, inOff, inLen); - - if (block.length < getOutputBlockSize()) - { - throw new InvalidCipherTextException("block truncated"); - } - - byte type = block[0]; - - if (type != 1 && type != 2) - { - throw new InvalidCipherTextException("unknown block type"); - } - - if (useStrictLength && block.length != engine.getOutputBlockSize()) - { - throw new InvalidCipherTextException("block incorrect size"); - } - - // - // find and extract the message block. - // - int start; - - for (start = 1; start != block.length; start++) - { - byte pad = block[start]; - - if (pad == 0) - { - break; - } - if (type == 1 && pad != (byte)0xff) - { - throw new InvalidCipherTextException("block padding incorrect"); - } - } - - start++; // data should start at the next byte - - if (start >= block.length || start < HEADER_LENGTH) - { - throw new InvalidCipherTextException("no data in block"); - } - - byte[] result = new byte[block.length - start]; - - System.arraycopy(block, start, result, 0, result.length); - - return result; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/engines/AESEngine.java b/luni/src/main/java/org/bouncycastle/crypto/engines/AESEngine.java deleted file mode 100644 index 908e78f..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/engines/AESEngine.java +++ /dev/null @@ -1,547 +0,0 @@ -package org.bouncycastle.crypto.engines; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.params.KeyParameter; - -/** - * an implementation of the AES (Rijndael), from FIPS-197. - * <p> - * For further details see: <a href="http://csrc.nist.gov/encryption/aes/">http://csrc.nist.gov/encryption/aes/</a>. - * - * This implementation is based on optimizations from Dr. Brian Gladman's paper and C code at - * <a href="http://fp.gladman.plus.com/cryptography_technology/rijndael/">http://fp.gladman.plus.com/cryptography_technology/rijndael/</a> - * - * There are three levels of tradeoff of speed vs memory - * Because java has no preprocessor, they are written as three separate classes from which to choose - * - * The fastest uses 8Kbytes of static tables to precompute round calculations, 4 256 word tables for encryption - * and 4 for decryption. - * - * The middle performance version uses only one 256 word table for each, for a total of 2Kbytes, - * adding 12 rotate operations per round to compute the values contained in the other tables from - * the contents of the first. - * - * The slowest version uses no static tables at all and computes the values in each round. - * <p> - * This file contains the middle performance version with 2Kbytes of static tables for round precomputation. - * - */ -public class AESEngine - implements BlockCipher -{ - // The S box - private static final byte[] S = { - (byte)99, (byte)124, (byte)119, (byte)123, (byte)242, (byte)107, (byte)111, (byte)197, - (byte)48, (byte)1, (byte)103, (byte)43, (byte)254, (byte)215, (byte)171, (byte)118, - (byte)202, (byte)130, (byte)201, (byte)125, (byte)250, (byte)89, (byte)71, (byte)240, - (byte)173, (byte)212, (byte)162, (byte)175, (byte)156, (byte)164, (byte)114, (byte)192, - (byte)183, (byte)253, (byte)147, (byte)38, (byte)54, (byte)63, (byte)247, (byte)204, - (byte)52, (byte)165, (byte)229, (byte)241, (byte)113, (byte)216, (byte)49, (byte)21, - (byte)4, (byte)199, (byte)35, (byte)195, (byte)24, (byte)150, (byte)5, (byte)154, - (byte)7, (byte)18, (byte)128, (byte)226, (byte)235, (byte)39, (byte)178, (byte)117, - (byte)9, (byte)131, (byte)44, (byte)26, (byte)27, (byte)110, (byte)90, (byte)160, - (byte)82, (byte)59, (byte)214, (byte)179, (byte)41, (byte)227, (byte)47, (byte)132, - (byte)83, (byte)209, (byte)0, (byte)237, (byte)32, (byte)252, (byte)177, (byte)91, - (byte)106, (byte)203, (byte)190, (byte)57, (byte)74, (byte)76, (byte)88, (byte)207, - (byte)208, (byte)239, (byte)170, (byte)251, (byte)67, (byte)77, (byte)51, (byte)133, - (byte)69, (byte)249, (byte)2, (byte)127, (byte)80, (byte)60, (byte)159, (byte)168, - (byte)81, (byte)163, (byte)64, (byte)143, (byte)146, (byte)157, (byte)56, (byte)245, - (byte)188, (byte)182, (byte)218, (byte)33, (byte)16, (byte)255, (byte)243, (byte)210, - (byte)205, (byte)12, (byte)19, (byte)236, (byte)95, (byte)151, (byte)68, (byte)23, - (byte)196, (byte)167, (byte)126, (byte)61, (byte)100, (byte)93, (byte)25, (byte)115, - (byte)96, (byte)129, (byte)79, (byte)220, (byte)34, (byte)42, (byte)144, (byte)136, - (byte)70, (byte)238, (byte)184, (byte)20, (byte)222, (byte)94, (byte)11, (byte)219, - (byte)224, (byte)50, (byte)58, (byte)10, (byte)73, (byte)6, (byte)36, (byte)92, - (byte)194, (byte)211, (byte)172, (byte)98, (byte)145, (byte)149, (byte)228, (byte)121, - (byte)231, (byte)200, (byte)55, (byte)109, (byte)141, (byte)213, (byte)78, (byte)169, - (byte)108, (byte)86, (byte)244, (byte)234, (byte)101, (byte)122, (byte)174, (byte)8, - (byte)186, (byte)120, (byte)37, (byte)46, (byte)28, (byte)166, (byte)180, (byte)198, - (byte)232, (byte)221, (byte)116, (byte)31, (byte)75, (byte)189, (byte)139, (byte)138, - (byte)112, (byte)62, (byte)181, (byte)102, (byte)72, (byte)3, (byte)246, (byte)14, - (byte)97, (byte)53, (byte)87, (byte)185, (byte)134, (byte)193, (byte)29, (byte)158, - (byte)225, (byte)248, (byte)152, (byte)17, (byte)105, (byte)217, (byte)142, (byte)148, - (byte)155, (byte)30, (byte)135, (byte)233, (byte)206, (byte)85, (byte)40, (byte)223, - (byte)140, (byte)161, (byte)137, (byte)13, (byte)191, (byte)230, (byte)66, (byte)104, - (byte)65, (byte)153, (byte)45, (byte)15, (byte)176, (byte)84, (byte)187, (byte)22, - }; - - // The inverse S-box - private static final byte[] Si = { - (byte)82, (byte)9, (byte)106, (byte)213, (byte)48, (byte)54, (byte)165, (byte)56, - (byte)191, (byte)64, (byte)163, (byte)158, (byte)129, (byte)243, (byte)215, (byte)251, - (byte)124, (byte)227, (byte)57, (byte)130, (byte)155, (byte)47, (byte)255, (byte)135, - (byte)52, (byte)142, (byte)67, (byte)68, (byte)196, (byte)222, (byte)233, (byte)203, - (byte)84, (byte)123, (byte)148, (byte)50, (byte)166, (byte)194, (byte)35, (byte)61, - (byte)238, (byte)76, (byte)149, (byte)11, (byte)66, (byte)250, (byte)195, (byte)78, - (byte)8, (byte)46, (byte)161, (byte)102, (byte)40, (byte)217, (byte)36, (byte)178, - (byte)118, (byte)91, (byte)162, (byte)73, (byte)109, (byte)139, (byte)209, (byte)37, - (byte)114, (byte)248, (byte)246, (byte)100, (byte)134, (byte)104, (byte)152, (byte)22, - (byte)212, (byte)164, (byte)92, (byte)204, (byte)93, (byte)101, (byte)182, (byte)146, - (byte)108, (byte)112, (byte)72, (byte)80, (byte)253, (byte)237, (byte)185, (byte)218, - (byte)94, (byte)21, (byte)70, (byte)87, (byte)167, (byte)141, (byte)157, (byte)132, - (byte)144, (byte)216, (byte)171, (byte)0, (byte)140, (byte)188, (byte)211, (byte)10, - (byte)247, (byte)228, (byte)88, (byte)5, (byte)184, (byte)179, (byte)69, (byte)6, - (byte)208, (byte)44, (byte)30, (byte)143, (byte)202, (byte)63, (byte)15, (byte)2, - (byte)193, (byte)175, (byte)189, (byte)3, (byte)1, (byte)19, (byte)138, (byte)107, - (byte)58, (byte)145, (byte)17, (byte)65, (byte)79, (byte)103, (byte)220, (byte)234, - (byte)151, (byte)242, (byte)207, (byte)206, (byte)240, (byte)180, (byte)230, (byte)115, - (byte)150, (byte)172, (byte)116, (byte)34, (byte)231, (byte)173, (byte)53, (byte)133, - (byte)226, (byte)249, (byte)55, (byte)232, (byte)28, (byte)117, (byte)223, (byte)110, - (byte)71, (byte)241, (byte)26, (byte)113, (byte)29, (byte)41, (byte)197, (byte)137, - (byte)111, (byte)183, (byte)98, (byte)14, (byte)170, (byte)24, (byte)190, (byte)27, - (byte)252, (byte)86, (byte)62, (byte)75, (byte)198, (byte)210, (byte)121, (byte)32, - (byte)154, (byte)219, (byte)192, (byte)254, (byte)120, (byte)205, (byte)90, (byte)244, - (byte)31, (byte)221, (byte)168, (byte)51, (byte)136, (byte)7, (byte)199, (byte)49, - (byte)177, (byte)18, (byte)16, (byte)89, (byte)39, (byte)128, (byte)236, (byte)95, - (byte)96, (byte)81, (byte)127, (byte)169, (byte)25, (byte)181, (byte)74, (byte)13, - (byte)45, (byte)229, (byte)122, (byte)159, (byte)147, (byte)201, (byte)156, (byte)239, - (byte)160, (byte)224, (byte)59, (byte)77, (byte)174, (byte)42, (byte)245, (byte)176, - (byte)200, (byte)235, (byte)187, (byte)60, (byte)131, (byte)83, (byte)153, (byte)97, - (byte)23, (byte)43, (byte)4, (byte)126, (byte)186, (byte)119, (byte)214, (byte)38, - (byte)225, (byte)105, (byte)20, (byte)99, (byte)85, (byte)33, (byte)12, (byte)125, - }; - - // vector used in calculating key schedule (powers of x in GF(256)) - private static final int[] rcon = { - 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, - 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91 }; - - // precomputation tables of calculations for rounds - private static final int[] T0 = - { - 0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6, 0x0df2f2ff, - 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591, 0x50303060, 0x03010102, - 0xa96767ce, 0x7d2b2b56, 0x19fefee7, 0x62d7d7b5, 0xe6abab4d, - 0x9a7676ec, 0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa, - 0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb, 0xecadad41, - 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45, 0xbf9c9c23, 0xf7a4a453, - 0x967272e4, 0x5bc0c09b, 0xc2b7b775, 0x1cfdfde1, 0xae93933d, - 0x6a26264c, 0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83, - 0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9, 0x937171e2, - 0x73d8d8ab, 0x53313162, 0x3f15152a, 0x0c040408, 0x52c7c795, - 0x65232346, 0x5ec3c39d, 0x28181830, 0xa1969637, 0x0f05050a, - 0xb59a9a2f, 0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df, - 0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea, 0x1b090912, - 0x9e83831d, 0x742c2c58, 0x2e1a1a34, 0x2d1b1b36, 0xb26e6edc, - 0xee5a5ab4, 0xfba0a05b, 0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, - 0xceb3b37d, 0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413, - 0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1, 0x60202040, - 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6, 0xbe6a6ad4, 0x46cbcb8d, - 0xd9bebe67, 0x4b393972, 0xde4a4a94, 0xd44c4c98, 0xe85858b0, - 0x4acfcf85, 0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed, - 0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511, 0xcf45458a, - 0x10f9f9e9, 0x06020204, 0x817f7ffe, 0xf05050a0, 0x443c3c78, - 0xba9f9f25, 0xe3a8a84b, 0xf35151a2, 0xfea3a35d, 0xc0404080, - 0x8a8f8f05, 0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1, - 0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142, 0x30101020, - 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf, 0x4ccdcd81, 0x140c0c18, - 0x35131326, 0x2fececc3, 0xe15f5fbe, 0xa2979735, 0xcc444488, - 0x3917172e, 0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a, - 0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6, 0xa06060c0, - 0x98818119, 0xd14f4f9e, 0x7fdcdca3, 0x66222244, 0x7e2a2a54, - 0xab90903b, 0x8388880b, 0xca46468c, 0x29eeeec7, 0xd3b8b86b, - 0x3c141428, 0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad, - 0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14, 0xdb494992, - 0x0a06060c, 0x6c242448, 0xe45c5cb8, 0x5dc2c29f, 0x6ed3d3bd, - 0xefacac43, 0xa66262c4, 0xa8919139, 0xa4959531, 0x37e4e4d3, - 0x8b7979f2, 0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda, - 0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949, 0xb46c6cd8, - 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf, 0xaf6565ca, 0x8e7a7af4, - 0xe9aeae47, 0x18080810, 0xd5baba6f, 0x887878f0, 0x6f25254a, - 0x722e2e5c, 0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697, - 0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e, 0xdd4b4b96, - 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f, 0x907070e0, 0x423e3e7c, - 0xc4b5b571, 0xaa6666cc, 0xd8484890, 0x05030306, 0x01f6f6f7, - 0x120e0e1c, 0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969, - 0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27, 0x38e1e1d9, - 0x13f8f8eb, 0xb398982b, 0x33111122, 0xbb6969d2, 0x70d9d9a9, - 0x898e8e07, 0xa7949433, 0xb69b9b2d, 0x221e1e3c, 0x92878715, - 0x20e9e9c9, 0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5, - 0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a, 0xdabfbf65, - 0x31e6e6d7, 0xc6424284, 0xb86868d0, 0xc3414182, 0xb0999929, - 0x772d2d5a, 0x110f0f1e, 0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, - 0x3a16162c}; - -private static final int[] Tinv0 = - { - 0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a, 0xcb6bab3b, - 0xf1459d1f, 0xab58faac, 0x9303e34b, 0x55fa3020, 0xf66d76ad, - 0x9176cc88, 0x254c02f5, 0xfcd7e54f, 0xd7cb2ac5, 0x80443526, - 0x8fa362b5, 0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d, - 0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b, 0xe75f8f03, - 0x959c9215, 0xeb7a6dbf, 0xda595295, 0x2d83bed4, 0xd3217458, - 0x2969e049, 0x44c8c98e, 0x6a89c275, 0x78798ef4, 0x6b3e5899, - 0xdd71b927, 0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d, - 0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362, 0xe07764b1, - 0x84ae6bbb, 0x1ca081fe, 0x942b08f9, 0x58684870, 0x19fd458f, - 0x876cde94, 0xb7f87b52, 0x23d373ab, 0xe2024b72, 0x578f1fe3, - 0x2aab5566, 0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3, - 0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed, 0x2b1ccf8a, - 0x92b479a7, 0xf0f207f3, 0xa1e2694e, 0xcdf4da65, 0xd5be0506, - 0x1f6234d1, 0x8afea6c4, 0x9d532e34, 0xa055f3a2, 0x32e18a05, - 0x75ebf6a4, 0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd, - 0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d, 0xb58d5491, - 0x055dc471, 0x6fd40604, 0xff155060, 0x24fb9819, 0x97e9bdd6, - 0xcc434089, 0x779ed967, 0xbd42e8b0, 0x888b8907, 0x385b19e7, - 0xdbeec879, 0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000, - 0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c, 0xfbff0efd, - 0x5638850f, 0x1ed5ae3d, 0x27392d36, 0x64d90f0a, 0x21a65c68, - 0xd1545b9b, 0x3a2e3624, 0xb1670a0c, 0x0fe75793, 0xd296eeb4, - 0x9e919b1b, 0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c, - 0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12, 0x0b0d090e, - 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14, 0x8519f157, 0x4c0775af, - 0xbbdd99ee, 0xfd607fa3, 0x9f2601f7, 0xbcf5725c, 0xc53b6644, - 0x347efb5b, 0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8, - 0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684, 0x7d244a85, - 0xf83dbbd2, 0x1132f9ae, 0x6da129c7, 0x4b2f9e1d, 0xf330b2dc, - 0xec52860d, 0xd0e3c177, 0x6c16b32b, 0x99b970a9, 0xfa489411, - 0x2264e947, 0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322, - 0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498, 0xcf81f5a6, - 0x28de7aa5, 0x268eb7da, 0xa4bfad3f, 0xe49d3a2c, 0x0d927850, - 0x9bcc5f6a, 0x62467e54, 0xc2138df6, 0xe8b8d890, 0x5ef7392e, - 0xf5afc382, 0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf, - 0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb, 0x097826cd, - 0xf418596e, 0x01b79aec, 0xa89a4f83, 0x656e95e6, 0x7ee6ffaa, - 0x08cfbc21, 0xe6e815ef, 0xd99be7ba, 0xce366f4a, 0xd4099fea, - 0xd67cb029, 0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235, - 0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733, 0x4a9804f1, - 0xf7daec41, 0x0e50cd7f, 0x2ff69117, 0x8dd64d76, 0x4db0ef43, - 0x544daacc, 0xdf0496e4, 0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, - 0x7f516546, 0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb, - 0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d, 0x8c61d79a, - 0x7a0ca137, 0x8e14f859, 0x893c13eb, 0xee27a9ce, 0x35c961b7, - 0xede51ce1, 0x3cb1477a, 0x59dfd29c, 0x3f73f255, 0x79ce1418, - 0xbf37c773, 0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478, - 0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2, 0x72c31d16, - 0x0c25e2bc, 0x8b493c28, 0x41950dff, 0x7101a839, 0xdeb30c08, - 0x9ce4b4d8, 0x90c15664, 0x6184cb7b, 0x70b632d5, 0x745c6c48, - 0x4257b8d0}; - - private int shift( - int r, - int shift) - { - return (r >>> shift) | (r << -shift); - } - - /* multiply four bytes in GF(2^8) by 'x' {02} in parallel */ - - private static final int m1 = 0x80808080; - private static final int m2 = 0x7f7f7f7f; - private static final int m3 = 0x0000001b; - - private int FFmulX(int x) - { - return (((x & m2) << 1) ^ (((x & m1) >>> 7) * m3)); - } - - /* - The following defines provide alternative definitions of FFmulX that might - give improved performance if a fast 32-bit multiply is not available. - - private int FFmulX(int x) { int u = x & m1; u |= (u >> 1); return ((x & m2) << 1) ^ ((u >>> 3) | (u >>> 6)); } - private static final int m4 = 0x1b1b1b1b; - private int FFmulX(int x) { int u = x & m1; return ((x & m2) << 1) ^ ((u - (u >>> 7)) & m4); } - - */ - - private int inv_mcol(int x) - { - int f2 = FFmulX(x); - int f4 = FFmulX(f2); - int f8 = FFmulX(f4); - int f9 = x ^ f8; - - return f2 ^ f4 ^ f8 ^ shift(f2 ^ f9, 8) ^ shift(f4 ^ f9, 16) ^ shift(f9, 24); - } - - private int subWord(int x) - { - return (S[x&255]&255 | ((S[(x>>8)&255]&255)<<8) | ((S[(x>>16)&255]&255)<<16) | S[(x>>24)&255]<<24); - } - - /** - * Calculate the necessary round keys - * The number of calculations depends on key size and block size - * AES specified a fixed block size of 128 bits and key sizes 128/192/256 bits - * This code is written assuming those are the only possible values - */ - private int[][] generateWorkingKey( - byte[] key, - boolean forEncryption) - { - int KC = key.length / 4; // key length in words - int t; - - if (((KC != 4) && (KC != 6) && (KC != 8)) || ((KC * 4) != key.length)) - { - throw new IllegalArgumentException("Key length not 128/192/256 bits."); - } - - ROUNDS = KC + 6; // This is not always true for the generalized Rijndael that allows larger block sizes - int[][] W = new int[ROUNDS+1][4]; // 4 words in a block - - // - // copy the key into the round key array - // - - t = 0; - int i = 0; - while (i < key.length) - { - W[t >> 2][t & 3] = (key[i]&0xff) | ((key[i+1]&0xff) << 8) | ((key[i+2]&0xff) << 16) | (key[i+3] << 24); - i+=4; - t++; - } - - // - // while not enough round key material calculated - // calculate new values - // - int k = (ROUNDS + 1) << 2; - for (i = KC; (i < k); i++) - { - int temp = W[(i-1)>>2][(i-1)&3]; - if ((i % KC) == 0) - { - temp = subWord(shift(temp, 8)) ^ rcon[(i / KC)-1]; - } - else if ((KC > 6) && ((i % KC) == 4)) - { - temp = subWord(temp); - } - - W[i>>2][i&3] = W[(i - KC)>>2][(i-KC)&3] ^ temp; - } - - if (!forEncryption) - { - for (int j = 1; j < ROUNDS; j++) - { - for (i = 0; i < 4; i++) - { - W[j][i] = inv_mcol(W[j][i]); - } - } - } - - return W; - } - - private int ROUNDS; - private int[][] WorkingKey = null; - private int C0, C1, C2, C3; - private boolean forEncryption; - - private static final int BLOCK_SIZE = 16; - - /** - * default constructor - 128 bit block size. - */ - public AESEngine() - { - } - - /** - * initialise an AES cipher. - * - * @param forEncryption whether or not we are for encryption. - * @param params the parameters required to set up the cipher. - * @exception IllegalArgumentException if the params argument is - * inappropriate. - */ - public void init( - boolean forEncryption, - CipherParameters params) - { - if (params instanceof KeyParameter) - { - WorkingKey = generateWorkingKey(((KeyParameter)params).getKey(), forEncryption); - this.forEncryption = forEncryption; - return; - } - - throw new IllegalArgumentException("invalid parameter passed to AES init - " + params.getClass().getName()); - } - - public String getAlgorithmName() - { - return "AES"; - } - - public int getBlockSize() - { - return BLOCK_SIZE; - } - - public int processBlock( - byte[] in, - int inOff, - byte[] out, - int outOff) - { - if (WorkingKey == null) - { - throw new IllegalStateException("AES engine not initialised"); - } - - if ((inOff + (32 / 2)) > in.length) - { - throw new DataLengthException("input buffer too short"); - } - - if ((outOff + (32 / 2)) > out.length) - { - throw new DataLengthException("output buffer too short"); - } - - if (forEncryption) - { - unpackBlock(in, inOff); - encryptBlock(WorkingKey); - packBlock(out, outOff); - } - else - { - unpackBlock(in, inOff); - decryptBlock(WorkingKey); - packBlock(out, outOff); - } - - return BLOCK_SIZE; - } - - public void reset() - { - } - - private final void unpackBlock( - byte[] bytes, - int off) - { - int index = off; - - C0 = (bytes[index++] & 0xff); - C0 |= (bytes[index++] & 0xff) << 8; - C0 |= (bytes[index++] & 0xff) << 16; - C0 |= bytes[index++] << 24; - - C1 = (bytes[index++] & 0xff); - C1 |= (bytes[index++] & 0xff) << 8; - C1 |= (bytes[index++] & 0xff) << 16; - C1 |= bytes[index++] << 24; - - C2 = (bytes[index++] & 0xff); - C2 |= (bytes[index++] & 0xff) << 8; - C2 |= (bytes[index++] & 0xff) << 16; - C2 |= bytes[index++] << 24; - - C3 = (bytes[index++] & 0xff); - C3 |= (bytes[index++] & 0xff) << 8; - C3 |= (bytes[index++] & 0xff) << 16; - C3 |= bytes[index++] << 24; - } - - private final void packBlock( - byte[] bytes, - int off) - { - int index = off; - - bytes[index++] = (byte)C0; - bytes[index++] = (byte)(C0 >> 8); - bytes[index++] = (byte)(C0 >> 16); - bytes[index++] = (byte)(C0 >> 24); - - bytes[index++] = (byte)C1; - bytes[index++] = (byte)(C1 >> 8); - bytes[index++] = (byte)(C1 >> 16); - bytes[index++] = (byte)(C1 >> 24); - - bytes[index++] = (byte)C2; - bytes[index++] = (byte)(C2 >> 8); - bytes[index++] = (byte)(C2 >> 16); - bytes[index++] = (byte)(C2 >> 24); - - bytes[index++] = (byte)C3; - bytes[index++] = (byte)(C3 >> 8); - bytes[index++] = (byte)(C3 >> 16); - bytes[index++] = (byte)(C3 >> 24); - } - - - private final void encryptBlock(int[][] KW) - { - int r, r0, r1, r2, r3; - - C0 ^= KW[0][0]; - C1 ^= KW[0][1]; - C2 ^= KW[0][2]; - C3 ^= KW[0][3]; - - r = 1; - - while (r < ROUNDS - 1) - { - r0 = T0[C0&255] ^ shift(T0[(C1>>8)&255], 24) ^ shift(T0[(C2>>16)&255],16) ^ shift(T0[(C3>>24)&255],8) ^ KW[r][0]; - r1 = T0[C1&255] ^ shift(T0[(C2>>8)&255], 24) ^ shift(T0[(C3>>16)&255], 16) ^ shift(T0[(C0>>24)&255], 8) ^ KW[r][1]; - r2 = T0[C2&255] ^ shift(T0[(C3>>8)&255], 24) ^ shift(T0[(C0>>16)&255], 16) ^ shift(T0[(C1>>24)&255], 8) ^ KW[r][2]; - r3 = T0[C3&255] ^ shift(T0[(C0>>8)&255], 24) ^ shift(T0[(C1>>16)&255], 16) ^ shift(T0[(C2>>24)&255], 8) ^ KW[r++][3]; - C0 = T0[r0&255] ^ shift(T0[(r1>>8)&255], 24) ^ shift(T0[(r2>>16)&255], 16) ^ shift(T0[(r3>>24)&255], 8) ^ KW[r][0]; - C1 = T0[r1&255] ^ shift(T0[(r2>>8)&255], 24) ^ shift(T0[(r3>>16)&255], 16) ^ shift(T0[(r0>>24)&255], 8) ^ KW[r][1]; - C2 = T0[r2&255] ^ shift(T0[(r3>>8)&255], 24) ^ shift(T0[(r0>>16)&255], 16) ^ shift(T0[(r1>>24)&255], 8) ^ KW[r][2]; - C3 = T0[r3&255] ^ shift(T0[(r0>>8)&255], 24) ^ shift(T0[(r1>>16)&255], 16) ^ shift(T0[(r2>>24)&255], 8) ^ KW[r++][3]; - } - - r0 = T0[C0&255] ^ shift(T0[(C1>>8)&255], 24) ^ shift(T0[(C2>>16)&255], 16) ^ shift(T0[(C3>>24)&255], 8) ^ KW[r][0]; - r1 = T0[C1&255] ^ shift(T0[(C2>>8)&255], 24) ^ shift(T0[(C3>>16)&255], 16) ^ shift(T0[(C0>>24)&255], 8) ^ KW[r][1]; - r2 = T0[C2&255] ^ shift(T0[(C3>>8)&255], 24) ^ shift(T0[(C0>>16)&255], 16) ^ shift(T0[(C1>>24)&255], 8) ^ KW[r][2]; - r3 = T0[C3&255] ^ shift(T0[(C0>>8)&255], 24) ^ shift(T0[(C1>>16)&255], 16) ^ shift(T0[(C2>>24)&255], 8) ^ KW[r++][3]; - - // the final round's table is a simple function of S so we don't use a whole other four tables for it - - C0 = (S[r0&255]&255) ^ ((S[(r1>>8)&255]&255)<<8) ^ ((S[(r2>>16)&255]&255)<<16) ^ (S[(r3>>24)&255]<<24) ^ KW[r][0]; - C1 = (S[r1&255]&255) ^ ((S[(r2>>8)&255]&255)<<8) ^ ((S[(r3>>16)&255]&255)<<16) ^ (S[(r0>>24)&255]<<24) ^ KW[r][1]; - C2 = (S[r2&255]&255) ^ ((S[(r3>>8)&255]&255)<<8) ^ ((S[(r0>>16)&255]&255)<<16) ^ (S[(r1>>24)&255]<<24) ^ KW[r][2]; - C3 = (S[r3&255]&255) ^ ((S[(r0>>8)&255]&255)<<8) ^ ((S[(r1>>16)&255]&255)<<16) ^ (S[(r2>>24)&255]<<24) ^ KW[r][3]; - - } - - private final void decryptBlock(int[][] KW) - { - int r, r0, r1, r2, r3; - - C0 ^= KW[ROUNDS][0]; - C1 ^= KW[ROUNDS][1]; - C2 ^= KW[ROUNDS][2]; - C3 ^= KW[ROUNDS][3]; - - r = ROUNDS-1; - - while (r>1) - { - r0 = Tinv0[C0&255] ^ shift(Tinv0[(C3>>8)&255], 24) ^ shift(Tinv0[(C2>>16)&255], 16) ^ shift(Tinv0[(C1>>24)&255], 8) ^ KW[r][0]; - r1 = Tinv0[C1&255] ^ shift(Tinv0[(C0>>8)&255], 24) ^ shift(Tinv0[(C3>>16)&255], 16) ^ shift(Tinv0[(C2>>24)&255], 8) ^ KW[r][1]; - r2 = Tinv0[C2&255] ^ shift(Tinv0[(C1>>8)&255], 24) ^ shift(Tinv0[(C0>>16)&255], 16) ^ shift(Tinv0[(C3>>24)&255], 8) ^ KW[r][2]; - r3 = Tinv0[C3&255] ^ shift(Tinv0[(C2>>8)&255], 24) ^ shift(Tinv0[(C1>>16)&255], 16) ^ shift(Tinv0[(C0>>24)&255], 8) ^ KW[r--][3]; - C0 = Tinv0[r0&255] ^ shift(Tinv0[(r3>>8)&255], 24) ^ shift(Tinv0[(r2>>16)&255], 16) ^ shift(Tinv0[(r1>>24)&255], 8) ^ KW[r][0]; - C1 = Tinv0[r1&255] ^ shift(Tinv0[(r0>>8)&255], 24) ^ shift(Tinv0[(r3>>16)&255], 16) ^ shift(Tinv0[(r2>>24)&255], 8) ^ KW[r][1]; - C2 = Tinv0[r2&255] ^ shift(Tinv0[(r1>>8)&255], 24) ^ shift(Tinv0[(r0>>16)&255], 16) ^ shift(Tinv0[(r3>>24)&255], 8) ^ KW[r][2]; - C3 = Tinv0[r3&255] ^ shift(Tinv0[(r2>>8)&255], 24) ^ shift(Tinv0[(r1>>16)&255], 16) ^ shift(Tinv0[(r0>>24)&255], 8) ^ KW[r--][3]; - } - - r0 = Tinv0[C0&255] ^ shift(Tinv0[(C3>>8)&255], 24) ^ shift(Tinv0[(C2>>16)&255], 16) ^ shift(Tinv0[(C1>>24)&255], 8) ^ KW[r][0]; - r1 = Tinv0[C1&255] ^ shift(Tinv0[(C0>>8)&255], 24) ^ shift(Tinv0[(C3>>16)&255], 16) ^ shift(Tinv0[(C2>>24)&255], 8) ^ KW[r][1]; - r2 = Tinv0[C2&255] ^ shift(Tinv0[(C1>>8)&255], 24) ^ shift(Tinv0[(C0>>16)&255], 16) ^ shift(Tinv0[(C3>>24)&255], 8) ^ KW[r][2]; - r3 = Tinv0[C3&255] ^ shift(Tinv0[(C2>>8)&255], 24) ^ shift(Tinv0[(C1>>16)&255], 16) ^ shift(Tinv0[(C0>>24)&255], 8) ^ KW[r--][3]; - - // the final round's table is a simple function of Si so we don't use a whole other four tables for it - - C0 = (Si[r0&255]&255) ^ ((Si[(r3>>8)&255]&255)<<8) ^ ((Si[(r2>>16)&255]&255)<<16) ^ (Si[(r1>>24)&255]<<24) ^ KW[0][0]; - C1 = (Si[r1&255]&255) ^ ((Si[(r0>>8)&255]&255)<<8) ^ ((Si[(r3>>16)&255]&255)<<16) ^ (Si[(r2>>24)&255]<<24) ^ KW[0][1]; - C2 = (Si[r2&255]&255) ^ ((Si[(r1>>8)&255]&255)<<8) ^ ((Si[(r0>>16)&255]&255)<<16) ^ (Si[(r3>>24)&255]<<24) ^ KW[0][2]; - C3 = (Si[r3&255]&255) ^ ((Si[(r2>>8)&255]&255)<<8) ^ ((Si[(r1>>16)&255]&255)<<16) ^ (Si[(r0>>24)&255]<<24) ^ KW[0][3]; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/engines/AESFastEngine.java b/luni/src/main/java/org/bouncycastle/crypto/engines/AESFastEngine.java deleted file mode 100644 index e693a1b..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/engines/AESFastEngine.java +++ /dev/null @@ -1,876 +0,0 @@ -package org.bouncycastle.crypto.engines; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.params.KeyParameter; - -/** - * an implementation of the AES (Rijndael), from FIPS-197. - * <p> - * For further details see: <a href="http://csrc.nist.gov/encryption/aes/">http://csrc.nist.gov/encryption/aes/</a>. - * - * This implementation is based on optimizations from Dr. Brian Gladman's paper and C code at - * <a href="http://fp.gladman.plus.com/cryptography_technology/rijndael/">http://fp.gladman.plus.com/cryptography_technology/rijndael/</a> - * - * There are three levels of tradeoff of speed vs memory - * Because java has no preprocessor, they are written as three separate classes from which to choose - * - * The fastest uses 8Kbytes of static tables to precompute round calculations, 4 256 word tables for encryption - * and 4 for decryption. - * - * The middle performance version uses only one 256 word table for each, for a total of 2Kbytes, - * adding 12 rotate operations per round to compute the values contained in the other tables from - * the contents of the first - * - * The slowest version uses no static tables at all and computes the values in each round - * <p> - * This file contains the fast version with 8Kbytes of static tables for round precomputation - * - */ -public class AESFastEngine - implements BlockCipher -{ - // The S box - private static final byte[] S = { - (byte)99, (byte)124, (byte)119, (byte)123, (byte)242, (byte)107, (byte)111, (byte)197, - (byte)48, (byte)1, (byte)103, (byte)43, (byte)254, (byte)215, (byte)171, (byte)118, - (byte)202, (byte)130, (byte)201, (byte)125, (byte)250, (byte)89, (byte)71, (byte)240, - (byte)173, (byte)212, (byte)162, (byte)175, (byte)156, (byte)164, (byte)114, (byte)192, - (byte)183, (byte)253, (byte)147, (byte)38, (byte)54, (byte)63, (byte)247, (byte)204, - (byte)52, (byte)165, (byte)229, (byte)241, (byte)113, (byte)216, (byte)49, (byte)21, - (byte)4, (byte)199, (byte)35, (byte)195, (byte)24, (byte)150, (byte)5, (byte)154, - (byte)7, (byte)18, (byte)128, (byte)226, (byte)235, (byte)39, (byte)178, (byte)117, - (byte)9, (byte)131, (byte)44, (byte)26, (byte)27, (byte)110, (byte)90, (byte)160, - (byte)82, (byte)59, (byte)214, (byte)179, (byte)41, (byte)227, (byte)47, (byte)132, - (byte)83, (byte)209, (byte)0, (byte)237, (byte)32, (byte)252, (byte)177, (byte)91, - (byte)106, (byte)203, (byte)190, (byte)57, (byte)74, (byte)76, (byte)88, (byte)207, - (byte)208, (byte)239, (byte)170, (byte)251, (byte)67, (byte)77, (byte)51, (byte)133, - (byte)69, (byte)249, (byte)2, (byte)127, (byte)80, (byte)60, (byte)159, (byte)168, - (byte)81, (byte)163, (byte)64, (byte)143, (byte)146, (byte)157, (byte)56, (byte)245, - (byte)188, (byte)182, (byte)218, (byte)33, (byte)16, (byte)255, (byte)243, (byte)210, - (byte)205, (byte)12, (byte)19, (byte)236, (byte)95, (byte)151, (byte)68, (byte)23, - (byte)196, (byte)167, (byte)126, (byte)61, (byte)100, (byte)93, (byte)25, (byte)115, - (byte)96, (byte)129, (byte)79, (byte)220, (byte)34, (byte)42, (byte)144, (byte)136, - (byte)70, (byte)238, (byte)184, (byte)20, (byte)222, (byte)94, (byte)11, (byte)219, - (byte)224, (byte)50, (byte)58, (byte)10, (byte)73, (byte)6, (byte)36, (byte)92, - (byte)194, (byte)211, (byte)172, (byte)98, (byte)145, (byte)149, (byte)228, (byte)121, - (byte)231, (byte)200, (byte)55, (byte)109, (byte)141, (byte)213, (byte)78, (byte)169, - (byte)108, (byte)86, (byte)244, (byte)234, (byte)101, (byte)122, (byte)174, (byte)8, - (byte)186, (byte)120, (byte)37, (byte)46, (byte)28, (byte)166, (byte)180, (byte)198, - (byte)232, (byte)221, (byte)116, (byte)31, (byte)75, (byte)189, (byte)139, (byte)138, - (byte)112, (byte)62, (byte)181, (byte)102, (byte)72, (byte)3, (byte)246, (byte)14, - (byte)97, (byte)53, (byte)87, (byte)185, (byte)134, (byte)193, (byte)29, (byte)158, - (byte)225, (byte)248, (byte)152, (byte)17, (byte)105, (byte)217, (byte)142, (byte)148, - (byte)155, (byte)30, (byte)135, (byte)233, (byte)206, (byte)85, (byte)40, (byte)223, - (byte)140, (byte)161, (byte)137, (byte)13, (byte)191, (byte)230, (byte)66, (byte)104, - (byte)65, (byte)153, (byte)45, (byte)15, (byte)176, (byte)84, (byte)187, (byte)22, - }; - - // The inverse S-box - private static final byte[] Si = { - (byte)82, (byte)9, (byte)106, (byte)213, (byte)48, (byte)54, (byte)165, (byte)56, - (byte)191, (byte)64, (byte)163, (byte)158, (byte)129, (byte)243, (byte)215, (byte)251, - (byte)124, (byte)227, (byte)57, (byte)130, (byte)155, (byte)47, (byte)255, (byte)135, - (byte)52, (byte)142, (byte)67, (byte)68, (byte)196, (byte)222, (byte)233, (byte)203, - (byte)84, (byte)123, (byte)148, (byte)50, (byte)166, (byte)194, (byte)35, (byte)61, - (byte)238, (byte)76, (byte)149, (byte)11, (byte)66, (byte)250, (byte)195, (byte)78, - (byte)8, (byte)46, (byte)161, (byte)102, (byte)40, (byte)217, (byte)36, (byte)178, - (byte)118, (byte)91, (byte)162, (byte)73, (byte)109, (byte)139, (byte)209, (byte)37, - (byte)114, (byte)248, (byte)246, (byte)100, (byte)134, (byte)104, (byte)152, (byte)22, - (byte)212, (byte)164, (byte)92, (byte)204, (byte)93, (byte)101, (byte)182, (byte)146, - (byte)108, (byte)112, (byte)72, (byte)80, (byte)253, (byte)237, (byte)185, (byte)218, - (byte)94, (byte)21, (byte)70, (byte)87, (byte)167, (byte)141, (byte)157, (byte)132, - (byte)144, (byte)216, (byte)171, (byte)0, (byte)140, (byte)188, (byte)211, (byte)10, - (byte)247, (byte)228, (byte)88, (byte)5, (byte)184, (byte)179, (byte)69, (byte)6, - (byte)208, (byte)44, (byte)30, (byte)143, (byte)202, (byte)63, (byte)15, (byte)2, - (byte)193, (byte)175, (byte)189, (byte)3, (byte)1, (byte)19, (byte)138, (byte)107, - (byte)58, (byte)145, (byte)17, (byte)65, (byte)79, (byte)103, (byte)220, (byte)234, - (byte)151, (byte)242, (byte)207, (byte)206, (byte)240, (byte)180, (byte)230, (byte)115, - (byte)150, (byte)172, (byte)116, (byte)34, (byte)231, (byte)173, (byte)53, (byte)133, - (byte)226, (byte)249, (byte)55, (byte)232, (byte)28, (byte)117, (byte)223, (byte)110, - (byte)71, (byte)241, (byte)26, (byte)113, (byte)29, (byte)41, (byte)197, (byte)137, - (byte)111, (byte)183, (byte)98, (byte)14, (byte)170, (byte)24, (byte)190, (byte)27, - (byte)252, (byte)86, (byte)62, (byte)75, (byte)198, (byte)210, (byte)121, (byte)32, - (byte)154, (byte)219, (byte)192, (byte)254, (byte)120, (byte)205, (byte)90, (byte)244, - (byte)31, (byte)221, (byte)168, (byte)51, (byte)136, (byte)7, (byte)199, (byte)49, - (byte)177, (byte)18, (byte)16, (byte)89, (byte)39, (byte)128, (byte)236, (byte)95, - (byte)96, (byte)81, (byte)127, (byte)169, (byte)25, (byte)181, (byte)74, (byte)13, - (byte)45, (byte)229, (byte)122, (byte)159, (byte)147, (byte)201, (byte)156, (byte)239, - (byte)160, (byte)224, (byte)59, (byte)77, (byte)174, (byte)42, (byte)245, (byte)176, - (byte)200, (byte)235, (byte)187, (byte)60, (byte)131, (byte)83, (byte)153, (byte)97, - (byte)23, (byte)43, (byte)4, (byte)126, (byte)186, (byte)119, (byte)214, (byte)38, - (byte)225, (byte)105, (byte)20, (byte)99, (byte)85, (byte)33, (byte)12, (byte)125, - }; - - // vector used in calculating key schedule (powers of x in GF(256)) - private static final int[] rcon = { - 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, - 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91 }; - - // precomputation tables of calculations for rounds - private static final int[] T0 = - { - 0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6, 0x0df2f2ff, - 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591, 0x50303060, 0x03010102, - 0xa96767ce, 0x7d2b2b56, 0x19fefee7, 0x62d7d7b5, 0xe6abab4d, - 0x9a7676ec, 0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa, - 0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb, 0xecadad41, - 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45, 0xbf9c9c23, 0xf7a4a453, - 0x967272e4, 0x5bc0c09b, 0xc2b7b775, 0x1cfdfde1, 0xae93933d, - 0x6a26264c, 0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83, - 0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9, 0x937171e2, - 0x73d8d8ab, 0x53313162, 0x3f15152a, 0x0c040408, 0x52c7c795, - 0x65232346, 0x5ec3c39d, 0x28181830, 0xa1969637, 0x0f05050a, - 0xb59a9a2f, 0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df, - 0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea, 0x1b090912, - 0x9e83831d, 0x742c2c58, 0x2e1a1a34, 0x2d1b1b36, 0xb26e6edc, - 0xee5a5ab4, 0xfba0a05b, 0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, - 0xceb3b37d, 0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413, - 0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1, 0x60202040, - 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6, 0xbe6a6ad4, 0x46cbcb8d, - 0xd9bebe67, 0x4b393972, 0xde4a4a94, 0xd44c4c98, 0xe85858b0, - 0x4acfcf85, 0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed, - 0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511, 0xcf45458a, - 0x10f9f9e9, 0x06020204, 0x817f7ffe, 0xf05050a0, 0x443c3c78, - 0xba9f9f25, 0xe3a8a84b, 0xf35151a2, 0xfea3a35d, 0xc0404080, - 0x8a8f8f05, 0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1, - 0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142, 0x30101020, - 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf, 0x4ccdcd81, 0x140c0c18, - 0x35131326, 0x2fececc3, 0xe15f5fbe, 0xa2979735, 0xcc444488, - 0x3917172e, 0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a, - 0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6, 0xa06060c0, - 0x98818119, 0xd14f4f9e, 0x7fdcdca3, 0x66222244, 0x7e2a2a54, - 0xab90903b, 0x8388880b, 0xca46468c, 0x29eeeec7, 0xd3b8b86b, - 0x3c141428, 0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad, - 0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14, 0xdb494992, - 0x0a06060c, 0x6c242448, 0xe45c5cb8, 0x5dc2c29f, 0x6ed3d3bd, - 0xefacac43, 0xa66262c4, 0xa8919139, 0xa4959531, 0x37e4e4d3, - 0x8b7979f2, 0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda, - 0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949, 0xb46c6cd8, - 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf, 0xaf6565ca, 0x8e7a7af4, - 0xe9aeae47, 0x18080810, 0xd5baba6f, 0x887878f0, 0x6f25254a, - 0x722e2e5c, 0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697, - 0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e, 0xdd4b4b96, - 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f, 0x907070e0, 0x423e3e7c, - 0xc4b5b571, 0xaa6666cc, 0xd8484890, 0x05030306, 0x01f6f6f7, - 0x120e0e1c, 0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969, - 0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27, 0x38e1e1d9, - 0x13f8f8eb, 0xb398982b, 0x33111122, 0xbb6969d2, 0x70d9d9a9, - 0x898e8e07, 0xa7949433, 0xb69b9b2d, 0x221e1e3c, 0x92878715, - 0x20e9e9c9, 0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5, - 0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a, 0xdabfbf65, - 0x31e6e6d7, 0xc6424284, 0xb86868d0, 0xc3414182, 0xb0999929, - 0x772d2d5a, 0x110f0f1e, 0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, - 0x3a16162c}; - - private static final int[] T1 = - { - 0x6363c6a5, 0x7c7cf884, 0x7777ee99, 0x7b7bf68d, 0xf2f2ff0d, - 0x6b6bd6bd, 0x6f6fdeb1, 0xc5c59154, 0x30306050, 0x01010203, - 0x6767cea9, 0x2b2b567d, 0xfefee719, 0xd7d7b562, 0xabab4de6, - 0x7676ec9a, 0xcaca8f45, 0x82821f9d, 0xc9c98940, 0x7d7dfa87, - 0xfafaef15, 0x5959b2eb, 0x47478ec9, 0xf0f0fb0b, 0xadad41ec, - 0xd4d4b367, 0xa2a25ffd, 0xafaf45ea, 0x9c9c23bf, 0xa4a453f7, - 0x7272e496, 0xc0c09b5b, 0xb7b775c2, 0xfdfde11c, 0x93933dae, - 0x26264c6a, 0x36366c5a, 0x3f3f7e41, 0xf7f7f502, 0xcccc834f, - 0x3434685c, 0xa5a551f4, 0xe5e5d134, 0xf1f1f908, 0x7171e293, - 0xd8d8ab73, 0x31316253, 0x15152a3f, 0x0404080c, 0xc7c79552, - 0x23234665, 0xc3c39d5e, 0x18183028, 0x969637a1, 0x05050a0f, - 0x9a9a2fb5, 0x07070e09, 0x12122436, 0x80801b9b, 0xe2e2df3d, - 0xebebcd26, 0x27274e69, 0xb2b27fcd, 0x7575ea9f, 0x0909121b, - 0x83831d9e, 0x2c2c5874, 0x1a1a342e, 0x1b1b362d, 0x6e6edcb2, - 0x5a5ab4ee, 0xa0a05bfb, 0x5252a4f6, 0x3b3b764d, 0xd6d6b761, - 0xb3b37dce, 0x2929527b, 0xe3e3dd3e, 0x2f2f5e71, 0x84841397, - 0x5353a6f5, 0xd1d1b968, 0x00000000, 0xededc12c, 0x20204060, - 0xfcfce31f, 0xb1b179c8, 0x5b5bb6ed, 0x6a6ad4be, 0xcbcb8d46, - 0xbebe67d9, 0x3939724b, 0x4a4a94de, 0x4c4c98d4, 0x5858b0e8, - 0xcfcf854a, 0xd0d0bb6b, 0xefefc52a, 0xaaaa4fe5, 0xfbfbed16, - 0x434386c5, 0x4d4d9ad7, 0x33336655, 0x85851194, 0x45458acf, - 0xf9f9e910, 0x02020406, 0x7f7ffe81, 0x5050a0f0, 0x3c3c7844, - 0x9f9f25ba, 0xa8a84be3, 0x5151a2f3, 0xa3a35dfe, 0x404080c0, - 0x8f8f058a, 0x92923fad, 0x9d9d21bc, 0x38387048, 0xf5f5f104, - 0xbcbc63df, 0xb6b677c1, 0xdadaaf75, 0x21214263, 0x10102030, - 0xffffe51a, 0xf3f3fd0e, 0xd2d2bf6d, 0xcdcd814c, 0x0c0c1814, - 0x13132635, 0xececc32f, 0x5f5fbee1, 0x979735a2, 0x444488cc, - 0x17172e39, 0xc4c49357, 0xa7a755f2, 0x7e7efc82, 0x3d3d7a47, - 0x6464c8ac, 0x5d5dbae7, 0x1919322b, 0x7373e695, 0x6060c0a0, - 0x81811998, 0x4f4f9ed1, 0xdcdca37f, 0x22224466, 0x2a2a547e, - 0x90903bab, 0x88880b83, 0x46468cca, 0xeeeec729, 0xb8b86bd3, - 0x1414283c, 0xdedea779, 0x5e5ebce2, 0x0b0b161d, 0xdbdbad76, - 0xe0e0db3b, 0x32326456, 0x3a3a744e, 0x0a0a141e, 0x494992db, - 0x06060c0a, 0x2424486c, 0x5c5cb8e4, 0xc2c29f5d, 0xd3d3bd6e, - 0xacac43ef, 0x6262c4a6, 0x919139a8, 0x959531a4, 0xe4e4d337, - 0x7979f28b, 0xe7e7d532, 0xc8c88b43, 0x37376e59, 0x6d6ddab7, - 0x8d8d018c, 0xd5d5b164, 0x4e4e9cd2, 0xa9a949e0, 0x6c6cd8b4, - 0x5656acfa, 0xf4f4f307, 0xeaeacf25, 0x6565caaf, 0x7a7af48e, - 0xaeae47e9, 0x08081018, 0xbaba6fd5, 0x7878f088, 0x25254a6f, - 0x2e2e5c72, 0x1c1c3824, 0xa6a657f1, 0xb4b473c7, 0xc6c69751, - 0xe8e8cb23, 0xdddda17c, 0x7474e89c, 0x1f1f3e21, 0x4b4b96dd, - 0xbdbd61dc, 0x8b8b0d86, 0x8a8a0f85, 0x7070e090, 0x3e3e7c42, - 0xb5b571c4, 0x6666ccaa, 0x484890d8, 0x03030605, 0xf6f6f701, - 0x0e0e1c12, 0x6161c2a3, 0x35356a5f, 0x5757aef9, 0xb9b969d0, - 0x86861791, 0xc1c19958, 0x1d1d3a27, 0x9e9e27b9, 0xe1e1d938, - 0xf8f8eb13, 0x98982bb3, 0x11112233, 0x6969d2bb, 0xd9d9a970, - 0x8e8e0789, 0x949433a7, 0x9b9b2db6, 0x1e1e3c22, 0x87871592, - 0xe9e9c920, 0xcece8749, 0x5555aaff, 0x28285078, 0xdfdfa57a, - 0x8c8c038f, 0xa1a159f8, 0x89890980, 0x0d0d1a17, 0xbfbf65da, - 0xe6e6d731, 0x424284c6, 0x6868d0b8, 0x414182c3, 0x999929b0, - 0x2d2d5a77, 0x0f0f1e11, 0xb0b07bcb, 0x5454a8fc, 0xbbbb6dd6, - 0x16162c3a}; - - private static final int[] T2 = - { - 0x63c6a563, 0x7cf8847c, 0x77ee9977, 0x7bf68d7b, 0xf2ff0df2, - 0x6bd6bd6b, 0x6fdeb16f, 0xc59154c5, 0x30605030, 0x01020301, - 0x67cea967, 0x2b567d2b, 0xfee719fe, 0xd7b562d7, 0xab4de6ab, - 0x76ec9a76, 0xca8f45ca, 0x821f9d82, 0xc98940c9, 0x7dfa877d, - 0xfaef15fa, 0x59b2eb59, 0x478ec947, 0xf0fb0bf0, 0xad41ecad, - 0xd4b367d4, 0xa25ffda2, 0xaf45eaaf, 0x9c23bf9c, 0xa453f7a4, - 0x72e49672, 0xc09b5bc0, 0xb775c2b7, 0xfde11cfd, 0x933dae93, - 0x264c6a26, 0x366c5a36, 0x3f7e413f, 0xf7f502f7, 0xcc834fcc, - 0x34685c34, 0xa551f4a5, 0xe5d134e5, 0xf1f908f1, 0x71e29371, - 0xd8ab73d8, 0x31625331, 0x152a3f15, 0x04080c04, 0xc79552c7, - 0x23466523, 0xc39d5ec3, 0x18302818, 0x9637a196, 0x050a0f05, - 0x9a2fb59a, 0x070e0907, 0x12243612, 0x801b9b80, 0xe2df3de2, - 0xebcd26eb, 0x274e6927, 0xb27fcdb2, 0x75ea9f75, 0x09121b09, - 0x831d9e83, 0x2c58742c, 0x1a342e1a, 0x1b362d1b, 0x6edcb26e, - 0x5ab4ee5a, 0xa05bfba0, 0x52a4f652, 0x3b764d3b, 0xd6b761d6, - 0xb37dceb3, 0x29527b29, 0xe3dd3ee3, 0x2f5e712f, 0x84139784, - 0x53a6f553, 0xd1b968d1, 0x00000000, 0xedc12ced, 0x20406020, - 0xfce31ffc, 0xb179c8b1, 0x5bb6ed5b, 0x6ad4be6a, 0xcb8d46cb, - 0xbe67d9be, 0x39724b39, 0x4a94de4a, 0x4c98d44c, 0x58b0e858, - 0xcf854acf, 0xd0bb6bd0, 0xefc52aef, 0xaa4fe5aa, 0xfbed16fb, - 0x4386c543, 0x4d9ad74d, 0x33665533, 0x85119485, 0x458acf45, - 0xf9e910f9, 0x02040602, 0x7ffe817f, 0x50a0f050, 0x3c78443c, - 0x9f25ba9f, 0xa84be3a8, 0x51a2f351, 0xa35dfea3, 0x4080c040, - 0x8f058a8f, 0x923fad92, 0x9d21bc9d, 0x38704838, 0xf5f104f5, - 0xbc63dfbc, 0xb677c1b6, 0xdaaf75da, 0x21426321, 0x10203010, - 0xffe51aff, 0xf3fd0ef3, 0xd2bf6dd2, 0xcd814ccd, 0x0c18140c, - 0x13263513, 0xecc32fec, 0x5fbee15f, 0x9735a297, 0x4488cc44, - 0x172e3917, 0xc49357c4, 0xa755f2a7, 0x7efc827e, 0x3d7a473d, - 0x64c8ac64, 0x5dbae75d, 0x19322b19, 0x73e69573, 0x60c0a060, - 0x81199881, 0x4f9ed14f, 0xdca37fdc, 0x22446622, 0x2a547e2a, - 0x903bab90, 0x880b8388, 0x468cca46, 0xeec729ee, 0xb86bd3b8, - 0x14283c14, 0xdea779de, 0x5ebce25e, 0x0b161d0b, 0xdbad76db, - 0xe0db3be0, 0x32645632, 0x3a744e3a, 0x0a141e0a, 0x4992db49, - 0x060c0a06, 0x24486c24, 0x5cb8e45c, 0xc29f5dc2, 0xd3bd6ed3, - 0xac43efac, 0x62c4a662, 0x9139a891, 0x9531a495, 0xe4d337e4, - 0x79f28b79, 0xe7d532e7, 0xc88b43c8, 0x376e5937, 0x6ddab76d, - 0x8d018c8d, 0xd5b164d5, 0x4e9cd24e, 0xa949e0a9, 0x6cd8b46c, - 0x56acfa56, 0xf4f307f4, 0xeacf25ea, 0x65caaf65, 0x7af48e7a, - 0xae47e9ae, 0x08101808, 0xba6fd5ba, 0x78f08878, 0x254a6f25, - 0x2e5c722e, 0x1c38241c, 0xa657f1a6, 0xb473c7b4, 0xc69751c6, - 0xe8cb23e8, 0xdda17cdd, 0x74e89c74, 0x1f3e211f, 0x4b96dd4b, - 0xbd61dcbd, 0x8b0d868b, 0x8a0f858a, 0x70e09070, 0x3e7c423e, - 0xb571c4b5, 0x66ccaa66, 0x4890d848, 0x03060503, 0xf6f701f6, - 0x0e1c120e, 0x61c2a361, 0x356a5f35, 0x57aef957, 0xb969d0b9, - 0x86179186, 0xc19958c1, 0x1d3a271d, 0x9e27b99e, 0xe1d938e1, - 0xf8eb13f8, 0x982bb398, 0x11223311, 0x69d2bb69, 0xd9a970d9, - 0x8e07898e, 0x9433a794, 0x9b2db69b, 0x1e3c221e, 0x87159287, - 0xe9c920e9, 0xce8749ce, 0x55aaff55, 0x28507828, 0xdfa57adf, - 0x8c038f8c, 0xa159f8a1, 0x89098089, 0x0d1a170d, 0xbf65dabf, - 0xe6d731e6, 0x4284c642, 0x68d0b868, 0x4182c341, 0x9929b099, - 0x2d5a772d, 0x0f1e110f, 0xb07bcbb0, 0x54a8fc54, 0xbb6dd6bb, - 0x162c3a16}; - - private static final int[] T3 = - { - 0xc6a56363, 0xf8847c7c, 0xee997777, 0xf68d7b7b, 0xff0df2f2, - 0xd6bd6b6b, 0xdeb16f6f, 0x9154c5c5, 0x60503030, 0x02030101, - 0xcea96767, 0x567d2b2b, 0xe719fefe, 0xb562d7d7, 0x4de6abab, - 0xec9a7676, 0x8f45caca, 0x1f9d8282, 0x8940c9c9, 0xfa877d7d, - 0xef15fafa, 0xb2eb5959, 0x8ec94747, 0xfb0bf0f0, 0x41ecadad, - 0xb367d4d4, 0x5ffda2a2, 0x45eaafaf, 0x23bf9c9c, 0x53f7a4a4, - 0xe4967272, 0x9b5bc0c0, 0x75c2b7b7, 0xe11cfdfd, 0x3dae9393, - 0x4c6a2626, 0x6c5a3636, 0x7e413f3f, 0xf502f7f7, 0x834fcccc, - 0x685c3434, 0x51f4a5a5, 0xd134e5e5, 0xf908f1f1, 0xe2937171, - 0xab73d8d8, 0x62533131, 0x2a3f1515, 0x080c0404, 0x9552c7c7, - 0x46652323, 0x9d5ec3c3, 0x30281818, 0x37a19696, 0x0a0f0505, - 0x2fb59a9a, 0x0e090707, 0x24361212, 0x1b9b8080, 0xdf3de2e2, - 0xcd26ebeb, 0x4e692727, 0x7fcdb2b2, 0xea9f7575, 0x121b0909, - 0x1d9e8383, 0x58742c2c, 0x342e1a1a, 0x362d1b1b, 0xdcb26e6e, - 0xb4ee5a5a, 0x5bfba0a0, 0xa4f65252, 0x764d3b3b, 0xb761d6d6, - 0x7dceb3b3, 0x527b2929, 0xdd3ee3e3, 0x5e712f2f, 0x13978484, - 0xa6f55353, 0xb968d1d1, 0x00000000, 0xc12ceded, 0x40602020, - 0xe31ffcfc, 0x79c8b1b1, 0xb6ed5b5b, 0xd4be6a6a, 0x8d46cbcb, - 0x67d9bebe, 0x724b3939, 0x94de4a4a, 0x98d44c4c, 0xb0e85858, - 0x854acfcf, 0xbb6bd0d0, 0xc52aefef, 0x4fe5aaaa, 0xed16fbfb, - 0x86c54343, 0x9ad74d4d, 0x66553333, 0x11948585, 0x8acf4545, - 0xe910f9f9, 0x04060202, 0xfe817f7f, 0xa0f05050, 0x78443c3c, - 0x25ba9f9f, 0x4be3a8a8, 0xa2f35151, 0x5dfea3a3, 0x80c04040, - 0x058a8f8f, 0x3fad9292, 0x21bc9d9d, 0x70483838, 0xf104f5f5, - 0x63dfbcbc, 0x77c1b6b6, 0xaf75dada, 0x42632121, 0x20301010, - 0xe51affff, 0xfd0ef3f3, 0xbf6dd2d2, 0x814ccdcd, 0x18140c0c, - 0x26351313, 0xc32fecec, 0xbee15f5f, 0x35a29797, 0x88cc4444, - 0x2e391717, 0x9357c4c4, 0x55f2a7a7, 0xfc827e7e, 0x7a473d3d, - 0xc8ac6464, 0xbae75d5d, 0x322b1919, 0xe6957373, 0xc0a06060, - 0x19988181, 0x9ed14f4f, 0xa37fdcdc, 0x44662222, 0x547e2a2a, - 0x3bab9090, 0x0b838888, 0x8cca4646, 0xc729eeee, 0x6bd3b8b8, - 0x283c1414, 0xa779dede, 0xbce25e5e, 0x161d0b0b, 0xad76dbdb, - 0xdb3be0e0, 0x64563232, 0x744e3a3a, 0x141e0a0a, 0x92db4949, - 0x0c0a0606, 0x486c2424, 0xb8e45c5c, 0x9f5dc2c2, 0xbd6ed3d3, - 0x43efacac, 0xc4a66262, 0x39a89191, 0x31a49595, 0xd337e4e4, - 0xf28b7979, 0xd532e7e7, 0x8b43c8c8, 0x6e593737, 0xdab76d6d, - 0x018c8d8d, 0xb164d5d5, 0x9cd24e4e, 0x49e0a9a9, 0xd8b46c6c, - 0xacfa5656, 0xf307f4f4, 0xcf25eaea, 0xcaaf6565, 0xf48e7a7a, - 0x47e9aeae, 0x10180808, 0x6fd5baba, 0xf0887878, 0x4a6f2525, - 0x5c722e2e, 0x38241c1c, 0x57f1a6a6, 0x73c7b4b4, 0x9751c6c6, - 0xcb23e8e8, 0xa17cdddd, 0xe89c7474, 0x3e211f1f, 0x96dd4b4b, - 0x61dcbdbd, 0x0d868b8b, 0x0f858a8a, 0xe0907070, 0x7c423e3e, - 0x71c4b5b5, 0xccaa6666, 0x90d84848, 0x06050303, 0xf701f6f6, - 0x1c120e0e, 0xc2a36161, 0x6a5f3535, 0xaef95757, 0x69d0b9b9, - 0x17918686, 0x9958c1c1, 0x3a271d1d, 0x27b99e9e, 0xd938e1e1, - 0xeb13f8f8, 0x2bb39898, 0x22331111, 0xd2bb6969, 0xa970d9d9, - 0x07898e8e, 0x33a79494, 0x2db69b9b, 0x3c221e1e, 0x15928787, - 0xc920e9e9, 0x8749cece, 0xaaff5555, 0x50782828, 0xa57adfdf, - 0x038f8c8c, 0x59f8a1a1, 0x09808989, 0x1a170d0d, 0x65dabfbf, - 0xd731e6e6, 0x84c64242, 0xd0b86868, 0x82c34141, 0x29b09999, - 0x5a772d2d, 0x1e110f0f, 0x7bcbb0b0, 0xa8fc5454, 0x6dd6bbbb, - 0x2c3a1616}; - -private static final int[] Tinv0 = - { - 0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a, 0xcb6bab3b, - 0xf1459d1f, 0xab58faac, 0x9303e34b, 0x55fa3020, 0xf66d76ad, - 0x9176cc88, 0x254c02f5, 0xfcd7e54f, 0xd7cb2ac5, 0x80443526, - 0x8fa362b5, 0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d, - 0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b, 0xe75f8f03, - 0x959c9215, 0xeb7a6dbf, 0xda595295, 0x2d83bed4, 0xd3217458, - 0x2969e049, 0x44c8c98e, 0x6a89c275, 0x78798ef4, 0x6b3e5899, - 0xdd71b927, 0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d, - 0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362, 0xe07764b1, - 0x84ae6bbb, 0x1ca081fe, 0x942b08f9, 0x58684870, 0x19fd458f, - 0x876cde94, 0xb7f87b52, 0x23d373ab, 0xe2024b72, 0x578f1fe3, - 0x2aab5566, 0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3, - 0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed, 0x2b1ccf8a, - 0x92b479a7, 0xf0f207f3, 0xa1e2694e, 0xcdf4da65, 0xd5be0506, - 0x1f6234d1, 0x8afea6c4, 0x9d532e34, 0xa055f3a2, 0x32e18a05, - 0x75ebf6a4, 0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd, - 0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d, 0xb58d5491, - 0x055dc471, 0x6fd40604, 0xff155060, 0x24fb9819, 0x97e9bdd6, - 0xcc434089, 0x779ed967, 0xbd42e8b0, 0x888b8907, 0x385b19e7, - 0xdbeec879, 0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000, - 0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c, 0xfbff0efd, - 0x5638850f, 0x1ed5ae3d, 0x27392d36, 0x64d90f0a, 0x21a65c68, - 0xd1545b9b, 0x3a2e3624, 0xb1670a0c, 0x0fe75793, 0xd296eeb4, - 0x9e919b1b, 0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c, - 0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12, 0x0b0d090e, - 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14, 0x8519f157, 0x4c0775af, - 0xbbdd99ee, 0xfd607fa3, 0x9f2601f7, 0xbcf5725c, 0xc53b6644, - 0x347efb5b, 0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8, - 0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684, 0x7d244a85, - 0xf83dbbd2, 0x1132f9ae, 0x6da129c7, 0x4b2f9e1d, 0xf330b2dc, - 0xec52860d, 0xd0e3c177, 0x6c16b32b, 0x99b970a9, 0xfa489411, - 0x2264e947, 0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322, - 0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498, 0xcf81f5a6, - 0x28de7aa5, 0x268eb7da, 0xa4bfad3f, 0xe49d3a2c, 0x0d927850, - 0x9bcc5f6a, 0x62467e54, 0xc2138df6, 0xe8b8d890, 0x5ef7392e, - 0xf5afc382, 0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf, - 0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb, 0x097826cd, - 0xf418596e, 0x01b79aec, 0xa89a4f83, 0x656e95e6, 0x7ee6ffaa, - 0x08cfbc21, 0xe6e815ef, 0xd99be7ba, 0xce366f4a, 0xd4099fea, - 0xd67cb029, 0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235, - 0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733, 0x4a9804f1, - 0xf7daec41, 0x0e50cd7f, 0x2ff69117, 0x8dd64d76, 0x4db0ef43, - 0x544daacc, 0xdf0496e4, 0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, - 0x7f516546, 0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb, - 0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d, 0x8c61d79a, - 0x7a0ca137, 0x8e14f859, 0x893c13eb, 0xee27a9ce, 0x35c961b7, - 0xede51ce1, 0x3cb1477a, 0x59dfd29c, 0x3f73f255, 0x79ce1418, - 0xbf37c773, 0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478, - 0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2, 0x72c31d16, - 0x0c25e2bc, 0x8b493c28, 0x41950dff, 0x7101a839, 0xdeb30c08, - 0x9ce4b4d8, 0x90c15664, 0x6184cb7b, 0x70b632d5, 0x745c6c48, - 0x4257b8d0}; - - private static final int[] Tinv1 = - { - 0xa7f45150, 0x65417e53, 0xa4171ac3, 0x5e273a96, 0x6bab3bcb, - 0x459d1ff1, 0x58faacab, 0x03e34b93, 0xfa302055, 0x6d76adf6, - 0x76cc8891, 0x4c02f525, 0xd7e54ffc, 0xcb2ac5d7, 0x44352680, - 0xa362b58f, 0x5ab1de49, 0x1bba2567, 0x0eea4598, 0xc0fe5de1, - 0x752fc302, 0xf04c8112, 0x97468da3, 0xf9d36bc6, 0x5f8f03e7, - 0x9c921595, 0x7a6dbfeb, 0x595295da, 0x83bed42d, 0x217458d3, - 0x69e04929, 0xc8c98e44, 0x89c2756a, 0x798ef478, 0x3e58996b, - 0x71b927dd, 0x4fe1beb6, 0xad88f017, 0xac20c966, 0x3ace7db4, - 0x4adf6318, 0x311ae582, 0x33519760, 0x7f536245, 0x7764b1e0, - 0xae6bbb84, 0xa081fe1c, 0x2b08f994, 0x68487058, 0xfd458f19, - 0x6cde9487, 0xf87b52b7, 0xd373ab23, 0x024b72e2, 0x8f1fe357, - 0xab55662a, 0x28ebb207, 0xc2b52f03, 0x7bc5869a, 0x0837d3a5, - 0x872830f2, 0xa5bf23b2, 0x6a0302ba, 0x8216ed5c, 0x1ccf8a2b, - 0xb479a792, 0xf207f3f0, 0xe2694ea1, 0xf4da65cd, 0xbe0506d5, - 0x6234d11f, 0xfea6c48a, 0x532e349d, 0x55f3a2a0, 0xe18a0532, - 0xebf6a475, 0xec830b39, 0xef6040aa, 0x9f715e06, 0x106ebd51, - 0x8a213ef9, 0x06dd963d, 0x053eddae, 0xbde64d46, 0x8d5491b5, - 0x5dc47105, 0xd406046f, 0x155060ff, 0xfb981924, 0xe9bdd697, - 0x434089cc, 0x9ed96777, 0x42e8b0bd, 0x8b890788, 0x5b19e738, - 0xeec879db, 0x0a7ca147, 0x0f427ce9, 0x1e84f8c9, 0x00000000, - 0x86800983, 0xed2b3248, 0x70111eac, 0x725a6c4e, 0xff0efdfb, - 0x38850f56, 0xd5ae3d1e, 0x392d3627, 0xd90f0a64, 0xa65c6821, - 0x545b9bd1, 0x2e36243a, 0x670a0cb1, 0xe757930f, 0x96eeb4d2, - 0x919b1b9e, 0xc5c0804f, 0x20dc61a2, 0x4b775a69, 0x1a121c16, - 0xba93e20a, 0x2aa0c0e5, 0xe0223c43, 0x171b121d, 0x0d090e0b, - 0xc78bf2ad, 0xa8b62db9, 0xa91e14c8, 0x19f15785, 0x0775af4c, - 0xdd99eebb, 0x607fa3fd, 0x2601f79f, 0xf5725cbc, 0x3b6644c5, - 0x7efb5b34, 0x29438b76, 0xc623cbdc, 0xfcedb668, 0xf1e4b863, - 0xdc31d7ca, 0x85634210, 0x22971340, 0x11c68420, 0x244a857d, - 0x3dbbd2f8, 0x32f9ae11, 0xa129c76d, 0x2f9e1d4b, 0x30b2dcf3, - 0x52860dec, 0xe3c177d0, 0x16b32b6c, 0xb970a999, 0x489411fa, - 0x64e94722, 0x8cfca8c4, 0x3ff0a01a, 0x2c7d56d8, 0x903322ef, - 0x4e4987c7, 0xd138d9c1, 0xa2ca8cfe, 0x0bd49836, 0x81f5a6cf, - 0xde7aa528, 0x8eb7da26, 0xbfad3fa4, 0x9d3a2ce4, 0x9278500d, - 0xcc5f6a9b, 0x467e5462, 0x138df6c2, 0xb8d890e8, 0xf7392e5e, - 0xafc382f5, 0x805d9fbe, 0x93d0697c, 0x2dd56fa9, 0x1225cfb3, - 0x99acc83b, 0x7d1810a7, 0x639ce86e, 0xbb3bdb7b, 0x7826cd09, - 0x18596ef4, 0xb79aec01, 0x9a4f83a8, 0x6e95e665, 0xe6ffaa7e, - 0xcfbc2108, 0xe815efe6, 0x9be7bad9, 0x366f4ace, 0x099fead4, - 0x7cb029d6, 0xb2a431af, 0x233f2a31, 0x94a5c630, 0x66a235c0, - 0xbc4e7437, 0xca82fca6, 0xd090e0b0, 0xd8a73315, 0x9804f14a, - 0xdaec41f7, 0x50cd7f0e, 0xf691172f, 0xd64d768d, 0xb0ef434d, - 0x4daacc54, 0x0496e4df, 0xb5d19ee3, 0x886a4c1b, 0x1f2cc1b8, - 0x5165467f, 0xea5e9d04, 0x358c015d, 0x7487fa73, 0x410bfb2e, - 0x1d67b35a, 0xd2db9252, 0x5610e933, 0x47d66d13, 0x61d79a8c, - 0x0ca1377a, 0x14f8598e, 0x3c13eb89, 0x27a9ceee, 0xc961b735, - 0xe51ce1ed, 0xb1477a3c, 0xdfd29c59, 0x73f2553f, 0xce141879, - 0x37c773bf, 0xcdf753ea, 0xaafd5f5b, 0x6f3ddf14, 0xdb447886, - 0xf3afca81, 0xc468b93e, 0x3424382c, 0x40a3c25f, 0xc31d1672, - 0x25e2bc0c, 0x493c288b, 0x950dff41, 0x01a83971, 0xb30c08de, - 0xe4b4d89c, 0xc1566490, 0x84cb7b61, 0xb632d570, 0x5c6c4874, - 0x57b8d042}; - - private static final int[] Tinv2 = - { - 0xf45150a7, 0x417e5365, 0x171ac3a4, 0x273a965e, 0xab3bcb6b, - 0x9d1ff145, 0xfaacab58, 0xe34b9303, 0x302055fa, 0x76adf66d, - 0xcc889176, 0x02f5254c, 0xe54ffcd7, 0x2ac5d7cb, 0x35268044, - 0x62b58fa3, 0xb1de495a, 0xba25671b, 0xea45980e, 0xfe5de1c0, - 0x2fc30275, 0x4c8112f0, 0x468da397, 0xd36bc6f9, 0x8f03e75f, - 0x9215959c, 0x6dbfeb7a, 0x5295da59, 0xbed42d83, 0x7458d321, - 0xe0492969, 0xc98e44c8, 0xc2756a89, 0x8ef47879, 0x58996b3e, - 0xb927dd71, 0xe1beb64f, 0x88f017ad, 0x20c966ac, 0xce7db43a, - 0xdf63184a, 0x1ae58231, 0x51976033, 0x5362457f, 0x64b1e077, - 0x6bbb84ae, 0x81fe1ca0, 0x08f9942b, 0x48705868, 0x458f19fd, - 0xde94876c, 0x7b52b7f8, 0x73ab23d3, 0x4b72e202, 0x1fe3578f, - 0x55662aab, 0xebb20728, 0xb52f03c2, 0xc5869a7b, 0x37d3a508, - 0x2830f287, 0xbf23b2a5, 0x0302ba6a, 0x16ed5c82, 0xcf8a2b1c, - 0x79a792b4, 0x07f3f0f2, 0x694ea1e2, 0xda65cdf4, 0x0506d5be, - 0x34d11f62, 0xa6c48afe, 0x2e349d53, 0xf3a2a055, 0x8a0532e1, - 0xf6a475eb, 0x830b39ec, 0x6040aaef, 0x715e069f, 0x6ebd5110, - 0x213ef98a, 0xdd963d06, 0x3eddae05, 0xe64d46bd, 0x5491b58d, - 0xc471055d, 0x06046fd4, 0x5060ff15, 0x981924fb, 0xbdd697e9, - 0x4089cc43, 0xd967779e, 0xe8b0bd42, 0x8907888b, 0x19e7385b, - 0xc879dbee, 0x7ca1470a, 0x427ce90f, 0x84f8c91e, 0x00000000, - 0x80098386, 0x2b3248ed, 0x111eac70, 0x5a6c4e72, 0x0efdfbff, - 0x850f5638, 0xae3d1ed5, 0x2d362739, 0x0f0a64d9, 0x5c6821a6, - 0x5b9bd154, 0x36243a2e, 0x0a0cb167, 0x57930fe7, 0xeeb4d296, - 0x9b1b9e91, 0xc0804fc5, 0xdc61a220, 0x775a694b, 0x121c161a, - 0x93e20aba, 0xa0c0e52a, 0x223c43e0, 0x1b121d17, 0x090e0b0d, - 0x8bf2adc7, 0xb62db9a8, 0x1e14c8a9, 0xf1578519, 0x75af4c07, - 0x99eebbdd, 0x7fa3fd60, 0x01f79f26, 0x725cbcf5, 0x6644c53b, - 0xfb5b347e, 0x438b7629, 0x23cbdcc6, 0xedb668fc, 0xe4b863f1, - 0x31d7cadc, 0x63421085, 0x97134022, 0xc6842011, 0x4a857d24, - 0xbbd2f83d, 0xf9ae1132, 0x29c76da1, 0x9e1d4b2f, 0xb2dcf330, - 0x860dec52, 0xc177d0e3, 0xb32b6c16, 0x70a999b9, 0x9411fa48, - 0xe9472264, 0xfca8c48c, 0xf0a01a3f, 0x7d56d82c, 0x3322ef90, - 0x4987c74e, 0x38d9c1d1, 0xca8cfea2, 0xd498360b, 0xf5a6cf81, - 0x7aa528de, 0xb7da268e, 0xad3fa4bf, 0x3a2ce49d, 0x78500d92, - 0x5f6a9bcc, 0x7e546246, 0x8df6c213, 0xd890e8b8, 0x392e5ef7, - 0xc382f5af, 0x5d9fbe80, 0xd0697c93, 0xd56fa92d, 0x25cfb312, - 0xacc83b99, 0x1810a77d, 0x9ce86e63, 0x3bdb7bbb, 0x26cd0978, - 0x596ef418, 0x9aec01b7, 0x4f83a89a, 0x95e6656e, 0xffaa7ee6, - 0xbc2108cf, 0x15efe6e8, 0xe7bad99b, 0x6f4ace36, 0x9fead409, - 0xb029d67c, 0xa431afb2, 0x3f2a3123, 0xa5c63094, 0xa235c066, - 0x4e7437bc, 0x82fca6ca, 0x90e0b0d0, 0xa73315d8, 0x04f14a98, - 0xec41f7da, 0xcd7f0e50, 0x91172ff6, 0x4d768dd6, 0xef434db0, - 0xaacc544d, 0x96e4df04, 0xd19ee3b5, 0x6a4c1b88, 0x2cc1b81f, - 0x65467f51, 0x5e9d04ea, 0x8c015d35, 0x87fa7374, 0x0bfb2e41, - 0x67b35a1d, 0xdb9252d2, 0x10e93356, 0xd66d1347, 0xd79a8c61, - 0xa1377a0c, 0xf8598e14, 0x13eb893c, 0xa9ceee27, 0x61b735c9, - 0x1ce1ede5, 0x477a3cb1, 0xd29c59df, 0xf2553f73, 0x141879ce, - 0xc773bf37, 0xf753eacd, 0xfd5f5baa, 0x3ddf146f, 0x447886db, - 0xafca81f3, 0x68b93ec4, 0x24382c34, 0xa3c25f40, 0x1d1672c3, - 0xe2bc0c25, 0x3c288b49, 0x0dff4195, 0xa8397101, 0x0c08deb3, - 0xb4d89ce4, 0x566490c1, 0xcb7b6184, 0x32d570b6, 0x6c48745c, - 0xb8d04257}; - - private static final int[] Tinv3 = - { - 0x5150a7f4, 0x7e536541, 0x1ac3a417, 0x3a965e27, 0x3bcb6bab, - 0x1ff1459d, 0xacab58fa, 0x4b9303e3, 0x2055fa30, 0xadf66d76, - 0x889176cc, 0xf5254c02, 0x4ffcd7e5, 0xc5d7cb2a, 0x26804435, - 0xb58fa362, 0xde495ab1, 0x25671bba, 0x45980eea, 0x5de1c0fe, - 0xc302752f, 0x8112f04c, 0x8da39746, 0x6bc6f9d3, 0x03e75f8f, - 0x15959c92, 0xbfeb7a6d, 0x95da5952, 0xd42d83be, 0x58d32174, - 0x492969e0, 0x8e44c8c9, 0x756a89c2, 0xf478798e, 0x996b3e58, - 0x27dd71b9, 0xbeb64fe1, 0xf017ad88, 0xc966ac20, 0x7db43ace, - 0x63184adf, 0xe582311a, 0x97603351, 0x62457f53, 0xb1e07764, - 0xbb84ae6b, 0xfe1ca081, 0xf9942b08, 0x70586848, 0x8f19fd45, - 0x94876cde, 0x52b7f87b, 0xab23d373, 0x72e2024b, 0xe3578f1f, - 0x662aab55, 0xb20728eb, 0x2f03c2b5, 0x869a7bc5, 0xd3a50837, - 0x30f28728, 0x23b2a5bf, 0x02ba6a03, 0xed5c8216, 0x8a2b1ccf, - 0xa792b479, 0xf3f0f207, 0x4ea1e269, 0x65cdf4da, 0x06d5be05, - 0xd11f6234, 0xc48afea6, 0x349d532e, 0xa2a055f3, 0x0532e18a, - 0xa475ebf6, 0x0b39ec83, 0x40aaef60, 0x5e069f71, 0xbd51106e, - 0x3ef98a21, 0x963d06dd, 0xddae053e, 0x4d46bde6, 0x91b58d54, - 0x71055dc4, 0x046fd406, 0x60ff1550, 0x1924fb98, 0xd697e9bd, - 0x89cc4340, 0x67779ed9, 0xb0bd42e8, 0x07888b89, 0xe7385b19, - 0x79dbeec8, 0xa1470a7c, 0x7ce90f42, 0xf8c91e84, 0x00000000, - 0x09838680, 0x3248ed2b, 0x1eac7011, 0x6c4e725a, 0xfdfbff0e, - 0x0f563885, 0x3d1ed5ae, 0x3627392d, 0x0a64d90f, 0x6821a65c, - 0x9bd1545b, 0x243a2e36, 0x0cb1670a, 0x930fe757, 0xb4d296ee, - 0x1b9e919b, 0x804fc5c0, 0x61a220dc, 0x5a694b77, 0x1c161a12, - 0xe20aba93, 0xc0e52aa0, 0x3c43e022, 0x121d171b, 0x0e0b0d09, - 0xf2adc78b, 0x2db9a8b6, 0x14c8a91e, 0x578519f1, 0xaf4c0775, - 0xeebbdd99, 0xa3fd607f, 0xf79f2601, 0x5cbcf572, 0x44c53b66, - 0x5b347efb, 0x8b762943, 0xcbdcc623, 0xb668fced, 0xb863f1e4, - 0xd7cadc31, 0x42108563, 0x13402297, 0x842011c6, 0x857d244a, - 0xd2f83dbb, 0xae1132f9, 0xc76da129, 0x1d4b2f9e, 0xdcf330b2, - 0x0dec5286, 0x77d0e3c1, 0x2b6c16b3, 0xa999b970, 0x11fa4894, - 0x472264e9, 0xa8c48cfc, 0xa01a3ff0, 0x56d82c7d, 0x22ef9033, - 0x87c74e49, 0xd9c1d138, 0x8cfea2ca, 0x98360bd4, 0xa6cf81f5, - 0xa528de7a, 0xda268eb7, 0x3fa4bfad, 0x2ce49d3a, 0x500d9278, - 0x6a9bcc5f, 0x5462467e, 0xf6c2138d, 0x90e8b8d8, 0x2e5ef739, - 0x82f5afc3, 0x9fbe805d, 0x697c93d0, 0x6fa92dd5, 0xcfb31225, - 0xc83b99ac, 0x10a77d18, 0xe86e639c, 0xdb7bbb3b, 0xcd097826, - 0x6ef41859, 0xec01b79a, 0x83a89a4f, 0xe6656e95, 0xaa7ee6ff, - 0x2108cfbc, 0xefe6e815, 0xbad99be7, 0x4ace366f, 0xead4099f, - 0x29d67cb0, 0x31afb2a4, 0x2a31233f, 0xc63094a5, 0x35c066a2, - 0x7437bc4e, 0xfca6ca82, 0xe0b0d090, 0x3315d8a7, 0xf14a9804, - 0x41f7daec, 0x7f0e50cd, 0x172ff691, 0x768dd64d, 0x434db0ef, - 0xcc544daa, 0xe4df0496, 0x9ee3b5d1, 0x4c1b886a, 0xc1b81f2c, - 0x467f5165, 0x9d04ea5e, 0x015d358c, 0xfa737487, 0xfb2e410b, - 0xb35a1d67, 0x9252d2db, 0xe9335610, 0x6d1347d6, 0x9a8c61d7, - 0x377a0ca1, 0x598e14f8, 0xeb893c13, 0xceee27a9, 0xb735c961, - 0xe1ede51c, 0x7a3cb147, 0x9c59dfd2, 0x553f73f2, 0x1879ce14, - 0x73bf37c7, 0x53eacdf7, 0x5f5baafd, 0xdf146f3d, 0x7886db44, - 0xca81f3af, 0xb93ec468, 0x382c3424, 0xc25f40a3, 0x1672c31d, - 0xbc0c25e2, 0x288b493c, 0xff41950d, 0x397101a8, 0x08deb30c, - 0xd89ce4b4, 0x6490c156, 0x7b6184cb, 0xd570b632, 0x48745c6c, - 0xd04257b8}; - - private int shift( - int r, - int shift) - { - return (r >>> shift) | (r << -shift); - } - - /* multiply four bytes in GF(2^8) by 'x' {02} in parallel */ - - private static final int m1 = 0x80808080; - private static final int m2 = 0x7f7f7f7f; - private static final int m3 = 0x0000001b; - - private int FFmulX(int x) - { - return (((x & m2) << 1) ^ (((x & m1) >>> 7) * m3)); - } - - /* - The following defines provide alternative definitions of FFmulX that might - give improved performance if a fast 32-bit multiply is not available. - - private int FFmulX(int x) { int u = x & m1; u |= (u >> 1); return ((x & m2) << 1) ^ ((u >>> 3) | (u >>> 6)); } - private static final int m4 = 0x1b1b1b1b; - private int FFmulX(int x) { int u = x & m1; return ((x & m2) << 1) ^ ((u - (u >>> 7)) & m4); } - - */ - - private int inv_mcol(int x) - { - int f2 = FFmulX(x); - int f4 = FFmulX(f2); - int f8 = FFmulX(f4); - int f9 = x ^ f8; - - return f2 ^ f4 ^ f8 ^ shift(f2 ^ f9, 8) ^ shift(f4 ^ f9, 16) ^ shift(f9, 24); - } - - - private int subWord(int x) - { - return (S[x&255]&255 | ((S[(x>>8)&255]&255)<<8) | ((S[(x>>16)&255]&255)<<16) | S[(x>>24)&255]<<24); - } - - /** - * Calculate the necessary round keys - * The number of calculations depends on key size and block size - * AES specified a fixed block size of 128 bits and key sizes 128/192/256 bits - * This code is written assuming those are the only possible values - */ - private int[][] generateWorkingKey( - byte[] key, - boolean forEncryption) - { - int KC = key.length / 4; // key length in words - int t; - - if (((KC != 4) && (KC != 6) && (KC != 8)) || ((KC * 4) != key.length)) - { - throw new IllegalArgumentException("Key length not 128/192/256 bits."); - } - - ROUNDS = KC + 6; // This is not always true for the generalized Rijndael that allows larger block sizes - int[][] W = new int[ROUNDS+1][4]; // 4 words in a block - - // - // copy the key into the round key array - // - - t = 0; - int i = 0; - while (i < key.length) - { - W[t >> 2][t & 3] = (key[i]&0xff) | ((key[i+1]&0xff) << 8) | ((key[i+2]&0xff) << 16) | (key[i+3] << 24); - i+=4; - t++; - } - - // - // while not enough round key material calculated - // calculate new values - // - int k = (ROUNDS + 1) << 2; - for (i = KC; (i < k); i++) - { - int temp = W[(i - 1) >> 2][(i - 1) & 3]; - if ((i % KC) == 0) - { - temp = subWord(shift(temp, 8)) ^ rcon[(i / KC) - 1]; - } - else if ((KC > 6) && ((i % KC) == 4)) - { - temp = subWord(temp); - } - - W[i >> 2][i & 3] = W[(i - KC) >> 2][(i - KC) & 3] ^ temp; - } - - if (!forEncryption) - { - for (int j = 1; j < ROUNDS; j++) - { - for (i = 0; i < 4; i++) - { - W[j][i] = inv_mcol(W[j][i]); - } - } - } - - return W; - } - - private int ROUNDS; - private int[][] WorkingKey = null; - private int C0, C1, C2, C3; - private boolean forEncryption; - - private static final int BLOCK_SIZE = 16; - - /** - * default constructor - 128 bit block size. - */ - public AESFastEngine() - { - } - - /** - * initialise an AES cipher. - * - * @param forEncryption whether or not we are for encryption. - * @param params the parameters required to set up the cipher. - * @exception IllegalArgumentException if the params argument is - * inappropriate. - */ - public void init( - boolean forEncryption, - CipherParameters params) - { - if (params instanceof KeyParameter) - { - WorkingKey = generateWorkingKey(((KeyParameter)params).getKey(), forEncryption); - this.forEncryption = forEncryption; - return; - } - - throw new IllegalArgumentException("invalid parameter passed to AES init - " + params.getClass().getName()); - } - - public String getAlgorithmName() - { - return "AES"; - } - - public int getBlockSize() - { - return BLOCK_SIZE; - } - - public int processBlock( - byte[] in, - int inOff, - byte[] out, - int outOff) - { - if (WorkingKey == null) - { - throw new IllegalStateException("AES engine not initialised"); - } - - if ((inOff + (32 / 2)) > in.length) - { - throw new DataLengthException("input buffer too short"); - } - - if ((outOff + (32 / 2)) > out.length) - { - throw new DataLengthException("output buffer too short"); - } - - if (forEncryption) - { - unpackBlock(in, inOff); - encryptBlock(WorkingKey); - packBlock(out, outOff); - } - else - { - unpackBlock(in, inOff); - decryptBlock(WorkingKey); - packBlock(out, outOff); - } - - return BLOCK_SIZE; - } - - public void reset() - { - } - - private final void unpackBlock( - byte[] bytes, - int off) - { - int index = off; - - C0 = (bytes[index++] & 0xff); - C0 |= (bytes[index++] & 0xff) << 8; - C0 |= (bytes[index++] & 0xff) << 16; - C0 |= bytes[index++] << 24; - - C1 = (bytes[index++] & 0xff); - C1 |= (bytes[index++] & 0xff) << 8; - C1 |= (bytes[index++] & 0xff) << 16; - C1 |= bytes[index++] << 24; - - C2 = (bytes[index++] & 0xff); - C2 |= (bytes[index++] & 0xff) << 8; - C2 |= (bytes[index++] & 0xff) << 16; - C2 |= bytes[index++] << 24; - - C3 = (bytes[index++] & 0xff); - C3 |= (bytes[index++] & 0xff) << 8; - C3 |= (bytes[index++] & 0xff) << 16; - C3 |= bytes[index++] << 24; - } - - private final void packBlock( - byte[] bytes, - int off) - { - int index = off; - - bytes[index++] = (byte)C0; - bytes[index++] = (byte)(C0 >> 8); - bytes[index++] = (byte)(C0 >> 16); - bytes[index++] = (byte)(C0 >> 24); - - bytes[index++] = (byte)C1; - bytes[index++] = (byte)(C1 >> 8); - bytes[index++] = (byte)(C1 >> 16); - bytes[index++] = (byte)(C1 >> 24); - - bytes[index++] = (byte)C2; - bytes[index++] = (byte)(C2 >> 8); - bytes[index++] = (byte)(C2 >> 16); - bytes[index++] = (byte)(C2 >> 24); - - bytes[index++] = (byte)C3; - bytes[index++] = (byte)(C3 >> 8); - bytes[index++] = (byte)(C3 >> 16); - bytes[index++] = (byte)(C3 >> 24); - } - - private final void encryptBlock(int[][] KW) - { - int r, r0, r1, r2, r3; - - C0 ^= KW[0][0]; - C1 ^= KW[0][1]; - C2 ^= KW[0][2]; - C3 ^= KW[0][3]; - - r = 1; - while (r < ROUNDS - 1) - { - r0 = T0[C0&255] ^ T1[(C1>>8)&255] ^ T2[(C2>>16)&255] ^ T3[(C3>>24)&255] ^ KW[r][0]; - r1 = T0[C1&255] ^ T1[(C2>>8)&255] ^ T2[(C3>>16)&255] ^ T3[(C0>>24)&255] ^ KW[r][1]; - r2 = T0[C2&255] ^ T1[(C3>>8)&255] ^ T2[(C0>>16)&255] ^ T3[(C1>>24)&255] ^ KW[r][2]; - r3 = T0[C3&255] ^ T1[(C0>>8)&255] ^ T2[(C1>>16)&255] ^ T3[(C2>>24)&255] ^ KW[r++][3]; - C0 = T0[r0&255] ^ T1[(r1>>8)&255] ^ T2[(r2>>16)&255] ^ T3[(r3>>24)&255] ^ KW[r][0]; - C1 = T0[r1&255] ^ T1[(r2>>8)&255] ^ T2[(r3>>16)&255] ^ T3[(r0>>24)&255] ^ KW[r][1]; - C2 = T0[r2&255] ^ T1[(r3>>8)&255] ^ T2[(r0>>16)&255] ^ T3[(r1>>24)&255] ^ KW[r][2]; - C3 = T0[r3&255] ^ T1[(r0>>8)&255] ^ T2[(r1>>16)&255] ^ T3[(r2>>24)&255] ^ KW[r++][3]; - } - - r0 = T0[C0&255] ^ T1[(C1>>8)&255] ^ T2[(C2>>16)&255] ^ T3[(C3>>24)&255] ^ KW[r][0]; - r1 = T0[C1&255] ^ T1[(C2>>8)&255] ^ T2[(C3>>16)&255] ^ T3[(C0>>24)&255] ^ KW[r][1]; - r2 = T0[C2&255] ^ T1[(C3>>8)&255] ^ T2[(C0>>16)&255] ^ T3[(C1>>24)&255] ^ KW[r][2]; - r3 = T0[C3&255] ^ T1[(C0>>8)&255] ^ T2[(C1>>16)&255] ^ T3[(C2>>24)&255] ^ KW[r++][3]; - - // the final round's table is a simple function of S so we don't use a whole other four tables for it - - C0 = (S[r0&255]&255) ^ ((S[(r1>>8)&255]&255)<<8) ^ ((S[(r2>>16)&255]&255)<<16) ^ (S[(r3>>24)&255]<<24) ^ KW[r][0]; - C1 = (S[r1&255]&255) ^ ((S[(r2>>8)&255]&255)<<8) ^ ((S[(r3>>16)&255]&255)<<16) ^ (S[(r0>>24)&255]<<24) ^ KW[r][1]; - C2 = (S[r2&255]&255) ^ ((S[(r3>>8)&255]&255)<<8) ^ ((S[(r0>>16)&255]&255)<<16) ^ (S[(r1>>24)&255]<<24) ^ KW[r][2]; - C3 = (S[r3&255]&255) ^ ((S[(r0>>8)&255]&255)<<8) ^ ((S[(r1>>16)&255]&255)<<16) ^ (S[(r2>>24)&255]<<24) ^ KW[r][3]; - - } - - private final void decryptBlock(int[][] KW) - { - int r0, r1, r2, r3; - - C0 ^= KW[ROUNDS][0]; - C1 ^= KW[ROUNDS][1]; - C2 ^= KW[ROUNDS][2]; - C3 ^= KW[ROUNDS][3]; - - int r = ROUNDS-1; - - while (r>1) - { - r0 = Tinv0[C0&255] ^ Tinv1[(C3>>8)&255] ^ Tinv2[(C2>>16)&255] ^ Tinv3[(C1>>24)&255] ^ KW[r][0]; - r1 = Tinv0[C1&255] ^ Tinv1[(C0>>8)&255] ^ Tinv2[(C3>>16)&255] ^ Tinv3[(C2>>24)&255] ^ KW[r][1]; - r2 = Tinv0[C2&255] ^ Tinv1[(C1>>8)&255] ^ Tinv2[(C0>>16)&255] ^ Tinv3[(C3>>24)&255] ^ KW[r][2]; - r3 = Tinv0[C3&255] ^ Tinv1[(C2>>8)&255] ^ Tinv2[(C1>>16)&255] ^ Tinv3[(C0>>24)&255] ^ KW[r--][3]; - C0 = Tinv0[r0&255] ^ Tinv1[(r3>>8)&255] ^ Tinv2[(r2>>16)&255] ^ Tinv3[(r1>>24)&255] ^ KW[r][0]; - C1 = Tinv0[r1&255] ^ Tinv1[(r0>>8)&255] ^ Tinv2[(r3>>16)&255] ^ Tinv3[(r2>>24)&255] ^ KW[r][1]; - C2 = Tinv0[r2&255] ^ Tinv1[(r1>>8)&255] ^ Tinv2[(r0>>16)&255] ^ Tinv3[(r3>>24)&255] ^ KW[r][2]; - C3 = Tinv0[r3&255] ^ Tinv1[(r2>>8)&255] ^ Tinv2[(r1>>16)&255] ^ Tinv3[(r0>>24)&255] ^ KW[r--][3]; - } - - r0 = Tinv0[C0&255] ^ Tinv1[(C3>>8)&255] ^ Tinv2[(C2>>16)&255] ^ Tinv3[(C1>>24)&255] ^ KW[r][0]; - r1 = Tinv0[C1&255] ^ Tinv1[(C0>>8)&255] ^ Tinv2[(C3>>16)&255] ^ Tinv3[(C2>>24)&255] ^ KW[r][1]; - r2 = Tinv0[C2&255] ^ Tinv1[(C1>>8)&255] ^ Tinv2[(C0>>16)&255] ^ Tinv3[(C3>>24)&255] ^ KW[r][2]; - r3 = Tinv0[C3&255] ^ Tinv1[(C2>>8)&255] ^ Tinv2[(C1>>16)&255] ^ Tinv3[(C0>>24)&255] ^ KW[r--][3]; - - // the final round's table is a simple function of Si so we don't use a whole other four tables for it - - C0 = (Si[r0&255]&255) ^ ((Si[(r3>>8)&255]&255)<<8) ^ ((Si[(r2>>16)&255]&255)<<16) ^ (Si[(r1>>24)&255]<<24) ^ KW[0][0]; - C1 = (Si[r1&255]&255) ^ ((Si[(r0>>8)&255]&255)<<8) ^ ((Si[(r3>>16)&255]&255)<<16) ^ (Si[(r2>>24)&255]<<24) ^ KW[0][1]; - C2 = (Si[r2&255]&255) ^ ((Si[(r1>>8)&255]&255)<<8) ^ ((Si[(r0>>16)&255]&255)<<16) ^ (Si[(r3>>24)&255]<<24) ^ KW[0][2]; - C3 = (Si[r3&255]&255) ^ ((Si[(r2>>8)&255]&255)<<8) ^ ((Si[(r1>>16)&255]&255)<<16) ^ (Si[(r0>>24)&255]<<24) ^ KW[0][3]; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/engines/AESLightEngine.java b/luni/src/main/java/org/bouncycastle/crypto/engines/AESLightEngine.java deleted file mode 100644 index b0730e3..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/engines/AESLightEngine.java +++ /dev/null @@ -1,440 +0,0 @@ -package org.bouncycastle.crypto.engines; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.params.KeyParameter; - -/** - * an implementation of the AES (Rijndael), from FIPS-197. - * <p> - * For further details see: <a href="http://csrc.nist.gov/encryption/aes/">http://csrc.nist.gov/encryption/aes/</a>. - * - * This implementation is based on optimizations from Dr. Brian Gladman's paper and C code at - * <a href="http://fp.gladman.plus.com/cryptography_technology/rijndael/">http://fp.gladman.plus.com/cryptography_technology/rijndael/</a> - * - * There are three levels of tradeoff of speed vs memory - * Because java has no preprocessor, they are written as three separate classes from which to choose - * - * The fastest uses 8Kbytes of static tables to precompute round calculations, 4 256 word tables for encryption - * and 4 for decryption. - * - * The middle performance version uses only one 256 word table for each, for a total of 2Kbytes, - * adding 12 rotate operations per round to compute the values contained in the other tables from - * the contents of the first - * - * The slowest version uses no static tables at all and computes the values - * in each round. - * <p> - * This file contains the slowest performance version with no static tables - * for round precomputation, but it has the smallest foot print. - * - */ -public class AESLightEngine - implements BlockCipher -{ - // The S box - private static final byte[] S = { - (byte)99, (byte)124, (byte)119, (byte)123, (byte)242, (byte)107, (byte)111, (byte)197, - (byte)48, (byte)1, (byte)103, (byte)43, (byte)254, (byte)215, (byte)171, (byte)118, - (byte)202, (byte)130, (byte)201, (byte)125, (byte)250, (byte)89, (byte)71, (byte)240, - (byte)173, (byte)212, (byte)162, (byte)175, (byte)156, (byte)164, (byte)114, (byte)192, - (byte)183, (byte)253, (byte)147, (byte)38, (byte)54, (byte)63, (byte)247, (byte)204, - (byte)52, (byte)165, (byte)229, (byte)241, (byte)113, (byte)216, (byte)49, (byte)21, - (byte)4, (byte)199, (byte)35, (byte)195, (byte)24, (byte)150, (byte)5, (byte)154, - (byte)7, (byte)18, (byte)128, (byte)226, (byte)235, (byte)39, (byte)178, (byte)117, - (byte)9, (byte)131, (byte)44, (byte)26, (byte)27, (byte)110, (byte)90, (byte)160, - (byte)82, (byte)59, (byte)214, (byte)179, (byte)41, (byte)227, (byte)47, (byte)132, - (byte)83, (byte)209, (byte)0, (byte)237, (byte)32, (byte)252, (byte)177, (byte)91, - (byte)106, (byte)203, (byte)190, (byte)57, (byte)74, (byte)76, (byte)88, (byte)207, - (byte)208, (byte)239, (byte)170, (byte)251, (byte)67, (byte)77, (byte)51, (byte)133, - (byte)69, (byte)249, (byte)2, (byte)127, (byte)80, (byte)60, (byte)159, (byte)168, - (byte)81, (byte)163, (byte)64, (byte)143, (byte)146, (byte)157, (byte)56, (byte)245, - (byte)188, (byte)182, (byte)218, (byte)33, (byte)16, (byte)255, (byte)243, (byte)210, - (byte)205, (byte)12, (byte)19, (byte)236, (byte)95, (byte)151, (byte)68, (byte)23, - (byte)196, (byte)167, (byte)126, (byte)61, (byte)100, (byte)93, (byte)25, (byte)115, - (byte)96, (byte)129, (byte)79, (byte)220, (byte)34, (byte)42, (byte)144, (byte)136, - (byte)70, (byte)238, (byte)184, (byte)20, (byte)222, (byte)94, (byte)11, (byte)219, - (byte)224, (byte)50, (byte)58, (byte)10, (byte)73, (byte)6, (byte)36, (byte)92, - (byte)194, (byte)211, (byte)172, (byte)98, (byte)145, (byte)149, (byte)228, (byte)121, - (byte)231, (byte)200, (byte)55, (byte)109, (byte)141, (byte)213, (byte)78, (byte)169, - (byte)108, (byte)86, (byte)244, (byte)234, (byte)101, (byte)122, (byte)174, (byte)8, - (byte)186, (byte)120, (byte)37, (byte)46, (byte)28, (byte)166, (byte)180, (byte)198, - (byte)232, (byte)221, (byte)116, (byte)31, (byte)75, (byte)189, (byte)139, (byte)138, - (byte)112, (byte)62, (byte)181, (byte)102, (byte)72, (byte)3, (byte)246, (byte)14, - (byte)97, (byte)53, (byte)87, (byte)185, (byte)134, (byte)193, (byte)29, (byte)158, - (byte)225, (byte)248, (byte)152, (byte)17, (byte)105, (byte)217, (byte)142, (byte)148, - (byte)155, (byte)30, (byte)135, (byte)233, (byte)206, (byte)85, (byte)40, (byte)223, - (byte)140, (byte)161, (byte)137, (byte)13, (byte)191, (byte)230, (byte)66, (byte)104, - (byte)65, (byte)153, (byte)45, (byte)15, (byte)176, (byte)84, (byte)187, (byte)22, - }; - - // The inverse S-box - private static final byte[] Si = { - (byte)82, (byte)9, (byte)106, (byte)213, (byte)48, (byte)54, (byte)165, (byte)56, - (byte)191, (byte)64, (byte)163, (byte)158, (byte)129, (byte)243, (byte)215, (byte)251, - (byte)124, (byte)227, (byte)57, (byte)130, (byte)155, (byte)47, (byte)255, (byte)135, - (byte)52, (byte)142, (byte)67, (byte)68, (byte)196, (byte)222, (byte)233, (byte)203, - (byte)84, (byte)123, (byte)148, (byte)50, (byte)166, (byte)194, (byte)35, (byte)61, - (byte)238, (byte)76, (byte)149, (byte)11, (byte)66, (byte)250, (byte)195, (byte)78, - (byte)8, (byte)46, (byte)161, (byte)102, (byte)40, (byte)217, (byte)36, (byte)178, - (byte)118, (byte)91, (byte)162, (byte)73, (byte)109, (byte)139, (byte)209, (byte)37, - (byte)114, (byte)248, (byte)246, (byte)100, (byte)134, (byte)104, (byte)152, (byte)22, - (byte)212, (byte)164, (byte)92, (byte)204, (byte)93, (byte)101, (byte)182, (byte)146, - (byte)108, (byte)112, (byte)72, (byte)80, (byte)253, (byte)237, (byte)185, (byte)218, - (byte)94, (byte)21, (byte)70, (byte)87, (byte)167, (byte)141, (byte)157, (byte)132, - (byte)144, (byte)216, (byte)171, (byte)0, (byte)140, (byte)188, (byte)211, (byte)10, - (byte)247, (byte)228, (byte)88, (byte)5, (byte)184, (byte)179, (byte)69, (byte)6, - (byte)208, (byte)44, (byte)30, (byte)143, (byte)202, (byte)63, (byte)15, (byte)2, - (byte)193, (byte)175, (byte)189, (byte)3, (byte)1, (byte)19, (byte)138, (byte)107, - (byte)58, (byte)145, (byte)17, (byte)65, (byte)79, (byte)103, (byte)220, (byte)234, - (byte)151, (byte)242, (byte)207, (byte)206, (byte)240, (byte)180, (byte)230, (byte)115, - (byte)150, (byte)172, (byte)116, (byte)34, (byte)231, (byte)173, (byte)53, (byte)133, - (byte)226, (byte)249, (byte)55, (byte)232, (byte)28, (byte)117, (byte)223, (byte)110, - (byte)71, (byte)241, (byte)26, (byte)113, (byte)29, (byte)41, (byte)197, (byte)137, - (byte)111, (byte)183, (byte)98, (byte)14, (byte)170, (byte)24, (byte)190, (byte)27, - (byte)252, (byte)86, (byte)62, (byte)75, (byte)198, (byte)210, (byte)121, (byte)32, - (byte)154, (byte)219, (byte)192, (byte)254, (byte)120, (byte)205, (byte)90, (byte)244, - (byte)31, (byte)221, (byte)168, (byte)51, (byte)136, (byte)7, (byte)199, (byte)49, - (byte)177, (byte)18, (byte)16, (byte)89, (byte)39, (byte)128, (byte)236, (byte)95, - (byte)96, (byte)81, (byte)127, (byte)169, (byte)25, (byte)181, (byte)74, (byte)13, - (byte)45, (byte)229, (byte)122, (byte)159, (byte)147, (byte)201, (byte)156, (byte)239, - (byte)160, (byte)224, (byte)59, (byte)77, (byte)174, (byte)42, (byte)245, (byte)176, - (byte)200, (byte)235, (byte)187, (byte)60, (byte)131, (byte)83, (byte)153, (byte)97, - (byte)23, (byte)43, (byte)4, (byte)126, (byte)186, (byte)119, (byte)214, (byte)38, - (byte)225, (byte)105, (byte)20, (byte)99, (byte)85, (byte)33, (byte)12, (byte)125, - }; - - // vector used in calculating key schedule (powers of x in GF(256)) - private static final int[] rcon = { - 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, - 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91 }; - - private int shift( - int r, - int shift) - { - return (r >>> shift) | (r << -shift); - } - - /* multiply four bytes in GF(2^8) by 'x' {02} in parallel */ - - private static final int m1 = 0x80808080; - private static final int m2 = 0x7f7f7f7f; - private static final int m3 = 0x0000001b; - - private int FFmulX(int x) - { - return (((x & m2) << 1) ^ (((x & m1) >>> 7) * m3)); - } - - /* - The following defines provide alternative definitions of FFmulX that might - give improved performance if a fast 32-bit multiply is not available. - - private int FFmulX(int x) { int u = x & m1; u |= (u >> 1); return ((x & m2) << 1) ^ ((u >>> 3) | (u >>> 6)); } - private static final int m4 = 0x1b1b1b1b; - private int FFmulX(int x) { int u = x & m1; return ((x & m2) << 1) ^ ((u - (u >>> 7)) & m4); } - - */ - - private int mcol(int x) - { - int f2 = FFmulX(x); - return f2 ^ shift(x ^ f2, 8) ^ shift(x, 16) ^ shift(x, 24); - } - - private int inv_mcol(int x) - { - int f2 = FFmulX(x); - int f4 = FFmulX(f2); - int f8 = FFmulX(f4); - int f9 = x ^ f8; - - return f2 ^ f4 ^ f8 ^ shift(f2 ^ f9, 8) ^ shift(f4 ^ f9, 16) ^ shift(f9, 24); - } - - - private int subWord(int x) - { - return (S[x&255]&255 | ((S[(x>>8)&255]&255)<<8) | ((S[(x>>16)&255]&255)<<16) | S[(x>>24)&255]<<24); - } - - /** - * Calculate the necessary round keys - * The number of calculations depends on key size and block size - * AES specified a fixed block size of 128 bits and key sizes 128/192/256 bits - * This code is written assuming those are the only possible values - */ - private int[][] generateWorkingKey( - byte[] key, - boolean forEncryption) - { - int KC = key.length / 4; // key length in words - int t; - - if (((KC != 4) && (KC != 6) && (KC != 8)) || ((KC * 4) != key.length)) - { - throw new IllegalArgumentException("Key length not 128/192/256 bits."); - } - - ROUNDS = KC + 6; // This is not always true for the generalized Rijndael that allows larger block sizes - int[][] W = new int[ROUNDS+1][4]; // 4 words in a block - - // - // copy the key into the round key array - // - - t = 0; - int i = 0; - while (i < key.length) - { - W[t >> 2][t & 3] = (key[i]&0xff) | ((key[i+1]&0xff) << 8) | ((key[i+2]&0xff) << 16) | (key[i+3] << 24); - i+=4; - t++; - } - - // - // while not enough round key material calculated - // calculate new values - // - int k = (ROUNDS + 1) << 2; - for (i = KC; (i < k); i++) - { - int temp = W[(i-1)>>2][(i-1)&3]; - if ((i % KC) == 0) - { - temp = subWord(shift(temp, 8)) ^ rcon[(i / KC)-1]; - } - else if ((KC > 6) && ((i % KC) == 4)) - { - temp = subWord(temp); - } - - W[i>>2][i&3] = W[(i - KC)>>2][(i-KC)&3] ^ temp; - } - - if (!forEncryption) - { - for (int j = 1; j < ROUNDS; j++) - { - for (i = 0; i < 4; i++) - { - W[j][i] = inv_mcol(W[j][i]); - } - } - } - - return W; - } - - private int ROUNDS; - private int[][] WorkingKey = null; - private int C0, C1, C2, C3; - private boolean forEncryption; - - private static final int BLOCK_SIZE = 16; - - /** - * default constructor - 128 bit block size. - */ - public AESLightEngine() - { - } - - /** - * initialise an AES cipher. - * - * @param forEncryption whether or not we are for encryption. - * @param params the parameters required to set up the cipher. - * @exception IllegalArgumentException if the params argument is - * inappropriate. - */ - public void init( - boolean forEncryption, - CipherParameters params) - { - if (params instanceof KeyParameter) - { - WorkingKey = generateWorkingKey(((KeyParameter)params).getKey(), forEncryption); - this.forEncryption = forEncryption; - return; - } - - throw new IllegalArgumentException("invalid parameter passed to AES init - " + params.getClass().getName()); - } - - public String getAlgorithmName() - { - return "AES"; - } - - public int getBlockSize() - { - return BLOCK_SIZE; - } - - public int processBlock( - byte[] in, - int inOff, - byte[] out, - int outOff) - { - if (WorkingKey == null) - { - throw new IllegalStateException("AES engine not initialised"); - } - - if ((inOff + (32 / 2)) > in.length) - { - throw new DataLengthException("input buffer too short"); - } - - if ((outOff + (32 / 2)) > out.length) - { - throw new DataLengthException("output buffer too short"); - } - - if (forEncryption) - { - unpackBlock(in, inOff); - encryptBlock(WorkingKey); - packBlock(out, outOff); - } - else - { - unpackBlock(in, inOff); - decryptBlock(WorkingKey); - packBlock(out, outOff); - } - - return BLOCK_SIZE; - } - - public void reset() - { - } - - private final void unpackBlock( - byte[] bytes, - int off) - { - int index = off; - - C0 = (bytes[index++] & 0xff); - C0 |= (bytes[index++] & 0xff) << 8; - C0 |= (bytes[index++] & 0xff) << 16; - C0 |= bytes[index++] << 24; - - C1 = (bytes[index++] & 0xff); - C1 |= (bytes[index++] & 0xff) << 8; - C1 |= (bytes[index++] & 0xff) << 16; - C1 |= bytes[index++] << 24; - - C2 = (bytes[index++] & 0xff); - C2 |= (bytes[index++] & 0xff) << 8; - C2 |= (bytes[index++] & 0xff) << 16; - C2 |= bytes[index++] << 24; - - C3 = (bytes[index++] & 0xff); - C3 |= (bytes[index++] & 0xff) << 8; - C3 |= (bytes[index++] & 0xff) << 16; - C3 |= bytes[index++] << 24; - } - - private final void packBlock( - byte[] bytes, - int off) - { - int index = off; - - bytes[index++] = (byte)C0; - bytes[index++] = (byte)(C0 >> 8); - bytes[index++] = (byte)(C0 >> 16); - bytes[index++] = (byte)(C0 >> 24); - - bytes[index++] = (byte)C1; - bytes[index++] = (byte)(C1 >> 8); - bytes[index++] = (byte)(C1 >> 16); - bytes[index++] = (byte)(C1 >> 24); - - bytes[index++] = (byte)C2; - bytes[index++] = (byte)(C2 >> 8); - bytes[index++] = (byte)(C2 >> 16); - bytes[index++] = (byte)(C2 >> 24); - - bytes[index++] = (byte)C3; - bytes[index++] = (byte)(C3 >> 8); - bytes[index++] = (byte)(C3 >> 16); - bytes[index++] = (byte)(C3 >> 24); - } - - private void encryptBlock(int[][] KW) - { - int r, r0, r1, r2, r3; - - C0 ^= KW[0][0]; - C1 ^= KW[0][1]; - C2 ^= KW[0][2]; - C3 ^= KW[0][3]; - - for (r = 1; r < ROUNDS - 1;) - { - r0 = mcol((S[C0&255]&255) ^ ((S[(C1>>8)&255]&255)<<8) ^ ((S[(C2>>16)&255]&255)<<16) ^ (S[(C3>>24)&255]<<24)) ^ KW[r][0]; - r1 = mcol((S[C1&255]&255) ^ ((S[(C2>>8)&255]&255)<<8) ^ ((S[(C3>>16)&255]&255)<<16) ^ (S[(C0>>24)&255]<<24)) ^ KW[r][1]; - r2 = mcol((S[C2&255]&255) ^ ((S[(C3>>8)&255]&255)<<8) ^ ((S[(C0>>16)&255]&255)<<16) ^ (S[(C1>>24)&255]<<24)) ^ KW[r][2]; - r3 = mcol((S[C3&255]&255) ^ ((S[(C0>>8)&255]&255)<<8) ^ ((S[(C1>>16)&255]&255)<<16) ^ (S[(C2>>24)&255]<<24)) ^ KW[r++][3]; - C0 = mcol((S[r0&255]&255) ^ ((S[(r1>>8)&255]&255)<<8) ^ ((S[(r2>>16)&255]&255)<<16) ^ (S[(r3>>24)&255]<<24)) ^ KW[r][0]; - C1 = mcol((S[r1&255]&255) ^ ((S[(r2>>8)&255]&255)<<8) ^ ((S[(r3>>16)&255]&255)<<16) ^ (S[(r0>>24)&255]<<24)) ^ KW[r][1]; - C2 = mcol((S[r2&255]&255) ^ ((S[(r3>>8)&255]&255)<<8) ^ ((S[(r0>>16)&255]&255)<<16) ^ (S[(r1>>24)&255]<<24)) ^ KW[r][2]; - C3 = mcol((S[r3&255]&255) ^ ((S[(r0>>8)&255]&255)<<8) ^ ((S[(r1>>16)&255]&255)<<16) ^ (S[(r2>>24)&255]<<24)) ^ KW[r++][3]; - } - - r0 = mcol((S[C0&255]&255) ^ ((S[(C1>>8)&255]&255)<<8) ^ ((S[(C2>>16)&255]&255)<<16) ^ (S[(C3>>24)&255]<<24)) ^ KW[r][0]; - r1 = mcol((S[C1&255]&255) ^ ((S[(C2>>8)&255]&255)<<8) ^ ((S[(C3>>16)&255]&255)<<16) ^ (S[(C0>>24)&255]<<24)) ^ KW[r][1]; - r2 = mcol((S[C2&255]&255) ^ ((S[(C3>>8)&255]&255)<<8) ^ ((S[(C0>>16)&255]&255)<<16) ^ (S[(C1>>24)&255]<<24)) ^ KW[r][2]; - r3 = mcol((S[C3&255]&255) ^ ((S[(C0>>8)&255]&255)<<8) ^ ((S[(C1>>16)&255]&255)<<16) ^ (S[(C2>>24)&255]<<24)) ^ KW[r++][3]; - - // the final round is a simple function of S - - C0 = (S[r0&255]&255) ^ ((S[(r1>>8)&255]&255)<<8) ^ ((S[(r2>>16)&255]&255)<<16) ^ (S[(r3>>24)&255]<<24) ^ KW[r][0]; - C1 = (S[r1&255]&255) ^ ((S[(r2>>8)&255]&255)<<8) ^ ((S[(r3>>16)&255]&255)<<16) ^ (S[(r0>>24)&255]<<24) ^ KW[r][1]; - C2 = (S[r2&255]&255) ^ ((S[(r3>>8)&255]&255)<<8) ^ ((S[(r0>>16)&255]&255)<<16) ^ (S[(r1>>24)&255]<<24) ^ KW[r][2]; - C3 = (S[r3&255]&255) ^ ((S[(r0>>8)&255]&255)<<8) ^ ((S[(r1>>16)&255]&255)<<16) ^ (S[(r2>>24)&255]<<24) ^ KW[r][3]; - - } - - private final void decryptBlock(int[][] KW) - { - int r, r0, r1, r2, r3; - - C0 ^= KW[ROUNDS][0]; - C1 ^= KW[ROUNDS][1]; - C2 ^= KW[ROUNDS][2]; - C3 ^= KW[ROUNDS][3]; - - for (r = ROUNDS-1; r>1;) - { - r0 = inv_mcol((Si[C0&255]&255) ^ ((Si[(C3>>8)&255]&255)<<8) ^ ((Si[(C2>>16)&255]&255)<<16) ^ (Si[(C1>>24)&255]<<24)) ^ KW[r][0]; - r1 = inv_mcol((Si[C1&255]&255) ^ ((Si[(C0>>8)&255]&255)<<8) ^ ((Si[(C3>>16)&255]&255)<<16) ^ (Si[(C2>>24)&255]<<24)) ^ KW[r][1]; - r2 = inv_mcol((Si[C2&255]&255) ^ ((Si[(C1>>8)&255]&255)<<8) ^ ((Si[(C0>>16)&255]&255)<<16) ^ (Si[(C3>>24)&255]<<24)) ^ KW[r][2]; - r3 = inv_mcol((Si[C3&255]&255) ^ ((Si[(C2>>8)&255]&255)<<8) ^ ((Si[(C1>>16)&255]&255)<<16) ^ (Si[(C0>>24)&255]<<24)) ^ KW[r--][3]; - C0 = inv_mcol((Si[r0&255]&255) ^ ((Si[(r3>>8)&255]&255)<<8) ^ ((Si[(r2>>16)&255]&255)<<16) ^ (Si[(r1>>24)&255]<<24)) ^ KW[r][0]; - C1 = inv_mcol((Si[r1&255]&255) ^ ((Si[(r0>>8)&255]&255)<<8) ^ ((Si[(r3>>16)&255]&255)<<16) ^ (Si[(r2>>24)&255]<<24)) ^ KW[r][1]; - C2 = inv_mcol((Si[r2&255]&255) ^ ((Si[(r1>>8)&255]&255)<<8) ^ ((Si[(r0>>16)&255]&255)<<16) ^ (Si[(r3>>24)&255]<<24)) ^ KW[r][2]; - C3 = inv_mcol((Si[r3&255]&255) ^ ((Si[(r2>>8)&255]&255)<<8) ^ ((Si[(r1>>16)&255]&255)<<16) ^ (Si[(r0>>24)&255]<<24)) ^ KW[r--][3]; - } - - r0 = inv_mcol((Si[C0&255]&255) ^ ((Si[(C3>>8)&255]&255)<<8) ^ ((Si[(C2>>16)&255]&255)<<16) ^ (Si[(C1>>24)&255]<<24)) ^ KW[r][0]; - r1 = inv_mcol((Si[C1&255]&255) ^ ((Si[(C0>>8)&255]&255)<<8) ^ ((Si[(C3>>16)&255]&255)<<16) ^ (Si[(C2>>24)&255]<<24)) ^ KW[r][1]; - r2 = inv_mcol((Si[C2&255]&255) ^ ((Si[(C1>>8)&255]&255)<<8) ^ ((Si[(C0>>16)&255]&255)<<16) ^ (Si[(C3>>24)&255]<<24)) ^ KW[r][2]; - r3 = inv_mcol((Si[C3&255]&255) ^ ((Si[(C2>>8)&255]&255)<<8) ^ ((Si[(C1>>16)&255]&255)<<16) ^ (Si[(C0>>24)&255]<<24)) ^ KW[r--][3]; - - // the final round's table is a simple function of Si - - C0 = (Si[r0&255]&255) ^ ((Si[(r3>>8)&255]&255)<<8) ^ ((Si[(r2>>16)&255]&255)<<16) ^ (Si[(r1>>24)&255]<<24) ^ KW[0][0]; - C1 = (Si[r1&255]&255) ^ ((Si[(r0>>8)&255]&255)<<8) ^ ((Si[(r3>>16)&255]&255)<<16) ^ (Si[(r2>>24)&255]<<24) ^ KW[0][1]; - C2 = (Si[r2&255]&255) ^ ((Si[(r1>>8)&255]&255)<<8) ^ ((Si[(r0>>16)&255]&255)<<16) ^ (Si[(r3>>24)&255]<<24) ^ KW[0][2]; - C3 = (Si[r3&255]&255) ^ ((Si[(r2>>8)&255]&255)<<8) ^ ((Si[(r1>>16)&255]&255)<<16) ^ (Si[(r0>>24)&255]<<24) ^ KW[0][3]; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/engines/AESWrapEngine.java b/luni/src/main/java/org/bouncycastle/crypto/engines/AESWrapEngine.java deleted file mode 100644 index 6f10eff..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/engines/AESWrapEngine.java +++ /dev/null @@ -1,167 +0,0 @@ -package org.bouncycastle.crypto.engines; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.InvalidCipherTextException; -import org.bouncycastle.crypto.Wrapper; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; - -/** - * an implementation of the AES Key Wrapper from the NIST Key Wrap - * Specification. - * <p> - * For further details see: <a href="http://csrc.nist.gov/encryption/kms/key-wrap.pdf">http://csrc.nist.gov/encryption/kms/key-wrap.pdf</a>. - */ -public class AESWrapEngine - implements Wrapper -{ - private BlockCipher engine = new AESEngine(); - private KeyParameter param; - private boolean forWrapping; - - private byte[] iv = { - (byte)0xa6, (byte)0xa6, (byte)0xa6, (byte)0xa6, - (byte)0xa6, (byte)0xa6, (byte)0xa6, (byte)0xa6 }; - - public void init( - boolean forWrapping, - CipherParameters param) - { - this.forWrapping = forWrapping; - - if (param instanceof KeyParameter) - { - this.param = (KeyParameter)param; - } - else if (param instanceof ParametersWithIV) - { - this.iv = ((ParametersWithIV) param).getIV(); - this.param = (KeyParameter) ((ParametersWithIV) param).getParameters(); - if (this.iv.length != 8) - { - throw new IllegalArgumentException("IV not multiple of 8"); - } - } - } - - public String getAlgorithmName() - { - return "AES"; - } - - public byte[] wrap( - byte[] in, - int inOff, - int inLen) - { - if (!forWrapping) - { - throw new IllegalStateException("not set for wrapping"); - } - - int n = inLen / 8; - - if ((n * 8) != inLen) - { - throw new DataLengthException("wrap data must be a multiple of 8 bytes"); - } - - byte[] block = new byte[inLen + iv.length]; - byte[] buf = new byte[8 + iv.length]; - - System.arraycopy(iv, 0, block, 0, iv.length); - System.arraycopy(in, 0, block, iv.length, inLen); - - engine.init(true, param); - - for (int j = 0; j != 6; j++) - { - for (int i = 1; i <= n; i++) - { - System.arraycopy(block, 0, buf, 0, iv.length); - System.arraycopy(block, 8 * i, buf, iv.length, 8); - engine.processBlock(buf, 0, buf, 0); - - int t = n * j + i; - for (int k = 1; t != 0; k++) - { - byte v = (byte)t; - - buf[iv.length - k] ^= v; - - t >>>= 8; - } - - System.arraycopy(buf, 0, block, 0, 8); - System.arraycopy(buf, 8, block, 8 * i, 8); - } - } - - return block; - } - - public byte[] unwrap( - byte[] in, - int inOff, - int inLen) - throws InvalidCipherTextException - { - if (forWrapping) - { - throw new IllegalStateException("not set for unwrapping"); - } - - int n = inLen / 8; - - if ((n * 8) != inLen) - { - throw new InvalidCipherTextException("unwrap data must be a multiple of 8 bytes"); - } - - byte[] block = new byte[inLen - iv.length]; - byte[] a = new byte[iv.length]; - byte[] buf = new byte[8 + iv.length]; - - System.arraycopy(in, 0, a, 0, iv.length); - System.arraycopy(in, iv.length, block, 0, inLen - iv.length); - - engine.init(false, param); - - n = n - 1; - - for (int j = 5; j >= 0; j--) - { - for (int i = n; i >= 1; i--) - { - System.arraycopy(a, 0, buf, 0, iv.length); - System.arraycopy(block, 8 * (i - 1), buf, iv.length, 8); - - int t = n * j + i; - for (int k = 1; t != 0; k++) - { - byte v = (byte)t; - - buf[iv.length - k] ^= v; - - t >>>= 8; - } - - engine.processBlock(buf, 0, buf, 0); - System.arraycopy(buf, 0, a, 0, 8); - System.arraycopy(buf, 8, block, 8 * (i - 1), 8); - } - } - - for (int i = 0; i != iv.length; i++) - { - if (a[i] != iv[i]) - { - throw new InvalidCipherTextException("checksum failed"); - } - } - - return block; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/engines/DESEngine.java b/luni/src/main/java/org/bouncycastle/crypto/engines/DESEngine.java deleted file mode 100644 index b795a9e..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/engines/DESEngine.java +++ /dev/null @@ -1,494 +0,0 @@ -package org.bouncycastle.crypto.engines; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.params.KeyParameter; - -/** - * a class that provides a basic DES engine. - */ -public class DESEngine - implements BlockCipher -{ - protected static final int BLOCK_SIZE = 8; - - private int[] workingKey = null; - - /** - * standard constructor. - */ - public DESEngine() - { - } - - /** - * initialise a DES cipher. - * - * @param encrypting whether or not we are for encryption. - * @param params the parameters required to set up the cipher. - * @exception IllegalArgumentException if the params argument is - * inappropriate. - */ - public void init( - boolean encrypting, - CipherParameters params) - { - if (params instanceof KeyParameter) - { - if (((KeyParameter)params).getKey().length > 8) - { - throw new IllegalArgumentException("DES key too long - should be 8 bytes"); - } - - workingKey = generateWorkingKey(encrypting, - ((KeyParameter)params).getKey()); - - return; - } - - throw new IllegalArgumentException("invalid parameter passed to DES init - " + params.getClass().getName()); - } - - public String getAlgorithmName() - { - return "DES"; - } - - public int getBlockSize() - { - return BLOCK_SIZE; - } - - public int processBlock( - byte[] in, - int inOff, - byte[] out, - int outOff) - { - if (workingKey == null) - { - throw new IllegalStateException("DES engine not initialised"); - } - - if ((inOff + BLOCK_SIZE) > in.length) - { - throw new DataLengthException("input buffer too short"); - } - - if ((outOff + BLOCK_SIZE) > out.length) - { - throw new DataLengthException("output buffer too short"); - } - - desFunc(workingKey, in, inOff, out, outOff); - - return BLOCK_SIZE; - } - - public void reset() - { - } - - /** - * what follows is mainly taken from "Applied Cryptography", by - * Bruce Schneier, however it also bears great resemblance to Richard - * Outerbridge's D3DES... - */ - - static short[] Df_Key = - { - 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, - 0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10, - 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 - }; - - static short[] bytebit = - { - 0200, 0100, 040, 020, 010, 04, 02, 01 - }; - - static int[] bigbyte = - { - 0x800000, 0x400000, 0x200000, 0x100000, - 0x80000, 0x40000, 0x20000, 0x10000, - 0x8000, 0x4000, 0x2000, 0x1000, - 0x800, 0x400, 0x200, 0x100, - 0x80, 0x40, 0x20, 0x10, - 0x8, 0x4, 0x2, 0x1 - }; - - /* - * Use the key schedule specified in the Standard (ANSI X3.92-1981). - */ - - static byte[] pc1 = - { - 56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, 33, 25, 17, - 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, - 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, - 13, 5, 60, 52, 44, 36, 28, 20, 12, 4, 27, 19, 11, 3 - }; - - static byte[] totrot = - { - 1, 2, 4, 6, 8, 10, 12, 14, - 15, 17, 19, 21, 23, 25, 27, 28 - }; - - static byte[] pc2 = - { - 13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9, - 22, 18, 11, 3, 25, 7, 15, 6, 26, 19, 12, 1, - 40, 51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47, - 43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31 - }; - - static int[] SP1 = { - 0x01010400, 0x00000000, 0x00010000, 0x01010404, - 0x01010004, 0x00010404, 0x00000004, 0x00010000, - 0x00000400, 0x01010400, 0x01010404, 0x00000400, - 0x01000404, 0x01010004, 0x01000000, 0x00000004, - 0x00000404, 0x01000400, 0x01000400, 0x00010400, - 0x00010400, 0x01010000, 0x01010000, 0x01000404, - 0x00010004, 0x01000004, 0x01000004, 0x00010004, - 0x00000000, 0x00000404, 0x00010404, 0x01000000, - 0x00010000, 0x01010404, 0x00000004, 0x01010000, - 0x01010400, 0x01000000, 0x01000000, 0x00000400, - 0x01010004, 0x00010000, 0x00010400, 0x01000004, - 0x00000400, 0x00000004, 0x01000404, 0x00010404, - 0x01010404, 0x00010004, 0x01010000, 0x01000404, - 0x01000004, 0x00000404, 0x00010404, 0x01010400, - 0x00000404, 0x01000400, 0x01000400, 0x00000000, - 0x00010004, 0x00010400, 0x00000000, 0x01010004 - }; - - static int[] SP2 = { - 0x80108020, 0x80008000, 0x00008000, 0x00108020, - 0x00100000, 0x00000020, 0x80100020, 0x80008020, - 0x80000020, 0x80108020, 0x80108000, 0x80000000, - 0x80008000, 0x00100000, 0x00000020, 0x80100020, - 0x00108000, 0x00100020, 0x80008020, 0x00000000, - 0x80000000, 0x00008000, 0x00108020, 0x80100000, - 0x00100020, 0x80000020, 0x00000000, 0x00108000, - 0x00008020, 0x80108000, 0x80100000, 0x00008020, - 0x00000000, 0x00108020, 0x80100020, 0x00100000, - 0x80008020, 0x80100000, 0x80108000, 0x00008000, - 0x80100000, 0x80008000, 0x00000020, 0x80108020, - 0x00108020, 0x00000020, 0x00008000, 0x80000000, - 0x00008020, 0x80108000, 0x00100000, 0x80000020, - 0x00100020, 0x80008020, 0x80000020, 0x00100020, - 0x00108000, 0x00000000, 0x80008000, 0x00008020, - 0x80000000, 0x80100020, 0x80108020, 0x00108000 - }; - - static int[] SP3 = { - 0x00000208, 0x08020200, 0x00000000, 0x08020008, - 0x08000200, 0x00000000, 0x00020208, 0x08000200, - 0x00020008, 0x08000008, 0x08000008, 0x00020000, - 0x08020208, 0x00020008, 0x08020000, 0x00000208, - 0x08000000, 0x00000008, 0x08020200, 0x00000200, - 0x00020200, 0x08020000, 0x08020008, 0x00020208, - 0x08000208, 0x00020200, 0x00020000, 0x08000208, - 0x00000008, 0x08020208, 0x00000200, 0x08000000, - 0x08020200, 0x08000000, 0x00020008, 0x00000208, - 0x00020000, 0x08020200, 0x08000200, 0x00000000, - 0x00000200, 0x00020008, 0x08020208, 0x08000200, - 0x08000008, 0x00000200, 0x00000000, 0x08020008, - 0x08000208, 0x00020000, 0x08000000, 0x08020208, - 0x00000008, 0x00020208, 0x00020200, 0x08000008, - 0x08020000, 0x08000208, 0x00000208, 0x08020000, - 0x00020208, 0x00000008, 0x08020008, 0x00020200 - }; - - static int[] SP4 = { - 0x00802001, 0x00002081, 0x00002081, 0x00000080, - 0x00802080, 0x00800081, 0x00800001, 0x00002001, - 0x00000000, 0x00802000, 0x00802000, 0x00802081, - 0x00000081, 0x00000000, 0x00800080, 0x00800001, - 0x00000001, 0x00002000, 0x00800000, 0x00802001, - 0x00000080, 0x00800000, 0x00002001, 0x00002080, - 0x00800081, 0x00000001, 0x00002080, 0x00800080, - 0x00002000, 0x00802080, 0x00802081, 0x00000081, - 0x00800080, 0x00800001, 0x00802000, 0x00802081, - 0x00000081, 0x00000000, 0x00000000, 0x00802000, - 0x00002080, 0x00800080, 0x00800081, 0x00000001, - 0x00802001, 0x00002081, 0x00002081, 0x00000080, - 0x00802081, 0x00000081, 0x00000001, 0x00002000, - 0x00800001, 0x00002001, 0x00802080, 0x00800081, - 0x00002001, 0x00002080, 0x00800000, 0x00802001, - 0x00000080, 0x00800000, 0x00002000, 0x00802080 - }; - - static int[] SP5 = { - 0x00000100, 0x02080100, 0x02080000, 0x42000100, - 0x00080000, 0x00000100, 0x40000000, 0x02080000, - 0x40080100, 0x00080000, 0x02000100, 0x40080100, - 0x42000100, 0x42080000, 0x00080100, 0x40000000, - 0x02000000, 0x40080000, 0x40080000, 0x00000000, - 0x40000100, 0x42080100, 0x42080100, 0x02000100, - 0x42080000, 0x40000100, 0x00000000, 0x42000000, - 0x02080100, 0x02000000, 0x42000000, 0x00080100, - 0x00080000, 0x42000100, 0x00000100, 0x02000000, - 0x40000000, 0x02080000, 0x42000100, 0x40080100, - 0x02000100, 0x40000000, 0x42080000, 0x02080100, - 0x40080100, 0x00000100, 0x02000000, 0x42080000, - 0x42080100, 0x00080100, 0x42000000, 0x42080100, - 0x02080000, 0x00000000, 0x40080000, 0x42000000, - 0x00080100, 0x02000100, 0x40000100, 0x00080000, - 0x00000000, 0x40080000, 0x02080100, 0x40000100 - }; - - static int[] SP6 = { - 0x20000010, 0x20400000, 0x00004000, 0x20404010, - 0x20400000, 0x00000010, 0x20404010, 0x00400000, - 0x20004000, 0x00404010, 0x00400000, 0x20000010, - 0x00400010, 0x20004000, 0x20000000, 0x00004010, - 0x00000000, 0x00400010, 0x20004010, 0x00004000, - 0x00404000, 0x20004010, 0x00000010, 0x20400010, - 0x20400010, 0x00000000, 0x00404010, 0x20404000, - 0x00004010, 0x00404000, 0x20404000, 0x20000000, - 0x20004000, 0x00000010, 0x20400010, 0x00404000, - 0x20404010, 0x00400000, 0x00004010, 0x20000010, - 0x00400000, 0x20004000, 0x20000000, 0x00004010, - 0x20000010, 0x20404010, 0x00404000, 0x20400000, - 0x00404010, 0x20404000, 0x00000000, 0x20400010, - 0x00000010, 0x00004000, 0x20400000, 0x00404010, - 0x00004000, 0x00400010, 0x20004010, 0x00000000, - 0x20404000, 0x20000000, 0x00400010, 0x20004010 - }; - - static int[] SP7 = { - 0x00200000, 0x04200002, 0x04000802, 0x00000000, - 0x00000800, 0x04000802, 0x00200802, 0x04200800, - 0x04200802, 0x00200000, 0x00000000, 0x04000002, - 0x00000002, 0x04000000, 0x04200002, 0x00000802, - 0x04000800, 0x00200802, 0x00200002, 0x04000800, - 0x04000002, 0x04200000, 0x04200800, 0x00200002, - 0x04200000, 0x00000800, 0x00000802, 0x04200802, - 0x00200800, 0x00000002, 0x04000000, 0x00200800, - 0x04000000, 0x00200800, 0x00200000, 0x04000802, - 0x04000802, 0x04200002, 0x04200002, 0x00000002, - 0x00200002, 0x04000000, 0x04000800, 0x00200000, - 0x04200800, 0x00000802, 0x00200802, 0x04200800, - 0x00000802, 0x04000002, 0x04200802, 0x04200000, - 0x00200800, 0x00000000, 0x00000002, 0x04200802, - 0x00000000, 0x00200802, 0x04200000, 0x00000800, - 0x04000002, 0x04000800, 0x00000800, 0x00200002 - }; - - static int[] SP8 = { - 0x10001040, 0x00001000, 0x00040000, 0x10041040, - 0x10000000, 0x10001040, 0x00000040, 0x10000000, - 0x00040040, 0x10040000, 0x10041040, 0x00041000, - 0x10041000, 0x00041040, 0x00001000, 0x00000040, - 0x10040000, 0x10000040, 0x10001000, 0x00001040, - 0x00041000, 0x00040040, 0x10040040, 0x10041000, - 0x00001040, 0x00000000, 0x00000000, 0x10040040, - 0x10000040, 0x10001000, 0x00041040, 0x00040000, - 0x00041040, 0x00040000, 0x10041000, 0x00001000, - 0x00000040, 0x10040040, 0x00001000, 0x00041040, - 0x10001000, 0x00000040, 0x10000040, 0x10040000, - 0x10040040, 0x10000000, 0x00040000, 0x10001040, - 0x00000000, 0x10041040, 0x00040040, 0x10000040, - 0x10040000, 0x10001000, 0x10001040, 0x00000000, - 0x10041040, 0x00041000, 0x00041000, 0x00001040, - 0x00001040, 0x00040040, 0x10000000, 0x10041000 - }; - - /** - * generate an integer based working key based on our secret key - * and what we processing we are planning to do. - * - * Acknowledgements for this routine go to James Gillogly & Phil Karn. - * (whoever, and wherever they are!). - */ - protected int[] generateWorkingKey( - boolean encrypting, - byte[] key) - { - int[] newKey = new int[32]; - boolean[] pc1m = new boolean[56], - pcr = new boolean[56]; - - for (int j = 0; j < 56; j++) - { - int l = pc1[j]; - - pc1m[j] = ((key[l >>> 3] & bytebit[l & 07]) != 0); - } - - for (int i = 0; i < 16; i++) - { - int l, m, n; - - if (encrypting) - { - m = i << 1; - } - else - { - m = (15 - i) << 1; - } - - n = m + 1; - newKey[m] = newKey[n] = 0; - - for (int j = 0; j < 28; j++) - { - l = j + totrot[i]; - if (l < 28) - { - pcr[j] = pc1m[l]; - } - else - { - pcr[j] = pc1m[l - 28]; - } - } - - for (int j = 28; j < 56; j++) - { - l = j + totrot[i]; - if (l < 56) - { - pcr[j] = pc1m[l]; - } - else - { - pcr[j] = pc1m[l - 28]; - } - } - - for (int j = 0; j < 24; j++) - { - if (pcr[pc2[j]]) - { - newKey[m] |= bigbyte[j]; - } - - if (pcr[pc2[j + 24]]) - { - newKey[n] |= bigbyte[j]; - } - } - } - - // - // store the processed key - // - for (int i = 0; i != 32; i += 2) - { - int i1, i2; - - i1 = newKey[i]; - i2 = newKey[i + 1]; - - newKey[i] = ((i1 & 0x00fc0000) << 6) | ((i1 & 0x00000fc0) << 10) - | ((i2 & 0x00fc0000) >>> 10) | ((i2 & 0x00000fc0) >>> 6); - - newKey[i + 1] = ((i1 & 0x0003f000) << 12) | ((i1 & 0x0000003f) << 16) - | ((i2 & 0x0003f000) >>> 4) | (i2 & 0x0000003f); - } - - return newKey; - } - - /** - * the DES engine. - */ - protected void desFunc( - int[] wKey, - byte[] in, - int inOff, - byte[] out, - int outOff) - { - int work, right, left; - - left = (in[inOff + 0] & 0xff) << 24; - left |= (in[inOff + 1] & 0xff) << 16; - left |= (in[inOff + 2] & 0xff) << 8; - left |= (in[inOff + 3] & 0xff); - - right = (in[inOff + 4] & 0xff) << 24; - right |= (in[inOff + 5] & 0xff) << 16; - right |= (in[inOff + 6] & 0xff) << 8; - right |= (in[inOff + 7] & 0xff); - - work = ((left >>> 4) ^ right) & 0x0f0f0f0f; - right ^= work; - left ^= (work << 4); - work = ((left >>> 16) ^ right) & 0x0000ffff; - right ^= work; - left ^= (work << 16); - work = ((right >>> 2) ^ left) & 0x33333333; - left ^= work; - right ^= (work << 2); - work = ((right >>> 8) ^ left) & 0x00ff00ff; - left ^= work; - right ^= (work << 8); - right = ((right << 1) | ((right >>> 31) & 1)) & 0xffffffff; - work = (left ^ right) & 0xaaaaaaaa; - left ^= work; - right ^= work; - left = ((left << 1) | ((left >>> 31) & 1)) & 0xffffffff; - - for (int round = 0; round < 8; round++) - { - int fval; - - work = (right << 28) | (right >>> 4); - work ^= wKey[round * 4 + 0]; - fval = SP7[ work & 0x3f]; - fval |= SP5[(work >>> 8) & 0x3f]; - fval |= SP3[(work >>> 16) & 0x3f]; - fval |= SP1[(work >>> 24) & 0x3f]; - work = right ^ wKey[round * 4 + 1]; - fval |= SP8[ work & 0x3f]; - fval |= SP6[(work >>> 8) & 0x3f]; - fval |= SP4[(work >>> 16) & 0x3f]; - fval |= SP2[(work >>> 24) & 0x3f]; - left ^= fval; - work = (left << 28) | (left >>> 4); - work ^= wKey[round * 4 + 2]; - fval = SP7[ work & 0x3f]; - fval |= SP5[(work >>> 8) & 0x3f]; - fval |= SP3[(work >>> 16) & 0x3f]; - fval |= SP1[(work >>> 24) & 0x3f]; - work = left ^ wKey[round * 4 + 3]; - fval |= SP8[ work & 0x3f]; - fval |= SP6[(work >>> 8) & 0x3f]; - fval |= SP4[(work >>> 16) & 0x3f]; - fval |= SP2[(work >>> 24) & 0x3f]; - right ^= fval; - } - - right = (right << 31) | (right >>> 1); - work = (left ^ right) & 0xaaaaaaaa; - left ^= work; - right ^= work; - left = (left << 31) | (left >>> 1); - work = ((left >>> 8) ^ right) & 0x00ff00ff; - right ^= work; - left ^= (work << 8); - work = ((left >>> 2) ^ right) & 0x33333333; - right ^= work; - left ^= (work << 2); - work = ((right >>> 16) ^ left) & 0x0000ffff; - left ^= work; - right ^= (work << 16); - work = ((right >>> 4) ^ left) & 0x0f0f0f0f; - left ^= work; - right ^= (work << 4); - - out[outOff + 0] = (byte)((right >>> 24) & 0xff); - out[outOff + 1] = (byte)((right >>> 16) & 0xff); - out[outOff + 2] = (byte)((right >>> 8) & 0xff); - out[outOff + 3] = (byte)(right & 0xff); - out[outOff + 4] = (byte)((left >>> 24) & 0xff); - out[outOff + 5] = (byte)((left >>> 16) & 0xff); - out[outOff + 6] = (byte)((left >>> 8) & 0xff); - out[outOff + 7] = (byte)(left & 0xff); - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/engines/DESedeEngine.java b/luni/src/main/java/org/bouncycastle/crypto/engines/DESedeEngine.java deleted file mode 100644 index a340034..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/engines/DESedeEngine.java +++ /dev/null @@ -1,126 +0,0 @@ -package org.bouncycastle.crypto.engines; - -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.params.KeyParameter; - -/** - * a class that provides a basic DESede (or Triple DES) engine. - */ -public class DESedeEngine - extends DESEngine -{ - protected static final int BLOCK_SIZE = 8; - - private int[] workingKey1 = null; - private int[] workingKey2 = null; - private int[] workingKey3 = null; - - private boolean forEncryption; - - /** - * standard constructor. - */ - public DESedeEngine() - { - } - - /** - * initialise a DESede cipher. - * - * @param encrypting whether or not we are for encryption. - * @param params the parameters required to set up the cipher. - * @exception IllegalArgumentException if the params argument is - * inappropriate. - */ - public void init( - boolean encrypting, - CipherParameters params) - { - if (!(params instanceof KeyParameter)) - { - throw new IllegalArgumentException("invalid parameter passed to DESede init - " + params.getClass().getName()); - } - - byte[] keyMaster = ((KeyParameter)params).getKey(); - byte[] key1 = new byte[8], key2 = new byte[8], key3 = new byte[8]; - - if (keyMaster.length > 24) - { - throw new IllegalArgumentException("key size greater than 24 bytes"); - } - - this.forEncryption = encrypting; - - if (keyMaster.length == 24) - { - System.arraycopy(keyMaster, 0, key1, 0, key1.length); - System.arraycopy(keyMaster, 8, key2, 0, key2.length); - System.arraycopy(keyMaster, 16, key3, 0, key3.length); - - workingKey1 = generateWorkingKey(encrypting, key1); - workingKey2 = generateWorkingKey(!encrypting, key2); - workingKey3 = generateWorkingKey(encrypting, key3); - } - else // 16 byte key - { - System.arraycopy(keyMaster, 0, key1, 0, key1.length); - System.arraycopy(keyMaster, 8, key2, 0, key2.length); - - workingKey1 = generateWorkingKey(encrypting, key1); - workingKey2 = generateWorkingKey(!encrypting, key2); - workingKey3 = workingKey1; - } - } - - public String getAlgorithmName() - { - return "DESede"; - } - - public int getBlockSize() - { - return BLOCK_SIZE; - } - - public int processBlock( - byte[] in, - int inOff, - byte[] out, - int outOff) - { - if (workingKey1 == null) - { - throw new IllegalStateException("DESede engine not initialised"); - } - - if ((inOff + BLOCK_SIZE) > in.length) - { - throw new DataLengthException("input buffer too short"); - } - - if ((outOff + BLOCK_SIZE) > out.length) - { - throw new DataLengthException("output buffer too short"); - } - - if (forEncryption) - { - desFunc(workingKey1, in, inOff, out, outOff); - desFunc(workingKey2, out, outOff, out, outOff); - desFunc(workingKey3, out, outOff, out, outOff); - } - else - { - desFunc(workingKey3, in, inOff, out, outOff); - desFunc(workingKey2, out, outOff, out, outOff); - desFunc(workingKey1, out, outOff, out, outOff); - } - - return BLOCK_SIZE; - } - - public void reset() - { - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/engines/DESedeWrapEngine.java b/luni/src/main/java/org/bouncycastle/crypto/engines/DESedeWrapEngine.java deleted file mode 100644 index e37244b..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/engines/DESedeWrapEngine.java +++ /dev/null @@ -1,366 +0,0 @@ -package org.bouncycastle.crypto.engines; - -import java.security.SecureRandom; - -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.InvalidCipherTextException; -import org.bouncycastle.crypto.Wrapper; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.modes.CBCBlockCipher; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; - -/** - * Wrap keys according to - * <A HREF="http://www.ietf.org/internet-drafts/draft-ietf-smime-key-wrap-01.txt"> - * draft-ietf-smime-key-wrap-01.txt</A>. - * <p> - * Note: - * <ul> - * <li>this is based on a draft, and as such is subject to change - don't use this class for anything requiring long term storage. - * <li>if you are using this to wrap triple-des keys you need to set the - * parity bits on the key and, if it's a two-key triple-des key, pad it - * yourself. - * </ul> - */ -public class DESedeWrapEngine - implements Wrapper -{ - /** Field engine */ - private CBCBlockCipher engine; - - /** Field param */ - private KeyParameter param; - - /** Field paramPlusIV */ - private ParametersWithIV paramPlusIV; - - /** Field iv */ - private byte[] iv; - - /** Field forWrapping */ - private boolean forWrapping; - - /** Field IV2 */ - private static final byte[] IV2 = { (byte) 0x4a, (byte) 0xdd, (byte) 0xa2, - (byte) 0x2c, (byte) 0x79, (byte) 0xe8, - (byte) 0x21, (byte) 0x05 }; - - // - // checksum digest - // - Digest sha1 = new SHA1Digest(); - byte[] digest = new byte[20]; - - /** - * Method init - * - * @param forWrapping - * @param param - */ - public void init(boolean forWrapping, CipherParameters param) - { - - this.forWrapping = forWrapping; - this.engine = new CBCBlockCipher(new DESedeEngine()); - - if (param instanceof KeyParameter) - { - this.param = (KeyParameter)param; - - if (this.forWrapping) - { - - // Hm, we have no IV but we want to wrap ?!? - // well, then we have to create our own IV. - this.iv = new byte[8]; - - SecureRandom sr = new SecureRandom(); - - sr.nextBytes(iv); - - this.paramPlusIV = new ParametersWithIV(this.param, this.iv); - } - } - else if (param instanceof ParametersWithIV) - { - this.paramPlusIV = (ParametersWithIV)param; - this.iv = this.paramPlusIV.getIV(); - this.param = (KeyParameter)this.paramPlusIV.getParameters(); - - if (this.forWrapping) - { - if ((this.iv == null) || (this.iv.length != 8)) - { - throw new IllegalArgumentException("IV is not 8 octets"); - } - } - else - { - throw new IllegalArgumentException( - "You should not supply an IV for unwrapping"); - } - } - } - - /** - * Method getAlgorithmName - * - * @return the algorithm name "DESede". - */ - public String getAlgorithmName() - { - return "DESede"; - } - - /** - * Method wrap - * - * @param in - * @param inOff - * @param inLen - * @return the wrapped bytes. - */ - public byte[] wrap(byte[] in, int inOff, int inLen) - { - if (!forWrapping) - { - throw new IllegalStateException("Not initialized for wrapping"); - } - - byte keyToBeWrapped[] = new byte[inLen]; - - System.arraycopy(in, inOff, keyToBeWrapped, 0, inLen); - - // Compute the CMS Key Checksum, (section 5.6.1), call this CKS. - byte[] CKS = calculateCMSKeyChecksum(keyToBeWrapped); - - // Let WKCKS = WK || CKS where || is concatenation. - byte[] WKCKS = new byte[keyToBeWrapped.length + CKS.length]; - - System.arraycopy(keyToBeWrapped, 0, WKCKS, 0, keyToBeWrapped.length); - System.arraycopy(CKS, 0, WKCKS, keyToBeWrapped.length, CKS.length); - - // Encrypt WKCKS in CBC mode using KEK as the key and IV as the - // initialization vector. Call the results TEMP1. - byte TEMP1[] = new byte[WKCKS.length]; - - System.arraycopy(WKCKS, 0, TEMP1, 0, WKCKS.length); - - int noOfBlocks = WKCKS.length / engine.getBlockSize(); - int extraBytes = WKCKS.length % engine.getBlockSize(); - - if (extraBytes != 0) - { - throw new IllegalStateException("Not multiple of block length"); - } - - engine.init(true, paramPlusIV); - - for (int i = 0; i < noOfBlocks; i++) - { - int currentBytePos = i * engine.getBlockSize(); - - engine.processBlock(TEMP1, currentBytePos, TEMP1, currentBytePos); - } - - // Left TEMP2 = IV || TEMP1. - byte[] TEMP2 = new byte[this.iv.length + TEMP1.length]; - - System.arraycopy(this.iv, 0, TEMP2, 0, this.iv.length); - System.arraycopy(TEMP1, 0, TEMP2, this.iv.length, TEMP1.length); - - // Reverse the order of the octets in TEMP2 and call the result TEMP3. - byte[] TEMP3 = new byte[TEMP2.length]; - - for (int i = 0; i < TEMP2.length; i++) - { - TEMP3[i] = TEMP2[TEMP2.length - (i + 1)]; - } - - // Encrypt TEMP3 in CBC mode using the KEK and an initialization vector - // of 0x 4a dd a2 2c 79 e8 21 05. The resulting cipher text is the desired - // result. It is 40 octets long if a 168 bit key is being wrapped. - ParametersWithIV param2 = new ParametersWithIV(this.param, IV2); - - this.engine.init(true, param2); - - for (int i = 0; i < noOfBlocks + 1; i++) - { - int currentBytePos = i * engine.getBlockSize(); - - engine.processBlock(TEMP3, currentBytePos, TEMP3, currentBytePos); - } - - return TEMP3; - } - - /** - * Method unwrap - * - * @param in - * @param inOff - * @param inLen - * @return the unwrapped bytes. - * @throws InvalidCipherTextException - */ - public byte[] unwrap(byte[] in, int inOff, int inLen) - throws InvalidCipherTextException - { - if (forWrapping) - { - throw new IllegalStateException("Not set for unwrapping"); - } - - if (in == null) - { - throw new InvalidCipherTextException("Null pointer as ciphertext"); - } - - if (inLen % engine.getBlockSize() != 0) - { - throw new InvalidCipherTextException("Ciphertext not multiple of " - + engine.getBlockSize()); - } - - /* - // Check if the length of the cipher text is reasonable given the key - // type. It must be 40 bytes for a 168 bit key and either 32, 40, or - // 48 bytes for a 128, 192, or 256 bit key. If the length is not supported - // or inconsistent with the algorithm for which the key is intended, - // return error. - // - // we do not accept 168 bit keys. it has to be 192 bit. - int lengthA = (estimatedKeyLengthInBit / 8) + 16; - int lengthB = estimatedKeyLengthInBit % 8; - - if ((lengthA != keyToBeUnwrapped.length) || (lengthB != 0)) { - throw new XMLSecurityException("empty"); - } - */ - - // Decrypt the cipher text with TRIPLedeS in CBC mode using the KEK - // and an initialization vector (IV) of 0x4adda22c79e82105. Call the output TEMP3. - ParametersWithIV param2 = new ParametersWithIV(this.param, IV2); - - this.engine.init(false, param2); - - byte TEMP3[] = new byte[inLen]; - - System.arraycopy(in, inOff, TEMP3, 0, inLen); - - for (int i = 0; i < (TEMP3.length / engine.getBlockSize()); i++) - { - int currentBytePos = i * engine.getBlockSize(); - - engine.processBlock(TEMP3, currentBytePos, TEMP3, currentBytePos); - } - - // Reverse the order of the octets in TEMP3 and call the result TEMP2. - byte[] TEMP2 = new byte[TEMP3.length]; - - for (int i = 0; i < TEMP3.length; i++) - { - TEMP2[i] = TEMP3[TEMP3.length - (i + 1)]; - } - - // Decompose TEMP2 into IV, the first 8 octets, and TEMP1, the remaining octets. - this.iv = new byte[8]; - - byte[] TEMP1 = new byte[TEMP2.length - 8]; - - System.arraycopy(TEMP2, 0, this.iv, 0, 8); - System.arraycopy(TEMP2, 8, TEMP1, 0, TEMP2.length - 8); - - // Decrypt TEMP1 using TRIPLedeS in CBC mode using the KEK and the IV - // found in the previous step. Call the result WKCKS. - this.paramPlusIV = new ParametersWithIV(this.param, this.iv); - - this.engine.init(false, this.paramPlusIV); - - byte[] WKCKS = new byte[TEMP1.length]; - - System.arraycopy(TEMP1, 0, WKCKS, 0, TEMP1.length); - - for (int i = 0; i < (WKCKS.length / engine.getBlockSize()); i++) - { - int currentBytePos = i * engine.getBlockSize(); - - engine.processBlock(WKCKS, currentBytePos, WKCKS, currentBytePos); - } - - // Decompose WKCKS. CKS is the last 8 octets and WK, the wrapped key, are - // those octets before the CKS. - byte[] result = new byte[WKCKS.length - 8]; - byte[] CKStoBeVerified = new byte[8]; - - System.arraycopy(WKCKS, 0, result, 0, WKCKS.length - 8); - System.arraycopy(WKCKS, WKCKS.length - 8, CKStoBeVerified, 0, 8); - - // Calculate a CMS Key Checksum, (section 5.6.1), over the WK and compare - // with the CKS extracted in the above step. If they are not equal, return error. - if (!checkCMSKeyChecksum(result, CKStoBeVerified)) - { - throw new InvalidCipherTextException( - "Checksum inside ciphertext is corrupted"); - } - - // WK is the wrapped key, now extracted for use in data decryption. - return result; - } - - /** - * Some key wrap algorithms make use of the Key Checksum defined - * in CMS [CMS-Algorithms]. This is used to provide an integrity - * check value for the key being wrapped. The algorithm is - * - * - Compute the 20 octet SHA-1 hash on the key being wrapped. - * - Use the first 8 octets of this hash as the checksum value. - * - * @param key - * @return the CMS checksum. - * @throws RuntimeException - * @see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum - */ - private byte[] calculateCMSKeyChecksum( - byte[] key) - { - byte[] result = new byte[8]; - - sha1.update(key, 0, key.length); - sha1.doFinal(digest, 0); - - System.arraycopy(digest, 0, result, 0, 8); - - return result; - } - - /** - * @param key - * @param checksum - * @return true if okay, false otherwise. - * @see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum - */ - private boolean checkCMSKeyChecksum( - byte[] key, - byte[] checksum) - { - byte[] calculatedChecksum = calculateCMSKeyChecksum(key); - - if (checksum.length != calculatedChecksum.length) - { - return false; - } - - for (int i = 0; i != checksum.length; i++) - { - if (checksum[i] != calculatedChecksum[i]) - { - return false; - } - } - - return true; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/engines/IESEngine.java b/luni/src/main/java/org/bouncycastle/crypto/engines/IESEngine.java deleted file mode 100644 index 723fd9a..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/engines/IESEngine.java +++ /dev/null @@ -1,245 +0,0 @@ -package org.bouncycastle.crypto.engines; - -import java.math.BigInteger; - -import org.bouncycastle.crypto.BasicAgreement; -import org.bouncycastle.crypto.BufferedBlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DerivationFunction; -import org.bouncycastle.crypto.InvalidCipherTextException; -import org.bouncycastle.crypto.Mac; -import org.bouncycastle.crypto.params.IESParameters; -import org.bouncycastle.crypto.params.IESWithCipherParameters; -import org.bouncycastle.crypto.params.KDFParameters; -import org.bouncycastle.crypto.params.KeyParameter; - -/** - * support class for constructing intergrated encryption ciphers - * for doing basic message exchanges on top of key agreement ciphers - */ -public class IESEngine -{ - BasicAgreement agree; - DerivationFunction kdf; - Mac mac; - BufferedBlockCipher cipher; - byte[] macBuf; - - boolean forEncryption; - CipherParameters privParam, pubParam; - IESParameters param; - - /** - * set up for use with stream mode, where the key derivation function - * is used to provide a stream of bytes to xor with the message. - * - * @param agree the key agreement used as the basis for the encryption - * @param kdf the key derivation function used for byte generation - * @param mac the message authentication code generator for the message - */ - public IESEngine( - BasicAgreement agree, - DerivationFunction kdf, - Mac mac) - { - this.agree = agree; - this.kdf = kdf; - this.mac = mac; - this.macBuf = new byte[mac.getMacSize()]; - this.cipher = null; - } - - /** - * set up for use in conjunction with a block cipher to handle the - * message. - * - * @param agree the key agreement used as the basis for the encryption - * @param kdf the key derivation function used for byte generation - * @param mac the message authentication code generator for the message - * @param cipher the cipher to used for encrypting the message - */ - public IESEngine( - BasicAgreement agree, - DerivationFunction kdf, - Mac mac, - BufferedBlockCipher cipher) - { - this.agree = agree; - this.kdf = kdf; - this.mac = mac; - this.macBuf = new byte[mac.getMacSize()]; - this.cipher = cipher; - } - - /** - * Initialise the encryptor. - * - * @param forEncryption whether or not this is encryption/decryption. - * @param privParam our private key parameters - * @param pubParam the recipient's/sender's public key parameters - * @param param encoding and derivation parameters. - */ - public void init( - boolean forEncryption, - CipherParameters privParam, - CipherParameters pubParam, - CipherParameters param) - { - this.forEncryption = forEncryption; - this.privParam = privParam; - this.pubParam = pubParam; - this.param = (IESParameters)param; - } - - private byte[] decryptBlock( - byte[] in_enc, - int inOff, - int inLen, - byte[] z) - throws InvalidCipherTextException - { - byte[] M = null; - KeyParameter macKey = null; - KDFParameters kParam = new KDFParameters(z, param.getDerivationV()); - int macKeySize = param.getMacKeySize(); - - kdf.init(kParam); - - inLen -= mac.getMacSize(); - - if (cipher == null) // stream mode - { - byte[] buf = new byte[inLen + (macKeySize / 8)]; - - M = new byte[inLen]; - - kdf.generateBytes(buf, 0, buf.length); - - for (int i = 0; i != inLen; i++) - { - M[i] = (byte)(in_enc[inOff + i] ^ buf[i]); - } - - macKey = new KeyParameter(buf, inLen, (macKeySize / 8)); - } - else - { - int cipherKeySize = ((IESWithCipherParameters)param).getCipherKeySize(); - byte[] buf = new byte[(cipherKeySize / 8) + (macKeySize / 8)]; - - cipher.init(false, new KeyParameter(buf, 0, (cipherKeySize / 8))); - - byte[] tmp = new byte[cipher.getOutputSize(inLen)]; - - int off = cipher.processBytes(in_enc, inOff, inLen, tmp, 0); - - off += cipher.doFinal(tmp, off); - - M = new byte[off]; - - System.arraycopy(tmp, 0, M, 0, off); - - macKey = new KeyParameter(buf, (cipherKeySize / 8), (macKeySize / 8)); - } - - byte[] macIV = param.getEncodingV(); - - mac.init(macKey); - mac.update(in_enc, inOff, inLen); - mac.update(macIV, 0, macIV.length); - mac.doFinal(macBuf, 0); - - inOff += inLen; - - for (int t = 0; t < macBuf.length; t++) - { - if (macBuf[t] != in_enc[inOff + t]) - { - throw (new InvalidCipherTextException("Mac codes failed to equal.")); - } - } - - return M; - } - - private byte[] encryptBlock( - byte[] in, - int inOff, - int inLen, - byte[] z) - throws InvalidCipherTextException - { - byte[] C = null; - KeyParameter macKey = null; - KDFParameters kParam = new KDFParameters(z, param.getDerivationV()); - int c_text_length = 0; - int macKeySize = param.getMacKeySize(); - - kdf.init(kParam); - - if (cipher == null) // stream mode - { - byte[] buf = new byte[inLen + (macKeySize / 8)]; - - C = new byte[inLen + mac.getMacSize()]; - c_text_length = inLen; - - kdf.generateBytes(buf, 0, buf.length); - - for (int i = 0; i != inLen; i++) - { - C[i] = (byte)(in[inOff + i] ^ buf[i]); - } - - macKey = new KeyParameter(buf, inLen, (macKeySize / 8)); - } - else - { - int cipherKeySize = ((IESWithCipherParameters)param).getCipherKeySize(); - byte[] buf = new byte[(cipherKeySize / 8) + (macKeySize / 8)]; - - cipher.init(true, new KeyParameter(buf, 0, (cipherKeySize / 8))); - - c_text_length = cipher.getOutputSize(inLen); - - C = new byte[c_text_length + mac.getMacSize()]; - - int off = cipher.processBytes(in, inOff, inLen, C, 0); - - cipher.doFinal(C, off); - - macKey = new KeyParameter(buf, (cipherKeySize / 8), (macKeySize / 8)); - } - - byte[] macIV = param.getEncodingV(); - - mac.init(macKey); - mac.update(C, 0, c_text_length); - mac.update(macIV, 0, macIV.length); - // - // return the message and it's MAC - // - mac.doFinal(C, c_text_length); - return C; - } - - public byte[] processBlock( - byte[] in, - int inOff, - int inLen) - throws InvalidCipherTextException - { - agree.init(privParam); - - BigInteger z = agree.calculateAgreement(pubParam); - - if (forEncryption) - { - return encryptBlock(in, inOff, inLen, z.toByteArray()); - } - else - { - return decryptBlock(in, inOff, inLen, z.toByteArray()); - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/engines/NullEngine.java b/luni/src/main/java/org/bouncycastle/crypto/engines/NullEngine.java deleted file mode 100644 index 22544ac..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/engines/NullEngine.java +++ /dev/null @@ -1,79 +0,0 @@ -package org.bouncycastle.crypto.engines; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DataLengthException; - -/** - * The no-op engine that just copies bytes through, irrespective of whether encrypting and decrypting. - * Provided for the sake of completeness. - */ -public class NullEngine implements BlockCipher -{ - - protected static final int BLOCK_SIZE = 1; - - /** - * Standard constructor. - */ - public NullEngine() - { - super(); - } - - /* (non-Javadoc) - * @see org.bouncycastle.crypto.BlockCipher#init(boolean, org.bouncycastle.crypto.CipherParameters) - */ - public void init(boolean forEncryption, CipherParameters params) throws IllegalArgumentException - { - // we don't mind any parameters that may come in - } - - /* (non-Javadoc) - * @see org.bouncycastle.crypto.BlockCipher#getAlgorithmName() - */ - public String getAlgorithmName() - { - return "Null"; - } - - /* (non-Javadoc) - * @see org.bouncycastle.crypto.BlockCipher#getBlockSize() - */ - public int getBlockSize() - { - return BLOCK_SIZE; - } - - /* (non-Javadoc) - * @see org.bouncycastle.crypto.BlockCipher#processBlock(byte[], int, byte[], int) - */ - public int processBlock(byte[] in, int inOff, byte[] out, int outOff) - throws DataLengthException, IllegalStateException - { - if ((inOff + BLOCK_SIZE) > in.length) - { - throw new DataLengthException("input buffer too short"); - } - - if ((outOff + BLOCK_SIZE) > out.length) - { - throw new DataLengthException("output buffer too short"); - } - - for (int i = 0; i < BLOCK_SIZE; ++i) - { - out[outOff + i] = in[inOff + i]; - } - - return BLOCK_SIZE; - } - - /* (non-Javadoc) - * @see org.bouncycastle.crypto.BlockCipher#reset() - */ - public void reset() - { - // nothing needs to be done - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/engines/RC2Engine.java b/luni/src/main/java/org/bouncycastle/crypto/engines/RC2Engine.java deleted file mode 100644 index e5a9bb3..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/engines/RC2Engine.java +++ /dev/null @@ -1,316 +0,0 @@ -package org.bouncycastle.crypto.engines; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.RC2Parameters; - -/** - * an implementation of RC2 as described in RFC 2268 - * "A Description of the RC2(r) Encryption Algorithm" R. Rivest. - */ -public class RC2Engine - implements BlockCipher -{ - // - // the values we use for key expansion (based on the digits of PI) - // - private static byte[] piTable = - { - (byte)0xd9, (byte)0x78, (byte)0xf9, (byte)0xc4, (byte)0x19, (byte)0xdd, (byte)0xb5, (byte)0xed, - (byte)0x28, (byte)0xe9, (byte)0xfd, (byte)0x79, (byte)0x4a, (byte)0xa0, (byte)0xd8, (byte)0x9d, - (byte)0xc6, (byte)0x7e, (byte)0x37, (byte)0x83, (byte)0x2b, (byte)0x76, (byte)0x53, (byte)0x8e, - (byte)0x62, (byte)0x4c, (byte)0x64, (byte)0x88, (byte)0x44, (byte)0x8b, (byte)0xfb, (byte)0xa2, - (byte)0x17, (byte)0x9a, (byte)0x59, (byte)0xf5, (byte)0x87, (byte)0xb3, (byte)0x4f, (byte)0x13, - (byte)0x61, (byte)0x45, (byte)0x6d, (byte)0x8d, (byte)0x9, (byte)0x81, (byte)0x7d, (byte)0x32, - (byte)0xbd, (byte)0x8f, (byte)0x40, (byte)0xeb, (byte)0x86, (byte)0xb7, (byte)0x7b, (byte)0xb, - (byte)0xf0, (byte)0x95, (byte)0x21, (byte)0x22, (byte)0x5c, (byte)0x6b, (byte)0x4e, (byte)0x82, - (byte)0x54, (byte)0xd6, (byte)0x65, (byte)0x93, (byte)0xce, (byte)0x60, (byte)0xb2, (byte)0x1c, - (byte)0x73, (byte)0x56, (byte)0xc0, (byte)0x14, (byte)0xa7, (byte)0x8c, (byte)0xf1, (byte)0xdc, - (byte)0x12, (byte)0x75, (byte)0xca, (byte)0x1f, (byte)0x3b, (byte)0xbe, (byte)0xe4, (byte)0xd1, - (byte)0x42, (byte)0x3d, (byte)0xd4, (byte)0x30, (byte)0xa3, (byte)0x3c, (byte)0xb6, (byte)0x26, - (byte)0x6f, (byte)0xbf, (byte)0xe, (byte)0xda, (byte)0x46, (byte)0x69, (byte)0x7, (byte)0x57, - (byte)0x27, (byte)0xf2, (byte)0x1d, (byte)0x9b, (byte)0xbc, (byte)0x94, (byte)0x43, (byte)0x3, - (byte)0xf8, (byte)0x11, (byte)0xc7, (byte)0xf6, (byte)0x90, (byte)0xef, (byte)0x3e, (byte)0xe7, - (byte)0x6, (byte)0xc3, (byte)0xd5, (byte)0x2f, (byte)0xc8, (byte)0x66, (byte)0x1e, (byte)0xd7, - (byte)0x8, (byte)0xe8, (byte)0xea, (byte)0xde, (byte)0x80, (byte)0x52, (byte)0xee, (byte)0xf7, - (byte)0x84, (byte)0xaa, (byte)0x72, (byte)0xac, (byte)0x35, (byte)0x4d, (byte)0x6a, (byte)0x2a, - (byte)0x96, (byte)0x1a, (byte)0xd2, (byte)0x71, (byte)0x5a, (byte)0x15, (byte)0x49, (byte)0x74, - (byte)0x4b, (byte)0x9f, (byte)0xd0, (byte)0x5e, (byte)0x4, (byte)0x18, (byte)0xa4, (byte)0xec, - (byte)0xc2, (byte)0xe0, (byte)0x41, (byte)0x6e, (byte)0xf, (byte)0x51, (byte)0xcb, (byte)0xcc, - (byte)0x24, (byte)0x91, (byte)0xaf, (byte)0x50, (byte)0xa1, (byte)0xf4, (byte)0x70, (byte)0x39, - (byte)0x99, (byte)0x7c, (byte)0x3a, (byte)0x85, (byte)0x23, (byte)0xb8, (byte)0xb4, (byte)0x7a, - (byte)0xfc, (byte)0x2, (byte)0x36, (byte)0x5b, (byte)0x25, (byte)0x55, (byte)0x97, (byte)0x31, - (byte)0x2d, (byte)0x5d, (byte)0xfa, (byte)0x98, (byte)0xe3, (byte)0x8a, (byte)0x92, (byte)0xae, - (byte)0x5, (byte)0xdf, (byte)0x29, (byte)0x10, (byte)0x67, (byte)0x6c, (byte)0xba, (byte)0xc9, - (byte)0xd3, (byte)0x0, (byte)0xe6, (byte)0xcf, (byte)0xe1, (byte)0x9e, (byte)0xa8, (byte)0x2c, - (byte)0x63, (byte)0x16, (byte)0x1, (byte)0x3f, (byte)0x58, (byte)0xe2, (byte)0x89, (byte)0xa9, - (byte)0xd, (byte)0x38, (byte)0x34, (byte)0x1b, (byte)0xab, (byte)0x33, (byte)0xff, (byte)0xb0, - (byte)0xbb, (byte)0x48, (byte)0xc, (byte)0x5f, (byte)0xb9, (byte)0xb1, (byte)0xcd, (byte)0x2e, - (byte)0xc5, (byte)0xf3, (byte)0xdb, (byte)0x47, (byte)0xe5, (byte)0xa5, (byte)0x9c, (byte)0x77, - (byte)0xa, (byte)0xa6, (byte)0x20, (byte)0x68, (byte)0xfe, (byte)0x7f, (byte)0xc1, (byte)0xad - }; - - private static final int BLOCK_SIZE = 8; - - private int[] workingKey; - private boolean encrypting; - - private int[] generateWorkingKey( - byte[] key, - int bits) - { - int x; - int[] xKey = new int[128]; - - for (int i = 0; i != key.length; i++) - { - xKey[i] = key[i] & 0xff; - } - - // Phase 1: Expand input key to 128 bytes - int len = key.length; - - if (len < 128) - { - int index = 0; - - x = xKey[len - 1]; - - do - { - x = piTable[(x + xKey[index++]) & 255] & 0xff; - xKey[len++] = x; - } - while (len < 128); - } - - // Phase 2 - reduce effective key size to "bits" - len = (bits + 7) >> 3; - x = piTable[xKey[128 - len] & (255 >> (7 & -bits))] & 0xff; - xKey[128 - len] = x; - - for (int i = 128 - len - 1; i >= 0; i--) - { - x = piTable[x ^ xKey[i + len]] & 0xff; - xKey[i] = x; - } - - // Phase 3 - copy to newKey in little-endian order - int[] newKey = new int[64]; - - for (int i = 0; i != newKey.length; i++) - { - newKey[i] = (xKey[2 * i] + (xKey[2 * i + 1] << 8)); - } - - return newKey; - } - - /** - * initialise a RC2 cipher. - * - * @param encrypting whether or not we are for encryption. - * @param params the parameters required to set up the cipher. - * @exception IllegalArgumentException if the params argument is - * inappropriate. - */ - public void init( - boolean encrypting, - CipherParameters params) - { - this.encrypting = encrypting; - - if (params instanceof RC2Parameters) - { - RC2Parameters param = (RC2Parameters)params; - - workingKey = generateWorkingKey(param.getKey(), - param.getEffectiveKeyBits()); - } - else if (params instanceof KeyParameter) - { - byte[] key = ((KeyParameter)params).getKey(); - - workingKey = generateWorkingKey(key, key.length * 8); - } - else - { - throw new IllegalArgumentException("invalid parameter passed to RC2 init - " + params.getClass().getName()); - } - - } - - public void reset() - { - } - - public String getAlgorithmName() - { - return "RC2"; - } - - public int getBlockSize() - { - return BLOCK_SIZE; - } - - public final int processBlock( - byte[] in, - int inOff, - byte[] out, - int outOff) - { - if (workingKey == null) - { - throw new IllegalStateException("RC2 engine not initialised"); - } - - if ((inOff + BLOCK_SIZE) > in.length) - { - throw new DataLengthException("input buffer too short"); - } - - if ((outOff + BLOCK_SIZE) > out.length) - { - throw new DataLengthException("output buffer too short"); - } - - if (encrypting) - { - encryptBlock(in, inOff, out, outOff); - } - else - { - decryptBlock(in, inOff, out, outOff); - } - - return BLOCK_SIZE; - } - - /** - * return the result rotating the 16 bit number in x left by y - */ - private int rotateWordLeft( - int x, - int y) - { - x &= 0xffff; - return (x << y) | (x >> (16 - y)); - } - - private void encryptBlock( - byte[] in, - int inOff, - byte[] out, - int outOff) - { - int x76, x54, x32, x10; - - x76 = ((in[inOff + 7] & 0xff) << 8) + (in[inOff + 6] & 0xff); - x54 = ((in[inOff + 5] & 0xff) << 8) + (in[inOff + 4] & 0xff); - x32 = ((in[inOff + 3] & 0xff) << 8) + (in[inOff + 2] & 0xff); - x10 = ((in[inOff + 1] & 0xff) << 8) + (in[inOff + 0] & 0xff); - - for (int i = 0; i <= 16; i += 4) - { - x10 = rotateWordLeft(x10 + (x32 & ~x76) + (x54 & x76) + workingKey[i ], 1); - x32 = rotateWordLeft(x32 + (x54 & ~x10) + (x76 & x10) + workingKey[i+1], 2); - x54 = rotateWordLeft(x54 + (x76 & ~x32) + (x10 & x32) + workingKey[i+2], 3); - x76 = rotateWordLeft(x76 + (x10 & ~x54) + (x32 & x54) + workingKey[i+3], 5); - } - - x10 += workingKey[x76 & 63]; - x32 += workingKey[x10 & 63]; - x54 += workingKey[x32 & 63]; - x76 += workingKey[x54 & 63]; - - for (int i = 20; i <= 40; i += 4) - { - x10 = rotateWordLeft(x10 + (x32 & ~x76) + (x54 & x76) + workingKey[i ], 1); - x32 = rotateWordLeft(x32 + (x54 & ~x10) + (x76 & x10) + workingKey[i+1], 2); - x54 = rotateWordLeft(x54 + (x76 & ~x32) + (x10 & x32) + workingKey[i+2], 3); - x76 = rotateWordLeft(x76 + (x10 & ~x54) + (x32 & x54) + workingKey[i+3], 5); - } - - x10 += workingKey[x76 & 63]; - x32 += workingKey[x10 & 63]; - x54 += workingKey[x32 & 63]; - x76 += workingKey[x54 & 63]; - - for (int i = 44; i < 64; i += 4) - { - x10 = rotateWordLeft(x10 + (x32 & ~x76) + (x54 & x76) + workingKey[i ], 1); - x32 = rotateWordLeft(x32 + (x54 & ~x10) + (x76 & x10) + workingKey[i+1], 2); - x54 = rotateWordLeft(x54 + (x76 & ~x32) + (x10 & x32) + workingKey[i+2], 3); - x76 = rotateWordLeft(x76 + (x10 & ~x54) + (x32 & x54) + workingKey[i+3], 5); - } - - out[outOff + 0] = (byte)x10; - out[outOff + 1] = (byte)(x10 >> 8); - out[outOff + 2] = (byte)x32; - out[outOff + 3] = (byte)(x32 >> 8); - out[outOff + 4] = (byte)x54; - out[outOff + 5] = (byte)(x54 >> 8); - out[outOff + 6] = (byte)x76; - out[outOff + 7] = (byte)(x76 >> 8); - } - - private void decryptBlock( - byte[] in, - int inOff, - byte[] out, - int outOff) - { - int x76, x54, x32, x10; - - x76 = ((in[inOff + 7] & 0xff) << 8) + (in[inOff + 6] & 0xff); - x54 = ((in[inOff + 5] & 0xff) << 8) + (in[inOff + 4] & 0xff); - x32 = ((in[inOff + 3] & 0xff) << 8) + (in[inOff + 2] & 0xff); - x10 = ((in[inOff + 1] & 0xff) << 8) + (in[inOff + 0] & 0xff); - - for (int i = 60; i >= 44; i -= 4) - { - x76 = rotateWordLeft(x76, 11) - ((x10 & ~x54) + (x32 & x54) + workingKey[i+3]); - x54 = rotateWordLeft(x54, 13) - ((x76 & ~x32) + (x10 & x32) + workingKey[i+2]); - x32 = rotateWordLeft(x32, 14) - ((x54 & ~x10) + (x76 & x10) + workingKey[i+1]); - x10 = rotateWordLeft(x10, 15) - ((x32 & ~x76) + (x54 & x76) + workingKey[i ]); - } - - x76 -= workingKey[x54 & 63]; - x54 -= workingKey[x32 & 63]; - x32 -= workingKey[x10 & 63]; - x10 -= workingKey[x76 & 63]; - - for (int i = 40; i >= 20; i -= 4) - { - x76 = rotateWordLeft(x76, 11) - ((x10 & ~x54) + (x32 & x54) + workingKey[i+3]); - x54 = rotateWordLeft(x54, 13) - ((x76 & ~x32) + (x10 & x32) + workingKey[i+2]); - x32 = rotateWordLeft(x32, 14) - ((x54 & ~x10) + (x76 & x10) + workingKey[i+1]); - x10 = rotateWordLeft(x10, 15) - ((x32 & ~x76) + (x54 & x76) + workingKey[i ]); - } - - x76 -= workingKey[x54 & 63]; - x54 -= workingKey[x32 & 63]; - x32 -= workingKey[x10 & 63]; - x10 -= workingKey[x76 & 63]; - - for (int i = 16; i >= 0; i -= 4) - { - x76 = rotateWordLeft(x76, 11) - ((x10 & ~x54) + (x32 & x54) + workingKey[i+3]); - x54 = rotateWordLeft(x54, 13) - ((x76 & ~x32) + (x10 & x32) + workingKey[i+2]); - x32 = rotateWordLeft(x32, 14) - ((x54 & ~x10) + (x76 & x10) + workingKey[i+1]); - x10 = rotateWordLeft(x10, 15) - ((x32 & ~x76) + (x54 & x76) + workingKey[i ]); - } - - out[outOff + 0] = (byte)x10; - out[outOff + 1] = (byte)(x10 >> 8); - out[outOff + 2] = (byte)x32; - out[outOff + 3] = (byte)(x32 >> 8); - out[outOff + 4] = (byte)x54; - out[outOff + 5] = (byte)(x54 >> 8); - out[outOff + 6] = (byte)x76; - out[outOff + 7] = (byte)(x76 >> 8); - } -}
\ No newline at end of file diff --git a/luni/src/main/java/org/bouncycastle/crypto/engines/RSAEngine.java b/luni/src/main/java/org/bouncycastle/crypto/engines/RSAEngine.java deleted file mode 100644 index a010b01..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/engines/RSAEngine.java +++ /dev/null @@ -1,200 +0,0 @@ -package org.bouncycastle.crypto.engines; - -import java.math.BigInteger; - -import org.bouncycastle.crypto.AsymmetricBlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.params.RSAKeyParameters; -import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters; - -/** - * this does your basic RSA algorithm. - */ -public class RSAEngine - implements AsymmetricBlockCipher -{ - private RSAKeyParameters key; - private boolean forEncryption; - private int shift; - - /** - * initialise the RSA engine. - * - * @param forEncryption true if we are encrypting, false otherwise. - * @param param the necessary RSA key parameters. - */ - public void init( - boolean forEncryption, - CipherParameters param) - { - this.key = (RSAKeyParameters)param; - this.forEncryption = forEncryption; - - int bitSize = key.getModulus().bitLength(); - - if (bitSize % 8 == 0) // a multiple of 8 - { - this.shift = 0; - } - else - { - this.shift = (8 - (bitSize % 8)); - } - } - - /** - * Return the maximum size for an input block to this engine. - * For RSA this is always one byte less than the key size on - * encryption, and the same length as the key size on decryption. - * - * @return maximum size for an input block. - */ - public int getInputBlockSize() - { - int bitSize = key.getModulus().bitLength(); - - if (forEncryption) - { - return (bitSize + 7) / 8 - 1; - } - else - { - return (bitSize + 7) / 8; - } - } - - /** - * Return the maximum size for an output block to this engine. - * For RSA this is always one byte less than the key size on - * decryption, and the same length as the key size on encryption. - * - * @return maximum size for an output block. - */ - public int getOutputBlockSize() - { - int bitSize = key.getModulus().bitLength(); - - if (forEncryption) - { - return (bitSize + 7) / 8; - } - else - { - return (bitSize + 7) / 8 - 1; - } - } - - /** - * Process a single block using the basic RSA algorithm. - * - * @param in the input array. - * @param inOff the offset into the input buffer where the data starts. - * @param inLen the length of the data to be processed. - * @return the result of the RSA process. - * @exception DataLengthException the input block is too large. - */ - public byte[] processBlock( - byte[] in, - int inOff, - int inLen) - { - if (inLen > (getInputBlockSize() + 1)) - { - throw new DataLengthException("input too large for RSA cipher.\n"); - } - else if (inLen == (getInputBlockSize() + 1) && (in[inOff] & (0x80 >> shift)) != 0) - { - throw new DataLengthException("input too large for RSA cipher.\n"); - } - - byte[] block; - - if (inOff != 0 || inLen != in.length) - { - block = new byte[inLen]; - - System.arraycopy(in, inOff, block, 0, inLen); - } - else - { - block = in; - } - - BigInteger input = new BigInteger(1, block); - byte[] output; - - if (key instanceof RSAPrivateCrtKeyParameters) - { - // - // we have the extra factors, use the Chinese Remainder Theorem - the author - // wishes to express his thanks to Dirk Bonekaemper at rtsffm.com for - // advice regarding the expression of this. - // - RSAPrivateCrtKeyParameters crtKey = (RSAPrivateCrtKeyParameters)key; - - BigInteger p = crtKey.getP(); - BigInteger q = crtKey.getQ(); - BigInteger dP = crtKey.getDP(); - BigInteger dQ = crtKey.getDQ(); - BigInteger qInv = crtKey.getQInv(); - - BigInteger mP, mQ, h, m; - - // mP = ((input mod p) ^ dP)) mod p - mP = (input.remainder(p)).modPow(dP, p); - - // mQ = ((input mod q) ^ dQ)) mod q - mQ = (input.remainder(q)).modPow(dQ, q); - - // h = qInv * (mP - mQ) mod p - h = mP.subtract(mQ); - h = h.multiply(qInv); - h = h.mod(p); // mod (in Java) returns the positive residual - - // m = h * q + mQ - m = h.multiply(q); - m = m.add(mQ); - - output = m.toByteArray(); - } - else - { - output = input.modPow( - key.getExponent(), key.getModulus()).toByteArray(); - } - - if (forEncryption) - { - if (output[0] == 0 && output.length > getOutputBlockSize()) // have ended up with an extra zero byte, copy down. - { - byte[] tmp = new byte[output.length - 1]; - - System.arraycopy(output, 1, tmp, 0, tmp.length); - - return tmp; - } - - if (output.length < getOutputBlockSize()) // have ended up with less bytes than normal, lengthen - { - byte[] tmp = new byte[getOutputBlockSize()]; - - System.arraycopy(output, 0, tmp, tmp.length - output.length, output.length); - - return tmp; - } - } - else - { - if (output[0] == 0) // have ended up with an extra zero byte, copy down. - { - byte[] tmp = new byte[output.length - 1]; - - System.arraycopy(output, 1, tmp, 0, tmp.length); - - return tmp; - } - } - return output; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/generators/BaseKDFBytesGenerator.java b/luni/src/main/java/org/bouncycastle/crypto/generators/BaseKDFBytesGenerator.java deleted file mode 100644 index 268ae9b..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/generators/BaseKDFBytesGenerator.java +++ /dev/null @@ -1,142 +0,0 @@ -package org.bouncycastle.crypto.generators; - -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.DerivationFunction; -import org.bouncycastle.crypto.DerivationParameters; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.params.ISO18033KDFParameters; -import org.bouncycastle.crypto.params.KDFParameters; - -/** - * Basic KDF generator for derived keys and ivs as defined by IEEE P1363a/ISO 18033 - * <br> - * This implementation is based on ISO 18033/P1363a. - */ -public class BaseKDFBytesGenerator - implements DerivationFunction -{ - private int counterStart; - private Digest digest; - private byte[] shared; - private byte[] iv; - - /** - * Construct a KDF Parameters generator. - * <p> - * @param counterStart value of counter. - * @param digest the digest to be used as the source of derived keys. - */ - protected BaseKDFBytesGenerator( - int counterStart, - Digest digest) - { - this.counterStart = counterStart; - this.digest = digest; - } - - public void init( - DerivationParameters param) - { - if (param instanceof KDFParameters) - { - KDFParameters p = (KDFParameters)param; - - shared = p.getSharedSecret(); - iv = p.getIV(); - } - else if (param instanceof ISO18033KDFParameters) - { - ISO18033KDFParameters p = (ISO18033KDFParameters)param; - - shared = p.getSeed(); - iv = null; - } - else - { - throw new IllegalArgumentException("KDF parameters required for KDF2Generator"); - } - } - - /** - * return the underlying digest. - */ - public Digest getDigest() - { - return digest; - } - - /** - * fill len bytes of the output buffer with bytes generated from - * the derivation function. - * - * @throws IllegalArgumentException if the size of the request will cause an overflow. - * @throws DataLengthException if the out buffer is too small. - */ - public int generateBytes( - byte[] out, - int outOff, - int len) - throws DataLengthException, IllegalArgumentException - { - if ((out.length - len) < outOff) - { - throw new DataLengthException("output buffer too small"); - } - - long oBytes = len; - int outLen = digest.getDigestSize(); - - // - // this is at odds with the standard implementation, the - // maximum value should be hBits * (2^32 - 1) where hBits - // is the digest output size in bits. We can't have an - // array with a long index at the moment... - // - if (oBytes > ((2L << 32) - 1)) - { - throw new IllegalArgumentException("Output length too large"); - } - - int cThreshold = (int)((oBytes + outLen - 1) / outLen); - - byte[] dig = null; - - dig = new byte[digest.getDigestSize()]; - - int counter = counterStart; - - for (int i = 0; i < cThreshold; i++) - { - digest.update(shared, 0, shared.length); - - digest.update((byte)(counter >> 24)); - digest.update((byte)(counter >> 16)); - digest.update((byte)(counter >> 8)); - digest.update((byte)counter); - - if (iv != null) - { - digest.update(iv, 0, iv.length); - } - - digest.doFinal(dig, 0); - - if (len > outLen) - { - System.arraycopy(dig, 0, out, outOff, outLen); - outOff += outLen; - len -= outLen; - } - else - { - System.arraycopy(dig, 0, out, outOff, len); - } - - counter++; - } - - digest.reset(); - - return len; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/generators/DESKeyGenerator.java b/luni/src/main/java/org/bouncycastle/crypto/generators/DESKeyGenerator.java deleted file mode 100644 index bb3f6d0..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/generators/DESKeyGenerator.java +++ /dev/null @@ -1,23 +0,0 @@ -package org.bouncycastle.crypto.generators; - -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.params.DESParameters; - -public class DESKeyGenerator - extends CipherKeyGenerator -{ - public byte[] generateKey() - { - byte[] newKey = new byte[DESParameters.DES_KEY_LENGTH]; - - do - { - random.nextBytes(newKey); - - DESParameters.setOddParity(newKey); - } - while (DESParameters.isWeakKey(newKey, 0)); - - return newKey; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/generators/DESedeKeyGenerator.java b/luni/src/main/java/org/bouncycastle/crypto/generators/DESedeKeyGenerator.java deleted file mode 100644 index 101dc37..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/generators/DESedeKeyGenerator.java +++ /dev/null @@ -1,55 +0,0 @@ -package org.bouncycastle.crypto.generators; - -import org.bouncycastle.crypto.KeyGenerationParameters; -import org.bouncycastle.crypto.params.DESedeParameters; - -public class DESedeKeyGenerator - extends DESKeyGenerator -{ - /** - * initialise the key generator - if strength is set to zero - * the key generated will be 192 bits in size, otherwise - * strength can be 128 or 192 (or 112 or 168 if you don't count - * parity bits), depending on whether you wish to do 2-key or 3-key - * triple DES. - * - * @param param the parameters to be used for key generation - */ - public void init( - KeyGenerationParameters param) - { - super.init(param); - - if (strength == 0 || strength == (168 / 8)) - { - strength = DESedeParameters.DES_EDE_KEY_LENGTH; - } - else if (strength == (112 / 8)) - { - strength = 2 * DESedeParameters.DES_KEY_LENGTH; - } - else if (strength != DESedeParameters.DES_EDE_KEY_LENGTH - && strength != (2 * DESedeParameters.DES_KEY_LENGTH)) - { - throw new IllegalArgumentException("DESede key must be " - + (DESedeParameters.DES_EDE_KEY_LENGTH * 8) + " or " - + (2 * 8 * DESedeParameters.DES_KEY_LENGTH) - + " bits long."); - } - } - - public byte[] generateKey() - { - byte[] newKey = new byte[strength]; - - do - { - random.nextBytes(newKey); - - DESedeParameters.setOddParity(newKey); - } - while (DESedeParameters.isWeakKey(newKey, 0, newKey.length)); - - return newKey; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/generators/DHBasicKeyPairGenerator.java b/luni/src/main/java/org/bouncycastle/crypto/generators/DHBasicKeyPairGenerator.java deleted file mode 100644 index 213c052..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/generators/DHBasicKeyPairGenerator.java +++ /dev/null @@ -1,44 +0,0 @@ -package org.bouncycastle.crypto.generators; - -import java.math.BigInteger; - -import org.bouncycastle.crypto.AsymmetricCipherKeyPair; -import org.bouncycastle.crypto.AsymmetricCipherKeyPairGenerator; -import org.bouncycastle.crypto.KeyGenerationParameters; -import org.bouncycastle.crypto.params.DHKeyGenerationParameters; -import org.bouncycastle.crypto.params.DHParameters; -import org.bouncycastle.crypto.params.DHPrivateKeyParameters; -import org.bouncycastle.crypto.params.DHPublicKeyParameters; - -/** - * a basic Diffie-Helman key pair generator. - * - * This generates keys consistent for use with the basic algorithm for - * Diffie-Helman. - */ -public class DHBasicKeyPairGenerator - implements AsymmetricCipherKeyPairGenerator -{ - private DHKeyGeneratorHelper helper = DHKeyGeneratorHelper.INSTANCE; - private DHKeyGenerationParameters param; - - public void init( - KeyGenerationParameters param) - { - this.param = (DHKeyGenerationParameters)param; - } - - public AsymmetricCipherKeyPair generateKeyPair() - { - BigInteger p, x, y; - DHParameters dhParams = param.getParameters(); - - p = dhParams.getP(); - x = helper.calculatePrivate(p, param.getRandom(), dhParams.getJ()); - y = helper.calculatePublic(p, dhParams.getG(), x); - - return new AsymmetricCipherKeyPair( - new DHPublicKeyParameters(y, dhParams), - new DHPrivateKeyParameters(x, dhParams)); - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/generators/DHKeyGeneratorHelper.java b/luni/src/main/java/org/bouncycastle/crypto/generators/DHKeyGeneratorHelper.java deleted file mode 100644 index abbda43..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/generators/DHKeyGeneratorHelper.java +++ /dev/null @@ -1,68 +0,0 @@ -package org.bouncycastle.crypto.generators; - -import java.math.BigInteger; -import java.security.SecureRandom; - -class DHKeyGeneratorHelper -{ - private static final int MAX_ITERATIONS = 1000; - - static final DHKeyGeneratorHelper INSTANCE = new DHKeyGeneratorHelper(); - - private static BigInteger ZERO = BigInteger.valueOf(0); - private static BigInteger TWO = BigInteger.valueOf(2); - - private DHKeyGeneratorHelper() - { - } - - BigInteger calculatePrivate(BigInteger p, SecureRandom random, int limit) - { - // - // calculate the private key - // - BigInteger pSub2 = p.subtract(TWO); - BigInteger x; - - if (limit == 0) - { - x = createInRange(pSub2, random); - } - else - { - do - { - x = new BigInteger(limit, random); - } - while (x.equals(ZERO)); - } - - return x; - } - - private BigInteger createInRange(BigInteger max, SecureRandom random) - { - BigInteger x; - int maxLength = max.bitLength(); - int count = 0; - - do - { - x = new BigInteger(maxLength, random); - count++; - } - while ((x.equals(ZERO) || x.compareTo(max) > 0) && count != MAX_ITERATIONS); - - if (count == MAX_ITERATIONS) // fall back to a faster (restricted) method - { - return new BigInteger(maxLength - 1, random).setBit(0); - } - - return x; - } - - BigInteger calculatePublic(BigInteger p, BigInteger g, BigInteger x) - { - return g.modPow(x, p); - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/generators/DHKeyPairGenerator.java b/luni/src/main/java/org/bouncycastle/crypto/generators/DHKeyPairGenerator.java deleted file mode 100644 index 8c734cd..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/generators/DHKeyPairGenerator.java +++ /dev/null @@ -1,45 +0,0 @@ -package org.bouncycastle.crypto.generators; - -import java.math.BigInteger; - -import org.bouncycastle.crypto.AsymmetricCipherKeyPair; -import org.bouncycastle.crypto.AsymmetricCipherKeyPairGenerator; -import org.bouncycastle.crypto.KeyGenerationParameters; -import org.bouncycastle.crypto.params.DHKeyGenerationParameters; -import org.bouncycastle.crypto.params.DHParameters; -import org.bouncycastle.crypto.params.DHPrivateKeyParameters; -import org.bouncycastle.crypto.params.DHPublicKeyParameters; - -/** - * a Diffie-Helman key pair generator. - * - * This generates keys consistent for use in the MTI/A0 key agreement protocol - * as described in "Handbook of Applied Cryptography", Pages 516-519. - */ -public class DHKeyPairGenerator - implements AsymmetricCipherKeyPairGenerator -{ - private DHKeyGeneratorHelper helper = DHKeyGeneratorHelper.INSTANCE; - - private DHKeyGenerationParameters param; - - public void init( - KeyGenerationParameters param) - { - this.param = (DHKeyGenerationParameters)param; - } - - public AsymmetricCipherKeyPair generateKeyPair() - { - BigInteger p, x, y; - DHParameters dhParams = param.getParameters(); - - p = dhParams.getP(); - x = helper.calculatePrivate(p, param.getRandom(), dhParams.getJ()); - y = helper.calculatePublic(p, dhParams.getG(), x); - - return new AsymmetricCipherKeyPair( - new DHPublicKeyParameters(y, dhParams), - new DHPrivateKeyParameters(x, dhParams)); - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/generators/DHParametersGenerator.java b/luni/src/main/java/org/bouncycastle/crypto/generators/DHParametersGenerator.java deleted file mode 100644 index f3dff34..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/generators/DHParametersGenerator.java +++ /dev/null @@ -1,81 +0,0 @@ -package org.bouncycastle.crypto.generators; - -import java.math.BigInteger; -import java.security.SecureRandom; - -import org.bouncycastle.crypto.params.DHParameters; - -public class DHParametersGenerator -{ - private int size; - private int certainty; - private SecureRandom random; - - private static BigInteger ONE = BigInteger.valueOf(1); - private static BigInteger TWO = BigInteger.valueOf(2); - - /** - * Initialise the parameters generator. - * - * @param size bit length for the prime p - * @param certainty level of certainty for the prime number tests - * @param random a source of randomness - */ - public void init( - int size, - int certainty, - SecureRandom random) - { - this.size = size; - this.certainty = certainty; - this.random = random; - } - - /** - * which generates the p and g values from the given parameters, - * returning the DHParameters object. - * <p> - * Note: can take a while... - */ - public DHParameters generateParameters() - { - BigInteger g, p, q; - int qLength = size - 1; - - // - // find a safe prime p where p = 2*q + 1, where p and q are prime. - // - for (;;) - { - q = new BigInteger(qLength, certainty, random); - p = q.multiply(TWO).add(ONE); - if (p.isProbablePrime(certainty)) - { - break; - } - } - - // - // calculate the generator g - the advantage of using the 2q+1 - // approach is that we know the prime factorisation of (p - 1)... - // - for (;;) - { - g = new BigInteger(qLength, random); - - if (g.modPow(TWO, p).equals(ONE)) - { - continue; - } - - if (g.modPow(q, p).equals(ONE)) - { - continue; - } - - break; - } - - return new DHParameters(p, g, q, 2); - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/generators/DSAKeyPairGenerator.java b/luni/src/main/java/org/bouncycastle/crypto/generators/DSAKeyPairGenerator.java deleted file mode 100644 index e1a9655..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/generators/DSAKeyPairGenerator.java +++ /dev/null @@ -1,58 +0,0 @@ -package org.bouncycastle.crypto.generators; - -import java.math.BigInteger; -import java.security.SecureRandom; - -import org.bouncycastle.crypto.AsymmetricCipherKeyPair; -import org.bouncycastle.crypto.AsymmetricCipherKeyPairGenerator; -import org.bouncycastle.crypto.KeyGenerationParameters; -import org.bouncycastle.crypto.params.DSAKeyGenerationParameters; -import org.bouncycastle.crypto.params.DSAParameters; -import org.bouncycastle.crypto.params.DSAPrivateKeyParameters; -import org.bouncycastle.crypto.params.DSAPublicKeyParameters; - -/** - * a DSA key pair generator. - * - * This generates DSA keys in line with the method described - * in FIPS 186-2. - */ -public class DSAKeyPairGenerator - implements AsymmetricCipherKeyPairGenerator -{ - private static BigInteger ZERO = BigInteger.valueOf(0); - - private DSAKeyGenerationParameters param; - - public void init( - KeyGenerationParameters param) - { - this.param = (DSAKeyGenerationParameters)param; - } - - public AsymmetricCipherKeyPair generateKeyPair() - { - BigInteger p, q, g, x, y; - DSAParameters dsaParams = param.getParameters(); - SecureRandom random = param.getRandom(); - - q = dsaParams.getQ(); - p = dsaParams.getP(); - g = dsaParams.getG(); - - do - { - x = new BigInteger(160, random); - } - while (x.equals(ZERO) || x.compareTo(q) >= 0); - - // - // calculate the public key. - // - y = g.modPow(x, p); - - return new AsymmetricCipherKeyPair( - new DSAPublicKeyParameters(y, dsaParams), - new DSAPrivateKeyParameters(x, dsaParams)); - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java b/luni/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java deleted file mode 100644 index 4996b1e..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java +++ /dev/null @@ -1,178 +0,0 @@ -package org.bouncycastle.crypto.generators; - -import java.math.BigInteger; -import java.security.SecureRandom; - -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.params.DSAParameters; -import org.bouncycastle.crypto.params.DSAValidationParameters; - -/** - * generate suitable parameters for DSA, in line with FIPS 186-2. - */ -public class DSAParametersGenerator -{ - private int size; - private int certainty; - private SecureRandom random; - - private static BigInteger ONE = BigInteger.valueOf(1); - private static BigInteger TWO = BigInteger.valueOf(2); - - /** - * initialise the key generator. - * - * @param size size of the key (range 2^512 -> 2^1024 - 64 bit increments) - * @param certainty measure of robustness of prime (for FIPS 186-2 compliance this should be at least 80). - * @param random random byte source. - */ - public void init( - int size, - int certainty, - SecureRandom random) - { - this.size = size; - this.certainty = certainty; - this.random = random; - } - - /** - * add value to b, returning the result in a. The a value is treated - * as a BigInteger of length (a.length * 8) bits. The result is - * modulo 2^a.length in case of overflow. - */ - private void add( - byte[] a, - byte[] b, - int value) - { - int x = (b[b.length - 1] & 0xff) + value; - - a[b.length - 1] = (byte)x; - x >>>= 8; - - for (int i = b.length - 2; i >= 0; i--) - { - x += (b[i] & 0xff); - a[i] = (byte)x; - x >>>= 8; - } - } - - /** - * which generates the p and g values from the given parameters, - * returning the DSAParameters object. - * <p> - * Note: can take a while... - */ - public DSAParameters generateParameters() - { - byte[] seed = new byte[20]; - byte[] part1 = new byte[20]; - byte[] part2 = new byte[20]; - byte[] u = new byte[20]; - SHA1Digest sha1 = new SHA1Digest(); - int n = (size - 1) / 160; - byte[] w = new byte[size / 8]; - - BigInteger q = null, p = null, g = null; - int counter = 0; - boolean primesFound = false; - - while (!primesFound) - { - do - { - random.nextBytes(seed); - - sha1.update(seed, 0, seed.length); - - sha1.doFinal(part1, 0); - - System.arraycopy(seed, 0, part2, 0, seed.length); - - add(part2, seed, 1); - - sha1.update(part2, 0, part2.length); - - sha1.doFinal(part2, 0); - - for (int i = 0; i != u.length; i++) - { - u[i] = (byte)(part1[i] ^ part2[i]); - } - - u[0] |= (byte)0x80; - u[19] |= (byte)0x01; - - q = new BigInteger(1, u); - } - while (!q.isProbablePrime(certainty)); - - counter = 0; - - int offset = 2; - - while (counter < 4096) - { - for (int k = 0; k < n; k++) - { - add(part1, seed, offset + k); - sha1.update(part1, 0, part1.length); - sha1.doFinal(part1, 0); - System.arraycopy(part1, 0, w, w.length - (k + 1) * part1.length, part1.length); - } - - add(part1, seed, offset + n); - sha1.update(part1, 0, part1.length); - sha1.doFinal(part1, 0); - System.arraycopy(part1, part1.length - ((w.length - (n) * part1.length)), w, 0, w.length - n * part1.length); - - w[0] |= (byte)0x80; - - BigInteger x = new BigInteger(1, w); - - BigInteger c = x.mod(q.multiply(TWO)); - - p = x.subtract(c.subtract(ONE)); - - if (p.testBit(size - 1)) - { - if (p.isProbablePrime(certainty)) - { - primesFound = true; - break; - } - } - - counter += 1; - offset += n + 1; - } - } - - // - // calculate the generator g - // - BigInteger pMinusOneOverQ = p.subtract(ONE).divide(q); - - for (;;) - { - BigInteger h = new BigInteger(size, random); - - if (h.compareTo(ONE) <= 0 || h.compareTo(p.subtract(ONE)) >= 0) - { - continue; - } - - g = h.modPow(pMinusOneOverQ, p); - if (g.compareTo(ONE) <= 0) - { - continue; - } - - break; - } - - return new DSAParameters(p, q, g, new DSAValidationParameters(seed, counter)); - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/generators/KDF1BytesGenerator.java b/luni/src/main/java/org/bouncycastle/crypto/generators/KDF1BytesGenerator.java deleted file mode 100644 index 7789b7b..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/generators/KDF1BytesGenerator.java +++ /dev/null @@ -1,23 +0,0 @@ -package org.bouncycastle.crypto.generators; - -import org.bouncycastle.crypto.Digest; - -/** - * KDF1 generator for derived keys and ivs as defined by IEEE P1363a/ISO 18033 - * <br> - * This implementation is based on ISO 18033/IEEE P1363a. - */ -public class KDF1BytesGenerator - extends BaseKDFBytesGenerator -{ - /** - * Construct a KDF1 byte generator. - * <p> - * @param digest the digest to be used as the source of derived keys. - */ - public KDF1BytesGenerator( - Digest digest) - { - super(0, digest); - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/generators/KDF2BytesGenerator.java b/luni/src/main/java/org/bouncycastle/crypto/generators/KDF2BytesGenerator.java deleted file mode 100644 index cab05ac..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/generators/KDF2BytesGenerator.java +++ /dev/null @@ -1,24 +0,0 @@ -package org.bouncycastle.crypto.generators; - -import org.bouncycastle.crypto.Digest; - -/** - * KFD2 generator for derived keys and ivs as defined by IEEE P1363a/ISO 18033 - * <br> - * This implementation is based on IEEE P1363/ISO 18033. - */ -public class KDF2BytesGenerator - extends BaseKDFBytesGenerator -{ - /** - * Construct a KDF2 bytes generator. Generates key material - * according to IEEE P1363 or ISO 18033 depending on the initialisation. - * <p> - * @param digest the digest to be used as the source of derived keys. - */ - public KDF2BytesGenerator( - Digest digest) - { - super(1, digest); - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/generators/MGF1BytesGenerator.java b/luni/src/main/java/org/bouncycastle/crypto/generators/MGF1BytesGenerator.java deleted file mode 100644 index e93c0d7..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/generators/MGF1BytesGenerator.java +++ /dev/null @@ -1,114 +0,0 @@ -package org.bouncycastle.crypto.generators; - -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.DerivationFunction; -import org.bouncycastle.crypto.DerivationParameters; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.params.MGFParameters; - -/** - * Generator for MGF1 as defined in PKCS 1v2 - */ -public class MGF1BytesGenerator - implements DerivationFunction -{ - private Digest digest; - private byte[] seed; - private int hLen; - - /** - * @param digest the digest to be used as the source of generated bytes - */ - public MGF1BytesGenerator( - Digest digest) - { - this.digest = digest; - this.hLen = digest.getDigestSize(); - } - - public void init( - DerivationParameters param) - { - if (!(param instanceof MGFParameters)) - { - throw new IllegalArgumentException("MGF parameters required for MGF1Generator"); - } - - MGFParameters p = (MGFParameters)param; - - seed = p.getSeed(); - } - - /** - * return the underlying digest. - */ - public Digest getDigest() - { - return digest; - } - - /** - * int to octet string. - */ - private void ItoOSP( - int i, - byte[] sp) - { - sp[0] = (byte)(i >>> 24); - sp[1] = (byte)(i >>> 16); - sp[2] = (byte)(i >>> 8); - sp[3] = (byte)(i >>> 0); - } - - /** - * fill len bytes of the output buffer with bytes generated from - * the derivation function. - * - * @throws DataLengthException if the out buffer is too small. - */ - public int generateBytes( - byte[] out, - int outOff, - int len) - throws DataLengthException, IllegalArgumentException - { - if ((out.length - len) < outOff) - { - throw new DataLengthException("output buffer too small"); - } - - byte[] hashBuf = new byte[hLen]; - byte[] C = new byte[4]; - int counter = 0; - - digest.reset(); - - if (len > hLen) - { - do - { - ItoOSP(counter, C); - - digest.update(seed, 0, seed.length); - digest.update(C, 0, C.length); - digest.doFinal(hashBuf, 0); - - System.arraycopy(hashBuf, 0, out, outOff + counter * hLen, hLen); - } - while (++counter < (len / hLen)); - } - - if ((counter * hLen) < len) - { - ItoOSP(counter, C); - - digest.update(seed, 0, seed.length); - digest.update(C, 0, C.length); - digest.doFinal(hashBuf, 0); - - System.arraycopy(hashBuf, 0, out, outOff + counter * hLen, len - (counter * hLen)); - } - - return len; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java b/luni/src/main/java/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java deleted file mode 100644 index 8a4d28a..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java +++ /dev/null @@ -1,131 +0,0 @@ -package org.bouncycastle.crypto.generators; - -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.PBEParametersGenerator; -import org.bouncycastle.crypto.digests.MD5Digest; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; - -/** - * Generator for PBE derived keys and ivs as usd by OpenSSL. - * <p> - * The scheme is a simple extension of PKCS 5 V2.0 Scheme 1 using MD5 with an - * iteration count of 1. - * <p> - */ -public class OpenSSLPBEParametersGenerator - extends PBEParametersGenerator -{ - private Digest digest = new MD5Digest(); - - /** - * Construct a OpenSSL Parameters generator. - */ - public OpenSSLPBEParametersGenerator() - { - } - - /** - * Initialise - note the iteration count for this algorithm is fixed at 1. - * - * @param password password to use. - * @param salt salt to use. - */ - public void init( - byte[] password, - byte[] salt) - { - super.init(password, salt, 1); - } - - /** - * the derived key function, the ith hash of the password and the salt. - */ - private byte[] generateDerivedKey( - int bytesNeeded) - { - byte[] buf = new byte[digest.getDigestSize()]; - byte[] key = new byte[bytesNeeded]; - int offset = 0; - - for (;;) - { - digest.update(password, 0, password.length); - digest.update(salt, 0, salt.length); - - digest.doFinal(buf, 0); - - int len = (bytesNeeded > buf.length) ? buf.length : bytesNeeded; - System.arraycopy(buf, 0, key, offset, len); - offset += len; - - // check if we need any more - bytesNeeded -= len; - if (bytesNeeded == 0) - { - break; - } - - // do another round - digest.reset(); - digest.update(buf, 0, buf.length); - } - - return key; - } - - /** - * Generate a key parameter derived from the password, salt, and iteration - * count we are currently initialised with. - * - * @param keySize the size of the key we want (in bits) - * @return a KeyParameter object. - * @exception IllegalArgumentException if the key length larger than the base hash size. - */ - public CipherParameters generateDerivedParameters( - int keySize) - { - keySize = keySize / 8; - - byte[] dKey = generateDerivedKey(keySize); - - return new KeyParameter(dKey, 0, keySize); - } - - /** - * Generate a key with initialisation vector parameter derived from - * the password, salt, and iteration count we are currently initialised - * with. - * - * @param keySize the size of the key we want (in bits) - * @param ivSize the size of the iv we want (in bits) - * @return a ParametersWithIV object. - * @exception IllegalArgumentException if keySize + ivSize is larger than the base hash size. - */ - public CipherParameters generateDerivedParameters( - int keySize, - int ivSize) - { - keySize = keySize / 8; - ivSize = ivSize / 8; - - byte[] dKey = generateDerivedKey(keySize + ivSize); - - return new ParametersWithIV(new KeyParameter(dKey, 0, keySize), dKey, keySize, ivSize); - } - - /** - * Generate a key parameter for use with a MAC derived from the password, - * salt, and iteration count we are currently initialised with. - * - * @param keySize the size of the key we want (in bits) - * @return a KeyParameter object. - * @exception IllegalArgumentException if the key length larger than the base hash size. - */ - public CipherParameters generateDerivedMacParameters( - int keySize) - { - return generateDerivedParameters(keySize); - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/generators/PKCS12ParametersGenerator.java b/luni/src/main/java/org/bouncycastle/crypto/generators/PKCS12ParametersGenerator.java deleted file mode 100644 index bf2f368..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/generators/PKCS12ParametersGenerator.java +++ /dev/null @@ -1,221 +0,0 @@ -package org.bouncycastle.crypto.generators; - -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.ExtendedDigest; -import org.bouncycastle.crypto.PBEParametersGenerator; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; - -/** - * Generator for PBE derived keys and ivs as defined by PKCS 12 V1.0. - * <p> - * The document this implementation is based on can be found at - * <a href=http://www.rsasecurity.com/rsalabs/pkcs/pkcs-12/index.html> - * RSA's PKCS12 Page</a> - */ -public class PKCS12ParametersGenerator - extends PBEParametersGenerator -{ - public static final int KEY_MATERIAL = 1; - public static final int IV_MATERIAL = 2; - public static final int MAC_MATERIAL = 3; - - private Digest digest; - - private int u; - private int v; - - /** - * Construct a PKCS 12 Parameters generator. This constructor will - * accept any digest which also implements ExtendedDigest. - * - * @param digest the digest to be used as the source of derived keys. - * @exception IllegalArgumentException if an unknown digest is passed in. - */ - public PKCS12ParametersGenerator( - Digest digest) - { - this.digest = digest; - if (digest instanceof ExtendedDigest) - { - u = digest.getDigestSize(); - v = ((ExtendedDigest)digest).getByteLength(); - } - else - { - throw new IllegalArgumentException("Digest " + digest.getAlgorithmName() + " unsupported"); - } - } - - /** - * add a + b + 1, returning the result in a. The a value is treated - * as a BigInteger of length (b.length * 8) bits. The result is - * modulo 2^b.length in case of overflow. - */ - private void adjust( - byte[] a, - int aOff, - byte[] b) - { - int x = (b[b.length - 1] & 0xff) + (a[aOff + b.length - 1] & 0xff) + 1; - - a[aOff + b.length - 1] = (byte)x; - x >>>= 8; - - for (int i = b.length - 2; i >= 0; i--) - { - x += (b[i] & 0xff) + (a[aOff + i] & 0xff); - a[aOff + i] = (byte)x; - x >>>= 8; - } - } - - /** - * generation of a derived key ala PKCS12 V1.0. - */ - private byte[] generateDerivedKey( - int idByte, - int n) - { - byte[] D = new byte[v]; - byte[] dKey = new byte[n]; - - for (int i = 0; i != D.length; i++) - { - D[i] = (byte)idByte; - } - - byte[] S; - - if ((salt != null) && (salt.length != 0)) - { - S = new byte[v * ((salt.length + v - 1) / v)]; - - for (int i = 0; i != S.length; i++) - { - S[i] = salt[i % salt.length]; - } - } - else - { - S = new byte[0]; - } - - byte[] P; - - if ((password != null) && (password.length != 0)) - { - P = new byte[v * ((password.length + v - 1) / v)]; - - for (int i = 0; i != P.length; i++) - { - P[i] = password[i % password.length]; - } - } - else - { - P = new byte[0]; - } - - byte[] I = new byte[S.length + P.length]; - - System.arraycopy(S, 0, I, 0, S.length); - System.arraycopy(P, 0, I, S.length, P.length); - - byte[] B = new byte[v]; - int c = (n + u - 1) / u; - - for (int i = 1; i <= c; i++) - { - byte[] A = new byte[u]; - - digest.update(D, 0, D.length); - digest.update(I, 0, I.length); - digest.doFinal(A, 0); - for (int j = 1; j != iterationCount; j++) - { - digest.update(A, 0, A.length); - digest.doFinal(A, 0); - } - - for (int j = 0; j != B.length; j++) - { - B[j] = A[j % A.length]; - } - - for (int j = 0; j != I.length / v; j++) - { - adjust(I, j * v, B); - } - - if (i == c) - { - System.arraycopy(A, 0, dKey, (i - 1) * u, dKey.length - ((i - 1) * u)); - } - else - { - System.arraycopy(A, 0, dKey, (i - 1) * u, A.length); - } - } - - return dKey; - } - - /** - * Generate a key parameter derived from the password, salt, and iteration - * count we are currently initialised with. - * - * @param keySize the size of the key we want (in bits) - * @return a KeyParameter object. - */ - public CipherParameters generateDerivedParameters( - int keySize) - { - keySize = keySize / 8; - - byte[] dKey = generateDerivedKey(KEY_MATERIAL, keySize); - - return new KeyParameter(dKey, 0, keySize); - } - - /** - * Generate a key with initialisation vector parameter derived from - * the password, salt, and iteration count we are currently initialised - * with. - * - * @param keySize the size of the key we want (in bits) - * @param ivSize the size of the iv we want (in bits) - * @return a ParametersWithIV object. - */ - public CipherParameters generateDerivedParameters( - int keySize, - int ivSize) - { - keySize = keySize / 8; - ivSize = ivSize / 8; - - byte[] dKey = generateDerivedKey(KEY_MATERIAL, keySize); - - byte[] iv = generateDerivedKey(IV_MATERIAL, ivSize); - - return new ParametersWithIV(new KeyParameter(dKey, 0, keySize), iv, 0, ivSize); - } - - /** - * Generate a key parameter for use with a MAC derived from the password, - * salt, and iteration count we are currently initialised with. - * - * @param keySize the size of the key we want (in bits) - * @return a KeyParameter object. - */ - public CipherParameters generateDerivedMacParameters( - int keySize) - { - keySize = keySize / 8; - - byte[] dKey = generateDerivedKey(MAC_MATERIAL, keySize); - - return new KeyParameter(dKey, 0, keySize); - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/generators/PKCS5S1ParametersGenerator.java b/luni/src/main/java/org/bouncycastle/crypto/generators/PKCS5S1ParametersGenerator.java deleted file mode 100644 index 1c62ecc..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/generators/PKCS5S1ParametersGenerator.java +++ /dev/null @@ -1,119 +0,0 @@ -package org.bouncycastle.crypto.generators; - -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.PBEParametersGenerator; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; - -/** - * Generator for PBE derived keys and ivs as defined by PKCS 5 V2.0 Scheme 1. - * Note this generator is limited to the size of the hash produced by the - * digest used to drive it. - * <p> - * The document this implementation is based on can be found at - * <a href=http://www.rsasecurity.com/rsalabs/pkcs/pkcs-5/index.html> - * RSA's PKCS5 Page</a> - */ -public class PKCS5S1ParametersGenerator - extends PBEParametersGenerator -{ - private Digest digest; - - /** - * Construct a PKCS 5 Scheme 1 Parameters generator. - * - * @param digest the digest to be used as the source of derived keys. - */ - public PKCS5S1ParametersGenerator( - Digest digest) - { - this.digest = digest; - } - - /** - * the derived key function, the ith hash of the password and the salt. - */ - private byte[] generateDerivedKey() - { - byte[] digestBytes = new byte[digest.getDigestSize()]; - - digest.update(password, 0, password.length); - digest.update(salt, 0, salt.length); - - digest.doFinal(digestBytes, 0); - for (int i = 1; i < iterationCount; i++) - { - digest.update(digestBytes, 0, digestBytes.length); - digest.doFinal(digestBytes, 0); - } - - return digestBytes; - } - - /** - * Generate a key parameter derived from the password, salt, and iteration - * count we are currently initialised with. - * - * @param keySize the size of the key we want (in bits) - * @return a KeyParameter object. - * @exception IllegalArgumentException if the key length larger than the base hash size. - */ - public CipherParameters generateDerivedParameters( - int keySize) - { - keySize = keySize / 8; - - if (keySize > digest.getDigestSize()) - { - throw new IllegalArgumentException( - "Can't generate a derived key " + keySize + " bytes long."); - } - - byte[] dKey = generateDerivedKey(); - - return new KeyParameter(dKey, 0, keySize); - } - - /** - * Generate a key with initialisation vector parameter derived from - * the password, salt, and iteration count we are currently initialised - * with. - * - * @param keySize the size of the key we want (in bits) - * @param ivSize the size of the iv we want (in bits) - * @return a ParametersWithIV object. - * @exception IllegalArgumentException if keySize + ivSize is larger than the base hash size. - */ - public CipherParameters generateDerivedParameters( - int keySize, - int ivSize) - { - keySize = keySize / 8; - ivSize = ivSize / 8; - - if ((keySize + ivSize) > digest.getDigestSize()) - { - throw new IllegalArgumentException( - "Can't generate a derived key " + (keySize + ivSize) + " bytes long."); - } - - byte[] dKey = generateDerivedKey(); - - return new ParametersWithIV(new KeyParameter(dKey, 0, keySize), dKey, keySize, ivSize); - } - - /** - * Generate a key parameter for use with a MAC derived from the password, - * salt, and iteration count we are currently initialised with. - * - * @param keySize the size of the key we want (in bits) - * @return a KeyParameter object. - * @exception IllegalArgumentException if the key length larger than the base hash size. - */ - public CipherParameters generateDerivedMacParameters( - int keySize) - { - return generateDerivedParameters(keySize); - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java b/luni/src/main/java/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java deleted file mode 100644 index 9b4972d..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java +++ /dev/null @@ -1,151 +0,0 @@ -package org.bouncycastle.crypto.generators; - -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.Mac; -import org.bouncycastle.crypto.PBEParametersGenerator; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.macs.HMac; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; - -/** - * Generator for PBE derived keys and ivs as defined by PKCS 5 V2.0 Scheme 2. - * This generator uses a SHA-1 HMac as the calculation function. - * <p> - * The document this implementation is based on can be found at - * <a href=http://www.rsasecurity.com/rsalabs/pkcs/pkcs-5/index.html> - * RSA's PKCS5 Page</a> - */ -public class PKCS5S2ParametersGenerator - extends PBEParametersGenerator -{ - private Mac hMac = new HMac(new SHA1Digest()); - - /** - * construct a PKCS5 Scheme 2 Parameters generator. - */ - public PKCS5S2ParametersGenerator() - { - } - - private void F( - byte[] P, - byte[] S, - int c, - byte[] iBuf, - byte[] out, - int outOff) - { - byte[] state = new byte[hMac.getMacSize()]; - CipherParameters param = new KeyParameter(P); - - hMac.init(param); - - if (S != null) - { - hMac.update(S, 0, S.length); - } - - hMac.update(iBuf, 0, iBuf.length); - - hMac.doFinal(state, 0); - - System.arraycopy(state, 0, out, outOff, state.length); - - if (c == 0) - { - throw new IllegalArgumentException("iteration count must be at least 1."); - } - - for (int count = 1; count < c; count++) - { - hMac.init(param); - hMac.update(state, 0, state.length); - hMac.doFinal(state, 0); - - for (int j = 0; j != state.length; j++) - { - out[outOff + j] ^= state[j]; - } - } - } - - private void intToOctet( - byte[] buf, - int i) - { - buf[0] = (byte)(i >>> 24); - buf[1] = (byte)(i >>> 16); - buf[2] = (byte)(i >>> 8); - buf[3] = (byte)i; - } - - private byte[] generateDerivedKey( - int dkLen) - { - int hLen = hMac.getMacSize(); - int l = (dkLen + hLen - 1) / hLen; - byte[] iBuf = new byte[4]; - byte[] out = new byte[l * hLen]; - - for (int i = 1; i <= l; i++) - { - intToOctet(iBuf, i); - - F(password, salt, iterationCount, iBuf, out, (i - 1) * hLen); - } - - return out; - } - - /** - * Generate a key parameter derived from the password, salt, and iteration - * count we are currently initialised with. - * - * @param keySize the size of the key we want (in bits) - * @return a KeyParameter object. - */ - public CipherParameters generateDerivedParameters( - int keySize) - { - keySize = keySize / 8; - - byte[] dKey = generateDerivedKey(keySize); - - return new KeyParameter(dKey, 0, keySize); - } - - /** - * Generate a key with initialisation vector parameter derived from - * the password, salt, and iteration count we are currently initialised - * with. - * - * @param keySize the size of the key we want (in bits) - * @param ivSize the size of the iv we want (in bits) - * @return a ParametersWithIV object. - */ - public CipherParameters generateDerivedParameters( - int keySize, - int ivSize) - { - keySize = keySize / 8; - ivSize = ivSize / 8; - - byte[] dKey = generateDerivedKey(keySize + ivSize); - - return new ParametersWithIV(new KeyParameter(dKey, 0, keySize), dKey, keySize, ivSize); - } - - /** - * Generate a key parameter for use with a MAC derived from the password, - * salt, and iteration count we are currently initialised with. - * - * @param keySize the size of the key we want (in bits) - * @return a KeyParameter object. - */ - public CipherParameters generateDerivedMacParameters( - int keySize) - { - return generateDerivedParameters(keySize); - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java b/luni/src/main/java/org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java deleted file mode 100644 index b881104..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java +++ /dev/null @@ -1,142 +0,0 @@ -package org.bouncycastle.crypto.generators; - -import java.math.BigInteger; - -import org.bouncycastle.crypto.AsymmetricCipherKeyPair; -import org.bouncycastle.crypto.AsymmetricCipherKeyPairGenerator; -import org.bouncycastle.crypto.KeyGenerationParameters; -import org.bouncycastle.crypto.params.RSAKeyGenerationParameters; -import org.bouncycastle.crypto.params.RSAKeyParameters; -import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters; - -/** - * an RSA key pair generator. - */ -public class RSAKeyPairGenerator - implements AsymmetricCipherKeyPairGenerator -{ - private static BigInteger ONE = BigInteger.valueOf(1); - - private RSAKeyGenerationParameters param; - - public void init( - KeyGenerationParameters param) - { - this.param = (RSAKeyGenerationParameters)param; - } - - public AsymmetricCipherKeyPair generateKeyPair() - { - BigInteger p, q, n, d, e, pSub1, qSub1, phi; - - // - // p and q values should have a length of half the strength in bits - // - int pbitlength = (param.getStrength() + 1) / 2; - int qbitlength = (param.getStrength() - pbitlength); - - e = param.getPublicExponent(); - - // - // generate p, prime and (p-1) relatively prime to e - // - for (;;) - { - p = new BigInteger(pbitlength, 1, param.getRandom()); - - if (p.mod(e).equals(ONE)) - { - continue; - } - - if (!p.isProbablePrime(param.getCertainty())) - { - continue; - } - - if (e.gcd(p.subtract(ONE)).equals(ONE)) - { - break; - } - } - - // - // generate a modulus of the required length - // - for (;;) - { - // generate q, prime and (q-1) relatively prime to e, - // and not equal to p - // - for (;;) - { - q = new BigInteger(qbitlength, 1, param.getRandom()); - - if (q.equals(p)) - { - continue; - } - - if (q.mod(e).equals(ONE)) - { - continue; - } - - if (!q.isProbablePrime(param.getCertainty())) - { - continue; - } - - if (e.gcd(q.subtract(ONE)).equals(ONE)) - { - break; - } - } - - // - // calculate the modulus - // - n = p.multiply(q); - - if (n.bitLength() == param.getStrength()) - { - break; - } - - // - // if we get here our primes aren't big enough, make the largest - // of the two p and try again - // - p = p.max(q); - } - - if (p.compareTo(q) < 0) - { - phi = p; - p = q; - q = phi; - } - - pSub1 = p.subtract(ONE); - qSub1 = q.subtract(ONE); - phi = pSub1.multiply(qSub1); - - // - // calculate the private exponent - // - d = e.modInverse(phi); - - // - // calculate the CRT factors - // - BigInteger dP, dQ, qInv; - - dP = d.remainder(pSub1); - dQ = d.remainder(qSub1); - qInv = q.modInverse(p); - - return new AsymmetricCipherKeyPair( - new RSAKeyParameters(false, n, e), - new RSAPrivateCrtKeyParameters(n, e, d, p, q, dP, dQ, qInv)); - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/io/DigestInputStream.java b/luni/src/main/java/org/bouncycastle/crypto/io/DigestInputStream.java deleted file mode 100644 index ef0b03e..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/io/DigestInputStream.java +++ /dev/null @@ -1,52 +0,0 @@ -package org.bouncycastle.crypto.io; - -import java.io.FilterInputStream; -import java.io.IOException; -import java.io.InputStream; - -import org.bouncycastle.crypto.Digest; - -public class DigestInputStream - extends FilterInputStream -{ - protected Digest digest; - - public DigestInputStream( - InputStream stream, - Digest digest) - { - super(stream); - this.digest = digest; - } - - public int read() - throws IOException - { - int b = in.read(); - - if (b >= 0) - { - digest.update((byte)b); - } - return b; - } - - public int read( - byte[] b, - int off, - int len) - throws IOException - { - int n = in.read(b, off, len); - if (n > 0) - { - digest.update(b, off, n); - } - return n; - } - - public Digest getDigest() - { - return digest; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/io/DigestOutputStream.java b/luni/src/main/java/org/bouncycastle/crypto/io/DigestOutputStream.java deleted file mode 100644 index 2907954..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/io/DigestOutputStream.java +++ /dev/null @@ -1,43 +0,0 @@ -package org.bouncycastle.crypto.io; - -import java.io.FilterOutputStream; -import java.io.IOException; -import java.io.OutputStream; - -import org.bouncycastle.crypto.Digest; - -public class DigestOutputStream - extends FilterOutputStream -{ - protected Digest digest; - - public DigestOutputStream( - OutputStream stream, - Digest digest) - { - super(stream); - this.digest = digest; - } - - public void write(int b) - throws IOException - { - digest.update((byte)b); - out.write(b); - } - - public void write( - byte[] b, - int off, - int len) - throws IOException - { - digest.update(b, off, len); - out.write(b, off, len); - } - - public Digest getDigest() - { - return digest; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/io/MacInputStream.java b/luni/src/main/java/org/bouncycastle/crypto/io/MacInputStream.java deleted file mode 100644 index b78548c..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/io/MacInputStream.java +++ /dev/null @@ -1,52 +0,0 @@ -package org.bouncycastle.crypto.io; - -import java.io.FilterInputStream; -import java.io.IOException; -import java.io.InputStream; - -import org.bouncycastle.crypto.Mac; - -public class MacInputStream - extends FilterInputStream -{ - protected Mac mac; - - public MacInputStream( - InputStream stream, - Mac mac) - { - super(stream); - this.mac = mac; - } - - public int read() - throws IOException - { - int b = in.read(); - - if (b >= 0) - { - mac.update((byte)b); - } - return b; - } - - public int read( - byte[] b, - int off, - int len) - throws IOException - { - int n = in.read(b, off, len); - if (n >= 0) - { - mac.update(b, off, n); - } - return n; - } - - public Mac getMac() - { - return mac; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/io/MacOutputStream.java b/luni/src/main/java/org/bouncycastle/crypto/io/MacOutputStream.java deleted file mode 100644 index 2cac1c3..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/io/MacOutputStream.java +++ /dev/null @@ -1,44 +0,0 @@ -package org.bouncycastle.crypto.io; - -import java.io.FilterOutputStream; -import java.io.IOException; -import java.io.OutputStream; - -import org.bouncycastle.crypto.Mac; - -public class MacOutputStream - extends FilterOutputStream -{ - protected Mac mac; - - public MacOutputStream( - OutputStream stream, - Mac mac) - { - super(stream); - this.mac = mac; - } - - public void write(int b) - throws IOException - { - mac.update((byte)b); - out.write(b); - } - - public void write( - byte[] b, - int off, - int len) - throws IOException - { - mac.update(b, off, len); - out.write(b, off, len); - } - - public Mac getMac() - { - return mac; - } -} - diff --git a/luni/src/main/java/org/bouncycastle/crypto/macs/BlockCipherMac.java b/luni/src/main/java/org/bouncycastle/crypto/macs/BlockCipherMac.java deleted file mode 100644 index b0f3c0b..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/macs/BlockCipherMac.java +++ /dev/null @@ -1,176 +0,0 @@ -package org.bouncycastle.crypto.macs; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.Mac; -import org.bouncycastle.crypto.modes.CBCBlockCipher; - -public class BlockCipherMac - implements Mac -{ - private byte[] mac; - - private byte[] buf; - private int bufOff; - private BlockCipher cipher; - - private int macSize; - - /** - * create a standard MAC based on a block cipher. This will produce an - * authentication code half the length of the block size of the cipher. - * - * @param cipher the cipher to be used as the basis of the MAC generation. - * @deprecated use CBCBlockCipherMac - */ - public BlockCipherMac( - BlockCipher cipher) - { - this(cipher, (cipher.getBlockSize() * 8) / 2); - } - - /** - * create a standard MAC based on a block cipher with the size of the - * MAC been given in bits. - * <p> - * Note: the size of the MAC must be at least 16 bits (FIPS Publication 113), - * and in general should be less than the size of the block cipher as it reduces - * the chance of an exhaustive attack (see Handbook of Applied Cryptography). - * - * @param cipher the cipher to be used as the basis of the MAC generation. - * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8. - * @deprecated use CBCBlockCipherMac - */ - public BlockCipherMac( - BlockCipher cipher, - int macSizeInBits) - { - if ((macSizeInBits % 8) != 0) - { - throw new IllegalArgumentException("MAC size must be multiple of 8"); - } - - this.cipher = new CBCBlockCipher(cipher); - this.macSize = macSizeInBits / 8; - - mac = new byte[cipher.getBlockSize()]; - - buf = new byte[cipher.getBlockSize()]; - bufOff = 0; - } - - public String getAlgorithmName() - { - return cipher.getAlgorithmName(); - } - - public void init( - CipherParameters params) - { - reset(); - - cipher.init(true, params); - } - - public int getMacSize() - { - return macSize; - } - - public void update( - byte in) - { - int resultLen = 0; - - if (bufOff == buf.length) - { - resultLen = cipher.processBlock(buf, 0, mac, 0); - bufOff = 0; - } - - buf[bufOff++] = in; - } - - public void update( - byte[] in, - int inOff, - int len) - { - if (len < 0) - { - throw new IllegalArgumentException("Can't have a negative input length!"); - } - - int blockSize = cipher.getBlockSize(); - int resultLen = 0; - int gapLen = blockSize - bufOff; - - if (len > gapLen) - { - System.arraycopy(in, inOff, buf, bufOff, gapLen); - - resultLen += cipher.processBlock(buf, 0, mac, 0); - - bufOff = 0; - len -= gapLen; - inOff += gapLen; - - while (len > blockSize) - { - resultLen += cipher.processBlock(in, inOff, mac, 0); - - len -= blockSize; - inOff += blockSize; - } - } - - System.arraycopy(in, inOff, buf, bufOff, len); - - bufOff += len; - } - - public int doFinal( - byte[] out, - int outOff) - { - int blockSize = cipher.getBlockSize(); - - // - // pad with zeroes - // - while (bufOff < blockSize) - { - buf[bufOff] = 0; - bufOff++; - } - - cipher.processBlock(buf, 0, mac, 0); - - System.arraycopy(mac, 0, out, outOff, macSize); - - reset(); - - return macSize; - } - - /** - * Reset the mac generator. - */ - public void reset() - { - /* - * clean the buffer. - */ - for (int i = 0; i < buf.length; i++) - { - buf[i] = 0; - } - - bufOff = 0; - - /* - * reset the underlying cipher. - */ - cipher.reset(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/macs/CBCBlockCipherMac.java b/luni/src/main/java/org/bouncycastle/crypto/macs/CBCBlockCipherMac.java deleted file mode 100644 index e283df2..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/macs/CBCBlockCipherMac.java +++ /dev/null @@ -1,232 +0,0 @@ -package org.bouncycastle.crypto.macs; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.Mac; -import org.bouncycastle.crypto.modes.CBCBlockCipher; -import org.bouncycastle.crypto.paddings.BlockCipherPadding; - -/** - * standard CBC Block Cipher MAC - if no padding is specified the default of - * pad of zeroes is used. - */ -public class CBCBlockCipherMac - implements Mac -{ - private byte[] mac; - - private byte[] buf; - private int bufOff; - private BlockCipher cipher; - private BlockCipherPadding padding; - - private int macSize; - - /** - * create a standard MAC based on a CBC block cipher. This will produce an - * authentication code half the length of the block size of the cipher. - * - * @param cipher the cipher to be used as the basis of the MAC generation. - */ - public CBCBlockCipherMac( - BlockCipher cipher) - { - this(cipher, (cipher.getBlockSize() * 8) / 2, null); - } - - /** - * create a standard MAC based on a CBC block cipher. This will produce an - * authentication code half the length of the block size of the cipher. - * - * @param cipher the cipher to be used as the basis of the MAC generation. - * @param padding the padding to be used to complete the last block. - */ - public CBCBlockCipherMac( - BlockCipher cipher, - BlockCipherPadding padding) - { - this(cipher, (cipher.getBlockSize() * 8) / 2, padding); - } - - /** - * create a standard MAC based on a block cipher with the size of the - * MAC been given in bits. This class uses CBC mode as the basis for the - * MAC generation. - * <p> - * Note: the size of the MAC must be at least 24 bits (FIPS Publication 81), - * or 16 bits if being used as a data authenticator (FIPS Publication 113), - * and in general should be less than the size of the block cipher as it reduces - * the chance of an exhaustive attack (see Handbook of Applied Cryptography). - * - * @param cipher the cipher to be used as the basis of the MAC generation. - * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8. - */ - public CBCBlockCipherMac( - BlockCipher cipher, - int macSizeInBits) - { - this(cipher, macSizeInBits, null); - } - - /** - * create a standard MAC based on a block cipher with the size of the - * MAC been given in bits. This class uses CBC mode as the basis for the - * MAC generation. - * <p> - * Note: the size of the MAC must be at least 24 bits (FIPS Publication 81), - * or 16 bits if being used as a data authenticator (FIPS Publication 113), - * and in general should be less than the size of the block cipher as it reduces - * the chance of an exhaustive attack (see Handbook of Applied Cryptography). - * - * @param cipher the cipher to be used as the basis of the MAC generation. - * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8. - * @param padding the padding to be used to complete the last block. - */ - public CBCBlockCipherMac( - BlockCipher cipher, - int macSizeInBits, - BlockCipherPadding padding) - { - if ((macSizeInBits % 8) != 0) - { - throw new IllegalArgumentException("MAC size must be multiple of 8"); - } - - this.cipher = new CBCBlockCipher(cipher); - this.padding = padding; - this.macSize = macSizeInBits / 8; - - mac = new byte[cipher.getBlockSize()]; - - buf = new byte[cipher.getBlockSize()]; - bufOff = 0; - } - - public String getAlgorithmName() - { - return cipher.getAlgorithmName(); - } - - public void init( - CipherParameters params) - { - reset(); - - cipher.init(true, params); - } - - public int getMacSize() - { - return macSize; - } - - public void update( - byte in) - { - int resultLen = 0; - - if (bufOff == buf.length) - { - resultLen = cipher.processBlock(buf, 0, mac, 0); - bufOff = 0; - } - - buf[bufOff++] = in; - } - - public void update( - byte[] in, - int inOff, - int len) - { - if (len < 0) - { - throw new IllegalArgumentException("Can't have a negative input length!"); - } - - int blockSize = cipher.getBlockSize(); - int resultLen = 0; - int gapLen = blockSize - bufOff; - - if (len > gapLen) - { - System.arraycopy(in, inOff, buf, bufOff, gapLen); - - resultLen += cipher.processBlock(buf, 0, mac, 0); - - bufOff = 0; - len -= gapLen; - inOff += gapLen; - - while (len > blockSize) - { - resultLen += cipher.processBlock(in, inOff, mac, 0); - - len -= blockSize; - inOff += blockSize; - } - } - - System.arraycopy(in, inOff, buf, bufOff, len); - - bufOff += len; - } - - public int doFinal( - byte[] out, - int outOff) - { - int blockSize = cipher.getBlockSize(); - - if (padding == null) - { - // - // pad with zeroes - // - while (bufOff < blockSize) - { - buf[bufOff] = 0; - bufOff++; - } - } - else - { - if (bufOff == blockSize) - { - cipher.processBlock(buf, 0, mac, 0); - bufOff = 0; - } - - padding.addPadding(buf, bufOff); - } - - cipher.processBlock(buf, 0, mac, 0); - - System.arraycopy(mac, 0, out, outOff, macSize); - - reset(); - - return macSize; - } - - /** - * Reset the mac generator. - */ - public void reset() - { - /* - * clean the buffer. - */ - for (int i = 0; i < buf.length; i++) - { - buf[i] = 0; - } - - bufOff = 0; - - /* - * reset the underlying cipher. - */ - cipher.reset(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/macs/CFBBlockCipherMac.java b/luni/src/main/java/org/bouncycastle/crypto/macs/CFBBlockCipherMac.java deleted file mode 100644 index 1a0395e..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/macs/CFBBlockCipherMac.java +++ /dev/null @@ -1,390 +0,0 @@ -package org.bouncycastle.crypto.macs; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.Mac; -import org.bouncycastle.crypto.paddings.BlockCipherPadding; -import org.bouncycastle.crypto.params.ParametersWithIV; - -/** - * implements a Cipher-FeedBack (CFB) mode on top of a simple cipher. - */ -class MacCFBBlockCipher -{ - private byte[] IV; - private byte[] cfbV; - private byte[] cfbOutV; - - private int blockSize; - private BlockCipher cipher = null; - - /** - * Basic constructor. - * - * @param cipher the block cipher to be used as the basis of the - * feedback mode. - * @param blockSize the block size in bits (note: a multiple of 8) - */ - public MacCFBBlockCipher( - BlockCipher cipher, - int bitBlockSize) - { - this.cipher = cipher; - this.blockSize = bitBlockSize / 8; - - this.IV = new byte[cipher.getBlockSize()]; - this.cfbV = new byte[cipher.getBlockSize()]; - this.cfbOutV = new byte[cipher.getBlockSize()]; - } - - /** - * Initialise the cipher and, possibly, the initialisation vector (IV). - * If an IV isn't passed as part of the parameter, the IV will be all zeros. - * An IV which is too short is handled in FIPS compliant fashion. - * - * @param param the key and other data required by the cipher. - * @exception IllegalArgumentException if the params argument is - * inappropriate. - */ - public void init( - CipherParameters params) - throws IllegalArgumentException - { - if (params instanceof ParametersWithIV) - { - ParametersWithIV ivParam = (ParametersWithIV)params; - byte[] iv = ivParam.getIV(); - - if (iv.length < IV.length) - { - System.arraycopy(iv, 0, IV, IV.length - iv.length, iv.length); - } - else - { - System.arraycopy(iv, 0, IV, 0, IV.length); - } - - reset(); - - cipher.init(true, ivParam.getParameters()); - } - else - { - reset(); - - cipher.init(true, params); - } - } - - /** - * return the algorithm name and mode. - * - * @return the name of the underlying algorithm followed by "/CFB" - * and the block size in bits. - */ - public String getAlgorithmName() - { - return cipher.getAlgorithmName() + "/CFB" + (blockSize * 8); - } - - /** - * return the block size we are operating at. - * - * @return the block size we are operating at (in bytes). - */ - public int getBlockSize() - { - return blockSize; - } - - /** - * Process one block of input from the array in and write it to - * the out array. - * - * @param in the array containing the input data. - * @param inOff offset into the in array the data starts at. - * @param out the array the output data will be copied into. - * @param outOff the offset into the out array the output will start at. - * @exception DataLengthException if there isn't enough data in in, or - * space in out. - * @exception IllegalStateException if the cipher isn't initialised. - * @return the number of bytes processed and produced. - */ - public int processBlock( - byte[] in, - int inOff, - byte[] out, - int outOff) - throws DataLengthException, IllegalStateException - { - if ((inOff + blockSize) > in.length) - { - throw new DataLengthException("input buffer too short"); - } - - if ((outOff + blockSize) > out.length) - { - throw new DataLengthException("output buffer too short"); - } - - cipher.processBlock(cfbV, 0, cfbOutV, 0); - - // - // XOR the cfbV with the plaintext producing the cipher text - // - for (int i = 0; i < blockSize; i++) - { - out[outOff + i] = (byte)(cfbOutV[i] ^ in[inOff + i]); - } - - // - // change over the input block. - // - System.arraycopy(cfbV, blockSize, cfbV, 0, cfbV.length - blockSize); - System.arraycopy(out, outOff, cfbV, cfbV.length - blockSize, blockSize); - - return blockSize; - } - - /** - * reset the chaining vector back to the IV and reset the underlying - * cipher. - */ - public void reset() - { - System.arraycopy(IV, 0, cfbV, 0, IV.length); - - cipher.reset(); - } - - void getMacBlock( - byte[] mac) - { - cipher.processBlock(cfbV, 0, mac, 0); - } -} - -public class CFBBlockCipherMac - implements Mac -{ - private byte[] mac; - - private byte[] buf; - private int bufOff; - private MacCFBBlockCipher cipher; - private BlockCipherPadding padding = null; - - - private int macSize; - - /** - * create a standard MAC based on a CFB block cipher. This will produce an - * authentication code half the length of the block size of the cipher, with - * the CFB mode set to 8 bits. - * - * @param cipher the cipher to be used as the basis of the MAC generation. - */ - public CFBBlockCipherMac( - BlockCipher cipher) - { - this(cipher, 8, (cipher.getBlockSize() * 8) / 2, null); - } - - /** - * create a standard MAC based on a CFB block cipher. This will produce an - * authentication code half the length of the block size of the cipher, with - * the CFB mode set to 8 bits. - * - * @param cipher the cipher to be used as the basis of the MAC generation. - * @param padding the padding to be used. - */ - public CFBBlockCipherMac( - BlockCipher cipher, - BlockCipherPadding padding) - { - this(cipher, 8, (cipher.getBlockSize() * 8) / 2, padding); - } - - /** - * create a standard MAC based on a block cipher with the size of the - * MAC been given in bits. This class uses CFB mode as the basis for the - * MAC generation. - * <p> - * Note: the size of the MAC must be at least 24 bits (FIPS Publication 81), - * or 16 bits if being used as a data authenticator (FIPS Publication 113), - * and in general should be less than the size of the block cipher as it reduces - * the chance of an exhaustive attack (see Handbook of Applied Cryptography). - * - * @param cipher the cipher to be used as the basis of the MAC generation. - * @param cfbBitSize the size of an output block produced by the CFB mode. - * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8. - */ - public CFBBlockCipherMac( - BlockCipher cipher, - int cfbBitSize, - int macSizeInBits) - { - this(cipher, cfbBitSize, macSizeInBits, null); - } - - /** - * create a standard MAC based on a block cipher with the size of the - * MAC been given in bits. This class uses CFB mode as the basis for the - * MAC generation. - * <p> - * Note: the size of the MAC must be at least 24 bits (FIPS Publication 81), - * or 16 bits if being used as a data authenticator (FIPS Publication 113), - * and in general should be less than the size of the block cipher as it reduces - * the chance of an exhaustive attack (see Handbook of Applied Cryptography). - * - * @param cipher the cipher to be used as the basis of the MAC generation. - * @param cfbBitSize the size of an output block produced by the CFB mode. - * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8. - * @param padding a padding to be used. - */ - public CFBBlockCipherMac( - BlockCipher cipher, - int cfbBitSize, - int macSizeInBits, - BlockCipherPadding padding) - { - if ((macSizeInBits % 8) != 0) - { - throw new IllegalArgumentException("MAC size must be multiple of 8"); - } - - mac = new byte[cipher.getBlockSize()]; - - this.cipher = new MacCFBBlockCipher(cipher, cfbBitSize); - this.padding = padding; - this.macSize = macSizeInBits / 8; - - buf = new byte[this.cipher.getBlockSize()]; - bufOff = 0; - } - - public String getAlgorithmName() - { - return cipher.getAlgorithmName(); - } - - public void init( - CipherParameters params) - { - reset(); - - cipher.init(params); - } - - public int getMacSize() - { - return macSize; - } - - public void update( - byte in) - { - int resultLen = 0; - - if (bufOff == buf.length) - { - resultLen = cipher.processBlock(buf, 0, mac, 0); - bufOff = 0; - } - - buf[bufOff++] = in; - } - - public void update( - byte[] in, - int inOff, - int len) - { - if (len < 0) - { - throw new IllegalArgumentException("Can't have a negative input length!"); - } - - int blockSize = cipher.getBlockSize(); - int resultLen = 0; - int gapLen = blockSize - bufOff; - - if (len > gapLen) - { - System.arraycopy(in, inOff, buf, bufOff, gapLen); - - resultLen += cipher.processBlock(buf, 0, mac, 0); - - bufOff = 0; - len -= gapLen; - inOff += gapLen; - - while (len > blockSize) - { - resultLen += cipher.processBlock(in, inOff, mac, 0); - - len -= blockSize; - inOff += blockSize; - } - } - - System.arraycopy(in, inOff, buf, bufOff, len); - - bufOff += len; - } - - public int doFinal( - byte[] out, - int outOff) - { - int blockSize = cipher.getBlockSize(); - - // - // pad with zeroes - // - if (this.padding == null) - { - while (bufOff < blockSize) - { - buf[bufOff] = 0; - bufOff++; - } - } - else - { - padding.addPadding(buf, bufOff); - } - - cipher.processBlock(buf, 0, mac, 0); - - cipher.getMacBlock(mac); - - System.arraycopy(mac, 0, out, outOff, macSize); - - reset(); - - return macSize; - } - - /** - * Reset the mac generator. - */ - public void reset() - { - /* - * clean the buffer. - */ - for (int i = 0; i < buf.length; i++) - { - buf[i] = 0; - } - - bufOff = 0; - - /* - * reset the underlying cipher. - */ - cipher.reset(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/macs/HMac.java b/luni/src/main/java/org/bouncycastle/crypto/macs/HMac.java deleted file mode 100644 index 7272f32..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/macs/HMac.java +++ /dev/null @@ -1,199 +0,0 @@ -package org.bouncycastle.crypto.macs; - -import java.util.Hashtable; - -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.ExtendedDigest; -import org.bouncycastle.crypto.Mac; -import org.bouncycastle.crypto.params.KeyParameter; - -/** - * HMAC implementation based on RFC2104 - * - * H(K XOR opad, H(K XOR ipad, text)) - */ -public class HMac - implements Mac -{ - private final static byte IPAD = (byte)0x36; - private final static byte OPAD = (byte)0x5C; - - private Digest digest; - private int digestSize; - private int blockLength; - - private byte[] inputPad; - private byte[] outputPad; - - private static Hashtable blockLengths; - - static - { - blockLengths = new Hashtable(); - - blockLengths.put("GOST3411", Integer.valueOf(32)); - - blockLengths.put("MD2", Integer.valueOf(16)); - blockLengths.put("MD4", Integer.valueOf(64)); - blockLengths.put("MD5", Integer.valueOf(64)); - - blockLengths.put("RIPEMD128", Integer.valueOf(64)); - blockLengths.put("RIPEMD160", Integer.valueOf(64)); - - blockLengths.put("SHA-1", Integer.valueOf(64)); - blockLengths.put("SHA-224", Integer.valueOf(64)); - blockLengths.put("SHA-256", Integer.valueOf(64)); - blockLengths.put("SHA-384", Integer.valueOf(128)); - blockLengths.put("SHA-512", Integer.valueOf(128)); - - blockLengths.put("Tiger", Integer.valueOf(64)); - blockLengths.put("Whirlpool", Integer.valueOf(64)); - } - - private static int getByteLength( - Digest digest) - { - if (digest instanceof ExtendedDigest) - { - return ((ExtendedDigest)digest).getByteLength(); - } - - Integer b = (Integer)blockLengths.get(digest.getAlgorithmName()); - - if (b == null) - { - throw new IllegalArgumentException("unknown digest passed: " + digest.getAlgorithmName()); - } - - return b.intValue(); - } - - /** - * Base constructor for one of the standard digest algorithms that the - * byteLength of the algorithm is know for. - * - * @param digest the digest. - */ - public HMac( - Digest digest) - { - this(digest, getByteLength(digest)); - } - - private HMac( - Digest digest, - int byteLength) - { - this.digest = digest; - digestSize = digest.getDigestSize(); - - this.blockLength = byteLength; - - inputPad = new byte[blockLength]; - outputPad = new byte[blockLength]; - } - - public String getAlgorithmName() - { - return digest.getAlgorithmName() + "/HMAC"; - } - - public Digest getUnderlyingDigest() - { - return digest; - } - - public void init( - CipherParameters params) - { - digest.reset(); - - byte[] key = ((KeyParameter)params).getKey(); - - if (key.length > blockLength) - { - digest.update(key, 0, key.length); - digest.doFinal(inputPad, 0); - for (int i = digestSize; i < inputPad.length; i++) - { - inputPad[i] = 0; - } - } - else - { - System.arraycopy(key, 0, inputPad, 0, key.length); - for (int i = key.length; i < inputPad.length; i++) - { - inputPad[i] = 0; - } - } - - outputPad = new byte[inputPad.length]; - System.arraycopy(inputPad, 0, outputPad, 0, inputPad.length); - - for (int i = 0; i < inputPad.length; i++) - { - inputPad[i] ^= IPAD; - } - - for (int i = 0; i < outputPad.length; i++) - { - outputPad[i] ^= OPAD; - } - - digest.update(inputPad, 0, inputPad.length); - } - - public int getMacSize() - { - return digestSize; - } - - public void update( - byte in) - { - digest.update(in); - } - - public void update( - byte[] in, - int inOff, - int len) - { - digest.update(in, inOff, len); - } - - public int doFinal( - byte[] out, - int outOff) - { - byte[] tmp = new byte[digestSize]; - digest.doFinal(tmp, 0); - - digest.update(outputPad, 0, outputPad.length); - digest.update(tmp, 0, tmp.length); - - int len = digest.doFinal(out, outOff); - - reset(); - - return len; - } - - /** - * Reset the mac generator. - */ - public void reset() - { - /* - * reset the underlying digest. - */ - digest.reset(); - - /* - * reinitialize the digest. - */ - digest.update(inputPad, 0, inputPad.length); - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/macs/ISO9797Alg3Mac.java b/luni/src/main/java/org/bouncycastle/crypto/macs/ISO9797Alg3Mac.java deleted file mode 100644 index 11db130..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/macs/ISO9797Alg3Mac.java +++ /dev/null @@ -1,289 +0,0 @@ -package org.bouncycastle.crypto.macs; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.Mac; -import org.bouncycastle.crypto.engines.DESEngine; -import org.bouncycastle.crypto.modes.CBCBlockCipher; -import org.bouncycastle.crypto.paddings.BlockCipherPadding; -import org.bouncycastle.crypto.params.KeyParameter; - -/** - * DES based CBC Block Cipher MAC according to ISO9797, algorithm 3 (ANSI X9.19 Retail MAC) - * - * This could as well be derived from CBCBlockCipherMac, but then the property mac in the base - * class must be changed to protected - */ - -public class ISO9797Alg3Mac - implements Mac -{ - private byte[] mac; - - private byte[] buf; - private int bufOff; - private BlockCipher cipher; - private BlockCipherPadding padding; - - private int macSize; - private KeyParameter lastKey2; - private KeyParameter lastKey3; - - /** - * create a Retail-MAC based on a CBC block cipher. This will produce an - * authentication code of the length of the block size of the cipher. - * - * @param cipher the cipher to be used as the basis of the MAC generation. This must - * be DESEngine. - */ - public ISO9797Alg3Mac( - BlockCipher cipher) - { - this(cipher, cipher.getBlockSize() * 8, null); - } - - /** - * create a Retail-MAC based on a CBC block cipher. This will produce an - * authentication code of the length of the block size of the cipher. - * - * @param cipher the cipher to be used as the basis of the MAC generation. - * @param padding the padding to be used to complete the last block. - */ - public ISO9797Alg3Mac( - BlockCipher cipher, - BlockCipherPadding padding) - { - this(cipher, cipher.getBlockSize() * 8, padding); - } - - /** - * create a Retail-MAC based on a block cipher with the size of the - * MAC been given in bits. This class uses single DES CBC mode as the basis for the - * MAC generation. - * <p> - * Note: the size of the MAC must be at least 24 bits (FIPS Publication 81), - * or 16 bits if being used as a data authenticator (FIPS Publication 113), - * and in general should be less than the size of the block cipher as it reduces - * the chance of an exhaustive attack (see Handbook of Applied Cryptography). - * - * @param cipher the cipher to be used as the basis of the MAC generation. - * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8. - */ - public ISO9797Alg3Mac( - BlockCipher cipher, - int macSizeInBits) - { - this(cipher, macSizeInBits, null); - } - - /** - * create a standard MAC based on a block cipher with the size of the - * MAC been given in bits. This class uses single DES CBC mode as the basis for the - * MAC generation. The final block is decrypted and then encrypted using the - * middle and right part of the key. - * <p> - * Note: the size of the MAC must be at least 24 bits (FIPS Publication 81), - * or 16 bits if being used as a data authenticator (FIPS Publication 113), - * and in general should be less than the size of the block cipher as it reduces - * the chance of an exhaustive attack (see Handbook of Applied Cryptography). - * - * @param cipher the cipher to be used as the basis of the MAC generation. - * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8. - * @param padding the padding to be used to complete the last block. - */ - public ISO9797Alg3Mac( - BlockCipher cipher, - int macSizeInBits, - BlockCipherPadding padding) - { - if ((macSizeInBits % 8) != 0) - { - throw new IllegalArgumentException("MAC size must be multiple of 8"); - } - - if (!(cipher instanceof DESEngine)) - { - throw new IllegalArgumentException("cipher must be instance of DESEngine"); - } - - this.cipher = new CBCBlockCipher(cipher); - this.padding = padding; - this.macSize = macSizeInBits / 8; - - mac = new byte[cipher.getBlockSize()]; - - buf = new byte[cipher.getBlockSize()]; - bufOff = 0; - } - - public String getAlgorithmName() - { - return "ISO9797Alg3"; - } - - public void init(CipherParameters params) - { - reset(); - - if (!(params instanceof KeyParameter)) - { - throw new IllegalArgumentException( - "params must be an instance of KeyParameter"); - } - - // KeyParameter must contain a double or triple length DES key, - // however the underlying cipher is a single DES. The middle and - // right key are used only in the final step. - - KeyParameter kp = (KeyParameter)params; - KeyParameter key1; - byte[] keyvalue = kp.getKey(); - - if (keyvalue.length == 16) - { // Double length DES key - key1 = new KeyParameter(keyvalue, 0, 8); - this.lastKey2 = new KeyParameter(keyvalue, 8, 8); - this.lastKey3 = key1; - } - else if (keyvalue.length == 24) - { // Triple length DES key - key1 = new KeyParameter(keyvalue, 0, 8); - this.lastKey2 = new KeyParameter(keyvalue, 8, 8); - this.lastKey3 = new KeyParameter(keyvalue, 16, 8); - } - else - { - throw new IllegalArgumentException( - "Key must be either 112 or 168 bit long"); - } - - cipher.init(true, key1); - } - - public int getMacSize() - { - return macSize; - } - - public void update( - byte in) - { - int resultLen = 0; - - if (bufOff == buf.length) - { - resultLen = cipher.processBlock(buf, 0, mac, 0); - bufOff = 0; - } - - buf[bufOff++] = in; - } - - - public void update( - byte[] in, - int inOff, - int len) - { - if (len < 0) - { - throw new IllegalArgumentException("Can't have a negative input length!"); - } - - int blockSize = cipher.getBlockSize(); - int resultLen = 0; - int gapLen = blockSize - bufOff; - - if (len > gapLen) - { - System.arraycopy(in, inOff, buf, bufOff, gapLen); - - resultLen += cipher.processBlock(buf, 0, mac, 0); - - bufOff = 0; - len -= gapLen; - inOff += gapLen; - - while (len > blockSize) - { - resultLen += cipher.processBlock(in, inOff, mac, 0); - - len -= blockSize; - inOff += blockSize; - } - } - - System.arraycopy(in, inOff, buf, bufOff, len); - - bufOff += len; - } - - public int doFinal( - byte[] out, - int outOff) - { - int blockSize = cipher.getBlockSize(); - - if (padding == null) - { - // - // pad with zeroes - // - while (bufOff < blockSize) - { - buf[bufOff] = 0; - bufOff++; - } - } - else - { - if (bufOff == blockSize) - { - cipher.processBlock(buf, 0, mac, 0); - bufOff = 0; - } - - padding.addPadding(buf, bufOff); - } - - cipher.processBlock(buf, 0, mac, 0); - - // Added to code from base class - DESEngine deseng = new DESEngine(); - - deseng.init(false, this.lastKey2); - deseng.processBlock(mac, 0, mac, 0); - - deseng.init(true, this.lastKey3); - deseng.processBlock(mac, 0, mac, 0); - // **** - - System.arraycopy(mac, 0, out, outOff, macSize); - - reset(); - - return macSize; - } - - - /** - * Reset the mac generator. - */ - public void reset() - { - /* - * clean the buffer. - */ - for (int i = 0; i < buf.length; i++) - { - buf[i] = 0; - } - - bufOff = 0; - - /* - * reset the underlying cipher. - */ - cipher.reset(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/macs/OldHMac.java b/luni/src/main/java/org/bouncycastle/crypto/macs/OldHMac.java deleted file mode 100644 index 7463afd..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/macs/OldHMac.java +++ /dev/null @@ -1,138 +0,0 @@ -package org.bouncycastle.crypto.macs; - -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.Mac; -import org.bouncycastle.crypto.params.KeyParameter; - -/** - * HMAC implementation based on RFC2104 - * - * H(K XOR opad, H(K XOR ipad, text)) - */ -public class OldHMac -implements Mac -{ - private final static int BLOCK_LENGTH = 64; - - private final static byte IPAD = (byte)0x36; - private final static byte OPAD = (byte)0x5C; - - private Digest digest; - private int digestSize; - private byte[] inputPad = new byte[BLOCK_LENGTH]; - private byte[] outputPad = new byte[BLOCK_LENGTH]; - - /** - * @deprecated uses incorrect pad for SHA-512 and SHA-384 use HMac. - */ - public OldHMac( - Digest digest) - { - this.digest = digest; - digestSize = digest.getDigestSize(); - } - - public String getAlgorithmName() - { - return digest.getAlgorithmName() + "/HMAC"; - } - - public Digest getUnderlyingDigest() - { - return digest; - } - - public void init( - CipherParameters params) - { - digest.reset(); - - byte[] key = ((KeyParameter)params).getKey(); - - if (key.length > BLOCK_LENGTH) - { - digest.update(key, 0, key.length); - digest.doFinal(inputPad, 0); - for (int i = digestSize; i < inputPad.length; i++) - { - inputPad[i] = 0; - } - } - else - { - System.arraycopy(key, 0, inputPad, 0, key.length); - for (int i = key.length; i < inputPad.length; i++) - { - inputPad[i] = 0; - } - } - - outputPad = new byte[inputPad.length]; - System.arraycopy(inputPad, 0, outputPad, 0, inputPad.length); - - for (int i = 0; i < inputPad.length; i++) - { - inputPad[i] ^= IPAD; - } - - for (int i = 0; i < outputPad.length; i++) - { - outputPad[i] ^= OPAD; - } - - digest.update(inputPad, 0, inputPad.length); - } - - public int getMacSize() - { - return digestSize; - } - - public void update( - byte in) - { - digest.update(in); - } - - public void update( - byte[] in, - int inOff, - int len) - { - digest.update(in, inOff, len); - } - - public int doFinal( - byte[] out, - int outOff) - { - byte[] tmp = new byte[digestSize]; - digest.doFinal(tmp, 0); - - digest.update(outputPad, 0, outputPad.length); - digest.update(tmp, 0, tmp.length); - - int len = digest.doFinal(out, outOff); - - reset(); - - return len; - } - - /** - * Reset the mac generator. - */ - public void reset() - { - /* - * reset the underlying digest. - */ - digest.reset(); - - /* - * reinitialize the digest. - */ - digest.update(inputPad, 0, inputPad.length); - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/modes/CBCBlockCipher.java b/luni/src/main/java/org/bouncycastle/crypto/modes/CBCBlockCipher.java deleted file mode 100644 index 7640045..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/modes/CBCBlockCipher.java +++ /dev/null @@ -1,233 +0,0 @@ -package org.bouncycastle.crypto.modes; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.params.ParametersWithIV; - -/** - * implements Cipher-Block-Chaining (CBC) mode on top of a simple cipher. - */ -public class CBCBlockCipher - implements BlockCipher -{ - private byte[] IV; - private byte[] cbcV; - private byte[] cbcNextV; - - private int blockSize; - private BlockCipher cipher = null; - private boolean encrypting; - - /** - * Basic constructor. - * - * @param cipher the block cipher to be used as the basis of chaining. - */ - public CBCBlockCipher( - BlockCipher cipher) - { - this.cipher = cipher; - this.blockSize = cipher.getBlockSize(); - - this.IV = new byte[blockSize]; - this.cbcV = new byte[blockSize]; - this.cbcNextV = new byte[blockSize]; - } - - /** - * return the underlying block cipher that we are wrapping. - * - * @return the underlying block cipher that we are wrapping. - */ - public BlockCipher getUnderlyingCipher() - { - return cipher; - } - - /** - * Initialise the cipher and, possibly, the initialisation vector (IV). - * If an IV isn't passed as part of the parameter, the IV will be all zeros. - * - * @param encrypting if true the cipher is initialised for - * encryption, if false for decryption. - * @param params the key and other data required by the cipher. - * @exception IllegalArgumentException if the params argument is - * inappropriate. - */ - public void init( - boolean encrypting, - CipherParameters params) - throws IllegalArgumentException - { - this.encrypting = encrypting; - - if (params instanceof ParametersWithIV) - { - ParametersWithIV ivParam = (ParametersWithIV)params; - byte[] iv = ivParam.getIV(); - - if (iv.length != blockSize) - { - throw new IllegalArgumentException("initialisation vector must be the same length as block size"); - } - - System.arraycopy(iv, 0, IV, 0, iv.length); - - reset(); - - cipher.init(encrypting, ivParam.getParameters()); - } - else - { - reset(); - - cipher.init(encrypting, params); - } - } - - /** - * return the algorithm name and mode. - * - * @return the name of the underlying algorithm followed by "/CBC". - */ - public String getAlgorithmName() - { - return cipher.getAlgorithmName() + "/CBC"; - } - - /** - * return the block size of the underlying cipher. - * - * @return the block size of the underlying cipher. - */ - public int getBlockSize() - { - return cipher.getBlockSize(); - } - - /** - * Process one block of input from the array in and write it to - * the out array. - * - * @param in the array containing the input data. - * @param inOff offset into the in array the data starts at. - * @param out the array the output data will be copied into. - * @param outOff the offset into the out array the output will start at. - * @exception DataLengthException if there isn't enough data in in, or - * space in out. - * @exception IllegalStateException if the cipher isn't initialised. - * @return the number of bytes processed and produced. - */ - public int processBlock( - byte[] in, - int inOff, - byte[] out, - int outOff) - throws DataLengthException, IllegalStateException - { - return (encrypting) ? encryptBlock(in, inOff, out, outOff) : decryptBlock(in, inOff, out, outOff); - } - - /** - * reset the chaining vector back to the IV and reset the underlying - * cipher. - */ - public void reset() - { - System.arraycopy(IV, 0, cbcV, 0, IV.length); - - cipher.reset(); - } - - /** - * Do the appropriate chaining step for CBC mode encryption. - * - * @param in the array containing the data to be encrypted. - * @param inOff offset into the in array the data starts at. - * @param out the array the encrypted data will be copied into. - * @param outOff the offset into the out array the output will start at. - * @exception DataLengthException if there isn't enough data in in, or - * space in out. - * @exception IllegalStateException if the cipher isn't initialised. - * @return the number of bytes processed and produced. - */ - private int encryptBlock( - byte[] in, - int inOff, - byte[] out, - int outOff) - throws DataLengthException, IllegalStateException - { - if ((inOff + blockSize) > in.length) - { - throw new DataLengthException("input buffer too short"); - } - - /* - * XOR the cbcV and the input, - * then encrypt the cbcV - */ - for (int i = 0; i < blockSize; i++) - { - cbcV[i] ^= in[inOff + i]; - } - - int length = cipher.processBlock(cbcV, 0, out, outOff); - - /* - * copy ciphertext to cbcV - */ - System.arraycopy(out, outOff, cbcV, 0, cbcV.length); - - return length; - } - - /** - * Do the appropriate chaining step for CBC mode decryption. - * - * @param in the array containing the data to be decrypted. - * @param inOff offset into the in array the data starts at. - * @param out the array the decrypted data will be copied into. - * @param outOff the offset into the out array the output will start at. - * @exception DataLengthException if there isn't enough data in in, or - * space in out. - * @exception IllegalStateException if the cipher isn't initialised. - * @return the number of bytes processed and produced. - */ - private int decryptBlock( - byte[] in, - int inOff, - byte[] out, - int outOff) - throws DataLengthException, IllegalStateException - { - if ((inOff + blockSize) > in.length) - { - throw new DataLengthException("input buffer too short"); - } - - System.arraycopy(in, inOff, cbcNextV, 0, blockSize); - - int length = cipher.processBlock(in, inOff, out, outOff); - - /* - * XOR the cbcV and the output - */ - for (int i = 0; i < blockSize; i++) - { - out[outOff + i] ^= cbcV[i]; - } - - /* - * swap the back up buffer into next position - */ - byte[] tmp; - - tmp = cbcV; - cbcV = cbcNextV; - cbcNextV = tmp; - - return length; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/modes/CCMBlockCipher.java b/luni/src/main/java/org/bouncycastle/crypto/modes/CCMBlockCipher.java deleted file mode 100644 index 95db190..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/modes/CCMBlockCipher.java +++ /dev/null @@ -1,284 +0,0 @@ -package org.bouncycastle.crypto.modes; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.InvalidCipherTextException; -import org.bouncycastle.crypto.Mac; -import org.bouncycastle.crypto.macs.CBCBlockCipherMac; -import org.bouncycastle.crypto.params.CCMParameters; -import org.bouncycastle.crypto.params.ParametersWithIV; - -/** - * Implements the Counter with Cipher Block Chaining mode (CCM) detailed in - * NIST Special Publication 800-38C. - * <p> - * <b>Note</b>: this mode is a packet mode - it needs all the data up front. - */ -public class CCMBlockCipher -{ - private BlockCipher cipher = null; - private int blockSize; - private boolean forEncryption; - private CCMParameters params; - private byte[] macBlock; - - - /** - * Basic constructor. - * - * @param c the block cipher to be used. - */ - public CCMBlockCipher(BlockCipher c) - { - this.cipher = c; - this.blockSize = c.getBlockSize(); - this.macBlock = new byte[blockSize]; - - if (blockSize != 16) - { - throw new IllegalArgumentException("cipher required with a block size of 16."); - } - } - - /** - * return the underlying block cipher that we are wrapping. - * - * @return the underlying block cipher that we are wrapping. - */ - public BlockCipher getUnderlyingCipher() - { - return cipher; - } - - - public void init(boolean forEncryption, CipherParameters params) - throws IllegalArgumentException - { - if (!(params instanceof CCMParameters)) - { - throw new IllegalArgumentException("parameters need to be CCMParameters"); - } - - this.forEncryption = forEncryption; - this.params = (CCMParameters)params; - } - - public String getAlgorithmName() - { - return cipher.getAlgorithmName() + "/CCM"; - } - - /** - * Returns a byte array containing the mac calculated as part of the - * last encrypt or decrypt operation. - * - * @return the last mac calculated. - */ - public byte[] getMac() - { - byte[] mac = new byte[params.getMacSize() / 8]; - - System.arraycopy(macBlock, 0, mac, 0, mac.length); - - return mac; - } - - public byte[] processPacket(byte[] in, int inOff, int inLen) - throws IllegalStateException, InvalidCipherTextException - { - if (params == null) - { - throw new IllegalStateException("CCM cipher unitialized."); - } - - BlockCipher ctrCipher = new SICBlockCipher(cipher); - byte[] iv = new byte[blockSize]; - byte[] nonce = params.getNonce(); - int macSize = params.getMacSize() / 8; - byte[] out; - - iv[0] = (byte)(((15 - nonce.length) - 1) & 0x7); - - System.arraycopy(nonce, 0, iv, 1, nonce.length); - - ctrCipher.init(forEncryption, new ParametersWithIV(params.getKey(), iv)); - - if (forEncryption) - { - int index = inOff; - int outOff = 0; - - out = new byte[inLen + macSize]; - - calculateMac(in, inOff, inLen, macBlock); - - ctrCipher.processBlock(macBlock, 0, macBlock, 0); // S0 - - while (index < inLen - blockSize) // S1... - { - ctrCipher.processBlock(in, index, out, outOff); - outOff += blockSize; - index += blockSize; - } - - byte[] block = new byte[blockSize]; - - System.arraycopy(in, index, block, 0, inLen - index); - - ctrCipher.processBlock(block, 0, block, 0); - - System.arraycopy(block, 0, out, outOff, inLen - index); - - outOff += inLen - index; - - System.arraycopy(macBlock, 0, out, outOff, out.length - outOff); - } - else - { - int index = inOff; - int outOff = 0; - - out = new byte[inLen - macSize]; - - System.arraycopy(in, inOff + inLen - macSize, macBlock, 0, macSize); - - ctrCipher.processBlock(macBlock, 0, macBlock, 0); - - for (int i = macSize; i != macBlock.length; i++) - { - macBlock[i] = 0; - } - - while (outOff < out.length - blockSize) - { - ctrCipher.processBlock(in, index, out, outOff); - outOff += blockSize; - index += blockSize; - } - - byte[] block = new byte[blockSize]; - - System.arraycopy(in, index, block, 0, out.length - outOff); - - ctrCipher.processBlock(block, 0, block, 0); - - System.arraycopy(block, 0, out, outOff, out.length - outOff); - - byte[] calculatedMacBlock = new byte[blockSize]; - - calculateMac(out, 0, out.length, calculatedMacBlock); - - if (!areEqual(macBlock, calculatedMacBlock)) - { - throw new InvalidCipherTextException("mac check in CCM failed"); - } - } - - return out; - } - - private int calculateMac(byte[] data, int dataOff, int dataLen, byte[] macBlock) - { - Mac cMac = new CBCBlockCipherMac(cipher, params.getMacSize()); - - byte[] nonce = params.getNonce(); - byte[] associatedText = params.getAssociatedText(); - - cMac.init(params.getKey()); - - // - // build b0 - // - byte[] b0 = new byte[16]; - - if (associatedText != null && associatedText.length != 0) - { - b0[0] |= 0x40; - } - - b0[0] |= (((cMac.getMacSize() - 2) / 2) & 0x7) << 3; - - b0[0] |= ((15 - nonce.length) - 1) & 0x7; - - System.arraycopy(nonce, 0, b0, 1, nonce.length); - - int q = dataLen; - int count = 1; - while (q > 0) - { - b0[b0.length - count] = (byte)(q & 0xff); - q >>>= 8; - count++; - } - - cMac.update(b0, 0, b0.length); - - // - // process associated text - // - if (associatedText != null) - { - int extra; - - if (associatedText.length < ((1 << 16) - (1 << 8))) - { - cMac.update((byte)(associatedText.length >> 8)); - cMac.update((byte)associatedText.length); - - extra = 2; - } - else // can't go any higher than 2^32 - { - cMac.update((byte)0xff); - cMac.update((byte)0xfe); - cMac.update((byte)(associatedText.length >> 24)); - cMac.update((byte)(associatedText.length >> 16)); - cMac.update((byte)(associatedText.length >> 8)); - cMac.update((byte)associatedText.length); - - extra = 6; - } - - cMac.update(associatedText, 0, associatedText.length); - - extra = (extra + associatedText.length) % 16; - if (extra != 0) - { - for (int i = 0; i != 16 - extra; i++) - { - cMac.update((byte)0x00); - } - } - } - - // - // add the text - // - cMac.update(data, dataOff, dataLen); - - return cMac.doFinal(macBlock, 0); - } - - /** - * compare two byte arrays. - */ - private boolean areEqual( - byte[] a, - byte[] b) - { - if (a.length != b.length) - { - return false; - } - - for (int i = 0; i != b.length; i++) - { - if (a[i] != b[i]) - { - return false; - } - } - - return true; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/modes/CFBBlockCipher.java b/luni/src/main/java/org/bouncycastle/crypto/modes/CFBBlockCipher.java deleted file mode 100644 index 0f64f04..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/modes/CFBBlockCipher.java +++ /dev/null @@ -1,250 +0,0 @@ -package org.bouncycastle.crypto.modes; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.params.ParametersWithIV; - -/** - * implements a Cipher-FeedBack (CFB) mode on top of a simple cipher. - */ -public class CFBBlockCipher - implements BlockCipher -{ - private byte[] IV; - private byte[] cfbV; - private byte[] cfbOutV; - - private int blockSize; - private BlockCipher cipher = null; - private boolean encrypting; - - /** - * Basic constructor. - * - * @param cipher the block cipher to be used as the basis of the - * feedback mode. - * @param bitBlockSize the block size in bits (note: a multiple of 8) - */ - public CFBBlockCipher( - BlockCipher cipher, - int bitBlockSize) - { - this.cipher = cipher; - this.blockSize = bitBlockSize / 8; - - this.IV = new byte[cipher.getBlockSize()]; - this.cfbV = new byte[cipher.getBlockSize()]; - this.cfbOutV = new byte[cipher.getBlockSize()]; - } - - /** - * return the underlying block cipher that we are wrapping. - * - * @return the underlying block cipher that we are wrapping. - */ - public BlockCipher getUnderlyingCipher() - { - return cipher; - } - - /** - * Initialise the cipher and, possibly, the initialisation vector (IV). - * If an IV isn't passed as part of the parameter, the IV will be all zeros. - * An IV which is too short is handled in FIPS compliant fashion. - * - * @param encrypting if true the cipher is initialised for - * encryption, if false for decryption. - * @param params the key and other data required by the cipher. - * @exception IllegalArgumentException if the params argument is - * inappropriate. - */ - public void init( - boolean encrypting, - CipherParameters params) - throws IllegalArgumentException - { - this.encrypting = encrypting; - - if (params instanceof ParametersWithIV) - { - ParametersWithIV ivParam = (ParametersWithIV)params; - byte[] iv = ivParam.getIV(); - - if (iv.length < IV.length) - { - // prepend the supplied IV with zeros (per FIPS PUB 81) - System.arraycopy(iv, 0, IV, IV.length - iv.length, iv.length); - for (int i = 0; i < IV.length - iv.length; i++) - { - IV[i] = 0; - } - } - else - { - System.arraycopy(iv, 0, IV, 0, IV.length); - } - - reset(); - - cipher.init(true, ivParam.getParameters()); - } - else - { - reset(); - - cipher.init(true, params); - } - } - - /** - * return the algorithm name and mode. - * - * @return the name of the underlying algorithm followed by "/CFB" - * and the block size in bits. - */ - public String getAlgorithmName() - { - return cipher.getAlgorithmName() + "/CFB" + (blockSize * 8); - } - - /** - * return the block size we are operating at. - * - * @return the block size we are operating at (in bytes). - */ - public int getBlockSize() - { - return blockSize; - } - - /** - * Process one block of input from the array in and write it to - * the out array. - * - * @param in the array containing the input data. - * @param inOff offset into the in array the data starts at. - * @param out the array the output data will be copied into. - * @param outOff the offset into the out array the output will start at. - * @exception DataLengthException if there isn't enough data in in, or - * space in out. - * @exception IllegalStateException if the cipher isn't initialised. - * @return the number of bytes processed and produced. - */ - public int processBlock( - byte[] in, - int inOff, - byte[] out, - int outOff) - throws DataLengthException, IllegalStateException - { - return (encrypting) ? encryptBlock(in, inOff, out, outOff) : decryptBlock(in, inOff, out, outOff); - } - - /** - * Do the appropriate processing for CFB mode encryption. - * - * @param in the array containing the data to be encrypted. - * @param inOff offset into the in array the data starts at. - * @param out the array the encrypted data will be copied into. - * @param outOff the offset into the out array the output will start at. - * @exception DataLengthException if there isn't enough data in in, or - * space in out. - * @exception IllegalStateException if the cipher isn't initialised. - * @return the number of bytes processed and produced. - */ - public int encryptBlock( - byte[] in, - int inOff, - byte[] out, - int outOff) - throws DataLengthException, IllegalStateException - { - if ((inOff + blockSize) > in.length) - { - throw new DataLengthException("input buffer too short"); - } - - if ((outOff + blockSize) > out.length) - { - throw new DataLengthException("output buffer too short"); - } - - cipher.processBlock(cfbV, 0, cfbOutV, 0); - - // - // XOR the cfbV with the plaintext producing the cipher text - // - for (int i = 0; i < blockSize; i++) - { - out[outOff + i] = (byte)(cfbOutV[i] ^ in[inOff + i]); - } - - // - // change over the input block. - // - System.arraycopy(cfbV, blockSize, cfbV, 0, cfbV.length - blockSize); - System.arraycopy(out, outOff, cfbV, cfbV.length - blockSize, blockSize); - - return blockSize; - } - - /** - * Do the appropriate processing for CFB mode decryption. - * - * @param in the array containing the data to be decrypted. - * @param inOff offset into the in array the data starts at. - * @param out the array the encrypted data will be copied into. - * @param outOff the offset into the out array the output will start at. - * @exception DataLengthException if there isn't enough data in in, or - * space in out. - * @exception IllegalStateException if the cipher isn't initialised. - * @return the number of bytes processed and produced. - */ - public int decryptBlock( - byte[] in, - int inOff, - byte[] out, - int outOff) - throws DataLengthException, IllegalStateException - { - if ((inOff + blockSize) > in.length) - { - throw new DataLengthException("input buffer too short"); - } - - if ((outOff + blockSize) > out.length) - { - throw new DataLengthException("output buffer too short"); - } - - cipher.processBlock(cfbV, 0, cfbOutV, 0); - - // - // change over the input block. - // - System.arraycopy(cfbV, blockSize, cfbV, 0, cfbV.length - blockSize); - System.arraycopy(in, inOff, cfbV, cfbV.length - blockSize, blockSize); - - // - // XOR the cfbV with the plaintext producing the plain text - // - for (int i = 0; i < blockSize; i++) - { - out[outOff + i] = (byte)(cfbOutV[i] ^ in[inOff + i]); - } - - return blockSize; - } - - /** - * reset the chaining vector back to the IV and reset the underlying - * cipher. - */ - public void reset() - { - System.arraycopy(IV, 0, cfbV, 0, IV.length); - - cipher.reset(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/modes/CTSBlockCipher.java b/luni/src/main/java/org/bouncycastle/crypto/modes/CTSBlockCipher.java deleted file mode 100644 index b8e5b61..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/modes/CTSBlockCipher.java +++ /dev/null @@ -1,265 +0,0 @@ -package org.bouncycastle.crypto.modes; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.BufferedBlockCipher; -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.InvalidCipherTextException; - -/** - * A Cipher Text Stealing (CTS) mode cipher. CTS allows block ciphers to - * be used to produce cipher text which is the same length as the plain text. - */ -public class CTSBlockCipher - extends BufferedBlockCipher -{ - private int blockSize; - - /** - * Create a buffered block cipher that uses Cipher Text Stealing - * - * @param cipher the underlying block cipher this buffering object wraps. - */ - public CTSBlockCipher( - BlockCipher cipher) - { - if ((cipher instanceof OFBBlockCipher) || (cipher instanceof CFBBlockCipher)) - { - throw new IllegalArgumentException("CTSBlockCipher can only accept ECB, or CBC ciphers"); - } - - this.cipher = cipher; - - blockSize = cipher.getBlockSize(); - - buf = new byte[blockSize * 2]; - bufOff = 0; - } - - /** - * return the size of the output buffer required for an update - * an input of len bytes. - * - * @param len the length of the input. - * @return the space required to accommodate a call to update - * with len bytes of input. - */ - public int getUpdateOutputSize( - int len) - { - int total = len + bufOff; - int leftOver = total % buf.length; - - if (leftOver == 0) - { - return total - buf.length; - } - - return total - leftOver; - } - - /** - * return the size of the output buffer required for an update plus a - * doFinal with an input of len bytes. - * - * @param len the length of the input. - * @return the space required to accommodate a call to update and doFinal - * with len bytes of input. - */ - public int getOutputSize( - int len) - { - return len + bufOff; - } - - /** - * process a single byte, producing an output block if neccessary. - * - * @param in the input byte. - * @param out the space for any output that might be produced. - * @param outOff the offset from which the output will be copied. - * @return the number of output bytes copied to out. - * @exception DataLengthException if there isn't enough space in out. - * @exception IllegalStateException if the cipher isn't initialised. - */ - public int processByte( - byte in, - byte[] out, - int outOff) - throws DataLengthException, IllegalStateException - { - int resultLen = 0; - - if (bufOff == buf.length) - { - resultLen = cipher.processBlock(buf, 0, out, outOff); - System.arraycopy(buf, blockSize, buf, 0, blockSize); - - bufOff = blockSize; - } - - buf[bufOff++] = in; - - return resultLen; - } - - /** - * process an array of bytes, producing output if necessary. - * - * @param in the input byte array. - * @param inOff the offset at which the input data starts. - * @param len the number of bytes to be copied out of the input array. - * @param out the space for any output that might be produced. - * @param outOff the offset from which the output will be copied. - * @return the number of output bytes copied to out. - * @exception DataLengthException if there isn't enough space in out. - * @exception IllegalStateException if the cipher isn't initialised. - */ - public int processBytes( - byte[] in, - int inOff, - int len, - byte[] out, - int outOff) - throws DataLengthException, IllegalStateException - { - if (len < 0) - { - throw new IllegalArgumentException("Can't have a negative input length!"); - } - - int blockSize = getBlockSize(); - int length = getUpdateOutputSize(len); - - if (length > 0) - { - if ((outOff + length) > out.length) - { - throw new DataLengthException("output buffer too short"); - } - } - - int resultLen = 0; - int gapLen = buf.length - bufOff; - - if (len > gapLen) - { - System.arraycopy(in, inOff, buf, bufOff, gapLen); - - resultLen += cipher.processBlock(buf, 0, out, outOff); - System.arraycopy(buf, blockSize, buf, 0, blockSize); - - bufOff = blockSize; - - len -= gapLen; - inOff += gapLen; - - while (len > blockSize) - { - System.arraycopy(in, inOff, buf, bufOff, blockSize); - resultLen += cipher.processBlock(buf, 0, out, outOff + resultLen); - System.arraycopy(buf, blockSize, buf, 0, blockSize); - - len -= blockSize; - inOff += blockSize; - } - } - - System.arraycopy(in, inOff, buf, bufOff, len); - - bufOff += len; - - return resultLen; - } - - /** - * Process the last block in the buffer. - * - * @param out the array the block currently being held is copied into. - * @param outOff the offset at which the copying starts. - * @return the number of output bytes copied to out. - * @exception DataLengthException if there is insufficient space in out for - * the output. - * @exception IllegalStateException if the underlying cipher is not - * initialised. - * @exception InvalidCipherTextException if cipher text decrypts wrongly (in - * case the exception will never get thrown). - */ - public int doFinal( - byte[] out, - int outOff) - throws DataLengthException, IllegalStateException, InvalidCipherTextException - { - if (bufOff + outOff > out.length) - { - throw new DataLengthException("output buffer to small in doFinal"); - } - - int blockSize = cipher.getBlockSize(); - int len = bufOff - blockSize; - byte[] block = new byte[blockSize]; - - if (forEncryption) - { - cipher.processBlock(buf, 0, block, 0); - - if (bufOff < blockSize) - { - throw new DataLengthException("need at least one block of input for CTS"); - } - - for (int i = bufOff; i != buf.length; i++) - { - buf[i] = block[i - blockSize]; - } - - for (int i = blockSize; i != bufOff; i++) - { - buf[i] ^= block[i - blockSize]; - } - - if (cipher instanceof CBCBlockCipher) - { - BlockCipher c = ((CBCBlockCipher)cipher).getUnderlyingCipher(); - - c.processBlock(buf, blockSize, out, outOff); - } - else - { - cipher.processBlock(buf, blockSize, out, outOff); - } - - System.arraycopy(block, 0, out, outOff + blockSize, len); - } - else - { - byte[] lastBlock = new byte[blockSize]; - - if (cipher instanceof CBCBlockCipher) - { - BlockCipher c = ((CBCBlockCipher)cipher).getUnderlyingCipher(); - - c.processBlock(buf, 0, block, 0); - } - else - { - cipher.processBlock(buf, 0, block, 0); - } - - for (int i = blockSize; i != bufOff; i++) - { - lastBlock[i - blockSize] = (byte)(block[i - blockSize] ^ buf[i]); - } - - System.arraycopy(buf, blockSize, block, 0, len); - - cipher.processBlock(block, 0, out, outOff); - System.arraycopy(lastBlock, 0, out, outOff + blockSize, len); - } - - int offset = bufOff; - - reset(); - - return offset; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/modes/GOFBBlockCipher.java b/luni/src/main/java/org/bouncycastle/crypto/modes/GOFBBlockCipher.java deleted file mode 100644 index 007bffc..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/modes/GOFBBlockCipher.java +++ /dev/null @@ -1,226 +0,0 @@ -package org.bouncycastle.crypto.modes; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.params.ParametersWithIV; - -/** - * implements the GOST 28147 OFB counter mode (GCTR). - */ -public class GOFBBlockCipher - implements BlockCipher -{ - private byte[] IV; - private byte[] ofbV; - private byte[] ofbOutV; - - private final int blockSize; - private final BlockCipher cipher; - - boolean firstStep = true; - int N3; - int N4; - static final int C1 = 16843012; //00000001000000010000000100000100 - static final int C2 = 16843009; //00000001000000010000000100000001 - - - /** - * Basic constructor. - * - * @param cipher the block cipher to be used as the basis of the - * counter mode (must have a 64 bit block size). - */ - public GOFBBlockCipher( - BlockCipher cipher) - { - this.cipher = cipher; - this.blockSize = cipher.getBlockSize(); - - if (blockSize != 8) - { - throw new IllegalArgumentException("GTCR only for 64 bit block ciphers"); - } - - this.IV = new byte[cipher.getBlockSize()]; - this.ofbV = new byte[cipher.getBlockSize()]; - this.ofbOutV = new byte[cipher.getBlockSize()]; - } - - /** - * return the underlying block cipher that we are wrapping. - * - * @return the underlying block cipher that we are wrapping. - */ - public BlockCipher getUnderlyingCipher() - { - return cipher; - } - - /** - * Initialise the cipher and, possibly, the initialisation vector (IV). - * If an IV isn't passed as part of the parameter, the IV will be all zeros. - * An IV which is too short is handled in FIPS compliant fashion. - * - * @param encrypting if true the cipher is initialised for - * encryption, if false for decryption. - * @param params the key and other data required by the cipher. - * @exception IllegalArgumentException if the params argument is - * inappropriate. - */ - public void init( - boolean encrypting, //ignored by this CTR mode - CipherParameters params) - throws IllegalArgumentException - { - firstStep = true; - N3 = 0; - N4 = 0; - - if (params instanceof ParametersWithIV) - { - ParametersWithIV ivParam = (ParametersWithIV)params; - byte[] iv = ivParam.getIV(); - - if (iv.length < IV.length) - { - // prepend the supplied IV with zeros (per FIPS PUB 81) - System.arraycopy(iv, 0, IV, IV.length - iv.length, iv.length); - for (int i = 0; i < IV.length - iv.length; i++) - { - IV[i] = 0; - } - } - else - { - System.arraycopy(iv, 0, IV, 0, IV.length); - } - - reset(); - - cipher.init(true, ivParam.getParameters()); - } - else - { - reset(); - - cipher.init(true, params); - } - } - - /** - * return the algorithm name and mode. - * - * @return the name of the underlying algorithm followed by "/GCTR" - * and the block size in bits - */ - public String getAlgorithmName() - { - return cipher.getAlgorithmName() + "/GCTR"; - } - - - /** - * return the block size we are operating at (in bytes). - * - * @return the block size we are operating at (in bytes). - */ - public int getBlockSize() - { - return blockSize; - } - - /** - * Process one block of input from the array in and write it to - * the out array. - * - * @param in the array containing the input data. - * @param inOff offset into the in array the data starts at. - * @param out the array the output data will be copied into. - * @param outOff the offset into the out array the output will start at. - * @exception DataLengthException if there isn't enough data in in, or - * space in out. - * @exception IllegalStateException if the cipher isn't initialised. - * @return the number of bytes processed and produced. - */ - public int processBlock( - byte[] in, - int inOff, - byte[] out, - int outOff) - throws DataLengthException, IllegalStateException - { - if ((inOff + blockSize) > in.length) - { - throw new DataLengthException("input buffer too short"); - } - - if ((outOff + blockSize) > out.length) - { - throw new DataLengthException("output buffer too short"); - } - - if (firstStep) - { - firstStep = false; - cipher.processBlock(ofbV, 0, ofbOutV, 0); - N3 = bytesToint(ofbOutV, 0); - N4 = bytesToint(ofbOutV, 4); - } - N3 += C2; - N4 += C1; - intTobytes(N3, ofbV, 0); - intTobytes(N4, ofbV, 4); - - cipher.processBlock(ofbV, 0, ofbOutV, 0); - - // - // XOR the ofbV with the plaintext producing the cipher text (and - // the next input block). - // - for (int i = 0; i < blockSize; i++) - { - out[outOff + i] = (byte)(ofbOutV[i] ^ in[inOff + i]); - } - - // - // change over the input block. - // - System.arraycopy(ofbV, blockSize, ofbV, 0, ofbV.length - blockSize); - System.arraycopy(ofbOutV, 0, ofbV, ofbV.length - blockSize, blockSize); - - return blockSize; - } - - /** - * reset the feedback vector back to the IV and reset the underlying - * cipher. - */ - public void reset() - { - System.arraycopy(IV, 0, ofbV, 0, IV.length); - - cipher.reset(); - } - - //array of bytes to type int - private int bytesToint( - byte[] in, - int inOff) - { - return ((in[inOff + 3] << 24) & 0xff000000) + ((in[inOff + 2] << 16) & 0xff0000) + - ((in[inOff + 1] << 8) & 0xff00) + (in[inOff] & 0xff); - } - - //int to array of bytes - private void intTobytes( - int num, - byte[] out, - int outOff) - { - out[outOff + 3] = (byte)(num >>> 24); - out[outOff + 2] = (byte)(num >>> 16); - out[outOff + 1] = (byte)(num >>> 8); - out[outOff] = (byte)num; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/modes/OFBBlockCipher.java b/luni/src/main/java/org/bouncycastle/crypto/modes/OFBBlockCipher.java deleted file mode 100644 index f209b9f..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/modes/OFBBlockCipher.java +++ /dev/null @@ -1,179 +0,0 @@ -package org.bouncycastle.crypto.modes; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.params.ParametersWithIV; - -/** - * implements a Output-FeedBack (OFB) mode on top of a simple cipher. - */ -public class OFBBlockCipher - implements BlockCipher -{ - private byte[] IV; - private byte[] ofbV; - private byte[] ofbOutV; - - private final int blockSize; - private final BlockCipher cipher; - - /** - * Basic constructor. - * - * @param cipher the block cipher to be used as the basis of the - * feedback mode. - * @param blockSize the block size in bits (note: a multiple of 8) - */ - public OFBBlockCipher( - BlockCipher cipher, - int blockSize) - { - this.cipher = cipher; - this.blockSize = blockSize / 8; - - this.IV = new byte[cipher.getBlockSize()]; - this.ofbV = new byte[cipher.getBlockSize()]; - this.ofbOutV = new byte[cipher.getBlockSize()]; - } - - /** - * return the underlying block cipher that we are wrapping. - * - * @return the underlying block cipher that we are wrapping. - */ - public BlockCipher getUnderlyingCipher() - { - return cipher; - } - - /** - * Initialise the cipher and, possibly, the initialisation vector (IV). - * If an IV isn't passed as part of the parameter, the IV will be all zeros. - * An IV which is too short is handled in FIPS compliant fashion. - * - * @param encrypting if true the cipher is initialised for - * encryption, if false for decryption. - * @param params the key and other data required by the cipher. - * @exception IllegalArgumentException if the params argument is - * inappropriate. - */ - public void init( - boolean encrypting, //ignored by this OFB mode - CipherParameters params) - throws IllegalArgumentException - { - if (params instanceof ParametersWithIV) - { - ParametersWithIV ivParam = (ParametersWithIV)params; - byte[] iv = ivParam.getIV(); - - if (iv.length < IV.length) - { - // prepend the supplied IV with zeros (per FIPS PUB 81) - System.arraycopy(iv, 0, IV, IV.length - iv.length, iv.length); - for (int i = 0; i < IV.length - iv.length; i++) - { - IV[i] = 0; - } - } - else - { - System.arraycopy(iv, 0, IV, 0, IV.length); - } - - reset(); - - cipher.init(true, ivParam.getParameters()); - } - else - { - reset(); - - cipher.init(true, params); - } - } - - /** - * return the algorithm name and mode. - * - * @return the name of the underlying algorithm followed by "/OFB" - * and the block size in bits - */ - public String getAlgorithmName() - { - return cipher.getAlgorithmName() + "/OFB" + (blockSize * 8); - } - - - /** - * return the block size we are operating at (in bytes). - * - * @return the block size we are operating at (in bytes). - */ - public int getBlockSize() - { - return blockSize; - } - - /** - * Process one block of input from the array in and write it to - * the out array. - * - * @param in the array containing the input data. - * @param inOff offset into the in array the data starts at. - * @param out the array the output data will be copied into. - * @param outOff the offset into the out array the output will start at. - * @exception DataLengthException if there isn't enough data in in, or - * space in out. - * @exception IllegalStateException if the cipher isn't initialised. - * @return the number of bytes processed and produced. - */ - public int processBlock( - byte[] in, - int inOff, - byte[] out, - int outOff) - throws DataLengthException, IllegalStateException - { - if ((inOff + blockSize) > in.length) - { - throw new DataLengthException("input buffer too short"); - } - - if ((outOff + blockSize) > out.length) - { - throw new DataLengthException("output buffer too short"); - } - - cipher.processBlock(ofbV, 0, ofbOutV, 0); - - // - // XOR the ofbV with the plaintext producing the cipher text (and - // the next input block). - // - for (int i = 0; i < blockSize; i++) - { - out[outOff + i] = (byte)(ofbOutV[i] ^ in[inOff + i]); - } - - // - // change over the input block. - // - System.arraycopy(ofbV, blockSize, ofbV, 0, ofbV.length - blockSize); - System.arraycopy(ofbOutV, 0, ofbV, ofbV.length - blockSize, blockSize); - - return blockSize; - } - - /** - * reset the feedback vector back to the IV and reset the underlying - * cipher. - */ - public void reset() - { - System.arraycopy(IV, 0, ofbV, 0, IV.length); - - cipher.reset(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/modes/PaddedBlockCipher.java b/luni/src/main/java/org/bouncycastle/crypto/modes/PaddedBlockCipher.java deleted file mode 100644 index f15ed67..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/modes/PaddedBlockCipher.java +++ /dev/null @@ -1,253 +0,0 @@ -package org.bouncycastle.crypto.modes; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.BufferedBlockCipher; -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.InvalidCipherTextException; - -/** - * A wrapper class that allows block ciphers to be used to process data in - * a piecemeal fashion with PKCS5/PKCS7 padding. The PaddedBlockCipher - * outputs a block only when the buffer is full and more data is being added, - * or on a doFinal (unless the current block in the buffer is a pad block). - * The padding mechanism used is the one outlined in PKCS5/PKCS7. - * - * @deprecated use org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher instead. - */ -public class PaddedBlockCipher - extends BufferedBlockCipher -{ - /** - * Create a buffered block cipher with, or without, padding. - * - * @param cipher the underlying block cipher this buffering object wraps. - */ - public PaddedBlockCipher( - BlockCipher cipher) - { - this.cipher = cipher; - - buf = new byte[cipher.getBlockSize()]; - bufOff = 0; - } - - /** - * return the size of the output buffer required for an update plus a - * doFinal with an input of len bytes. - * - * @param len the length of the input. - * @return the space required to accommodate a call to update and doFinal - * with len bytes of input. - */ - public int getOutputSize( - int len) - { - int total = len + bufOff; - int leftOver = total % buf.length; - - if (leftOver == 0) - { - if (forEncryption) - { - return total + buf.length; - } - - return total; - } - - return total - leftOver + buf.length; - } - - /** - * return the size of the output buffer required for an update - * an input of len bytes. - * - * @param len the length of the input. - * @return the space required to accommodate a call to update - * with len bytes of input. - */ - public int getUpdateOutputSize( - int len) - { - int total = len + bufOff; - int leftOver = total % buf.length; - - if (leftOver == 0) - { - return total - buf.length; - } - - return total - leftOver; - } - - /** - * process a single byte, producing an output block if neccessary. - * - * @param in the input byte. - * @param out the space for any output that might be produced. - * @param outOff the offset from which the output will be copied. - * @exception DataLengthException if there isn't enough space in out. - * @exception IllegalStateException if the cipher isn't initialised. - */ - public int processByte( - byte in, - byte[] out, - int outOff) - throws DataLengthException, IllegalStateException - { - int resultLen = 0; - - if (bufOff == buf.length) - { - resultLen = cipher.processBlock(buf, 0, out, outOff); - bufOff = 0; - } - - buf[bufOff++] = in; - - return resultLen; - } - - /** - * process an array of bytes, producing output if necessary. - * - * @param in the input byte array. - * @param inOff the offset at which the input data starts. - * @param len the number of bytes to be copied out of the input array. - * @param out the space for any output that might be produced. - * @param outOff the offset from which the output will be copied. - * @exception DataLengthException if there isn't enough space in out. - * @exception IllegalStateException if the cipher isn't initialised. - */ - public int processBytes( - byte[] in, - int inOff, - int len, - byte[] out, - int outOff) - throws DataLengthException, IllegalStateException - { - if (len < 0) - { - throw new IllegalArgumentException("Can't have a negative input length!"); - } - - int blockSize = getBlockSize(); - int length = getUpdateOutputSize(len); - - if (length > 0) - { - if ((outOff + length) > out.length) - { - throw new DataLengthException("output buffer too short"); - } - } - - int resultLen = 0; - int gapLen = buf.length - bufOff; - - if (len > gapLen) - { - System.arraycopy(in, inOff, buf, bufOff, gapLen); - - resultLen += cipher.processBlock(buf, 0, out, outOff); - - bufOff = 0; - len -= gapLen; - inOff += gapLen; - - while (len > buf.length) - { - resultLen += cipher.processBlock(in, inOff, out, outOff + resultLen); - - len -= blockSize; - inOff += blockSize; - } - } - - System.arraycopy(in, inOff, buf, bufOff, len); - - bufOff += len; - - return resultLen; - } - - /** - * Process the last block in the buffer. If the buffer is currently - * full and padding needs to be added a call to doFinal will produce - * 2 * getBlockSize() bytes. - * - * @param out the array the block currently being held is copied into. - * @param outOff the offset at which the copying starts. - * @exception DataLengthException if there is insufficient space in out for - * the output or we are decrypting and the input is not block size aligned. - * @exception IllegalStateException if the underlying cipher is not - * initialised. - * @exception InvalidCipherTextException if padding is expected and not found. - */ - public int doFinal( - byte[] out, - int outOff) - throws DataLengthException, IllegalStateException, InvalidCipherTextException - { - int blockSize = cipher.getBlockSize(); - int resultLen = 0; - - if (forEncryption) - { - if (bufOff == blockSize) - { - if ((outOff + 2 * blockSize) > out.length) - { - throw new DataLengthException("output buffer too short"); - } - - resultLen = cipher.processBlock(buf, 0, out, outOff); - bufOff = 0; - } - - // - // add PKCS7 padding - // - byte code = (byte)(blockSize - bufOff); - - while (bufOff < blockSize) - { - buf[bufOff] = code; - bufOff++; - } - - resultLen += cipher.processBlock(buf, 0, out, outOff + resultLen); - } - else - { - if (bufOff == blockSize) - { - resultLen = cipher.processBlock(buf, 0, buf, 0); - bufOff = 0; - } - else - { - throw new DataLengthException("last block incomplete in decryption"); - } - - // - // remove PKCS7 padding - // - int count = buf[blockSize - 1] & 0xff; - - if ((count < 0) || (count > blockSize)) - { - throw new InvalidCipherTextException("pad block corrupted"); - } - - resultLen -= count; - - System.arraycopy(buf, 0, out, outOff, resultLen); - } - - reset(); - - return resultLen; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/modes/SICBlockCipher.java b/luni/src/main/java/org/bouncycastle/crypto/modes/SICBlockCipher.java deleted file mode 100644 index ce0b865..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/modes/SICBlockCipher.java +++ /dev/null @@ -1,115 +0,0 @@ -package org.bouncycastle.crypto.modes; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.params.ParametersWithIV; - -/** - * Implements the Segmented Integer Counter (SIC) mode on top of a simple - * block cipher. This mode is also known as CTR mode. - */ -public class SICBlockCipher implements BlockCipher -{ - private final BlockCipher cipher; - private final int blockSize; - - private byte[] IV; - private byte[] counter; - private byte[] counterOut; - - - /** - * Basic constructor. - * - * @param c the block cipher to be used. - */ - public SICBlockCipher(BlockCipher c) - { - this.cipher = c; - this.blockSize = cipher.getBlockSize(); - this.IV = new byte[blockSize]; - this.counter = new byte[blockSize]; - this.counterOut = new byte[blockSize]; - } - - - /** - * return the underlying block cipher that we are wrapping. - * - * @return the underlying block cipher that we are wrapping. - */ - public BlockCipher getUnderlyingCipher() - { - return cipher; - } - - - public void init( - boolean forEncryption, //ignored by this CTR mode - CipherParameters params) - throws IllegalArgumentException - { - if (params instanceof ParametersWithIV) - { - ParametersWithIV ivParam = (ParametersWithIV)params; - byte[] iv = ivParam.getIV(); - System.arraycopy(iv, 0, IV, 0, IV.length); - - reset(); - cipher.init(true, ivParam.getParameters()); - } - } - - public String getAlgorithmName() - { - return cipher.getAlgorithmName() + "/SIC"; - } - - public int getBlockSize() - { - return cipher.getBlockSize(); - } - - - public int processBlock(byte[] in, int inOff, byte[] out, int outOff) - throws DataLengthException, IllegalStateException - { - cipher.processBlock(counter, 0, counterOut, 0); - - // - // XOR the counterOut with the plaintext producing the cipher text - // - for (int i = 0; i < counterOut.length; i++) - { - out[outOff + i] = (byte)(counterOut[i] ^ in[inOff + i]); - } - - int carry = 1; - - for (int i = counter.length - 1; i >= 0; i--) - { - int x = (counter[i] & 0xff) + carry; - - if (x > 0xff) - { - carry = 1; - } - else - { - carry = 0; - } - - counter[i] = (byte)x; - } - - return counter.length; - } - - - public void reset() - { - System.arraycopy(IV, 0, counter, 0, counter.length); - cipher.reset(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/paddings/BlockCipherPadding.java b/luni/src/main/java/org/bouncycastle/crypto/paddings/BlockCipherPadding.java deleted file mode 100644 index 7c4f0ae..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/paddings/BlockCipherPadding.java +++ /dev/null @@ -1,48 +0,0 @@ -package org.bouncycastle.crypto.paddings; - -import java.security.SecureRandom; - -import org.bouncycastle.crypto.InvalidCipherTextException; - -/** - * Block cipher padders are expected to conform to this interface - */ -public interface BlockCipherPadding -{ - /** - * Initialise the padder. - * - * @param random the source of randomness for the padding, if required. - */ - public void init(SecureRandom random) - throws IllegalArgumentException; - - /** - * Return the name of the algorithm the cipher implements. - * - * @return the name of the algorithm the cipher implements. - */ - public String getPaddingName(); - - /** - * add the pad bytes to the passed in block, returning the - * number of bytes added. - * <p> - * Note: this assumes that the last block of plain text is always - * passed to it inside in. i.e. if inOff is zero, indicating the - * entire block is to be overwritten with padding the value of in - * should be the same as the last block of plain text. The reason - * for this is that some modes such as "trailing bit compliment" - * base the padding on the last byte of plain text. - * </p> - */ - public int addPadding(byte[] in, int inOff); - - /** - * return the number of pad bytes present in the block. - * @exception InvalidCipherTextException if the padding is badly formed - * or invalid. - */ - public int padCount(byte[] in) - throws InvalidCipherTextException; -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/paddings/ISO10126d2Padding.java b/luni/src/main/java/org/bouncycastle/crypto/paddings/ISO10126d2Padding.java deleted file mode 100644 index 63e29d8..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/paddings/ISO10126d2Padding.java +++ /dev/null @@ -1,79 +0,0 @@ -package org.bouncycastle.crypto.paddings; - -import java.security.SecureRandom; - -import org.bouncycastle.crypto.InvalidCipherTextException; - -/** - * A padder that adds ISO10126-2 padding to a block. - */ -public class ISO10126d2Padding - implements BlockCipherPadding -{ - SecureRandom random; - - /** - * Initialise the padder. - * - * @param random a SecureRandom if available. - */ - public void init(SecureRandom random) - throws IllegalArgumentException - { - if (random != null) - { - this.random = random; - } - else - { - this.random = new SecureRandom(); - } - } - - /** - * Return the name of the algorithm the padder implements. - * - * @return the name of the algorithm the padder implements. - */ - public String getPaddingName() - { - return "ISO10126-2"; - } - - /** - * add the pad bytes to the passed in block, returning the - * number of bytes added. - */ - public int addPadding( - byte[] in, - int inOff) - { - byte code = (byte)(in.length - inOff); - - while (inOff < (in.length - 1)) - { - in[inOff] = (byte)random.nextInt(); - inOff++; - } - - in[inOff] = code; - - return code; - } - - /** - * return the number of pad bytes present in the block. - */ - public int padCount(byte[] in) - throws InvalidCipherTextException - { - int count = in[in.length - 1] & 0xff; - - if (count > in.length) - { - throw new InvalidCipherTextException("pad block corrupted"); - } - - return count; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/paddings/ISO7816d4Padding.java b/luni/src/main/java/org/bouncycastle/crypto/paddings/ISO7816d4Padding.java deleted file mode 100644 index 54c31a9..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/paddings/ISO7816d4Padding.java +++ /dev/null @@ -1,77 +0,0 @@ -package org.bouncycastle.crypto.paddings; - -import java.security.SecureRandom; - -import org.bouncycastle.crypto.InvalidCipherTextException; - -/** - * A padder that adds the padding according to the scheme referenced in - * ISO 7814-4 - scheme 2 from ISO 9797-1. The first byte is 0x80, rest is 0x00 - */ -public class ISO7816d4Padding - implements BlockCipherPadding -{ - /** - * Initialise the padder. - * - * @param random - a SecureRandom if available. - */ - public void init(SecureRandom random) - throws IllegalArgumentException - { - // nothing to do. - } - - /** - * Return the name of the algorithm the padder implements. - * - * @return the name of the algorithm the padder implements. - */ - public String getPaddingName() - { - return "ISO7816-4"; - } - - /** - * add the pad bytes to the passed in block, returning the - * number of bytes added. - */ - public int addPadding( - byte[] in, - int inOff) - { - int added = (in.length - inOff); - - in [inOff]= (byte) 0x80; - inOff ++; - - while (inOff < in.length) - { - in[inOff] = (byte) 0; - inOff++; - } - - return added; - } - - /** - * return the number of pad bytes present in the block. - */ - public int padCount(byte[] in) - throws InvalidCipherTextException - { - int count = in.length - 1; - - while (count > 0 && in[count] == 0) - { - count--; - } - - if (in[count] != (byte)0x80) - { - throw new InvalidCipherTextException("pad block corrupted"); - } - - return in.length - count; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/paddings/PKCS7Padding.java b/luni/src/main/java/org/bouncycastle/crypto/paddings/PKCS7Padding.java deleted file mode 100644 index c005ff8..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/paddings/PKCS7Padding.java +++ /dev/null @@ -1,76 +0,0 @@ -package org.bouncycastle.crypto.paddings; - -import java.security.SecureRandom; - -import org.bouncycastle.crypto.InvalidCipherTextException; - -/** - * A padder that adds PKCS7/PKCS5 padding to a block. - */ -public class PKCS7Padding - implements BlockCipherPadding -{ - /** - * Initialise the padder. - * - * @param random - a SecureRandom if available. - */ - public void init(SecureRandom random) - throws IllegalArgumentException - { - // nothing to do. - } - - /** - * Return the name of the algorithm the padder implements. - * - * @return the name of the algorithm the padder implements. - */ - public String getPaddingName() - { - return "PKCS7"; - } - - /** - * add the pad bytes to the passed in block, returning the - * number of bytes added. - */ - public int addPadding( - byte[] in, - int inOff) - { - byte code = (byte)(in.length - inOff); - - while (inOff < in.length) - { - in[inOff] = code; - inOff++; - } - - return code; - } - - /** - * return the number of pad bytes present in the block. - */ - public int padCount(byte[] in) - throws InvalidCipherTextException - { - int count = in[in.length - 1] & 0xff; - - if (count > in.length) - { - throw new InvalidCipherTextException("pad block corrupted"); - } - - for (int i = 1; i <= count; i++) - { - if (in[in.length - i] != count) - { - throw new InvalidCipherTextException("pad block corrupted"); - } - } - - return count; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/paddings/PaddedBufferedBlockCipher.java b/luni/src/main/java/org/bouncycastle/crypto/paddings/PaddedBufferedBlockCipher.java deleted file mode 100644 index ec412b9..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/paddings/PaddedBufferedBlockCipher.java +++ /dev/null @@ -1,298 +0,0 @@ -package org.bouncycastle.crypto.paddings; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.BufferedBlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.InvalidCipherTextException; -import org.bouncycastle.crypto.params.ParametersWithRandom; - -/** - * A wrapper class that allows block ciphers to be used to process data in - * a piecemeal fashion with padding. The PaddedBufferedBlockCipher - * outputs a block only when the buffer is full and more data is being added, - * or on a doFinal (unless the current block in the buffer is a pad block). - * The default padding mechanism used is the one outlined in PKCS5/PKCS7. - */ -public class PaddedBufferedBlockCipher - extends BufferedBlockCipher -{ - BlockCipherPadding padding; - - /** - * Create a buffered block cipher with the desired padding. - * - * @param cipher the underlying block cipher this buffering object wraps. - * @param padding the padding type. - */ - public PaddedBufferedBlockCipher( - BlockCipher cipher, - BlockCipherPadding padding) - { - this.cipher = cipher; - this.padding = padding; - - buf = new byte[cipher.getBlockSize()]; - bufOff = 0; - } - - /** - * Create a buffered block cipher PKCS7 padding - * - * @param cipher the underlying block cipher this buffering object wraps. - */ - public PaddedBufferedBlockCipher( - BlockCipher cipher) - { - this(cipher, new PKCS7Padding()); - } - - /** - * initialise the cipher. - * - * @param forEncryption if true the cipher is initialised for - * encryption, if false for decryption. - * @param params the key and other data required by the cipher. - * @exception IllegalArgumentException if the params argument is - * inappropriate. - */ - public void init( - boolean forEncryption, - CipherParameters params) - throws IllegalArgumentException - { - this.forEncryption = forEncryption; - - reset(); - - if (params instanceof ParametersWithRandom) - { - ParametersWithRandom p = (ParametersWithRandom)params; - - padding.init(p.getRandom()); - - cipher.init(forEncryption, p.getParameters()); - } - else - { - padding.init(null); - - cipher.init(forEncryption, params); - } - } - - /** - * return the minimum size of the output buffer required for an update - * plus a doFinal with an input of len bytes. - * - * @param len the length of the input. - * @return the space required to accommodate a call to update and doFinal - * with len bytes of input. - */ - public int getOutputSize( - int len) - { - int total = len + bufOff; - int leftOver = total % buf.length; - - if (leftOver == 0) - { - if (forEncryption) - { - return total + buf.length; - } - - return total; - } - - return total - leftOver + buf.length; - } - - /** - * return the size of the output buffer required for an update - * an input of len bytes. - * - * @param len the length of the input. - * @return the space required to accommodate a call to update - * with len bytes of input. - */ - public int getUpdateOutputSize( - int len) - { - int total = len + bufOff; - int leftOver = total % buf.length; - - if (leftOver == 0) - { - return total - buf.length; - } - - return total - leftOver; - } - - /** - * process a single byte, producing an output block if neccessary. - * - * @param in the input byte. - * @param out the space for any output that might be produced. - * @param outOff the offset from which the output will be copied. - * @return the number of output bytes copied to out. - * @exception DataLengthException if there isn't enough space in out. - * @exception IllegalStateException if the cipher isn't initialised. - */ - public int processByte( - byte in, - byte[] out, - int outOff) - throws DataLengthException, IllegalStateException - { - int resultLen = 0; - - if (bufOff == buf.length) - { - resultLen = cipher.processBlock(buf, 0, out, outOff); - bufOff = 0; - } - - buf[bufOff++] = in; - - return resultLen; - } - - /** - * process an array of bytes, producing output if necessary. - * - * @param in the input byte array. - * @param inOff the offset at which the input data starts. - * @param len the number of bytes to be copied out of the input array. - * @param out the space for any output that might be produced. - * @param outOff the offset from which the output will be copied. - * @return the number of output bytes copied to out. - * @exception DataLengthException if there isn't enough space in out. - * @exception IllegalStateException if the cipher isn't initialised. - */ - public int processBytes( - byte[] in, - int inOff, - int len, - byte[] out, - int outOff) - throws DataLengthException, IllegalStateException - { - if (len < 0) - { - throw new IllegalArgumentException("Can't have a negative input length!"); - } - - int blockSize = getBlockSize(); - int length = getUpdateOutputSize(len); - - if (length > 0) - { - if ((outOff + length) > out.length) - { - throw new DataLengthException("output buffer too short"); - } - } - - int resultLen = 0; - int gapLen = buf.length - bufOff; - - if (len > gapLen) - { - System.arraycopy(in, inOff, buf, bufOff, gapLen); - - resultLen += cipher.processBlock(buf, 0, out, outOff); - - bufOff = 0; - len -= gapLen; - inOff += gapLen; - - while (len > buf.length) - { - resultLen += cipher.processBlock(in, inOff, out, outOff + resultLen); - - len -= blockSize; - inOff += blockSize; - } - } - - System.arraycopy(in, inOff, buf, bufOff, len); - - bufOff += len; - - return resultLen; - } - - /** - * Process the last block in the buffer. If the buffer is currently - * full and padding needs to be added a call to doFinal will produce - * 2 * getBlockSize() bytes. - * - * @param out the array the block currently being held is copied into. - * @param outOff the offset at which the copying starts. - * @return the number of output bytes copied to out. - * @exception DataLengthException if there is insufficient space in out for - * the output or we are decrypting and the input is not block size aligned. - * @exception IllegalStateException if the underlying cipher is not - * initialised. - * @exception InvalidCipherTextException if padding is expected and not found. - */ - public int doFinal( - byte[] out, - int outOff) - throws DataLengthException, IllegalStateException, InvalidCipherTextException - { - int blockSize = cipher.getBlockSize(); - int resultLen = 0; - - if (forEncryption) - { - if (bufOff == blockSize) - { - if ((outOff + 2 * blockSize) > out.length) - { - reset(); - - throw new DataLengthException("output buffer too short"); - } - - resultLen = cipher.processBlock(buf, 0, out, outOff); - bufOff = 0; - } - - padding.addPadding(buf, bufOff); - - resultLen += cipher.processBlock(buf, 0, out, outOff + resultLen); - - reset(); - } - else - { - if (bufOff == blockSize) - { - resultLen = cipher.processBlock(buf, 0, buf, 0); - bufOff = 0; - } - else - { - reset(); - - throw new DataLengthException("last block incomplete in decryption"); - } - - try - { - resultLen -= padding.padCount(buf); - - System.arraycopy(buf, 0, out, outOff, resultLen); - } - finally - { - reset(); - } - } - - return resultLen; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/paddings/TBCPadding.java b/luni/src/main/java/org/bouncycastle/crypto/paddings/TBCPadding.java deleted file mode 100644 index 219912f..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/paddings/TBCPadding.java +++ /dev/null @@ -1,89 +0,0 @@ -package org.bouncycastle.crypto.paddings; - -import java.security.SecureRandom; - -import org.bouncycastle.crypto.InvalidCipherTextException; - -/** - * A padder that adds Trailing-Bit-Compliment padding to a block. - * <p> - * This padding pads the block out with the compliment of the last bit - * of the plain text. - * </p> - */ -public class TBCPadding - implements BlockCipherPadding -{ - /** - * Initialise the padder. - * - * @param random - a SecureRandom if available. - */ - public void init(SecureRandom random) - throws IllegalArgumentException - { - // nothing to do. - } - - /** - * Return the name of the algorithm the padder implements. - * - * @return the name of the algorithm the padder implements. - */ - public String getPaddingName() - { - return "TBC"; - } - - /** - * add the pad bytes to the passed in block, returning the - * number of bytes added. - * <p> - * Note: this assumes that the last block of plain text is always - * passed to it inside in. i.e. if inOff is zero, indicating the - * entire block is to be overwritten with padding the value of in - * should be the same as the last block of plain text. - * </p> - */ - public int addPadding( - byte[] in, - int inOff) - { - int count = in.length - inOff; - byte code; - - if (inOff > 0) - { - code = (byte)((in[inOff - 1] & 0x01) == 0 ? 0xff : 0x00); - } - else - { - code = (byte)((in[in.length - 1] & 0x01) == 0 ? 0xff : 0x00); - } - - while (inOff < in.length) - { - in[inOff] = code; - inOff++; - } - - return count; - } - - /** - * return the number of pad bytes present in the block. - */ - public int padCount(byte[] in) - throws InvalidCipherTextException - { - byte code = in[in.length - 1]; - - int index = in.length - 1; - while (index > 0 && in[index - 1] == code) - { - index--; - } - - return in.length - index; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/paddings/X923Padding.java b/luni/src/main/java/org/bouncycastle/crypto/paddings/X923Padding.java deleted file mode 100644 index d4d34aa..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/paddings/X923Padding.java +++ /dev/null @@ -1,80 +0,0 @@ -package org.bouncycastle.crypto.paddings; - -import java.security.SecureRandom; - -import org.bouncycastle.crypto.InvalidCipherTextException; - -/** - * A padder that adds X9.23 padding to a block - if a SecureRandom is - * passed in random padding is assumed, otherwise padding with zeros is used. - */ -public class X923Padding - implements BlockCipherPadding -{ - SecureRandom random = null; - - /** - * Initialise the padder. - * - * @param random a SecureRandom if one is available. - */ - public void init(SecureRandom random) - throws IllegalArgumentException - { - this.random = random; - } - - /** - * Return the name of the algorithm the padder implements. - * - * @return the name of the algorithm the padder implements. - */ - public String getPaddingName() - { - return "X9.23"; - } - - /** - * add the pad bytes to the passed in block, returning the - * number of bytes added. - */ - public int addPadding( - byte[] in, - int inOff) - { - byte code = (byte)(in.length - inOff); - - while (inOff < in.length - 1) - { - if (random == null) - { - in[inOff] = 0; - } - else - { - in[inOff] = (byte)random.nextInt(); - } - inOff++; - } - - in[inOff] = code; - - return code; - } - - /** - * return the number of pad bytes present in the block. - */ - public int padCount(byte[] in) - throws InvalidCipherTextException - { - int count = in[in.length - 1] & 0xff; - - if (count > in.length) - { - throw new InvalidCipherTextException("pad block corrupted"); - } - - return count; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/paddings/ZeroBytePadding.java b/luni/src/main/java/org/bouncycastle/crypto/paddings/ZeroBytePadding.java deleted file mode 100644 index c756028..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/paddings/ZeroBytePadding.java +++ /dev/null @@ -1,73 +0,0 @@ -package org.bouncycastle.crypto.paddings; - -import java.security.SecureRandom; - -import org.bouncycastle.crypto.InvalidCipherTextException; - -/** - * A padder that adds NULL byte padding to a block. - */ -public class ZeroBytePadding - implements BlockCipherPadding -{ - /** - * Initialise the padder. - * - * @param random - a SecureRandom if available. - */ - public void init(SecureRandom random) - throws IllegalArgumentException - { - // nothing to do. - } - - /** - * Return the name of the algorithm the padder implements. - * - * @return the name of the algorithm the padder implements. - */ - public String getPaddingName() - { - return "ZeroByte"; - } - - /** - * add the pad bytes to the passed in block, returning the - * number of bytes added. - */ - public int addPadding( - byte[] in, - int inOff) - { - int added = (in.length - inOff); - - while (inOff < in.length) - { - in[inOff] = (byte) 0; - inOff++; - } - - return added; - } - - /** - * return the number of pad bytes present in the block. - */ - public int padCount(byte[] in) - throws InvalidCipherTextException - { - int count = in.length; - - while (count > 0) - { - if (in[count - 1] != 0) - { - break; - } - - count--; - } - - return in.length - count; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/params/AsymmetricKeyParameter.java b/luni/src/main/java/org/bouncycastle/crypto/params/AsymmetricKeyParameter.java deleted file mode 100644 index 03ba725..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/params/AsymmetricKeyParameter.java +++ /dev/null @@ -1,20 +0,0 @@ -package org.bouncycastle.crypto.params; - -import org.bouncycastle.crypto.CipherParameters; - -public class AsymmetricKeyParameter - implements CipherParameters -{ - boolean privateKey; - - public AsymmetricKeyParameter( - boolean privateKey) - { - this.privateKey = privateKey; - } - - public boolean isPrivate() - { - return privateKey; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/params/CCMParameters.java b/luni/src/main/java/org/bouncycastle/crypto/params/CCMParameters.java deleted file mode 100644 index 17f7344..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/params/CCMParameters.java +++ /dev/null @@ -1,48 +0,0 @@ -package org.bouncycastle.crypto.params; - -import org.bouncycastle.crypto.CipherParameters; - -public class CCMParameters - implements CipherParameters -{ - private byte[] associatedText; - private byte[] nonce; - private KeyParameter key; - private int macSize; - - /** - * Base constructor. - * - * @param key key to be used by underlying cipher - * @param macSize macSize in bits - * @param nonce nonce to be used - * @param associatedText associated text, if any - */ - public CCMParameters(KeyParameter key, int macSize, byte[] nonce, byte[] associatedText) - { - this.key = key; - this.nonce = nonce; - this.macSize = macSize; - this.associatedText = associatedText; - } - - public KeyParameter getKey() - { - return key; - } - - public int getMacSize() - { - return macSize; - } - - public byte[] getAssociatedText() - { - return associatedText; - } - - public byte[] getNonce() - { - return nonce; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/params/DESParameters.java b/luni/src/main/java/org/bouncycastle/crypto/params/DESParameters.java deleted file mode 100644 index 5bee360..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/params/DESParameters.java +++ /dev/null @@ -1,107 +0,0 @@ -package org.bouncycastle.crypto.params; - -public class DESParameters - extends KeyParameter -{ - public DESParameters( - byte[] key) - { - super(key); - - if (isWeakKey(key, 0)) - { - throw new IllegalArgumentException("attempt to create weak DES key"); - } - } - - /* - * DES Key length in bytes. - */ - static public final int DES_KEY_LENGTH = 8; - - /* - * Table of weak and semi-weak keys taken from Schneier pp281 - */ - static private final int N_DES_WEAK_KEYS = 16; - - static private byte[] DES_weak_keys = - { - /* weak keys */ - (byte)0x01,(byte)0x01,(byte)0x01,(byte)0x01, (byte)0x01,(byte)0x01,(byte)0x01,(byte)0x01, - (byte)0x1f,(byte)0x1f,(byte)0x1f,(byte)0x1f, (byte)0x0e,(byte)0x0e,(byte)0x0e,(byte)0x0e, - (byte)0xe0,(byte)0xe0,(byte)0xe0,(byte)0xe0, (byte)0xf1,(byte)0xf1,(byte)0xf1,(byte)0xf1, - (byte)0xfe,(byte)0xfe,(byte)0xfe,(byte)0xfe, (byte)0xfe,(byte)0xfe,(byte)0xfe,(byte)0xfe, - - /* semi-weak keys */ - (byte)0x01,(byte)0xfe,(byte)0x01,(byte)0xfe, (byte)0x01,(byte)0xfe,(byte)0x01,(byte)0xfe, - (byte)0x1f,(byte)0xe0,(byte)0x1f,(byte)0xe0, (byte)0x0e,(byte)0xf1,(byte)0x0e,(byte)0xf1, - (byte)0x01,(byte)0xe0,(byte)0x01,(byte)0xe0, (byte)0x01,(byte)0xf1,(byte)0x01,(byte)0xf1, - (byte)0x1f,(byte)0xfe,(byte)0x1f,(byte)0xfe, (byte)0x0e,(byte)0xfe,(byte)0x0e,(byte)0xfe, - (byte)0x01,(byte)0x1f,(byte)0x01,(byte)0x1f, (byte)0x01,(byte)0x0e,(byte)0x01,(byte)0x0e, - (byte)0xe0,(byte)0xfe,(byte)0xe0,(byte)0xfe, (byte)0xf1,(byte)0xfe,(byte)0xf1,(byte)0xfe, - (byte)0xfe,(byte)0x01,(byte)0xfe,(byte)0x01, (byte)0xfe,(byte)0x01,(byte)0xfe,(byte)0x01, - (byte)0xe0,(byte)0x1f,(byte)0xe0,(byte)0x1f, (byte)0xf1,(byte)0x0e,(byte)0xf1,(byte)0x0e, - (byte)0xe0,(byte)0x01,(byte)0xe0,(byte)0x01, (byte)0xf1,(byte)0x01,(byte)0xf1,(byte)0x01, - (byte)0xfe,(byte)0x1f,(byte)0xfe,(byte)0x1f, (byte)0xfe,(byte)0x0e,(byte)0xfe,(byte)0x0e, - (byte)0x1f,(byte)0x01,(byte)0x1f,(byte)0x01, (byte)0x0e,(byte)0x01,(byte)0x0e,(byte)0x01, - (byte)0xfe,(byte)0xe0,(byte)0xfe,(byte)0xe0, (byte)0xfe,(byte)0xf1,(byte)0xfe,(byte)0xf1 - }; - - /** - * DES has 16 weak keys. This method will check - * if the given DES key material is weak or semi-weak. - * Key material that is too short is regarded as weak. - * <p> - * See <a href="http://www.counterpane.com/applied.html">"Applied - * Cryptography"</a> by Bruce Schneier for more information. - * - * @return true if the given DES key material is weak or semi-weak, - * false otherwise. - */ - public static boolean isWeakKey( - byte[] key, - int offset) - { - if (key.length - offset < DES_KEY_LENGTH) - { - throw new IllegalArgumentException("key material too short."); - } - - nextkey: for (int i = 0; i < N_DES_WEAK_KEYS; i++) - { - for (int j = 0; j < DES_KEY_LENGTH; j++) - { - if (key[j + offset] != DES_weak_keys[i * DES_KEY_LENGTH + j]) - { - continue nextkey; - } - } - - return true; - } - return false; - } - - /** - * DES Keys use the LSB as the odd parity bit. This can - * be used to check for corrupt keys. - * - * @param bytes the byte array to set the parity on. - */ - public static void setOddParity( - byte[] bytes) - { - for (int i = 0; i < bytes.length; i++) - { - int b = bytes[i]; - bytes[i] = (byte)((b & 0xfe) | - ((((b >> 1) ^ - (b >> 2) ^ - (b >> 3) ^ - (b >> 4) ^ - (b >> 5) ^ - (b >> 6) ^ - (b >> 7)) ^ 0x01) & 0x01)); - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/params/DESedeParameters.java b/luni/src/main/java/org/bouncycastle/crypto/params/DESedeParameters.java deleted file mode 100644 index d424fc1..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/params/DESedeParameters.java +++ /dev/null @@ -1,57 +0,0 @@ -package org.bouncycastle.crypto.params; - -public class DESedeParameters - extends DESParameters -{ - /* - * DES-EDE Key length in bytes. - */ - static public final int DES_EDE_KEY_LENGTH = 24; - - public DESedeParameters( - byte[] key) - { - super(key); - - if (isWeakKey(key, 0, 0)) - { - throw new IllegalArgumentException("attempt to create weak DESede key"); - } - } - - /** - * return true if the passed in key is a DES-EDE weak key. - * - * @param key bytes making up the key - * @param offset offset into the byte array the key starts at - * @param length number of bytes making up the key - */ - public static boolean isWeakKey( - byte[] key, - int offset, - int length) - { - for (int i = offset; i < length; i += DES_KEY_LENGTH) - { - if (DESParameters.isWeakKey(key, i)) - { - return true; - } - } - - return false; - } - - /** - * return true if the passed in key is a DES-EDE weak key. - * - * @param key bytes making up the key - * @param offset offset into the byte array the key starts at - */ - public static boolean isWeakKey( - byte[] key, - int offset) - { - return isWeakKey(key, offset, key.length - offset); - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/params/DHKeyGenerationParameters.java b/luni/src/main/java/org/bouncycastle/crypto/params/DHKeyGenerationParameters.java deleted file mode 100644 index 910081e..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/params/DHKeyGenerationParameters.java +++ /dev/null @@ -1,25 +0,0 @@ -package org.bouncycastle.crypto.params; - -import java.security.SecureRandom; - -import org.bouncycastle.crypto.KeyGenerationParameters; - -public class DHKeyGenerationParameters - extends KeyGenerationParameters -{ - private DHParameters params; - - public DHKeyGenerationParameters( - SecureRandom random, - DHParameters params) - { - super(random, params.getP().bitLength()); - - this.params = params; - } - - public DHParameters getParameters() - { - return params; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/params/DHKeyParameters.java b/luni/src/main/java/org/bouncycastle/crypto/params/DHKeyParameters.java deleted file mode 100644 index e686f35..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/params/DHKeyParameters.java +++ /dev/null @@ -1,54 +0,0 @@ -package org.bouncycastle.crypto.params; - - -public class DHKeyParameters - extends AsymmetricKeyParameter -{ - private DHParameters params; - - protected DHKeyParameters( - boolean isPrivate, - DHParameters params) - { - super(isPrivate); - - this.params = params; - } - - public DHParameters getParameters() - { - return params; - } - - public boolean equals( - Object obj) - { - if (!(obj instanceof DHKeyParameters)) - { - return false; - } - - DHKeyParameters dhKey = (DHKeyParameters)obj; - - if (params == null) - { - return dhKey.getParameters() == null; - } - else - { - return params.equals(dhKey.getParameters()); - } - } - - public int hashCode() - { - int code = isPrivate() ? 0 : 1; - - if (params != null) - { - code ^= params.hashCode(); - } - - return code; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/params/DHParameters.java b/luni/src/main/java/org/bouncycastle/crypto/params/DHParameters.java deleted file mode 100644 index def449c..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/params/DHParameters.java +++ /dev/null @@ -1,126 +0,0 @@ -package org.bouncycastle.crypto.params; - -import java.math.BigInteger; - -import org.bouncycastle.crypto.CipherParameters; - -public class DHParameters - implements CipherParameters -{ - private BigInteger g; - private BigInteger p; - private BigInteger q; - private int j; - private DHValidationParameters validation; - - public DHParameters( - BigInteger p, - BigInteger g) - { - this.g = g; - this.p = p; - } - - public DHParameters( - BigInteger p, - BigInteger g, - BigInteger q, - int j) - { - this.g = g; - this.p = p; - this.q = q; - this.j = j; - } - - public DHParameters( - BigInteger p, - BigInteger g, - BigInteger q, - int j, - DHValidationParameters validation) - { - this.g = g; - this.p = p; - this.q = q; - this.j = j; - } - - public BigInteger getP() - { - return p; - } - - public BigInteger getG() - { - return g; - } - - public BigInteger getQ() - { - return q; - } - - /** - * Return the private value length in bits - if set, zero otherwise (use bitLength(P) - 1). - * - * @return the private value length in bits, zero otherwise. - */ - public int getJ() - { - return j; - } - - public DHValidationParameters getValidationParameters() - { - return validation; - } - - public boolean equals( - Object obj) - { - if (!(obj instanceof DHParameters)) - { - return false; - } - - DHParameters pm = (DHParameters)obj; - - if (this.getValidationParameters() != null) - { - if (!this.getValidationParameters().equals(pm.getValidationParameters())) - { - return false; - } - } - else - { - if (pm.getValidationParameters() != null) - { - return false; - } - } - - if (this.getQ() != null) - { - if (!this.getQ().equals(pm.getQ())) - { - return false; - } - } - else - { - if (pm.getQ() != null) - { - return false; - } - } - - return (j == pm.getJ()) && pm.getP().equals(p) && pm.getG().equals(g); - } - - public int hashCode() - { - return getJ() ^ getP().hashCode() ^ getG().hashCode(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/params/DHPrivateKeyParameters.java b/luni/src/main/java/org/bouncycastle/crypto/params/DHPrivateKeyParameters.java deleted file mode 100644 index 523f9a0..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/params/DHPrivateKeyParameters.java +++ /dev/null @@ -1,41 +0,0 @@ -package org.bouncycastle.crypto.params; - -import java.math.BigInteger; - -public class DHPrivateKeyParameters - extends DHKeyParameters -{ - private BigInteger x; - - public DHPrivateKeyParameters( - BigInteger x, - DHParameters params) - { - super(true, params); - - this.x = x; - } - - public BigInteger getX() - { - return x; - } - - public boolean equals( - Object obj) - { - if (!(obj instanceof DHPrivateKeyParameters)) - { - return false; - } - - DHPrivateKeyParameters pKey = (DHPrivateKeyParameters)obj; - - if (!pKey.getX().equals(x)) - { - return false; - } - - return super.equals(obj); - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/params/DHPublicKeyParameters.java b/luni/src/main/java/org/bouncycastle/crypto/params/DHPublicKeyParameters.java deleted file mode 100644 index 4f308ed..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/params/DHPublicKeyParameters.java +++ /dev/null @@ -1,41 +0,0 @@ -package org.bouncycastle.crypto.params; - -import java.math.BigInteger; - -public class DHPublicKeyParameters - extends DHKeyParameters -{ - private BigInteger y; - - public DHPublicKeyParameters( - BigInteger y, - DHParameters params) - { - super(false, params); - - this.y = y; - } - - public BigInteger getY() - { - return y; - } - - public boolean equals( - Object obj) - { - if (!(obj instanceof DHPublicKeyParameters)) - { - return false; - } - - DHPublicKeyParameters pKey = (DHPublicKeyParameters)obj; - - if (!pKey.getY().equals(y)) - { - return false; - } - - return super.equals(obj); - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/params/DHValidationParameters.java b/luni/src/main/java/org/bouncycastle/crypto/params/DHValidationParameters.java deleted file mode 100644 index 94c1360..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/params/DHValidationParameters.java +++ /dev/null @@ -1,58 +0,0 @@ -package org.bouncycastle.crypto.params; - -public class DHValidationParameters -{ - private byte[] seed; - private int counter; - - public DHValidationParameters( - byte[] seed, - int counter) - { - this.seed = seed; - this.counter = counter; - } - - public boolean equals( - Object o) - { - if (!(o instanceof DHValidationParameters)) - { - return false; - } - - DHValidationParameters other = (DHValidationParameters)o; - - if (other.counter != this.counter) - { - return false; - } - - if (other.seed.length != this.seed.length) - { - return false; - } - - for (int i = 0; i != other.seed.length; i++) - { - if (other.seed[i] != this.seed[i]) - { - return false; - } - } - - return true; - } - - public int hashCode() - { - int code = counter; - - for (int i = 0; i != seed.length; i++) - { - code ^= (seed[i] & 0xff) << (i % 4); - } - - return code; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/params/DSAKeyGenerationParameters.java b/luni/src/main/java/org/bouncycastle/crypto/params/DSAKeyGenerationParameters.java deleted file mode 100644 index 29fa91e..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/params/DSAKeyGenerationParameters.java +++ /dev/null @@ -1,25 +0,0 @@ -package org.bouncycastle.crypto.params; - -import java.security.SecureRandom; - -import org.bouncycastle.crypto.KeyGenerationParameters; - -public class DSAKeyGenerationParameters - extends KeyGenerationParameters -{ - private DSAParameters params; - - public DSAKeyGenerationParameters( - SecureRandom random, - DSAParameters params) - { - super(random, params.getP().bitLength() - 1); - - this.params = params; - } - - public DSAParameters getParameters() - { - return params; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/params/DSAKeyParameters.java b/luni/src/main/java/org/bouncycastle/crypto/params/DSAKeyParameters.java deleted file mode 100644 index 11bb9d9..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/params/DSAKeyParameters.java +++ /dev/null @@ -1,21 +0,0 @@ -package org.bouncycastle.crypto.params; - -public class DSAKeyParameters - extends AsymmetricKeyParameter -{ - private DSAParameters params; - - public DSAKeyParameters( - boolean isPrivate, - DSAParameters params) - { - super(isPrivate); - - this.params = params; - } - - public DSAParameters getParameters() - { - return params; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/params/DSAParameters.java b/luni/src/main/java/org/bouncycastle/crypto/params/DSAParameters.java deleted file mode 100644 index 7f76d11..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/params/DSAParameters.java +++ /dev/null @@ -1,74 +0,0 @@ -package org.bouncycastle.crypto.params; - -import java.math.BigInteger; - -import org.bouncycastle.crypto.CipherParameters; - -public class DSAParameters - implements CipherParameters -{ - private BigInteger g; - private BigInteger q; - private BigInteger p; - private DSAValidationParameters validation; - - public DSAParameters( - BigInteger p, - BigInteger q, - BigInteger g) - { - this.g = g; - this.p = p; - this.q = q; - } - - public DSAParameters( - BigInteger p, - BigInteger q, - BigInteger g, - DSAValidationParameters params) - { - this.g = g; - this.p = p; - this.q = q; - this.validation = params; - } - - public BigInteger getP() - { - return p; - } - - public BigInteger getQ() - { - return q; - } - - public BigInteger getG() - { - return g; - } - - public DSAValidationParameters getValidationParameters() - { - return validation; - } - - public boolean equals( - Object obj) - { - if (!(obj instanceof DSAParameters)) - { - return false; - } - - DSAParameters pm = (DSAParameters)obj; - - return (pm.getP().equals(p) && pm.getQ().equals(q) && pm.getG().equals(g)); - } - - public int hashCode() - { - return getP().hashCode() ^ getQ().hashCode() ^ getG().hashCode(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/params/DSAPrivateKeyParameters.java b/luni/src/main/java/org/bouncycastle/crypto/params/DSAPrivateKeyParameters.java deleted file mode 100644 index 3bef3f4..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/params/DSAPrivateKeyParameters.java +++ /dev/null @@ -1,23 +0,0 @@ -package org.bouncycastle.crypto.params; - -import java.math.BigInteger; - -public class DSAPrivateKeyParameters - extends DSAKeyParameters -{ - private BigInteger x; - - public DSAPrivateKeyParameters( - BigInteger x, - DSAParameters params) - { - super(true, params); - - this.x = x; - } - - public BigInteger getX() - { - return x; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/params/DSAPublicKeyParameters.java b/luni/src/main/java/org/bouncycastle/crypto/params/DSAPublicKeyParameters.java deleted file mode 100644 index c006656..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/params/DSAPublicKeyParameters.java +++ /dev/null @@ -1,23 +0,0 @@ -package org.bouncycastle.crypto.params; - -import java.math.BigInteger; - -public class DSAPublicKeyParameters - extends DSAKeyParameters -{ - private BigInteger y; - - public DSAPublicKeyParameters( - BigInteger y, - DSAParameters params) - { - super(false, params); - - this.y = y; - } - - public BigInteger getY() - { - return y; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/params/DSAValidationParameters.java b/luni/src/main/java/org/bouncycastle/crypto/params/DSAValidationParameters.java deleted file mode 100644 index 541218b..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/params/DSAValidationParameters.java +++ /dev/null @@ -1,56 +0,0 @@ -package org.bouncycastle.crypto.params; - -public class DSAValidationParameters -{ - private byte[] seed; - private int counter; - - public DSAValidationParameters( - byte[] seed, - int counter) - { - this.seed = seed; - this.counter = counter; - } - - public int getCounter() - { - return counter; - } - - public byte[] getSeed() - { - return seed; - } - - public boolean equals( - Object o) - { - if (!(o instanceof DSAValidationParameters)) - { - return false; - } - - DSAValidationParameters other = (DSAValidationParameters)o; - - if (other.counter != this.counter) - { - return false; - } - - if (other.seed.length != this.seed.length) - { - return false; - } - - for (int i = 0; i != other.seed.length; i++) - { - if (other.seed[i] != this.seed[i]) - { - return false; - } - } - - return true; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/params/IESParameters.java b/luni/src/main/java/org/bouncycastle/crypto/params/IESParameters.java deleted file mode 100644 index 0600b34..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/params/IESParameters.java +++ /dev/null @@ -1,44 +0,0 @@ -package org.bouncycastle.crypto.params; - -import org.bouncycastle.crypto.CipherParameters; - -/** - * parameters for using an integrated cipher in stream mode. - */ -public class IESParameters - implements CipherParameters -{ - private byte[] derivation; - private byte[] encoding; - private int macKeySize; - - /** - * @param derivation the derivation parameter for the KDF function. - * @param encoding the encoding parameter for the KDF function. - * @param macKeySize the size of the MAC key (in bits). - */ - public IESParameters( - byte[] derivation, - byte[] encoding, - int macKeySize) - { - this.derivation = derivation; - this.encoding = encoding; - this.macKeySize = macKeySize; - } - - public byte[] getDerivationV() - { - return derivation; - } - - public byte[] getEncodingV() - { - return encoding; - } - - public int getMacKeySize() - { - return macKeySize; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/params/IESWithCipherParameters.java b/luni/src/main/java/org/bouncycastle/crypto/params/IESWithCipherParameters.java deleted file mode 100644 index ef61b2c..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/params/IESWithCipherParameters.java +++ /dev/null @@ -1,30 +0,0 @@ -package org.bouncycastle.crypto.params; - - -public class IESWithCipherParameters - extends IESParameters -{ - private int cipherKeySize; - - /** - * @param derivation the derivation parameter for the KDF function. - * @param encoding the encoding parameter for the KDF function. - * @param macKeySize the size of the MAC key (in bits). - * @param cipherKeySize the size of the associated Cipher key (in bits). - */ - public IESWithCipherParameters( - byte[] derivation, - byte[] encoding, - int macKeySize, - int cipherKeySize) - { - super(derivation, encoding, macKeySize); - - this.cipherKeySize = cipherKeySize; - } - - public int getCipherKeySize() - { - return cipherKeySize; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/params/ISO18033KDFParameters.java b/luni/src/main/java/org/bouncycastle/crypto/params/ISO18033KDFParameters.java deleted file mode 100644 index 8dffe2e..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/params/ISO18033KDFParameters.java +++ /dev/null @@ -1,23 +0,0 @@ -package org.bouncycastle.crypto.params; - -import org.bouncycastle.crypto.DerivationParameters; - -/** - * parameters for Key derivation functions for ISO-18033 - */ -public class ISO18033KDFParameters - implements DerivationParameters -{ - byte[] seed; - - public ISO18033KDFParameters( - byte[] seed) - { - this.seed = seed; - } - - public byte[] getSeed() - { - return seed; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/params/KDFParameters.java b/luni/src/main/java/org/bouncycastle/crypto/params/KDFParameters.java deleted file mode 100644 index f3bac64..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/params/KDFParameters.java +++ /dev/null @@ -1,31 +0,0 @@ -package org.bouncycastle.crypto.params; - -import org.bouncycastle.crypto.DerivationParameters; - -/** - * parameters for Key derivation functions for IEEE P1363a - */ -public class KDFParameters - implements DerivationParameters -{ - byte[] iv; - byte[] shared; - - public KDFParameters( - byte[] shared, - byte[] iv) - { - this.shared = shared; - this.iv = iv; - } - - public byte[] getSharedSecret() - { - return shared; - } - - public byte[] getIV() - { - return iv; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/params/KeyParameter.java b/luni/src/main/java/org/bouncycastle/crypto/params/KeyParameter.java deleted file mode 100644 index 5c4fe0e..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/params/KeyParameter.java +++ /dev/null @@ -1,30 +0,0 @@ -package org.bouncycastle.crypto.params; - -import org.bouncycastle.crypto.CipherParameters; - -public class KeyParameter - implements CipherParameters -{ - private byte[] key; - - public KeyParameter( - byte[] key) - { - this(key, 0, key.length); - } - - public KeyParameter( - byte[] key, - int keyOff, - int keyLen) - { - this.key = new byte[keyLen]; - - System.arraycopy(key, keyOff, this.key, 0, keyLen); - } - - public byte[] getKey() - { - return key; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/params/MGFParameters.java b/luni/src/main/java/org/bouncycastle/crypto/params/MGFParameters.java deleted file mode 100644 index 8c1ea5e..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/params/MGFParameters.java +++ /dev/null @@ -1,32 +0,0 @@ -package org.bouncycastle.crypto.params; - -import org.bouncycastle.crypto.DerivationParameters; - -/** - * parameters for mask derivation functions. - */ -public class MGFParameters - implements DerivationParameters -{ - byte[] seed; - - public MGFParameters( - byte[] seed) - { - this.seed = seed; - } - - public MGFParameters( - byte[] seed, - int off, - int len) - { - this.seed = new byte[len]; - System.arraycopy(seed, off, this.seed, 0, len); - } - - public byte[] getSeed() - { - return seed; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/params/ParametersWithIV.java b/luni/src/main/java/org/bouncycastle/crypto/params/ParametersWithIV.java deleted file mode 100644 index 4a1e6e9..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/params/ParametersWithIV.java +++ /dev/null @@ -1,39 +0,0 @@ -package org.bouncycastle.crypto.params; - -import org.bouncycastle.crypto.CipherParameters; - -public class ParametersWithIV - implements CipherParameters -{ - private byte[] iv; - private CipherParameters parameters; - - public ParametersWithIV( - CipherParameters parameters, - byte[] iv) - { - this(parameters, iv, 0, iv.length); - } - - public ParametersWithIV( - CipherParameters parameters, - byte[] iv, - int ivOff, - int ivLen) - { - this.iv = new byte[ivLen]; - this.parameters = parameters; - - System.arraycopy(iv, ivOff, this.iv, 0, ivLen); - } - - public byte[] getIV() - { - return iv; - } - - public CipherParameters getParameters() - { - return parameters; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/params/ParametersWithRandom.java b/luni/src/main/java/org/bouncycastle/crypto/params/ParametersWithRandom.java deleted file mode 100644 index f8b7c82..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/params/ParametersWithRandom.java +++ /dev/null @@ -1,41 +0,0 @@ -package org.bouncycastle.crypto.params; - -import java.security.SecureRandom; - -import org.bouncycastle.crypto.CipherParameters; - -public class ParametersWithRandom - implements CipherParameters -{ - private SecureRandom random; - private CipherParameters parameters; - - public ParametersWithRandom( - CipherParameters parameters, - SecureRandom random) - { - this.random = random; - this.parameters = parameters; - } - - public ParametersWithRandom( - CipherParameters parameters) - { - this.random = null; - this.parameters = parameters; - } - - public SecureRandom getRandom() - { - if (random == null) - { - random = new SecureRandom(); - } - return random; - } - - public CipherParameters getParameters() - { - return parameters; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/params/ParametersWithSBox.java b/luni/src/main/java/org/bouncycastle/crypto/params/ParametersWithSBox.java deleted file mode 100644 index b226a9d..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/params/ParametersWithSBox.java +++ /dev/null @@ -1,28 +0,0 @@ -package org.bouncycastle.crypto.params; - -import org.bouncycastle.crypto.CipherParameters; - -public class ParametersWithSBox - implements CipherParameters -{ - private CipherParameters parameters; - private byte[] sBox; - - public ParametersWithSBox( - CipherParameters parameters, - byte[] sBox) - { - this.parameters = parameters; - this.sBox = sBox; - } - - public byte[] getSBox() - { - return sBox; - } - - public CipherParameters getParameters() - { - return parameters; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/params/ParametersWithSalt.java b/luni/src/main/java/org/bouncycastle/crypto/params/ParametersWithSalt.java deleted file mode 100644 index 73765dd..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/params/ParametersWithSalt.java +++ /dev/null @@ -1,42 +0,0 @@ -package org.bouncycastle.crypto.params; - -import org.bouncycastle.crypto.CipherParameters; - -/** - * Cipher parameters with a fixed salt value associated with them. - */ -public class ParametersWithSalt - implements CipherParameters -{ - private byte[] salt; - private CipherParameters parameters; - - public ParametersWithSalt( - CipherParameters parameters, - byte[] salt) - { - this(parameters, salt, 0, salt.length); - } - - public ParametersWithSalt( - CipherParameters parameters, - byte[] salt, - int saltOff, - int saltLen) - { - this.salt = new byte[saltLen]; - this.parameters = parameters; - - System.arraycopy(salt, saltOff, this.salt, 0, saltLen); - } - - public byte[] getSalt() - { - return salt; - } - - public CipherParameters getParameters() - { - return parameters; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/params/RC2Parameters.java b/luni/src/main/java/org/bouncycastle/crypto/params/RC2Parameters.java deleted file mode 100644 index dc33ec5..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/params/RC2Parameters.java +++ /dev/null @@ -1,36 +0,0 @@ -package org.bouncycastle.crypto.params; - -import org.bouncycastle.crypto.CipherParameters; - -public class RC2Parameters - implements CipherParameters -{ - private byte[] key; - private int bits; - - public RC2Parameters( - byte[] key) - { - this(key, (key.length > 128) ? 1024 : (key.length * 8)); - } - - public RC2Parameters( - byte[] key, - int bits) - { - this.key = new byte[key.length]; - this.bits = bits; - - System.arraycopy(key, 0, this.key, 0, key.length); - } - - public byte[] getKey() - { - return key; - } - - public int getEffectiveKeyBits() - { - return bits; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/params/RC5Parameters.java b/luni/src/main/java/org/bouncycastle/crypto/params/RC5Parameters.java deleted file mode 100644 index 6cbd57f..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/params/RC5Parameters.java +++ /dev/null @@ -1,35 +0,0 @@ -package org.bouncycastle.crypto.params; - -import org.bouncycastle.crypto.CipherParameters; - -public class RC5Parameters - implements CipherParameters -{ - private byte[] key; - private int rounds; - - public RC5Parameters( - byte[] key, - int rounds) - { - if (key.length > 255) - { - throw new IllegalArgumentException("RC5 key length can be no greater than 255"); - } - - this.key = new byte[key.length]; - this.rounds = rounds; - - System.arraycopy(key, 0, this.key, 0, key.length); - } - - public byte[] getKey() - { - return key; - } - - public int getRounds() - { - return rounds; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/params/RSAKeyGenerationParameters.java b/luni/src/main/java/org/bouncycastle/crypto/params/RSAKeyGenerationParameters.java deleted file mode 100644 index 38b55fc..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/params/RSAKeyGenerationParameters.java +++ /dev/null @@ -1,48 +0,0 @@ -package org.bouncycastle.crypto.params; - -import java.math.BigInteger; -import java.security.SecureRandom; - -import org.bouncycastle.crypto.KeyGenerationParameters; - -public class RSAKeyGenerationParameters - extends KeyGenerationParameters -{ - private BigInteger publicExponent; - private int certainty; - - public RSAKeyGenerationParameters( - BigInteger publicExponent, - SecureRandom random, - int strength, - int certainty) - { - super(random, strength); - - if (strength < 12) - { - throw new IllegalArgumentException("key strength too small"); - } - - // - // public exponent cannot be even - // - if (!publicExponent.testBit(0)) - { - throw new IllegalArgumentException("public exponent cannot be even"); - } - - this.publicExponent = publicExponent; - this.certainty = certainty; - } - - public BigInteger getPublicExponent() - { - return publicExponent; - } - - public int getCertainty() - { - return certainty; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/params/RSAKeyParameters.java b/luni/src/main/java/org/bouncycastle/crypto/params/RSAKeyParameters.java deleted file mode 100644 index 4a2d935..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/params/RSAKeyParameters.java +++ /dev/null @@ -1,31 +0,0 @@ -package org.bouncycastle.crypto.params; - -import java.math.BigInteger; - -public class RSAKeyParameters - extends AsymmetricKeyParameter -{ - private BigInteger modulus; - private BigInteger exponent; - - public RSAKeyParameters( - boolean isPrivate, - BigInteger modulus, - BigInteger exponent) - { - super(isPrivate); - - this.modulus = modulus; - this.exponent = exponent; - } - - public BigInteger getModulus() - { - return modulus; - } - - public BigInteger getExponent() - { - return exponent; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/params/RSAPrivateCrtKeyParameters.java b/luni/src/main/java/org/bouncycastle/crypto/params/RSAPrivateCrtKeyParameters.java deleted file mode 100644 index b61cb5c..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/params/RSAPrivateCrtKeyParameters.java +++ /dev/null @@ -1,67 +0,0 @@ -package org.bouncycastle.crypto.params; - -import java.math.BigInteger; - -public class RSAPrivateCrtKeyParameters - extends RSAKeyParameters -{ - private BigInteger e; - private BigInteger p; - private BigInteger q; - private BigInteger dP; - private BigInteger dQ; - private BigInteger qInv; - - /** - * - */ - public RSAPrivateCrtKeyParameters( - BigInteger modulus, - BigInteger publicExponent, - BigInteger privateExponent, - BigInteger p, - BigInteger q, - BigInteger dP, - BigInteger dQ, - BigInteger qInv) - { - super(true, modulus, privateExponent); - - this.e = publicExponent; - this.p = p; - this.q = q; - this.dP = dP; - this.dQ = dQ; - this.qInv = qInv; - } - - public BigInteger getPublicExponent() - { - return e; - } - - public BigInteger getP() - { - return p; - } - - public BigInteger getQ() - { - return q; - } - - public BigInteger getDP() - { - return dP; - } - - public BigInteger getDQ() - { - return dQ; - } - - public BigInteger getQInv() - { - return qInv; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/signers/DSASigner.java b/luni/src/main/java/org/bouncycastle/crypto/signers/DSASigner.java deleted file mode 100644 index a8392ab..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/signers/DSASigner.java +++ /dev/null @@ -1,122 +0,0 @@ -package org.bouncycastle.crypto.signers; - -import java.math.BigInteger; -import java.security.SecureRandom; - -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DSA; -import org.bouncycastle.crypto.params.DSAKeyParameters; -import org.bouncycastle.crypto.params.DSAParameters; -import org.bouncycastle.crypto.params.DSAPrivateKeyParameters; -import org.bouncycastle.crypto.params.DSAPublicKeyParameters; -import org.bouncycastle.crypto.params.ParametersWithRandom; - -/** - * The Digital Signature Algorithm - as described in "Handbook of Applied - * Cryptography", pages 452 - 453. - */ -public class DSASigner - implements DSA -{ - DSAKeyParameters key; - - SecureRandom random; - - public void init( - boolean forSigning, - CipherParameters param) - { - if (forSigning) - { - if (param instanceof ParametersWithRandom) - { - ParametersWithRandom rParam = (ParametersWithRandom)param; - - this.random = rParam.getRandom(); - this.key = (DSAPrivateKeyParameters)rParam.getParameters(); - } - else - { - this.random = new SecureRandom(); - this.key = (DSAPrivateKeyParameters)param; - } - } - else - { - this.key = (DSAPublicKeyParameters)param; - } - } - - /** - * generate a signature for the given message using the key we were - * initialised with. For conventional DSA the message should be a SHA-1 - * hash of the message of interest. - * - * @param message the message that will be verified later. - */ - public BigInteger[] generateSignature( - byte[] message) - { - BigInteger m = new BigInteger(1, message); - DSAParameters params = key.getParameters(); - BigInteger k; - int qBitLength = params.getQ().bitLength(); - - do - { - k = new BigInteger(qBitLength, random); - } - while (k.compareTo(params.getQ()) >= 0); - - BigInteger r = params.getG().modPow(k, params.getP()).mod(params.getQ()); - - k = k.modInverse(params.getQ()).multiply( - m.add(((DSAPrivateKeyParameters)key).getX().multiply(r))); - - BigInteger s = k.mod(params.getQ()); - - BigInteger[] res = new BigInteger[2]; - - res[0] = r; - res[1] = s; - - return res; - } - - /** - * return true if the value r and s represent a DSA signature for - * the passed in message for standard DSA the message should be a - * SHA-1 hash of the real message to be verified. - */ - public boolean verifySignature( - byte[] message, - BigInteger r, - BigInteger s) - { - BigInteger m = new BigInteger(1, message); - DSAParameters params = key.getParameters(); - BigInteger zero = BigInteger.valueOf(0); - - if (zero.compareTo(r) >= 0 || params.getQ().compareTo(r) <= 0) - { - return false; - } - - if (zero.compareTo(s) >= 0 || params.getQ().compareTo(s) <= 0) - { - return false; - } - - BigInteger w = s.modInverse(params.getQ()); - - BigInteger u1 = m.multiply(w).mod(params.getQ()); - BigInteger u2 = r.multiply(w).mod(params.getQ()); - - u1 = params.getG().modPow(u1, params.getP()); - u2 = ((DSAPublicKeyParameters)key).getY().modPow(u2, params.getP()); - - BigInteger v = u1.multiply(u2).mod(params.getP()).mod(params.getQ()); - - return v.equals(r); - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/signers/ISO9796d2PSSSigner.java b/luni/src/main/java/org/bouncycastle/crypto/signers/ISO9796d2PSSSigner.java deleted file mode 100644 index b617758..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/signers/ISO9796d2PSSSigner.java +++ /dev/null @@ -1,611 +0,0 @@ -package org.bouncycastle.crypto.signers; - -import java.security.SecureRandom; - -import org.bouncycastle.crypto.AsymmetricBlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.CryptoException; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.SignerWithRecovery; -// BEGIN android-removed -// import org.bouncycastle.crypto.digests.RIPEMD128Digest; -// import org.bouncycastle.crypto.digests.RIPEMD160Digest; -// END android-removed -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.params.ParametersWithRandom; -import org.bouncycastle.crypto.params.ParametersWithSalt; -import org.bouncycastle.crypto.params.RSAKeyParameters; - -/** - * ISO9796-2 - mechanism using a hash function with recovery (scheme 2 and 3). - * <p> - * Note: the usual length for the salt is the length of the hash - * function used in bytes. - */ -public class ISO9796d2PSSSigner - implements SignerWithRecovery -{ - static final public int TRAILER_IMPLICIT = 0xBC; - static final public int TRAILER_RIPEMD160 = 0x31CC; - static final public int TRAILER_RIPEMD128 = 0x32CC; - static final public int TRAILER_SHA1 = 0x33CC; - - private Digest digest; - private AsymmetricBlockCipher cipher; - - private SecureRandom random; - private byte[] standardSalt; - - private int hLen; - private int trailer; - private int keyBits; - private byte[] block; - private byte[] mBuf; - private int messageLength; - private int saltLength; - private boolean fullMessage; - private byte[] recoveredMessage; - - /** - * Generate a signer for the with either implicit or explicit trailers - * for ISO9796-2, scheme 2 or 3. - * - * @param cipher base cipher to use for signature creation/verification - * @param digest digest to use. - * @param saltLength length of salt in bytes. - * @param implicit whether or not the trailer is implicit or gives the hash. - */ - public ISO9796d2PSSSigner( - AsymmetricBlockCipher cipher, - Digest digest, - int saltLength, - boolean implicit) - { - this.cipher = cipher; - this.digest = digest; - this.hLen = digest.getDigestSize(); - this.saltLength = saltLength; - - if (implicit) - { - trailer = TRAILER_IMPLICIT; - } - else - { - if (digest instanceof SHA1Digest) - { - trailer = TRAILER_SHA1; - } - // BEGIN android-removed - // else if (digest instanceof RIPEMD160Digest) - // { - // trailer = TRAILER_RIPEMD160; - // } - // else if (digest instanceof RIPEMD128Digest) - // { - // trailer = TRAILER_RIPEMD128; - // } - // END android-removed - else - { - throw new IllegalArgumentException("no valid trailer for digest"); - } - } - } - - /** - * Constructor for a signer with an explicit digest trailer. - * - * @param cipher cipher to use. - * @param digest digest to sign with. - * @param saltLength length of salt in bytes. - */ - public ISO9796d2PSSSigner( - AsymmetricBlockCipher cipher, - Digest digest, - int saltLength) - { - this(cipher, digest, saltLength, false); - } - - /** - * Initialise the signer. - * - * @param forSigning true if for signing, false if for verification. - * @param param parameters for signature generation/verification. If the - * parameters are for generation they should be a ParametersWithRandom, - * a ParametersWithSalt, or just an RSAKeyParameters object. If RSAKeyParameters - * are passed in a SecureRandom will be created. - * @exception IllegalArgumentException if wrong parameter type or a fixed - * salt is passed in which is the wrong length. - */ - public void init( - boolean forSigning, - CipherParameters param) - { - RSAKeyParameters kParam = null; - int lengthOfSalt = saltLength; - - if (param instanceof ParametersWithRandom) - { - ParametersWithRandom p = (ParametersWithRandom)param; - - kParam = (RSAKeyParameters)p.getParameters(); - random = p.getRandom(); - } - else if (param instanceof ParametersWithSalt) - { - ParametersWithSalt p = (ParametersWithSalt)param; - - kParam = (RSAKeyParameters)p.getParameters(); - standardSalt = p.getSalt(); - lengthOfSalt = standardSalt.length; - } - else - { - kParam = (RSAKeyParameters)param; - if (forSigning) - { - random = new SecureRandom(); - } - } - - cipher.init(forSigning, kParam); - - keyBits = kParam.getModulus().bitLength(); - - block = new byte[(keyBits + 7) / 8]; - - if (trailer == TRAILER_IMPLICIT) - { - mBuf = new byte[block.length - digest.getDigestSize() - lengthOfSalt - 1 - 1]; - } - else - { - mBuf = new byte[block.length - digest.getDigestSize() - lengthOfSalt - 1 - 2]; - } - - reset(); - } - - /** - * compare two byte arrays. - */ - private boolean isSameAs( - byte[] a, - byte[] b) - { - if (messageLength != b.length) - { - return false; - } - - for (int i = 0; i != b.length; i++) - { - if (a[i] != b[i]) - { - return false; - } - } - - return true; - } - - /** - * clear possible sensitive data - */ - private void clearBlock( - byte[] block) - { - for (int i = 0; i != block.length; i++) - { - block[i] = 0; - } - } - - /** - * update the internal digest with the byte b - */ - public void update( - byte b) - { - if (messageLength < mBuf.length) - { - mBuf[messageLength++] = b; - } - else - { - digest.update(b); - } - } - - /** - * update the internal digest with the byte array in - */ - public void update( - byte[] in, - int off, - int len) - { - while (len > 0 && messageLength < mBuf.length) - { - this.update(in[off]); - off++; - len--; - } - - if (len > 0) - { - digest.update(in, off, len); - } - } - - /** - * reset the internal state - */ - public void reset() - { - digest.reset(); - messageLength = 0; - if (recoveredMessage != null) - { - clearBlock(recoveredMessage); - } - recoveredMessage = null; - fullMessage = false; - } - - /** - * generate a signature for the loaded message using the key we were - * initialised with. - */ - public byte[] generateSignature() - throws CryptoException - { - int digSize = digest.getDigestSize(); - - byte[] m2Hash = new byte[digSize]; - - digest.doFinal(m2Hash, 0); - - byte[] C = new byte[8]; - LtoOSP(messageLength * 8, C); - - digest.update(C, 0, C.length); - - digest.update(mBuf, 0, messageLength); - - digest.update(m2Hash, 0, m2Hash.length); - - byte[] salt; - - if (standardSalt != null) - { - salt = standardSalt; - } - else - { - salt = new byte[saltLength]; - random.nextBytes(salt); - } - - digest.update(salt, 0, salt.length); - - byte[] hash = new byte[digest.getDigestSize()]; - - digest.doFinal(hash, 0); - - int tLength = 2; - if (trailer == TRAILER_IMPLICIT) - { - tLength = 1; - } - - int off = block.length - messageLength - salt.length - hLen - tLength - 1; - - block[off] = 0x01; - - System.arraycopy(mBuf, 0, block, off + 1, messageLength); - System.arraycopy(salt, 0, block, off + 1 + messageLength, salt.length); - - byte[] dbMask = maskGeneratorFunction1(hash, 0, hash.length, block.length - hLen - tLength); - for (int i = 0; i != dbMask.length; i++) - { - block[i] ^= dbMask[i]; - } - - System.arraycopy(hash, 0, block, block.length - hLen - tLength, hLen); - - if (trailer == TRAILER_IMPLICIT) - { - block[block.length - 1] = (byte)TRAILER_IMPLICIT; - } - else - { - block[block.length - 2] = (byte)(trailer >>> 8); - block[block.length - 1] = (byte)trailer; - } - - block[0] &= 0x7f; - - byte[] b = cipher.processBlock(block, 0, block.length); - - clearBlock(mBuf); - clearBlock(block); - messageLength = 0; - - return b; - } - - /** - * return true if the signature represents a ISO9796-2 signature - * for the passed in message. - */ - public boolean verifySignature( - byte[] signature) - { - byte[] block = null; - - try - { - block = cipher.processBlock(signature, 0, signature.length); - } - catch (Exception e) - { - return false; - } - - // - // adjust block size for leading zeroes if necessary - // - if (block.length < (keyBits + 7) / 8) - { - byte[] tmp = new byte[(keyBits + 7) / 8]; - - System.arraycopy(block, 0, tmp, tmp.length - block.length, block.length); - block = tmp; - } - - int tLength = 0; - - if (((block[block.length - 1] & 0xFF) ^ 0xBC) == 0) - { - tLength = 1; - } - else - { - int sigTrail = ((block[block.length - 2] & 0xFF) << 8) | (block[block.length - 1] & 0xFF); - - switch (sigTrail) - { - // BEGIN android-removed - // case TRAILER_RIPEMD160: - // if (!(digest instanceof RIPEMD160Digest)) - // { - // throw new IllegalStateException("signer should be initialised with RIPEMD160"); - // } - // break; - // END android-removed - case TRAILER_SHA1: - if (!(digest instanceof SHA1Digest)) - { - throw new IllegalStateException("signer should be initialised with SHA1"); - } - break; - // BEGIN android-removed - // case TRAILER_RIPEMD128: - // if (!(digest instanceof RIPEMD128Digest)) - // { - // throw new IllegalStateException("signer should be initialised with RIPEMD128"); - // } - // break; - // END android-removed - default: - throw new IllegalArgumentException("unrecognised hash in signature"); - } - - tLength = 2; - } - - // - // calculate H(m2) - // - byte[] m2Hash = new byte[hLen]; - digest.doFinal(m2Hash, 0); - - // - // remove the mask - // - byte[] dbMask = maskGeneratorFunction1(block, block.length - hLen - tLength, hLen, block.length - hLen - tLength); - for (int i = 0; i != dbMask.length; i++) - { - block[i] ^= dbMask[i]; - } - - block[0] &= 0x7f; - - // - // find out how much padding we've got - // - int mStart = 0; - - for (mStart = 0; mStart != block.length; mStart++) - { - if (block[mStart] == 0x01) - { - break; - } - } - - mStart++; - - if (mStart >= block.length) - { - clearBlock(block); - return false; - } - - if (mStart > 1) - { - fullMessage = true; - } - else - { - fullMessage = false; - } - - recoveredMessage = new byte[dbMask.length - mStart - saltLength]; - - System.arraycopy(block, mStart, recoveredMessage, 0, recoveredMessage.length); - - // - // check the hashes - // - byte[] C = new byte[8]; - LtoOSP(recoveredMessage.length * 8, C); - - digest.update(C, 0, C.length); - - if (recoveredMessage.length != 0) - { - digest.update(recoveredMessage, 0, recoveredMessage.length); - } - - digest.update(m2Hash, 0, m2Hash.length); - byte[] hash = new byte[digest.getDigestSize()]; - - digest.update(block, mStart + recoveredMessage.length, dbMask.length - mStart - recoveredMessage.length); - - digest.doFinal(hash, 0); - - int off = block.length - tLength - hash.length; - - for (int i = 0; i != hash.length; i++) - { - if (hash[i] != block[off + i]) - { - clearBlock(block); - clearBlock(hash); - clearBlock(recoveredMessage); - fullMessage = false; - - return false; - } - } - - // - // if they've input a message check what we've recovered against - // what was input. - // - if (messageLength != 0) - { - if (!isSameAs(mBuf, recoveredMessage)) - { - clearBlock(mBuf); - clearBlock(block); - - return false; - } - } - - clearBlock(mBuf); - clearBlock(block); - messageLength = 0; - - return true; - } - - /** - * Return true if the full message was recoveredMessage. - * - * @return true on full message recovery, false otherwise, or if not sure. - * @see org.bouncycastle.crypto.SignerWithRecovery#hasFullMessage() - */ - public boolean hasFullMessage() - { - return fullMessage; - } - - /** - * Return a reference to the recoveredMessage message. - * - * @return the full/partial recoveredMessage message. - * @see org.bouncycastle.crypto.SignerWithRecovery#getRecoveredMessage() - */ - public byte[] getRecoveredMessage() - { - return recoveredMessage; - } - - /** - * int to octet string. - */ - private void ItoOSP( - int i, - byte[] sp) - { - sp[0] = (byte)(i >>> 24); - sp[1] = (byte)(i >>> 16); - sp[2] = (byte)(i >>> 8); - sp[3] = (byte)(i >>> 0); - } - - /** - * long to octet string. - */ - private void LtoOSP( - long l, - byte[] sp) - { - sp[0] = (byte)(l >>> 56); - sp[1] = (byte)(l >>> 48); - sp[2] = (byte)(l >>> 40); - sp[3] = (byte)(l >>> 32); - sp[4] = (byte)(l >>> 24); - sp[5] = (byte)(l >>> 16); - sp[6] = (byte)(l >>> 8); - sp[7] = (byte)(l >>> 0); - } - /** - * mask generator function, as described in PKCS1v2. - */ - private byte[] maskGeneratorFunction1( - byte[] Z, - int zOff, - int zLen, - int length) - { - byte[] mask = new byte[length]; - byte[] hashBuf = new byte[hLen]; - byte[] C = new byte[4]; - int counter = 0; - - digest.reset(); - - while (counter < (length / hLen)) - { - ItoOSP(counter, C); - - digest.update(Z, zOff, zLen); - digest.update(C, 0, C.length); - digest.doFinal(hashBuf, 0); - - System.arraycopy(hashBuf, 0, mask, counter * hLen, hLen); - - counter++; - } - - if ((counter * hLen) < length) - { - ItoOSP(counter, C); - - digest.update(Z, zOff, zLen); - digest.update(C, 0, C.length); - digest.doFinal(hashBuf, 0); - - System.arraycopy(hashBuf, 0, mask, counter * hLen, mask.length - (counter * hLen)); - } - - return mask; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/signers/ISO9796d2Signer.java b/luni/src/main/java/org/bouncycastle/crypto/signers/ISO9796d2Signer.java deleted file mode 100644 index 43e3017..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/signers/ISO9796d2Signer.java +++ /dev/null @@ -1,495 +0,0 @@ -package org.bouncycastle.crypto.signers; - -import org.bouncycastle.crypto.AsymmetricBlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.CryptoException; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.SignerWithRecovery; -// BEGIN android-removed -// import org.bouncycastle.crypto.digests.RIPEMD128Digest; -// import org.bouncycastle.crypto.digests.RIPEMD160Digest; -// END android-removed -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.params.RSAKeyParameters; - -/** - * ISO9796-2 - mechanism using a hash function with recovery (scheme 1) - */ -public class ISO9796d2Signer - implements SignerWithRecovery -{ - static final public int TRAILER_IMPLICIT = 0xBC; - static final public int TRAILER_RIPEMD160 = 0x31CC; - static final public int TRAILER_RIPEMD128 = 0x32CC; - static final public int TRAILER_SHA1 = 0x33CC; - - private Digest digest; - private AsymmetricBlockCipher cipher; - - private int trailer; - private int keyBits; - private byte[] block; - private byte[] mBuf; - private int messageLength; - private boolean fullMessage; - private byte[] recoveredMessage; - - /** - * Generate a signer for the with either implicit or explicit trailers - * for ISO9796-2. - * - * @param cipher base cipher to use for signature creation/verification - * @param digest digest to use. - * @param implicit whether or not the trailer is implicit or gives the hash. - */ - public ISO9796d2Signer( - AsymmetricBlockCipher cipher, - Digest digest, - boolean implicit) - { - this.cipher = cipher; - this.digest = digest; - - if (implicit) - { - trailer = TRAILER_IMPLICIT; - } - else - { - if (digest instanceof SHA1Digest) - { - trailer = TRAILER_SHA1; - } - // BEGIN android-removed - // else if (digest instanceof RIPEMD160Digest) - // { - // trailer = TRAILER_RIPEMD160; - // } - // else if (digest instanceof RIPEMD128Digest) - // { - // trailer = TRAILER_RIPEMD128; - // } - // END android-removed - else - { - throw new IllegalArgumentException("no valid trailer for digest"); - } - } - } - - /** - * Constructor for a signer with an explicit digest trailer. - * - * @param cipher cipher to use. - * @param digest digest to sign with. - */ - public ISO9796d2Signer( - AsymmetricBlockCipher cipher, - Digest digest) - { - this(cipher, digest, false); - } - - public void init( - boolean forSigning, - CipherParameters param) - { - RSAKeyParameters kParam = (RSAKeyParameters)param; - - cipher.init(forSigning, kParam); - - keyBits = kParam.getModulus().bitLength(); - - block = new byte[(keyBits + 7) / 8]; - - if (trailer == TRAILER_IMPLICIT) - { - mBuf = new byte[block.length - digest.getDigestSize() - 2]; - } - else - { - mBuf = new byte[block.length - digest.getDigestSize() - 3]; - } - - reset(); - } - - /** - * compare two byte arrays. - */ - private boolean isSameAs( - byte[] a, - byte[] b) - { - if (messageLength > mBuf.length) - { - if (mBuf.length > b.length) - { - return false; - } - - for (int i = 0; i != mBuf.length; i++) - { - if (a[i] != b[i]) - { - return false; - } - } - } - else - { - if (messageLength != b.length) - { - return false; - } - - for (int i = 0; i != b.length; i++) - { - if (a[i] != b[i]) - { - return false; - } - } - } - - return true; - } - - /** - * clear possible sensitive data - */ - private void clearBlock( - byte[] block) - { - for (int i = 0; i != block.length; i++) - { - block[i] = 0; - } - } - - /** - * update the internal digest with the byte b - */ - public void update( - byte b) - { - digest.update(b); - - if (messageLength < mBuf.length) - { - mBuf[messageLength] = b; - } - - messageLength++; - } - - /** - * update the internal digest with the byte array in - */ - public void update( - byte[] in, - int off, - int len) - { - digest.update(in, off, len); - - if (messageLength < mBuf.length) - { - for (int i = 0; i < len && (i + messageLength) < mBuf.length; i++) - { - mBuf[messageLength + i] = in[off + i]; - } - } - - messageLength += len; - } - - /** - * reset the internal state - */ - public void reset() - { - digest.reset(); - messageLength = 0; - clearBlock(mBuf); - - if (recoveredMessage != null) - { - clearBlock(recoveredMessage); - } - - recoveredMessage = null; - fullMessage = false; - } - - /** - * generate a signature for the loaded message using the key we were - * initialised with. - */ - public byte[] generateSignature() - throws CryptoException - { - int digSize = digest.getDigestSize(); - - int t = 0; - int delta = 0; - - if (trailer == TRAILER_IMPLICIT) - { - t = 8; - delta = block.length - digSize - 1; - digest.doFinal(block, delta); - block[block.length - 1] = (byte)TRAILER_IMPLICIT; - } - else - { - t = 16; - delta = block.length - digSize - 2; - digest.doFinal(block, delta); - block[block.length - 2] = (byte)(trailer >>> 8); - block[block.length - 1] = (byte)trailer; - } - - byte header = 0; - int x = (digSize + messageLength) * 8 + t + 4 - keyBits; - - if (x > 0) - { - int mR = messageLength - ((x + 7) / 8); - header = 0x60; - - delta -= mR; - - System.arraycopy(mBuf, 0, block, delta, mR); - } - else - { - header = 0x40; - delta -= messageLength; - - System.arraycopy(mBuf, 0, block, delta, messageLength); - } - - if ((delta - 1) > 0) - { - for (int i = delta - 1; i != 0; i--) - { - block[i] = (byte)0xbb; - } - block[delta - 1] ^= (byte)0x01; - block[0] = (byte)0x0b; - block[0] |= header; - } - else - { - block[0] = (byte)0x0a; - block[0] |= header; - } - - byte[] b = cipher.processBlock(block, 0, block.length); - - clearBlock(mBuf); - clearBlock(block); - - return b; - } - - /** - * return true if the signature represents a ISO9796-2 signature - * for the passed in message. - */ - public boolean verifySignature( - byte[] signature) - { - byte[] block = null; - - try - { - block = cipher.processBlock(signature, 0, signature.length); - } - catch (Exception e) - { - return false; - } - - if (((block[0] & 0xC0) ^ 0x40) != 0) - { - clearBlock(mBuf); - clearBlock(block); - - return false; - } - - if (((block[block.length - 1] & 0xF) ^ 0xC) != 0) - { - clearBlock(mBuf); - clearBlock(block); - - return false; - } - - int delta = 0; - - if (((block[block.length - 1] & 0xFF) ^ 0xBC) == 0) - { - delta = 1; - } - else - { - int sigTrail = ((block[block.length - 2] & 0xFF) << 8) | (block[block.length - 1] & 0xFF); - - switch (sigTrail) - { - // BEGIN android-removed - // case TRAILER_RIPEMD160: - // if (!(digest instanceof RIPEMD160Digest)) - // { - // throw new IllegalStateException("signer should be initialised with RIPEMD160"); - // } - // break; - // END android-removed - case TRAILER_SHA1: - if (!(digest instanceof SHA1Digest)) - { - throw new IllegalStateException("signer should be initialised with SHA1"); - } - break; - // BEGIN android-removed - // case TRAILER_RIPEMD128: - // if (!(digest instanceof RIPEMD128Digest)) - // { - // throw new IllegalStateException("signer should be initialised with RIPEMD128"); - // } - // break; - // END android-removed - default: - throw new IllegalArgumentException("unrecognised hash in signature"); - } - - delta = 2; - } - - // - // find out how much padding we've got - // - int mStart = 0; - - for (mStart = 0; mStart != block.length; mStart++) - { - if (((block[mStart] & 0x0f) ^ 0x0a) == 0) - { - break; - } - } - - mStart++; - - // - // check the hashes - // - byte[] hash = new byte[digest.getDigestSize()]; - - int off = block.length - delta - hash.length; - - // - // there must be at least one byte of message string - // - if ((off - mStart) <= 0) - { - clearBlock(mBuf); - clearBlock(block); - - return false; - } - - // - // if we contain the whole message as well, check the hash of that. - // - if ((block[0] & 0x20) == 0) - { - fullMessage = true; - - digest.reset(); - digest.update(block, mStart, off - mStart); - digest.doFinal(hash, 0); - - for (int i = 0; i != hash.length; i++) - { - block[off + i] ^= hash[i]; - if (block[off + i] != 0) - { - clearBlock(mBuf); - clearBlock(block); - - return false; - } - } - - recoveredMessage = new byte[off - mStart]; - System.arraycopy(block, mStart, recoveredMessage, 0, recoveredMessage.length); - } - else - { - fullMessage = false; - - digest.doFinal(hash, 0); - - for (int i = 0; i != hash.length; i++) - { - block[off + i] ^= hash[i]; - if (block[off + i] != 0) - { - clearBlock(mBuf); - clearBlock(block); - - return false; - } - } - - recoveredMessage = new byte[off - mStart]; - System.arraycopy(block, mStart, recoveredMessage, 0, recoveredMessage.length); - } - - // - // if they've input a message check what we've recovered against - // what was input. - // - if (messageLength != 0) - { - if (!isSameAs(mBuf, recoveredMessage)) - { - clearBlock(mBuf); - clearBlock(block); - - return false; - } - } - - clearBlock(mBuf); - clearBlock(block); - - return true; - } - - /** - * Return true if the full message was recoveredMessage. - * - * @return true on full message recovery, false otherwise. - * @see org.bouncycastle.crypto.SignerWithRecovery#hasFullMessage() - */ - public boolean hasFullMessage() - { - return fullMessage; - } - - /** - * Return a reference to the recoveredMessage message. - * - * @return the full/partial recoveredMessage message. - * @see org.bouncycastle.crypto.SignerWithRecovery#getRecoveredMessage() - */ - public byte[] getRecoveredMessage() - { - return recoveredMessage; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/signers/PSSSigner.java b/luni/src/main/java/org/bouncycastle/crypto/signers/PSSSigner.java deleted file mode 100644 index ad4f53e..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/signers/PSSSigner.java +++ /dev/null @@ -1,318 +0,0 @@ -package org.bouncycastle.crypto.signers; - -import java.security.SecureRandom; - -import org.bouncycastle.crypto.AsymmetricBlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.CryptoException; -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.Signer; -import org.bouncycastle.crypto.params.ParametersWithRandom; -import org.bouncycastle.crypto.params.RSAKeyParameters; - -/** - * RSA-PSS as described in PKCS# 1 v 2.1. - * <p> - * Note: the usual value for the salt length is the number of - * bytes in the hash function. - */ -public class PSSSigner - implements Signer -{ - static final public byte TRAILER_IMPLICIT = (byte)0xBC; - - private Digest digest; - private AsymmetricBlockCipher cipher; - private SecureRandom random; - - private int hLen; - private int sLen; - private int emBits; - private byte[] salt; - private byte[] mDash; - private byte[] block; - private byte trailer; - - /** - * basic constructor - * - * @param cipher the assymetric cipher to use. - * @param digest the digest to use. - * @param sLen the length of the salt to use (in bytes). - */ - public PSSSigner( - AsymmetricBlockCipher cipher, - Digest digest, - int sLen) - { - this(cipher, digest, sLen, TRAILER_IMPLICIT); - } - - public PSSSigner( - AsymmetricBlockCipher cipher, - Digest digest, - int sLen, - byte trailer) - { - this.cipher = cipher; - this.digest = digest; - this.hLen = digest.getDigestSize(); - this.sLen = sLen; - this.salt = new byte[sLen]; - this.mDash = new byte[8 + sLen + hLen]; - this.trailer = trailer; - } - - public void init( - boolean forSigning, - CipherParameters param) - { - RSAKeyParameters kParam = null; - - if (param instanceof ParametersWithRandom) - { - ParametersWithRandom p = (ParametersWithRandom)param; - - kParam = (RSAKeyParameters)p.getParameters(); - random = p.getRandom(); - } - else - { - kParam = (RSAKeyParameters)param; - if (forSigning) - { - random = new SecureRandom(); - } - } - - cipher.init(forSigning, kParam); - - emBits = kParam.getModulus().bitLength() - 1; - - block = new byte[(emBits + 7) / 8]; - - reset(); - } - - /** - * clear possible sensitive data - */ - private void clearBlock( - byte[] block) - { - for (int i = 0; i != block.length; i++) - { - block[i] = 0; - } - } - - /** - * update the internal digest with the byte b - */ - public void update( - byte b) - { - digest.update(b); - } - - /** - * update the internal digest with the byte array in - */ - public void update( - byte[] in, - int off, - int len) - { - digest.update(in, off, len); - } - - /** - * reset the internal state - */ - public void reset() - { - digest.reset(); - } - - /** - * generate a signature for the message we've been loaded with using - * the key we were initialised with. - */ - public byte[] generateSignature() - throws CryptoException, DataLengthException - { - if (emBits < (8 * hLen + 8 * sLen + 9)) - { - throw new DataLengthException("encoding error"); - } - - digest.doFinal(mDash, mDash.length - hLen - sLen); - - if (sLen != 0) - { - random.nextBytes(salt); - - System.arraycopy(salt, 0, mDash, mDash.length - sLen, sLen); - } - - byte[] h = new byte[hLen]; - - digest.update(mDash, 0, mDash.length); - - digest.doFinal(h, 0); - - block[block.length - sLen - 1 - hLen - 1] = 0x01; - System.arraycopy(salt, 0, block, block.length - sLen - hLen - 1, sLen); - - byte[] dbMask = maskGeneratorFunction1(h, 0, h.length, block.length - hLen - 1); - for (int i = 0; i != dbMask.length; i++) - { - block[i] ^= dbMask[i]; - } - - block[0] &= (0xff >> ((block.length * 8) - emBits)); - - System.arraycopy(h, 0, block, block.length - hLen - 1, hLen); - - block[block.length - 1] = trailer; - - byte[] b = cipher.processBlock(block, 0, block.length); - - clearBlock(block); - - return b; - } - - /** - * return true if the internal state represents the signature described - * in the passed in array. - */ - public boolean verifySignature( - byte[] signature) - { - if (emBits < (8 * hLen + 8 * sLen + 9)) - { - return false; - } - - digest.doFinal(mDash, mDash.length - hLen - sLen); - - try - { - byte[] b = cipher.processBlock(signature, 0, signature.length); - System.arraycopy(b, 0, block, block.length - b.length, b.length); - } - catch (Exception e) - { - return false; - } - - if (block[block.length - 1] != trailer) - { - clearBlock(block); - return false; - } - - byte[] dbMask = maskGeneratorFunction1(block, block.length - hLen - 1, hLen, block.length - hLen - 1); - - for (int i = 0; i != dbMask.length; i++) - { - block[i] ^= dbMask[i]; - } - - block[0] &= (0xff >> ((block.length * 8) - emBits)); - - for (int i = 0; i != block.length - hLen - sLen - 2; i++) - { - if (block[i] != 0) - { - clearBlock(block); - return false; - } - } - - if (block[block.length - hLen - sLen - 2] != 0x01) - { - clearBlock(block); - return false; - } - - System.arraycopy(block, block.length - sLen - hLen - 1, mDash, mDash.length - sLen, sLen); - - digest.update(mDash, 0, mDash.length); - digest.doFinal(mDash, mDash.length - hLen); - - for (int i = block.length - hLen - 1, j = mDash.length - hLen; - j != mDash.length; i++, j++) - { - if ((block[i] ^ mDash[j]) != 0) - { - clearBlock(mDash); - clearBlock(block); - return false; - } - } - - clearBlock(mDash); - clearBlock(block); - - return true; - } - - /** - * int to octet string. - */ - private void ItoOSP( - int i, - byte[] sp) - { - sp[0] = (byte)(i >>> 24); - sp[1] = (byte)(i >>> 16); - sp[2] = (byte)(i >>> 8); - sp[3] = (byte)(i >>> 0); - } - - /** - * mask generator function, as described in PKCS1v2. - */ - private byte[] maskGeneratorFunction1( - byte[] Z, - int zOff, - int zLen, - int length) - { - byte[] mask = new byte[length]; - byte[] hashBuf = new byte[hLen]; - byte[] C = new byte[4]; - int counter = 0; - - digest.reset(); - - while (counter < (length / hLen)) - { - ItoOSP(counter, C); - - digest.update(Z, zOff, zLen); - digest.update(C, 0, C.length); - digest.doFinal(hashBuf, 0); - - System.arraycopy(hashBuf, 0, mask, counter * hLen, hLen); - - counter++; - } - - if ((counter * hLen) < length) - { - ItoOSP(counter, C); - - digest.update(Z, zOff, zLen); - digest.update(C, 0, C.length); - digest.doFinal(hashBuf, 0); - - System.arraycopy(hashBuf, 0, mask, counter * hLen, mask.length - (counter * hLen)); - } - - return mask; - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/util/PrivateKeyFactory.java b/luni/src/main/java/org/bouncycastle/crypto/util/PrivateKeyFactory.java deleted file mode 100644 index bb14375..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/util/PrivateKeyFactory.java +++ /dev/null @@ -1,136 +0,0 @@ -package org.bouncycastle.crypto.util; - -import java.io.IOException; - -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -// BEGIN android-removed -// import org.bouncycastle.asn1.oiw.ElGamalParameter; -// END android-removed -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.DHParameter; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure; -// BEGIN android-removed -// import org.bouncycastle.asn1.sec.ECPrivateKeyStructure; -// END android-removed -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.DSAParameter; -// BEGIN android-removed -// import org.bouncycastle.asn1.x9.X962NamedCurves; -// import org.bouncycastle.asn1.x9.X962Parameters; -// import org.bouncycastle.asn1.x9.X9ECParameters; -// END android-removed -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.crypto.params.AsymmetricKeyParameter; -import org.bouncycastle.crypto.params.DHParameters; -import org.bouncycastle.crypto.params.DHPrivateKeyParameters; -import org.bouncycastle.crypto.params.DSAParameters; -import org.bouncycastle.crypto.params.DSAPrivateKeyParameters; -// BEGIN android-removed -// import org.bouncycastle.crypto.params.ECDomainParameters; -// import org.bouncycastle.crypto.params.ECPrivateKeyParameters; -// import org.bouncycastle.crypto.params.ElGamalParameters; -// import org.bouncycastle.crypto.params.ElGamalPrivateKeyParameters; -//END android-removed -import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters; - -/** - * Factory for creating private key objects from PKCS8 PrivateKeyInfo objects. - */ -public class PrivateKeyFactory -{ - /** - * Create a private key parameter from the passed in PKCS8 PrivateKeyInfo object. - * - * @param keyInfo the PrivateKeyInfo object containing the key material - * @return a suitable private key parameter - * @throws IOException on an error decoding the key - */ - public static AsymmetricKeyParameter createKey( - PrivateKeyInfo keyInfo) - throws IOException - { - AlgorithmIdentifier algId = keyInfo.getAlgorithmId(); - - if (algId.getObjectId().equals(PKCSObjectIdentifiers.rsaEncryption)) - { - RSAPrivateKeyStructure keyStructure = new RSAPrivateKeyStructure((ASN1Sequence)keyInfo.getPrivateKey()); - - return new RSAPrivateCrtKeyParameters( - keyStructure.getModulus(), - keyStructure.getPublicExponent(), - keyStructure.getPrivateExponent(), - keyStructure.getPrime1(), - keyStructure.getPrime2(), - keyStructure.getExponent1(), - keyStructure.getExponent2(), - keyStructure.getCoefficient()); - } - else if (algId.getObjectId().equals(PKCSObjectIdentifiers.dhKeyAgreement)) - { - DHParameter params = new DHParameter((ASN1Sequence)keyInfo.getAlgorithmId().getParameters()); - DERInteger derX = (DERInteger)keyInfo.getPrivateKey(); - - return new DHPrivateKeyParameters(derX.getValue(), new DHParameters(params.getP(), params.getG())); - } - // BEGIN android-removed - // else if (algId.getObjectId().equals(OIWObjectIdentifiers.elGamalAlgorithm)) - // { - // ElGamalParameter params = new ElGamalParameter((ASN1Sequence)keyInfo.getAlgorithmId().getParameters()); - // DERInteger derX = (DERInteger)keyInfo.getPrivateKey(); - // - // return new ElGamalPrivateKeyParameters(derX.getValue(), new ElGamalParameters(params.getP(), params.getG())); - // } - // END android-removed - else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_dsa)) - { - DSAParameter params = new DSAParameter((ASN1Sequence)keyInfo.getAlgorithmId().getParameters()); - DERInteger derX = (DERInteger)keyInfo.getPrivateKey(); - - return new DSAPrivateKeyParameters(derX.getValue(), new DSAParameters(params.getP(), params.getQ(), params.getG())); - } - // BEGIN android-removed - // else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_ecPublicKey)) - // { - // X962Parameters params = new X962Parameters((DERObject)keyInfo.getAlgorithmId().getParameters()); - // ECDomainParameters dParams = null; - // - // if (params.isNamedCurve()) - // { - // DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters(); - // X9ECParameters ecP = X962NamedCurves.getByOID(oid); - // - // dParams = new ECDomainParameters( - // ecP.getCurve(), - // ecP.getG(), - // ecP.getN(), - // ecP.getH(), - // ecP.getSeed()); - // } - // else - // { - // X9ECParameters ecP = new X9ECParameters( - // (ASN1Sequence)params.getParameters()); - // dParams = new ECDomainParameters( - // ecP.getCurve(), - // ecP.getG(), - // ecP.getN(), - // ecP.getH(), - // ecP.getSeed()); - // } - // - // ECPrivateKeyStructure ec = new ECPrivateKeyStructure((ASN1Sequence)keyInfo.getPrivateKey()); - // - // return new ECPrivateKeyParameters(ec.getKey(), dParams); - // } - // END android-removed - else - { - throw new RuntimeException("algorithm identifier in key not recognised"); - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java b/luni/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java deleted file mode 100644 index c666800..0000000 --- a/luni/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java +++ /dev/null @@ -1,138 +0,0 @@ -package org.bouncycastle.crypto.util; - -import java.io.IOException; - -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DEROctetString; -// BEGIN android-removed -// import org.bouncycastle.asn1.oiw.ElGamalParameter; -// END android-removed -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.DHParameter; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.DSAParameter; -import org.bouncycastle.asn1.x509.RSAPublicKeyStructure; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; -// BEGIN android-removed -// import org.bouncycastle.asn1.x9.X962NamedCurves; -// import org.bouncycastle.asn1.x9.X962Parameters; -// import org.bouncycastle.asn1.x9.X9ECParameters; -// import org.bouncycastle.asn1.x9.X9ECPoint; -// END android-removed -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.crypto.params.AsymmetricKeyParameter; -import org.bouncycastle.crypto.params.DHParameters; -import org.bouncycastle.crypto.params.DHPublicKeyParameters; -import org.bouncycastle.crypto.params.DSAParameters; -import org.bouncycastle.crypto.params.DSAPublicKeyParameters; -// BEGIN android-removed -// import org.bouncycastle.crypto.params.ECDomainParameters; -// import org.bouncycastle.crypto.params.ECPublicKeyParameters; -// import org.bouncycastle.crypto.params.ElGamalParameters; -// import org.bouncycastle.crypto.params.ElGamalPublicKeyParameters; -// END android-removed -import org.bouncycastle.crypto.params.RSAKeyParameters; - -/** - * Factory to create asymmetric public key parameters for asymmetric ciphers - * from range of ASN.1 encoded SubjectPublicKeyInfo objects. - */ -public class PublicKeyFactory -{ - /** - * Create a public key from the passed in SubjectPublicKeyInfo - * - * @param keyInfo the SubjectPublicKeyInfo containing the key data - * @return the appropriate key parameter - * @throws IOException on an error decoding the key - */ - public static AsymmetricKeyParameter createKey( - SubjectPublicKeyInfo keyInfo) - throws IOException - { - AlgorithmIdentifier algId = keyInfo.getAlgorithmId(); - - if (algId.getObjectId().equals(PKCSObjectIdentifiers.rsaEncryption) - || algId.getObjectId().equals(X509ObjectIdentifiers.id_ea_rsa)) - { - RSAPublicKeyStructure pubKey = new RSAPublicKeyStructure((ASN1Sequence)keyInfo.getPublicKey()); - - return new RSAKeyParameters(false, pubKey.getModulus(), pubKey.getPublicExponent()); - } - else if (algId.getObjectId().equals(PKCSObjectIdentifiers.dhKeyAgreement) - || algId.getObjectId().equals(X9ObjectIdentifiers.dhpublicnumber)) - { - DHParameter params = new DHParameter((ASN1Sequence)keyInfo.getAlgorithmId().getParameters()); - DERInteger derY = (DERInteger)keyInfo.getPublicKey(); - - return new DHPublicKeyParameters(derY.getValue(), new DHParameters(params.getP(), params.getG())); - } - // BEGIN android-removed - // else if (algId.getObjectId().equals(OIWObjectIdentifiers.elGamalAlgorithm)) - // { - // ElGamalParameter params = new ElGamalParameter((ASN1Sequence)keyInfo.getAlgorithmId().getParameters()); - // DERInteger derY = (DERInteger)keyInfo.getPublicKey(); - // - // return new ElGamalPublicKeyParameters(derY.getValue(), new ElGamalParameters(params.getP(), params.getG())); - // } - // END android-removed - else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_dsa) - || algId.getObjectId().equals(OIWObjectIdentifiers.dsaWithSHA1)) - { - DSAParameter params = new DSAParameter((ASN1Sequence)keyInfo.getAlgorithmId().getParameters()); - DERInteger derY = (DERInteger)keyInfo.getPublicKey(); - - return new DSAPublicKeyParameters(derY.getValue(), new DSAParameters(params.getP(), params.getQ(), params.getG())); - } - // BEGIN android-removed - // else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_ecPublicKey)) - // { - // X962Parameters params = new X962Parameters((DERObject)keyInfo.getAlgorithmId().getParameters()); - // ECDomainParameters dParams = null; - // - // if (params.isNamedCurve()) - // { - // DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters(); - // X9ECParameters ecP = X962NamedCurves.getByOID(oid); - // - // dParams = new ECDomainParameters( - // ecP.getCurve(), - // ecP.getG(), - // ecP.getN(), - // ecP.getH(), - // ecP.getSeed()); - // } - // else - // { - // X9ECParameters ecP = new X9ECParameters( - // (ASN1Sequence)params.getParameters()); - // dParams = new ECDomainParameters( - // ecP.getCurve(), - // ecP.getG(), - // ecP.getN(), - // ecP.getH(), - // ecP.getSeed()); - // } - // - // DERBitString bits = keyInfo.getPublicKeyData(); - // byte[] data = bits.getBytes(); - // ASN1OctetString key = new DEROctetString(data); - // - // X9ECPoint derQ = new X9ECPoint(dParams.getCurve(), key); - // - // return new ECPublicKeyParameters(derQ.getPoint(), dParams); - // } - // BEGIN android-removed - else - { - throw new RuntimeException("algorithm identifier in key not recognised"); - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/i18n/ErrorBundle.java b/luni/src/main/java/org/bouncycastle/i18n/ErrorBundle.java deleted file mode 100644 index 803abed..0000000 --- a/luni/src/main/java/org/bouncycastle/i18n/ErrorBundle.java +++ /dev/null @@ -1,90 +0,0 @@ -package org.bouncycastle.i18n; - -import java.util.Locale; -import java.util.TimeZone; - -public class ErrorBundle extends MessageBundle -{ - - /** - * summary entry key - */ - public static final String SUMMARY_ENTRY = "summary"; - - /** - * detail entry key - */ - public static final String DETAIL_ENTRY = "details"; - - /** - * Constructs a new ErrorBundle using <code>resource</code> as the base name for the - * RessourceBundle and <code>id</code> as the message bundle id the resource file. - * @param resource base name of the resource file - * @param id the id of the corresponding bundle in the resource file - * @throws NullPointerException if <code>resource</code> or <code>id</code> is <code>null</code> - */ - public ErrorBundle(String resource, String id) throws NullPointerException - { - super(resource, id); - } - - /** - * Constructs a new ErrorBundle using <code>resource</code> as the base name for the - * RessourceBundle and <code>id</code> as the message bundle id the resource file. - * @param resource base name of the resource file - * @param id the id of the corresponding bundle in the resource file - * @param arguments an array containing the arguments for the message - * @throws NullPointerException if <code>resource</code> or <code>id</code> is <code>null</code> - */ - public ErrorBundle(String resource, String id, Object[] arguments) throws NullPointerException - { - super(resource, id, arguments); - } - - /** - * Returns the summary message in the given locale and timezone. - * @param loc the {@link Locale} - * @param timezone the {@link TimeZone} - * @return the summary message. - * @throws MissingEntryException if the message is not available - */ - public String getSummary(Locale loc, TimeZone timezone) throws MissingEntryException - { - return getEntry(SUMMARY_ENTRY,loc,timezone); - } - - /** - * Returns the summary message in the given locale and the default timezone. - * @param loc the {@link Locale} - * @return the summary message. - * @throws MissingEntryException if the message is not available - */ - public String getSummary(Locale loc) throws MissingEntryException - { - return getEntry(SUMMARY_ENTRY,loc,TimeZone.getDefault()); - } - - /** - * Returns the detail message in the given locale and timezone. - * @param loc the {@link Locale} - * @param timezone the {@link TimeZone} - * @return the detail message. - * @throws MissingEntryException if the message is not available - */ - public String getDetail(Locale loc, TimeZone timezone) throws MissingEntryException - { - return getEntry(DETAIL_ENTRY,loc,timezone); - } - - /** - * Returns the detail message in the given locale and the default timezone. - * @param loc the {@link Locale} - * @return the detail message. - * @throws MissingEntryException if the message is not available - */ - public String getDetail(Locale loc) throws MissingEntryException - { - return getEntry(DETAIL_ENTRY,loc,TimeZone.getDefault()); - } - -} diff --git a/luni/src/main/java/org/bouncycastle/i18n/LocalizedException.java b/luni/src/main/java/org/bouncycastle/i18n/LocalizedException.java deleted file mode 100644 index 373fd6c..0000000 --- a/luni/src/main/java/org/bouncycastle/i18n/LocalizedException.java +++ /dev/null @@ -1,49 +0,0 @@ -package org.bouncycastle.i18n; - -import java.util.Locale; - -/** - * Base class for all Exceptions with localized messages. - */ -public class LocalizedException extends Exception -{ - - protected ErrorBundle message; - private Throwable cause; - - /** - * Constructs a new LocalizedException with the specified localized message. - * @param message the {@link ErrorBundle} that contains the message for the exception - */ - public LocalizedException(ErrorBundle message) - { - super(message.getText(Locale.getDefault())); - this.message = message; - } - - /** - * Constructs a new LocalizedException with the specified localized message and cause. - * @param message the {@link ErrorBundle} that contains the message for the exception - * @param throwable the cause - */ - public LocalizedException(ErrorBundle message, Throwable throwable) - { - super(message.getText(Locale.getDefault())); - this.message = message; - this.cause = throwable; - } - - /** - * Returns the localized error message of the exception. - * @return the localized error message as {@link ErrorBundle} - */ - public ErrorBundle getErrorMessage() - { - return message; - } - - public Throwable getCause() - { - return cause; - } -} diff --git a/luni/src/main/java/org/bouncycastle/i18n/LocalizedMessage.java b/luni/src/main/java/org/bouncycastle/i18n/LocalizedMessage.java deleted file mode 100644 index 63825dd..0000000 --- a/luni/src/main/java/org/bouncycastle/i18n/LocalizedMessage.java +++ /dev/null @@ -1,187 +0,0 @@ -package org.bouncycastle.i18n; - -import java.text.DateFormat; -import java.text.Format; -import java.text.MessageFormat; -import java.util.Locale; -import java.util.MissingResourceException; -import java.util.ResourceBundle; -import java.util.TimeZone; - -import org.bouncycastle.i18n.filter.Filter; -import org.bouncycastle.i18n.filter.UntrustedInput; - -public class LocalizedMessage -{ - - protected final String id; - protected final String resource; - - protected Object[] arguments; - protected Object[] filteredArguments; - - protected Filter filter = null; - - /** - * Constructs a new LocalizedMessage using <code>resource</code> as the base name for the - * RessourceBundle and <code>id</code> as the message bundle id the resource file. - * @param resource base name of the resource file - * @param id the id of the corresponding bundle in the resource file - * @throws NullPointerException if <code>resource</code> or <code>id</code> is <code>null</code> - */ - public LocalizedMessage(String resource,String id) throws NullPointerException - { - if (resource == null || id == null) - { - throw new NullPointerException(); - } - this.id = id; - this.resource = resource; - this.arguments = new Object[0]; - this.filteredArguments = arguments; - } - - /** - * Constructs a new LocalizedMessage using <code>resource</code> as the base name for the - * RessourceBundle and <code>id</code> as the message bundle id the resource file. - * @param resource base name of the resource file - * @param id the id of the corresponding bundle in the resource file - * @param arguments an array containing the arguments for the message - * @throws NullPointerException if <code>resource</code> or <code>id</code> is <code>null</code> - */ - public LocalizedMessage(String resource, String id, Object[] arguments) throws NullPointerException - { - if (resource == null || id == null || arguments == null) - { - throw new NullPointerException(); - } - this.id = id; - this.resource = resource; - this.arguments = arguments; - this.filteredArguments = arguments; - } - - /** - * Reads the entry <code>id + "." + key</code> from the resource file and returns a - * formatted message for the given Locale and TimeZone. - * @param key second part of the entry id - * @param loc the used {@link Locale} - * @param timezone the used {@link TimeZone} - * @return a Strng containing the localized message - * @throws MissingEntryException if the resource file is not available or the entry does not exist. - */ - public String getEntry(String key,Locale loc, TimeZone timezone) throws MissingEntryException - { - String entry = id + "." + key; - - try - { - ResourceBundle bundle = ResourceBundle.getBundle(resource,loc); - String template = bundle.getString(entry); - if (arguments == null || arguments.length == 0) - { - return template; - } - else - { - return formatWithTimeZone(template,filteredArguments,loc,timezone); - } - } - catch (MissingResourceException mre) - { - throw new MissingEntryException("Can't find entry " + entry + " in resource file " + resource + ".", - resource, - entry); - } - } - - protected String formatWithTimeZone( - String template, - Object[] arguments, - Locale locale, - TimeZone timezone) - { - MessageFormat mf = new MessageFormat(" "); - mf.setLocale(locale); - mf.applyPattern(template); - if (!timezone.equals(TimeZone.getDefault())) - { - Format[] formats = mf.getFormats(); - for (int i = 0; i < formats.length; i++) - { - if (formats[i] instanceof DateFormat) - { - DateFormat temp = (DateFormat) formats[i]; - temp.setTimeZone(timezone); - mf.setFormat(i,temp); - } - } - } - return mf.format(arguments); - } - - /** - * Sets the {@link Filter} that is used to filter the arguments of this message - * @param filter the {@link Filter} to use. <code>null</code> to disable filtering. - */ - public void setFilter(Filter filter) - { - if (filter == null) - { - filteredArguments = arguments; - } - else if (!filter.equals(this.filter)) - { - filteredArguments = new Object[arguments.length]; - for (int i = 0; i < arguments.length; i++) - { - if (arguments[i] instanceof UntrustedInput) - { - filteredArguments[i] = filter.doFilter(((UntrustedInput) arguments[i]).getString()); - } - else - { - filteredArguments[i] = arguments[i]; - } - } - } - this.filter = filter; - } - - /** - * Returns the current filter. - * @return the current filter - */ - public Filter getFilter() - { - return filter; - } - - /** - * Returns the id of the message in the resource bundle. - * @return the id of the message - */ - public String getId() - { - return id; - } - - /** - * Returns the name of the resource bundle for this message - * @return name of the resource file - */ - public String getResource() - { - return resource; - } - - /** - * Returns an <code>Object[]</code> containing the message arguments. - * @return the message arguments - */ - public Object[] getArguments() - { - return arguments; - } - -} diff --git a/luni/src/main/java/org/bouncycastle/i18n/MessageBundle.java b/luni/src/main/java/org/bouncycastle/i18n/MessageBundle.java deleted file mode 100644 index 8848f0f..0000000 --- a/luni/src/main/java/org/bouncycastle/i18n/MessageBundle.java +++ /dev/null @@ -1,62 +0,0 @@ -package org.bouncycastle.i18n; - -import java.util.Locale; -import java.util.TimeZone; - -public class MessageBundle extends TextBundle -{ - - /** - * title entry key - */ - public static final String TITLE_ENTRY = "title"; - - /** - * Constructs a new MessageBundle using <code>resource</code> as the base name for the - * RessourceBundle and <code>id</code> as the message bundle id the resource file. - * @param resource base name of the resource file - * @param id the id of the corresponding bundle in the resource file - * @throws NullPointerException if <code>resource</code> or <code>id</code> is <code>null</code> - */ - public MessageBundle(String resource, String id) throws NullPointerException - { - super(resource, id); - } - - /** - * Constructs a new MessageBundle using <code>resource</code> as the base name for the - * RessourceBundle and <code>id</code> as the message bundle id the resource file. - * @param resource base name of the resource file - * @param id the id of the corresponding bundle in the resource file - * @param arguments an array containing the arguments for the message - * @throws NullPointerException if <code>resource</code> or <code>id</code> is <code>null</code> - */ - public MessageBundle(String resource, String id, Object[] arguments) throws NullPointerException - { - super(resource, id, arguments); - } - - /** - * Returns the title message in the given locale and timezone. - * @param loc the {@link Locale} - * @param timezone the {@link TimeZone} - * @return the title message. - * @throws MissingEntryException if the message is not available - */ - public String getTitle(Locale loc,TimeZone timezone) throws MissingEntryException - { - return getEntry(TITLE_ENTRY,loc,timezone); - } - - /** - * Returns the title message in the given locale and the default timezone. - * @param loc the {@link Locale} - * @return the title message. - * @throws MissingEntryException if the message is not available - */ - public String getTitle(Locale loc) throws MissingEntryException - { - return getEntry(TITLE_ENTRY,loc,TimeZone.getDefault()); - } - -} diff --git a/luni/src/main/java/org/bouncycastle/i18n/MissingEntryException.java b/luni/src/main/java/org/bouncycastle/i18n/MissingEntryException.java deleted file mode 100644 index 11dfdc4..0000000 --- a/luni/src/main/java/org/bouncycastle/i18n/MissingEntryException.java +++ /dev/null @@ -1,26 +0,0 @@ -package org.bouncycastle.i18n; - -public class MissingEntryException extends RuntimeException -{ - - protected final String resource; - protected final String key; - - public MissingEntryException(String message, String resource, String key) - { - super(message); - this.resource = resource; - this.key = key; - } - - public String getKey() - { - return key; - } - - public String getResource() - { - return resource; - } - -} diff --git a/luni/src/main/java/org/bouncycastle/i18n/TextBundle.java b/luni/src/main/java/org/bouncycastle/i18n/TextBundle.java deleted file mode 100644 index 9d981d9..0000000 --- a/luni/src/main/java/org/bouncycastle/i18n/TextBundle.java +++ /dev/null @@ -1,62 +0,0 @@ -package org.bouncycastle.i18n; - -import java.util.Locale; -import java.util.TimeZone; - -public class TextBundle extends LocalizedMessage -{ - - /** - * text entry key - */ - public static final String TEXT_ENTRY = "text"; - - /** - * Constructs a new TextBundle using <code>resource</code> as the base name for the - * RessourceBundle and <code>id</code> as the message bundle id the resource file. - * @param resource base name of the resource file - * @param id the id of the corresponding bundle in the resource file - * @throws NullPointerException if <code>resource</code> or <code>id</code> is <code>null</code> - */ - public TextBundle(String resource, String id) throws NullPointerException - { - super(resource, id); - } - - /** - * Constructs a new TextBundle using <code>resource</code> as the base name for the - * RessourceBundle and <code>id</code> as the message bundle id the resource file. - * @param resource base name of the resource file - * @param id the id of the corresponding bundle in the resource file - * @param arguments an array containing the arguments for the message - * @throws NullPointerException if <code>resource</code> or <code>id</code> is <code>null</code> - */ - public TextBundle(String resource, String id, Object[] arguments) throws NullPointerException - { - super(resource, id, arguments); - } - - /** - * Returns the text message in the given locale and timezone. - * @param loc the {@link Locale} - * @param timezone the {@link TimeZone} - * @return the text message. - * @throws MissingEntryException if the message is not available - */ - public String getText(Locale loc, TimeZone timezone) throws MissingEntryException - { - return getEntry(TEXT_ENTRY,loc,timezone); - } - - /** - * Returns the text message in the given locale and the defaut timezone. - * @param loc the {@link Locale} - * @return the text message. - * @throws MissingEntryException if the message is not available - */ - public String getText(Locale loc) throws MissingEntryException - { - return getEntry(TEXT_ENTRY,loc,TimeZone.getDefault()); - } - -} diff --git a/luni/src/main/java/org/bouncycastle/i18n/filter/Filter.java b/luni/src/main/java/org/bouncycastle/i18n/filter/Filter.java deleted file mode 100644 index aee58cb..0000000 --- a/luni/src/main/java/org/bouncycastle/i18n/filter/Filter.java +++ /dev/null @@ -1,14 +0,0 @@ - -package org.bouncycastle.i18n.filter; - -public interface Filter -{ - - /** - * Runs the filter on the input String and returns the filtered String - * @param input input String - * @return filtered String - */ - public String doFilter(String input); - -} diff --git a/luni/src/main/java/org/bouncycastle/i18n/filter/HTMLFilter.java b/luni/src/main/java/org/bouncycastle/i18n/filter/HTMLFilter.java deleted file mode 100644 index defc610..0000000 --- a/luni/src/main/java/org/bouncycastle/i18n/filter/HTMLFilter.java +++ /dev/null @@ -1,63 +0,0 @@ - -package org.bouncycastle.i18n.filter; - -/** - * HTML Filter - */ -public class HTMLFilter implements Filter -{ - - public String doFilter(String input) - { - StringBuffer buf = new StringBuffer(input); - int i = 0; - while (i < buf.length()) - { - char ch = buf.charAt(i); - switch (ch) - { - case '<': - buf.replace(i,i+1,"<"); - break; - case '>': - buf.replace(i,i+1,">"); - break; - case '(': - buf.replace(i,i+1,"("); - break; - case ')': - buf.replace(i,i+1,")"); - break; - case '#': - buf.replace(i,i+1,"#"); - break; - case '&': - buf.replace(i,i+1,"&"); - break; - case '\"': - buf.replace(i,i+1,"""); - break; - case '\'': - buf.replace(i,i+1,"'"); - break; - case '%': - buf.replace(i,i+1,"%"); - break; - case ';': - buf.replace(i,i+1,";"); - break; - case '+': - buf.replace(i,i+1,"+"); - break; - case '-': - buf.replace(i,i+1,"-"); - break; - default: - i -= 3; - } - i += 4; - } - return buf.toString(); - } - -} diff --git a/luni/src/main/java/org/bouncycastle/i18n/filter/SQLFilter.java b/luni/src/main/java/org/bouncycastle/i18n/filter/SQLFilter.java deleted file mode 100644 index ed3e488..0000000 --- a/luni/src/main/java/org/bouncycastle/i18n/filter/SQLFilter.java +++ /dev/null @@ -1,64 +0,0 @@ - -package org.bouncycastle.i18n.filter; - -/** - * Filter for strings to store in a SQL table. - * - * escapes ' " = - / \ ; \r \n - */ -public class SQLFilter implements Filter -{ - - public String doFilter(String input) - { - StringBuffer buf = new StringBuffer(input); - int i = 0; - while (i < buf.length()) - { - char ch = buf.charAt(i); - switch (ch) - { - case '\'': - buf.replace(i,i+1,"\\\'"); - i += 1; - break; - case '\"': - buf.replace(i,i+1,"\\\""); - i += 1; - break; - case '=': - buf.replace(i,i+1,"\\="); - i += 1; - break; - case '-': - buf.replace(i,i+1,"\\-"); - i += 1; - break; - case '/': - buf.replace(i,i+1,"\\/"); - i += 1; - break; - case '\\': - buf.replace(i,i+1,"\\\\"); - i += 1; - break; - case ';': - buf.replace(i,i+1,"\\;"); - i += 1; - break; - case '\r': - buf.replace(i,i+1,"\\r"); - i += 1; - break; - case '\n': - buf.replace(i,i+1,"\\n"); - i += 1; - break; - default: - } - i++; - } - return buf.toString(); - } - -} diff --git a/luni/src/main/java/org/bouncycastle/i18n/filter/UntrustedInput.java b/luni/src/main/java/org/bouncycastle/i18n/filter/UntrustedInput.java deleted file mode 100644 index cc69ac4..0000000 --- a/luni/src/main/java/org/bouncycastle/i18n/filter/UntrustedInput.java +++ /dev/null @@ -1,44 +0,0 @@ - -package org.bouncycastle.i18n.filter; - -/** - * Wrapper class to mark untrusted input. - */ -public class UntrustedInput -{ - - protected Object input; - - /** - * Construct a new UntrustedInput instance. - * @param input the untrusted input Object - */ - public UntrustedInput(Object input) - { - this.input = input; - } - - /** - * Returns the untrusted input as Object. - * @return the <code>input</code> as Object - */ - public Object getInput() - { - return input; - } - - /** - * Returns the untrusted input convertet to a String. - * @return the <code>input</code> as String - */ - public String getString() - { - return input.toString(); - } - - public String toString() - { - return input.toString(); - } - -} diff --git a/luni/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java b/luni/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java deleted file mode 100644 index f90ffa4..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java +++ /dev/null @@ -1,452 +0,0 @@ -package org.bouncycastle.jce; - -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.security.InvalidKeyException; -import java.security.KeyFactory; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.Signature; -import java.security.SignatureException; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.X509EncodedKeySpec; -import java.util.Set; -import java.util.HashSet; -import java.util.Hashtable; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DEROutputStream; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.CertificationRequest; -import org.bouncycastle.asn1.pkcs.CertificationRequestInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x509.X509Name; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.util.Strings; - -/** - * A class for verifying and creating PKCS10 Certification requests. - * <pre> - * CertificationRequest ::= SEQUENCE { - * certificationRequestInfo CertificationRequestInfo, - * signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }}, - * signature BIT STRING - * } - * - * CertificationRequestInfo ::= SEQUENCE { - * version INTEGER { v1(0) } (v1,...), - * subject Name, - * subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }}, - * attributes [0] Attributes{{ CRIAttributes }} - * } - * - * Attributes { ATTRIBUTE:IOSet } ::= SET OF Attribute{{ IOSet }} - * - * Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE { - * type ATTRIBUTE.&id({IOSet}), - * values SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{\@type}) - * } - * </pre> - */ -public class PKCS10CertificationRequest - extends CertificationRequest -{ - private static Hashtable algorithms = new Hashtable(); - private static Hashtable keyAlgorithms = new Hashtable(); - private static Hashtable oids = new Hashtable(); - private static Set noParams = new HashSet(); - - static - { - // BEGIN android-removed - // Dropping MD2 - // algorithms.put("MD2WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.2")); - // algorithms.put("MD2WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.2")); - // END android-removed - algorithms.put("MD5WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.4")); - algorithms.put("MD5WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.4")); - algorithms.put("RSAWITHMD5", new DERObjectIdentifier("1.2.840.113549.1.1.4")); - algorithms.put("SHA1WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.5")); - algorithms.put("SHA1WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.5")); - algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption); - algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption); - algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption); - algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption); - algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption); - algorithms.put("SHA384WITHRSA", PKCSObjectIdentifiers.sha384WithRSAEncryption); - algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption); - algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption); - algorithms.put("RSAWITHSHA1", new DERObjectIdentifier("1.2.840.113549.1.1.5")); - algorithms.put("RIPEMD160WITHRSAENCRYPTION", new DERObjectIdentifier("1.3.36.3.3.1.2")); - algorithms.put("RIPEMD160WITHRSA", new DERObjectIdentifier("1.3.36.3.3.1.2")); - algorithms.put("SHA1WITHDSA", new DERObjectIdentifier("1.2.840.10040.4.3")); - algorithms.put("DSAWITHSHA1", new DERObjectIdentifier("1.2.840.10040.4.3")); - algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224); - algorithms.put("SHA256WITHDSA", NISTObjectIdentifiers.dsa_with_sha256); - algorithms.put("SHA1WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1); - algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224); - algorithms.put("SHA256WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256); - algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384); - algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512); - algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1); - algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); - algorithms.put("GOST3410WITHGOST3411", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); - algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); - //algorithms.put("ECGOST3410WITHGOST3411", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001); - - // - // reverse mappings - // - oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.5"), "SHA1WITHRSA"); - oids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224WITHRSA"); - oids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256WITHRSA"); - oids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384WITHRSA"); - oids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512WITHRSA"); - oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410"); - //oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410"); - - oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.4"), "MD5WITHRSA"); - // BEGIN android-removed - // Dropping MD2 - // oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA"); - // END android-removed - oids.put(new DERObjectIdentifier("1.2.840.10040.4.3"), "SHA1WITHDSA"); - oids.put(X9ObjectIdentifiers.ecdsa_with_SHA1, "SHA1WITHECDSA"); - oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA"); - oids.put(X9ObjectIdentifiers.ecdsa_with_SHA256, "SHA256WITHECDSA"); - oids.put(X9ObjectIdentifiers.ecdsa_with_SHA384, "SHA384WITHECDSA"); - oids.put(X9ObjectIdentifiers.ecdsa_with_SHA512, "SHA512WITHECDSA"); - oids.put(OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA"); - oids.put(OIWObjectIdentifiers.dsaWithSHA1, "SHA1WITHDSA"); - oids.put(NISTObjectIdentifiers.dsa_with_sha224, "SHA224WITHDSA"); - oids.put(NISTObjectIdentifiers.dsa_with_sha256, "SHA256WITHDSA"); - - // - // key types - // - keyAlgorithms.put(PKCSObjectIdentifiers.rsaEncryption, "RSA"); - keyAlgorithms.put(X9ObjectIdentifiers.id_dsa, "DSA"); - - // - // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field. - // The parameters field SHALL be NULL for RSA based signature algorithms. - // - noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA1); - noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224); - noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA256); - noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA384); - noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA512); - noParams.add(X9ObjectIdentifiers.id_dsa_with_sha1); - noParams.add(NISTObjectIdentifiers.dsa_with_sha224); - noParams.add(NISTObjectIdentifiers.dsa_with_sha256); - } - - private static ASN1Sequence toDERSequence( - byte[] bytes) - { - try - { - ByteArrayInputStream bIn = new ByteArrayInputStream(bytes); - ASN1InputStream dIn = new ASN1InputStream(bIn); - - return (ASN1Sequence)dIn.readObject(); - } - catch (Exception e) - { - throw new IllegalArgumentException("badly encoded request"); - } - } - - /** - * construct a PKCS10 certification request from a DER encoded - * byte stream. - */ - public PKCS10CertificationRequest( - byte[] bytes) - { - super(toDERSequence(bytes)); - } - - public PKCS10CertificationRequest( - ASN1Sequence sequence) - { - super(sequence); - } - - /** - * create a PKCS10 certfication request using the BC provider. - */ - public PKCS10CertificationRequest( - String signatureAlgorithm, - X509Name subject, - PublicKey key, - ASN1Set attributes, - PrivateKey signingKey) - throws NoSuchAlgorithmException, NoSuchProviderException, - InvalidKeyException, SignatureException - { - this(signatureAlgorithm, subject, key, attributes, signingKey, "BC"); - } - - private static X509Name convertName( - X500Principal name) - { - try - { - return new X509Principal(name.getEncoded()); - } - catch (IOException e) - { - throw new IllegalArgumentException("can't convert name"); - } - } - - /** - * create a PKCS10 certfication request using the BC provider. - */ - public PKCS10CertificationRequest( - String signatureAlgorithm, - X500Principal subject, - PublicKey key, - ASN1Set attributes, - PrivateKey signingKey) - throws NoSuchAlgorithmException, NoSuchProviderException, - InvalidKeyException, SignatureException - { - this(signatureAlgorithm, convertName(subject), key, attributes, signingKey, "BC"); - } - - /** - * create a PKCS10 certfication request using the named provider. - */ - public PKCS10CertificationRequest( - String signatureAlgorithm, - X500Principal subject, - PublicKey key, - ASN1Set attributes, - PrivateKey signingKey, - String provider) - throws NoSuchAlgorithmException, NoSuchProviderException, - InvalidKeyException, SignatureException - { - this(signatureAlgorithm, convertName(subject), key, attributes, signingKey, provider); - } - - /** - * create a PKCS10 certfication request using the named provider. - */ - public PKCS10CertificationRequest( - String signatureAlgorithm, - X509Name subject, - PublicKey key, - ASN1Set attributes, - PrivateKey signingKey, - String provider) - throws NoSuchAlgorithmException, NoSuchProviderException, - InvalidKeyException, SignatureException - { - DERObjectIdentifier sigOID = (DERObjectIdentifier)algorithms.get(Strings.toUpperCase(signatureAlgorithm)); - - if (sigOID == null) - { - throw new IllegalArgumentException("Unknown signature type requested"); - } - - if (subject == null) - { - throw new IllegalArgumentException("subject must not be null"); - } - - if (key == null) - { - throw new IllegalArgumentException("public key must not be null"); - } - - if (noParams.contains(sigOID)) - { - this.sigAlgId = new AlgorithmIdentifier(sigOID); - } - else - { - this.sigAlgId = new AlgorithmIdentifier(sigOID, null); - } - - byte[] bytes = key.getEncoded(); - ByteArrayInputStream bIn = new ByteArrayInputStream(bytes); - ASN1InputStream dIn = new ASN1InputStream(bIn); - - try - { - this.reqInfo = new CertificationRequestInfo(subject, new SubjectPublicKeyInfo((ASN1Sequence)dIn.readObject()), attributes); - } - catch (IOException e) - { - throw new IllegalArgumentException("can't encode public key"); - } - - Signature sig = null; - - try - { - sig = Signature.getInstance(sigAlgId.getObjectId().getId(), provider); - } - catch (NoSuchAlgorithmException e) - { - sig = Signature.getInstance(signatureAlgorithm, provider); - } - - sig.initSign(signingKey); - - try - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - - dOut.writeObject(reqInfo); - - sig.update(bOut.toByteArray()); - } - catch (Exception e) - { - throw new SecurityException("exception encoding TBS cert request - " + e); - } - - this.sigBits = new DERBitString(sig.sign()); - } - - /** - * return the public key associated with the certification request - - * the public key is created using the BC provider. - */ - public PublicKey getPublicKey() - throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException - { - return getPublicKey("BC"); - } - - public PublicKey getPublicKey( - String provider) - throws NoSuchAlgorithmException, NoSuchProviderException, - InvalidKeyException - { - SubjectPublicKeyInfo subjectPKInfo = reqInfo.getSubjectPublicKeyInfo(); - X509EncodedKeySpec xspec = new X509EncodedKeySpec(new DERBitString(subjectPKInfo).getBytes()); - AlgorithmIdentifier keyAlg = subjectPKInfo.getAlgorithmId(); - - try - { - try - { - return KeyFactory.getInstance(keyAlg.getObjectId().getId(), provider).generatePublic(xspec); - } - catch (NoSuchAlgorithmException e) - { - // - // try an alternate - // - if (keyAlgorithms.get(keyAlg.getObjectId()) != null) - { - String keyAlgorithm = (String)keyAlgorithms.get(keyAlg.getObjectId()); - - return KeyFactory.getInstance(keyAlgorithm, provider).generatePublic(xspec); - } - - throw e; - } - } - catch (InvalidKeySpecException e) - { - throw new InvalidKeyException("error decoding public key"); - } - } - - /** - * verify the request using the BC provider. - */ - public boolean verify() - throws NoSuchAlgorithmException, NoSuchProviderException, - InvalidKeyException, SignatureException - { - return verify("BC"); - } - - public boolean verify( - String provider) - throws NoSuchAlgorithmException, NoSuchProviderException, - InvalidKeyException, SignatureException - { - Signature sig = null; - - try - { - sig = Signature.getInstance(sigAlgId.getObjectId().getId(), provider); - } - catch (NoSuchAlgorithmException e) - { - // - // try an alternate - // - if (oids.get(sigAlgId.getObjectId()) != null) - { - String signatureAlgorithm = (String)oids.get(sigAlgId.getObjectId()); - - sig = Signature.getInstance(signatureAlgorithm, provider); - } - else - { - throw e; - } - } - - sig.initVerify(this.getPublicKey(provider)); - - try - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - - dOut.writeObject(reqInfo); - - sig.update(bOut.toByteArray()); - } - catch (Exception e) - { - throw new SecurityException("exception encoding TBS cert request - " + e); - } - - return sig.verify(sigBits.getBytes()); - } - - /** - * return a DER encoded byte array representing this object - */ - public byte[] getEncoded() - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - - try - { - dOut.writeObject(this); - } - catch (IOException e) - { - throw new RuntimeException(e.toString()); - } - - return bOut.toByteArray(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/PKCS7SignedData.java b/luni/src/main/java/org/bouncycastle/jce/PKCS7SignedData.java deleted file mode 100644 index cd05b9f..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/PKCS7SignedData.java +++ /dev/null @@ -1,600 +0,0 @@ -package org.bouncycastle.jce; - -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.math.BigInteger; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.Signature; -import java.security.SignatureException; -import java.security.cert.CRL; -import java.security.cert.CRLException; -import java.security.cert.Certificate; -import java.security.cert.X509CRL; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Enumeration; -import java.util.HashSet; -import java.util.Iterator; -import java.util.Set; - -import org.bouncycastle.asn1.*; -import org.bouncycastle.asn1.pkcs.ContentInfo; -import org.bouncycastle.asn1.pkcs.IssuerAndSerialNumber; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.SignedData; -import org.bouncycastle.asn1.pkcs.SignerInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.CertificateList; -import org.bouncycastle.asn1.x509.X509CertificateStructure; -import org.bouncycastle.asn1.x509.X509Name; -import org.bouncycastle.jce.provider.X509CRLObject; -import org.bouncycastle.jce.provider.X509CertificateObject; - -/** - * Represents a PKCS#7 object - specifically the "Signed Data" - * type. - * <p> - * How to use it? To verify a signature, do: - * <pre> - * PKCS7SignedData pkcs7 = new PKCS7SignedData(der_bytes); // Create it - * pkcs7.update(bytes, 0, bytes.length); // Update checksum - * boolean verified = pkcs7.verify(); // Does it add up? - * - * To sign, do this: - * PKCS7SignedData pkcs7 = new PKCS7SignedData(privKey, certChain, "MD5"); - * pkcs7.update(bytes, 0, bytes.length); // Update checksum - * pkcs7.sign(); // Create digest - * - * bytes = pkcs7.getEncoded(); // Write it somewhere - * </pre> - * <p> - * This class is pretty close to obsolete, for a much better (and more complete) - * implementation of PKCS7 have a look at the org.bouncycastle.cms package. - * @deprecated this class really is obsolete - use the CMS package. - */ -public class PKCS7SignedData - implements PKCSObjectIdentifiers -{ - private int version, signerversion; - private Set digestalgos; - private Collection certs, crls; - private X509Certificate signCert; - private byte[] digest; - private String digestAlgorithm, digestEncryptionAlgorithm; - private Signature sig; - private transient PrivateKey privKey; - - private final String ID_PKCS7_DATA = "1.2.840.113549.1.7.1"; - private final String ID_PKCS7_SIGNED_DATA = "1.2.840.113549.1.7.2"; - private final String ID_MD5 = "1.2.840.113549.2.5"; - private final String ID_MD2 = "1.2.840.113549.2.2"; - private final String ID_SHA1 = "1.3.14.3.2.26"; - private final String ID_RSA = "1.2.840.113549.1.1.1"; - private final String ID_DSA = "1.2.840.10040.4.1"; - - /** - * Read an existing PKCS#7 object from a DER encoded byte array using - * the BC provider. - */ - public PKCS7SignedData( - byte[] in) - throws SecurityException, CRLException, InvalidKeyException, - NoSuchProviderException, NoSuchAlgorithmException - { - this(in, "BC"); - } - - /** - * Read an existing PKCS#7 object from a DER encoded byte array - */ - public PKCS7SignedData( - byte[] in, - String provider) - throws SecurityException, CRLException, InvalidKeyException, - NoSuchProviderException, NoSuchAlgorithmException - { - ASN1InputStream din = new ASN1InputStream(new ByteArrayInputStream(in)); - - // - // Basic checks to make sure it's a PKCS#7 SignedData Object - // - DERObject pkcs; - - try - { - pkcs = din.readObject(); - } - catch (IOException e) - { - throw new SecurityException("can't decode PKCS7SignedData object"); - } - - if (!(pkcs instanceof ASN1Sequence)) - { - throw new SecurityException("Not a valid PKCS#7 object - not a sequence"); - } - - ContentInfo content = ContentInfo.getInstance(pkcs); - - if (!content.getContentType().equals(signedData)) - { - throw new SecurityException("Not a valid PKCS#7 signed-data object - wrong header " + content.getContentType().getId()); - } - - - SignedData data = SignedData.getInstance(content.getContent()); - - certs = new ArrayList(); - - if (data.getCertificates() != null) - { - Enumeration ec = ASN1Set.getInstance(data.getCertificates()).getObjects(); - - while (ec.hasMoreElements()) - { - certs.add(new X509CertificateObject(X509CertificateStructure.getInstance(ec.nextElement()))); - } - } - - crls = new ArrayList(); - - if (data.getCRLs() != null) - { - Enumeration ec = ASN1Set.getInstance(data.getCRLs()).getObjects(); - while (ec.hasMoreElements()) - { - crls.add(new X509CRLObject(CertificateList.getInstance(ec.nextElement()))); - } - } - - version = data.getVersion().getValue().intValue(); - - // - // Get the digest algorithm - // - digestalgos = new HashSet(); - Enumeration e = data.getDigestAlgorithms().getObjects(); - - while (e.hasMoreElements()) - { - ASN1Sequence s = (ASN1Sequence)e.nextElement(); - DERObjectIdentifier o = (DERObjectIdentifier)s.getObjectAt(0); - digestalgos.add(o.getId()); - } - - // - // Get the SignerInfo - // - ASN1Set signerinfos = data.getSignerInfos(); - if (signerinfos.size() != 1) - { - throw new SecurityException("This PKCS#7 object has multiple SignerInfos - only one is supported at this time"); - } - - SignerInfo signerInfo = SignerInfo.getInstance(signerinfos.getObjectAt(0)); - - signerversion = signerInfo.getVersion().getValue().intValue(); - - IssuerAndSerialNumber isAnds = signerInfo.getIssuerAndSerialNumber(); - - // - // Get the signing certificate - // - BigInteger serialNumber = isAnds.getCertificateSerialNumber().getValue(); - X509Principal issuer = new X509Principal(isAnds.getName()); - - for (Iterator i = certs.iterator();i.hasNext();) - { - X509Certificate cert = (X509Certificate)i.next(); - if (serialNumber.equals(cert.getSerialNumber()) - && issuer.equals(cert.getIssuerDN())) - { - signCert = cert; - break; - } - } - - if (signCert == null) - { - throw new SecurityException("Can't find signing certificate with serial "+serialNumber.toString(16)); - } - - digestAlgorithm = signerInfo.getDigestAlgorithm().getObjectId().getId(); - - digest = signerInfo.getEncryptedDigest().getOctets(); - digestEncryptionAlgorithm = signerInfo.getDigestEncryptionAlgorithm().getObjectId().getId(); - - sig = Signature.getInstance(getDigestAlgorithm(), provider); - - sig.initVerify(signCert.getPublicKey()); - } - - /** - * Create a new PKCS#7 object from the specified key using the BC provider. - * - * @param privKey the private key to be used for signing. - * @param certChain the certificate chain associated with the private key. - * @param hashAlgorithm the hashing algorithm used to compute the message digest. Must be "MD5", "MD2", "SHA1" or "SHA" - */ - public PKCS7SignedData( - PrivateKey privKey, - Certificate[] certChain, - String hashAlgorithm) - throws SecurityException, InvalidKeyException, - NoSuchProviderException, NoSuchAlgorithmException - { - this(privKey, certChain, hashAlgorithm, "BC"); - } - - /** - * Create a new PKCS#7 object from the specified key. - * - * @param privKey the private key to be used for signing. - * @param certChain the certificate chain associated with the private key. - * @param hashAlgorithm the hashing algorithm used to compute the message digest. Must be "MD5", "MD2", "SHA1" or "SHA" - * @param provider the provider to use. - */ - public PKCS7SignedData( - PrivateKey privKey, - Certificate[] certChain, - String hashAlgorithm, - String provider) - throws SecurityException, InvalidKeyException, - NoSuchProviderException, NoSuchAlgorithmException - { - this(privKey, certChain, null, hashAlgorithm, provider); - } - - /** - * Create a new PKCS#7 object from the specified key. - * - * @param privKey the private key to be used for signing. - * @param certChain the certificate chain associated with the private key. - * @param crlList the crl list associated with the private key. - * @param hashAlgorithm the hashing algorithm used to compute the message digest. Must be "MD5", "MD2", "SHA1" or "SHA" - * @param provider the provider to use. - */ - public PKCS7SignedData( - PrivateKey privKey, - Certificate[] certChain, - CRL[] crlList, - String hashAlgorithm, - String provider) - throws SecurityException, InvalidKeyException, - NoSuchProviderException, NoSuchAlgorithmException - { - this.privKey = privKey; - - if (hashAlgorithm.equals("MD5")) - { - digestAlgorithm = ID_MD5; - } - else if (hashAlgorithm.equals("MD2")) - { - digestAlgorithm = ID_MD2; - } - else if (hashAlgorithm.equals("SHA")) - { - digestAlgorithm = ID_SHA1; - } - else if (hashAlgorithm.equals("SHA1")) - { - digestAlgorithm = ID_SHA1; - } - else - { - throw new NoSuchAlgorithmException("Unknown Hash Algorithm "+hashAlgorithm); - } - - version = signerversion = 1; - certs = new ArrayList(); - crls = new ArrayList(); - digestalgos = new HashSet(); - digestalgos.add(digestAlgorithm); - - // - // Copy in the certificates and crls used to sign the private key. - // - signCert = (X509Certificate)certChain[0]; - for (int i = 0;i < certChain.length;i++) - { - certs.add(certChain[i]); - } - - if (crlList != null) - { - for (int i = 0;i < crlList.length;i++) - { - crls.add(crlList[i]); - } - } - - // - // Now we have private key, find out what the digestEncryptionAlgorithm is. - // - digestEncryptionAlgorithm = privKey.getAlgorithm(); - if (digestEncryptionAlgorithm.equals("RSA")) - { - digestEncryptionAlgorithm = ID_RSA; - } - else if (digestEncryptionAlgorithm.equals("DSA")) - { - digestEncryptionAlgorithm = ID_DSA; - } - else - { - throw new NoSuchAlgorithmException("Unknown Key Algorithm "+digestEncryptionAlgorithm); - } - - sig = Signature.getInstance(getDigestAlgorithm(), provider); - - sig.initSign(privKey); - } - - /** - * Get the algorithm used to calculate the message digest - */ - public String getDigestAlgorithm() - { - String da = digestAlgorithm; - String dea = digestEncryptionAlgorithm; - - if (digestAlgorithm.equals(ID_MD5)) - { - da = "MD5"; - } - else if (digestAlgorithm.equals(ID_MD2)) - { - da = "MD2"; - } - else if (digestAlgorithm.equals(ID_SHA1)) - { - da = "SHA1"; - } - - if (digestEncryptionAlgorithm.equals(ID_RSA)) - { - dea = "RSA"; - } - else if (digestEncryptionAlgorithm.equals(ID_DSA)) - { - dea = "DSA"; - } - - return da + "with" + dea; - } - - /** - * Resets the PKCS7SignedData object to it's initial state, ready - * to sign or verify a new buffer. - */ - public void reset() - { - try - { - if (privKey==null) - { - sig.initVerify(signCert.getPublicKey()); - } - else - { - sig.initSign(privKey); - } - } - catch (Exception e) - { - throw new RuntimeException(e.toString()); - } - } - - /** - * Get the X.509 certificates associated with this PKCS#7 object - */ - public Certificate[] getCertificates() - { - return (X509Certificate[])certs.toArray(new X509Certificate[certs.size()]); - } - - /** - * Get the X.509 certificate revocation lists associated with this PKCS#7 object - */ - public Collection getCRLs() - { - return crls; - } - - /** - * Get the X.509 certificate actually used to sign the digest. - */ - public X509Certificate getSigningCertificate() - { - return signCert; - } - - /** - * Get the version of the PKCS#7 object. Always 1 - */ - public int getVersion() - { - return version; - } - - /** - * Get the version of the PKCS#7 "SignerInfo" object. Always 1 - */ - public int getSigningInfoVersion() - { - return signerversion; - } - - /** - * Update the digest with the specified byte. This method is used both for signing and verifying - */ - public void update(byte buf) - throws SignatureException - { - sig.update(buf); - } - - /** - * Update the digest with the specified bytes. This method is used both for signing and verifying - */ - public void update(byte[] buf, int off, int len) - throws SignatureException - { - sig.update(buf, off, len); - } - - /** - * Verify the digest - */ - public boolean verify() - throws SignatureException - { - return sig.verify(digest); - } - - /** - * Get the "issuer" from the TBSCertificate bytes that are passed in - */ - private DERObject getIssuer(byte[] enc) - { - try - { - ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(enc)); - ASN1Sequence seq = (ASN1Sequence)in.readObject(); - return (DERObject)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 3 : 2); - } - catch (IOException e) - { - throw new Error("IOException reading from ByteArray: "+e); - } - } - - /** - * return the bytes for the PKCS7SignedData object. - */ - public byte[] getEncoded() - { - try - { - - digest = sig.sign(); - - // Create the set of Hash algorithms. I've assumed this is the - // set of all hash agorithms used to created the digest in the - // "signerInfo" structure. I may be wrong. - // - ASN1EncodableVector v = new ASN1EncodableVector(); - for (Iterator i = digestalgos.iterator(); i.hasNext();) - { - AlgorithmIdentifier a = new AlgorithmIdentifier( - new DERObjectIdentifier((String)i.next()), - null); - - v.add(a); - } - - DERSet algos = new DERSet(v); - - // Create the contentInfo. Empty, I didn't implement this bit - // - DERSequence contentinfo = new DERSequence( - new DERObjectIdentifier(ID_PKCS7_DATA)); - - // Get all the certificates - // - v = new ASN1EncodableVector(); - for (Iterator i = certs.iterator();i.hasNext();) - { - ASN1InputStream tempstream = new ASN1InputStream(new ByteArrayInputStream(((X509Certificate)i.next()).getEncoded())); - v.add(tempstream.readObject()); - } - - DERSet dercertificates = new DERSet(v); - - // Create signerinfo structure. - // - ASN1EncodableVector signerinfo = new ASN1EncodableVector(); - - // Add the signerInfo version - // - signerinfo.add(new DERInteger(signerversion)); - - IssuerAndSerialNumber isAnds = new IssuerAndSerialNumber( - new X509Name((ASN1Sequence)getIssuer(signCert.getTBSCertificate())), - new DERInteger(signCert.getSerialNumber())); - signerinfo.add(isAnds); - - // Add the digestAlgorithm - // - // BEGIN android-changed - signerinfo.add(new AlgorithmIdentifier( - new DERObjectIdentifier(digestAlgorithm), - DERNull.THE_ONE)); - - // - // Add the digestEncryptionAlgorithm - // - signerinfo.add(new AlgorithmIdentifier( - new DERObjectIdentifier(digestEncryptionAlgorithm), - DERNull.THE_ONE)); - // END android-changed - - // - // Add the digest - // - signerinfo.add(new DEROctetString(digest)); - - - // - // Finally build the body out of all the components above - // - ASN1EncodableVector body = new ASN1EncodableVector(); - body.add(new DERInteger(version)); - body.add(algos); - body.add(contentinfo); - body.add(new DERTaggedObject(false, 0, dercertificates)); - - if (crls.size()>0) - { - v = new ASN1EncodableVector(); - for (Iterator i = crls.iterator();i.hasNext();) - { - ASN1InputStream t = new ASN1InputStream(new ByteArrayInputStream(((X509CRL)i.next()).getEncoded())); - v.add(t.readObject()); - } - DERSet dercrls = new DERSet(v); - body.add(new DERTaggedObject(false, 1, dercrls)); - } - - // Only allow one signerInfo - // - body.add(new DERSet(new DERSequence(signerinfo))); - - // Now we have the body, wrap it in it's PKCS7Signed shell - // and return it - // - ASN1EncodableVector whole = new ASN1EncodableVector(); - whole.add(new DERObjectIdentifier(ID_PKCS7_SIGNED_DATA)); - whole.add(new DERTaggedObject(0, new DERSequence(body))); - - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - DEROutputStream dout = new DEROutputStream(bOut); - dout.writeObject(new DERSequence(whole)); - dout.close(); - - return bOut.toByteArray(); - } - catch (Exception e) - { - throw new RuntimeException(e.toString()); - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/PrincipalUtil.java b/luni/src/main/java/org/bouncycastle/jce/PrincipalUtil.java deleted file mode 100644 index 92a444c..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/PrincipalUtil.java +++ /dev/null @@ -1,86 +0,0 @@ -package org.bouncycastle.jce; - -import java.io.*; -import java.security.cert.*; - -import org.bouncycastle.asn1.*; -import org.bouncycastle.asn1.x509.*; - -/** - * a utility class that will extract X509Principal objects from X.509 certificates. - * <p> - * Use this in preference to trying to recreate a principal from a String, not all - * DNs are what they should be, so it's best to leave them encoded where they - * can be. - */ -public class PrincipalUtil -{ - /** - * return the issuer of the given cert as an X509PrincipalObject. - */ - public static X509Principal getIssuerX509Principal( - X509Certificate cert) - throws CertificateEncodingException - { - try - { - ByteArrayInputStream bIn = new ByteArrayInputStream( - cert.getTBSCertificate()); - ASN1InputStream aIn = new ASN1InputStream(bIn); - TBSCertificateStructure tbsCert = new TBSCertificateStructure( - (ASN1Sequence)aIn.readObject()); - - return new X509Principal(tbsCert.getIssuer()); - } - catch (IOException e) - { - throw new CertificateEncodingException(e.toString()); - } - } - - /** - * return the subject of the given cert as an X509PrincipalObject. - */ - public static X509Principal getSubjectX509Principal( - X509Certificate cert) - throws CertificateEncodingException - { - try - { - ByteArrayInputStream bIn = new ByteArrayInputStream( - cert.getTBSCertificate()); - ASN1InputStream aIn = new ASN1InputStream(bIn); - TBSCertificateStructure tbsCert = new TBSCertificateStructure( - (ASN1Sequence)aIn.readObject()); - - return new X509Principal(tbsCert.getSubject()); - } - catch (IOException e) - { - throw new CertificateEncodingException(e.toString()); - } - } - - /** - * return the issuer of the given CRL as an X509PrincipalObject. - */ - public static X509Principal getIssuerX509Principal( - X509CRL crl) - throws CRLException - { - try - { - ByteArrayInputStream bIn = new ByteArrayInputStream( - crl.getTBSCertList()); - ASN1InputStream aIn = new ASN1InputStream(bIn); - TBSCertList tbsCertList = new TBSCertList( - (ASN1Sequence)aIn.readObject()); - - return new X509Principal(tbsCertList.getIssuer()); - } - catch (IOException e) - { - throw new CRLException(e.toString()); - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/X509KeyUsage.java b/luni/src/main/java/org/bouncycastle/jce/X509KeyUsage.java deleted file mode 100644 index 2024b65..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/X509KeyUsage.java +++ /dev/null @@ -1,57 +0,0 @@ -package org.bouncycastle.jce; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.x509.KeyUsage; - -/** - * A holding class for constructing an X509 Key Usage extension. - * - * <pre> - * id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } - * - * KeyUsage ::= BIT STRING { - * digitalSignature (0), - * nonRepudiation (1), - * keyEncipherment (2), - * dataEncipherment (3), - * keyAgreement (4), - * keyCertSign (5), - * cRLSign (6), - * encipherOnly (7), - * decipherOnly (8) } - * </pre> - */ -public class X509KeyUsage - extends ASN1Encodable -{ - public static final int digitalSignature = 1 << 7; - public static final int nonRepudiation = 1 << 6; - public static final int keyEncipherment = 1 << 5; - public static final int dataEncipherment = 1 << 4; - public static final int keyAgreement = 1 << 3; - public static final int keyCertSign = 1 << 2; - public static final int cRLSign = 1 << 1; - public static final int encipherOnly = 1 << 0; - public static final int decipherOnly = 1 << 15; - - private int usage = 0; - - /** - * Basic constructor. - * - * @param usage - the bitwise OR of the Key Usage flags giving the - * allowed uses for the key. - * e.g. (X509KeyUsage.keyEncipherment | X509KeyUsage.dataEncipherment) - */ - public X509KeyUsage( - int usage) - { - this.usage = usage; - } - - public DERObject toASN1Object() - { - return new KeyUsage(usage); - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/X509Principal.java b/luni/src/main/java/org/bouncycastle/jce/X509Principal.java deleted file mode 100644 index 7051073..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/X509Principal.java +++ /dev/null @@ -1,151 +0,0 @@ -package org.bouncycastle.jce; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.security.Principal; -import java.util.Hashtable; -import java.util.Vector; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DEROutputStream; -import org.bouncycastle.asn1.x509.X509Name; - -public class X509Principal - extends X509Name - implements Principal -{ - private static ASN1Sequence readSequence( - ASN1InputStream aIn) - throws IOException - { - try - { - return ASN1Sequence.getInstance(aIn.readObject()); - } - catch (IllegalArgumentException e) - { - throw new IOException("not an ASN.1 Sequence: " + e); - } - } - - /** - * Constructor from an encoded byte array. - */ - public X509Principal( - byte[] bytes) - throws IOException - { - super(readSequence(new ASN1InputStream(bytes))); - } - - /** - * Constructor from an X509Name object. - */ - public X509Principal( - X509Name name) - { - super((ASN1Sequence)name.getDERObject()); - } - - /** - * constructor from a table of attributes. - * <p> - * it's is assumed the table contains OID/String pairs. - */ - public X509Principal( - Hashtable attributes) - { - super(attributes); - } - - /** - * constructor from a table of attributes and a vector giving the - * specific ordering required for encoding or conversion to a string. - * <p> - * it's is assumed the table contains OID/String pairs. - */ - public X509Principal( - Vector ordering, - Hashtable attributes) - { - super(ordering, attributes); - } - - /** - * constructor from a vector of attribute values and a vector of OIDs. - */ - public X509Principal( - Vector oids, - Vector values) - { - super(oids, values); - } - - /** - * takes an X509 dir name as a string of the format "C=AU,ST=Victoria", or - * some such, converting it into an ordered set of name attributes. - */ - public X509Principal( - String dirName) - { - super(dirName); - } - - /** - * Takes an X509 dir name as a string of the format "C=AU,ST=Victoria", or - * some such, converting it into an ordered set of name attributes. If reverse - * is false the dir name will be encoded in the order of the (name, value) pairs - * presented, otherwise the encoding will start with the last (name, value) pair - * and work back. - */ - public X509Principal( - boolean reverse, - String dirName) - { - super(reverse, dirName); - } - - /** - * Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or - * some such, converting it into an ordered set of name attributes. lookUp - * should provide a table of lookups, indexed by lowercase only strings and - * yielding a DERObjectIdentifier, other than that OID. and numeric oids - * will be processed automatically. - * <p> - * If reverse is true, create the encoded version of the sequence starting - * from the last element in the string. - */ - public X509Principal( - boolean reverse, - Hashtable lookUp, - String dirName) - { - super(reverse, lookUp, dirName); - } - - public String getName() - { - return this.toString(); - } - - /** - * return a DER encoded byte array representing this object - */ - public byte[] getEncoded() - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - - try - { - dOut.writeObject(this); - } - catch (IOException e) - { - throw new RuntimeException(e.toString()); - } - - return bOut.toByteArray(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/X509V1CertificateGenerator.java b/luni/src/main/java/org/bouncycastle/jce/X509V1CertificateGenerator.java deleted file mode 100644 index 4bd4c77..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/X509V1CertificateGenerator.java +++ /dev/null @@ -1,265 +0,0 @@ -package org.bouncycastle.jce; - -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.math.BigInteger; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.Signature; -import java.security.SignatureException; -import java.security.cert.X509Certificate; -import java.util.Date; -import java.util.Hashtable; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DEROutputStream; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x509.TBSCertificateStructure; -import org.bouncycastle.asn1.x509.Time; -import org.bouncycastle.asn1.x509.V1TBSCertificateGenerator; -import org.bouncycastle.asn1.x509.X509CertificateStructure; -import org.bouncycastle.asn1.x509.X509Name; -import org.bouncycastle.jce.provider.X509CertificateObject; -import org.bouncycastle.util.Strings; - -/** - * class to produce an X.509 Version 1 certificate. - * - * @deprecated use the equivalent class in org.bouncycastle.x509 - */ -public class X509V1CertificateGenerator -{ - private V1TBSCertificateGenerator tbsGen; - private DERObjectIdentifier sigOID; - private AlgorithmIdentifier sigAlgId; - private String signatureAlgorithm; - - private static Hashtable algorithms = new Hashtable(); - - static - { - algorithms.put("MD2WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.2")); - algorithms.put("MD2WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.2")); - algorithms.put("MD5WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.4")); - algorithms.put("MD5WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.4")); - algorithms.put("SHA1WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.5")); - algorithms.put("SHA1WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.5")); - algorithms.put("RIPEMD160WITHRSAENCRYPTION", new DERObjectIdentifier("1.3.36.3.3.1.2")); - algorithms.put("RIPEMD160WITHRSA", new DERObjectIdentifier("1.3.36.3.3.1.2")); - algorithms.put("SHA1WITHDSA", new DERObjectIdentifier("1.2.840.10040.4.3")); - algorithms.put("DSAWITHSHA1", new DERObjectIdentifier("1.2.840.10040.4.3")); - algorithms.put("SHA1WITHECDSA", new DERObjectIdentifier("1.2.840.10045.4.1")); - algorithms.put("ECDSAWITHSHA1", new DERObjectIdentifier("1.2.840.10045.4.1")); - } - - public X509V1CertificateGenerator() - { - tbsGen = new V1TBSCertificateGenerator(); - } - - /** - * reset the generator - */ - public void reset() - { - tbsGen = new V1TBSCertificateGenerator(); - } - - /** - * set the serial number for the certificate. - */ - public void setSerialNumber( - BigInteger serialNumber) - { - tbsGen.setSerialNumber(new DERInteger(serialNumber)); - } - - /** - * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the - * certificate. - */ - public void setIssuerDN( - X509Name issuer) - { - tbsGen.setIssuer(issuer); - } - - public void setNotBefore( - Date date) - { - tbsGen.setStartDate(new Time(date)); - } - - public void setNotAfter( - Date date) - { - tbsGen.setEndDate(new Time(date)); - } - - /** - * Set the subject distinguished name. The subject describes the entity associated with the public key. - */ - public void setSubjectDN( - X509Name subject) - { - tbsGen.setSubject(subject); - } - - public void setPublicKey( - PublicKey key) - { - try - { - tbsGen.setSubjectPublicKeyInfo(new SubjectPublicKeyInfo((ASN1Sequence)new ASN1InputStream( - new ByteArrayInputStream(key.getEncoded())).readObject())); - } - catch (Exception e) - { - throw new IllegalArgumentException("unable to process key - " + e.toString()); - } - } - - public void setSignatureAlgorithm( - String signatureAlgorithm) - { - this.signatureAlgorithm = signatureAlgorithm; - - sigOID = (DERObjectIdentifier)algorithms.get(Strings.toUpperCase(signatureAlgorithm)); - - if (sigOID == null) - { - throw new IllegalArgumentException("Unknown signature type requested"); - } - - // BEGIN android-changed - sigAlgId = new AlgorithmIdentifier(this.sigOID, DERNull.THE_ONE); - // END android-changed - - tbsGen.setSignature(sigAlgId); - } - - /** - * generate an X509 certificate, based on the current issuer and subject - * using the default provider "BC". - */ - public X509Certificate generateX509Certificate( - PrivateKey key) - throws SecurityException, SignatureException, InvalidKeyException - { - try - { - return generateX509Certificate(key, "BC", null); - } - catch (NoSuchProviderException e) - { - throw new SecurityException("BC provider not installed!"); - } - } - - /** - * generate an X509 certificate, based on the current issuer and subject - * using the default provider "BC" and the passed in source of randomness - */ - public X509Certificate generateX509Certificate( - PrivateKey key, - SecureRandom random) - throws SecurityException, SignatureException, InvalidKeyException - { - try - { - return generateX509Certificate(key, "BC", random); - } - catch (NoSuchProviderException e) - { - throw new SecurityException("BC provider not installed!"); - } - } - - /** - * generate an X509 certificate, based on the current issuer and subject, - * using the passed in provider for the signing, and the passed in source - * of randomness (if required). - */ - public X509Certificate generateX509Certificate( - PrivateKey key, - String provider) - throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException - { - return generateX509Certificate(key, provider, null); - } - - /** - * generate an X509 certificate, based on the current issuer and subject, - * using the passed in provider for the signing, and the passed in source - * of randomness (if required). - */ - public X509Certificate generateX509Certificate( - PrivateKey key, - String provider, - SecureRandom random) - throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException - { - Signature sig = null; - - try - { - sig = Signature.getInstance(sigOID.getId(), provider); - } - catch (NoSuchAlgorithmException ex) - { - try - { - sig = Signature.getInstance(signatureAlgorithm, provider); - } - catch (NoSuchAlgorithmException e) - { - throw new SecurityException("exception creating signature: " + e.toString()); - } - } - - if (random != null) - { - sig.initSign(key, random); - } - else - { - sig.initSign(key); - } - - TBSCertificateStructure tbsCert = tbsGen.generateTBSCertificate(); - - try - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - - dOut.writeObject(tbsCert); - - sig.update(bOut.toByteArray()); - } - catch (Exception e) - { - throw new SecurityException("exception encoding TBS cert - " + e); - } - - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(tbsCert); - v.add(sigAlgId); - v.add(new DERBitString(sig.sign())); - - return new X509CertificateObject(new X509CertificateStructure(new DERSequence(v))); - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/X509V2CRLGenerator.java b/luni/src/main/java/org/bouncycastle/jce/X509V2CRLGenerator.java deleted file mode 100644 index dea70e2..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/X509V2CRLGenerator.java +++ /dev/null @@ -1,331 +0,0 @@ -package org.bouncycastle.jce; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.math.BigInteger; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.SecureRandom; -import java.security.Signature; -import java.security.SignatureException; -import java.security.cert.CRLException; -import java.security.cert.X509CRL; -import java.text.SimpleDateFormat; -import java.util.Date; -import java.util.Hashtable; -import java.util.SimpleTimeZone; -import java.util.Vector; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DEROutputStream; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERUTCTime; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.CertificateList; -import org.bouncycastle.asn1.x509.TBSCertList; -import org.bouncycastle.asn1.x509.V2TBSCertListGenerator; -import org.bouncycastle.asn1.x509.X509Extension; -import org.bouncycastle.asn1.x509.X509Extensions; -import org.bouncycastle.asn1.x509.X509Name; -import org.bouncycastle.jce.provider.X509CRLObject; -import org.bouncycastle.util.Strings; - -/** - * class to produce an X.509 Version 2 CRL. - * <p> - * @deprecated use the equivalent class in org.bouncycastle.x509 - */ -public class X509V2CRLGenerator -{ - private SimpleDateFormat dateF = new SimpleDateFormat("yyMMddHHmmss"); - private SimpleTimeZone tz = new SimpleTimeZone(0, "Z"); - private V2TBSCertListGenerator tbsGen; - private DERObjectIdentifier sigOID; - private AlgorithmIdentifier sigAlgId; - private String signatureAlgorithm; - private Hashtable extensions = null; - private Vector extOrdering = null; - - private static Hashtable algorithms = new Hashtable(); - - static - { - algorithms.put("MD2WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.2")); - algorithms.put("MD2WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.2")); - algorithms.put("MD5WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.4")); - algorithms.put("MD5WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.4")); - algorithms.put("SHA1WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.5")); - algorithms.put("SHA1WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.5")); - algorithms.put("RIPEMD160WITHRSAENCRYPTION", new DERObjectIdentifier("1.3.36.3.3.1.2")); - algorithms.put("RIPEMD160WITHRSA", new DERObjectIdentifier("1.3.36.3.3.1.2")); - algorithms.put("SHA1WITHDSA", new DERObjectIdentifier("1.2.840.10040.4.3")); - algorithms.put("DSAWITHSHA1", new DERObjectIdentifier("1.2.840.10040.4.3")); - algorithms.put("SHA1WITHECDSA", new DERObjectIdentifier("1.2.840.10045.4.1")); - algorithms.put("ECDSAWITHSHA1", new DERObjectIdentifier("1.2.840.10045.4.1")); - } - - public X509V2CRLGenerator() - { - dateF.setTimeZone(tz); - - tbsGen = new V2TBSCertListGenerator(); - } - - /** - * reset the generator - */ - public void reset() - { - tbsGen = new V2TBSCertListGenerator(); - } - - - /** - * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the - * certificate. - */ - public void setIssuerDN( - X509Name issuer) - { - tbsGen.setIssuer(issuer); - } - - public void setThisUpdate( - Date date) - { - tbsGen.setThisUpdate(new DERUTCTime(dateF.format(date) + "Z")); - } - - public void setNextUpdate( - Date date) - { - tbsGen.setNextUpdate(new DERUTCTime(dateF.format(date) + "Z")); - } - - /** - * Reason being as indicated by ReasonFlags, i.e. ReasonFlags.KEY_COMPROMISE - * or 0 if ReasonFlags are not to be used - **/ - public void addCRLEntry(BigInteger userCertificate, Date revocationDate, int reason) - { - tbsGen.addCRLEntry(new DERInteger(userCertificate), new DERUTCTime(dateF.format(revocationDate) + "Z"), reason); - } - - public void setSignatureAlgorithm( - String signatureAlgorithm) - { - this.signatureAlgorithm = signatureAlgorithm; - - sigOID = (DERObjectIdentifier)algorithms.get(Strings.toUpperCase(signatureAlgorithm)); - - if (sigOID == null) - { - throw new IllegalArgumentException("Unknown signature type requested"); - } - - sigAlgId = new AlgorithmIdentifier(this.sigOID, null); - - tbsGen.setSignature(sigAlgId); - } - - /** - * add a given extension field for the standard extensions tag (tag 3) - */ - public void addExtension( - String OID, - boolean critical, - DEREncodable value) - { - this.addExtension(new DERObjectIdentifier(OID), critical, value); - } - - /** - * add a given extension field for the standard extensions tag (tag 0) - */ - public void addExtension( - DERObjectIdentifier OID, - boolean critical, - DEREncodable value) - { - if (extensions == null) - { - extensions = new Hashtable(); - extOrdering = new Vector(); - } - - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - - try - { - dOut.writeObject(value); - } - catch (IOException e) - { - throw new IllegalArgumentException("error encoding value: " + e); - } - - this.addExtension(OID, critical, bOut.toByteArray()); - } - - /** - * add a given extension field for the standard extensions tag (tag 0) - */ - public void addExtension( - String OID, - boolean critical, - byte[] value) - { - this.addExtension(new DERObjectIdentifier(OID), critical, value); - } - - /** - * add a given extension field for the standard extensions tag (tag 0) - */ - public void addExtension( - DERObjectIdentifier OID, - boolean critical, - byte[] value) - { - if (extensions == null) - { - extensions = new Hashtable(); - extOrdering = new Vector(); - } - - extensions.put(OID, new X509Extension(critical, new DEROctetString(value))); - extOrdering.addElement(OID); - } - - /** - * generate an X509 CRL, based on the current issuer and subject - * using the default provider "BC". - */ - public X509CRL generateX509CRL( - PrivateKey key) - throws SecurityException, SignatureException, InvalidKeyException - { - try - { - return generateX509CRL(key, "BC", null); - } - catch (NoSuchProviderException e) - { - throw new SecurityException("BC provider not installed!"); - } - } - - /** - * generate an X509 CRL, based on the current issuer and subject - * using the default provider "BC" and an user defined SecureRandom object as - * source of randomness. - */ - public X509CRL generateX509CRL( - PrivateKey key, - SecureRandom random) - throws SecurityException, SignatureException, InvalidKeyException - { - try - { - return generateX509CRL(key, "BC", random); - } - catch (NoSuchProviderException e) - { - throw new SecurityException("BC provider not installed!"); - } - } - - /** - * generate an X509 certificate, based on the current issuer and subject - * using the passed in provider for the signing. - */ - public X509CRL generateX509CRL( - PrivateKey key, - String provider) - throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException - { - return generateX509CRL(key, provider, null); - } - - /** - * generate an X509 CRL, based on the current issuer and subject, - * using the passed in provider for the signing. - */ - public X509CRL generateX509CRL( - PrivateKey key, - String provider, - SecureRandom random) - throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException - { - Signature sig = null; - - try - { - sig = Signature.getInstance(sigOID.getId(), provider); - } - catch (NoSuchAlgorithmException ex) - { - try - { - sig = Signature.getInstance(signatureAlgorithm, provider); - } - catch (NoSuchAlgorithmException e) - { - throw new SecurityException("exception creating signature: " + e.toString()); - } - } - - if (random != null) - { - sig.initSign(key, random); - } - else - { - sig.initSign(key); - } - - if (extensions != null) - { - tbsGen.setExtensions(new X509Extensions(extOrdering, extensions)); - } - - TBSCertList tbsCrl = tbsGen.generateTBSCertList(); - - try - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - - dOut.writeObject(tbsCrl); - - sig.update(bOut.toByteArray()); - } - catch (Exception e) - { - throw new SecurityException("exception encoding TBS cert - " + e); - } - - // Construct the CRL - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(tbsCrl); - v.add(sigAlgId); - v.add(new DERBitString(sig.sign())); - - try - { - return new X509CRLObject(new CertificateList(new DERSequence(v))); - } - catch (CRLException e) - { - throw new IllegalStateException("attempt to create malformed CRL: " + e.getMessage()); - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/X509V3CertificateGenerator.java b/luni/src/main/java/org/bouncycastle/jce/X509V3CertificateGenerator.java deleted file mode 100644 index aec0365..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/X509V3CertificateGenerator.java +++ /dev/null @@ -1,345 +0,0 @@ -package org.bouncycastle.jce; - -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.math.BigInteger; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.Signature; -import java.security.SignatureException; -import java.security.cert.X509Certificate; -import java.util.Date; -import java.util.Hashtable; -import java.util.Vector; - -import org.bouncycastle.asn1.*; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x509.TBSCertificateStructure; -import org.bouncycastle.asn1.x509.Time; -import org.bouncycastle.asn1.x509.V3TBSCertificateGenerator; -import org.bouncycastle.asn1.x509.X509CertificateStructure; -import org.bouncycastle.asn1.x509.X509Extension; -import org.bouncycastle.asn1.x509.X509Extensions; -import org.bouncycastle.asn1.x509.X509Name; -import org.bouncycastle.jce.provider.X509CertificateObject; -import org.bouncycastle.util.Strings; - -/** - * class to produce an X.509 Version 3 certificate. - * @deprecated use the equivalent class in org.bouncycastle.x509 - */ -public class X509V3CertificateGenerator -{ - private V3TBSCertificateGenerator tbsGen; - private DERObjectIdentifier sigOID; - private AlgorithmIdentifier sigAlgId; - private String signatureAlgorithm; - private Hashtable extensions = null; - private Vector extOrdering = null; - - private static Hashtable algorithms = new Hashtable(); - - static - { - algorithms.put("MD2WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.2")); - algorithms.put("MD2WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.2")); - algorithms.put("MD5WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.4")); - algorithms.put("MD5WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.4")); - algorithms.put("SHA1WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.5")); - algorithms.put("SHA1WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.5")); - algorithms.put("RIPEMD160WITHRSAENCRYPTION", new DERObjectIdentifier("1.3.36.3.3.1.2")); - algorithms.put("RIPEMD160WITHRSA", new DERObjectIdentifier("1.3.36.3.3.1.2")); - algorithms.put("SHA1WITHDSA", new DERObjectIdentifier("1.2.840.10040.4.3")); - algorithms.put("DSAWITHSHA1", new DERObjectIdentifier("1.2.840.10040.4.3")); - algorithms.put("SHA1WITHECDSA", new DERObjectIdentifier("1.2.840.10045.4.1")); - algorithms.put("ECDSAWITHSHA1", new DERObjectIdentifier("1.2.840.10045.4.1")); - } - - public X509V3CertificateGenerator() - { - tbsGen = new V3TBSCertificateGenerator(); - } - - /** - * reset the generator - */ - public void reset() - { - tbsGen = new V3TBSCertificateGenerator(); - extensions = null; - extOrdering = null; - } - - /** - * set the serial number for the certificate. - */ - public void setSerialNumber( - BigInteger serialNumber) - { - tbsGen.setSerialNumber(new DERInteger(serialNumber)); - } - - /** - * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the - * certificate. - */ - public void setIssuerDN( - X509Name issuer) - { - tbsGen.setIssuer(issuer); - } - - public void setNotBefore( - Date date) - { - tbsGen.setStartDate(new Time(date)); - } - - public void setNotAfter( - Date date) - { - tbsGen.setEndDate(new Time(date)); - } - - /** - * Set the subject distinguished name. The subject describes the entity associated with the public key. - */ - public void setSubjectDN( - X509Name subject) - { - tbsGen.setSubject(subject); - } - - public void setPublicKey( - PublicKey key) - { - try - { - tbsGen.setSubjectPublicKeyInfo(new SubjectPublicKeyInfo((ASN1Sequence)new ASN1InputStream( - new ByteArrayInputStream(key.getEncoded())).readObject())); - } - catch (Exception e) - { - throw new IllegalArgumentException("unable to process key - " + e.toString()); - } - } - - public void setSignatureAlgorithm( - String signatureAlgorithm) - { - this.signatureAlgorithm = signatureAlgorithm; - - sigOID = (DERObjectIdentifier)algorithms.get(Strings.toUpperCase(signatureAlgorithm)); - - if (sigOID == null) - { - throw new IllegalArgumentException("Unknown signature type requested"); - } - - // BEGIN android-changed - sigAlgId = new AlgorithmIdentifier(this.sigOID, DERNull.THE_ONE); - // END android-changed - - tbsGen.setSignature(sigAlgId); - } - - /** - * add a given extension field for the standard extensions tag (tag 3) - */ - public void addExtension( - String OID, - boolean critical, - DEREncodable value) - { - this.addExtension(new DERObjectIdentifier(OID), critical, value); - } - - /** - * add a given extension field for the standard extensions tag (tag 3) - */ - public void addExtension( - DERObjectIdentifier OID, - boolean critical, - DEREncodable value) - { - if (extensions == null) - { - extensions = new Hashtable(); - extOrdering = new Vector(); - } - - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - - try - { - dOut.writeObject(value); - } - catch (IOException e) - { - throw new IllegalArgumentException("error encoding value: " + e); - } - - this.addExtension(OID, critical, bOut.toByteArray()); - } - - /** - * add a given extension field for the standard extensions tag (tag 3) - * The value parameter becomes the contents of the octet string associated - * with the extension. - */ - public void addExtension( - String OID, - boolean critical, - byte[] value) - { - this.addExtension(new DERObjectIdentifier(OID), critical, value); - } - - /** - * add a given extension field for the standard extensions tag (tag 3) - */ - public void addExtension( - DERObjectIdentifier OID, - boolean critical, - byte[] value) - { - if (extensions == null) - { - extensions = new Hashtable(); - extOrdering = new Vector(); - } - - extensions.put(OID, new X509Extension(critical, new DEROctetString(value))); - extOrdering.addElement(OID); - } - - /** - * generate an X509 certificate, based on the current issuer and subject - * using the default provider "BC". - */ - public X509Certificate generateX509Certificate( - PrivateKey key) - throws SecurityException, SignatureException, InvalidKeyException - { - try - { - return generateX509Certificate(key, "BC", null); - } - catch (NoSuchProviderException e) - { - throw new SecurityException("BC provider not installed!"); - } - } - - /** - * generate an X509 certificate, based on the current issuer and subject - * using the default provider "BC", and the passed in source of randomness - * (if required). - */ - public X509Certificate generateX509Certificate( - PrivateKey key, - SecureRandom random) - throws SecurityException, SignatureException, InvalidKeyException - { - try - { - return generateX509Certificate(key, "BC", random); - } - catch (NoSuchProviderException e) - { - throw new SecurityException("BC provider not installed!"); - } - } - - /** - * generate an X509 certificate, based on the current issuer and subject, - * using the passed in provider for the signing. - */ - public X509Certificate generateX509Certificate( - PrivateKey key, - String provider) - throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException - { - return generateX509Certificate(key, provider, null); - } - - /** - * generate an X509 certificate, based on the current issuer and subject, - * using the passed in provider for the signing and the supplied source - * of randomness, if required. - */ - public X509Certificate generateX509Certificate( - PrivateKey key, - String provider, - SecureRandom random) - throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException - { - Signature sig = null; - - if (sigOID == null) - { - throw new IllegalStateException("no signature algorithm specified"); - } - - try - { - sig = Signature.getInstance(sigOID.getId(), provider); - } - catch (NoSuchAlgorithmException ex) - { - try - { - sig = Signature.getInstance(signatureAlgorithm, provider); - } - catch (NoSuchAlgorithmException e) - { - throw new SecurityException("exception creating signature: " + e.toString()); - } - } - - if (random != null) - { - sig.initSign(key, random); - } - else - { - sig.initSign(key); - } - - if (extensions != null) - { - tbsGen.setExtensions(new X509Extensions(extOrdering, extensions)); - } - - TBSCertificateStructure tbsCert = tbsGen.generateTBSCertificate(); - - try - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - - dOut.writeObject(tbsCert); - - sig.update(bOut.toByteArray()); - } - catch (Exception e) - { - throw new SecurityException("exception encoding TBS cert - " + e); - } - - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(tbsCert); - v.add(sigAlgId); - v.add(new DERBitString(sig.sign())); - - return new X509CertificateObject(new X509CertificateStructure(new DERSequence(v))); - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/interfaces/BCKeyStore.java b/luni/src/main/java/org/bouncycastle/jce/interfaces/BCKeyStore.java deleted file mode 100644 index a36abbb..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/interfaces/BCKeyStore.java +++ /dev/null @@ -1,14 +0,0 @@ -package org.bouncycastle.jce.interfaces; - -import java.security.SecureRandom; - -/** - * all BC provider keystores implement this interface. - */ -public interface BCKeyStore -{ - /** - * set the random source for the key store - */ - public void setRandom(SecureRandom random); -} diff --git a/luni/src/main/java/org/bouncycastle/jce/interfaces/IESKey.java b/luni/src/main/java/org/bouncycastle/jce/interfaces/IESKey.java deleted file mode 100644 index f1d7901..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/interfaces/IESKey.java +++ /dev/null @@ -1,22 +0,0 @@ -package org.bouncycastle.jce.interfaces; - -import java.security.Key; -import java.security.PrivateKey; -import java.security.PublicKey; - -/** - * key pair for use with an integrated encryptor - */ -public interface IESKey - extends Key -{ - /** - * return the intended recipient's/sender's public key. - */ - public PublicKey getPublic(); - - /** - * return the local private key. - */ - public PrivateKey getPrivate(); -} diff --git a/luni/src/main/java/org/bouncycastle/jce/interfaces/PKCS12BagAttributeCarrier.java b/luni/src/main/java/org/bouncycastle/jce/interfaces/PKCS12BagAttributeCarrier.java deleted file mode 100644 index c5dd664..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/interfaces/PKCS12BagAttributeCarrier.java +++ /dev/null @@ -1,21 +0,0 @@ -package org.bouncycastle.jce.interfaces; - -import java.util.Enumeration; - -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObjectIdentifier; - -/** - * allow us to set attributes on objects that can go into a PKCS12 store. - */ -public interface PKCS12BagAttributeCarrier -{ - public void setBagAttribute( - DERObjectIdentifier oid, - DEREncodable attribute); - - public DEREncodable getBagAttribute( - DERObjectIdentifier oid); - - public Enumeration getBagAttributeKeys(); -} diff --git a/luni/src/main/java/org/bouncycastle/jce/netscape/NetscapeCertRequest.java b/luni/src/main/java/org/bouncycastle/jce/netscape/NetscapeCertRequest.java deleted file mode 100644 index ca3d8ea..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/netscape/NetscapeCertRequest.java +++ /dev/null @@ -1,302 +0,0 @@ -package org.bouncycastle.jce.netscape; - -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.security.InvalidKeyException; -import java.security.KeyFactory; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.Signature; -import java.security.SignatureException; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.X509EncodedKeySpec; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROutputStream; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; - -/** - * - * - * Handles NetScape certificate request (KEYGEN), these are constructed as: - * <pre><code> - * SignedPublicKeyAndChallenge ::= SEQUENCE { - * publicKeyAndChallenge PublicKeyAndChallenge, - * signatureAlgorithm AlgorithmIdentifier, - * signature BIT STRING - * } - * </pre> - * - * PublicKey's encoded-format has to be X.509. - * - **/ -public class NetscapeCertRequest - extends ASN1Encodable -{ - AlgorithmIdentifier sigAlg; - AlgorithmIdentifier keyAlg; - byte sigBits []; - String challenge; - DERBitString content; - PublicKey pubkey ; - - private static ASN1Sequence getReq( - byte[] r) - throws IOException - { - ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(r)); - - return ASN1Sequence.getInstance(aIn.readObject()); - } - - public NetscapeCertRequest( - byte[] req) - throws IOException - { - this(getReq(req)); - } - - public NetscapeCertRequest (ASN1Sequence spkac) - { - try - { - - // - // SignedPublicKeyAndChallenge ::= SEQUENCE { - // publicKeyAndChallenge PublicKeyAndChallenge, - // signatureAlgorithm AlgorithmIdentifier, - // signature BIT STRING - // } - // - if (spkac.size() != 3) - { - throw new IllegalArgumentException("invalid SPKAC (size):" - + spkac.size()); - } - - sigAlg = new AlgorithmIdentifier((ASN1Sequence)spkac - .getObjectAt(1)); - sigBits = ((DERBitString)spkac.getObjectAt(2)).getBytes(); - - // - // PublicKeyAndChallenge ::= SEQUENCE { - // spki SubjectPublicKeyInfo, - // challenge IA5STRING - // } - // - ASN1Sequence pkac = (ASN1Sequence)spkac.getObjectAt(0); - - if (pkac.size() != 2) - { - throw new IllegalArgumentException("invalid PKAC (len): " - + pkac.size()); - } - - challenge = ((DERIA5String)pkac.getObjectAt(1)).getString(); - - //this could be dangerous, as ASN.1 decoding/encoding - //could potentially alter the bytes - content = new DERBitString(pkac); - - SubjectPublicKeyInfo pubkeyinfo = new SubjectPublicKeyInfo( - (ASN1Sequence)pkac.getObjectAt(0)); - - X509EncodedKeySpec xspec = new X509EncodedKeySpec(new DERBitString( - pubkeyinfo).getBytes()); - - keyAlg = pubkeyinfo.getAlgorithmId(); - pubkey = KeyFactory.getInstance(keyAlg.getObjectId().getId(), "BC") - .generatePublic(xspec); - - } - catch (Exception e) - { - throw new IllegalArgumentException(e.toString()); - } - } - - public NetscapeCertRequest( - String challenge, - AlgorithmIdentifier signing_alg, - PublicKey pub_key) throws NoSuchAlgorithmException, - InvalidKeySpecException, NoSuchProviderException - { - - this.challenge = challenge; - sigAlg = signing_alg; - pubkey = pub_key; - - ASN1EncodableVector content_der = new ASN1EncodableVector(); - content_der.add(getKeySpec()); - //content_der.add(new SubjectPublicKeyInfo(sigAlg, new RSAPublicKeyStructure(pubkey.getModulus(), pubkey.getPublicExponent()).getDERObject())); - content_der.add(new DERIA5String(challenge)); - - content = new DERBitString(new DERSequence(content_der)); - } - - public String getChallenge() - { - return challenge; - } - - public void setChallenge(String value) - { - challenge = value; - } - - public AlgorithmIdentifier getSigningAlgorithm() - { - return sigAlg; - } - - public void setSigningAlgorithm(AlgorithmIdentifier value) - { - sigAlg = value; - } - - public AlgorithmIdentifier getKeyAlgorithm() - { - return keyAlg; - } - - public void setKeyAlgorithm(AlgorithmIdentifier value) - { - keyAlg = value; - } - - public PublicKey getPublicKey() - { - return pubkey; - } - - public void setPublicKey(PublicKey value) - { - pubkey = value; - } - - public boolean verify(String challenge) throws NoSuchAlgorithmException, - InvalidKeyException, SignatureException, NoSuchProviderException - { - if (!challenge.equals(this.challenge)) - { - return false; - } - - // - // Verify the signature .. shows the response was generated - // by someone who knew the associated private key - // - Signature sig = Signature.getInstance(sigAlg.getObjectId().getId(), - "BC"); - sig.initVerify(pubkey); - sig.update(content.getBytes()); - - return sig.verify(sigBits); - } - - public void sign(PrivateKey priv_key) throws NoSuchAlgorithmException, - InvalidKeyException, SignatureException, NoSuchProviderException, - InvalidKeySpecException - { - sign(priv_key, null); - } - - public void sign(PrivateKey priv_key, SecureRandom rand) - throws NoSuchAlgorithmException, InvalidKeyException, - SignatureException, NoSuchProviderException, - InvalidKeySpecException - { - Signature sig = Signature.getInstance(sigAlg.getObjectId().getId(), - "BC"); - - if (rand != null) - { - sig.initSign(priv_key, rand); - } - else - { - sig.initSign(priv_key); - } - - ByteArrayOutputStream baos = new ByteArrayOutputStream(); - DEROutputStream deros = new DEROutputStream(baos); - - ASN1EncodableVector pkac = new ASN1EncodableVector(); - - pkac.add(getKeySpec()); - pkac.add(new DERIA5String(challenge)); - - try - { - deros.writeObject(new DERSequence(pkac)); - deros.close(); - } - catch (IOException ioe) - { - throw new SignatureException(ioe.getMessage()); - } - - sig.update(baos.toByteArray()); - - sigBits = sig.sign(); - } - - private DERObject getKeySpec() throws NoSuchAlgorithmException, - InvalidKeySpecException, NoSuchProviderException - { - ByteArrayOutputStream baos = new ByteArrayOutputStream(); - - DERObject obj = null; - try - { - - baos.write(pubkey.getEncoded()); - baos.close(); - - ASN1InputStream derin = new ASN1InputStream( - new ByteArrayInputStream(baos.toByteArray())); - - obj = derin.readObject(); - } - catch (IOException ioe) - { - throw new InvalidKeySpecException(ioe.getMessage()); - } - return obj; - } - - public DERObject toASN1Object() - { - ASN1EncodableVector spkac = new ASN1EncodableVector(); - ASN1EncodableVector pkac = new ASN1EncodableVector(); - - try - { - pkac.add(getKeySpec()); - } - catch (Exception e) - { - //ignore - } - - pkac.add(new DERIA5String(challenge)); - - spkac.add(new DERSequence(pkac)); - spkac.add(sigAlg); - spkac.add(new DERBitString(sigBits)); - - return new DERSequence(spkac); - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/AnnotatedException.java b/luni/src/main/java/org/bouncycastle/jce/provider/AnnotatedException.java deleted file mode 100644 index e68139a..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/AnnotatedException.java +++ /dev/null @@ -1,32 +0,0 @@ -package org.bouncycastle.jce.provider; - -public class AnnotatedException - extends Exception -{ - private Exception _underlyingException; - - AnnotatedException( - String string, - Exception e) - { - super(string); - - _underlyingException = e; - } - - AnnotatedException( - String string) - { - this(string, null); - } - - Exception getUnderlyingException() - { - return _underlyingException; - } - - public Throwable getCause() - { - return _underlyingException; - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java b/luni/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java deleted file mode 100644 index 4ec32a9..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java +++ /dev/null @@ -1,997 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.Provider; - -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.asn1.iana.IANAObjectIdentifiers; - -/** - * To add the provider at runtime use: - * <pre> - * import java.security.Security; - * import org.bouncycastle.jce.provider.BouncyCastleProvider; - * - * Security.addProvider(new BouncyCastleProvider()); - * </pre> - * The provider can also be configured as part of your environment via - * static registration by adding an entry to the java.security properties - * file (found in $JAVA_HOME/jre/lib/security/java.security, where - * $JAVA_HOME is the location of your JDK/JRE distribution). You'll find - * detailed instructions in the file but basically it comes down to adding - * a line: - * <pre> - * <code> - * security.provider.<n>=org.bouncycastle.jce.provider.BouncyCastleProvider - * </code> - * </pre> - * Where <n> is the preference you want the provider at (1 being the - * most prefered). - * <p>Note: JCE algorithm names should be uppercase only so the case insensitive - * test for getInstance works. - */ -public final class BouncyCastleProvider extends Provider -{ - private static String info = "BouncyCastle Security Provider v1.34"; - - public static String PROVIDER_NAME = "BC"; - - /** - * Construct a new provider. This should only be required when - * using runtime registration of the provider using the - * <code>Security.addProvider()</code> mechanism. - */ - public BouncyCastleProvider() - { - super(PROVIDER_NAME, 1.34, info); - - // - // KeyStore - // - put("KeyStore.BKS", "org.bouncycastle.jce.provider.JDKKeyStore"); - put("KeyStore.BouncyCastle", "org.bouncycastle.jce.provider.JDKKeyStore$BouncyCastleStore"); - put("KeyStore.PKCS12", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$BCPKCS12KeyStore"); - put("KeyStore.BCPKCS12", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$BCPKCS12KeyStore"); - put("KeyStore.PKCS12-DEF", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$DefPKCS12KeyStore"); - put("Alg.Alias.KeyStore.UBER", "BouncyCastle"); - put("Alg.Alias.KeyStore.BOUNCYCASTLE", "BouncyCastle"); - put("Alg.Alias.KeyStore.bouncycastle", "BouncyCastle"); - - // - // certificate factories. - // - put("CertificateFactory.X.509", "org.bouncycastle.jce.provider.JDKX509CertificateFactory"); - put("Alg.Alias.CertificateFactory.X509", "X.509"); - - // - // algorithm parameter generators - // - put("AlgorithmParameterGenerator.DH", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$DH"); - put("AlgorithmParameterGenerator.DSA", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$DSA"); - // BEGIN android-removed - // put("AlgorithmParameterGenerator.GOST3410", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$GOST3410"); - // put("AlgorithmParameterGenerator.ELGAMAL", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$ElGamal"); - // END android-removed - put("AlgorithmParameterGenerator.DES", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$DES"); - put("AlgorithmParameterGenerator.DESEDE", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$DES"); - put("AlgorithmParameterGenerator.1.2.840.113549.3.7", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$DES"); - put("AlgorithmParameterGenerator.1.3.14.3.2.7", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$DES"); - // BEGIN android-removed - // put("AlgorithmParameterGenerator.IDEA", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$IDEA"); - // put("AlgorithmParameterGenerator.1.3.6.1.4.1.188.7.1.1.2", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$IDEA"); - // put("AlgorithmParameterGenerator.RC2", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$RC2"); - // put("AlgorithmParameterGenerator.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$RC2"); - // put("AlgorithmParameterGenerator.CAST5", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$CAST5"); - // put("AlgorithmParameterGenerator.1.2.840.113533.7.66.10", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$CAST5"); - // END android-removed - put("AlgorithmParameterGenerator.AES", "org.bouncycastle.jce.provider.JDKAlgorithmParameterGenerator$AES"); - put("Alg.Alias.AlgorithmParameterGenerator.2.16.840.1.101.3.4.2", "AES"); // these first 3 are wrong, but seem to have got around - put("Alg.Alias.AlgorithmParameterGenerator.2.16.840.1.101.3.4.22", "AES"); - put("Alg.Alias.AlgorithmParameterGenerator.2.16.840.1.101.3.4.42", "AES"); - put("Alg.Alias.AlgorithmParameterGenerator.2.16.840.1.101.3.4.1.2", "AES"); - put("Alg.Alias.AlgorithmParameterGenerator.2.16.840.1.101.3.4.1.22", "AES"); - put("Alg.Alias.AlgorithmParameterGenerator.2.16.840.1.101.3.4.1.42", "AES"); - // BEGIN android-removed - // put("Alg.Alias.AlgorithmParameterGenerator.GOST-3410", "GOST3410"); - // END android-removed - - // - // algorithm parameters - // - put("AlgorithmParameters.OAEP", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$OAEP"); - put("AlgorithmParameters.PSS", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$PSS"); - put("AlgorithmParameters.DH", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$DH"); - put("AlgorithmParameters.DSA", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$DSA"); - // BEGIN android-removed - // put("AlgorithmParameters.ELGAMAL", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$ElGamal"); - // END android-removed - put("AlgorithmParameters.IES", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IES"); - put("AlgorithmParameters.PKCS12PBE", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$PKCS12PBE"); - // BEGIN android-removed - // double entry - // put("AlgorithmParameters.1.2.840.113549.3.7", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters"); - // END android-removed - // BEGIN android-removed - // put("AlgorithmParameters.IDEA", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IDEAAlgorithmParameters"); - // put("AlgorithmParameters.1.3.6.1.4.1.188.7.1.1.2", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IDEAAlgorithmParameters"); - // put("AlgorithmParameters.CAST5", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$CAST5AlgorithmParameters"); - // put("AlgorithmParameters.1.2.840.113533.7.66.10", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$CAST5AlgorithmParameters"); - // put("AlgorithmParameters.GOST3410", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$GOST3410"); - // put("Alg.Alias.AlgorithmParameters.GOST-3410", "GOST3410"); - // END android-removed - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1ANDRC2", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND3-KEYTRIPLEDES", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND2-KEYTRIPLEDES", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDRC2", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDRC4", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDIDEA", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1ANDRC2-CBC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDDES3KEY-CBC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDDES2KEY-CBC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND40BITRC2-CBC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND40BITRC4", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITRC2-CBC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITRC4", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDIDEA", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.1", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.2", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.3", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.4", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.5", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.6", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWithSHAAnd3KeyTripleDES", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.id_RSAES_OAEP, "OAEP"); - - put("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.id_RSASSA_PSS, "PSS"); - put("Alg.Alias.AlgorithmParameters.SHA1WITHRSAANDMGF1", "PSS"); - put("Alg.Alias.AlgorithmParameters.SHA224WITHRSAANDMGF1", "PSS"); - put("Alg.Alias.AlgorithmParameters.SHA256WITHRSAANDMGF1", "PSS"); - put("Alg.Alias.AlgorithmParameters.SHA384WITHRSAANDMGF1", "PSS"); - put("Alg.Alias.AlgorithmParameters.SHA512WITHRSAANDMGF1", "PSS"); - - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITAES-CBC-BC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND192BITAES-CBC-BC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND256BITAES-CBC-BC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA256AND128BITAES-CBC-BC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA256AND192BITAES-CBC-BC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA256AND256BITAES-CBC-BC", "PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1AND128BITAES-CBC-BC","PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1AND192BITAES-CBC-BC","PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1AND256BITAES-CBC-BC","PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-1AND128BITAES-CBC-BC","PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-1AND192BITAES-CBC-BC","PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-1AND256BITAES-CBC-BC","PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND128BITAES-CBC-BC","PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND192BITAES-CBC-BC","PKCS12PBE"); - put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND256BITAES-CBC-BC","PKCS12PBE"); - - // BEGIN android-removed - // put("AlgorithmParameters.SHA1WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); - // put("AlgorithmParameters.SHA224WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); - // put("AlgorithmParameters.SHA256WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); - // put("AlgorithmParameters.SHA384WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); - // put("AlgorithmParameters.SHA512WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters"); - // END android-removed - - // - // key agreement - // - put("KeyAgreement.DH", "org.bouncycastle.jce.provider.JCEDHKeyAgreement"); - // BEGIN android-removed - // put("KeyAgreement.ECDH", "org.bouncycastle.jce.provider.JCEECDHKeyAgreement$DH"); - // put("KeyAgreement.ECDHC", "org.bouncycastle.jce.provider.JCEECDHKeyAgreement$DHC"); - // END android-removed - - // - // cipher engines - // - put("Cipher.DES", "org.bouncycastle.jce.provider.JCEBlockCipher$DES"); - put("Cipher.DESEDE", "org.bouncycastle.jce.provider.JCEBlockCipher$DESede"); - put("Cipher.1.2.840.113549.3.7", "org.bouncycastle.jce.provider.JCEBlockCipher$DESedeCBC"); - put("Cipher.1.3.14.3.2.7", "org.bouncycastle.jce.provider.JCEBlockCipher$DESCBC"); - put("Cipher.DESEDEWRAP", "org.bouncycastle.jce.provider.WrapCipherSpi$DESEDEWrap"); - put("Cipher.1.2.840.113549.1.9.16.3.6", "org.bouncycastle.jce.provider.WrapCipherSpi$DESEDEWrap"); - // BEGIN android-removed - // put("Cipher.SKIPJACK", "org.bouncycastle.jce.provider.JCEBlockCipher$Skipjack"); - // put("Cipher.BLOWFISH", "org.bouncycastle.jce.provider.JCEBlockCipher$Blowfish"); - // put("Cipher.TWOFISH", "org.bouncycastle.jce.provider.JCEBlockCipher$Twofish"); - // put("Cipher.RC2", "org.bouncycastle.jce.provider.JCEBlockCipher$RC2"); - // put("Cipher.RC2WRAP", "org.bouncycastle.jce.provider.WrapCipherSpi$RC2Wrap"); - // put("Cipher.1.2.840.113549.1.9.16.3.7", "org.bouncycastle.jce.provider.WrapCipherSpi$RC2Wrap"); - // put("Cipher.ARC4", "org.bouncycastle.jce.provider.JCEStreamCipher$RC4"); - // put("Alg.Alias.Cipher.1.2.840.113549.3.4", "ARC4"); - // put("Alg.Alias.Cipher.ARCFOUR", "ARC4"); - // put("Alg.Alias.Cipher.RC4", "ARC4"); - // put("Cipher.RC5", "org.bouncycastle.jce.provider.JCEBlockCipher$RC5"); - // put("Cipher.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JCEBlockCipher$RC2CBC"); - // put("Alg.Alias.Cipher.RC5-32", "RC5"); - // put("Cipher.RC5-64", "org.bouncycastle.jce.provider.JCEBlockCipher$RC564"); - // put("Cipher.RC6", "org.bouncycastle.jce.provider.JCEBlockCipher$RC6"); - // AES uses some functionality from Rijdael perhaps ... - // put("Cipher.RIJNDAEL", "org.bouncycastle.jce.provider.JCEBlockCipher$Rijndael"); - // END android-removed - put("Cipher.AES", "org.bouncycastle.jce.provider.JCEBlockCipher$AES"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.2", "AES"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.22", "AES"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.42", "AES"); - put("Cipher." + NISTObjectIdentifiers.id_aes128_ECB, "org.bouncycastle.jce.provider.JCEBlockCipher$AES"); - put("Cipher." + NISTObjectIdentifiers.id_aes192_ECB, "org.bouncycastle.jce.provider.JCEBlockCipher$AES"); - put("Cipher." + NISTObjectIdentifiers.id_aes256_ECB, "org.bouncycastle.jce.provider.JCEBlockCipher$AES"); - put("Cipher." + NISTObjectIdentifiers.id_aes128_CBC, "org.bouncycastle.jce.provider.JCEBlockCipher$AESCBC"); - put("Cipher." + NISTObjectIdentifiers.id_aes192_CBC, "org.bouncycastle.jce.provider.JCEBlockCipher$AESCBC"); - put("Cipher." + NISTObjectIdentifiers.id_aes256_CBC, "org.bouncycastle.jce.provider.JCEBlockCipher$AESCBC"); - put("Cipher." + NISTObjectIdentifiers.id_aes128_OFB, "org.bouncycastle.jce.provider.JCEBlockCipher$AESOFB"); - put("Cipher." + NISTObjectIdentifiers.id_aes192_OFB, "org.bouncycastle.jce.provider.JCEBlockCipher$AESOFB"); - put("Cipher." + NISTObjectIdentifiers.id_aes256_OFB, "org.bouncycastle.jce.provider.JCEBlockCipher$AESOFB"); - put("Cipher." + NISTObjectIdentifiers.id_aes128_CFB, "org.bouncycastle.jce.provider.JCEBlockCipher$AESCFB"); - put("Cipher." + NISTObjectIdentifiers.id_aes192_CFB, "org.bouncycastle.jce.provider.JCEBlockCipher$AESCFB"); - put("Cipher." + NISTObjectIdentifiers.id_aes256_CFB, "org.bouncycastle.jce.provider.JCEBlockCipher$AESCFB"); - put("Cipher.AESWRAP", "org.bouncycastle.jce.provider.WrapCipherSpi$AESWrap"); - put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_wrap, "AESWRAP"); - put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_wrap, "AESWRAP"); - put("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_wrap, "AESWRAP"); - - // BEGIN android-removed - // put("Cipher.SERPENT", "org.bouncycastle.jce.provider.JCEBlockCipher$Serpent"); - // put("Cipher.CAMELLIA", "org.bouncycastle.jce.provider.JCEBlockCipher$Camellia"); - // put("Cipher.CAST5", "org.bouncycastle.jce.provider.JCEBlockCipher$CAST5"); - // put("Cipher.1.2.840.113533.7.66.10", "org.bouncycastle.jce.provider.JCEBlockCipher$CAST5CBC"); - // put("Cipher.CAST6", "org.bouncycastle.jce.provider.JCEBlockCipher$CAST6"); - // put("Cipher.IDEA", "org.bouncycastle.jce.provider.JCEBlockCipher$IDEA"); - // put("Cipher.1.3.6.1.4.1.188.7.1.1.2", "org.bouncycastle.jce.provider.JCEBlockCipher$IDEACBC"); - // END android-removed - put("Alg.Alias.Cipher.PBEWithSHAAnd3KeyTripleDES", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); - - // BEGIN android-removed - // put("Cipher.GOST28147", "org.bouncycastle.jce.provider.JCEBlockCipher$GOST28147"); - // put("Alg.Alias.Cipher.GOST", "GOST28147"); - // put("Alg.Alias.Cipher.GOST-28147", "GOST28147"); - - // put("Cipher." + CryptoProObjectIdentifiers.gostR28147_cbc, "org.bouncycastle.jce.provider.JCEBlockCipher$GOST28147cbc"); - - // put("Cipher.DES/CFB8", "org.bouncycastle.jce.provider.JCEStreamCipher$DES_CFB8"); - // put("Cipher.DESEDE/CFB8", "org.bouncycastle.jce.provider.JCEStreamCipher$DESede_CFB8"); - // put("Cipher.SKIPJACK/CFB8", "org.bouncycastle.jce.provider.JCEStreamCipher$Skipjack_CFB8"); - // put("Cipher.BLOWFISH/CFB8", "org.bouncycastle.jce.provider.JCEStreamCipher$Blowfish_CFB8"); - // put("Cipher.TWOFISH/CFB8", "org.bouncycastle.jce.provider.JCEStreamCipher$Twofish_CFB8"); - // put("Cipher.IDEA/CFB8", "org.bouncycastle.jce.provider.JCEStreamCipher$IDEA_CFB8"); - - // put("Alg.Alias.Cipher.DES/CFB8/NOPADDING", "DES/CFB8"); - // put("Alg.Alias.Cipher.DESEDE/CFB8/NOPADDING", "DESEDE/CFB8"); - // put("Alg.Alias.Cipher.SKIPJACK/CFB8/NOPADDING", "SKIPJACK/CFB8"); - // put("Alg.Alias.Cipher.BLOWFISH/CFB8/NOPADDING", "Blowfish/CFB8"); - // put("Alg.Alias.Cipher.TWOFISH/CFB8/NOPADDING", "Twofish/CFB8"); - // put("Alg.Alias.Cipher.IDEA/CFB8/NOPADDING", "IDEA/CFB8"); - - // put("Cipher.DES/OFB8", "org.bouncycastle.jce.provider.JCEStreamCipher$DES_OFB8"); - // put("Cipher.DESEDE/OFB8", "org.bouncycastle.jce.provider.JCEStreamCipher$DESede_OFB8"); - // put("Cipher.SKIPJACK/OFB8", "org.bouncycastle.jce.provider.JCEStreamCipher$Skipjack_OFB8"); - // put("Cipher.BLOWFISH/OFB8", "org.bouncycastle.jce.provider.JCEStreamCipher$Blowfish_OFB8"); - // put("Cipher.TWOFISH/OFB8", "org.bouncycastle.jce.provider.JCEStreamCipher$Twofish_OFB8"); - // put("Cipher.IDEA/OFB8", "org.bouncycastle.jce.provider.JCEStreamCipher$IDEA_OFB8"); - - // put("Alg.Alias.Cipher.DES/OFB8/NOPADDING", "DES/OFB8"); - // put("Alg.Alias.Cipher.DESEDE/OFB8/NOPADDING", "DESEDE/OFB8"); - // put("Alg.Alias.Cipher.SKIPJACK/OFB8/NOPADDING", "SKIPJACK/OFB8"); - // put("Alg.Alias.Cipher.BLOWFISH/OFB8/NOPADDING", "BLOWFISH/OFB8"); - // put("Alg.Alias.Cipher.TWOFISH/OFB8/NOPADDING", "TWOFISH/OFB8"); - // put("Alg.Alias.Cipher.IDEA/OFB8/NOPADDING", "IDEA/OFB8"); - // END android-removed - - put("Cipher.RSA", "org.bouncycastle.jce.provider.JCERSACipher$NoPadding"); - put("Cipher.RSA/RAW", "org.bouncycastle.jce.provider.JCERSACipher$NoPadding"); - put("Cipher.RSA/PKCS1", "org.bouncycastle.jce.provider.JCERSACipher$PKCS1v1_5Padding"); - put("Cipher.1.2.840.113549.1.1.1", "org.bouncycastle.jce.provider.JCERSACipher$PKCS1v1_5Padding"); - put("Cipher.2.5.8.1.1", "org.bouncycastle.jce.provider.JCERSACipher$PKCS1v1_5Padding"); - put("Cipher.RSA/1", "org.bouncycastle.jce.provider.JCERSACipher$PKCS1v1_5Padding_PrivateOnly"); - put("Cipher.RSA/2", "org.bouncycastle.jce.provider.JCERSACipher$PKCS1v1_5Padding_PublicOnly"); - put("Cipher.RSA/OAEP", "org.bouncycastle.jce.provider.JCERSACipher$OAEPPadding"); - put("Cipher.1.2.840.113549.1.1.7", "org.bouncycastle.jce.provider.JCERSACipher$OAEPPadding"); - put("Cipher.RSA/ISO9796-1", "org.bouncycastle.jce.provider.JCERSACipher$ISO9796d1Padding"); - - // BEGIN android-removed - // put("Cipher.ECIES", "org.bouncycastle.jce.provider.JCEIESCipher$ECIES"); - // put("Cipher.BrokenECIES", "org.bouncycastle.jce.provider.JCEIESCipher$BrokenECIES"); - // END android-removed - put("Cipher.IES", "org.bouncycastle.jce.provider.JCEIESCipher$IES"); - put("Cipher.BrokenIES", "org.bouncycastle.jce.provider.JCEIESCipher$BrokenIES"); - // BEGIN android-removed - // put("Cipher.ELGAMAL", "org.bouncycastle.jce.provider.JCEElGamalCipher$NoPadding"); - // put("Cipher.ELGAMAL/PKCS1", "org.bouncycastle.jce.provider.JCEElGamalCipher$PKCS1v1_5Padding"); - // END android-removed - - put("Alg.Alias.Cipher.RSA//RAW", "RSA"); - put("Alg.Alias.Cipher.RSA//NOPADDING", "RSA"); - put("Alg.Alias.Cipher.RSA//PKCS1PADDING", "RSA/PKCS1"); - put("Alg.Alias.Cipher.RSA//OAEPPADDING", "RSA/OAEP"); - put("Alg.Alias.Cipher.RSA//ISO9796-1PADDING", "RSA/ISO9796-1"); - - // BEGIN android-removed - // put("Alg.Alias.Cipher.ELGAMAL/ECB/PKCS1PADDING", "ELGAMAL/PKCS1"); - // put("Alg.Alias.Cipher.ELGAMAL/NONE/PKCS1PADDING", "ELGAMAL/PKCS1"); - // put("Alg.Alias.Cipher.ELGAMAL/NONE/NOPADDING", "ELGAMAL"); - // END android-removed - - put("Cipher.PBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithMD5AndDES"); - put("Cipher.BROKENPBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithMD5AndDES"); - put("Cipher.PBEWITHMD5ANDRC2", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithMD5AndRC2"); - put("Cipher.PBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHA1AndDES"); - put("Cipher.BROKENPBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES"); - // BEGIN android-removed - // put("Cipher.PBEWITHSHA1ANDRC2", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHA1AndRC2"); - // END android-removed - put("Cipher.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAndDES3Key"); - put("Cipher.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHAAndDES3Key"); - put("Cipher.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndDES3Key"); - put("Cipher.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAndDES2Key"); - put("Cipher.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHAAndDES2Key"); - // BEGIN android-removed - // put("Cipher.PBEWITHSHAAND128BITRC2-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAnd128BitRC2"); - // END android-removed - put("Cipher.PBEWITHSHAAND40BITRC2-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAnd40BitRC2"); - // BEGIN android-removed - // put("Cipher.PBEWITHSHAAND128BITRC4", "org.bouncycastle.jce.provider.JCEStreamCipher$PBEWithSHAAnd128BitRC4"); - // put("Cipher.PBEWITHSHAAND40BITRC4", "org.bouncycastle.jce.provider.JCEStreamCipher$PBEWithSHAAnd40BitRC4"); - // END android-removed - - put("Cipher.PBEWITHSHAAND128BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - put("Cipher.PBEWITHSHAAND192BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - put("Cipher.PBEWITHSHAAND256BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - - put("Alg.Alias.Cipher.PBEWITHSHA1AND3-KEYTRIPLEDES-CBC", "Cipher.PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); - put("Alg.Alias.Cipher.PBEWITHSHA1AND2-KEYTRIPLEDES-CBC", "Cipher.PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); - // BEGIN android-removed - // put("Alg.Alias.Cipher.PBEWITHSHA1AND128BITRC2-CBC", "Cipher.PBEWITHSHAAND128BITRC2-CBC"); - // END android-removed - put("Alg.Alias.Cipher.PBEWITHSHA1AND40BITRC2-CBC", "Cipher.PBEWITHSHAAND40BITRC2-CBC"); - // BEGIN android-removed - // put("Alg.Alias.Cipher.PBEWITHSHA1AND128BITRC4", "Cipher.PBEWITHSHAAND128BITRC4"); - // put("Alg.Alias.Cipher.PBEWITHSHA1AND40BITRC4", "Cipher.PBEWITHSHAAND40BITRC4"); - // END android-removed - - put("Cipher.PBEWITHSHAAND128BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - put("Cipher.PBEWITHSHAAND192BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - put("Cipher.PBEWITHSHAAND256BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - put("Cipher.PBEWITHSHA256AND128BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - put("Cipher.PBEWITHSHA256AND192BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - put("Cipher.PBEWITHSHA256AND256BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - put("Alg.Alias.Cipher.PBEWITHSHA1AND128BITAES-CBC-BC","PBEWITHSHAAND128BITAES-CBC-BC"); - put("Alg.Alias.Cipher.PBEWITHSHA1AND192BITAES-CBC-BC","PBEWITHSHAAND192BITAES-CBC-BC"); - put("Alg.Alias.Cipher.PBEWITHSHA1AND256BITAES-CBC-BC","PBEWITHSHAAND256BITAES-CBC-BC"); - put("Alg.Alias.Cipher.PBEWITHSHA-1AND128BITAES-CBC-BC","PBEWITHSHAAND128BITAES-CBC-BC"); - put("Alg.Alias.Cipher.PBEWITHSHA-1AND192BITAES-CBC-BC","PBEWITHSHAAND192BITAES-CBC-BC"); - put("Alg.Alias.Cipher.PBEWITHSHA-1AND256BITAES-CBC-BC","PBEWITHSHAAND256BITAES-CBC-BC"); - put("Alg.Alias.Cipher.PBEWITHSHA-256AND128BITAES-CBC-BC","PBEWITHSHA256AND128BITAES-CBC-BC"); - put("Alg.Alias.Cipher.PBEWITHSHA-256AND192BITAES-CBC-BC","PBEWITHSHA256AND192BITAES-CBC-BC"); - put("Alg.Alias.Cipher.PBEWITHSHA-256AND256BITAES-CBC-BC","PBEWITHSHA256AND256BITAES-CBC-BC"); - - put("Cipher.PBEWITHMD5AND128BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - put("Cipher.PBEWITHMD5AND192BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - put("Cipher.PBEWITHMD5AND256BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC"); - - // BEGIN android-removed - // put("Cipher.PBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAndTwofish"); - // put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish"); - // put("Cipher.PBEWITHSHAANDIDEA-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAndIDEA"); - // - // put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.1", "PBEWITHSHAAND128BITRC4"); - // put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.2", "PBEWITHSHAAND40BITRC4"); - // END android-removed - put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.3", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); - put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.4", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); - // BEGIN android-removed - // put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.5", "PBEWITHSHAAND128BITRC2-CBC"); - // END android-removed - put("Alg.Alias.Cipher.1.2.840.113549.1.12.1.6", "PBEWITHSHAAND40BITRC2-CBC"); - put("Alg.Alias.Cipher.PBEWITHSHA1ANDDESEDE", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); - // - // key generators. - // - put("KeyGenerator.DES", "org.bouncycastle.jce.provider.JCEKeyGenerator$DES"); - put("Alg.Alias.KeyGenerator.1.3.14.3.2.7", "DES"); - put("KeyGenerator.DESEDE", "org.bouncycastle.jce.provider.JCEKeyGenerator$DESede"); - put("KeyGenerator.1.2.840.113549.3.7", "org.bouncycastle.jce.provider.JCEKeyGenerator$DESede3"); - put("KeyGenerator.DESEDEWRAP", "org.bouncycastle.jce.provider.JCEKeyGenerator$DESede"); - // BEGIN android-removed - // put("KeyGenerator.SKIPJACK", "org.bouncycastle.jce.provider.JCEKeyGenerator$Skipjack"); - // put("KeyGenerator.BLOWFISH", "org.bouncycastle.jce.provider.JCEKeyGenerator$Blowfish"); - // put("KeyGenerator.TWOFISH", "org.bouncycastle.jce.provider.JCEKeyGenerator$Twofish"); - // put("KeyGenerator.RC2", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC2"); - // put("KeyGenerator.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC2"); - // put("KeyGenerator.RC4", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC4"); - // put("Alg.Alias.KeyGenerator.ARC4", "RC4"); - // put("Alg.Alias.KeyGenerator.1.2.840.113549.3.4", "RC4"); - // put("KeyGenerator.RC5", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC5"); - // put("Alg.Alias.KeyGenerator.RC5-32", "RC5"); - // put("KeyGenerator.RC5-64", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC564"); - // put("KeyGenerator.RC6", "org.bouncycastle.jce.provider.JCEKeyGenerator$RC6"); - // put("KeyGenerator.RIJNDAEL", "org.bouncycastle.jce.provider.JCEKeyGenerator$Rijndael"); - // END android-removed - put("KeyGenerator.AES", "org.bouncycastle.jce.provider.JCEKeyGenerator$AES"); - put("KeyGenerator.2.16.840.1.101.3.4.2", "org.bouncycastle.jce.provider.JCEKeyGenerator$AES128"); - put("KeyGenerator.2.16.840.1.101.3.4.22", "org.bouncycastle.jce.provider.JCEKeyGenerator$AES192"); - put("KeyGenerator.2.16.840.1.101.3.4.42", "org.bouncycastle.jce.provider.JCEKeyGenerator$AES256"); - put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_ECB, "org.bouncycastle.jce.provider.JCEKeyGenerator$AES128"); - put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "org.bouncycastle.jce.provider.JCEKeyGenerator$AES128"); - put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_OFB, "org.bouncycastle.jce.provider.JCEKeyGenerator$AES128"); - put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CFB, "org.bouncycastle.jce.provider.JCEKeyGenerator$AES128"); - put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_ECB, "org.bouncycastle.jce.provider.JCEKeyGenerator$AES192"); - put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "org.bouncycastle.jce.provider.JCEKeyGenerator$AES192"); - put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_OFB, "org.bouncycastle.jce.provider.JCEKeyGenerator$AES192"); - put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CFB, "org.bouncycastle.jce.provider.JCEKeyGenerator$AES192"); - put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_ECB, "org.bouncycastle.jce.provider.JCEKeyGenerator$AES256"); - put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "org.bouncycastle.jce.provider.JCEKeyGenerator$AES256"); - put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_OFB, "org.bouncycastle.jce.provider.JCEKeyGenerator$AES256"); - put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CFB, "org.bouncycastle.jce.provider.JCEKeyGenerator$AES256"); - put("KeyGenerator.AESWRAP", "org.bouncycastle.jce.provider.JCEKeyGenerator$AES"); - put("KeyGenerator." + NISTObjectIdentifiers.id_aes128_wrap, "org.bouncycastle.jce.provider.JCEKeyGenerator$AES128"); - put("KeyGenerator." + NISTObjectIdentifiers.id_aes192_wrap, "org.bouncycastle.jce.provider.JCEKeyGenerator$AES192"); - put("KeyGenerator." + NISTObjectIdentifiers.id_aes256_wrap, "org.bouncycastle.jce.provider.JCEKeyGenerator$AES256"); - // BEGIN android-removed - // put("KeyGenerator.SERPENT", "org.bouncycastle.jce.provider.JCEKeyGenerator$Serpent"); - // put("KeyGenerator.CAMELLIA", "org.bouncycastle.jce.provider.JCEKeyGenerator$Camellia"); - // put("KeyGenerator.CAST5", "org.bouncycastle.jce.provider.JCEKeyGenerator$CAST5"); - // put("KeyGenerator.1.2.840.113533.7.66.10", "org.bouncycastle.jce.provider.JCEKeyGenerator$CAST5"); - // put("KeyGenerator.CAST6", "org.bouncycastle.jce.provider.JCEKeyGenerator$CAST6"); - // put("KeyGenerator.IDEA", "org.bouncycastle.jce.provider.JCEKeyGenerator$IDEA"); - // put("KeyGenerator.1.3.6.1.4.1.188.7.1.1.2", "org.bouncycastle.jce.provider.JCEKeyGenerator$IDEA"); - - // put("KeyGenerator.GOST28147", "org.bouncycastle.jce.provider.JCEKeyGenerator$GOST28147"); - // put("Alg.Alias.KeyGenerator.GOST", "GOST28147"); - // put("Alg.Alias.KeyGenerator.GOST-28147", "GOST28147"); - // put("Alg.Alias.KeyGenerator." + CryptoProObjectIdentifiers.gostR28147_cbc, "GOST28147"); - // END android-removed - - // - // key pair generators. - // - put("KeyPairGenerator.RSA", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$RSA"); - put("KeyPairGenerator.DH", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$DH"); - put("KeyPairGenerator.DSA", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$DSA"); - // BEGIN android-removed - // put("KeyPairGenerator.ELGAMAL", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$ElGamal"); - // put("KeyPairGenerator.EC", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$EC"); - // put("KeyPairGenerator.ECDSA", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$ECDSA"); - // put("KeyPairGenerator.ECDH", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$ECDH"); - // put("KeyPairGenerator.ECDHC", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$ECDHC"); - // put("KeyPairGenerator.ECIES", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$ECDH"); - // END android-removed - put("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1.1", "RSA"); - - // BEGIN android-removed - // put("KeyPairGenerator.GOST3410", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$GOST3410"); - // put("Alg.Alias.KeyPairGenerator.GOST-3410", "GOST3410"); - // put("Alg.Alias.KeyPairGenerator.GOST-3410-94", "GOST3410"); - - // put("KeyPairGenerator.ECGOST3410", "org.bouncycastle.jce.provider.JDKKeyPairGenerator$ECGOST3410"); - // put("Alg.Alias.KeyPairGenerator.ECGOST-3410", "ECGOST3410"); - // put("Alg.Alias.KeyPairGenerator.GOST-3410-2001", "ECGOST3410"); - // END android-removed - - - // - // key factories - // - put("KeyFactory.RSA", "org.bouncycastle.jce.provider.JDKKeyFactory$RSA"); - put("KeyFactory.DH", "org.bouncycastle.jce.provider.JDKKeyFactory$DH"); - put("KeyFactory.DSA", "org.bouncycastle.jce.provider.JDKKeyFactory$DSA"); - // BEGIN android-removed - // put("KeyFactory.ELGAMAL", "org.bouncycastle.jce.provider.JDKKeyFactory$ElGamal"); - // put("KeyFactory.ElGamal", "org.bouncycastle.jce.provider.JDKKeyFactory$ElGamal"); - // put("KeyFactory.EC", "org.bouncycastle.jce.provider.JDKKeyFactory$EC"); - // put("KeyFactory.ECDSA", "org.bouncycastle.jce.provider.JDKKeyFactory$ECDSA"); - // put("KeyFactory.ECDH", "org.bouncycastle.jce.provider.JDKKeyFactory$ECDH"); - // put("KeyFactory.ECDHC", "org.bouncycastle.jce.provider.JDKKeyFactory$ECDHC"); - // END android-removed - put("KeyFactory.X.509", "org.bouncycastle.jce.provider.JDKKeyFactory$X509"); - - put("Alg.Alias.KeyFactory.1.2.840.113549.1.1.1", "RSA"); - put("Alg.Alias.KeyFactory.1.2.840.10040.4.1", "DSA"); - // BEGIN android-removed - // put("Alg.Alias.KeyFactory." + X9ObjectIdentifiers.id_ecPublicKey, "EC"); - - - // put("KeyFactory.GOST3410", "org.bouncycastle.jce.provider.JDKKeyFactory$GOST3410"); - // put("Alg.Alias.KeyFactory.GOST-3410", "GOST3410"); - // put("Alg.Alias.KeyFactory.GOST-3410-94", "GOST3410"); - // put("Alg.Alias.KeyFactory." + CryptoProObjectIdentifiers.gostR3410_94, "GOST3410"); - // put("KeyFactory.ECGOST3410", "org.bouncycastle.jce.provider.JDKKeyFactory$ECGOST3410"); - // put("Alg.Alias.KeyFactory.GOST-3410-2001", "ECGOST3410"); - // put("Alg.Alias.KeyFactory.ECGOST-3410", "ECGOST3410"); - // put("Alg.Alias.KeyFactory." + CryptoProObjectIdentifiers.gostR3410_2001, "ECGOST3410"); - // END android-removed - - // - // Algorithm parameters - // - put("AlgorithmParameters.DES", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters"); - put("Alg.Alias.AlgorithmParameters.1.3.14.3.2.7", "DES"); - put("AlgorithmParameters.DESEDE", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters"); - put("AlgorithmParameters.1.2.840.113549.3.7", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters"); - // BEGIN android-removed - // put("AlgorithmParameters.RC2", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$RC2AlgorithmParameters"); - // put("AlgorithmParameters.1.2.840.113549.3.2", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$RC2AlgorithmParameters"); - // put("AlgorithmParameters.RC5", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters"); - // put("AlgorithmParameters.RC6", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters"); - // put("AlgorithmParameters.IDEA", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IDEAAlgorithmParameters"); - // put("AlgorithmParameters.BLOWFISH", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters"); - // put("AlgorithmParameters.TWOFISH", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters"); - // put("AlgorithmParameters.SKIPJACK", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters"); - // put("AlgorithmParameters.RIJNDAEL", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters"); - // END android-removed - put("AlgorithmParameters.AES", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IVAlgorithmParameters"); - put("Alg.Alias.AlgorithmParameters.2.16.840.1.101.3.4.2", "AES"); - put("Alg.Alias.AlgorithmParameters.2.16.840.1.101.3.4.22", "AES"); - put("Alg.Alias.AlgorithmParameters.2.16.840.1.101.3.4.42", "AES"); - put("Alg.Alias.AlgorithmParameters.2.16.840.1.101.3.4.1.2", "AES"); - put("Alg.Alias.AlgorithmParameters.2.16.840.1.101.3.4.1.22", "AES"); - put("Alg.Alias.AlgorithmParameters.2.16.840.1.101.3.4.1.42", "AES"); - - // - // secret key factories. - // - put("SecretKeyFactory.DES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$DES"); - put("SecretKeyFactory.DESEDE", "org.bouncycastle.jce.provider.JCESecretKeyFactory$DESede"); - put("SecretKeyFactory.DESEDE", "org.bouncycastle.jce.provider.JCESecretKeyFactory$DESede"); - put("SecretKeyFactory.PBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5AndDES"); - put("SecretKeyFactory.PBEWITHMD5ANDRC2", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5AndRC2"); - put("SecretKeyFactory.PBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA1AndDES"); - put("SecretKeyFactory.PBEWITHSHA1ANDRC2", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA1AndRC2"); - put("SecretKeyFactory.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAndDES3Key"); - put("SecretKeyFactory.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAndDES2Key"); - // BEGIN android-removed - // put("SecretKeyFactory.PBEWITHSHAAND128BITRC4", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd128BitRC4"); - // put("SecretKeyFactory.PBEWITHSHAAND40BITRC4", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd40BitRC4"); - // put("SecretKeyFactory.PBEWITHSHAAND128BITRC2-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd128BitRC2"); - // BEGIN android-removed - put("SecretKeyFactory.PBEWITHSHAAND40BITRC2-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd40BitRC2"); - // END android-removed - // put("SecretKeyFactory.PBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAndTwofish"); - // put("SecretKeyFactory.PBEWITHSHAANDIDEA-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAndIDEA"); - // put("SecretKeyFactory.PBEWITHHMACRIPEMD160", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithRIPEMD160"); - // END android-removed - put("SecretKeyFactory.PBEWITHHMACSHA1", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA"); - // BEGIN android-removed - // put("SecretKeyFactory.PBEWITHHMACTIGER", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithTiger"); - // END android-removed - - put("SecretKeyFactory.PBEWITHMD5AND128BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5And128BitAESCBCOpenSSL"); - put("SecretKeyFactory.PBEWITHMD5AND192BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5And192BitAESCBCOpenSSL"); - put("SecretKeyFactory.PBEWITHMD5AND256BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5And256BitAESCBCOpenSSL"); - - put("Alg.Alias.SecretKeyFactory.PBE", "PBE/PKCS5"); - - put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHMD5ANDDES", "PBE/PKCS5"); - put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHA1ANDDES", "PBE/PKCS5"); - put("Alg.Alias.SecretKeyFactory.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PBE/PKCS12"); - put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PBE/PKCS12"); - put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", "PBE/PKCS12"); - // BEGIN android-removed - // put("Alg.Alias.SecretKeyFactory.OLDPBEWITHSHAANDTWOFISH-CBC", "PBE/PKCS12"); - - // put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.1", "PBEWITHSHAAND128BITRC4"); - // put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.2", "PBEWITHSHAAND40BITRC4"); - // END android-removed - put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.3", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); - // BEGIN android-removed - // put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.4", "PBEWITHSHAAND2-KEYTRIPLEDES-CBC"); - // put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.5", "PBEWITHSHAAND128BITRC2-CBC"); - // END android-removed - put("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.6", "PBEWITHSHAAND40BITRC2-CBC"); - - put("Alg.Alias.SecretKeyFactory.PBEWITHHMACSHA", "PBEWITHHMACSHA1"); - put("Alg.Alias.SecretKeyFactory.1.3.14.3.2.26", "PBEWITHHMACSHA1"); - put("Alg.Alias.SecretKeyFactory.PBEWithSHAAnd3KeyTripleDES", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC"); - - put("SecretKeyFactory.PBEWITHSHAAND128BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd128BitAESBC"); - put("SecretKeyFactory.PBEWITHSHAAND192BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd192BitAESBC"); - put("SecretKeyFactory.PBEWITHSHAAND256BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd256BitAESBC"); - put("SecretKeyFactory.PBEWITHSHA256AND128BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA256And128BitAESBC"); - put("SecretKeyFactory.PBEWITHSHA256AND192BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA256And192BitAESBC"); - put("SecretKeyFactory.PBEWITHSHA256AND256BITAES-CBC-BC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA256And256BitAESBC"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA1AND128BITAES-CBC-BC","PBEWITHSHAAND128BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA1AND192BITAES-CBC-BC","PBEWITHSHAAND192BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA1AND256BITAES-CBC-BC","PBEWITHSHAAND256BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA-1AND128BITAES-CBC-BC","PBEWITHSHAAND128BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA-1AND192BITAES-CBC-BC","PBEWITHSHAAND192BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA-1AND256BITAES-CBC-BC","PBEWITHSHAAND256BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA-256AND128BITAES-CBC-BC","PBEWITHSHA256AND128BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA-256AND192BITAES-CBC-BC","PBEWITHSHA256AND192BITAES-CBC-BC"); - put("Alg.Alias.SecretKeyFactory.PBEWITHSHA-256AND256BITAES-CBC-BC","PBEWITHSHA256AND256BITAES-CBC-BC"); - - addMacAlgorithms(); - - addMessageDigestAlgorithms(); - - addSignatureAlgorithms(); - - // Certification Path API - put("CertPathValidator.PKIX", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi"); - put("CertPathValidator.PKIX ValidationAlgorithm", "RFC2459"); - put("CertPathBuilder.PKIX", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi"); - put("CertPathBuilder.PKIX ValidationAlgorithm", "RFC2459"); - put("CertStore.Collection", "org.bouncycastle.jce.provider.CertStoreCollectionSpi"); - } - - // - // macs - // - private void addMacAlgorithms() - { - put("Mac.DESMAC", "org.bouncycastle.jce.provider.JCEMac$DES"); - put("Alg.Alias.Mac.DES", "DESMAC"); - put("Mac.DESMAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$DESCFB8"); - put("Alg.Alias.Mac.DES/CFB8", "DESMAC/CFB8"); - - put("Mac.DESEDEMAC", "org.bouncycastle.jce.provider.JCEMac$DESede"); - put("Alg.Alias.Mac.DESEDE", "DESEDEMAC"); - put("Mac.DESEDEMAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$DESedeCFB8"); - put("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8"); - - put("Mac.DESWITHISO9797", "org.bouncycastle.jce.provider.JCEMac$ISO9797_DES"); - put("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797"); - - put("Mac.DESEDEMAC64", "org.bouncycastle.jce.provider.JCEMac$DESede64"); - put("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64"); - - put("Mac.ISO9797ALG3MAC", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3"); - put("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC"); - - // BEGIN android-removed - // put("Mac.SKIPJACKMAC", "org.bouncycastle.jce.provider.JCEMac$Skipjack"); - // put("Alg.Alias.Mac.SKIPJACK", "SKIPJACKMAC"); - // put("Mac.SKIPJACKMAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$SkipjackCFB8"); - // put("Alg.Alias.Mac.SKIPJACK/CFB8", "SKIPJACKMAC/CFB8"); - // - // put("Mac.IDEAMAC", "org.bouncycastle.jce.provider.JCEMac$IDEA"); - // put("Alg.Alias.Mac.IDEA", "IDEAMAC"); - // put("Mac.IDEAMAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$IDEACFB8"); - // put("Alg.Alias.Mac.IDEA/CFB8", "IDEAMAC/CFB8"); - // - // put("Mac.RC2MAC", "org.bouncycastle.jce.provider.JCEMac$RC2"); - // put("Alg.Alias.Mac.RC2", "RC2MAC"); - // put("Mac.RC2MAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$RC2CFB8"); - // put("Alg.Alias.Mac.RC2/CFB8", "RC2MAC/CFB8"); - // - // put("Mac.RC5MAC", "org.bouncycastle.jce.provider.JCEMac$RC5"); - // put("Alg.Alias.Mac.RC5", "RC5MAC"); - // put("Mac.RC5MAC/CFB8", "org.bouncycastle.jce.provider.JCEMac$RC5CFB8"); - // put("Alg.Alias.Mac.RC5/CFB8", "RC5MAC/CFB8"); - // - // put("Mac.GOST28147MAC", "org.bouncycastle.jce.provider.JCEMac$GOST28147"); - // - // put("Mac.OLDHMACSHA384", "org.bouncycastle.jce.provider.JCEMac$OldSHA384"); - // - // put("Mac.OLDHMACSHA512", "org.bouncycastle.jce.provider.JCEMac$OldSHA512"); - // - // addHMACAlgorithm("MD2", "org.bouncycastle.jce.provider.JCEMac$MD2", "org.bouncycastle.jce.provider.JCEKeyGenerator$MD2HMAC"); - // addHMACAlgorithm("MD4", "org.bouncycastle.jce.provider.JCEMac$MD4", "org.bouncycastle.jce.provider.JCEKeyGenerator$MD4HMAC"); - // END android-removed - addHMACAlgorithm("MD5", "org.bouncycastle.jce.provider.JCEMac$MD5", "org.bouncycastle.jce.provider.JCEKeyGenerator$MD5HMAC"); - addHMACAlias("MD5", IANAObjectIdentifiers.hmacMD5); - - addHMACAlgorithm("SHA1", "org.bouncycastle.jce.provider.JCEMac$SHA1", "org.bouncycastle.jce.provider.JCEKeyGenerator$HMACSHA1"); - addHMACAlias("SHA1", PKCSObjectIdentifiers.id_hmacWithSHA1); - addHMACAlias("SHA1", IANAObjectIdentifiers.hmacSHA1); - addHMACAlgorithm("SHA224", "org.bouncycastle.jce.provider.JCEMac$SHA224", "org.bouncycastle.jce.provider.JCEKeyGenerator$HMACSHA224"); - addHMACAlias("SHA224", PKCSObjectIdentifiers.id_hmacWithSHA224); - addHMACAlgorithm("SHA256", "org.bouncycastle.jce.provider.JCEMac$SHA256", "org.bouncycastle.jce.provider.JCEKeyGenerator$HMACSHA256"); - addHMACAlias("SHA256", PKCSObjectIdentifiers.id_hmacWithSHA256); - addHMACAlgorithm("SHA384", "org.bouncycastle.jce.provider.JCEMac$SHA384", "org.bouncycastle.jce.provider.JCEKeyGenerator$HMACSHA384"); - addHMACAlias("SHA384", PKCSObjectIdentifiers.id_hmacWithSHA384); - addHMACAlgorithm("SHA512", "org.bouncycastle.jce.provider.JCEMac$SHA512", "org.bouncycastle.jce.provider.JCEKeyGenerator$HMACSHA512"); - addHMACAlias("SHA512", PKCSObjectIdentifiers.id_hmacWithSHA512); - - // BEGIN android-removed - //addHMACAlgorithm("RIPEMD128", "org.bouncycastle.jce.provider.JCEMac$RIPEMD128", "org.bouncycastle.jce.provider.JCEKeyGenerator$RIPEMD128HMAC"); - //addHMACAlgorithm("RIPEMD160", "org.bouncycastle.jce.provider.JCEMac$RIPEMD160", "org.bouncycastle.jce.provider.JCEKeyGenerator$RIPEMD160HMAC"); - //addHMACAlias("RIPEMD160", IANAObjectIdentifiers.hmacRIPEMD160); - - // addHMACAlgorithm("TIGER", "org.bouncycastle.jce.provider.JCEMac$Tiger", "org.bouncycastle.jce.provider.JCEKeyGenerator$HMACTIGER"); - // addHMACAlias("TIGER", IANAObjectIdentifiers.hmacTIGER); - // END android-removed - - put("Mac.PBEWITHHMACSHA", "org.bouncycastle.jce.provider.JCEMac$PBEWithSHA"); - put("Mac.PBEWITHHMACSHA1", "org.bouncycastle.jce.provider.JCEMac$PBEWithSHA"); - // BEGIN android-removed - // put("Mac.PBEWITHHMACRIPEMD160", "org.bouncycastle.jce.provider.JCEMac$PBEWithRIPEMD160"); - // END android-removed - put("Alg.Alias.Mac.1.3.14.3.2.26", "PBEWITHHMACSHA"); - } - - private void addHMACAlgorithm( - String algorithm, - String algorithmClassName, - String keyGeneratorClassName) - { - String mainName = "HMAC" + algorithm; - - put("Mac." + mainName, algorithmClassName); - put("Alg.Alias.Mac.HMAC-" + algorithm, mainName); - put("Alg.Alias.Mac.HMAC/" + algorithm, mainName); - put("KeyGenerator." + mainName, keyGeneratorClassName); - put("Alg.Alias.KeyGenerator.HMAC-" + algorithm, mainName); - put("Alg.Alias.KeyGenerator.HMAC/" + algorithm, mainName); - } - - private void addHMACAlias( - String algorithm, - DERObjectIdentifier oid) - { - String mainName = "HMAC" + algorithm; - - put("Alg.Alias.Mac." + oid, mainName); - put("Alg.Alias.KeyGenerator." + oid, mainName); - } - - // - // message digests - // - private void addMessageDigestAlgorithms() - { - // BEGIN android-removed - // put("MessageDigest.SHA-1", "org.bouncycastle.jce.provider.JDKMessageDigest$SHA1"); - // put("Alg.Alias.MessageDigest.SHA1", "SHA-1"); - // put("Alg.Alias.MessageDigest.SHA", "SHA-1"); - // put("Alg.Alias.MessageDigest." + OIWObjectIdentifiers.idSHA1, "SHA-1"); - // put("MessageDigest.SHA-224", "org.bouncycastle.jce.provider.JDKMessageDigest$SHA224"); - // put("Alg.Alias.MessageDigest.SHA224", "SHA-224"); - // put("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha224, "SHA-224"); - // put("MessageDigest.SHA-256", "org.bouncycastle.jce.provider.JDKMessageDigest$SHA256"); - // put("Alg.Alias.MessageDigest.SHA256", "SHA-256"); - // put("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha256, "SHA-256"); - // END android-removed - put("MessageDigest.SHA-384", "org.bouncycastle.jce.provider.JDKMessageDigest$SHA384"); - put("Alg.Alias.MessageDigest.SHA384", "SHA-384"); - put("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha384, "SHA-384"); - put("MessageDigest.SHA-512", "org.bouncycastle.jce.provider.JDKMessageDigest$SHA512"); - put("Alg.Alias.MessageDigest.SHA512", "SHA-512"); - put("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512, "SHA-512"); - - // BEGIN android-removed - // put("MessageDigest.MD2", "org.bouncycastle.jce.provider.JDKMessageDigest$MD2"); - // put("Alg.Alias.MessageDigest." + PKCSObjectIdentifiers.md2, "MD2"); - // put("MessageDigest.MD4", "org.bouncycastle.jce.provider.JDKMessageDigest$MD4"); - // put("Alg.Alias.MessageDigest." + PKCSObjectIdentifiers.md4, "MD4"); - // put("MessageDigest.MD5", "org.bouncycastle.jce.provider.JDKMessageDigest$MD5"); - // put("Alg.Alias.MessageDigest." + PKCSObjectIdentifiers.md5, "MD5"); - // put("MessageDigest.RIPEMD128", "org.bouncycastle.jce.provider.JDKMessageDigest$RIPEMD128"); - // put("Alg.Alias.MessageDigest." + TeleTrusTObjectIdentifiers.ripemd128, "RIPEMD128"); - // put("MessageDigest.RIPEMD160", "org.bouncycastle.jce.provider.JDKMessageDigest$RIPEMD160"); - // put("Alg.Alias.MessageDigest." + TeleTrusTObjectIdentifiers.ripemd160, "RIPEMD160"); - // put("MessageDigest.RIPEMD256", "org.bouncycastle.jce.provider.JDKMessageDigest$RIPEMD256"); - // put("Alg.Alias.MessageDigest." + TeleTrusTObjectIdentifiers.ripemd256, "RIPEMD256"); - // put("MessageDigest.RIPEMD320", "org.bouncycastle.jce.provider.JDKMessageDigest$RIPEMD320"); - // put("MessageDigest.Tiger", "org.bouncycastle.jce.provider.JDKMessageDigest$Tiger"); - - // put("MessageDigest.WHIRLPOOL", "org.bouncycastle.jce.provider.JDKMessageDigest$Whirlpool"); - - // put("MessageDigest.GOST3411", "org.bouncycastle.jce.provider.JDKMessageDigest$GOST3411"); - // put("Alg.Alias.MessageDigest.GOST", "GOST3411"); - // put("Alg.Alias.MessageDigest.GOST-3411", "GOST3411"); - // put("Alg.Alias.MessageDigest." + CryptoProObjectIdentifiers.gostR3411, "GOST3411"); - // END android-removed - } - - // - // signature algorithms. - // - private void addSignatureAlgorithms() - { - // BEGIN android-removed - // Dropping MD2 - // put("Signature.MD2WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$MD2WithRSAEncryption"); - // END android-removed - put("Signature.MD4WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$MD4WithRSAEncryption"); - put("Signature.MD5WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$MD5WithRSAEncryption"); - put("Signature.SHA1WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$SHA1WithRSAEncryption"); - put("Signature.SHA224WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$SHA224WithRSAEncryption"); - put("Signature.SHA256WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$SHA256WithRSAEncryption"); - put("Signature.SHA384WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$SHA384WithRSAEncryption"); - put("Signature.SHA512WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$SHA512WithRSAEncryption"); - // BEGIN android-removed - // put("Signature.RIPEMD160WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$RIPEMD160WithRSAEncryption"); - // put("Signature.RIPEMD128WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$RIPEMD128WithRSAEncryption"); - // put("Signature.RIPEMD256WithRSAEncryption", "org.bouncycastle.jce.provider.JDKDigestSignature$RIPEMD256WithRSAEncryption"); - // END android-removed - put("Signature.DSA", "org.bouncycastle.jce.provider.JDKDSASigner$stdDSA"); - put("Signature.NONEWITHDSA", "org.bouncycastle.jce.provider.JDKDSASigner$noneDSA"); - // BEGIN android-removed - // put("Signature.ECDSA", "org.bouncycastle.jce.provider.JDKDSASigner$ecDSA"); - // put("Signature.SHA1WITHECNR", "org.bouncycastle.jce.provider.JDKDSASigner$ecNR"); - // put("Signature.SHA224WITHECNR", "org.bouncycastle.jce.provider.JDKDSASigner$ecNR224"); - // put("Signature.SHA256WITHECNR", "org.bouncycastle.jce.provider.JDKDSASigner$ecNR256"); - // put("Signature.SHA384WITHECNR", "org.bouncycastle.jce.provider.JDKDSASigner$ecNR384"); - // put("Signature.SHA512WITHECNR", "org.bouncycastle.jce.provider.JDKDSASigner$ecNR512"); - // END android-removed - put("Signature.SHA1withRSA/ISO9796-2", "org.bouncycastle.jce.provider.JDKISOSignature$SHA1WithRSAEncryption"); - put("Signature.MD5withRSA/ISO9796-2", "org.bouncycastle.jce.provider.JDKISOSignature$MD5WithRSAEncryption"); - // BEGIN android-removed - // put("Signature.RIPEMD160withRSA/ISO9796-2", "org.bouncycastle.jce.provider.JDKISOSignature$RIPEMD160WithRSAEncryption"); - // END android-removed - - put("Signature.RSASSA-PSS", "org.bouncycastle.jce.provider.JDKPSSSigner$PSSwithRSA"); - put("Signature." + PKCSObjectIdentifiers.id_RSASSA_PSS, "org.bouncycastle.jce.provider.JDKPSSSigner$PSSwithRSA"); - put("Signature.SHA1withRSA/PSS", "org.bouncycastle.jce.provider.JDKPSSSigner$SHA1withRSA"); - put("Signature.SHA224withRSA/PSS", "org.bouncycastle.jce.provider.JDKPSSSigner$SHA224withRSA"); - put("Signature.SHA256withRSA/PSS", "org.bouncycastle.jce.provider.JDKPSSSigner$SHA256withRSA"); - put("Signature.SHA384withRSA/PSS", "org.bouncycastle.jce.provider.JDKPSSSigner$SHA384withRSA"); - put("Signature.SHA512withRSA/PSS", "org.bouncycastle.jce.provider.JDKPSSSigner$SHA512withRSA"); - - put("Alg.Alias.Signature.RAWDSA", "NONEWITHDSA"); - - put("Alg.Alias.Signature.SHA1withRSAandMGF1", "SHA1withRSA/PSS"); - put("Alg.Alias.Signature.SHA224withRSAandMGF1", "SHA224withRSA/PSS"); - put("Alg.Alias.Signature.SHA256withRSAandMGF1", "SHA256withRSA/PSS"); - put("Alg.Alias.Signature.SHA384withRSAandMGF1", "SHA384withRSA/PSS"); - put("Alg.Alias.Signature.SHA512withRSAandMGF1", "SHA512withRSA/PSS"); - - // BEGIN android-removed - // Dropping MD2 - // put("Alg.Alias.Signature.MD2withRSAEncryption", "MD2WithRSAEncryption"); - // END android-removed - put("Alg.Alias.Signature.MD4withRSAEncryption", "MD4WithRSAEncryption"); - put("Alg.Alias.Signature.MD5withRSAEncryption", "MD5WithRSAEncryption"); - put("Alg.Alias.Signature.SHA1withRSAEncryption", "SHA1WithRSAEncryption"); - put("Alg.Alias.Signature.SHA224withRSAEncryption", "SHA224WithRSAEncryption"); - - put("Alg.Alias.Signature.SHA256withRSAEncryption", "SHA256WithRSAEncryption"); - put("Alg.Alias.Signature.SHA384withRSAEncryption", "SHA384WithRSAEncryption"); - put("Alg.Alias.Signature.SHA512withRSAEncryption", "SHA512WithRSAEncryption"); - - put("Alg.Alias.Signature.SHA256WithRSAEncryption", "SHA256WithRSAEncryption"); - put("Alg.Alias.Signature.SHA384WithRSAEncryption", "SHA384WithRSAEncryption"); - put("Alg.Alias.Signature.SHA512WithRSAEncryption", "SHA512WithRSAEncryption"); - - put("Alg.Alias.Signature.SHA256WITHRSAENCRYPTION", "SHA256WithRSAEncryption"); - put("Alg.Alias.Signature.SHA384WITHRSAENCRYPTION", "SHA384WithRSAEncryption"); - put("Alg.Alias.Signature.SHA512WITHRSAENCRYPTION", "SHA512WithRSAEncryption"); - - // BEGIN android-removed - // Dropping MD2 - // put("Alg.Alias.Signature.RIPEMD160withRSAEncryption", "RIPEMD160WithRSAEncryption"); - // put("Alg.Alias.Signature." + PKCSObjectIdentifiers.md2WithRSAEncryption, "MD2WithRSAEncryption"); - // put("Alg.Alias.Signature.MD2WithRSA", "MD2WithRSAEncryption"); - // put("Alg.Alias.Signature.MD2withRSA", "MD2WithRSAEncryption"); - // put("Alg.Alias.Signature.MD2/RSA", "MD2WithRSAEncryption"); - // END android-removed - put("Alg.Alias.Signature.MD5WithRSA", "MD5WithRSAEncryption"); - put("Alg.Alias.Signature.MD5withRSA", "MD5WithRSAEncryption"); - put("Alg.Alias.Signature.MD5/RSA", "MD5WithRSAEncryption"); - put("Alg.Alias.Signature." + PKCSObjectIdentifiers.md5WithRSAEncryption, "MD5WithRSAEncryption"); - put("Alg.Alias.Signature.MD4WithRSA", "MD4WithRSAEncryption"); - put("Alg.Alias.Signature.MD4withRSA", "MD4WithRSAEncryption"); - put("Alg.Alias.Signature.MD4/RSA", "MD4WithRSAEncryption"); - put("Alg.Alias.Signature." + PKCSObjectIdentifiers.md4WithRSAEncryption, "MD4WithRSAEncryption"); - put("Alg.Alias.Signature.SHA1WithRSA", "SHA1WithRSAEncryption"); - put("Alg.Alias.Signature.SHA1withRSA", "SHA1WithRSAEncryption"); - put("Alg.Alias.Signature.SHA224WithRSA", "SHA224WithRSAEncryption"); - put("Alg.Alias.Signature.SHA224withRSA", "SHA224WithRSAEncryption"); - put("Alg.Alias.Signature.SHA256WithRSA", "SHA256WithRSAEncryption"); - put("Alg.Alias.Signature.SHA256withRSA", "SHA256WithRSAEncryption"); - put("Alg.Alias.Signature.SHA384WithRSA", "SHA384WithRSAEncryption"); - put("Alg.Alias.Signature.SHA384withRSA", "SHA384WithRSAEncryption"); - put("Alg.Alias.Signature.SHA512WithRSA", "SHA512WithRSAEncryption"); - put("Alg.Alias.Signature.SHA512withRSA", "SHA512WithRSAEncryption"); - put("Alg.Alias.Signature.SHA1/RSA", "SHA1WithRSAEncryption"); - put("Alg.Alias.Signature.SHA-1/RSA", "SHA1WithRSAEncryption"); - put("Alg.Alias.Signature." + PKCSObjectIdentifiers.sha1WithRSAEncryption, "SHA1WithRSAEncryption"); - put("Alg.Alias.Signature." + PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224WithRSAEncryption"); - put("Alg.Alias.Signature." + PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256WithRSAEncryption"); - put("Alg.Alias.Signature." + PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384WithRSAEncryption"); - put("Alg.Alias.Signature." + PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512WithRSAEncryption"); - put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.113549.1.1.1", "SHA1WithRSAEncryption"); - put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.113549.1.1.5", "SHA1WithRSAEncryption"); - put("Alg.Alias.Signature.1.2.840.113549.2.5with1.2.840.113549.1.1.1", "MD5WithRSAEncryption"); - // BEGIN android-removed - // put("Alg.Alias.Signature.RIPEMD160WithRSA", "RIPEMD160WithRSAEncryption"); - // put("Alg.Alias.Signature.RIPEMD160withRSA", "RIPEMD160WithRSAEncryption"); - // put("Alg.Alias.Signature.RIPEMD128WithRSA", "RIPEMD128WithRSAEncryption"); - // put("Alg.Alias.Signature.RIPEMD128withRSA", "RIPEMD128WithRSAEncryption"); - // put("Alg.Alias.Signature.RIPEMD256WithRSA", "RIPEMD256WithRSAEncryption"); - // put("Alg.Alias.Signature.RIPEMD256withRSA", "RIPEMD256WithRSAEncryption"); - // put("Alg.Alias.Signature.RIPEMD-160/RSA", "RIPEMD160WithRSAEncryption"); - // put("Alg.Alias.Signature.RMD160withRSA", "RIPEMD160WithRSAEncryption"); - // put("Alg.Alias.Signature.RMD160/RSA", "RIPEMD160WithRSAEncryption"); - // put("Alg.Alias.Signature.1.3.36.3.3.1.2", "RIPEMD160WithRSAEncryption"); - // put("Alg.Alias.Signature.1.3.36.3.3.1.3", "RIPEMD128WithRSAEncryption"); - // put("Alg.Alias.Signature.1.3.36.3.3.1.4", "RIPEMD256WithRSAEncryption"); - // END android-removed - put("Alg.Alias.Signature." + OIWObjectIdentifiers.sha1WithRSA, "SHA1WithRSAEncryption"); - - // BEGIN android-removed - // Dropping MD2 - // put("Alg.Alias.Signature.MD2WITHRSAENCRYPTION", "MD2WithRSAEncryption"); - // END android-removed - put("Alg.Alias.Signature.MD5WITHRSAENCRYPTION", "MD5WithRSAEncryption"); - put("Alg.Alias.Signature.SHA1WITHRSAENCRYPTION", "SHA1WithRSAEncryption"); - // BEGIN android-removed - // put("Alg.Alias.Signature.RIPEMD160WITHRSAENCRYPTION", "RIPEMD160WithRSAEncryption"); - // END android-removed - - put("Alg.Alias.Signature.MD5WITHRSA", "MD5WithRSAEncryption"); - put("Alg.Alias.Signature.SHA1WITHRSA", "SHA1WithRSAEncryption"); - // BEGIN android-removed - // put("Alg.Alias.Signature.RIPEMD160WITHRSA", "RIPEMD160WithRSAEncryption"); - // END android-removed - put("Alg.Alias.Signature.RMD160WITHRSA", "RIPEMD160WithRSAEncryption"); - // BEGIN android-removed - // put("Alg.Alias.Signature.RIPEMD160WITHRSA", "RIPEMD160WithRSAEncryption"); - - // put("Alg.Alias.Signature.SHA1withECDSA", "ECDSA"); - // put("Alg.Alias.Signature.ECDSAwithSHA1", "ECDSA"); - // put("Alg.Alias.Signature.SHA1WITHECDSA", "ECDSA"); - // put("Alg.Alias.Signature.ECDSAWITHSHA1", "ECDSA"); - // put("Alg.Alias.Signature.SHA1WithECDSA", "ECDSA"); - // put("Alg.Alias.Signature.ECDSAWithSHA1", "ECDSA"); - // put("Alg.Alias.Signature.1.2.840.10045.4.1", "ECDSA"); - - // addSignatureAlgorithm("SHA224", "ECDSA", "org.bouncycastle.jce.provider.JDKDSASigner$ecDSA224", X9ObjectIdentifiers.ecdsa_with_SHA224); - // addSignatureAlgorithm("SHA256", "ECDSA", "org.bouncycastle.jce.provider.JDKDSASigner$ecDSA256", X9ObjectIdentifiers.ecdsa_with_SHA256); - // addSignatureAlgorithm("SHA384", "ECDSA", "org.bouncycastle.jce.provider.JDKDSASigner$ecDSA384", X9ObjectIdentifiers.ecdsa_with_SHA384); - // addSignatureAlgorithm("SHA512", "ECDSA", "org.bouncycastle.jce.provider.JDKDSASigner$ecDSA512", X9ObjectIdentifiers.ecdsa_with_SHA512); - // END android-removed - - put("Alg.Alias.Signature.SHA/DSA", "DSA"); - put("Alg.Alias.Signature.SHA1withDSA", "DSA"); - put("Alg.Alias.Signature.SHA1WITHDSA", "DSA"); - put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.1", "DSA"); - put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.3", "DSA"); - put("Alg.Alias.Signature.DSAwithSHA1", "DSA"); - put("Alg.Alias.Signature.DSAWITHSHA1", "DSA"); - put("Alg.Alias.Signature.SHA1WithDSA", "DSA"); - put("Alg.Alias.Signature.DSAWithSHA1", "DSA"); - put("Alg.Alias.Signature.1.2.840.10040.4.3", "DSA"); - put("Alg.Alias.Signature.MD5WithRSA/ISO9796-2", "MD5withRSA/ISO9796-2"); - put("Alg.Alias.Signature.SHA1WithRSA/ISO9796-2", "SHA1withRSA/ISO9796-2"); - // BEGIN android-removed - // put("Alg.Alias.Signature.RIPEMD160WithRSA/ISO9796-2", "RIPEMD160withRSA/ISO9796-2"); - - // put("Signature.ECGOST3410", "org.bouncycastle.jce.provider.JDKGOST3410Signer$ecgost3410"); - // put("Alg.Alias.Signature.ECGOST-3410", "ECGOST3410"); - // put("Alg.Alias.Signature.GOST-3410-2001", "ECGOST3410"); - // put("Alg.Alias.Signature.GOST3411withECGOST3410", "ECGOST3410"); - // put("Alg.Alias.Signature.GOST3411WITHECGOST3410", "ECGOST3410"); - // put("Alg.Alias.Signature.GOST3411WithECGOST3410", "ECGOST3410"); - // put("Alg.Alias.Signature." + CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "ECGOST3410"); - - // put("Signature.GOST3410", "org.bouncycastle.jce.provider.JDKGOST3410Signer$gost3410"); - // put("Alg.Alias.Signature.GOST-3410", "GOST3410"); - // put("Alg.Alias.Signature.GOST-3410-94", "GOST3410"); - // put("Alg.Alias.Signature.GOST3411withGOST3410", "GOST3410"); - // put("Alg.Alias.Signature.GOST3411WITHGOST3410", "GOST3410"); - // put("Alg.Alias.Signature.GOST3411WithGOST3410", "GOST3410"); - // put("Alg.Alias.Signature." + CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3410"); - // END android-removed - } - - // BEGIN android-removed - // private void addSignatureAlgorithm( - // String digest, - // String algorithm, - // String className, - // DERObjectIdentifier oid) - // { - // String mainName = digest + "WITH" + algorithm; - // String jdk11Variation1 = digest + "with" + algorithm; - // String jdk11Variation2 = digest + "With" + algorithm; - // String alias = digest + "/" + algorithm; - - // put("Signature." + mainName, className); - // put("Alg.Alias.Signature." + jdk11Variation1, mainName); - // put("Alg.Alias.Signature." + jdk11Variation2, mainName); - // put("Alg.Alias.Signature." + alias, mainName); - // put("Alg.Alias.Signature." + oid, mainName); - // put("Alg.Alias.Signature.OID." + oid, mainName); - // } - // END android-removed -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/BrokenJCEBlockCipher.java b/luni/src/main/java/org/bouncycastle/jce/provider/BrokenJCEBlockCipher.java deleted file mode 100644 index a1350b2..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/BrokenJCEBlockCipher.java +++ /dev/null @@ -1,624 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.KeyFactory; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.PKCS8EncodedKeySpec; -import java.security.spec.X509EncodedKeySpec; - -import javax.crypto.BadPaddingException; -import javax.crypto.Cipher; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.PBEParameterSpec; -import javax.crypto.spec.RC2ParameterSpec; -import javax.crypto.spec.RC5ParameterSpec; -import javax.crypto.spec.SecretKeySpec; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.BufferedBlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.InvalidCipherTextException; -import org.bouncycastle.crypto.engines.DESEngine; -import org.bouncycastle.crypto.engines.DESedeEngine; -// BEGIN android-removed -// import org.bouncycastle.crypto.engines.TwofishEngine; -// END android-removed -import org.bouncycastle.crypto.modes.CBCBlockCipher; -import org.bouncycastle.crypto.modes.CFBBlockCipher; -import org.bouncycastle.crypto.modes.CTSBlockCipher; -import org.bouncycastle.crypto.modes.OFBBlockCipher; -import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; -import org.bouncycastle.crypto.params.RC2Parameters; -import org.bouncycastle.crypto.params.RC5Parameters; -import org.bouncycastle.util.Strings; - -public class BrokenJCEBlockCipher - implements BrokenPBE -{ - // - // specs we can handle. - // - private Class[] availableSpecs = - { - IvParameterSpec.class, - PBEParameterSpec.class, - RC2ParameterSpec.class, - RC5ParameterSpec.class - }; - - private BufferedBlockCipher cipher; - private ParametersWithIV ivParam; - - private int pbeType = PKCS12; - private int pbeHash = SHA1; - private int pbeKeySize; - private int pbeIvSize; - - private int ivLength = 0; - - private AlgorithmParameters engineParams = null; - - protected BrokenJCEBlockCipher( - BlockCipher engine) - { - cipher = new PaddedBufferedBlockCipher(engine); - } - - protected BrokenJCEBlockCipher( - BlockCipher engine, - int pbeType, - int pbeHash, - int pbeKeySize, - int pbeIvSize) - { - cipher = new PaddedBufferedBlockCipher(engine); - - this.pbeType = pbeType; - this.pbeHash = pbeHash; - this.pbeKeySize = pbeKeySize; - this.pbeIvSize = pbeIvSize; - } - - protected int engineGetBlockSize() - { - return cipher.getBlockSize(); - } - - protected byte[] engineGetIV() - { - return (ivParam != null) ? ivParam.getIV() : null; - } - - protected int engineGetKeySize( - Key key) - { - return key.getEncoded().length; - } - - protected int engineGetOutputSize( - int inputLen) - { - return cipher.getOutputSize(inputLen); - } - - protected AlgorithmParameters engineGetParameters() - { - if (engineParams == null) - { - if (ivParam != null) - { - String name = cipher.getUnderlyingCipher().getAlgorithmName(); - - if (name.indexOf('/') >= 0) - { - name = name.substring(0, name.indexOf('/')); - } - - try - { - engineParams = AlgorithmParameters.getInstance(name, "BC"); - engineParams.init(ivParam.getIV()); - } - catch (Exception e) - { - throw new RuntimeException(e.toString()); - } - } - } - - return engineParams; - } - - protected void engineSetMode( - String mode) - { - String modeName = Strings.toUpperCase(mode); - - if (modeName.equals("ECB")) - { - ivLength = 0; - cipher = new PaddedBufferedBlockCipher(cipher.getUnderlyingCipher()); - } - else if (modeName.equals("CBC")) - { - ivLength = cipher.getUnderlyingCipher().getBlockSize(); - cipher = new PaddedBufferedBlockCipher( - new CBCBlockCipher(cipher.getUnderlyingCipher())); - } - else if (modeName.startsWith("OFB")) - { - ivLength = cipher.getUnderlyingCipher().getBlockSize(); - if (modeName.length() != 3) - { - int wordSize = Integer.parseInt(modeName.substring(3)); - - cipher = new PaddedBufferedBlockCipher( - new OFBBlockCipher(cipher.getUnderlyingCipher(), wordSize)); - } - else - { - cipher = new PaddedBufferedBlockCipher( - new OFBBlockCipher(cipher.getUnderlyingCipher(), 8 * cipher.getBlockSize())); - } - } - else if (modeName.startsWith("CFB")) - { - ivLength = cipher.getUnderlyingCipher().getBlockSize(); - if (modeName.length() != 3) - { - int wordSize = Integer.parseInt(modeName.substring(3)); - - cipher = new PaddedBufferedBlockCipher( - new CFBBlockCipher(cipher.getUnderlyingCipher(), wordSize)); - } - else - { - cipher = new PaddedBufferedBlockCipher( - new CFBBlockCipher(cipher.getUnderlyingCipher(), 8 * cipher.getBlockSize())); - } - } - else - { - throw new IllegalArgumentException("can't support mode " + mode); - } - } - - protected void engineSetPadding( - String padding) - throws NoSuchPaddingException - { - String paddingName = Strings.toUpperCase(padding); - - if (paddingName.equals("NOPADDING")) - { - cipher = new BufferedBlockCipher(cipher.getUnderlyingCipher()); - } - else if (paddingName.equals("PKCS5PADDING") || paddingName.equals("PKCS7PADDING") || paddingName.equals("ISO10126PADDING")) - { - cipher = new PaddedBufferedBlockCipher(cipher.getUnderlyingCipher()); - } - else if (paddingName.equals("WITHCTS")) - { - cipher = new CTSBlockCipher(cipher.getUnderlyingCipher()); - } - else - { - throw new NoSuchPaddingException("Padding " + padding + " unknown."); - } - } - - protected void engineInit( - int opmode, - Key key, - AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - CipherParameters param; - - // - // a note on iv's - if ivLength is zero the IV gets ignored (we don't use it). - // - if (key instanceof JCEPBEKey) - { - param = BrokenPBE.Util.makePBEParameters((JCEPBEKey)key, params, pbeType, pbeHash, - cipher.getUnderlyingCipher().getAlgorithmName(), pbeKeySize, pbeIvSize); - - if (pbeIvSize != 0) - { - ivParam = (ParametersWithIV)param; - } - } - else if (params == null) - { - param = new KeyParameter(key.getEncoded()); - } - else if (params instanceof IvParameterSpec) - { - if (ivLength != 0) - { - param = new ParametersWithIV(new KeyParameter(key.getEncoded()), ((IvParameterSpec)params).getIV()); - ivParam = (ParametersWithIV)param; - } - else - { - param = new KeyParameter(key.getEncoded()); - } - } - else if (params instanceof RC2ParameterSpec) - { - RC2ParameterSpec rc2Param = (RC2ParameterSpec)params; - - param = new RC2Parameters(key.getEncoded(), ((RC2ParameterSpec)params).getEffectiveKeyBits()); - - if (rc2Param.getIV() != null && ivLength != 0) - { - param = new ParametersWithIV(param, rc2Param.getIV()); - ivParam = (ParametersWithIV)param; - } - } - else if (params instanceof RC5ParameterSpec) - { - RC5ParameterSpec rc5Param = (RC5ParameterSpec)params; - - param = new RC5Parameters(key.getEncoded(), ((RC5ParameterSpec)params).getRounds()); - if (rc5Param.getWordSize() != 32) - { - throw new IllegalArgumentException("can only accept RC5 word size 32 (at the moment...)"); - } - if ((rc5Param.getIV() != null) && (ivLength != 0)) - { - param = new ParametersWithIV(param, rc5Param.getIV()); - ivParam = (ParametersWithIV)param; - } - } - else - { - throw new InvalidAlgorithmParameterException("unknown parameter type."); - } - - if ((ivLength != 0) && !(param instanceof ParametersWithIV)) - { - if (random == null) - { - random = new SecureRandom(); - } - - if ((opmode == Cipher.ENCRYPT_MODE) || (opmode == Cipher.WRAP_MODE)) - { - byte[] iv = new byte[ivLength]; - - random.nextBytes(iv); - param = new ParametersWithIV(param, iv); - ivParam = (ParametersWithIV)param; - } - else - { - throw new InvalidAlgorithmParameterException("no IV set when one expected"); - } - } - - switch (opmode) - { - case Cipher.ENCRYPT_MODE: - case Cipher.WRAP_MODE: - cipher.init(true, param); - break; - case Cipher.DECRYPT_MODE: - case Cipher.UNWRAP_MODE: - cipher.init(false, param); - break; - default: - System.out.println("eeek!"); - } - } - - protected void engineInit( - int opmode, - Key key, - AlgorithmParameters params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - AlgorithmParameterSpec paramSpec = null; - - if (params != null) - { - for (int i = 0; i != availableSpecs.length; i++) - { - try - { - paramSpec = params.getParameterSpec(availableSpecs[i]); - break; - } - catch (Exception e) - { - continue; - } - } - - if (paramSpec == null) - { - throw new InvalidAlgorithmParameterException("can't handle parameter " + params.toString()); - } - } - - engineParams = params; - engineInit(opmode, key, paramSpec, random); - } - - protected void engineInit( - int opmode, - Key key, - SecureRandom random) - throws InvalidKeyException - { - try - { - engineInit(opmode, key, (AlgorithmParameterSpec)null, random); - } - catch (InvalidAlgorithmParameterException e) - { - throw new IllegalArgumentException(e.getMessage()); - } - } - - protected byte[] engineUpdate( - byte[] input, - int inputOffset, - int inputLen) - { - int length = cipher.getUpdateOutputSize(inputLen); - - if (length > 0) - { - byte[] out = new byte[length]; - - cipher.processBytes(input, inputOffset, inputLen, out, 0); - return out; - } - - cipher.processBytes(input, inputOffset, inputLen, null, 0); - - return null; - } - - protected int engineUpdate( - byte[] input, - int inputOffset, - int inputLen, - byte[] output, - int outputOffset) - { - return cipher.processBytes(input, inputOffset, inputLen, output, outputOffset); - } - - protected byte[] engineDoFinal( - byte[] input, - int inputOffset, - int inputLen) - throws IllegalBlockSizeException, BadPaddingException - { - int len = 0; - byte[] tmp = new byte[engineGetOutputSize(inputLen)]; - - if (inputLen != 0) - { - len = cipher.processBytes(input, inputOffset, inputLen, tmp, 0); - } - - try - { - len += cipher.doFinal(tmp, len); - } - catch (DataLengthException e) - { - throw new IllegalBlockSizeException(e.getMessage()); - } - catch (InvalidCipherTextException e) - { - throw new BadPaddingException(e.getMessage()); - } - - byte[] out = new byte[len]; - - System.arraycopy(tmp, 0, out, 0, len); - - return out; - } - - protected int engineDoFinal( - byte[] input, - int inputOffset, - int inputLen, - byte[] output, - int outputOffset) - throws IllegalBlockSizeException, BadPaddingException - { - int len = 0; - - if (inputLen != 0) - { - len = cipher.processBytes(input, inputOffset, inputLen, output, outputOffset); - } - - try - { - return len + cipher.doFinal(output, outputOffset + len); - } - catch (DataLengthException e) - { - throw new IllegalBlockSizeException(e.getMessage()); - } - catch (InvalidCipherTextException e) - { - throw new BadPaddingException(e.getMessage()); - } - } - - protected byte[] engineWrap( - Key key) - throws IllegalBlockSizeException, java.security.InvalidKeyException - { - byte[] encoded = key.getEncoded(); - if (encoded == null) - { - throw new InvalidKeyException("Cannot wrap key, null encoding."); - } - - try - { - return engineDoFinal(encoded, 0, encoded.length); - } - catch (BadPaddingException e) - { - throw new IllegalBlockSizeException(e.getMessage()); - } - } - - protected Key engineUnwrap( - byte[] wrappedKey, - String wrappedKeyAlgorithm, - int wrappedKeyType) - throws InvalidKeyException - { - byte[] encoded = null; - try - { - encoded = engineDoFinal(wrappedKey, 0, wrappedKey.length); - } - catch (BadPaddingException e) - { - throw new InvalidKeyException(e.getMessage()); - } - catch (IllegalBlockSizeException e2) - { - throw new InvalidKeyException(e2.getMessage()); - } - - if (wrappedKeyType == Cipher.SECRET_KEY) - { - return new SecretKeySpec(encoded, wrappedKeyAlgorithm); - } - else - { - try - { - KeyFactory kf = KeyFactory.getInstance(wrappedKeyAlgorithm, "BC"); - - if (wrappedKeyType == Cipher.PUBLIC_KEY) - { - return kf.generatePublic(new X509EncodedKeySpec(encoded)); - } - else if (wrappedKeyType == Cipher.PRIVATE_KEY) - { - return kf.generatePrivate(new PKCS8EncodedKeySpec(encoded)); - } - } - catch (NoSuchProviderException e) - { - throw new InvalidKeyException("Unknown key type " + e.getMessage()); - } - catch (NoSuchAlgorithmException e) - { - throw new InvalidKeyException("Unknown key type " + e.getMessage()); - } - catch (InvalidKeySpecException e2) - { - throw new InvalidKeyException("Unknown key type " + e2.getMessage()); - } - - throw new InvalidKeyException("Unknown key type " + wrappedKeyType); - } - } - - /* - * The ciphers that inherit from us. - */ - - /** - * PBEWithMD5AndDES - */ - static public class BrokePBEWithMD5AndDES - extends BrokenJCEBlockCipher - { - public BrokePBEWithMD5AndDES() - { - super(new CBCBlockCipher(new DESEngine()), PKCS5S1, MD5, 64, 64); - } - } - - /** - * PBEWithSHA1AndDES - */ - static public class BrokePBEWithSHA1AndDES - extends BrokenJCEBlockCipher - { - public BrokePBEWithSHA1AndDES() - { - super(new CBCBlockCipher(new DESEngine()), PKCS5S1, SHA1, 64, 64); - } - } - - /** - * PBEWithSHAAnd3-KeyTripleDES-CBC - */ - static public class BrokePBEWithSHAAndDES3Key - extends BrokenJCEBlockCipher - { - public BrokePBEWithSHAAndDES3Key() - { - super(new CBCBlockCipher(new DESedeEngine()), PKCS12, SHA1, 192, 64); - } - } - - /** - * OldPBEWithSHAAnd3-KeyTripleDES-CBC - */ - static public class OldPBEWithSHAAndDES3Key - extends BrokenJCEBlockCipher - { - public OldPBEWithSHAAndDES3Key() - { - super(new CBCBlockCipher(new DESedeEngine()), OLD_PKCS12, SHA1, 192, 64); - } - } - - /** - * PBEWithSHAAnd2-KeyTripleDES-CBC - */ - static public class BrokePBEWithSHAAndDES2Key - extends BrokenJCEBlockCipher - { - public BrokePBEWithSHAAndDES2Key() - { - super(new CBCBlockCipher(new DESedeEngine()), PKCS12, SHA1, 128, 64); - } - } - - /** - * OldPBEWithSHAAndTwofish-CBC - */ -// BEGIN android-removed -// static public class OldPBEWithSHAAndTwofish -// extends BrokenJCEBlockCipher -// { -// public OldPBEWithSHAAndTwofish() -// { -// super(new CBCBlockCipher(new TwofishEngine()), OLD_PKCS12, SHA1, 256, 128); -// } -// } -// END android-removed -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/BrokenKDF2BytesGenerator.java b/luni/src/main/java/org/bouncycastle/jce/provider/BrokenKDF2BytesGenerator.java deleted file mode 100644 index e6186f6..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/BrokenKDF2BytesGenerator.java +++ /dev/null @@ -1,127 +0,0 @@ -package org.bouncycastle.jce.provider; - -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.DerivationFunction; -import org.bouncycastle.crypto.DerivationParameters; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.params.KDFParameters; - -/** - * Generator for PBE derived keys and ivs as defined by IEEE P1363a - * <br> - * This implementation is based on draft 9 of IEEE P1363a. <b>Note:</b> - * as this is still a draft the output of this generator may change, don't - * use it for anything that might be subject to long term storage. - */ -public class BrokenKDF2BytesGenerator - implements DerivationFunction -{ - private Digest digest; - private byte[] shared; - private byte[] iv; - - /** - * Construct a KDF2 Parameters generator. Generates key material - * according to IEEE P1363a - if you want orthodox results you should - * use a digest specified in the standard. - * <p> - * <b>Note:</b> IEEE P1363a standard is still a draft standard, if the standard - * changes this function, the output of this function will change as well. - * Don't use this routine for anything subject to long term storage. - * - * @param digest the digest to be used as the source of derived keys. - */ - public BrokenKDF2BytesGenerator( - Digest digest) - { - this.digest = digest; - } - - public void init( - DerivationParameters param) - { - if (!(param instanceof KDFParameters)) - { - throw new IllegalArgumentException("KDF parameters required for KDF2Generator"); - } - - KDFParameters p = (KDFParameters)param; - - shared = p.getSharedSecret(); - iv = p.getIV(); - } - - /** - * return the underlying digest. - */ - public Digest getDigest() - { - return digest; - } - - /** - * fill len bytes of the output buffer with bytes generated from - * the derivation function. - * - * @throws IllegalArgumentException if the size of the request will cause an overflow. - * @throws DataLengthException if the out buffer is too small. - */ - public int generateBytes( - byte[] out, - int outOff, - int len) - throws DataLengthException, IllegalArgumentException - { - if ((out.length - len) < outOff) - { - throw new DataLengthException("output buffer too small"); - } - - long oBits = len * 8; - - // - // this is at odds with the standard implementation, the - // maximum value should be hBits * (2^23 - 1) where hBits - // is the digest output size in bits. We can't have an - // array with a long index at the moment... - // - if (oBits > (digest.getDigestSize() * 8 * (2L^32 - 1))) - { - new IllegalArgumentException("Output length to large"); - } - - int cThreshold = (int)(oBits / digest.getDigestSize()); - - byte[] dig = null; - - dig = new byte[digest.getDigestSize()]; - - for (int counter = 1; counter <= cThreshold; counter++) - { - digest.update(shared, 0, shared.length); - - digest.update((byte)(counter & 0xff)); - digest.update((byte)((counter >> 8) & 0xff)); - digest.update((byte)((counter >> 16) & 0xff)); - digest.update((byte)((counter >> 24) & 0xff)); - - digest.update(iv, 0, iv.length); - - digest.doFinal(dig, 0); - - if ((len - outOff) > dig.length) - { - System.arraycopy(dig, 0, out, outOff, dig.length); - outOff += dig.length; - } - else - { - System.arraycopy(dig, 0, out, outOff, len - outOff); - } - } - - digest.reset(); - - return len; - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/BrokenPBE.java b/luni/src/main/java/org/bouncycastle/jce/provider/BrokenPBE.java deleted file mode 100644 index 6ac4f49..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/BrokenPBE.java +++ /dev/null @@ -1,448 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.spec.PBEParameterSpec; - -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.PBEParametersGenerator; -import org.bouncycastle.crypto.digests.MD5Digest; -// BEGIN android-removed -// import org.bouncycastle.crypto.digests.RIPEMD160Digest; -// END android-removed -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator; -import org.bouncycastle.crypto.generators.PKCS5S1ParametersGenerator; -import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; - -/** - * Generator for PBE derived keys and ivs as defined by PKCS 12 V1.0, - * with a bug affecting 180 bit plus keys - this class is only here to - * allow smooth migration of the version 0 keystore to version 1. Don't - * use it (it won't be staying around). - * <p> - * The document this implementation is based on can be found at - * <a href=http://www.rsasecurity.com/rsalabs/pkcs/pkcs-12/index.html> - * RSA's PKCS12 Page</a> - */ -class OldPKCS12ParametersGenerator - extends PBEParametersGenerator -{ - public static final int KEY_MATERIAL = 1; - public static final int IV_MATERIAL = 2; - public static final int MAC_MATERIAL = 3; - - private Digest digest; - - private int u; - private int v; - - /** - * Construct a PKCS 12 Parameters generator. This constructor will - * accept MD5, SHA1, and RIPEMD160. - * - * @param digest the digest to be used as the source of derived keys. - * @exception IllegalArgumentException if an unknown digest is passed in. - */ - public OldPKCS12ParametersGenerator( - Digest digest) - { - this.digest = digest; - if (digest instanceof MD5Digest) - { - u = 128 / 8; - v = 512 / 8; - } - else if (digest instanceof SHA1Digest) - { - u = 160 / 8; - v = 512 / 8; - } - // BEGIN android-removed - // else if (digest instanceof RIPEMD160Digest) - // { - // u = 160 / 8; - // v = 512 / 8; - // } - // END android-removed - else - { - throw new IllegalArgumentException("Digest " + digest.getAlgorithmName() + " unsupported"); - } - } - - /** - * add a + b + 1, returning the result in a. The a value is treated - * as a BigInteger of length (b.length * 8) bits. The result is - * modulo 2^b.length in case of overflow. - */ - private void adjust( - byte[] a, - int aOff, - byte[] b) - { - int x = (b[b.length - 1] & 0xff) + (a[aOff + b.length - 1] & 0xff) + 1; - - a[aOff + b.length - 1] = (byte)x; - x >>>= 8; - - for (int i = b.length - 2; i >= 0; i--) - { - x += (b[i] & 0xff) + (a[aOff + i] & 0xff); - a[aOff + i] = (byte)x; - x >>>= 8; - } - } - - /** - * generation of a derived key ala PKCS12 V1.0. - */ - private byte[] generateDerivedKey( - int idByte, - int n) - { - byte[] D = new byte[v]; - byte[] dKey = new byte[n]; - - for (int i = 0; i != D.length; i++) - { - D[i] = (byte)idByte; - } - - byte[] S; - - if ((salt != null) && (salt.length != 0)) - { - S = new byte[v * ((salt.length + v - 1) / v)]; - - for (int i = 0; i != S.length; i++) - { - S[i] = salt[i % salt.length]; - } - } - else - { - S = new byte[0]; - } - - byte[] P; - - if ((password != null) && (password.length != 0)) - { - P = new byte[v * ((password.length + v - 1) / v)]; - - for (int i = 0; i != P.length; i++) - { - P[i] = password[i % password.length]; - } - } - else - { - P = new byte[0]; - } - - byte[] I = new byte[S.length + P.length]; - - System.arraycopy(S, 0, I, 0, S.length); - System.arraycopy(P, 0, I, S.length, P.length); - - byte[] B = new byte[v]; - int c = (n + u - 1) / u; - - for (int i = 1; i <= c; i++) - { - byte[] A = new byte[u]; - - digest.update(D, 0, D.length); - digest.update(I, 0, I.length); - digest.doFinal(A, 0); - for (int j = 1; j != iterationCount; j++) - { - digest.update(A, 0, A.length); - digest.doFinal(A, 0); - } - - for (int j = 0; j != B.length; j++) - { - B[i] = A[j % A.length]; - } - - for (int j = 0; j != I.length / v; j++) - { - adjust(I, j * v, B); - } - - if (i == c) - { - System.arraycopy(A, 0, dKey, (i - 1) * u, dKey.length - ((i - 1) * u)); - } - else - { - System.arraycopy(A, 0, dKey, (i - 1) * u, A.length); - } - } - - return dKey; - } - - /** - * Generate a key parameter derived from the password, salt, and iteration - * count we are currently initialised with. - * - * @param keySize the size of the key we want (in bits) - * @return a KeyParameter object. - */ - public CipherParameters generateDerivedParameters( - int keySize) - { - keySize = keySize / 8; - - byte[] dKey = generateDerivedKey(KEY_MATERIAL, keySize); - - return new KeyParameter(dKey, 0, keySize); - } - - /** - * Generate a key with initialisation vector parameter derived from - * the password, salt, and iteration count we are currently initialised - * with. - * - * @param keySize the size of the key we want (in bits) - * @param ivSize the size of the iv we want (in bits) - * @return a ParametersWithIV object. - */ - public CipherParameters generateDerivedParameters( - int keySize, - int ivSize) - { - keySize = keySize / 8; - ivSize = ivSize / 8; - - byte[] dKey = generateDerivedKey(KEY_MATERIAL, keySize); - - byte[] iv = generateDerivedKey(IV_MATERIAL, ivSize); - - return new ParametersWithIV(new KeyParameter(dKey, 0, keySize), iv, 0, ivSize); - } - - /** - * Generate a key parameter for use with a MAC derived from the password, - * salt, and iteration count we are currently initialised with. - * - * @param keySize the size of the key we want (in bits) - * @return a KeyParameter object. - */ - public CipherParameters generateDerivedMacParameters( - int keySize) - { - keySize = keySize / 8; - - byte[] dKey = generateDerivedKey(MAC_MATERIAL, keySize); - - return new KeyParameter(dKey, 0, keySize); - } -} - -public interface BrokenPBE -{ - // - // PBE Based encryption constants - by default we do PKCS12 with SHA-1 - // - static final int MD5 = 0; - static final int SHA1 = 1; - static final int RIPEMD160 = 2; - - static final int PKCS5S1 = 0; - static final int PKCS5S2 = 1; - static final int PKCS12 = 2; - static final int OLD_PKCS12 = 3; - - /** - * uses the appropriate mixer to generate the key and IV if neccessary. - */ - static class Util - { - /** - * a faulty parity routine... - * - * @param bytes the byte array to set the parity on. - */ - static private void setOddParity( - byte[] bytes) - { - for (int i = 0; i < bytes.length; i++) - { - int b = bytes[i]; - bytes[i] = (byte)((b & 0xfe) | - (((b >> 1) ^ - (b >> 2) ^ - (b >> 3) ^ - (b >> 4) ^ - (b >> 5) ^ - (b >> 6) ^ - (b >> 7)) ^ 0x01)); - } - } - - static private PBEParametersGenerator makePBEGenerator( - int type, - int hash) - { - PBEParametersGenerator generator; - - if (type == PKCS5S1) - { - switch (hash) - { - case MD5: - generator = new PKCS5S1ParametersGenerator(new MD5Digest()); - break; - case SHA1: - generator = new PKCS5S1ParametersGenerator(new SHA1Digest()); - break; - default: - throw new IllegalStateException("PKCS5 scheme 1 only supports only MD5 and SHA1."); - } - } - else if (type == PKCS5S2) - { - generator = new PKCS5S2ParametersGenerator(); - } - else if (type == OLD_PKCS12) - { - switch (hash) - { - case MD5: - generator = new OldPKCS12ParametersGenerator(new MD5Digest()); - break; - case SHA1: - generator = new OldPKCS12ParametersGenerator(new SHA1Digest()); - break; - // BEGIN android-removed - // case RIPEMD160: - // generator = new OldPKCS12ParametersGenerator(new RIPEMD160Digest()); - // break; - // END android-removed - default: - throw new IllegalStateException("unknown digest scheme for PBE encryption."); - } - } - else - { - switch (hash) - { - case MD5: - generator = new PKCS12ParametersGenerator(new MD5Digest()); - break; - case SHA1: - generator = new PKCS12ParametersGenerator(new SHA1Digest()); - break; - // BEGIN android-removed - // case RIPEMD160: - // generator = new PKCS12ParametersGenerator(new RIPEMD160Digest()); - // break; - // END android-removed - default: - throw new IllegalStateException("unknown digest scheme for PBE encryption."); - } - } - - return generator; - } - - /** - * construct a key and iv (if neccessary) suitable for use with a - * Cipher. - */ - static CipherParameters makePBEParameters( - JCEPBEKey pbeKey, - AlgorithmParameterSpec spec, - int type, - int hash, - String targetAlgorithm, - int keySize, - int ivSize) - { - if ((spec == null) || !(spec instanceof PBEParameterSpec)) - { - throw new IllegalArgumentException("Need a PBEParameter spec with a PBE key."); - } - - PBEParameterSpec pbeParam = (PBEParameterSpec)spec; - PBEParametersGenerator generator = makePBEGenerator(type, hash); - byte[] key = pbeKey.getEncoded(); - CipherParameters param; - - generator.init(key, pbeParam.getSalt(), pbeParam.getIterationCount()); - - if (ivSize != 0) - { - param = generator.generateDerivedParameters(keySize, ivSize); - } - else - { - param = generator.generateDerivedParameters(keySize); - } - - if (targetAlgorithm.startsWith("DES")) - { - if (param instanceof ParametersWithIV) - { - KeyParameter kParam = (KeyParameter)((ParametersWithIV)param).getParameters(); - - setOddParity(kParam.getKey()); - } - else - { - KeyParameter kParam = (KeyParameter)param; - - setOddParity(kParam.getKey()); - } - } - - for (int i = 0; i != key.length; i++) - { - key[i] = 0; - } - - return param; - } - - /** - * generate a PBE based key suitable for a MAC algorithm, the - * key size is chosen according the MAC size, or the hashing algorithm, - * whichever is greater. - */ - static CipherParameters makePBEMacParameters( - JCEPBEKey pbeKey, - AlgorithmParameterSpec spec, - int type, - int hash, - int keySize) - { - if ((spec == null) || !(spec instanceof PBEParameterSpec)) - { - throw new IllegalArgumentException("Need a PBEParameter spec with a PBE key."); - } - - PBEParameterSpec pbeParam = (PBEParameterSpec)spec; - PBEParametersGenerator generator = makePBEGenerator(type, hash); - byte[] key = pbeKey.getEncoded(); - CipherParameters param; - - generator.init(key, pbeParam.getSalt(), pbeParam.getIterationCount()); - - param = generator.generateDerivedMacParameters(keySize); - - for (int i = 0; i != key.length; i++) - { - key[i] = 0; - } - - return param; - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java b/luni/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java deleted file mode 100644 index 8383b98..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java +++ /dev/null @@ -1,884 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.security.PublicKey; -import java.security.cert.CRL; -import java.security.cert.CertPath; -import java.security.cert.CertPathValidatorException; -import java.security.cert.CertSelector; -import java.security.cert.CertStore; -import java.security.cert.CertStoreException; -import java.security.cert.PKIXParameters; -import java.security.cert.PolicyQualifierInfo; -import java.security.cert.TrustAnchor; -import java.security.cert.X509CRL; -import java.security.cert.X509CRLSelector; -import java.security.cert.X509CertSelector; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Collection; -import java.util.Date; -import java.util.Enumeration; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; -import java.util.Map; -import java.util.Set; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1OutputStream; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.PolicyInformation; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x509.X509Extensions; - -public class CertPathValidatorUtilities -{ - - protected static final String CERTIFICATE_POLICIES = X509Extensions.CertificatePolicies.getId(); - protected static final String BASIC_CONSTRAINTS = X509Extensions.BasicConstraints.getId(); - protected static final String POLICY_MAPPINGS = X509Extensions.PolicyMappings.getId(); - protected static final String SUBJECT_ALTERNATIVE_NAME = X509Extensions.SubjectAlternativeName.getId(); - protected static final String NAME_CONSTRAINTS = X509Extensions.NameConstraints.getId(); - protected static final String KEY_USAGE = X509Extensions.KeyUsage.getId(); - protected static final String INHIBIT_ANY_POLICY = X509Extensions.InhibitAnyPolicy.getId(); - protected static final String ISSUING_DISTRIBUTION_POINT = X509Extensions.IssuingDistributionPoint.getId(); - protected static final String DELTA_CRL_INDICATOR = X509Extensions.DeltaCRLIndicator.getId(); - protected static final String POLICY_CONSTRAINTS = X509Extensions.PolicyConstraints.getId(); - - - protected static final String ANY_POLICY = "2.5.29.32.0"; - - protected static final String CRL_NUMBER = X509Extensions.CRLNumber.getId(); - - /* - * key usage bits - */ - protected static final int KEY_CERT_SIGN = 5; - protected static final int CRL_SIGN = 6; - - protected static final String[] crlReasons = new String[] { - "unspecified", - "keyCompromise", - "cACompromise", - "affiliationChanged", - "superseded", - "cessationOfOperation", - "certificateHold", - "unknown", - "removeFromCRL", - "privilegeWithdrawn", - "aACompromise" }; - -// BEGIN android-changed - /** - * Search the given Set of TrustAnchor's for one that is the - * issuer of the given X509 certificate. - * - * @param cert the X509 certificate - * @param params with trust anchors - * - * @return the <code>TrustAnchor</code> object if found or - * <code>null</code> if not. - * - * @exception CertPathValidatorException if a TrustAnchor was - * found but the signature verification on the given certificate - * has thrown an exception. This Exception can be obtainted with - * <code>getCause()</code> method. - **/ - static final TrustAnchor findTrustAnchor( - X509Certificate cert, - CertPath certPath, - int index, - PKIXParameters params) - throws CertPathValidatorException { - // If we have a trust anchor index, use it. - if (params instanceof IndexedPKIXParameters) { - IndexedPKIXParameters indexed = (IndexedPKIXParameters) params; - return indexed.findTrustAnchor(cert, certPath, index); - } - - Iterator iter = params.getTrustAnchors().iterator(); - TrustAnchor found = null; - PublicKey trustPublicKey = null; - Exception invalidKeyEx = null; - - X509CertSelector certSelectX509 = new X509CertSelector(); - - try - { - certSelectX509.setSubject(getEncodedIssuerPrincipal(cert).getEncoded()); - } - catch (IOException ex) - { - throw new CertPathValidatorException(ex); - } - - byte[] certBytes = null; - try { - certBytes = cert.getEncoded(); - } catch (Exception e) { - // ignore, just continue - } - while (iter.hasNext() && found == null) - { - found = (TrustAnchor) iter.next(); - X509Certificate foundCert = found.getTrustedCert(); - if (foundCert != null) - { - // If the trust anchor is identical to the certificate we're - // done. Just return the anchor. - // There is similar code in PKIXCertPathValidatorSpi. - try { - byte[] foundBytes = foundCert.getEncoded(); - if (certBytes != null && Arrays.equals(foundBytes, - certBytes)) { - return found; - } - } catch (Exception e) { - // ignore, continue and verify the certificate - } - if (certSelectX509.match(foundCert)) - { - trustPublicKey = foundCert.getPublicKey(); - } - else - { - found = null; - } - } - else if (found.getCAName() != null - && found.getCAPublicKey() != null) - { - try - { - X500Principal certIssuer = getEncodedIssuerPrincipal(cert); - X500Principal caName = new X500Principal(found.getCAName()); - if (certIssuer.equals(caName)) - { - trustPublicKey = found.getCAPublicKey(); - } - else - { - found = null; - } - } - catch (IllegalArgumentException ex) - { - found = null; - } - } - else - { - found = null; - } - - if (trustPublicKey != null) - { - try - { - cert.verify(trustPublicKey); - } - catch (Exception ex) - { - invalidKeyEx = ex; - found = null; - } - } - } - - if (found == null && invalidKeyEx != null) - { - throw new CertPathValidatorException("TrustAnchor found but certificate validation failed.", invalidKeyEx, certPath, index); - } - - return found; - } -// END android-changed - - protected static X500Principal getEncodedIssuerPrincipal(X509Certificate cert) - { - return cert.getIssuerX500Principal(); - } - - protected static Date getValidDate(PKIXParameters paramsPKIX) - { - Date validDate = paramsPKIX.getDate(); - - if (validDate == null) - { - validDate = new Date(); - } - - return validDate; - } - - protected static X500Principal getSubjectPrincipal(X509Certificate cert) - { - return cert.getSubjectX500Principal(); - } - - protected static boolean isSelfIssued(X509Certificate cert) - { - return cert.getSubjectDN().equals(cert.getIssuerDN()); - } - - - /** - * extract the value of the given extension, if it exists. - */ - protected static DERObject getExtensionValue( - java.security.cert.X509Extension ext, - String oid) - throws AnnotatedException - { - byte[] bytes = ext.getExtensionValue(oid); - if (bytes == null) - { - return null; - } - - return getObject(oid, bytes); - } - - private static DERObject getObject( - String oid, - byte[] ext) - throws AnnotatedException - { - try - { - ASN1InputStream aIn = new ASN1InputStream(ext); - ASN1OctetString octs = (ASN1OctetString)aIn.readObject(); - - aIn = new ASN1InputStream(octs.getOctets()); - return aIn.readObject(); - } - catch (IOException e) - { - throw new AnnotatedException("exception processing extension " + oid, e); - } - } - - protected static X500Principal getIssuerPrincipal(X509CRL crl) - { - return crl.getIssuerX500Principal(); - } - - protected static AlgorithmIdentifier getAlgorithmIdentifier( - PublicKey key) - throws CertPathValidatorException - { - try - { - ASN1InputStream aIn = new ASN1InputStream(key.getEncoded()); - - SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(aIn.readObject()); - - return info.getAlgorithmId(); - } - catch (IOException e) - { - throw new CertPathValidatorException("exception processing public key"); - } - } - - // - // Utility functions for name constraint checking - // - - private static boolean withinDNSubtree(ASN1Sequence dns, ASN1Sequence subtree) - { - if (subtree.size() < 1) - { - return false; - } - - if (subtree.size() > dns.size()) - { - return false; - } - - for (int j = subtree.size() - 1; j >= 0; j--) - { - if (!subtree.getObjectAt(j).equals(dns.getObjectAt(j))) - { - return false; - } - } - - return true; - } - - protected static void checkPermittedDN(Set permitted, ASN1Sequence dns) - throws CertPathValidatorException - { - if (permitted.isEmpty()) - { - return; - } - - Iterator it = permitted.iterator(); - - while (it.hasNext()) - { - ASN1Sequence subtree = (ASN1Sequence) it.next(); - - if (withinDNSubtree(dns, subtree)) - { - return; - } - } - - throw new CertPathValidatorException( - "Subject distinguished name is not from a permitted subtree"); - } - - protected static void checkExcludedDN(Set excluded, ASN1Sequence dns) - throws CertPathValidatorException - { - if (excluded.isEmpty()) - { - return; - } - - Iterator it = excluded.iterator(); - - while (it.hasNext()) - { - ASN1Sequence subtree = (ASN1Sequence) it.next(); - - if (withinDNSubtree(dns, subtree)) - { - throw new CertPathValidatorException( - "Subject distinguished name is from an excluded subtree"); - } - } - } - - protected static Set intersectDN(Set permitted, ASN1Sequence dn) - { - if (permitted.isEmpty()) - { - permitted.add(dn); - - return permitted; - } - else - { - Set intersect = new HashSet(); - - Iterator _iter = permitted.iterator(); - while (_iter.hasNext()) - { - ASN1Sequence subtree = (ASN1Sequence) _iter.next(); - - if (withinDNSubtree(dn, subtree)) - { - intersect.add(dn); - } - else if (withinDNSubtree(subtree, dn)) - { - intersect.add(subtree); - } - } - - return intersect; - } - } - - protected static Set unionDN(Set excluded, ASN1Sequence dn) - { - if (excluded.isEmpty()) - { - excluded.add(dn); - - return excluded; - } - else - { - Set intersect = new HashSet(); - - Iterator _iter = excluded.iterator(); - while (_iter.hasNext()) - { - ASN1Sequence subtree = (ASN1Sequence) _iter.next(); - - if (withinDNSubtree(dn, subtree)) - { - intersect.add(subtree); - } - else if (withinDNSubtree(subtree, dn)) - { - intersect.add(dn); - } - else - { - intersect.add(subtree); - intersect.add(dn); - } - } - - return intersect; - } - } - - protected static Set intersectEmail(Set permitted, String email) - { - String _sub = email.substring(email.indexOf('@') + 1); - - if (permitted.isEmpty()) - { - permitted.add(_sub); - - return permitted; - } - else - { - Set intersect = new HashSet(); - - Iterator _iter = permitted.iterator(); - while (_iter.hasNext()) - { - String _permitted = (String) _iter.next(); - - if (_sub.endsWith(_permitted)) - { - intersect.add(_sub); - } - else if (_permitted.endsWith(_sub)) - { - intersect.add(_permitted); - } - } - - return intersect; - } - } - - protected static Set unionEmail(Set excluded, String email) - { - String _sub = email.substring(email.indexOf('@') + 1); - - if (excluded.isEmpty()) - { - excluded.add(_sub); - return excluded; - } - else - { - Set intersect = new HashSet(); - - Iterator _iter = excluded.iterator(); - while (_iter.hasNext()) - { - String _excluded = (String) _iter.next(); - - if (_sub.endsWith(_excluded)) - { - intersect.add(_excluded); - } - else if (_excluded.endsWith(_sub)) - { - intersect.add(_sub); - } - else - { - intersect.add(_excluded); - intersect.add(_sub); - } - } - - return intersect; - } - } - - protected static Set intersectIP(Set permitted, byte[] ip) - { - // TBD - return permitted; - } - - protected static Set unionIP(Set excluded, byte[] ip) - { - // TBD - return excluded; - } - - protected static void checkPermittedEmail(Set permitted, String email) - throws CertPathValidatorException - { - if (permitted.isEmpty()) - { - return; - } - - String sub = email.substring(email.indexOf('@') + 1); - Iterator it = permitted.iterator(); - - while (it.hasNext()) - { - String str = (String) it.next(); - - if (sub.endsWith(str)) - { - return; - } - } - - throw new CertPathValidatorException( - "Subject email address is not from a permitted subtree"); - } - - protected static void checkExcludedEmail(Set excluded, String email) - throws CertPathValidatorException - { - if (excluded.isEmpty()) - { - return; - } - - String sub = email.substring(email.indexOf('@') + 1); - Iterator it = excluded.iterator(); - - while (it.hasNext()) - { - String str = (String) it.next(); - if (sub.endsWith(str)) - { - throw new CertPathValidatorException( - "Subject email address is from an excluded subtree"); - } - } - } - - protected static void checkPermittedIP(Set permitted, byte[] ip) - throws CertPathValidatorException - { - if (permitted.isEmpty()) - { - return; - } - - // TODO: ??? Something here - } - - protected static void checkExcludedIP(Set excluded, byte[] ip) - throws CertPathValidatorException - { - if (excluded.isEmpty()) - { - return; - } - - // TODO, check RFC791 and RFC1883 for IP bytes definition. - } - - - // crl checking - - /** - * Return a Collection of all CRLs found in the - * CertStore's that are matching the crlSelect criteriums. - * - * @param crlSelect a {@link CertSelector CertSelector} - * object that will be used to select the CRLs - * @param crlStores a List containing only {@link CertStore - * CertStore} objects. These are used to search for - * CRLs - * - * @return a Collection of all found {@link CRL CRL} - * objects. May be empty but never <code>null</code>. - */ - protected static final Collection findCRLs( - X509CRLSelector crlSelect, - List crlStores) - throws AnnotatedException - { - Set crls = new HashSet(); - Iterator iter = crlStores.iterator(); - - while (iter.hasNext()) - { - CertStore certStore = (CertStore)iter.next(); - - try - { - crls.addAll(certStore.getCRLs(crlSelect)); - } - catch (CertStoreException e) - { - throw new AnnotatedException("cannot extract crl: " + e, e); - } - } - - return crls; - } - - // - // policy checking - // - - protected static final Set getQualifierSet(ASN1Sequence qualifiers) - throws CertPathValidatorException - { - Set pq = new HashSet(); - - if (qualifiers == null) - { - return pq; - } - - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - ASN1OutputStream aOut = new ASN1OutputStream(bOut); - - Enumeration e = qualifiers.getObjects(); - - while (e.hasMoreElements()) - { - try - { - aOut.writeObject(e.nextElement()); - - pq.add(new PolicyQualifierInfo(bOut.toByteArray())); - } - catch (IOException ex) - { - throw new CertPathValidatorException("exception building qualifier set: " + ex); - } - - bOut.reset(); - } - - return pq; - } - - protected static PKIXPolicyNode removePolicyNode( - PKIXPolicyNode validPolicyTree, - List [] policyNodes, - PKIXPolicyNode _node) - { - PKIXPolicyNode _parent = (PKIXPolicyNode)_node.getParent(); - - if (validPolicyTree == null) - { - return null; - } - - if (_parent == null) - { - for (int j = 0; j < policyNodes.length; j++) - { - policyNodes[j] = new ArrayList(); - } - - return null; - } - else - { - _parent.removeChild(_node); - removePolicyNodeRecurse(policyNodes, _node); - - return validPolicyTree; - } - } - - private static void removePolicyNodeRecurse( - List [] policyNodes, - PKIXPolicyNode _node) - { - policyNodes[_node.getDepth()].remove(_node); - - if (_node.hasChildren()) - { - Iterator _iter = _node.getChildren(); - while (_iter.hasNext()) - { - PKIXPolicyNode _child = (PKIXPolicyNode)_iter.next(); - removePolicyNodeRecurse(policyNodes, _child); - } - } - } - - - protected static boolean processCertD1i( - int index, - List [] policyNodes, - DERObjectIdentifier pOid, - Set pq) - { - List policyNodeVec = policyNodes[index - 1]; - - for (int j = 0; j < policyNodeVec.size(); j++) - { - PKIXPolicyNode node = (PKIXPolicyNode)policyNodeVec.get(j); - Set expectedPolicies = node.getExpectedPolicies(); - - if (expectedPolicies.contains(pOid.getId())) - { - Set childExpectedPolicies = new HashSet(); - childExpectedPolicies.add(pOid.getId()); - - PKIXPolicyNode child = new PKIXPolicyNode(new ArrayList(), - index, - childExpectedPolicies, - node, - pq, - pOid.getId(), - false); - node.addChild(child); - policyNodes[index].add(child); - - return true; - } - } - - return false; - } - - protected static void processCertD1ii( - int index, - List [] policyNodes, - DERObjectIdentifier _poid, - Set _pq) - { - List policyNodeVec = policyNodes[index - 1]; - - for (int j = 0; j < policyNodeVec.size(); j++) - { - PKIXPolicyNode _node = (PKIXPolicyNode)policyNodeVec.get(j); - Set _expectedPolicies = _node.getExpectedPolicies(); - - if (ANY_POLICY.equals(_node.getValidPolicy())) - { - Set _childExpectedPolicies = new HashSet(); - _childExpectedPolicies.add(_poid.getId()); - - PKIXPolicyNode _child = new PKIXPolicyNode(new ArrayList(), - index, - _childExpectedPolicies, - _node, - _pq, - _poid.getId(), - false); - _node.addChild(_child); - policyNodes[index].add(_child); - return; - } - } - } - - protected static void prepareNextCertB1( - int i, - List[] policyNodes, - String id_p, - Map m_idp, - X509Certificate cert - ) throws AnnotatedException,CertPathValidatorException - { - boolean idp_found = false; - Iterator nodes_i = policyNodes[i].iterator(); - while (nodes_i.hasNext()) - { - PKIXPolicyNode node = (PKIXPolicyNode)nodes_i.next(); - if (node.getValidPolicy().equals(id_p)) - { - idp_found = true; - node.expectedPolicies = (Set)m_idp.get(id_p); - break; - } - } - - if (!idp_found) - { - nodes_i = policyNodes[i].iterator(); - while (nodes_i.hasNext()) - { - PKIXPolicyNode node = (PKIXPolicyNode)nodes_i.next(); - if (ANY_POLICY.equals(node.getValidPolicy())) - { - Set pq = null; - ASN1Sequence policies = (ASN1Sequence)getExtensionValue(cert, CERTIFICATE_POLICIES); - Enumeration e = policies.getObjects(); - while (e.hasMoreElements()) - { - PolicyInformation pinfo = PolicyInformation.getInstance(e.nextElement()); - if (ANY_POLICY.equals(pinfo.getPolicyIdentifier().getId())) - { - pq = getQualifierSet(pinfo.getPolicyQualifiers()); - break; - } - } - boolean ci = false; - if (cert.getCriticalExtensionOIDs() != null) - { - ci = cert.getCriticalExtensionOIDs().contains(CERTIFICATE_POLICIES); - } - - PKIXPolicyNode p_node = (PKIXPolicyNode)node.getParent(); - if (ANY_POLICY.equals(p_node.getValidPolicy())) - { - PKIXPolicyNode c_node = new PKIXPolicyNode( - new ArrayList(), i, - (Set)m_idp.get(id_p), - p_node, pq, id_p, ci); - p_node.addChild(c_node); - policyNodes[i].add(c_node); - } - break; - } - } - } - } - - protected static PKIXPolicyNode prepareNextCertB2( - int i, - List[] policyNodes, - String id_p, - PKIXPolicyNode validPolicyTree) - { - Iterator nodes_i = policyNodes[i].iterator(); - while (nodes_i.hasNext()) - { - PKIXPolicyNode node = (PKIXPolicyNode)nodes_i.next(); - if (node.getValidPolicy().equals(id_p)) - { - PKIXPolicyNode p_node = (PKIXPolicyNode)node.getParent(); - p_node.removeChild(node); - nodes_i.remove(); - for (int k = (i - 1); k >= 0; k--) - { - List nodes = policyNodes[k]; - for (int l = 0; l < nodes.size(); l++) - { - PKIXPolicyNode node2 = (PKIXPolicyNode)nodes.get(l); - if (!node2.hasChildren()) - { - validPolicyTree = removePolicyNode(validPolicyTree, policyNodes, node2); - if (validPolicyTree == null) - { - break; - } - } - } - } - } - } - return validPolicyTree; - } - - protected static boolean isAnyPolicy( - Set policySet) - { - return policySet == null || policySet.contains(ANY_POLICY) || policySet.isEmpty(); - } - -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/CertStoreCollectionSpi.java b/luni/src/main/java/org/bouncycastle/jce/provider/CertStoreCollectionSpi.java deleted file mode 100644 index e1ac37c..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/CertStoreCollectionSpi.java +++ /dev/null @@ -1,104 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.InvalidAlgorithmParameterException; -import java.security.cert.CRL; -import java.security.cert.CRLSelector; -import java.security.cert.CertSelector; -import java.security.cert.CertStoreException; -import java.security.cert.CertStoreParameters; -import java.security.cert.CertStoreSpi; -import java.security.cert.Certificate; -import java.security.cert.CollectionCertStoreParameters; -import java.util.Collection; -import java.util.HashSet; -import java.util.Iterator; -import java.util.Set; - -public class CertStoreCollectionSpi extends CertStoreSpi -{ - private CollectionCertStoreParameters params; - - public CertStoreCollectionSpi(CertStoreParameters params) - throws InvalidAlgorithmParameterException - { - super(params); - - if (!(params instanceof CollectionCertStoreParameters)) - { - throw new InvalidAlgorithmParameterException("org.bouncycastle.jce.provider.CertStoreCollectionSpi: parameter must be a CollectionCertStoreParameters object\n" + params.toString()); - } - - this.params = (CollectionCertStoreParameters)params; - } - - public Collection engineGetCertificates( - CertSelector selector) - throws CertStoreException - { - Set col = new HashSet(); - Iterator iter = params.getCollection().iterator(); - - if (selector == null) - { - while (iter.hasNext()) - { - Object obj = iter.next(); - - if (obj instanceof Certificate) - { - col.add(obj); - } - } - } - else - { - while (iter.hasNext()) - { - Object obj = iter.next(); - - if ((obj instanceof Certificate) && selector.match((Certificate)obj)) - { - col.add(obj); - } - } - } - - return col; - } - - - public Collection engineGetCRLs( - CRLSelector selector) - throws CertStoreException - { - Set col = new HashSet(); - Iterator iter = params.getCollection().iterator(); - - if (selector == null) - { - while (iter.hasNext()) - { - Object obj = iter.next(); - - if (obj instanceof CRL) - { - col.add(obj); - } - } - } - else - { - while (iter.hasNext()) - { - Object obj = iter.next(); - - if ((obj instanceof CRL) && selector.match((CRL)obj)) - { - col.add(obj); - } - } - } - - return col; - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/DHUtil.java b/luni/src/main/java/org/bouncycastle/jce/provider/DHUtil.java deleted file mode 100644 index 2470af9..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/DHUtil.java +++ /dev/null @@ -1,50 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.InvalidKeyException; -import java.security.PrivateKey; -import java.security.PublicKey; - -import javax.crypto.interfaces.DHPrivateKey; -import javax.crypto.interfaces.DHPublicKey; - -import org.bouncycastle.crypto.params.AsymmetricKeyParameter; -import org.bouncycastle.crypto.params.DHParameters; -import org.bouncycastle.crypto.params.DHPrivateKeyParameters; -import org.bouncycastle.crypto.params.DHPublicKeyParameters; - -/** - * utility class for converting jce/jca DH objects - * objects into their org.bouncycastle.crypto counterparts. - */ -public class DHUtil -{ - static public AsymmetricKeyParameter generatePublicKeyParameter( - PublicKey key) - throws InvalidKeyException - { - if (key instanceof DHPublicKey) - { - DHPublicKey k = (DHPublicKey)key; - - return new DHPublicKeyParameters(k.getY(), - new DHParameters(k.getParams().getP(), k.getParams().getG(), null, k.getParams().getL())); - } - - throw new InvalidKeyException("can't identify DH public key."); - } - - static public AsymmetricKeyParameter generatePrivateKeyParameter( - PrivateKey key) - throws InvalidKeyException - { - if (key instanceof DHPrivateKey) - { - DHPrivateKey k = (DHPrivateKey)key; - - return new DHPrivateKeyParameters(k.getX(), - new DHParameters(k.getParams().getP(), k.getParams().getG(), null, k.getParams().getL())); - } - - throw new InvalidKeyException("can't identify DH private key."); - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/DSAUtil.java b/luni/src/main/java/org/bouncycastle/jce/provider/DSAUtil.java deleted file mode 100644 index 5cf3c22..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/DSAUtil.java +++ /dev/null @@ -1,49 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.InvalidKeyException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.interfaces.DSAPrivateKey; -import java.security.interfaces.DSAPublicKey; - -import org.bouncycastle.crypto.params.AsymmetricKeyParameter; -import org.bouncycastle.crypto.params.DSAParameters; -import org.bouncycastle.crypto.params.DSAPrivateKeyParameters; -import org.bouncycastle.crypto.params.DSAPublicKeyParameters; - -/** - * utility class for converting jce/jca DSA objects - * objects into their org.bouncycastle.crypto counterparts. - */ -public class DSAUtil -{ - static public AsymmetricKeyParameter generatePublicKeyParameter( - PublicKey key) - throws InvalidKeyException - { - if (key instanceof DSAPublicKey) - { - DSAPublicKey k = (DSAPublicKey)key; - - return new DSAPublicKeyParameters(k.getY(), - new DSAParameters(k.getParams().getP(), k.getParams().getQ(), k.getParams().getG())); - } - - throw new InvalidKeyException("can't identify DSA public key: " + key.getClass().getName()); - } - - static public AsymmetricKeyParameter generatePrivateKeyParameter( - PrivateKey key) - throws InvalidKeyException - { - if (key instanceof DSAPrivateKey) - { - DSAPrivateKey k = (DSAPrivateKey)key; - - return new DSAPrivateKeyParameters(k.getX(), - new DSAParameters(k.getParams().getP(), k.getParams().getQ(), k.getParams().getG())); - } - - throw new InvalidKeyException("can't identify DSA private key."); - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/IndexedPKIXParameters.java b/luni/src/main/java/org/bouncycastle/jce/provider/IndexedPKIXParameters.java deleted file mode 100644 index 03679e2..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/IndexedPKIXParameters.java +++ /dev/null @@ -1,159 +0,0 @@ -/* - * Copyright (C) 2009 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.bouncycastle.jce.provider; - -import javax.security.auth.x500.X500Principal; - -import java.security.cert.CertPath; -import java.security.cert.CertPathValidatorException; -import java.security.cert.CertificateEncodingException; -import java.security.cert.PKIXParameters; -import java.security.cert.TrustAnchor; -import java.security.cert.X509Certificate; -import java.security.InvalidAlgorithmParameterException; -import java.security.KeyStoreException; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.Set; -import java.util.logging.Logger; -import java.util.logging.Level; - -/** - * Indexes trust anchors so they can be found in O(1) time instead of O(N). - */ -public class IndexedPKIXParameters extends PKIXParameters { - - final Map<Bytes, TrustAnchor> encodings - = new HashMap<Bytes, TrustAnchor>(); - final Map<X500Principal, TrustAnchor> bySubject - = new HashMap<X500Principal, TrustAnchor>(); - final Map<X500Principal, List<TrustAnchor>> byCA - = new HashMap<X500Principal, List<TrustAnchor>>(); - - public IndexedPKIXParameters(Set<TrustAnchor> anchors) - throws KeyStoreException, InvalidAlgorithmParameterException, - CertificateEncodingException { - super(anchors); - - for (TrustAnchor anchor : anchors) { - X509Certificate cert = anchor.getTrustedCert(); - - Bytes encoded = new Bytes(cert.getEncoded()); - encodings.put(encoded, anchor); - - X500Principal subject = cert.getSubjectX500Principal(); - if (bySubject.put(subject, anchor) != null) { - // TODO: Should we allow this? - throw new KeyStoreException("Two certs have the same subject: " - + subject); - } - - X500Principal ca = anchor.getCA(); - List<TrustAnchor> caAnchors = byCA.get(ca); - if (caAnchors == null) { - caAnchors = new ArrayList<TrustAnchor>(); - byCA.put(ca, caAnchors); - } - caAnchors.add(anchor); - } - } - - TrustAnchor findTrustAnchor(X509Certificate cert, CertPath certPath, - int index) throws CertPathValidatorException { - // Mimic the alg in CertPathValidatorUtilities.findTrustAnchor(). - Exception verificationException = null; - X500Principal issuer = cert.getIssuerX500Principal(); - - List<TrustAnchor> anchors = byCA.get(issuer); - if (anchors != null) { - for (TrustAnchor caAnchor : anchors) { - try { - cert.verify(caAnchor.getCAPublicKey()); - return caAnchor; - } catch (Exception e) { - verificationException = e; - } - } - } - - TrustAnchor anchor = bySubject.get(issuer); - if (anchor != null) { - try { - cert.verify(anchor.getTrustedCert().getPublicKey()); - return anchor; - } catch (Exception e) { - verificationException = e; - } - } - - try { - Bytes encoded = new Bytes(cert.getEncoded()); - anchor = encodings.get(encoded); - if (anchor != null) { - return anchor; - } - } catch (Exception e) { - Logger.getLogger(IndexedPKIXParameters.class.getName()).log( - Level.WARNING, "Error encoding cert.", e); - } - - // Throw last verification exception. - if (verificationException != null) { - throw new CertPathValidatorException("TrustAnchor found but" - + " certificate verification failed.", - verificationException, certPath, index); - } - - return null; - } - - /** - * Returns true if the given certificate is found in the trusted key - * store. - */ - public boolean isDirectlyTrusted(X509Certificate cert) { - try { - Bytes encoded = new Bytes(cert.getEncoded()); - return encodings.containsKey(encoded); - } catch (Exception e) { - Logger.getLogger(IndexedPKIXParameters.class.getName()).log( - Level.WARNING, "Error encoding cert.", e); - return false; - } - } - - /** - * Wraps a byte[] and adds equals() and hashCode() support. - */ - static class Bytes { - final byte[] bytes; - final int hash; - Bytes(byte[] bytes) { - this.bytes = bytes; - this.hash = Arrays.hashCode(bytes); - } - @Override public int hashCode() { - return hash; - } - @Override public boolean equals(Object o) { - return Arrays.equals(bytes, ((Bytes) o).bytes); - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/JCEBlockCipher.java b/luni/src/main/java/org/bouncycastle/jce/provider/JCEBlockCipher.java deleted file mode 100644 index e2b22cb..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/JCEBlockCipher.java +++ /dev/null @@ -1,965 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.InvalidParameterException; -import java.security.Key; -import java.security.NoSuchAlgorithmException; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.BadPaddingException; -import javax.crypto.Cipher; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.SecretKey; -import javax.crypto.ShortBufferException; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.PBEParameterSpec; -import javax.crypto.spec.RC2ParameterSpec; -import javax.crypto.spec.RC5ParameterSpec; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.BufferedBlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.InvalidCipherTextException; -import org.bouncycastle.crypto.engines.*; -import org.bouncycastle.crypto.modes.CBCBlockCipher; -import org.bouncycastle.crypto.modes.CFBBlockCipher; -import org.bouncycastle.crypto.modes.CTSBlockCipher; -import org.bouncycastle.crypto.modes.GOFBBlockCipher; -import org.bouncycastle.crypto.modes.OFBBlockCipher; -// BEGIN android-removed -// import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher; -// import org.bouncycastle.crypto.modes.PGPCFBBlockCipher; -// END android-removed -import org.bouncycastle.crypto.modes.SICBlockCipher; -import org.bouncycastle.crypto.paddings.ISO10126d2Padding; -import org.bouncycastle.crypto.paddings.ISO7816d4Padding; -import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher; -import org.bouncycastle.crypto.paddings.TBCPadding; -import org.bouncycastle.crypto.paddings.X923Padding; -import org.bouncycastle.crypto.paddings.ZeroBytePadding; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; -import org.bouncycastle.crypto.params.ParametersWithRandom; -import org.bouncycastle.crypto.params.ParametersWithSBox; -import org.bouncycastle.crypto.params.RC2Parameters; -import org.bouncycastle.crypto.params.RC5Parameters; -// BEGIN android-removed -// import org.bouncycastle.jce.spec.GOST28147ParameterSpec; -// END android-removed -import org.bouncycastle.util.Strings; - -public class JCEBlockCipher extends WrapCipherSpi - implements PBE -{ - // - // specs we can handle. - // - private Class[] availableSpecs = - { - RC2ParameterSpec.class, - RC5ParameterSpec.class, - IvParameterSpec.class, - PBEParameterSpec.class, - //GOST28147ParameterSpec.class - }; - - private BlockCipher baseEngine; - private BufferedBlockCipher cipher; - private ParametersWithIV ivParam; - - private int ivLength = 0; - - private boolean padded = true; - - private PBEParameterSpec pbeSpec = null; - private String pbeAlgorithm = null; - - private String modeName = null; - - protected JCEBlockCipher( - BlockCipher engine) - { - baseEngine = engine; - - cipher = new PaddedBufferedBlockCipher(engine); - } - - protected JCEBlockCipher( - BlockCipher engine, - int ivLength) - { - baseEngine = engine; - - this.cipher = new PaddedBufferedBlockCipher(engine); - this.ivLength = ivLength / 8; - } - - protected int engineGetBlockSize() - { - return baseEngine.getBlockSize(); - } - - protected byte[] engineGetIV() - { - return (ivParam != null) ? ivParam.getIV() : null; - } - - protected int engineGetKeySize( - Key key) - { - return key.getEncoded().length * 8; - } - - protected int engineGetOutputSize( - int inputLen) - { - return cipher.getOutputSize(inputLen); - } - - protected AlgorithmParameters engineGetParameters() - { - if (engineParams == null) - { - if (pbeSpec != null) - { - try - { - engineParams = AlgorithmParameters.getInstance(pbeAlgorithm, "BC"); - engineParams.init(pbeSpec); - } - catch (Exception e) - { - return null; - } - } - else if (ivParam != null) - { - String name = cipher.getUnderlyingCipher().getAlgorithmName(); - - if (name.indexOf('/') >= 0) - { - name = name.substring(0, name.indexOf('/')); - } - - try - { - engineParams = AlgorithmParameters.getInstance(name, "BC"); - engineParams.init(ivParam.getIV()); - } - catch (Exception e) - { - throw new RuntimeException(e.toString()); - } - } - } - - return engineParams; - } - - protected void engineSetMode( - String mode) - throws NoSuchAlgorithmException - { - modeName = Strings.toUpperCase(mode); - - if (modeName.equals("ECB")) - { - ivLength = 0; - cipher = new PaddedBufferedBlockCipher(baseEngine); - } - else if (modeName.equals("CBC")) - { - ivLength = baseEngine.getBlockSize(); - cipher = new PaddedBufferedBlockCipher( - new CBCBlockCipher(baseEngine)); - } - else if (modeName.startsWith("OFB")) - { - ivLength = baseEngine.getBlockSize(); - if (modeName.length() != 3) - { - int wordSize = Integer.parseInt(modeName.substring(3)); - - cipher = new PaddedBufferedBlockCipher( - new OFBBlockCipher(baseEngine, wordSize)); - } - else - { - cipher = new PaddedBufferedBlockCipher( - new OFBBlockCipher(baseEngine, 8 * baseEngine.getBlockSize())); - } - } - else if (modeName.startsWith("CFB")) - { - ivLength = baseEngine.getBlockSize(); - if (modeName.length() != 3) - { - int wordSize = Integer.parseInt(modeName.substring(3)); - - cipher = new PaddedBufferedBlockCipher( - new CFBBlockCipher(baseEngine, wordSize)); - } - else - { - cipher = new PaddedBufferedBlockCipher( - new CFBBlockCipher(baseEngine, 8 * baseEngine.getBlockSize())); - } - } - // BEGIN android-removed - // else if (modeName.startsWith("PGP")) - // { - // if (modeName.equalsIgnoreCase("PGPCFBwithIV")) - // { - // ivLength = baseEngine.getBlockSize(); - // cipher = new PaddedBufferedBlockCipher( - // new PGPCFBBlockCipher(baseEngine, true)); - // } - // else - // { - // ivLength = baseEngine.getBlockSize(); - // cipher = new PaddedBufferedBlockCipher( - // new PGPCFBBlockCipher(baseEngine, false)); - // } - // } - // else if (modeName.equalsIgnoreCase("OpenPGPCFB")) - // { - // ivLength = 0; - // cipher = new PaddedBufferedBlockCipher( - // new OpenPGPCFBBlockCipher(baseEngine)); - // } - // END android-removed - else if (modeName.startsWith("SIC")) - { - ivLength = baseEngine.getBlockSize(); - if (ivLength < 16) - { - throw new IllegalArgumentException("Warning: SIC-Mode can become a twotime-pad if the blocksize of the cipher is too small. Use a cipher with a block size of at least 128 bits (e.g. AES)"); - } - cipher = new BufferedBlockCipher( - new SICBlockCipher(baseEngine)); - } - else if (modeName.startsWith("CTR")) - { - ivLength = baseEngine.getBlockSize(); - cipher = new BufferedBlockCipher( - new SICBlockCipher(baseEngine)); - } - else if (modeName.startsWith("GOFB")) - { - ivLength = baseEngine.getBlockSize(); - cipher = new BufferedBlockCipher( - new GOFBBlockCipher(baseEngine)); - } - else if (modeName.startsWith("CTS")) - { - ivLength = baseEngine.getBlockSize(); - cipher = new CTSBlockCipher(new CBCBlockCipher(baseEngine)); - } - else - { - throw new NoSuchAlgorithmException("can't support mode " + mode); - } - } - - protected void engineSetPadding( - String padding) - throws NoSuchPaddingException - { - String paddingName = Strings.toUpperCase(padding); - - if (paddingName.equals("NOPADDING")) - { - padded = false; - - if (!(cipher instanceof CTSBlockCipher)) - { - cipher = new BufferedBlockCipher(cipher.getUnderlyingCipher()); - } - } - else if (paddingName.equals("PKCS5PADDING") || paddingName.equals("PKCS7PADDING")) - { - cipher = new PaddedBufferedBlockCipher(cipher.getUnderlyingCipher()); - } - else if (paddingName.equals("ZEROBYTEPADDING")) - { - cipher = new PaddedBufferedBlockCipher(cipher.getUnderlyingCipher(), new ZeroBytePadding()); - } - else if (paddingName.equals("ISO10126PADDING") || paddingName.equals("ISO10126-2PADDING")) - { - cipher = new PaddedBufferedBlockCipher(cipher.getUnderlyingCipher(), new ISO10126d2Padding()); - } - else if (paddingName.equals("X9.23PADDING") || paddingName.equals("X923PADDING")) - { - cipher = new PaddedBufferedBlockCipher(cipher.getUnderlyingCipher(), new X923Padding()); - } - else if (paddingName.equals("ISO7816-4PADDING") || paddingName.equals("ISO9797-1PADDING")) - { - cipher = new PaddedBufferedBlockCipher(cipher.getUnderlyingCipher(), new ISO7816d4Padding()); - } - else if (paddingName.equals("TBCPADDING")) - { - cipher = new PaddedBufferedBlockCipher(cipher.getUnderlyingCipher(), new TBCPadding()); - } - else if (paddingName.equals("WITHCTS")) - { - padded = false; - cipher = new CTSBlockCipher(cipher.getUnderlyingCipher()); - } - else - { - throw new NoSuchPaddingException("Padding " + padding + " unknown."); - } - } - - protected void engineInit( - int opmode, - Key key, - AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - CipherParameters param; - - this.pbeSpec = null; - this.pbeAlgorithm = null; - this.engineParams = null; - - // - // basic key check - // - if (!(key instanceof SecretKey)) - { - throw new InvalidKeyException("Key for algorithm " + key.getAlgorithm() + " not suitable for symmetric enryption."); - } - - // - // for RC5-64 we must have some default parameters - // - if (params == null && baseEngine.getAlgorithmName().startsWith("RC5-64")) - { - throw new InvalidAlgorithmParameterException("RC5 requires an RC5ParametersSpec to be passed in."); - } - - // - // a note on iv's - if ivLength is zero the IV gets ignored (we don't use it). - // - if (key instanceof JCEPBEKey) - { - JCEPBEKey k = (JCEPBEKey)key; - - if (k.getOID() != null) - { - pbeAlgorithm = k.getOID().getId(); - } - else - { - pbeAlgorithm = k.getAlgorithm(); - } - - if (k.getParam() != null) - { - param = k.getParam(); - pbeSpec = new PBEParameterSpec(k.getSalt(), k.getIterationCount()); - } - else if (params instanceof PBEParameterSpec) - { - pbeSpec = (PBEParameterSpec)params; - param = PBE.Util.makePBEParameters(k, params, cipher.getUnderlyingCipher().getAlgorithmName()); - } - else - { - throw new InvalidAlgorithmParameterException("PBE requires PBE parameters to be set."); - } - - if (param instanceof ParametersWithIV) - { - ivParam = (ParametersWithIV)param; - } - } - else if (params == null) - { - param = new KeyParameter(key.getEncoded()); - } - else if (params instanceof IvParameterSpec) - { - if (ivLength != 0) - { - IvParameterSpec p = (IvParameterSpec)params; - - if (p.getIV().length != ivLength) - { - throw new InvalidAlgorithmParameterException("IV must be " + ivLength + " bytes long."); - } - - param = new ParametersWithIV(new KeyParameter(key.getEncoded()), p.getIV()); - ivParam = (ParametersWithIV)param; - } - else - { - if (modeName != null && modeName.equals("ECB")) - { - throw new InvalidAlgorithmParameterException("ECB mode does not use an IV"); - } - - param = new KeyParameter(key.getEncoded()); - } - } - // BEGIN android-removed - // else if (params instanceof GOST28147ParameterSpec) - // { - // GOST28147ParameterSpec gost28147Param = (GOST28147ParameterSpec)params; - // - // param = new ParametersWithSBox( - // new KeyParameter(key.getEncoded()), ((GOST28147ParameterSpec)params).getSbox()); - // - // if (gost28147Param.getIV() != null && ivLength != 0) - // { - // param = new ParametersWithIV(param, gost28147Param.getIV()); - // ivParam = (ParametersWithIV)param; - // } - // } - // END android-removed - else if (params instanceof RC2ParameterSpec) - { - RC2ParameterSpec rc2Param = (RC2ParameterSpec)params; - - param = new RC2Parameters(key.getEncoded(), ((RC2ParameterSpec)params).getEffectiveKeyBits()); - - if (rc2Param.getIV() != null && ivLength != 0) - { - param = new ParametersWithIV(param, rc2Param.getIV()); - ivParam = (ParametersWithIV)param; - } - } - else if (params instanceof RC5ParameterSpec) - { - RC5ParameterSpec rc5Param = (RC5ParameterSpec)params; - - param = new RC5Parameters(key.getEncoded(), ((RC5ParameterSpec)params).getRounds()); - if (baseEngine.getAlgorithmName().startsWith("RC5")) - { - if (baseEngine.getAlgorithmName().equals("RC5-32")) - { - if (rc5Param.getWordSize() != 32) - { - throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 32 not " + rc5Param.getWordSize() + "."); - } - } - else if (baseEngine.getAlgorithmName().equals("RC5-64")) - { - if (rc5Param.getWordSize() != 64) - { - throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 64 not " + rc5Param.getWordSize() + "."); - } - } - } - else - { - throw new InvalidAlgorithmParameterException("RC5 parameters passed to a cipher that is not RC5."); - } - if ((rc5Param.getIV() != null) && (ivLength != 0)) - { - param = new ParametersWithIV(param, rc5Param.getIV()); - ivParam = (ParametersWithIV)param; - } - } - else - { - throw new InvalidAlgorithmParameterException("unknown parameter type."); - } - - if ((ivLength != 0) && !(param instanceof ParametersWithIV)) - { - SecureRandom ivRandom = random; - - if (ivRandom == null) - { - ivRandom = new SecureRandom(); - } - - if ((opmode == Cipher.ENCRYPT_MODE) || (opmode == Cipher.WRAP_MODE)) - { - byte[] iv = new byte[ivLength]; - - ivRandom.nextBytes(iv); - param = new ParametersWithIV(param, iv); - ivParam = (ParametersWithIV)param; - } - else if (cipher.getUnderlyingCipher().getAlgorithmName().indexOf("PGPCFB") < 0) - { - throw new InvalidAlgorithmParameterException("no IV set when one expected"); - } - } - - if (random != null && padded) - { - param = new ParametersWithRandom(param, random); - } - - try - { - switch (opmode) - { - case Cipher.ENCRYPT_MODE: - case Cipher.WRAP_MODE: - cipher.init(true, param); - break; - case Cipher.DECRYPT_MODE: - case Cipher.UNWRAP_MODE: - cipher.init(false, param); - break; - default: - throw new InvalidParameterException("unknown opmode " + opmode + " passed"); - } - } - catch (Exception e) - { - throw new InvalidKeyException(e.getMessage()); - } - } - - protected void engineInit( - int opmode, - Key key, - AlgorithmParameters params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - AlgorithmParameterSpec paramSpec = null; - - if (params != null) - { - for (int i = 0; i != availableSpecs.length; i++) - { - try - { - paramSpec = params.getParameterSpec(availableSpecs[i]); - break; - } - catch (Exception e) - { - continue; - } - } - - if (paramSpec == null) - { - throw new InvalidAlgorithmParameterException("can't handle parameter " + params.toString()); - } - } - - engineInit(opmode, key, paramSpec, random); - - engineParams = params; - } - - protected void engineInit( - int opmode, - Key key, - SecureRandom random) - throws InvalidKeyException - { - try - { - engineInit(opmode, key, (AlgorithmParameterSpec)null, random); - } - catch (InvalidAlgorithmParameterException e) - { - throw new InvalidKeyException(e.getMessage()); - } - } - - protected byte[] engineUpdate( - byte[] input, - int inputOffset, - int inputLen) - { - int length = cipher.getUpdateOutputSize(inputLen); - - if (length > 0) - { - byte[] out = new byte[length]; - - int len = cipher.processBytes(input, inputOffset, inputLen, out, 0); - - if (len == 0) - { - return null; - } - else if (len != out.length) - { - byte[] tmp = new byte[len]; - - System.arraycopy(out, 0, tmp, 0, len); - - return tmp; - } - - return out; - } - - cipher.processBytes(input, inputOffset, inputLen, null, 0); - - return null; - } - - protected int engineUpdate( - byte[] input, - int inputOffset, - int inputLen, - byte[] output, - int outputOffset) - throws ShortBufferException - { - try - { - return cipher.processBytes(input, inputOffset, inputLen, output, outputOffset); - } - catch (DataLengthException e) - { - throw new ShortBufferException(e.getMessage()); - } - } - - protected byte[] engineDoFinal( - byte[] input, - int inputOffset, - int inputLen) - throws IllegalBlockSizeException, BadPaddingException - { - int len = 0; - byte[] tmp = new byte[engineGetOutputSize(inputLen)]; - - if (inputLen != 0) - { - len = cipher.processBytes(input, inputOffset, inputLen, tmp, 0); - } - - try - { - len += cipher.doFinal(tmp, len); - } - catch (DataLengthException e) - { - throw new IllegalBlockSizeException(e.getMessage()); - } - catch (InvalidCipherTextException e) - { - throw new BadPaddingException(e.getMessage()); - } - - byte[] out = new byte[len]; - - System.arraycopy(tmp, 0, out, 0, len); - - return out; - } - - protected int engineDoFinal( - byte[] input, - int inputOffset, - int inputLen, - byte[] output, - int outputOffset) - throws IllegalBlockSizeException, BadPaddingException, ShortBufferException - { - // BEGIN android-note - // added ShortBufferException to the throws statement - // END android-note - int len = 0; - - // BEGIN android-added - int outputLen = cipher.getOutputSize(inputLen); - - if (outputLen + outputOffset > output.length) { - throw new ShortBufferException("need at least " + outputLen + " bytes"); - } - // BEGIN android-added - - if (inputLen != 0) - { - len = cipher.processBytes(input, inputOffset, inputLen, output, outputOffset); - } - - try - { - return (len + cipher.doFinal(output, outputOffset + len)); - } - catch (DataLengthException e) - { - throw new IllegalBlockSizeException(e.getMessage()); - } - catch (InvalidCipherTextException e) - { - throw new BadPaddingException(e.getMessage()); - } - } - - /* - * The ciphers that inherit from us. - */ - - /** - * DES - */ - static public class DES - extends JCEBlockCipher - { - public DES() - { - super(new DESEngine()); - } - } - - /** - * DESCBC - */ - static public class DESCBC - extends JCEBlockCipher - { - public DESCBC() - { - super(new CBCBlockCipher(new DESEngine()), 64); - } - } - - /** - * DESede - */ - static public class DESede - extends JCEBlockCipher - { - public DESede() - { - super(new DESedeEngine()); - } - } - - /** - * DESedeCBC - */ - static public class DESedeCBC - extends JCEBlockCipher - { - public DESedeCBC() - { - super(new CBCBlockCipher(new DESedeEngine()), 64); - } - } - - /** - * GOST28147 - */ - // BEGIN android-removed - // static public class GOST28147 - // extends JCEBlockCipher - // { - // public GOST28147() - // { - // super(new GOST28147Engine()); - // } - // } - // - // static public class GOST28147cbc - // extends JCEBlockCipher - // { - // public GOST28147cbc() - // { - // super(new CBCBlockCipher(new GOST28147Engine()), 64); - // } - // } - // END android-removed - - /** - * AES - */ - static public class AES - extends JCEBlockCipher - { - public AES() - { - super(new AESFastEngine()); - } - } - - /** - * AESCBC - */ - static public class AESCBC - extends JCEBlockCipher - { - public AESCBC() - { - super(new CBCBlockCipher(new AESFastEngine()), 128); - } - } - - /** - * AESCFB - */ - static public class AESCFB - extends JCEBlockCipher - { - public AESCFB() - { - super(new CFBBlockCipher(new AESFastEngine(), 128), 128); - } - } - - /** - * AESOFB - */ - static public class AESOFB - extends JCEBlockCipher - { - public AESOFB() - { - super(new OFBBlockCipher(new AESFastEngine(), 128), 128); - } - } - - /** - * Camellia - */ - // BEGIN android-removed - // static public class Camellia - // extends JCEBlockCipher - // { - // public Camellia() - // { - // super(new CamelliaEngine()); - // } - // } - // END android-removed - - /** - * CAST5 - */ - // BEGIN android-removed - // static public class CAST5 - // extends JCEBlockCipher - // { - // public CAST5() - // { - // super(new CAST5Engine()); - // } - // } - // END android-removed - - /** - * CAST5 CBC - */ - // BEGIN android-removed - // static public class CAST5CBC - // extends JCEBlockCipher - // { - // public CAST5CBC() - // { - // super(new CBCBlockCipher(new CAST5Engine()), 64); - // } - // } - // END android-removed - - /** - * CAST6 - */ - // BEGIN android-removed - // static public class CAST6 - // extends JCEBlockCipher - // { - // public CAST6() - // { - // super(new CAST6Engine()); - // } - // } - // BEGIN android-removed - - /** - * PBEWithMD5AndDES - */ - static public class PBEWithMD5AndDES - extends JCEBlockCipher - { - public PBEWithMD5AndDES() - { - super(new CBCBlockCipher(new DESEngine())); - } - } - - /** - * PBEWithMD5AndRC2 - */ - static public class PBEWithMD5AndRC2 - extends JCEBlockCipher - { - public PBEWithMD5AndRC2() - { - super(new CBCBlockCipher(new RC2Engine())); - } - } - - /** - * PBEWithSHA1AndDES - */ - static public class PBEWithSHA1AndDES - extends JCEBlockCipher - { - public PBEWithSHA1AndDES() - { - super(new CBCBlockCipher(new DESEngine())); - } - } - - /** - * PBEWithSHAAnd3-KeyTripleDES-CBC - */ - static public class PBEWithSHAAndDES3Key - extends JCEBlockCipher - { - public PBEWithSHAAndDES3Key() - { - super(new CBCBlockCipher(new DESedeEngine())); - } - } - - /** - * PBEWithSHAAnd2-KeyTripleDES-CBC - */ - static public class PBEWithSHAAndDES2Key - extends JCEBlockCipher - { - public PBEWithSHAAndDES2Key() - { - super(new CBCBlockCipher(new DESedeEngine())); - } - } - - /** - * PBEWithAES-CBC - */ - static public class PBEWithAESCBC - extends JCEBlockCipher - { - public PBEWithAESCBC() - { - super(new CBCBlockCipher(new AESFastEngine())); - } - } - - /** - * PBEWITHSHAAND40BITRC2-CBC - */ - static public class PBEWithSHAAnd40BitRC2 - extends JCEBlockCipher - { - public PBEWithSHAAnd40BitRC2() - { - super(new CBCBlockCipher(new RC2Engine())); - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java b/luni/src/main/java/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java deleted file mode 100644 index f215029..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java +++ /dev/null @@ -1,178 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.math.BigInteger; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.KeyAgreementSpi; -import javax.crypto.SecretKey; -import javax.crypto.ShortBufferException; -import javax.crypto.interfaces.DHPrivateKey; -import javax.crypto.interfaces.DHPublicKey; -import javax.crypto.spec.DHParameterSpec; -import javax.crypto.spec.SecretKeySpec; - -/** - * Diffie-Hellman key agreement. There's actually a better way of doing this - * if you are using long term public keys, see the light-weight version for - * details. - */ -public class JCEDHKeyAgreement - extends KeyAgreementSpi -{ - private BigInteger x; - private BigInteger p; - private BigInteger g; - private BigInteger result; - - private SecureRandom random; - - private byte[] bigIntToBytes( - BigInteger r) - { - byte[] tmp = r.toByteArray(); - - if (tmp[0] == 0) - { - byte[] ntmp = new byte[tmp.length - 1]; - - System.arraycopy(tmp, 1, ntmp, 0, ntmp.length); - return ntmp; - } - - return tmp; - } - - protected Key engineDoPhase( - Key key, - boolean lastPhase) - throws InvalidKeyException, IllegalStateException - { - if (x == null) - { - throw new IllegalStateException("Diffie-Hellman not initialised."); - } - - if (!(key instanceof DHPublicKey)) - { - throw new InvalidKeyException("DHKeyAgreement doPhase requires DHPublicKey"); - } - DHPublicKey pubKey = (DHPublicKey)key; - - if (!pubKey.getParams().getG().equals(g) || !pubKey.getParams().getP().equals(p)) - { - throw new InvalidKeyException("DHPublicKey not for this KeyAgreement!"); - } - - if (lastPhase) - { - result = ((DHPublicKey)key).getY().modPow(x, p); - return null; - } - else - { - result = ((DHPublicKey)key).getY().modPow(x, p); - } - - return new JCEDHPublicKey(result, pubKey.getParams()); - } - - protected byte[] engineGenerateSecret() - throws IllegalStateException - { - if (x == null) - { - throw new IllegalStateException("Diffie-Hellman not initialised."); - } - - return bigIntToBytes(result); - } - - protected int engineGenerateSecret( - byte[] sharedSecret, - int offset) - throws IllegalStateException, ShortBufferException - { - if (x == null) - { - throw new IllegalStateException("Diffie-Hellman not initialised."); - } - - byte[] secret = bigIntToBytes(result); - - if (sharedSecret.length - offset < secret.length) - { - throw new ShortBufferException("DHKeyAgreement - buffer too short"); - } - - System.arraycopy(secret, 0, sharedSecret, offset, secret.length); - - return secret.length; - } - - protected SecretKey engineGenerateSecret( - String algorithm) - { - if (x == null) - { - throw new IllegalStateException("Diffie-Hellman not initialised."); - } - - return new SecretKeySpec(bigIntToBytes(result), algorithm); - } - - protected void engineInit( - Key key, - AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - if (!(key instanceof DHPrivateKey)) - { - throw new InvalidKeyException("DHKeyAgreement requires DHPrivateKey for initialisation"); - } - DHPrivateKey privKey = (DHPrivateKey)key; - - this.random = random; - - if (params != null) - { - if (!(params instanceof DHParameterSpec)) - { - throw new InvalidAlgorithmParameterException("DHKeyAgreement only accepts DHParameterSpec"); - } - DHParameterSpec p = (DHParameterSpec)params; - - this.p = p.getP(); - this.g = p.getG(); - } - else - { - this.p = privKey.getParams().getP(); - this.g = privKey.getParams().getG(); - } - - this.x = this.result = privKey.getX(); - } - - protected void engineInit( - Key key, - SecureRandom random) - throws InvalidKeyException - { - if (!(key instanceof DHPrivateKey)) - { - throw new InvalidKeyException("DHKeyAgreement requires DHPrivateKey"); - } - - DHPrivateKey privKey = (DHPrivateKey)key; - - this.random = random; - this.p = privKey.getParams().getP(); - this.g = privKey.getParams().getG(); - this.x = this.result = privKey.getX(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/JCEDHPrivateKey.java b/luni/src/main/java/org/bouncycastle/jce/provider/JCEDHPrivateKey.java deleted file mode 100644 index 07c71bf..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/JCEDHPrivateKey.java +++ /dev/null @@ -1,155 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.ObjectInputStream; -import java.io.ObjectOutputStream; -import java.math.BigInteger; -import java.util.Enumeration; -import java.util.Hashtable; -import java.util.Vector; - -import javax.crypto.interfaces.DHPrivateKey; -import javax.crypto.spec.DHParameterSpec; -import javax.crypto.spec.DHPrivateKeySpec; - -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DEROutputStream; -import org.bouncycastle.asn1.pkcs.DHParameter; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.crypto.params.DHPrivateKeyParameters; -import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; - -public class JCEDHPrivateKey - implements DHPrivateKey, PKCS12BagAttributeCarrier -{ - BigInteger x; - - DHParameterSpec dhSpec; - - private Hashtable pkcs12Attributes = new Hashtable(); - private Vector pkcs12Ordering = new Vector(); - - protected JCEDHPrivateKey() - { - } - - JCEDHPrivateKey( - DHPrivateKey key) - { - this.x = key.getX(); - this.dhSpec = key.getParams(); - } - - JCEDHPrivateKey( - DHPrivateKeySpec spec) - { - this.x = spec.getX(); - this.dhSpec = new DHParameterSpec(spec.getP(), spec.getG()); - } - - JCEDHPrivateKey( - PrivateKeyInfo info) - { - DHParameter params = new DHParameter((ASN1Sequence)info.getAlgorithmId().getParameters()); - DERInteger derX = (DERInteger)info.getPrivateKey(); - - this.x = derX.getValue(); - if (params.getL() != null) - { - this.dhSpec = new DHParameterSpec(params.getP(), params.getG(), params.getL().intValue()); - } - else - { - this.dhSpec = new DHParameterSpec(params.getP(), params.getG()); - } - } - - JCEDHPrivateKey( - DHPrivateKeyParameters params) - { - this.x = params.getX(); - this.dhSpec = new DHParameterSpec(params.getParameters().getP(), params.getParameters().getG()); - } - - public String getAlgorithm() - { - return "DH"; - } - - /** - * return the encoding format we produce in getEncoded(). - * - * @return the string "PKCS#8" - */ - public String getFormat() - { - return "PKCS#8"; - } - - /** - * Return a PKCS8 representation of the key. The sequence returned - * represents a full PrivateKeyInfo object. - * - * @return a PKCS8 representation of the key. - */ - public byte[] getEncoded() - { - PrivateKeyInfo info = new PrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.dhKeyAgreement, new DHParameter(dhSpec.getP(), dhSpec.getG(), dhSpec.getL()).getDERObject()), new DERInteger(getX())); - - return info.getDEREncoded(); - } - - public DHParameterSpec getParams() - { - return dhSpec; - } - - public BigInteger getX() - { - return x; - } - - private void readObject( - ObjectInputStream in) - throws IOException, ClassNotFoundException - { - x = (BigInteger)in.readObject(); - - this.dhSpec = new DHParameterSpec((BigInteger)in.readObject(), (BigInteger)in.readObject(), in.readInt()); - } - - private void writeObject( - ObjectOutputStream out) - throws IOException - { - out.writeObject(this.getX()); - out.writeObject(dhSpec.getP()); - out.writeObject(dhSpec.getG()); - out.writeInt(dhSpec.getL()); - } - - public void setBagAttribute( - DERObjectIdentifier oid, - DEREncodable attribute) - { - pkcs12Attributes.put(oid, attribute); - pkcs12Ordering.addElement(oid); - } - - public DEREncodable getBagAttribute( - DERObjectIdentifier oid) - { - return (DEREncodable)pkcs12Attributes.get(oid); - } - - public Enumeration getBagAttributeKeys() - { - return pkcs12Ordering.elements(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/JCEDHPublicKey.java b/luni/src/main/java/org/bouncycastle/jce/provider/JCEDHPublicKey.java deleted file mode 100644 index 0534b4d..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/JCEDHPublicKey.java +++ /dev/null @@ -1,127 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.ObjectInputStream; -import java.io.ObjectOutputStream; -import java.math.BigInteger; - -import javax.crypto.interfaces.DHPublicKey; -import javax.crypto.spec.DHParameterSpec; -import javax.crypto.spec.DHPublicKeySpec; - -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DEROutputStream; -import org.bouncycastle.asn1.pkcs.DHParameter; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.crypto.params.DHPublicKeyParameters; - -public class JCEDHPublicKey - implements DHPublicKey -{ - private BigInteger y; - private DHParameterSpec dhSpec; - - JCEDHPublicKey( - DHPublicKeySpec spec) - { - this.y = spec.getY(); - this.dhSpec = new DHParameterSpec(spec.getP(), spec.getG()); - } - - JCEDHPublicKey( - DHPublicKey key) - { - this.y = key.getY(); - this.dhSpec = key.getParams(); - } - - JCEDHPublicKey( - DHPublicKeyParameters params) - { - this.y = params.getY(); - this.dhSpec = new DHParameterSpec(params.getParameters().getP(), params.getParameters().getG(), 0); - } - - JCEDHPublicKey( - BigInteger y, - DHParameterSpec dhSpec) - { - this.y = y; - this.dhSpec = dhSpec; - } - - JCEDHPublicKey( - SubjectPublicKeyInfo info) - { - DHParameter params = new DHParameter((ASN1Sequence)info.getAlgorithmId().getParameters()); - DERInteger derY = null; - - try - { - derY = (DERInteger)info.getPublicKey(); - } - catch (IOException e) - { - throw new IllegalArgumentException("invalid info structure in DH public key"); - } - - this.y = derY.getValue(); - if (params.getL() != null) - { - this.dhSpec = new DHParameterSpec(params.getP(), params.getG(), params.getL().intValue()); - } - else - { - this.dhSpec = new DHParameterSpec(params.getP(), params.getG()); - } - } - - public String getAlgorithm() - { - return "DH"; - } - - public String getFormat() - { - return "X.509"; - } - - public byte[] getEncoded() - { - SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.dhpublicnumber, new DHParameter(dhSpec.getP(), dhSpec.getG(), dhSpec.getL()).getDERObject()), new DERInteger(y)); - - return info.getDEREncoded(); - } - - public DHParameterSpec getParams() - { - return dhSpec; - } - - public BigInteger getY() - { - return y; - } - - private void readObject( - ObjectInputStream in) - throws IOException, ClassNotFoundException - { - this.y = (BigInteger)in.readObject(); - this.dhSpec = new DHParameterSpec((BigInteger)in.readObject(), (BigInteger)in.readObject(), in.readInt()); - } - - private void writeObject( - ObjectOutputStream out) - throws IOException - { - out.writeObject(this.getY()); - out.writeObject(dhSpec.getP()); - out.writeObject(dhSpec.getG()); - out.writeInt(dhSpec.getL()); - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/JCEDigestUtil.java b/luni/src/main/java/org/bouncycastle/jce/provider/JCEDigestUtil.java deleted file mode 100644 index a9f6d6a..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/JCEDigestUtil.java +++ /dev/null @@ -1,131 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.util.HashMap; -import java.util.HashSet; -import java.util.Map; -import java.util.Set; - -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.MD5Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.digests.SHA224Digest; -import org.bouncycastle.crypto.digests.SHA256Digest; -import org.bouncycastle.crypto.digests.SHA384Digest; -import org.bouncycastle.crypto.digests.SHA512Digest; -import org.bouncycastle.util.Strings; - -class JCEDigestUtil -{ - private static Set md5 = new HashSet(); - private static Set sha1 = new HashSet(); - private static Set sha224 = new HashSet(); - private static Set sha256 = new HashSet(); - private static Set sha384 = new HashSet(); - private static Set sha512 = new HashSet(); - - private static Map oids = new HashMap(); - - static - { - md5.add("MD5"); - md5.add(PKCSObjectIdentifiers.md5.getId()); - - sha1.add("SHA1"); - sha1.add("SHA-1"); - sha1.add(OIWObjectIdentifiers.idSHA1.getId()); - - sha224.add("SHA224"); - sha224.add("SHA-224"); - sha224.add(NISTObjectIdentifiers.id_sha224.getId()); - - sha256.add("SHA256"); - sha256.add("SHA-256"); - sha256.add(NISTObjectIdentifiers.id_sha256.getId()); - - sha384.add("SHA384"); - sha384.add("SHA-384"); - sha384.add(NISTObjectIdentifiers.id_sha384.getId()); - - sha512.add("SHA512"); - sha512.add("SHA-512"); - sha512.add(NISTObjectIdentifiers.id_sha512.getId()); - - oids.put("MD5", PKCSObjectIdentifiers.md5); - oids.put(PKCSObjectIdentifiers.md5.getId(), PKCSObjectIdentifiers.md5); - - oids.put("SHA1", OIWObjectIdentifiers.idSHA1); - oids.put("SHA-1", OIWObjectIdentifiers.idSHA1); - oids.put(OIWObjectIdentifiers.idSHA1.getId(), OIWObjectIdentifiers.idSHA1); - - oids.put("SHA224", NISTObjectIdentifiers.id_sha224); - oids.put("SHA-224", NISTObjectIdentifiers.id_sha224); - oids.put(NISTObjectIdentifiers.id_sha224.getId(), NISTObjectIdentifiers.id_sha224); - - oids.put("SHA256", NISTObjectIdentifiers.id_sha256); - oids.put("SHA-256", NISTObjectIdentifiers.id_sha256); - oids.put(NISTObjectIdentifiers.id_sha256.getId(), NISTObjectIdentifiers.id_sha256); - - oids.put("SHA384", NISTObjectIdentifiers.id_sha384); - oids.put("SHA-384", NISTObjectIdentifiers.id_sha384); - oids.put(NISTObjectIdentifiers.id_sha384.getId(), NISTObjectIdentifiers.id_sha384); - - oids.put("SHA512", NISTObjectIdentifiers.id_sha512); - oids.put("SHA-512", NISTObjectIdentifiers.id_sha512); - oids.put(NISTObjectIdentifiers.id_sha512.getId(), NISTObjectIdentifiers.id_sha512); - } - - static Digest getDigest( - String digestName) - { - digestName = Strings.toUpperCase(digestName); - - if (sha1.contains(digestName)) - { - return new SHA1Digest(); - } - if (md5.contains(digestName)) - { - return new MD5Digest(); - } - if (sha224.contains(digestName)) - { - return new SHA224Digest(); - } - if (sha256.contains(digestName)) - { - return new SHA256Digest(); - } - if (sha384.contains(digestName)) - { - return new SHA384Digest(); - } - if (sha512.contains(digestName)) - { - return new SHA512Digest(); - } - - return null; - } - - static boolean isSameDigest( - String digest1, - String digest2) - { - return (sha1.contains(digest1) && sha1.contains(digest2)) - || (sha224.contains(digest1) && sha224.contains(digest2)) - || (sha256.contains(digest1) && sha256.contains(digest2)) - || (sha384.contains(digest1) && sha384.contains(digest2)) - || (sha512.contains(digest1) && sha512.contains(digest2)) - || (md5.contains(digest1) && md5.contains(digest2)); - } - - static DERObjectIdentifier getOID( - String digestName) - { - return (DERObjectIdentifier)oids.get(digestName); - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/JCEIESCipher.java b/luni/src/main/java/org/bouncycastle/jce/provider/JCEIESCipher.java deleted file mode 100644 index 95ee2b6..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/JCEIESCipher.java +++ /dev/null @@ -1,408 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.ByteArrayOutputStream; -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.BadPaddingException; -import javax.crypto.Cipher; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.interfaces.DHPrivateKey; - -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.InvalidCipherTextException; -import org.bouncycastle.crypto.agreement.DHBasicAgreement; -// BEGIN android-removed -// import org.bouncycastle.crypto.agreement.ECDHBasicAgreement; -// END android-removed -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.engines.IESEngine; -import org.bouncycastle.crypto.generators.KDF2BytesGenerator; -import org.bouncycastle.crypto.macs.HMac; -import org.bouncycastle.crypto.params.IESParameters; -// BEGIN android-removed -// import org.bouncycastle.jce.interfaces.ECPrivateKey; -// import org.bouncycastle.jce.interfaces.ECPublicKey; -// END android-removed -import org.bouncycastle.jce.interfaces.IESKey; -import org.bouncycastle.jce.spec.IESParameterSpec; - -public class JCEIESCipher extends WrapCipherSpi -{ - private IESEngine cipher; - private int state = -1; - private ByteArrayOutputStream buffer = new ByteArrayOutputStream(); - private AlgorithmParameters engineParam = null; - private IESParameterSpec engineParams = null; - - // - // specs we can handle. - // - private Class[] availableSpecs = - { - IESParameterSpec.class - }; - - public JCEIESCipher( - IESEngine engine) - { - cipher = engine; - } - - protected int engineGetBlockSize() - { - return 0; - } - - protected byte[] engineGetIV() - { - return null; - } - - protected int engineGetKeySize( - Key key) - { - IESKey ieKey = (IESKey)key; - - if (ieKey.getPrivate() instanceof DHPrivateKey) - { - DHPrivateKey k = (DHPrivateKey)ieKey.getPrivate(); - - return k.getX().bitLength(); - } - // BEGIN android-removed - // else if (ieKey.getPrivate() instanceof ECPrivateKey) - // { - // ECPrivateKey k = (ECPrivateKey)ieKey.getPrivate(); - // - // return k.getD().bitLength(); - // } - // END android-removed - - throw new IllegalArgumentException("not an IE key!"); - } - - protected int engineGetOutputSize( - int inputLen) - { - if (state == Cipher.ENCRYPT_MODE || state == Cipher.WRAP_MODE) - { - return buffer.size() + inputLen + 20; /* SHA1 MAC size */ - } - else if (state == Cipher.DECRYPT_MODE || state == Cipher.UNWRAP_MODE) - { - return buffer.size() + inputLen - 20; - } - else - { - throw new IllegalStateException("cipher not initialised"); - } - } - - protected AlgorithmParameters engineGetParameters() - { - if (engineParam == null) - { - if (engineParams != null) - { - String name = "IES"; - - try - { - engineParam = AlgorithmParameters.getInstance(name, "BC"); - engineParam.init(engineParams); - } - catch (Exception e) - { - throw new RuntimeException(e.toString()); - } - } - } - - return engineParam; - } - - protected void engineSetMode( - String mode) - { - throw new IllegalArgumentException("can't support mode " + mode); - } - - protected void engineSetPadding( - String padding) - throws NoSuchPaddingException - { - throw new NoSuchPaddingException(padding + " unavailable with RSA."); - } - - protected void engineInit( - int opmode, - Key key, - AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - if (!(key instanceof IESKey)) - { - throw new InvalidKeyException("must be passed IE key"); - } - - if (params == null && (opmode == Cipher.ENCRYPT_MODE || opmode == Cipher.WRAP_MODE)) - { - // - // if nothing is specified we set up for a 128 bit mac, with - // 128 bit derivation vectors. - // - byte[] d = new byte[16]; - byte[] e = new byte[16]; - - if (random == null) - { - random = new SecureRandom(); - } - - random.nextBytes(d); - random.nextBytes(e); - - params = new IESParameterSpec(d, e, 128); - } - else if (!(params instanceof IESParameterSpec)) - { - throw new InvalidAlgorithmParameterException("must be passed IES parameters"); - } - - IESKey ieKey = (IESKey)key; - - CipherParameters pubKey; - CipherParameters privKey; - - // BEGIN android-removed - // if (ieKey.getPublic() instanceof ECPublicKey) - // { - // pubKey = ECUtil.generatePublicKeyParameter(ieKey.getPublic()); - // privKey = ECUtil.generatePrivateKeyParameter(ieKey.getPrivate()); - // } - // else - // { - // END android-removed - pubKey = DHUtil.generatePublicKeyParameter(ieKey.getPublic()); - privKey = DHUtil.generatePrivateKeyParameter(ieKey.getPrivate()); - // BEGIN android-removed - // } - // END android-removed - - this.engineParams = (IESParameterSpec)params; - - IESParameters p = new IESParameters(engineParams.getDerivationV(), engineParams.getEncodingV(), engineParams.getMacKeySize()); - - this.state = opmode; - - buffer.reset(); - - switch (opmode) - { - case Cipher.ENCRYPT_MODE: - case Cipher.WRAP_MODE: - cipher.init(true, privKey, pubKey, p); - break; - case Cipher.DECRYPT_MODE: - case Cipher.UNWRAP_MODE: - cipher.init(false, privKey, pubKey, p); - break; - default: - System.out.println("eeek!"); - } - } - - protected void engineInit( - int opmode, - Key key, - AlgorithmParameters params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - AlgorithmParameterSpec paramSpec = null; - - if (params != null) - { - for (int i = 0; i != availableSpecs.length; i++) - { - try - { - paramSpec = params.getParameterSpec(availableSpecs[i]); - break; - } - catch (Exception e) - { - continue; - } - } - - if (paramSpec == null) - { - throw new InvalidAlgorithmParameterException("can't handle parameter " + params.toString()); - } - } - - engineParam = params; - engineInit(opmode, key, paramSpec, random); - } - - protected void engineInit( - int opmode, - Key key, - SecureRandom random) - throws InvalidKeyException - { - if (opmode == Cipher.ENCRYPT_MODE || opmode == Cipher.WRAP_MODE) - { - try - { - engineInit(opmode, key, (AlgorithmParameterSpec)null, random); - return; - } - catch (InvalidAlgorithmParameterException e) - { - // fall through... - } - } - - throw new IllegalArgumentException("can't handle null parameter spec in IES"); - } - - protected byte[] engineUpdate( - byte[] input, - int inputOffset, - int inputLen) - { - buffer.write(input, inputOffset, inputLen); - return null; - } - - protected int engineUpdate( - byte[] input, - int inputOffset, - int inputLen, - byte[] output, - int outputOffset) - { - buffer.write(input, inputOffset, inputLen); - return 0; - } - - protected byte[] engineDoFinal( - byte[] input, - int inputOffset, - int inputLen) - throws IllegalBlockSizeException, BadPaddingException - { - if (inputLen != 0) - { - buffer.write(input, inputOffset, inputLen); - } - - try - { - byte[] buf = buffer.toByteArray(); - - buffer.reset(); - - return cipher.processBlock(buf, 0, buf.length); - } - catch (InvalidCipherTextException e) - { - throw new BadPaddingException(e.getMessage()); - } - } - - protected int engineDoFinal( - byte[] input, - int inputOffset, - int inputLen, - byte[] output, - int outputOffset) - throws IllegalBlockSizeException, BadPaddingException - { - if (inputLen != 0) - { - buffer.write(input, inputOffset, inputLen); - } - - try - { - byte[] buf = buffer.toByteArray(); - - buffer.reset(); - - buf = cipher.processBlock(buf, 0, buf.length); - - System.arraycopy(buf, 0, output, outputOffset, buf.length); - - return buf.length; - } - catch (InvalidCipherTextException e) - { - throw new BadPaddingException(e.getMessage()); - } - } - - /** - * classes that inherit from us. - */ -// BEGIN android-removed -// static public class BrokenECIES -// extends JCEIESCipher -// { -// public BrokenECIES() -// { -// super(new IESEngine( -// new ECDHBasicAgreement(), -// new BrokenKDF2BytesGenerator(new SHA1Digest()), -// new HMac(new SHA1Digest()))); -// } -// } -// END android-removed - - static public class BrokenIES - extends JCEIESCipher - { - public BrokenIES() - { - super(new IESEngine( - new DHBasicAgreement(), - new BrokenKDF2BytesGenerator(new SHA1Digest()), - new HMac(new SHA1Digest()))); - } - } - -// BEGIN android-removed -// static public class ECIES -// extends JCEIESCipher -// { -// public ECIES() -// { -// super(new IESEngine( -// new ECDHBasicAgreement(), -// new KDF2BytesGenerator(new SHA1Digest()), -// new HMac(new SHA1Digest()))); -// } -// } -// END android-removed - - static public class IES - extends JCEIESCipher - { - public IES() - { - super(new IESEngine( - new DHBasicAgreement(), - new KDF2BytesGenerator(new SHA1Digest()), - new HMac(new SHA1Digest()))); - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/JCEKeyGenerator.java b/luni/src/main/java/org/bouncycastle/jce/provider/JCEKeyGenerator.java deleted file mode 100644 index 23c3bf7..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/JCEKeyGenerator.java +++ /dev/null @@ -1,541 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidParameterException; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.KeyGeneratorSpi; -import javax.crypto.SecretKey; -import javax.crypto.spec.SecretKeySpec; - -import org.bouncycastle.crypto.CipherKeyGenerator; -import org.bouncycastle.crypto.KeyGenerationParameters; -import org.bouncycastle.crypto.generators.DESKeyGenerator; -import org.bouncycastle.crypto.generators.DESedeKeyGenerator; - -public class JCEKeyGenerator - extends KeyGeneratorSpi -{ - protected String algName; - protected int keySize; - protected int defaultKeySize; - protected CipherKeyGenerator engine; - - protected boolean uninitialised = true; - - protected JCEKeyGenerator( - String algName, - int defaultKeySize, - CipherKeyGenerator engine) - { - this.algName = algName; - this.keySize = this.defaultKeySize = defaultKeySize; - this.engine = engine; - } - - protected void engineInit( - AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - throw new InvalidAlgorithmParameterException("Not Implemented"); - } - - protected void engineInit( - SecureRandom random) - { - if (random != null) - { - uninitialised = false; - - engine.init(new KeyGenerationParameters(random, defaultKeySize)); - } - } - - protected void engineInit( - int keySize, - SecureRandom random) - { - uninitialised = false; - - try - { - engine.init(new KeyGenerationParameters(random, keySize)); - } - catch (IllegalArgumentException e) - { - throw new InvalidParameterException(e.getMessage()); - } - } - - protected SecretKey engineGenerateKey() - { - if (uninitialised) - { - engine.init(new KeyGenerationParameters( - new SecureRandom(), defaultKeySize)); - } - - return (SecretKey)(new SecretKeySpec(engine.generateKey(), algName)); - } - - /** - * the generators that are defined directly off us. - */ - - /** - * DES - */ - public static class DES - extends JCEKeyGenerator - { - public DES() - { - super("DES", 64, new DESKeyGenerator()); - } - } - - /** - * DESede - the default for this is to generate a key in - * a-b-a format that's 24 bytes long but has 16 bytes of - * key material (the first 8 bytes is repeated as the last - * 8 bytes). If you give it a size, you'll get just what you - * asked for. - */ - public static class DESede - extends JCEKeyGenerator - { - private boolean keySizeSet = false; - - public DESede() - { - super("DESede", 192, new DESedeKeyGenerator()); - } - - protected void engineInit( - int keySize, - SecureRandom random) - { - super.engineInit(keySize, random); - keySizeSet = true; - } - - protected SecretKey engineGenerateKey() - { - if (uninitialised) - { - engine.init(new KeyGenerationParameters( - new SecureRandom(), defaultKeySize)); - } - - // - // if no key size has been defined generate a 24 byte key in - // the a-b-a format - // - if (!keySizeSet) - { - byte[] k = engine.generateKey(); - - System.arraycopy(k, 0, k, 16, 8); - - return (SecretKey)(new SecretKeySpec(k, algName)); - } - else - { - return (SecretKey)(new SecretKeySpec(engine.generateKey(), algName)); - } - } - } - - /** - * generate a desEDE key in the a-b-c format. - */ - public static class DESede3 - extends JCEKeyGenerator - { - private boolean keySizeSet = false; - - public DESede3() - { - super("DESede3", 192, new DESedeKeyGenerator()); - } - - protected void engineInit( - int keySize, - SecureRandom random) - { - super.engineInit(keySize, random); - keySizeSet = true; - } - - protected SecretKey engineGenerateKey() - { - if (uninitialised) - { - engine.init(new KeyGenerationParameters( - new SecureRandom(), defaultKeySize)); - } - - return (SecretKey)(new SecretKeySpec(engine.generateKey(), algName)); - } - } - - /** - * SKIPJACK - */ - public static class Skipjack - extends JCEKeyGenerator - { - public Skipjack() - { - super("SKIPJACK", 80, new CipherKeyGenerator()); - } - } - - /** - * Blowfish - */ - public static class Blowfish - extends JCEKeyGenerator - { - public Blowfish() - { - super("Blowfish", 448, new CipherKeyGenerator()); - } - } - - /** - * Twofish - */ - public static class Twofish - extends JCEKeyGenerator - { - public Twofish() - { - super("Twofish", 256, new CipherKeyGenerator()); - } - } - - /** - * RC2 - */ - public static class RC2 - extends JCEKeyGenerator - { - public RC2() - { - super("RC2", 128, new CipherKeyGenerator()); - } - } - - /** - * RC4 - */ - public static class RC4 - extends JCEKeyGenerator - { - public RC4() - { - super("RC4", 128, new CipherKeyGenerator()); - } - } - - /** - * RC5 - */ - public static class RC5 - extends JCEKeyGenerator - { - public RC5() - { - super("RC5", 128, new CipherKeyGenerator()); - } - } - - /** - * RC5 - */ - public static class RC564 - extends JCEKeyGenerator - { - public RC564() - { - super("RC5-64", 256, new CipherKeyGenerator()); - } - } - - /** - * RC6 - */ - public static class RC6 - extends JCEKeyGenerator - { - public RC6() - { - super("RC6", 256, new CipherKeyGenerator()); - } - } - - /** - * AES - */ - public static class AES - extends JCEKeyGenerator - { - public AES() - { - super("AES", 192, new CipherKeyGenerator()); - } - } - - public static class AES128 - extends JCEKeyGenerator - { - public AES128() - { - super("AES", 128, new CipherKeyGenerator()); - } - } - - public static class AES192 - extends JCEKeyGenerator - { - public AES192() - { - super("AES", 192, new CipherKeyGenerator()); - } - } - - public static class AES256 - extends JCEKeyGenerator - { - public AES256() - { - super("AES", 256, new CipherKeyGenerator()); - } - } - - /** - * GOST28147 - */ - public static class GOST28147 - extends JCEKeyGenerator - { - public GOST28147() - { - super("GOST28147", 256, new CipherKeyGenerator()); - } - } - - /** - * Rijndael - */ - public static class Rijndael - extends JCEKeyGenerator - { - public Rijndael() - { - super("Rijndael", 192, new CipherKeyGenerator()); - } - } - - /** - * Serpent - */ - public static class Serpent - extends JCEKeyGenerator - { - public Serpent() - { - super("Serpent", 192, new CipherKeyGenerator()); - } - } - - /** - * Camellia - */ - public static class Camellia - extends JCEKeyGenerator - { - public Camellia() - { - super("Camellia", 256, new CipherKeyGenerator()); - } - } - - /** - * CAST5 - */ - public static class CAST5 - extends JCEKeyGenerator - { - public CAST5() - { - super("CAST5", 128, new CipherKeyGenerator()); - } - } - - /** - * CAST6 - */ - public static class CAST6 - extends JCEKeyGenerator - { - public CAST6() - { - super("CAST6", 256, new CipherKeyGenerator()); - } - } - - /** - * IDEA - */ - public static class IDEA - extends JCEKeyGenerator - { - public IDEA() - { - super("IDEA", 128, new CipherKeyGenerator()); - } - } - - // HMAC Related secret keys.. - - // BEGIN android-removed - // /** - // * MD2HMAC - // */ - // public static class MD2HMAC - // extends JCEKeyGenerator - // { - // public MD2HMAC() - // { - // super("HMACMD2", 128, new CipherKeyGenerator()); - // } - // } - // END android-removed - - - /** - * MD4HMAC - */ - public static class MD4HMAC - extends JCEKeyGenerator - { - public MD4HMAC() - { - super("HMACMD4", 128, new CipherKeyGenerator()); - } - } - - /** - * MD5HMAC - */ - public static class MD5HMAC - extends JCEKeyGenerator - { - public MD5HMAC() - { - super("HMACMD5", 128, new CipherKeyGenerator()); - } - } - - - /** - * RIPE128HMAC - */ - public static class RIPEMD128HMAC - extends JCEKeyGenerator - { - public RIPEMD128HMAC() - { - super("HMACRIPEMD128", 128, new CipherKeyGenerator()); - } - } - - /** - * RIPE160HMAC - */ - public static class RIPEMD160HMAC - extends JCEKeyGenerator - { - public RIPEMD160HMAC() - { - super("HMACRIPEMD160", 160, new CipherKeyGenerator()); - } - } - - - /** - * HMACSHA1 - */ - public static class HMACSHA1 - extends JCEKeyGenerator - { - public HMACSHA1() - { - super("HMACSHA1", 160, new CipherKeyGenerator()); - } - } - - /** - * HMACSHA224 - */ - public static class HMACSHA224 - extends JCEKeyGenerator - { - public HMACSHA224() - { - super("HMACSHA224", 224, new CipherKeyGenerator()); - } - } - - /** - * HMACSHA256 - */ - public static class HMACSHA256 - extends JCEKeyGenerator - { - public HMACSHA256() - { - super("HMACSHA256", 256, new CipherKeyGenerator()); - } - } - - /** - * HMACSHA384 - */ - public static class HMACSHA384 - extends JCEKeyGenerator - { - public HMACSHA384() - { - super("HMACSHA384", 384, new CipherKeyGenerator()); - } - } - - /** - * HMACSHA512 - */ - public static class HMACSHA512 - extends JCEKeyGenerator - { - public HMACSHA512() - { - super("HMACSHA512", 512, new CipherKeyGenerator()); - } - } - - /** - * HMACTIGER - */ - public static class HMACTIGER - extends JCEKeyGenerator - { - public HMACTIGER() - { - super("HMACTIGER", 192, new CipherKeyGenerator()); - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/JCEMac.java b/luni/src/main/java/org/bouncycastle/jce/provider/JCEMac.java deleted file mode 100644 index 74d8147..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/JCEMac.java +++ /dev/null @@ -1,544 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.MacSpi; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.PBEParameterSpec; - -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.Mac; -import org.bouncycastle.crypto.digests.*; -import org.bouncycastle.crypto.engines.DESEngine; -import org.bouncycastle.crypto.engines.DESedeEngine; -// BEGIN android-removed -// import org.bouncycastle.crypto.engines.IDEAEngine; -// import org.bouncycastle.crypto.engines.RC2Engine; -// import org.bouncycastle.crypto.engines.RC532Engine; -// import org.bouncycastle.crypto.engines.SkipjackEngine; -// END android-removed -import org.bouncycastle.crypto.macs.CBCBlockCipherMac; -import org.bouncycastle.crypto.macs.CFBBlockCipherMac; -// BEGIN android-removed -// import org.bouncycastle.crypto.macs.GOST28147Mac; -// END android-removed -import org.bouncycastle.crypto.macs.HMac; -import org.bouncycastle.crypto.macs.ISO9797Alg3Mac; -import org.bouncycastle.crypto.macs.OldHMac; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; - -public class JCEMac - extends MacSpi implements PBE -{ - private Mac macEngine; - - private int pbeType = PKCS12; - private int pbeHash = SHA1; - private int keySize = 160; - - protected JCEMac( - Mac macEngine) - { - this.macEngine = macEngine; - } - - protected JCEMac( - Mac macEngine, - int pbeType, - int pbeHash, - int keySize) - { - this.macEngine = macEngine; - this.pbeType = pbeType; - this.pbeHash = pbeHash; - this.keySize = keySize; - } - - protected void engineInit( - Key key, - AlgorithmParameterSpec params) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - CipherParameters param; - - if (key == null) - { - throw new InvalidKeyException("key is null"); - } - - if (key instanceof JCEPBEKey) - { - JCEPBEKey k = (JCEPBEKey)key; - - if (k.getParam() != null) - { - param = k.getParam(); - } - else if (params instanceof PBEParameterSpec) - { - param = PBE.Util.makePBEMacParameters(k, params); - } - else - { - throw new InvalidAlgorithmParameterException("PBE requires PBE parameters to be set."); - } - } - else if (params instanceof IvParameterSpec) - { - param = new ParametersWithIV(new KeyParameter(key.getEncoded()), ((IvParameterSpec)params).getIV()); - } - else if (params == null) - { - param = new KeyParameter(key.getEncoded()); - } - else - { - throw new InvalidAlgorithmParameterException("unknown parameter type."); - } - - macEngine.init(param); - } - - protected int engineGetMacLength() - { - return macEngine.getMacSize(); - } - - protected void engineReset() - { - macEngine.reset(); - } - - protected void engineUpdate( - byte input) - { - macEngine.update(input); - } - - protected void engineUpdate( - byte[] input, - int offset, - int len) - { - macEngine.update(input, offset, len); - } - - protected byte[] engineDoFinal() - { - byte[] out = new byte[engineGetMacLength()]; - - macEngine.doFinal(out, 0); - - return out; - } - - /** - * the classes that extend directly off us. - */ - - /** - * DES - */ - public static class DES - extends JCEMac - { - public DES() - { - super(new CBCBlockCipherMac(new DESEngine())); - } - } - - /** - * DESede - */ - public static class DESede - extends JCEMac - { - public DESede() - { - super(new CBCBlockCipherMac(new DESedeEngine())); - } - } - - /** - * SKIPJACK - */ - // BEGIN android-removed - // public static class Skipjack - // extends JCEMac - // { - // public Skipjack() - // { - // super(new CBCBlockCipherMac(new SkipjackEngine())); - // } - // } - // END android-removed - - /** - * IDEA - */ - // BEGIN android-removed - // public static class IDEA - // extends JCEMac - // { - // public IDEA() - // { - // super(new CBCBlockCipherMac(new IDEAEngine())); - // } - // } - // END android-removed - - /** - * RC2 - */ - // BEGIN android-removed - // public static class RC2 - // extends JCEMac - // { - // public RC2() - // { - // super(new CBCBlockCipherMac(new RC2Engine())); - // } - // } - // END android-removed - - /** - * RC5 - */ - // BEGIN android-removed - // public static class RC5 - // extends JCEMac - // { - // public RC5() - // { - // super(new CBCBlockCipherMac(new RC532Engine())); - // } - // } - // END android-removed - - /** - * GOST28147 - */ - // BEGIN android-removed - // public static class GOST28147 - // extends JCEMac - // { - // public GOST28147() - // { - // super(new GOST28147Mac()); - // } - // } - // END android-removed - - /** - * DES - */ - public static class DESCFB8 - extends JCEMac - { - public DESCFB8() - { - super(new CFBBlockCipherMac(new DESEngine())); - } - } - - /** - * DESede - */ - public static class DESedeCFB8 - extends JCEMac - { - public DESedeCFB8() - { - super(new CFBBlockCipherMac(new DESedeEngine())); - } - } - - /** - * SKIPJACK - */ - // BEGIN android-removed - // public static class SkipjackCFB8 - // extends JCEMac - // { - // public SkipjackCFB8() - // { - // super(new CFBBlockCipherMac(new SkipjackEngine())); - // } - // } - // END android-removed - - /** - * IDEACFB8 - */ - // BEGIN android-removed - // public static class IDEACFB8 - // extends JCEMac - // { - // public IDEACFB8() - // { - // super(new CFBBlockCipherMac(new IDEAEngine())); - // } - // } - // END android-removed - - /** - * RC2CFB8 - */ - // BEGIN android-removed - // public static class RC2CFB8 - // extends JCEMac - // { - // public RC2CFB8() - // { - // super(new CFBBlockCipherMac(new RC2Engine())); - // } - // } - // END android-removed - - /** - * RC5CFB8 - */ - // BEGIN android-removed - // public static class RC5CFB8 - // extends JCEMac - // { - // public RC5CFB8() - // { - // super(new CFBBlockCipherMac(new RC532Engine())); - // } - // } - // END android-removed - - - /** - * DESede64 - */ - public static class DESede64 - extends JCEMac - { - public DESede64() - { - super(new CBCBlockCipherMac(new DESedeEngine(), 64)); - } - } - - /** - * DES9797Alg3 - */ - public static class DES9797Alg3 - extends JCEMac - { - public DES9797Alg3() - { - super(new ISO9797Alg3Mac(new DESEngine())); - } - } - - /** - * MD2 HMac - */ - // BEGIN android-removed - // public static class MD2 - // extends JCEMac - // { - // public MD2() - // { - // super(new HMac(new MD2Digest())); - // } - // } - // END android-removed - - /** - * MD4 HMac - */ - // BEGIN android-removed - // public static class MD4 - // extends JCEMac - // { - // public MD4() - // { - // super(new HMac(new MD4Digest())); - // } - // } - // END android-removed - - /** - * MD5 HMac - */ - public static class MD5 - extends JCEMac - { - public MD5() - { - super(new HMac(new MD5Digest())); - } - } - - /** - * SHA1 HMac - */ - public static class SHA1 - extends JCEMac - { - public SHA1() - { - super(new HMac(new SHA1Digest())); - } - } - - /** - * SHA-224 HMac - */ - public static class SHA224 - extends JCEMac - { - public SHA224() - { - super(new HMac(new SHA224Digest())); - } - } - - /** - * SHA-256 HMac - */ - public static class SHA256 - extends JCEMac - { - public SHA256() - { - super(new HMac(new SHA256Digest())); - } - } - - /** - * SHA-384 HMac - */ - public static class SHA384 - extends JCEMac - { - public SHA384() - { - super(new HMac(new SHA384Digest())); - } - } - - public static class OldSHA384 - extends JCEMac - { - public OldSHA384() - { - super(new OldHMac(new SHA384Digest())); - } - } - - /** - * SHA-512 HMac - */ - public static class SHA512 - extends JCEMac - { - public SHA512() - { - super(new HMac(new SHA512Digest())); - } - } - - /** - * SHA-512 HMac - */ - public static class OldSHA512 - extends JCEMac - { - public OldSHA512() - { - super(new OldHMac(new SHA512Digest())); - } - } - -// BEGIN android-removed -// /** -// * RIPEMD128 HMac -// */ -// public static class RIPEMD128 -// extends JCEMac -// { -// public RIPEMD128() -// { -// super(new HMac(new RIPEMD128Digest())); -// } -// } -// -// /** -// * RIPEMD160 HMac -// */ -// public static class RIPEMD160 -// extends JCEMac -// { -// public RIPEMD160() -// { -// super(new HMac(new RIPEMD160Digest())); -// } -// } -// -// /** -// * Tiger HMac -// */ -// public static class Tiger -// extends JCEMac -// { -// public Tiger() -// { -// super(new HMac(new TigerDigest())); -// } -// } -// -// // -// // PKCS12 states that the same algorithm should be used -// // for the key generation as is used in the HMAC, so that -// // is what we do here. -// // -// -// /** -// * PBEWithHmacRIPEMD160 -// */ -// public static class PBEWithRIPEMD160 -// extends JCEMac -// { -// public PBEWithRIPEMD160() -// { -// super(new HMac(new RIPEMD160Digest()), PKCS12, RIPEMD160, 160); -// } -// } -// END android-removed - - /** - * PBEWithHmacSHA - */ - public static class PBEWithSHA - extends JCEMac - { - public PBEWithSHA() - { - super(new HMac(new SHA1Digest()), PKCS12, SHA1, 160); - } - } - - /** - * PBEWithHmacTiger - */ -// BEGIN android-removed -// public static class PBEWithTiger -// extends JCEMac -// { -// public PBEWithTiger() -// { -// super(new HMac(new TigerDigest()), PKCS12, TIGER, 192); -// } -// } -// END android-removed -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/JCEPBEKey.java b/luni/src/main/java/org/bouncycastle/jce/provider/JCEPBEKey.java deleted file mode 100644 index 13b5230..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/JCEPBEKey.java +++ /dev/null @@ -1,151 +0,0 @@ -package org.bouncycastle.jce.provider; - -import javax.crypto.interfaces.PBEKey; -import javax.crypto.spec.PBEKeySpec; - -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.PBEParametersGenerator; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; - -public class JCEPBEKey - implements PBEKey -{ - String algorithm; - DERObjectIdentifier oid; - int type; - int digest; - int keySize; - int ivSize; - CipherParameters param; - PBEKeySpec pbeKeySpec; - boolean tryWrong = false; - - /** - * @param param - */ - public JCEPBEKey( - String algorithm, - DERObjectIdentifier oid, - int type, - int digest, - int keySize, - int ivSize, - PBEKeySpec pbeKeySpec, - CipherParameters param) - { - this.algorithm = algorithm; - this.oid = oid; - this.type = type; - this.digest = digest; - this.keySize = keySize; - this.ivSize = ivSize; - this.pbeKeySpec = pbeKeySpec; - this.param = param; - } - - public String getAlgorithm() - { - return algorithm; - } - - public String getFormat() - { - return "RAW"; - } - - public byte[] getEncoded() - { - if (param != null) - { - KeyParameter kParam; - - if (param instanceof ParametersWithIV) - { - kParam = (KeyParameter)((ParametersWithIV)param).getParameters(); - } - else - { - kParam = (KeyParameter)param; - } - - return kParam.getKey(); - } - else - { - if (type == PBE.PKCS12) - { - return PBEParametersGenerator.PKCS12PasswordToBytes(pbeKeySpec.getPassword()); - } - else - { - return PBEParametersGenerator.PKCS5PasswordToBytes(pbeKeySpec.getPassword()); - } - } - } - - int getType() - { - return type; - } - - int getDigest() - { - return digest; - } - - int getKeySize() - { - return keySize; - } - - int getIvSize() - { - return ivSize; - } - - CipherParameters getParam() - { - return param; - } - - /* (non-Javadoc) - * @see javax.crypto.interfaces.PBEKey#getPassword() - */ - public char[] getPassword() - { - return pbeKeySpec.getPassword(); - } - - /* (non-Javadoc) - * @see javax.crypto.interfaces.PBEKey#getSalt() - */ - public byte[] getSalt() - { - return pbeKeySpec.getSalt(); - } - - /* (non-Javadoc) - * @see javax.crypto.interfaces.PBEKey#getIterationCount() - */ - public int getIterationCount() - { - return pbeKeySpec.getIterationCount(); - } - - public DERObjectIdentifier getOID() - { - return oid; - } - - void setTryWrongPKCS12Zero(boolean tryWrong) - { - this.tryWrong = tryWrong; - } - - boolean shouldTryWrongPKCS12() - { - return tryWrong; - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/JCERSACipher.java b/luni/src/main/java/org/bouncycastle/jce/provider/JCERSACipher.java deleted file mode 100644 index 54b49c0..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/JCERSACipher.java +++ /dev/null @@ -1,581 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.ByteArrayOutputStream; -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.InvalidParameterException; -import java.security.Key; -import java.security.NoSuchAlgorithmException; -import java.security.SecureRandom; -import java.security.interfaces.RSAPrivateKey; -import java.security.interfaces.RSAPublicKey; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.InvalidParameterSpecException; -import java.security.spec.MGF1ParameterSpec; - -import javax.crypto.BadPaddingException; -import javax.crypto.Cipher; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.spec.OAEPParameterSpec; -import javax.crypto.spec.PSource; - -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.crypto.AsymmetricBlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.InvalidCipherTextException; -import org.bouncycastle.crypto.encodings.ISO9796d1Encoding; -import org.bouncycastle.crypto.encodings.OAEPEncoding; -import org.bouncycastle.crypto.encodings.PKCS1Encoding; -import org.bouncycastle.crypto.engines.RSAEngine; -import org.bouncycastle.crypto.params.ParametersWithRandom; -import org.bouncycastle.util.Strings; - -public class JCERSACipher extends WrapCipherSpi -{ - private AsymmetricBlockCipher cipher; - private AlgorithmParameterSpec paramSpec; - private AlgorithmParameters engineParams; - private boolean publicKeyOnly = false; - private boolean privateKeyOnly = false; - private ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - public JCERSACipher( - AsymmetricBlockCipher engine) - { - cipher = engine; - } - - public JCERSACipher( - OAEPParameterSpec pSpec) - { - try - { - initFromSpec(pSpec); - } - catch (NoSuchPaddingException e) - { - throw new IllegalArgumentException(e.getMessage()); - } - } - - public JCERSACipher( - boolean publicKeyOnly, - boolean privateKeyOnly, - AsymmetricBlockCipher engine) - { - this.publicKeyOnly = publicKeyOnly; - this.privateKeyOnly = privateKeyOnly; - cipher = engine; - } - - private void initFromSpec( - OAEPParameterSpec pSpec) - throws NoSuchPaddingException - { - MGF1ParameterSpec mgfParams = (MGF1ParameterSpec)pSpec.getMGFParameters(); - Digest digest = JCEDigestUtil.getDigest(mgfParams.getDigestAlgorithm()); - - if (digest == null) - { - throw new NoSuchPaddingException("no match on OAEP constructor for digest algorithm: "+ mgfParams.getDigestAlgorithm()); - } - - cipher = new OAEPEncoding(new RSAEngine(), digest, ((PSource.PSpecified)pSpec.getPSource()).getValue()); - paramSpec = pSpec; - } - - protected int engineGetBlockSize() - { - try - { - return cipher.getInputBlockSize(); - } - catch (NullPointerException e) - { - throw new IllegalStateException("RSA Cipher not initialised"); - } - } - - protected byte[] engineGetIV() - { - return null; - } - - protected int engineGetKeySize( - Key key) - { - if (key instanceof RSAPrivateKey) - { - RSAPrivateKey k = (RSAPrivateKey)key; - - return k.getModulus().bitLength(); - } - else if (key instanceof RSAPublicKey) - { - RSAPublicKey k = (RSAPublicKey)key; - - return k.getModulus().bitLength(); - } - - throw new IllegalArgumentException("not an RSA key!"); - } - - protected int engineGetOutputSize( - int inputLen) - { - try - { - return cipher.getOutputBlockSize(); - } - catch (NullPointerException e) - { - throw new IllegalStateException("RSA Cipher not initialised"); - } - } - - protected AlgorithmParameters engineGetParameters() - { - if (engineParams == null) - { - if (paramSpec != null) - { - try - { - engineParams = AlgorithmParameters.getInstance("OAEP", "BC"); - engineParams.init(paramSpec); - } - catch (Exception e) - { - throw new RuntimeException(e.toString()); - } - } - } - - return engineParams; - } - - protected void engineSetMode( - String mode) - throws NoSuchAlgorithmException - { - String md = Strings.toUpperCase(mode); - - if (md.equals("NONE") || md.equals("ECB")) - { - return; - } - - if (md.equals("1")) - { - privateKeyOnly = true; - publicKeyOnly = false; - return; - } - else if (md.equals("2")) - { - privateKeyOnly = false; - publicKeyOnly = true; - return; - } - - throw new NoSuchAlgorithmException("can't support mode " + mode); - } - - protected void engineSetPadding( - String padding) - throws NoSuchPaddingException - { - String pad = Strings.toUpperCase(padding); - - if (pad.equals("NOPADDING")) - { - cipher = new RSAEngine(); - } - else if (pad.equals("PKCS1PADDING")) - { - cipher = new PKCS1Encoding(new RSAEngine()); - } - else if (pad.equals("ISO9796-1PADDING")) - { - cipher = new ISO9796d1Encoding(new RSAEngine()); - } - else if (pad.equals("OAEPWITHMD5ANDMGF1PADDING")) - { - initFromSpec(new OAEPParameterSpec("MD5", "MGF1", new MGF1ParameterSpec("MD5"), PSource.PSpecified.DEFAULT)); - } - else if (pad.equals("OAEPPADDING")) - { - initFromSpec(OAEPParameterSpec.DEFAULT); - } - else if (pad.equals("OAEPWITHSHA1ANDMGF1PADDING")) - { - initFromSpec(OAEPParameterSpec.DEFAULT); - } - else if (pad.equals("OAEPWITHSHA224ANDMGF1PADDING")) - { - initFromSpec(new OAEPParameterSpec("SHA-224", "MGF1", new MGF1ParameterSpec("SHA-224"), PSource.PSpecified.DEFAULT)); - } - else if (pad.equals("OAEPWITHSHA256ANDMGF1PADDING")) - { - initFromSpec(new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT)); - } - else if (pad.equals("OAEPWITHSHA384ANDMGF1PADDING")) - { - initFromSpec(new OAEPParameterSpec("SHA-384", "MGF1", MGF1ParameterSpec.SHA384, PSource.PSpecified.DEFAULT)); - } - else if (pad.equals("OAEPWITHSHA512ANDMGF1PADDING")) - { - initFromSpec(new OAEPParameterSpec("SHA-512", "MGF1", MGF1ParameterSpec.SHA512, PSource.PSpecified.DEFAULT)); - } - else - { - throw new NoSuchPaddingException(padding + " unavailable with RSA."); - } - } - - protected void engineInit( - int opmode, - Key key, - AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - CipherParameters param; - - if (params == null || params instanceof OAEPParameterSpec) - { - if (key instanceof RSAPublicKey) - { - if (privateKeyOnly) - { - throw new InvalidKeyException( - "mode 1 requires RSAPrivateKey"); - } - - param = RSAUtil.generatePublicKeyParameter((RSAPublicKey)key); - } - else if (key instanceof RSAPrivateKey) - { - if (publicKeyOnly) - { - throw new InvalidKeyException( - "mode 2 requires RSAPublicKey"); - } - - param = RSAUtil.generatePrivateKeyParameter((RSAPrivateKey)key); - } - else - { - throw new InvalidKeyException("unknown key type passed to RSA"); - } - - if (params != null) - { - OAEPParameterSpec spec = (OAEPParameterSpec)params; - - paramSpec = params; - - if (!spec.getMGFAlgorithm().equalsIgnoreCase("MGF1") && !spec.getMGFAlgorithm().equals(PKCSObjectIdentifiers.id_mgf1.getId())) - { - throw new InvalidAlgorithmParameterException("unknown mask generation function specified"); - } - - if (!(spec.getMGFParameters() instanceof MGF1ParameterSpec)) - { - throw new InvalidAlgorithmParameterException("unkown MGF parameters"); - } - - MGF1ParameterSpec mgfParams = (MGF1ParameterSpec)spec.getMGFParameters(); - - if (!JCEDigestUtil.isSameDigest(mgfParams.getDigestAlgorithm(), spec.getDigestAlgorithm())) - { - throw new InvalidAlgorithmParameterException("digest algorithm for MGF should be the same as for OAEP parameters."); - } - - Digest digest = JCEDigestUtil.getDigest(mgfParams.getDigestAlgorithm()); - - if (digest == null) - { - throw new InvalidAlgorithmParameterException("no match on MGF digest algorithm: "+ mgfParams.getDigestAlgorithm()); - } - - cipher = new OAEPEncoding(new RSAEngine(), digest, ((PSource.PSpecified)spec.getPSource()).getValue()); - } - } - else - { - throw new IllegalArgumentException("unknown parameter type."); - } - - if (!(cipher instanceof RSAEngine)) - { - if (random != null) - { - param = new ParametersWithRandom(param, random); - } - else - { - param = new ParametersWithRandom(param, new SecureRandom()); - } - } - - switch (opmode) - { - case Cipher.ENCRYPT_MODE: - case Cipher.WRAP_MODE: - cipher.init(true, param); - break; - case Cipher.DECRYPT_MODE: - case Cipher.UNWRAP_MODE: - cipher.init(false, param); - break; - default: - throw new InvalidParameterException("unknown opmode " + opmode + " passed to RSA"); - } - } - - protected void engineInit( - int opmode, - Key key, - AlgorithmParameters params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - AlgorithmParameterSpec paramSpec = null; - - if (params != null) - { - try - { - paramSpec = params.getParameterSpec(OAEPParameterSpec.class); - } - catch (InvalidParameterSpecException e) - { - throw new InvalidAlgorithmParameterException("cannot recognise parameters: " + e.toString(), e); - } - } - - engineParams = params; - engineInit(opmode, key, paramSpec, random); - } - - protected void engineInit( - int opmode, - Key key, - SecureRandom random) - throws InvalidKeyException - { - try - { - engineInit(opmode, key, (AlgorithmParameterSpec)null, random); - } - catch (InvalidAlgorithmParameterException e) - { - // this shouldn't happen - throw new RuntimeException("Eeeek! " + e.toString(), e); - } - } - - protected byte[] engineUpdate( - byte[] input, - int inputOffset, - int inputLen) - { - bOut.write(input, inputOffset, inputLen); - - if (cipher instanceof RSAEngine) - { - if (bOut.size() > cipher.getInputBlockSize() + 1) - { - throw new ArrayIndexOutOfBoundsException("too much data for RSA block"); - } - } - else - { - if (bOut.size() > cipher.getInputBlockSize()) - { - throw new ArrayIndexOutOfBoundsException("too much data for RSA block"); - } - } - - return null; - } - - protected int engineUpdate( - byte[] input, - int inputOffset, - int inputLen, - byte[] output, - int outputOffset) - { - bOut.write(input, inputOffset, inputLen); - - if (cipher instanceof RSAEngine) - { - if (bOut.size() > cipher.getInputBlockSize() + 1) - { - throw new ArrayIndexOutOfBoundsException("too much data for RSA block"); - } - } - else - { - if (bOut.size() > cipher.getInputBlockSize()) - { - throw new ArrayIndexOutOfBoundsException("too much data for RSA block"); - } - } - - return 0; - } - - protected byte[] engineDoFinal( - byte[] input, - int inputOffset, - int inputLen) - throws IllegalBlockSizeException, BadPaddingException - { - if (input != null) - { - bOut.write(input, inputOffset, inputLen); - } - - if (cipher instanceof RSAEngine) - { - if (bOut.size() > cipher.getInputBlockSize() + 1) - { - throw new ArrayIndexOutOfBoundsException("too much data for RSA block"); - } - } - else - { - if (bOut.size() > cipher.getInputBlockSize()) - { - throw new ArrayIndexOutOfBoundsException("too much data for RSA block"); - } - } - - try - { - byte[] bytes = bOut.toByteArray(); - - bOut.reset(); - - return cipher.processBlock(bytes, 0, bytes.length); - } - catch (InvalidCipherTextException e) - { - throw new BadPaddingException(e.getMessage()); - } - } - - protected int engineDoFinal( - byte[] input, - int inputOffset, - int inputLen, - byte[] output, - int outputOffset) - throws IllegalBlockSizeException, BadPaddingException - { - if (input != null) - { - bOut.write(input, inputOffset, inputLen); - } - - if (cipher instanceof RSAEngine) - { - if (bOut.size() > cipher.getInputBlockSize() + 1) - { - throw new ArrayIndexOutOfBoundsException("too much data for RSA block"); - } - } - else - { - if (bOut.size() > cipher.getInputBlockSize()) - { - throw new ArrayIndexOutOfBoundsException("too much data for RSA block"); - } - } - - byte[] out; - - try - { - byte[] bytes = bOut.toByteArray(); - bOut.reset(); - - out = cipher.processBlock(bytes, 0, bytes.length); - } - catch (InvalidCipherTextException e) - { - throw new BadPaddingException(e.getMessage()); - } - - for (int i = 0; i != out.length; i++) - { - output[outputOffset + i] = out[i]; - } - - return out.length; - } - - /** - * classes that inherit from us. - */ - - static public class NoPadding - extends JCERSACipher - { - public NoPadding() - { - super(new RSAEngine()); - } - } - - static public class PKCS1v1_5Padding - extends JCERSACipher - { - public PKCS1v1_5Padding() - { - super(new PKCS1Encoding(new RSAEngine())); - } - } - - static public class PKCS1v1_5Padding_PrivateOnly - extends JCERSACipher - { - public PKCS1v1_5Padding_PrivateOnly() - { - super(false, true, new PKCS1Encoding(new RSAEngine())); - } - } - - static public class PKCS1v1_5Padding_PublicOnly - extends JCERSACipher - { - public PKCS1v1_5Padding_PublicOnly() - { - super(true, false, new PKCS1Encoding(new RSAEngine())); - } - } - - static public class OAEPPadding - extends JCERSACipher - { - public OAEPPadding() - { - super(OAEPParameterSpec.DEFAULT); - } - } - - static public class ISO9796d1Padding - extends JCERSACipher - { - public ISO9796d1Padding() - { - super(new ISO9796d1Encoding(new RSAEngine())); - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java b/luni/src/main/java/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java deleted file mode 100644 index 0971e90..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java +++ /dev/null @@ -1,237 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.math.BigInteger; -import java.security.interfaces.RSAPrivateCrtKey; -import java.security.spec.RSAPrivateCrtKeySpec; - -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DEROutputStream; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters; - -/** - * A provider representation for a RSA private key, with CRT factors included. - */ -public class JCERSAPrivateCrtKey - extends JCERSAPrivateKey - implements RSAPrivateCrtKey -{ - private BigInteger publicExponent; - private BigInteger primeP; - private BigInteger primeQ; - private BigInteger primeExponentP; - private BigInteger primeExponentQ; - private BigInteger crtCoefficient; - - /** - * construct a private key from it's org.bouncycastle.crypto equivalent. - * - * @param key the parameters object representing the private key. - */ - JCERSAPrivateCrtKey( - RSAPrivateCrtKeyParameters key) - { - super(key); - - this.publicExponent = key.getPublicExponent(); - this.primeP = key.getP(); - this.primeQ = key.getQ(); - this.primeExponentP = key.getDP(); - this.primeExponentQ = key.getDQ(); - this.crtCoefficient = key.getQInv(); - } - - /** - * construct a private key from an RSAPrivateCrtKeySpec - * - * @param spec the spec to be used in construction. - */ - JCERSAPrivateCrtKey( - RSAPrivateCrtKeySpec spec) - { - this.modulus = spec.getModulus(); - this.publicExponent = spec.getPublicExponent(); - this.privateExponent = spec.getPrivateExponent(); - this.primeP = spec.getPrimeP(); - this.primeQ = spec.getPrimeQ(); - this.primeExponentP = spec.getPrimeExponentP(); - this.primeExponentQ = spec.getPrimeExponentQ(); - this.crtCoefficient = spec.getCrtCoefficient(); - } - - /** - * construct a private key from another RSAPrivateCrtKey. - * - * @param key the object implementing the RSAPrivateCrtKey interface. - */ - JCERSAPrivateCrtKey( - RSAPrivateCrtKey key) - { - this.modulus = key.getModulus(); - this.publicExponent = key.getPublicExponent(); - this.privateExponent = key.getPrivateExponent(); - this.primeP = key.getPrimeP(); - this.primeQ = key.getPrimeQ(); - this.primeExponentP = key.getPrimeExponentP(); - this.primeExponentQ = key.getPrimeExponentQ(); - this.crtCoefficient = key.getCrtCoefficient(); - } - - /** - * construct an RSA key from a private key info object. - */ - JCERSAPrivateCrtKey( - PrivateKeyInfo info) - { - this(new RSAPrivateKeyStructure((ASN1Sequence)info.getPrivateKey())); - } - - /** - * construct an RSA key from a ASN.1 RSA private key object. - */ - JCERSAPrivateCrtKey( - RSAPrivateKeyStructure key) - { - this.modulus = key.getModulus(); - this.publicExponent = key.getPublicExponent(); - this.privateExponent = key.getPrivateExponent(); - this.primeP = key.getPrime1(); - this.primeQ = key.getPrime2(); - this.primeExponentP = key.getExponent1(); - this.primeExponentQ = key.getExponent2(); - this.crtCoefficient = key.getCoefficient(); - } - - /** - * return the encoding format we produce in getEncoded(). - * - * @return the encoding format we produce in getEncoded(). - */ - public String getFormat() - { - return "PKCS#8"; - } - - /** - * Return a PKCS8 representation of the key. The sequence returned - * represents a full PrivateKeyInfo object. - * - * @return a PKCS8 representation of the key. - */ - public byte[] getEncoded() - { - // BEGIN android-changed - PrivateKeyInfo info = new PrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.THE_ONE), new RSAPrivateKeyStructure(getModulus(), getPublicExponent(), getPrivateExponent(), getPrimeP(), getPrimeQ(), getPrimeExponentP(), getPrimeExponentQ(), getCrtCoefficient()).getDERObject()); - // END android-changed - - return info.getDEREncoded(); - } - - /** - * return the public exponent. - * - * @return the public exponent. - */ - public BigInteger getPublicExponent() - { - return publicExponent; - } - - /** - * return the prime P. - * - * @return the prime P. - */ - public BigInteger getPrimeP() - { - return primeP; - } - - /** - * return the prime Q. - * - * @return the prime Q. - */ - public BigInteger getPrimeQ() - { - return primeQ; - } - - /** - * return the prime exponent for P. - * - * @return the prime exponent for P. - */ - public BigInteger getPrimeExponentP() - { - return primeExponentP; - } - - /** - * return the prime exponent for Q. - * - * @return the prime exponent for Q. - */ - public BigInteger getPrimeExponentQ() - { - return primeExponentQ; - } - - /** - * return the CRT coefficient. - * - * @return the CRT coefficient. - */ - public BigInteger getCrtCoefficient() - { - return crtCoefficient; - } - - public boolean equals(Object o) - { - if (!(o instanceof RSAPrivateCrtKey)) - { - return false; - } - - if (o == this) - { - return true; - } - - RSAPrivateCrtKey key = (RSAPrivateCrtKey)o; - - return this.getModulus().equals(key.getModulus()) - && this.getPublicExponent().equals(key.getPublicExponent()) - && this.getPrivateExponent().equals(key.getPrivateExponent()) - && this.getPrimeP().equals(key.getPrimeP()) - && this.getPrimeQ().equals(key.getPrimeQ()) - && this.getPrimeExponentP().equals(key.getPrimeExponentP()) - && this.getPrimeExponentQ().equals(key.getPrimeExponentQ()) - && this.getCrtCoefficient().equals(key.getCrtCoefficient()); - } - - public String toString() - { - StringBuffer buf = new StringBuffer(); - String nl = System.getProperty("line.separator"); - - buf.append("RSA Private CRT Key").append(nl); - buf.append(" modulus: ").append(this.getModulus().toString(16)).append(nl); - buf.append(" public exponent: ").append(this.getPublicExponent().toString(16)).append(nl); - buf.append(" private exponent: ").append(this.getPrivateExponent().toString(16)).append(nl); - buf.append(" primeP: ").append(this.getPrimeP().toString(16)).append(nl); - buf.append(" primeQ: ").append(this.getPrimeQ().toString(16)).append(nl); - buf.append(" primeExponentP: ").append(this.getPrimeExponentP().toString(16)).append(nl); - buf.append(" primeExponentQ: ").append(this.getPrimeExponentQ().toString(16)).append(nl); - buf.append(" crtCoefficient: ").append(this.getCrtCoefficient().toString(16)).append(nl); - - return buf.toString(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/JCERSAPrivateKey.java b/luni/src/main/java/org/bouncycastle/jce/provider/JCERSAPrivateKey.java deleted file mode 100644 index 74b8d08..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/JCERSAPrivateKey.java +++ /dev/null @@ -1,184 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.ObjectInputStream; -import java.io.ObjectOutputStream; -import java.math.BigInteger; -import java.security.interfaces.RSAPrivateKey; -import java.security.spec.RSAPrivateKeySpec; -import java.util.Enumeration; -import java.util.Hashtable; -import java.util.Vector; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1OutputStream; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.crypto.params.RSAKeyParameters; -import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; - -public class JCERSAPrivateKey - implements RSAPrivateKey, PKCS12BagAttributeCarrier -{ - protected BigInteger modulus; - protected BigInteger privateExponent; - - private Hashtable pkcs12Attributes = new Hashtable(); - private Vector pkcs12Ordering = new Vector(); - - protected JCERSAPrivateKey() - { - } - - JCERSAPrivateKey( - RSAKeyParameters key) - { - this.modulus = key.getModulus(); - this.privateExponent = key.getExponent(); - } - - JCERSAPrivateKey( - RSAPrivateKeySpec spec) - { - this.modulus = spec.getModulus(); - this.privateExponent = spec.getPrivateExponent(); - } - - JCERSAPrivateKey( - RSAPrivateKey key) - { - this.modulus = key.getModulus(); - this.privateExponent = key.getPrivateExponent(); - } - - public BigInteger getModulus() - { - return modulus; - } - - public BigInteger getPrivateExponent() - { - return privateExponent; - } - - public String getAlgorithm() - { - return "RSA"; - } - - public String getFormat() - { - return "NULL"; - } - - public byte[] getEncoded() - { - return null; - } - - public boolean equals(Object o) - { - if (!(o instanceof RSAPrivateKey)) - { - return false; - } - - if (o == this) - { - return true; - } - - RSAPrivateKey key = (RSAPrivateKey)o; - - return getModulus().equals(key.getModulus()) - && getPrivateExponent().equals(key.getPrivateExponent()); - } - - public int hashCode() - { - return getModulus().hashCode() ^ getPrivateExponent().hashCode(); - } - - public void setBagAttribute( - DERObjectIdentifier oid, - DEREncodable attribute) - { - pkcs12Attributes.put(oid, attribute); - pkcs12Ordering.addElement(oid); - } - - public DEREncodable getBagAttribute( - DERObjectIdentifier oid) - { - return (DEREncodable)pkcs12Attributes.get(oid); - } - - public Enumeration getBagAttributeKeys() - { - return pkcs12Ordering.elements(); - } - - private void readObject( - ObjectInputStream in) - throws IOException, ClassNotFoundException - { - this.modulus = (BigInteger)in.readObject(); - - Object obj = in.readObject(); - - if (obj instanceof Hashtable) - { - this.pkcs12Attributes = (Hashtable)obj; - this.pkcs12Ordering = (Vector)in.readObject(); - } - else - { - this.pkcs12Attributes = new Hashtable(); - this.pkcs12Ordering = new Vector(); - - ASN1InputStream aIn = new ASN1InputStream((byte[])obj); - - DERObjectIdentifier oid; - - while ((oid = (DERObjectIdentifier)aIn.readObject()) != null) - { - this.setBagAttribute(oid, aIn.readObject()); - } - } - - this.privateExponent = (BigInteger)in.readObject(); - } - - private void writeObject( - ObjectOutputStream out) - throws IOException - { - out.writeObject(modulus); - - if (pkcs12Ordering.size() == 0) - { - out.writeObject(pkcs12Attributes); - out.writeObject(pkcs12Ordering); - } - else - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - ASN1OutputStream aOut = new ASN1OutputStream(bOut); - - Enumeration e = this.getBagAttributeKeys(); - - while (e.hasMoreElements()) - { - DEREncodable oid = (DEREncodable)e.nextElement(); - - aOut.writeObject(oid); - aOut.writeObject(pkcs12Attributes.get(oid)); - } - - out.writeObject(bOut.toByteArray()); - } - - out.writeObject(privateExponent); - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/JCERSAPublicKey.java b/luni/src/main/java/org/bouncycastle/jce/provider/JCERSAPublicKey.java deleted file mode 100644 index e546323..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/JCERSAPublicKey.java +++ /dev/null @@ -1,129 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.math.BigInteger; -import java.security.interfaces.RSAPublicKey; -import java.security.spec.RSAPublicKeySpec; - -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DEROutputStream; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.RSAPublicKeyStructure; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.crypto.params.RSAKeyParameters; - -public class JCERSAPublicKey - implements RSAPublicKey -{ - private BigInteger modulus; - private BigInteger publicExponent; - - JCERSAPublicKey( - RSAKeyParameters key) - { - this.modulus = key.getModulus(); - this.publicExponent = key.getExponent(); - } - - JCERSAPublicKey( - RSAPublicKeySpec spec) - { - this.modulus = spec.getModulus(); - this.publicExponent = spec.getPublicExponent(); - } - - JCERSAPublicKey( - RSAPublicKey key) - { - this.modulus = key.getModulus(); - this.publicExponent = key.getPublicExponent(); - } - - JCERSAPublicKey( - SubjectPublicKeyInfo info) - { - try - { - RSAPublicKeyStructure pubKey = new RSAPublicKeyStructure((ASN1Sequence)info.getPublicKey()); - - this.modulus = pubKey.getModulus(); - this.publicExponent = pubKey.getPublicExponent(); - } - catch (IOException e) - { - throw new IllegalArgumentException("invalid info structure in RSA public key"); - } - } - - /** - * return the modulus. - * - * @return the modulus. - */ - public BigInteger getModulus() - { - return modulus; - } - - /** - * return the public exponent. - * - * @return the public exponent. - */ - public BigInteger getPublicExponent() - { - return publicExponent; - } - - public String getAlgorithm() - { - return "RSA"; - } - - public String getFormat() - { - return "X.509"; - } - - public byte[] getEncoded() - { - // BEGIN android-changed - SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.THE_ONE), new RSAPublicKeyStructure(getModulus(), getPublicExponent()).getDERObject()); - // END android-changed - - return info.getDEREncoded(); - } - - public boolean equals(Object o) - { - if (!(o instanceof RSAPublicKey)) - { - return false; - } - - if (o == this) - { - return true; - } - - RSAPublicKey key = (RSAPublicKey)o; - - return getModulus().equals(key.getModulus()) - && getPublicExponent().equals(key.getPublicExponent()); - } - - public String toString() - { - StringBuffer buf = new StringBuffer(); - String nl = System.getProperty("line.separator"); - - buf.append("RSA Public Key").append(nl); - buf.append(" modulus: ").append(this.getModulus().toString(16)).append(nl); - buf.append(" public exponent: ").append(this.getPublicExponent().toString(16)).append(nl); - - return buf.toString(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java b/luni/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java deleted file mode 100644 index 0a45b74..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java +++ /dev/null @@ -1,616 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.lang.reflect.Constructor; -import java.security.InvalidKeyException; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.KeySpec; - -import javax.crypto.SecretKey; -import javax.crypto.SecretKeyFactorySpi; -import javax.crypto.spec.DESKeySpec; -import javax.crypto.spec.DESedeKeySpec; -import javax.crypto.spec.PBEKeySpec; -import javax.crypto.spec.SecretKeySpec; - -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.params.DESParameters; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; - -public class JCESecretKeyFactory - extends SecretKeyFactorySpi - implements PBE -{ - protected String algName; - protected DERObjectIdentifier algOid; - - protected JCESecretKeyFactory( - String algName, - DERObjectIdentifier algOid) - { - this.algName = algName; - this.algOid = algOid; - } - - protected SecretKey engineGenerateSecret( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof SecretKeySpec) - { - return (SecretKey)keySpec; - } - - throw new InvalidKeySpecException("Invalid KeySpec"); - } - - protected KeySpec engineGetKeySpec( - SecretKey key, - Class keySpec) - throws InvalidKeySpecException - { - if (keySpec == null) - { - throw new InvalidKeySpecException("keySpec parameter is null"); - } - if (key == null) - { - throw new InvalidKeySpecException("key parameter is null"); - } - - if (SecretKeySpec.class.isAssignableFrom(keySpec)) - { - return new SecretKeySpec(key.getEncoded(), algName); - } - - try - { - Class[] parameters = { byte[].class }; - - Constructor c = keySpec.getConstructor(parameters); - Object[] p = new Object[1]; - - p[0] = key.getEncoded(); - - return (KeySpec)c.newInstance(p); - } - catch (Exception e) - { - throw new InvalidKeySpecException(e.toString()); - } - } - - protected SecretKey engineTranslateKey( - SecretKey key) - throws InvalidKeyException - { - if (key == null) - { - throw new InvalidKeyException("key parameter is null"); - } - - if (!key.getAlgorithm().equalsIgnoreCase(algName)) - { - throw new InvalidKeyException("Key not of type " + algName + "."); - } - - return new SecretKeySpec(key.getEncoded(), algName); - } - - /* - * classes that inherit from us - */ - - static public class PBEKeyFactory - extends JCESecretKeyFactory - { - private boolean forCipher; - private int scheme; - private int digest; - private int keySize; - private int ivSize; - - public PBEKeyFactory( - String algorithm, - DERObjectIdentifier oid, - boolean forCipher, - int scheme, - int digest, - int keySize, - int ivSize) - { - super(algorithm, oid); - - this.forCipher = forCipher; - this.scheme = scheme; - this.digest = digest; - this.keySize = keySize; - this.ivSize = ivSize; - } - - protected SecretKey engineGenerateSecret( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof PBEKeySpec) - { - PBEKeySpec pbeSpec = (PBEKeySpec)keySpec; - CipherParameters param; - - if (pbeSpec.getSalt() == null) - { - return new JCEPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, null); - } - - if (forCipher) - { - param = Util.makePBEParameters(pbeSpec, scheme, digest, keySize, ivSize); - } - else - { - param = Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize); - } - - return new JCEPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); - } - - throw new InvalidKeySpecException("Invalid KeySpec"); - } - } - - static public class DESPBEKeyFactory - extends JCESecretKeyFactory - { - private boolean forCipher; - private int scheme; - private int digest; - private int keySize; - private int ivSize; - - public DESPBEKeyFactory( - String algorithm, - DERObjectIdentifier oid, - boolean forCipher, - int scheme, - int digest, - int keySize, - int ivSize) - { - super(algorithm, oid); - - this.forCipher = forCipher; - this.scheme = scheme; - this.digest = digest; - this.keySize = keySize; - this.ivSize = ivSize; - } - - protected SecretKey engineGenerateSecret( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof PBEKeySpec) - { - PBEKeySpec pbeSpec = (PBEKeySpec)keySpec; - CipherParameters param; - - if (pbeSpec.getSalt() == null) - { - return new JCEPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, null); - } - - if (forCipher) - { - param = Util.makePBEParameters(pbeSpec, scheme, digest, keySize, ivSize); - } - else - { - param = Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize); - } - - if (param instanceof ParametersWithIV) - { - KeyParameter kParam = (KeyParameter)((ParametersWithIV)param).getParameters(); - - DESParameters.setOddParity(kParam.getKey()); - } - else - { - KeyParameter kParam = (KeyParameter)param; - - DESParameters.setOddParity(kParam.getKey()); - } - - return new JCEPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param); - } - - throw new InvalidKeySpecException("Invalid KeySpec"); - } - } - - static public class DES - extends JCESecretKeyFactory - { - public DES() - { - super("DES", null); - } - - protected SecretKey engineGenerateSecret( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof DESKeySpec) - { - DESKeySpec desKeySpec = (DESKeySpec)keySpec; - return new SecretKeySpec(desKeySpec.getKey(), "DES"); - } - - return super.engineGenerateSecret(keySpec); - } - } - - static public class DESede - extends JCESecretKeyFactory - { - public DESede() - { - super("DESede", null); - } - - protected KeySpec engineGetKeySpec( - SecretKey key, - Class keySpec) - throws InvalidKeySpecException - { - if (keySpec == null) - { - throw new InvalidKeySpecException("keySpec parameter is null"); - } - if (key == null) - { - throw new InvalidKeySpecException("key parameter is null"); - } - - if (SecretKeySpec.class.isAssignableFrom(keySpec)) - { - return new SecretKeySpec(key.getEncoded(), algName); - } - else if (DESedeKeySpec.class.isAssignableFrom(keySpec)) - { - byte[] bytes = key.getEncoded(); - - try - { - if (bytes.length == 16) - { - byte[] longKey = new byte[24]; - - System.arraycopy(bytes, 0, longKey, 0, 16); - System.arraycopy(bytes, 0, longKey, 16, 8); - - return new DESedeKeySpec(longKey); - } - else - { - return new DESedeKeySpec(bytes); - } - } - catch (Exception e) - { - throw new InvalidKeySpecException(e.toString()); - } - } - - throw new InvalidKeySpecException("Invalid KeySpec"); - } - - protected SecretKey engineGenerateSecret( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof DESedeKeySpec) - { - DESedeKeySpec desKeySpec = (DESedeKeySpec)keySpec; - return new SecretKeySpec(desKeySpec.getKey(), "DESede"); - } - - return super.engineGenerateSecret(keySpec); - } - } - - /** - * PBEWithMD5AndDES - */ - static public class PBEWithMD5AndDES - extends DESPBEKeyFactory - { - public PBEWithMD5AndDES() - { - super("PBEwithMD5andDES", null, true, PKCS5S1, MD5, 64, 64); - } - } - - /** - * PBEWithMD5AndRC2 - */ - static public class PBEWithMD5AndRC2 - extends PBEKeyFactory - { - public PBEWithMD5AndRC2() - { - super("PBEwithMD5andRC2", null, true, PKCS5S1, MD5, 64, 64); - } - } - - /** - * PBEWithSHA1AndDES - */ - static public class PBEWithSHA1AndDES - extends PBEKeyFactory - { - public PBEWithSHA1AndDES() - { - super("PBEwithSHA1andDES", null, true, PKCS5S1, SHA1, 64, 64); - } - } - - /** - * PBEWithSHA1AndRC2 - */ - static public class PBEWithSHA1AndRC2 - extends PBEKeyFactory - { - public PBEWithSHA1AndRC2() - { - super("PBEwithSHA1andRC2", null, true, PKCS5S1, SHA1, 64, 64); - } - } - - /** - * PBEWithSHAAnd3-KeyTripleDES-CBC - */ - static public class PBEWithSHAAndDES3Key - extends PBEKeyFactory - { - public PBEWithSHAAndDES3Key() - { - super("PBEwithSHAandDES3Key-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, true, PKCS12, SHA1, 192, 64); - } - } - - /** - * PBEWithSHAAnd2-KeyTripleDES-CBC - */ - static public class PBEWithSHAAndDES2Key - extends PBEKeyFactory - { - public PBEWithSHAAndDES2Key() - { - super("PBEwithSHAandDES2Key-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd2_KeyTripleDES_CBC, true, PKCS12, SHA1, 128, 64); - } - } -// BEGIN android-removed -// /** -// * PBEWithSHAAnd128BitRC2-CBC -// */ -// static public class PBEWithSHAAnd128BitRC2 -// extends PBEKeyFactory -// { -// public PBEWithSHAAnd128BitRC2() -// { -// super("PBEwithSHAand128BitRC2-CBC", PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC2_CBC, true, PKCS12, SHA1, 128, 64); -// } -// } -// END android-removed - - /** - * PBEWithSHAAnd40BitRC2-CBC - */ - static public class PBEWithSHAAnd40BitRC2 - extends PBEKeyFactory - { - public PBEWithSHAAnd40BitRC2() - { - super("PBEwithSHAand40BitRC2-CBC", PKCSObjectIdentifiers.pbewithSHAAnd40BitRC2_CBC, true, PKCS12, SHA1, 40, 64); - } - } - -// BEGIN android-removed -// /** -// * PBEWithSHAAndTwofish-CBC -// */ -// static public class PBEWithSHAAndTwofish -// extends PBEKeyFactory -// { -// public PBEWithSHAAndTwofish() -// { -// super("PBEwithSHAandTwofish-CBC", null, true, PKCS12, SHA1, 256, 128); -// } -// } -// -// /** -// * PBEWithSHAAndIDEA-CBC -// */ -// static public class PBEWithSHAAndIDEA -// extends PBEKeyFactory -// { -// public PBEWithSHAAndIDEA() -// { -// super("PBEwithSHAandIDEA-CBC", null, true, PKCS12, SHA1, 128, 64); -// } -// } -// -// /** -// * PBEWithSHAAnd128BitRC4 -// */ -// static public class PBEWithSHAAnd128BitRC4 -// extends PBEKeyFactory -// { -// public PBEWithSHAAnd128BitRC4() -// { -// super("PBEWithSHAAnd128BitRC4", PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC4, true, PKCS12, SHA1, 128, 0); -// } -// } -// -// /** -// * PBEWithSHAAnd40BitRC4 -// */ -// static public class PBEWithSHAAnd40BitRC4 -// extends PBEKeyFactory -// { -// public PBEWithSHAAnd40BitRC4() -// { -// super("PBEWithSHAAnd128BitRC4", PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC4, true, PKCS12, SHA1, 40, 0); -// } -// } -// -// /** -// * PBEWithHmacRIPEMD160 -// */ -// public static class PBEWithRIPEMD160 -// extends PBEKeyFactory -// { -// public PBEWithRIPEMD160() -// { -// super("PBEwithHmacRIPEMD160", null, false, PKCS12, RIPEMD160, 160, 0); -// } -// } -// END android-removed - - /** - * PBEWithHmacSHA - */ - public static class PBEWithSHA - extends PBEKeyFactory - { - public PBEWithSHA() - { - super("PBEwithHmacSHA", null, false, PKCS12, SHA1, 160, 0); - } - } - -// BEGIN android-removed -// /** -// * PBEWithHmacTiger -// */ -// public static class PBEWithTiger -// extends PBEKeyFactory -// { -// public PBEWithTiger() -// { -// super("PBEwithHmacTiger", null, false, PKCS12, TIGER, 192, 0); -// } -// } -// END android-removed - - /** - * PBEWithSHA1And128BitAES-BC - */ - static public class PBEWithSHAAnd128BitAESBC - extends PBEKeyFactory - { - public PBEWithSHAAnd128BitAESBC() - { - super("PBEWithSHA1And128BitAES-CBC-BC", null, true, PKCS12, SHA1, 128, 128); - } - } - - /** - * PBEWithSHA1And192BitAES-BC - */ - static public class PBEWithSHAAnd192BitAESBC - extends PBEKeyFactory - { - public PBEWithSHAAnd192BitAESBC() - { - super("PBEWithSHA1And192BitAES-CBC-BC", null, true, PKCS12, SHA1, 192, 128); - } - } - - /** - * PBEWithSHA1And256BitAES-BC - */ - static public class PBEWithSHAAnd256BitAESBC - extends PBEKeyFactory - { - public PBEWithSHAAnd256BitAESBC() - { - super("PBEWithSHA1And256BitAES-CBC-BC", null, true, PKCS12, SHA1, 256, 128); - } - } - - /** - * PBEWithSHA256And128BitAES-BC - */ - static public class PBEWithSHA256And128BitAESBC - extends PBEKeyFactory - { - public PBEWithSHA256And128BitAESBC() - { - super("PBEWithSHA256And128BitAES-CBC-BC", null, true, PKCS12, SHA256, 128, 128); - } - } - - /** - * PBEWithSHA256And192BitAES-BC - */ - static public class PBEWithSHA256And192BitAESBC - extends PBEKeyFactory - { - public PBEWithSHA256And192BitAESBC() - { - super("PBEWithSHA256And192BitAES-CBC-BC", null, true, PKCS12, SHA256, 192, 128); - } - } - - /** - * PBEWithSHA256And256BitAES-BC - */ - static public class PBEWithSHA256And256BitAESBC - extends PBEKeyFactory - { - public PBEWithSHA256And256BitAESBC() - { - super("PBEWithSHA256And256BitAES-CBC-BC", null, true, PKCS12, SHA256, 256, 128); - } - } - - /** - * PBEWithMD5And128BitAES-OpenSSL - */ - static public class PBEWithMD5And128BitAESCBCOpenSSL - extends PBEKeyFactory - { - public PBEWithMD5And128BitAESCBCOpenSSL() - { - super("PBEWithMD5And128BitAES-CBC-OpenSSL", null, true, OPENSSL, MD5, 128, 128); - } - } - - /** - * PBEWithMD5And192BitAES-OpenSSL - */ - static public class PBEWithMD5And192BitAESCBCOpenSSL - extends PBEKeyFactory - { - public PBEWithMD5And192BitAESCBCOpenSSL() - { - super("PBEWithMD5And192BitAES-CBC-OpenSSL", null, true, OPENSSL, MD5, 192, 128); - } - } - - /** - * PBEWithMD5And256BitAES-OpenSSL - */ - static public class PBEWithMD5And256BitAESCBCOpenSSL - extends PBEKeyFactory - { - public PBEWithMD5And256BitAESCBCOpenSSL() - { - super("PBEWithMD5And256BitAES-CBC-OpenSSL", null, true, OPENSSL, MD5, 256, 128); - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/JCEStreamCipher.java b/luni/src/main/java/org/bouncycastle/jce/provider/JCEStreamCipher.java deleted file mode 100644 index fe1a2be..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/JCEStreamCipher.java +++ /dev/null @@ -1,559 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.Cipher; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.SecretKey; -import javax.crypto.ShortBufferException; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.PBEParameterSpec; -import javax.crypto.spec.RC2ParameterSpec; -import javax.crypto.spec.RC5ParameterSpec; - -import org.bouncycastle.crypto.BlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.StreamBlockCipher; -import org.bouncycastle.crypto.StreamCipher; -// BEGIN android-removed -// import org.bouncycastle.crypto.engines.BlowfishEngine; -// END android-removed -import org.bouncycastle.crypto.engines.DESEngine; -import org.bouncycastle.crypto.engines.DESedeEngine; -// BEGIN android-removed -// import org.bouncycastle.crypto.engines.IDEAEngine; -// import org.bouncycastle.crypto.engines.RC4Engine; -// import org.bouncycastle.crypto.engines.SkipjackEngine; -// import org.bouncycastle.crypto.engines.TwofishEngine; -// END android-removed -import org.bouncycastle.crypto.modes.CFBBlockCipher; -import org.bouncycastle.crypto.modes.OFBBlockCipher; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; - -public class JCEStreamCipher - extends WrapCipherSpi implements PBE -{ - // - // specs we can handle. - // - private Class[] availableSpecs = - { - RC2ParameterSpec.class, - RC5ParameterSpec.class, - IvParameterSpec.class, - PBEParameterSpec.class - }; - - private StreamCipher cipher; - private ParametersWithIV ivParam; - - private int ivLength = 0; - - private PBEParameterSpec pbeSpec = null; - private String pbeAlgorithm = null; - - protected JCEStreamCipher( - StreamCipher engine) - { - cipher = engine; - } - - protected JCEStreamCipher( - BlockCipher engine, - int ivLength) - { - this.ivLength = ivLength; - - cipher = new StreamBlockCipher(engine); - } - - protected int engineGetBlockSize() - { - return 0; - } - - protected byte[] engineGetIV() - { - return (ivParam != null) ? ivParam.getIV() : null; - } - - protected int engineGetKeySize( - Key key) - { - return key.getEncoded().length * 8; - } - - protected int engineGetOutputSize( - int inputLen) - { - return inputLen; - } - - protected AlgorithmParameters engineGetParameters() - { - if (engineParams == null) - { - if (pbeSpec != null) - { - try - { - AlgorithmParameters engineParams = AlgorithmParameters.getInstance(pbeAlgorithm, "BC"); - engineParams.init(pbeSpec); - - return engineParams; - } - catch (Exception e) - { - return null; - } - } - } - - return engineParams; - } - - /** - * should never be called. - */ - protected void engineSetMode( - String mode) - { - if (!mode.equalsIgnoreCase("ECB")) - { - throw new IllegalArgumentException("can't support mode " + mode); - } - } - - /** - * should never be called. - */ - protected void engineSetPadding( - String padding) - throws NoSuchPaddingException - { - if (!padding.equalsIgnoreCase("NoPadding")) - { - throw new NoSuchPaddingException("Padding " + padding + " unknown."); - } - } - - protected void engineInit( - int opmode, - Key key, - AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - CipherParameters param; - - this.pbeSpec = null; - this.pbeAlgorithm = null; - - this.engineParams = null; - - // - // basic key check - // - if (!(key instanceof SecretKey)) - { - throw new InvalidKeyException("Key for algorithm " + key.getAlgorithm() + " not suitable for symmetric enryption."); - } - - if (key instanceof JCEPBEKey) - { - JCEPBEKey k = (JCEPBEKey)key; - - if (k.getOID() != null) - { - pbeAlgorithm = k.getOID().getId(); - } - else - { - pbeAlgorithm = k.getAlgorithm(); - } - - if (k.getParam() != null) - { - param = k.getParam(); - pbeSpec = new PBEParameterSpec(k.getSalt(), k.getIterationCount()); - } - else if (params instanceof PBEParameterSpec) - { - param = PBE.Util.makePBEParameters(k, params, cipher.getAlgorithmName()); - pbeSpec = (PBEParameterSpec)params; - } - else - { - throw new InvalidAlgorithmParameterException("PBE requires PBE parameters to be set."); - } - - if (k.getIvSize() != 0) - { - ivParam = (ParametersWithIV)param; - } - } - else if (params == null) - { - param = new KeyParameter(key.getEncoded()); - } - else if (params instanceof IvParameterSpec) - { - param = new ParametersWithIV(new KeyParameter(key.getEncoded()), ((IvParameterSpec)params).getIV()); - ivParam = (ParametersWithIV)param; - } - else - { - throw new IllegalArgumentException("unknown parameter type."); - } - - if ((ivLength != 0) && !(param instanceof ParametersWithIV)) - { - SecureRandom ivRandom = random; - - if (ivRandom == null) - { - ivRandom = new SecureRandom(); - } - - if ((opmode == Cipher.ENCRYPT_MODE) || (opmode == Cipher.WRAP_MODE)) - { - byte[] iv = new byte[ivLength]; - - ivRandom.nextBytes(iv); - param = new ParametersWithIV(param, iv); - ivParam = (ParametersWithIV)param; - } - else - { - throw new InvalidAlgorithmParameterException("no IV set when one expected"); - } - } - - switch (opmode) - { - case Cipher.ENCRYPT_MODE: - case Cipher.WRAP_MODE: - cipher.init(true, param); - break; - case Cipher.DECRYPT_MODE: - case Cipher.UNWRAP_MODE: - cipher.init(false, param); - break; - default: - System.out.println("eeek!"); - } - } - - protected void engineInit( - int opmode, - Key key, - AlgorithmParameters params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - AlgorithmParameterSpec paramSpec = null; - - if (params != null) - { - for (int i = 0; i != availableSpecs.length; i++) - { - try - { - paramSpec = params.getParameterSpec(availableSpecs[i]); - break; - } - catch (Exception e) - { - continue; - } - } - - if (paramSpec == null) - { - throw new InvalidAlgorithmParameterException("can't handle parameter " + params.toString()); - } - } - - engineInit(opmode, key, paramSpec, random); - engineParams = params; - } - - protected void engineInit( - int opmode, - Key key, - SecureRandom random) - throws InvalidKeyException - { - try - { - engineInit(opmode, key, (AlgorithmParameterSpec)null, random); - } - catch (InvalidAlgorithmParameterException e) - { - throw new InvalidKeyException(e.getMessage()); - } - } - - protected byte[] engineUpdate( - byte[] input, - int inputOffset, - int inputLen) - { - byte[] out = new byte[inputLen]; - - cipher.processBytes(input, inputOffset, inputLen, out, 0); - - return out; - } - - protected int engineUpdate( - byte[] input, - int inputOffset, - int inputLen, - byte[] output, - int outputOffset) - throws ShortBufferException - { - try - { - cipher.processBytes(input, inputOffset, inputLen, output, outputOffset); - - return inputLen; - } - catch (DataLengthException e) - { - throw new ShortBufferException(e.getMessage()); - } - } - - protected byte[] engineDoFinal( - byte[] input, - int inputOffset, - int inputLen) - { - if (inputLen != 0) - { - byte[] out = engineUpdate(input, inputOffset, inputLen); - - cipher.reset(); - - return out; - } - - cipher.reset(); - - return new byte[0]; - } - - protected int engineDoFinal( - byte[] input, - int inputOffset, - int inputLen, - byte[] output, - int outputOffset) - { - if (inputLen != 0) - { - cipher.processBytes(input, inputOffset, inputLen, output, outputOffset); - } - - cipher.reset(); - - return inputLen; - } - - /* - * The ciphers that inherit from us. - */ - - /** - * DES - */ - static public class DES_CFB8 - extends JCEStreamCipher - { - public DES_CFB8() - { - super(new CFBBlockCipher(new DESEngine(), 8), 64); - } - } - - /** - * DESede - */ - static public class DESede_CFB8 - extends JCEStreamCipher - { - public DESede_CFB8() - { - super(new CFBBlockCipher(new DESedeEngine(), 8), 64); - } - } - -// BEGIN android-removed -// /** -// * SKIPJACK -// */ -// static public class Skipjack_CFB8 -// extends JCEStreamCipher -// { -// public Skipjack_CFB8() -// { -// super(new CFBBlockCipher(new SkipjackEngine(), 8), 64); -// } -// } -// -// /** -// * Blowfish -// */ -// static public class Blowfish_CFB8 -// extends JCEStreamCipher -// { -// public Blowfish_CFB8() -// { -// super(new CFBBlockCipher(new BlowfishEngine(), 8), 64); -// } -// } -// -// /** -// * Twofish -// */ -// static public class Twofish_CFB8 -// extends JCEStreamCipher -// { -// public Twofish_CFB8() -// { -// super(new CFBBlockCipher(new TwofishEngine(), 8), 128); -// } -// } -// -// /** -// * IDEA -// */ -// static public class IDEA_CFB8 -// extends JCEStreamCipher -// { -// public IDEA_CFB8() -// { -// super(new CFBBlockCipher(new IDEAEngine(), 8), 64); -// } -// } -// END android-removed - - /** - * DES - */ - static public class DES_OFB8 - extends JCEStreamCipher - { - public DES_OFB8() - { - super(new OFBBlockCipher(new DESEngine(), 8), 64); - } - } - - /** - * DESede - */ - static public class DESede_OFB8 - extends JCEStreamCipher - { - public DESede_OFB8() - { - super(new OFBBlockCipher(new DESedeEngine(), 8), 64); - } - } - -// BEGIN android-removed -// /** -// * SKIPJACK -// */ -// static public class Skipjack_OFB8 -// extends JCEStreamCipher -// { -// public Skipjack_OFB8() -// { -// super(new OFBBlockCipher(new SkipjackEngine(), 8), 64); -// } -// } -// -// /** -// * Blowfish -// */ -// static public class Blowfish_OFB8 -// extends JCEStreamCipher -// { -// public Blowfish_OFB8() -// { -// super(new OFBBlockCipher(new BlowfishEngine(), 8), 64); -// } -// } -// -// /** -// * Twofish -// */ -// static public class Twofish_OFB8 -// extends JCEStreamCipher -// { -// public Twofish_OFB8() -// { -// super(new OFBBlockCipher(new TwofishEngine(), 8), 128); -// } -// } -// -// /** -// * IDEA -// */ -// static public class IDEA_OFB8 -// extends JCEStreamCipher -// { -// public IDEA_OFB8() -// { -// super(new OFBBlockCipher(new IDEAEngine(), 8), 64); -// } -// } -// -// /** -// * RC4 -// */ -// static public class RC4 -// extends JCEStreamCipher -// { -// public RC4() -// { -// super(new RC4Engine()); -// } -// } -// -// /** -// * PBEWithSHAAnd128BitRC4 -// */ -// static public class PBEWithSHAAnd128BitRC4 -// extends JCEStreamCipher -// { -// public PBEWithSHAAnd128BitRC4() -// { -// super(new RC4Engine()); -// } -// } -// -// /** -// * PBEWithSHAAnd40BitRC4 -// */ -// static public class PBEWithSHAAnd40BitRC4 -// extends JCEStreamCipher -// { -// public PBEWithSHAAnd40BitRC4() -// { -// super(new RC4Engine()); -// } -// } -// END android-removed -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java b/luni/src/main/java/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java deleted file mode 100644 index a72cb13..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java +++ /dev/null @@ -1,446 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.AlgorithmParameterGeneratorSpi; -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.DSAParameterSpec; - -import javax.crypto.spec.DHGenParameterSpec; -import javax.crypto.spec.DHParameterSpec; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.RC2ParameterSpec; - -import org.bouncycastle.crypto.generators.DHParametersGenerator; -import org.bouncycastle.crypto.generators.DSAParametersGenerator; -// BEGIN android-removed -// import org.bouncycastle.crypto.generators.ElGamalParametersGenerator; -// import org.bouncycastle.crypto.generators.GOST3410ParametersGenerator; -// END android-removed -import org.bouncycastle.crypto.params.DHParameters; -import org.bouncycastle.crypto.params.DSAParameters; -// BEGIN android-removed -// import org.bouncycastle.crypto.params.ElGamalParameters; -// import org.bouncycastle.crypto.params.GOST3410Parameters; -// import org.bouncycastle.jce.spec.GOST3410ParameterSpec; -// import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec; -// END android-removed - -public abstract class JDKAlgorithmParameterGenerator - extends AlgorithmParameterGeneratorSpi -{ - protected SecureRandom random; - protected int strength = 1024; - - protected void engineInit( - int strength, - SecureRandom random) - { - this.strength = strength; - this.random = random; - } - - public static class DH - extends JDKAlgorithmParameterGenerator - { - private int l = 0; - - protected void engineInit( - AlgorithmParameterSpec genParamSpec, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - if (!(genParamSpec instanceof DHGenParameterSpec)) - { - throw new InvalidAlgorithmParameterException("DH parameter generator requires a DHGenParameterSpec for initialisation"); - } - DHGenParameterSpec spec = (DHGenParameterSpec)genParamSpec; - - this.strength = spec.getPrimeSize(); - this.l = spec.getExponentSize(); - this.random = random; - } - - protected AlgorithmParameters engineGenerateParameters() - { - DHParametersGenerator pGen = new DHParametersGenerator(); - - if (random != null) - { - pGen.init(strength, 20, random); - } - else - { - pGen.init(strength, 20, new SecureRandom()); - } - - DHParameters p = pGen.generateParameters(); - - AlgorithmParameters params; - - try - { - params = AlgorithmParameters.getInstance("DH", "BC"); - params.init(new DHParameterSpec(p.getP(), p.getG(), l)); - } - catch (Exception e) - { - throw new RuntimeException(e.getMessage()); - } - - return params; - } - } - - public static class DSA - extends JDKAlgorithmParameterGenerator - { - protected void engineInit( - AlgorithmParameterSpec genParamSpec, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DSA parameter generation."); - } - - protected AlgorithmParameters engineGenerateParameters() - { - DSAParametersGenerator pGen = new DSAParametersGenerator(); - - if (random != null) - { - pGen.init(strength, 20, random); - } - else - { - pGen.init(strength, 20, new SecureRandom()); - } - - DSAParameters p = pGen.generateParameters(); - - AlgorithmParameters params; - - try - { - params = AlgorithmParameters.getInstance("DSA", "BC"); - params.init(new DSAParameterSpec(p.getP(), p.getQ(), p.getG())); - } - catch (Exception e) - { - throw new RuntimeException(e.getMessage()); - } - - return params; - } - } - -// BEGIN android-removed -// public static class GOST3410 -// extends JDKAlgorithmParameterGenerator -// { -// protected void engineInit( -// AlgorithmParameterSpec genParamSpec, -// SecureRandom random) -// throws InvalidAlgorithmParameterException -// { -// throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for GOST3410 parameter generation."); -// } -// -// protected AlgorithmParameters engineGenerateParameters() -// { -// GOST3410ParametersGenerator pGen = new GOST3410ParametersGenerator(); -// -// if (random != null) -// { -// pGen.init(strength, 2, random); -// } -// else -// { -// pGen.init(strength, 2, new SecureRandom()); -// } -// -// GOST3410Parameters p = pGen.generateParameters(); -// -// AlgorithmParameters params; -// -// try -// { -// params = AlgorithmParameters.getInstance("GOST3410", "BC"); -// params.init(new GOST3410ParameterSpec(new GOST3410PublicKeyParameterSetSpec(p.getP(), p.getQ(), p.getA()))); -// } -// catch (Exception e) -// { -// throw new RuntimeException(e.getMessage()); -// } -// -// return params; -// } -// } -// -// public static class ElGamal -// extends JDKAlgorithmParameterGenerator -// { -// private int l = 0; -// -// protected void engineInit( -// AlgorithmParameterSpec genParamSpec, -// SecureRandom random) -// throws InvalidAlgorithmParameterException -// { -// if (!(genParamSpec instanceof DHGenParameterSpec)) -// { -// throw new InvalidAlgorithmParameterException("DH parameter generator requires a DHGenParameterSpec for initialisation"); -// } -// DHGenParameterSpec spec = (DHGenParameterSpec)genParamSpec; -// -// this.strength = spec.getPrimeSize(); -// this.l = spec.getExponentSize(); -// this.random = random; -// } -// -// protected AlgorithmParameters engineGenerateParameters() -// { -// ElGamalParametersGenerator pGen = new ElGamalParametersGenerator(); -// -// if (random != null) -// { -// pGen.init(strength, 20, random); -// } -// else -// { -// pGen.init(strength, 20, new SecureRandom()); -// } -// -// ElGamalParameters p = pGen.generateParameters(); -// -// AlgorithmParameters params; -// -// try -// { -// params = AlgorithmParameters.getInstance("ElGamal", "BC"); -// params.init(new DHParameterSpec(p.getP(), p.getG(), l)); -// } -// catch (Exception e) -// { -// throw new RuntimeException(e.getMessage()); -// } -// -// return params; -// } -// } -// END android-removed - - public static class DES - extends JDKAlgorithmParameterGenerator - { - protected void engineInit( - AlgorithmParameterSpec genParamSpec, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation."); - } - - protected AlgorithmParameters engineGenerateParameters() - { - byte[] iv = new byte[8]; - - if (random == null) - { - random = new SecureRandom(); - } - - random.nextBytes(iv); - - AlgorithmParameters params; - - try - { - params = AlgorithmParameters.getInstance("DES", "BC"); - params.init(new IvParameterSpec(iv)); - } - catch (Exception e) - { - throw new RuntimeException(e.getMessage()); - } - - return params; - } - } - - public static class RC2 - extends JDKAlgorithmParameterGenerator - { - RC2ParameterSpec spec = null; - - protected void engineInit( - AlgorithmParameterSpec genParamSpec, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - if (genParamSpec instanceof RC2ParameterSpec) - { - spec = (RC2ParameterSpec)genParamSpec; - return; - } - - throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for RC2 parameter generation."); - } - - protected AlgorithmParameters engineGenerateParameters() - { - AlgorithmParameters params; - - if (spec == null) - { - byte[] iv = new byte[8]; - - if (random == null) - { - random = new SecureRandom(); - } - - random.nextBytes(iv); - - try - { - params = AlgorithmParameters.getInstance("RC2", "BC"); - params.init(new IvParameterSpec(iv)); - } - catch (Exception e) - { - throw new RuntimeException(e.getMessage()); - } - } - else - { - try - { - params = AlgorithmParameters.getInstance("RC2", "BC"); - params.init(spec); - } - catch (Exception e) - { - throw new RuntimeException(e.getMessage()); - } - } - - return params; - } - } - - public static class AES - extends JDKAlgorithmParameterGenerator - { - protected void engineInit( - AlgorithmParameterSpec genParamSpec, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation."); - } - - protected AlgorithmParameters engineGenerateParameters() - { - byte[] iv = new byte[16]; - - if (random == null) - { - random = new SecureRandom(); - } - - random.nextBytes(iv); - - AlgorithmParameters params; - - try - { - params = AlgorithmParameters.getInstance("AES", "BC"); - params.init(new IvParameterSpec(iv)); - } - catch (Exception e) - { - throw new RuntimeException(e.getMessage()); - } - - return params; - } - } - - public static class IDEA - extends JDKAlgorithmParameterGenerator - { - protected void engineInit( - AlgorithmParameterSpec genParamSpec, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for IDEA parameter generation."); - } - - protected AlgorithmParameters engineGenerateParameters() - { - byte[] iv = new byte[8]; - - if (random == null) - { - random = new SecureRandom(); - } - - random.nextBytes(iv); - - AlgorithmParameters params; - - try - { - params = AlgorithmParameters.getInstance("IDEA", "BC"); - params.init(new IvParameterSpec(iv)); - } - catch (Exception e) - { - throw new RuntimeException(e.getMessage()); - } - - return params; - } - } - - public static class CAST5 - extends JDKAlgorithmParameterGenerator - { - protected void engineInit( - AlgorithmParameterSpec genParamSpec, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for CAST5 parameter generation."); - } - - protected AlgorithmParameters engineGenerateParameters() - { - byte[] iv = new byte[8]; - - if (random == null) - { - random = new SecureRandom(); - } - - random.nextBytes(iv); - - AlgorithmParameters params; - - try - { - params = AlgorithmParameters.getInstance("CAST5", "BC"); - params.init(new IvParameterSpec(iv)); - } - catch (Exception e) - { - throw new RuntimeException(e.getMessage()); - } - - return params; - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java b/luni/src/main/java/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java deleted file mode 100644 index e3f476d..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java +++ /dev/null @@ -1,1463 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.security.AlgorithmParametersSpi; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.DSAParameterSpec; -import java.security.spec.InvalidParameterSpecException; -import java.security.spec.MGF1ParameterSpec; -import java.security.spec.PSSParameterSpec; - -import javax.crypto.spec.DHParameterSpec; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.OAEPParameterSpec; -import javax.crypto.spec.PBEParameterSpec; -import javax.crypto.spec.PSource; -import javax.crypto.spec.RC2ParameterSpec; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DEROutputStream; -import org.bouncycastle.asn1.DERSequence; -// BEGIN android-removed -// import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters; -// import org.bouncycastle.asn1.misc.CAST5CBCParameters; -// END android-removed -import org.bouncycastle.asn1.misc.IDEACBCPar; -// BEGIN android-removed -// import org.bouncycastle.asn1.oiw.ElGamalParameter; -// END android-removed -import org.bouncycastle.asn1.pkcs.DHParameter; -import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.RC2CBCParameter; -import org.bouncycastle.asn1.pkcs.RSAESOAEPparams; -import org.bouncycastle.asn1.pkcs.RSASSAPSSparams; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.DSAParameter; -// BEGIN android-removed -// import org.bouncycastle.jce.spec.ElGamalParameterSpec; -// import org.bouncycastle.jce.spec.GOST3410ParameterSpec; -// import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec; -// END android-removed -import org.bouncycastle.jce.spec.IESParameterSpec; - -public abstract class JDKAlgorithmParameters - extends AlgorithmParametersSpi -{ - public static class IVAlgorithmParameters - extends JDKAlgorithmParameters - { - private byte[] iv; - - protected byte[] engineGetEncoded() - throws IOException - { - return engineGetEncoded("ASN.1"); - } - - protected byte[] engineGetEncoded( - String format) - throws IOException - { - if (format == null) - { - return engineGetEncoded("ASN.1"); - } - - if (format.equals("RAW")) - { - byte[] tmp = new byte[iv.length]; - - System.arraycopy(iv, 0, tmp, 0, iv.length); - return tmp; - } - else if (format.equals("ASN.1")) - { - return new DEROctetString(engineGetEncoded("RAW")).getEncoded(); - } - - return null; - } - - protected AlgorithmParameterSpec engineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == IvParameterSpec.class) - { - return new IvParameterSpec(iv); - } - - throw new InvalidParameterSpecException("unknown parameter spec passed to IV parameters object."); - } - - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (!(paramSpec instanceof IvParameterSpec)) - { - throw new InvalidParameterSpecException("IvParameterSpec required to initialise a IV parameters algorithm parameters object"); - } - - this.iv = ((IvParameterSpec)paramSpec).getIV(); - } - - protected void engineInit( - byte[] params) - throws IOException - { - // - // check that we don't have a DER encoded octet string - // - if ((params.length % 8) != 0 - && params[0] == 0x04 && params[1] == params.length - 2) - { - ASN1InputStream aIn = new ASN1InputStream(params); - ASN1OctetString oct = (ASN1OctetString)aIn.readObject(); - - params = oct.getOctets(); - } - - this.iv = new byte[params.length]; - - System.arraycopy(params, 0, iv, 0, iv.length); - } - - protected void engineInit( - byte[] params, - String format) - throws IOException - { - if (format.equals("RAW")) - { - engineInit(params); - return; - } - else if (format.equals("ASN.1")) - { - ASN1InputStream aIn = new ASN1InputStream(params); - - try - { - ASN1OctetString oct = (ASN1OctetString)aIn.readObject(); - - engineInit(oct.getOctets()); - } - catch (Exception e) - { - throw new IOException("Exception decoding: " + e); - } - - return; - } - - throw new IOException("Unknown parameters format in IV parameters object"); - } - - protected String engineToString() - { - return "IV Parameters"; - } - } - -// BEGIN android-removed -// public static class IDEAAlgorithmParameters -// extends JDKAlgorithmParameters -// { -// private byte[] iv; -// -// protected byte[] engineGetEncoded() -// throws IOException -// { -// return engineGetEncoded("ASN.1"); -// } -// -// protected byte[] engineGetEncoded( -// String format) -// throws IOException -// { -// if (format == null) -// { -// return engineGetEncoded("ASN.1"); -// } -// -// if (format.equals("RAW")) -// { -// byte[] tmp = new byte[iv.length]; -// -// System.arraycopy(iv, 0, tmp, 0, iv.length); -// return tmp; -// } -// else if (format.equals("ASN.1")) -// { -// return new IDEACBCPar(engineGetEncoded("RAW")).getEncoded(); -// } -// -// return null; -// } -// -// protected AlgorithmParameterSpec engineGetParameterSpec( -// Class paramSpec) -// throws InvalidParameterSpecException -// { -// if (paramSpec == IvParameterSpec.class) -// { -// return new IvParameterSpec(iv); -// } -// -// throw new InvalidParameterSpecException("unknown parameter spec passed to IV parameters object."); -// } -// -// protected void engineInit( -// AlgorithmParameterSpec paramSpec) -// throws InvalidParameterSpecException -// { -// if (!(paramSpec instanceof IvParameterSpec)) -// { -// throw new InvalidParameterSpecException("IvParameterSpec required to initialise a IV parameters algorithm parameters object"); -// } -// -// this.iv = ((IvParameterSpec)paramSpec).getIV(); -// } -// -// protected void engineInit( -// byte[] params) -// throws IOException -// { -// this.iv = new byte[params.length]; -// -// System.arraycopy(params, 0, iv, 0, iv.length); -// } -// -// protected void engineInit( -// byte[] params, -// String format) -// throws IOException -// { -// if (format.equals("RAW")) -// { -// engineInit(params); -// return; -// } -// else if (format.equals("ASN.1")) -// { -// ASN1InputStream aIn = new ASN1InputStream(params); -// IDEACBCPar oct = new IDEACBCPar((ASN1Sequence)aIn.readObject()); -// -// engineInit(oct.getIV()); -// return; -// } -// -// throw new IOException("Unknown parameters format in IV parameters object"); -// } -// -// protected String engineToString() -// { -// return "IDEA Parameters"; -// } -// } -// -// public static class RC2AlgorithmParameters -// extends JDKAlgorithmParameters -// { -// private short[] table = { -// 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, -// 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, -// 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, -// 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, -// 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, -// 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, -// 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, -// 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, -// 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, -// 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, -// 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, -// 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, -// 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, -// 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, -// 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, -// 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab -// }; -// -// private short[] ekb = { -// 0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5, -// 0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5, -// 0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef, -// 0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d, -// 0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb, -// 0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d, -// 0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3, -// 0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61, -// 0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1, -// 0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21, -// 0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42, -// 0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f, -// 0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7, -// 0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15, -// 0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7, -// 0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd -// }; -// -// private byte[] iv; -// private int parameterVersion = 58; -// -// protected byte[] engineGetEncoded() -// { -// byte[] tmp = new byte[iv.length]; -// -// System.arraycopy(iv, 0, tmp, 0, iv.length); -// return tmp; -// } -// -// protected byte[] engineGetEncoded( -// String format) -// throws IOException -// { -// if (format.equals("RAW")) -// { -// return engineGetEncoded(); -// } -// else if (format.equals("ASN.1")) -// { -// if (parameterVersion == -1) -// { -// return new RC2CBCParameter(engineGetEncoded()).getEncoded(); -// } -// else -// { -// return new RC2CBCParameter(parameterVersion, engineGetEncoded()).getEncoded(); -// } -// } -// -// return null; -// } -// -// protected AlgorithmParameterSpec engineGetParameterSpec( -// Class paramSpec) -// throws InvalidParameterSpecException -// { -// if (paramSpec == RC2ParameterSpec.class) -// { -// if (parameterVersion != -1) -// { -// if (parameterVersion < 256) -// { -// return new RC2ParameterSpec(ekb[parameterVersion], iv); -// } -// else -// { -// return new RC2ParameterSpec(parameterVersion, iv); -// } -// } -// } -// -// if (paramSpec == IvParameterSpec.class) -// { -// return new IvParameterSpec(iv); -// } -// -// throw new InvalidParameterSpecException("unknown parameter spec passed to RC2 parameters object."); -// } -// -// protected void engineInit( -// AlgorithmParameterSpec paramSpec) -// throws InvalidParameterSpecException -// { -// if (paramSpec instanceof IvParameterSpec) -// { -// this.iv = ((IvParameterSpec)paramSpec).getIV(); -// } -// else if (paramSpec instanceof RC2ParameterSpec) -// { -// int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits(); -// if (effKeyBits != -1) -// { -// if (effKeyBits < 256) -// { -// parameterVersion = table[effKeyBits]; -// } -// else -// { -// parameterVersion = effKeyBits; -// } -// } -// -// this.iv = ((RC2ParameterSpec)paramSpec).getIV(); -// } -// else -// { -// throw new InvalidParameterSpecException("IvParameterSpec or RC2ParameterSpec required to initialise a RC2 parameters algorithm parameters object"); -// } -// } -// -// protected void engineInit( -// byte[] params) -// throws IOException -// { -// this.iv = new byte[params.length]; -// -// System.arraycopy(params, 0, iv, 0, iv.length); -// } -// -// protected void engineInit( -// byte[] params, -// String format) -// throws IOException -// { -// if (format.equals("RAW")) -// { -// engineInit(params); -// return; -// } -// else if (format.equals("ASN.1")) -// { -// ASN1InputStream aIn = new ASN1InputStream(params); -// RC2CBCParameter p = RC2CBCParameter.getInstance(aIn.readObject()); -// -// if (p.getRC2ParameterVersion() != null) -// { -// parameterVersion = p.getRC2ParameterVersion().intValue(); -// } -// -// iv = p.getIV(); -// -// return; -// } -// -// throw new IOException("Unknown parameters format in IV parameters object"); -// } -// -// protected String engineToString() -// { -// return "RC2 Parameters"; -// } -// } -// -// public static class CAST5AlgorithmParameters -// extends JDKAlgorithmParameters -// { -// private byte[] iv; -// private int keyLength = 128; -// -// protected byte[] engineGetEncoded() -// { -// byte[] tmp = new byte[iv.length]; -// -// System.arraycopy(iv, 0, tmp, 0, iv.length); -// return tmp; -// } -// -// protected byte[] engineGetEncoded( -// String format) -// throws IOException -// { -// if (format.equals("RAW")) -// { -// return engineGetEncoded(); -// } -// // BEGIN android-removed -// // else if (format.equals("ASN.1")) -// // { -// // return new CAST5CBCParameters(engineGetEncoded(), keyLength).getEncoded(); -// // } -// // END android-removed -// -// return null; -// } -// -// protected AlgorithmParameterSpec engineGetParameterSpec( -// Class paramSpec) -// throws InvalidParameterSpecException -// { -// if (paramSpec == IvParameterSpec.class) -// { -// return new IvParameterSpec(iv); -// } -// -// throw new InvalidParameterSpecException("unknown parameter spec passed to CAST5 parameters object."); -// } -// -// protected void engineInit( -// AlgorithmParameterSpec paramSpec) -// throws InvalidParameterSpecException -// { -// if (paramSpec instanceof IvParameterSpec) -// { -// this.iv = ((IvParameterSpec)paramSpec).getIV(); -// } -// else -// { -// throw new InvalidParameterSpecException("IvParameterSpec required to initialise a CAST5 parameters algorithm parameters object"); -// } -// } -// -// protected void engineInit( -// byte[] params) -// throws IOException -// { -// this.iv = new byte[params.length]; -// -// System.arraycopy(params, 0, iv, 0, iv.length); -// } -// -// protected void engineInit( -// byte[] params, -// String format) -// throws IOException -// { -// if (format.equals("RAW")) -// { -// engineInit(params); -// return; -// } -// // BEGIN android-removed -// // else if (format.equals("ASN.1")) -// // { -// // ASN1InputStream aIn = new ASN1InputStream(params); -// // CAST5CBCParameters p = CAST5CBCParameters.getInstance(aIn.readObject()); -// // -// // keyLength = p.getKeyLength(); -// // -// // iv = p.getIV(); -// // -// // return; -// // } -// // END android-removed -// -// throw new IOException("Unknown parameters format in IV parameters object"); -// } -// -// protected String engineToString() -// { -// return "CAST5 Parameters"; -// } -// } -// END android-removed - - public static class PKCS12PBE - extends JDKAlgorithmParameters - { - PKCS12PBEParams params; - - protected byte[] engineGetEncoded() - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - - try - { - dOut.writeObject(params); - } - catch (IOException e) - { - throw new RuntimeException("Oooops! " + e.toString()); - } - - return bOut.toByteArray(); - } - - protected byte[] engineGetEncoded( - String format) - { - if (format.equals("ASN.1")) - { - return engineGetEncoded(); - } - - return null; - } - - protected AlgorithmParameterSpec engineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == PBEParameterSpec.class) - { - return new PBEParameterSpec(params.getIV(), - params.getIterations().intValue()); - } - - throw new InvalidParameterSpecException("unknown parameter spec passed to PKCS12 PBE parameters object."); - } - - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (!(paramSpec instanceof PBEParameterSpec)) - { - throw new InvalidParameterSpecException("PBEParameterSpec required to initialise a PKCS12 PBE parameters algorithm parameters object"); - } - - PBEParameterSpec pbeSpec = (PBEParameterSpec)paramSpec; - - this.params = new PKCS12PBEParams(pbeSpec.getSalt(), - pbeSpec.getIterationCount()); - } - - protected void engineInit( - byte[] params) - throws IOException - { - ASN1InputStream aIn = new ASN1InputStream(params); - - this.params = PKCS12PBEParams.getInstance(aIn.readObject()); - } - - protected void engineInit( - byte[] params, - String format) - throws IOException - { - if (format.equals("ASN.1")) - { - engineInit(params); - return; - } - - throw new IOException("Unknown parameters format in PKCS12 PBE parameters object"); - } - - protected String engineToString() - { - return "PKCS12 PBE Parameters"; - } - } - - public static class DH - extends JDKAlgorithmParameters - { - DHParameterSpec currentSpec; - - /** - * Return the PKCS#3 ASN.1 structure DHParameter. - * <p> - * <pre> - * DHParameter ::= SEQUENCE { - * prime INTEGER, -- p - * base INTEGER, -- g - * privateValueLength INTEGER OPTIONAL} - * </pre> - */ - protected byte[] engineGetEncoded() - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - DHParameter dhP = new DHParameter(currentSpec.getP(), currentSpec.getG(), currentSpec.getL()); - - try - { - dOut.writeObject(dhP); - dOut.close(); - } - catch (IOException e) - { - throw new RuntimeException("Error encoding DHParameters"); - } - - return bOut.toByteArray(); - } - - protected byte[] engineGetEncoded( - String format) - { - if (format.equalsIgnoreCase("X.509") - || format.equalsIgnoreCase("ASN.1")) - { - return engineGetEncoded(); - } - - return null; - } - - protected AlgorithmParameterSpec engineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == DHParameterSpec.class) - { - return currentSpec; - } - - throw new InvalidParameterSpecException("unknown parameter spec passed to DH parameters object."); - } - - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (!(paramSpec instanceof DHParameterSpec)) - { - throw new InvalidParameterSpecException("DHParameterSpec required to initialise a Diffie-Hellman algorithm parameters object"); - } - - this.currentSpec = (DHParameterSpec)paramSpec; - } - - protected void engineInit( - byte[] params) - throws IOException - { - ASN1InputStream aIn = new ASN1InputStream(params); - - try - { - DHParameter dhP = new DHParameter((ASN1Sequence)aIn.readObject()); - - if (dhP.getL() != null) - { - currentSpec = new DHParameterSpec(dhP.getP(), dhP.getG(), dhP.getL().intValue()); - } - else - { - currentSpec = new DHParameterSpec(dhP.getP(), dhP.getG()); - } - } - catch (ClassCastException e) - { - throw new IOException("Not a valid DH Parameter encoding."); - } - catch (ArrayIndexOutOfBoundsException e) - { - throw new IOException("Not a valid DH Parameter encoding."); - } - } - - protected void engineInit( - byte[] params, - String format) - throws IOException - { - if (format.equalsIgnoreCase("X.509") - || format.equalsIgnoreCase("ASN.1")) - { - engineInit(params); - } - else - { - throw new IOException("Unknown parameter format " + format); - } - } - - protected String engineToString() - { - return "Diffie-Hellman Parameters"; - } - } - - public static class DSA - extends JDKAlgorithmParameters - { - DSAParameterSpec currentSpec; - - /** - * Return the X.509 ASN.1 structure DSAParameter. - * <p> - * <pre> - * DSAParameter ::= SEQUENCE { - * prime INTEGER, -- p - * subprime INTEGER, -- q - * base INTEGER, -- g} - * </pre> - */ - protected byte[] engineGetEncoded() - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - DSAParameter dsaP = new DSAParameter(currentSpec.getP(), currentSpec.getQ(), currentSpec.getG()); - - try - { - dOut.writeObject(dsaP); - dOut.close(); - } - catch (IOException e) - { - throw new RuntimeException("Error encoding DSAParameters"); - } - - return bOut.toByteArray(); - } - - protected byte[] engineGetEncoded( - String format) - { - if (format.equalsIgnoreCase("X.509") - || format.equalsIgnoreCase("ASN.1")) - { - return engineGetEncoded(); - } - - return null; - } - - protected AlgorithmParameterSpec engineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == DSAParameterSpec.class) - { - return currentSpec; - } - - throw new InvalidParameterSpecException("unknown parameter spec passed to DSA parameters object."); - } - - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (!(paramSpec instanceof DSAParameterSpec)) - { - throw new InvalidParameterSpecException("DSAParameterSpec required to initialise a DSA algorithm parameters object"); - } - - this.currentSpec = (DSAParameterSpec)paramSpec; - } - - protected void engineInit( - byte[] params) - throws IOException - { - ASN1InputStream aIn = new ASN1InputStream(params); - - try - { - DSAParameter dsaP = new DSAParameter((ASN1Sequence)aIn.readObject()); - - currentSpec = new DSAParameterSpec(dsaP.getP(), dsaP.getQ(), dsaP.getG()); - } - catch (ClassCastException e) - { - throw new IOException("Not a valid DSA Parameter encoding."); - } - catch (ArrayIndexOutOfBoundsException e) - { - throw new IOException("Not a valid DSA Parameter encoding."); - } - } - - protected void engineInit( - byte[] params, - String format) - throws IOException - { - if (format.equalsIgnoreCase("X.509") - || format.equalsIgnoreCase("ASN.1")) - { - engineInit(params); - } - else - { - throw new IOException("Unknown parameter format " + format); - } - } - - protected String engineToString() - { - return "DSA Parameters"; - } - } - -// BEGIN android-removed -// public static class GOST3410 -// extends JDKAlgorithmParameters -// { -// GOST3410ParameterSpec currentSpec; -// -// /** -// * Return the X.509 ASN.1 structure GOST3410Parameter. -// * <p> -// * <pre> -// * GOST3410Parameter ::= SEQUENCE { -// * prime INTEGER, -- p -// * subprime INTEGER, -- q -// * base INTEGER, -- a} -// * </pre> -// */ -// protected byte[] engineGetEncoded() -// { -// ByteArrayOutputStream bOut = new ByteArrayOutputStream(); -// DEROutputStream dOut = new DEROutputStream(bOut); -// GOST3410PublicKeyAlgParameters gost3410P = new GOST3410PublicKeyAlgParameters(new DERObjectIdentifier(currentSpec.getPublicKeyParamSetOID()), new DERObjectIdentifier(currentSpec.getDigestParamSetOID()), new DERObjectIdentifier(currentSpec.getEncryptionParamSetOID())); -// -// try -// { -// dOut.writeObject(gost3410P); -// dOut.close(); -// } -// catch (IOException e) -// { -// throw new RuntimeException("Error encoding GOST3410Parameters"); -// } -// -// return bOut.toByteArray(); -// } -// -// protected byte[] engineGetEncoded( -// String format) -// { -// if (format.equalsIgnoreCase("X.509") -// || format.equalsIgnoreCase("ASN.1")) -// { -// return engineGetEncoded(); -// } -// -// return null; -// } -// -// protected AlgorithmParameterSpec engineGetParameterSpec( -// Class paramSpec) -// throws InvalidParameterSpecException -// { -// if (paramSpec == GOST3410PublicKeyParameterSetSpec.class) -// { -// return currentSpec; -// } -// -// throw new InvalidParameterSpecException("unknown parameter spec passed to GOST3410 parameters object."); -// } -// -// protected void engineInit( -// AlgorithmParameterSpec paramSpec) -// throws InvalidParameterSpecException -// { -// if (!(paramSpec instanceof GOST3410ParameterSpec)) -// { -// throw new InvalidParameterSpecException("GOST3410ParameterSpec required to initialise a GOST3410 algorithm parameters object"); -// } -// -// this.currentSpec = (GOST3410ParameterSpec)paramSpec; -// } -// -// protected void engineInit( -// byte[] params) -// throws IOException -// { -// ASN1InputStream dIn = new ASN1InputStream(params); -// -// try -// { -// GOST3410PublicKeyAlgParameters gost3410P = new GOST3410PublicKeyAlgParameters((ASN1Sequence)dIn.readObject()); -// -// currentSpec = new GOST3410ParameterSpec(gost3410P.getPublicKeyParamSet().getId(), gost3410P.getDigestParamSet().getId(), gost3410P.getEncryptionParamSet().getId()); -// } -// catch (ClassCastException e) -// { -// throw new IOException("Not a valid GOST3410 Parameter encoding."); -// } -// catch (ArrayIndexOutOfBoundsException e) -// { -// throw new IOException("Not a valid GOST3410 Parameter encoding."); -// } -// } -// -// protected void engineInit( -// byte[] params, -// String format) -// throws IOException -// { -// if (format.equalsIgnoreCase("X.509") -// || format.equalsIgnoreCase("ASN.1")) -// { -// engineInit(params); -// } -// else -// { -// throw new IOException("Unknown parameter format " + format); -// } -// } -// -// protected String engineToString() -// { -// return "GOST3410 Parameters"; -// } -// } -// -// public static class ElGamal -// extends JDKAlgorithmParameters -// { -// ElGamalParameterSpec currentSpec; -// -// /** -// * Return the X.509 ASN.1 structure ElGamalParameter. -// * <p> -// * <pre> -// * ElGamalParameter ::= SEQUENCE { -// * prime INTEGER, -- p -// * base INTEGER, -- g} -// * </pre> -// */ -// protected byte[] engineGetEncoded() -// { -// ByteArrayOutputStream bOut = new ByteArrayOutputStream(); -// DEROutputStream dOut = new DEROutputStream(bOut); -// ElGamalParameter elP = new ElGamalParameter(currentSpec.getP(), currentSpec.getG()); -// -// try -// { -// dOut.writeObject(elP); -// dOut.close(); -// } -// catch (IOException e) -// { -// throw new RuntimeException("Error encoding ElGamalParameters"); -// } -// -// return bOut.toByteArray(); -// } -// -// protected byte[] engineGetEncoded( -// String format) -// { -// if (format.equalsIgnoreCase("X.509") -// || format.equalsIgnoreCase("ASN.1")) -// { -// return engineGetEncoded(); -// } -// -// return null; -// } -// -// protected AlgorithmParameterSpec engineGetParameterSpec( -// Class paramSpec) -// throws InvalidParameterSpecException -// { -// if (paramSpec == ElGamalParameterSpec.class) -// { -// return currentSpec; -// } -// else if (paramSpec == DHParameterSpec.class) -// { -// return new DHParameterSpec(currentSpec.getP(), currentSpec.getG()); -// } -// -// throw new InvalidParameterSpecException("unknown parameter spec passed to ElGamal parameters object."); -// } -// -// protected void engineInit( -// AlgorithmParameterSpec paramSpec) -// throws InvalidParameterSpecException -// { -// if (!(paramSpec instanceof ElGamalParameterSpec) && !(paramSpec instanceof DHParameterSpec)) -// { -// throw new InvalidParameterSpecException("DHParameterSpec required to initialise a ElGamal algorithm parameters object"); -// } -// -// if (paramSpec instanceof ElGamalParameterSpec) -// { -// this.currentSpec = (ElGamalParameterSpec)paramSpec; -// } -// else -// { -// DHParameterSpec s = (DHParameterSpec)paramSpec; -// -// this.currentSpec = new ElGamalParameterSpec(s.getP(), s.getG()); -// } -// } -// -// protected void engineInit( -// byte[] params) -// throws IOException -// { -// ASN1InputStream aIn = new ASN1InputStream(params); -// -// try -// { -// ElGamalParameter elP = new ElGamalParameter((ASN1Sequence)aIn.readObject()); -// -// currentSpec = new ElGamalParameterSpec(elP.getP(), elP.getG()); -// } -// catch (ClassCastException e) -// { -// throw new IOException("Not a valid ElGamal Parameter encoding."); -// } -// catch (ArrayIndexOutOfBoundsException e) -// { -// throw new IOException("Not a valid ElGamal Parameter encoding."); -// } -// } -// -// protected void engineInit( -// byte[] params, -// String format) -// throws IOException -// { -// if (format.equalsIgnoreCase("X.509") -// || format.equalsIgnoreCase("ASN.1")) -// { -// engineInit(params); -// } -// else -// { -// throw new IOException("Unknown parameter format " + format); -// } -// } -// -// protected String engineToString() -// { -// return "ElGamal Parameters"; -// } -// } -// END android-removed - - public static class IES - extends JDKAlgorithmParameters - { - IESParameterSpec currentSpec; - - /** - * in the abscence of a standard way of doing it this will do for - * now... - */ - protected byte[] engineGetEncoded() - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - - try - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(new DEROctetString(currentSpec.getDerivationV())); - v.add(new DEROctetString(currentSpec.getEncodingV())); - v.add(new DERInteger(currentSpec.getMacKeySize())); - - dOut.writeObject(new DERSequence(v)); - dOut.close(); - } - catch (IOException e) - { - throw new RuntimeException("Error encoding IESParameters"); - } - - return bOut.toByteArray(); - } - - protected byte[] engineGetEncoded( - String format) - { - if (format.equalsIgnoreCase("X.509") - || format.equalsIgnoreCase("ASN.1")) - { - return engineGetEncoded(); - } - - return null; - } - - protected AlgorithmParameterSpec engineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == IESParameterSpec.class) - { - return currentSpec; - } - - throw new InvalidParameterSpecException("unknown parameter spec passed to ElGamal parameters object."); - } - - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (!(paramSpec instanceof IESParameterSpec)) - { - throw new InvalidParameterSpecException("IESParameterSpec required to initialise a IES algorithm parameters object"); - } - - this.currentSpec = (IESParameterSpec)paramSpec; - } - - protected void engineInit( - byte[] params) - throws IOException - { - ASN1InputStream aIn = new ASN1InputStream(params); - - try - { - ASN1Sequence s = (ASN1Sequence)aIn.readObject(); - - this.currentSpec = new IESParameterSpec( - ((ASN1OctetString)s.getObjectAt(0)).getOctets(), - ((ASN1OctetString)s.getObjectAt(0)).getOctets(), - ((DERInteger)s.getObjectAt(0)).getValue().intValue()); - } - catch (ClassCastException e) - { - throw new IOException("Not a valid IES Parameter encoding."); - } - catch (ArrayIndexOutOfBoundsException e) - { - throw new IOException("Not a valid IES Parameter encoding."); - } - } - - protected void engineInit( - byte[] params, - String format) - throws IOException - { - if (format.equalsIgnoreCase("X.509") - || format.equalsIgnoreCase("ASN.1")) - { - engineInit(params); - } - else - { - throw new IOException("Unknown parameter format " + format); - } - } - - protected String engineToString() - { - return "IES Parameters"; - } - } - - public static class OAEP - extends JDKAlgorithmParameters - { - OAEPParameterSpec currentSpec; - - /** - * Return the PKCS#1 ASN.1 structure RSA-ES-OAEP-params. - */ - protected byte[] engineGetEncoded() - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - // BEGIN android-changed - AlgorithmIdentifier hashAlgorithm = new AlgorithmIdentifier( - JCEDigestUtil.getOID(currentSpec.getDigestAlgorithm()), - DERNull.THE_ONE); - MGF1ParameterSpec mgfSpec = (MGF1ParameterSpec)currentSpec.getMGFParameters(); - AlgorithmIdentifier maskGenAlgorithm = new AlgorithmIdentifier( - PKCSObjectIdentifiers.id_mgf1, - new AlgorithmIdentifier(JCEDigestUtil.getOID(mgfSpec.getDigestAlgorithm()), DERNull.THE_ONE)); - // END android-changed - PSource.PSpecified pSource = (PSource.PSpecified)currentSpec.getPSource(); - AlgorithmIdentifier pSourceAlgorithm = new AlgorithmIdentifier( - PKCSObjectIdentifiers.id_pSpecified, new DEROctetString(pSource.getValue())); - RSAESOAEPparams oaepP = new RSAESOAEPparams(hashAlgorithm, maskGenAlgorithm, pSourceAlgorithm); - - try - { - dOut.writeObject(oaepP); - dOut.close(); - } - catch (IOException e) - { - throw new RuntimeException("Error encoding OAEPParameters"); - } - - return bOut.toByteArray(); - } - - protected byte[] engineGetEncoded( - String format) - { - if (format.equalsIgnoreCase("X.509") - || format.equalsIgnoreCase("ASN.1")) - { - return engineGetEncoded(); - } - - return null; - } - - protected AlgorithmParameterSpec engineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == OAEPParameterSpec.class && currentSpec instanceof OAEPParameterSpec) - { - return currentSpec; - } - - throw new InvalidParameterSpecException("unknown parameter spec passed to OAEP parameters object."); - } - - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (!(paramSpec instanceof OAEPParameterSpec)) - { - throw new InvalidParameterSpecException("OAEPParameterSpec required to initialise an OAEP algorithm parameters object"); - } - - this.currentSpec = (OAEPParameterSpec)paramSpec; - } - - protected void engineInit( - byte[] params) - throws IOException - { - ASN1InputStream aIn = new ASN1InputStream(params); - - try - { - RSAESOAEPparams oaepP = new RSAESOAEPparams((ASN1Sequence)aIn.readObject()); - - currentSpec = new OAEPParameterSpec( - oaepP.getHashAlgorithm().getObjectId().getId(), - oaepP.getMaskGenAlgorithm().getObjectId().getId(), - new MGF1ParameterSpec(AlgorithmIdentifier.getInstance(oaepP.getMaskGenAlgorithm().getParameters()).getObjectId().getId()), - new PSource.PSpecified(ASN1OctetString.getInstance(oaepP.getPSourceAlgorithm().getParameters()).getOctets())); - } - catch (ClassCastException e) - { - throw new IOException("Not a valid OAEP Parameter encoding."); - } - catch (ArrayIndexOutOfBoundsException e) - { - throw new IOException("Not a valid OAEP Parameter encoding."); - } - } - - protected void engineInit( - byte[] params, - String format) - throws IOException - { - if (format.equalsIgnoreCase("X.509") - || format.equalsIgnoreCase("ASN.1")) - { - engineInit(params); - } - else - { - throw new IOException("Unknown parameter format " + format); - } - } - - protected String engineToString() - { - return "OAEP Parameters"; - } - } - - public static class PSS - extends JDKAlgorithmParameters - { - PSSParameterSpec currentSpec; - - /** - * Return the PKCS#1 ASN.1 structure RSA-ES-OAEP-params. - */ - protected byte[] engineGetEncoded() - throws IOException - { - PSSParameterSpec pssSpec = (PSSParameterSpec)currentSpec; - // BEGIN android-changed - AlgorithmIdentifier hashAlgorithm = new AlgorithmIdentifier( - JCEDigestUtil.getOID(pssSpec.getDigestAlgorithm()), - DERNull.THE_ONE); - MGF1ParameterSpec mgfSpec = (MGF1ParameterSpec)pssSpec.getMGFParameters(); - AlgorithmIdentifier maskGenAlgorithm = new AlgorithmIdentifier( - PKCSObjectIdentifiers.id_mgf1, - new AlgorithmIdentifier(JCEDigestUtil.getOID(mgfSpec.getDigestAlgorithm()), DERNull.THE_ONE)); - // END android-changed - RSASSAPSSparams pssP = new RSASSAPSSparams(hashAlgorithm, maskGenAlgorithm, new DERInteger(pssSpec.getSaltLength()), new DERInteger(pssSpec.getTrailerField())); - - return pssP.getEncoded("DER"); - } - - protected byte[] engineGetEncoded( - String format) - throws IOException - { - if (format.equalsIgnoreCase("X.509") - || format.equalsIgnoreCase("ASN.1")) - { - return engineGetEncoded(); - } - - return null; - } - - protected AlgorithmParameterSpec engineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - if (paramSpec == PSSParameterSpec.class && currentSpec instanceof PSSParameterSpec) - { - return currentSpec; - } - - throw new InvalidParameterSpecException("unknown parameter spec passed to PSS parameters object."); - } - - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - if (!(paramSpec instanceof PSSParameterSpec)) - { - throw new InvalidParameterSpecException("PSSParameterSpec required to initialise an PSS algorithm parameters object"); - } - - this.currentSpec = (PSSParameterSpec)paramSpec; - } - - protected void engineInit( - byte[] params) - throws IOException - { - ASN1InputStream aIn = new ASN1InputStream(params); - - try - { - RSASSAPSSparams pssP = new RSASSAPSSparams((ASN1Sequence)aIn.readObject()); - - currentSpec = new PSSParameterSpec( - pssP.getHashAlgorithm().getObjectId().getId(), - pssP.getMaskGenAlgorithm().getObjectId().getId(), - new MGF1ParameterSpec(AlgorithmIdentifier.getInstance(pssP.getMaskGenAlgorithm().getParameters()).getObjectId().getId()), - pssP.getSaltLength().getValue().intValue(), - pssP.getTrailerField().getValue().intValue()); - } - catch (ClassCastException e) - { - throw new IOException("Not a valid PSS Parameter encoding."); - } - catch (ArrayIndexOutOfBoundsException e) - { - throw new IOException("Not a valid PSS Parameter encoding."); - } - } - - protected void engineInit( - byte[] params, - String format) - throws IOException - { - if (format.equalsIgnoreCase("X.509") - || format.equalsIgnoreCase("ASN.1")) - { - engineInit(params); - } - else - { - throw new IOException("Unknown parameter format " + format); - } - } - - protected String engineToString() - { - return "PSS Parameters"; - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/JDKDSAPrivateKey.java b/luni/src/main/java/org/bouncycastle/jce/provider/JDKDSAPrivateKey.java deleted file mode 100644 index 111ab5b..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/JDKDSAPrivateKey.java +++ /dev/null @@ -1,139 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.math.BigInteger; -import java.security.interfaces.DSAParams; -import java.security.interfaces.DSAPrivateKey; -import java.security.spec.DSAParameterSpec; -import java.security.spec.DSAPrivateKeySpec; -import java.util.Enumeration; -import java.util.Hashtable; -import java.util.Vector; - -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.DSAParameter; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.crypto.params.DSAPrivateKeyParameters; -import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; - -public class JDKDSAPrivateKey - implements DSAPrivateKey, PKCS12BagAttributeCarrier -{ - BigInteger x; - DSAParams dsaSpec; - - private Hashtable pkcs12Attributes = new Hashtable(); - private Vector pkcs12Ordering = new Vector(); - - protected JDKDSAPrivateKey() - { - } - - JDKDSAPrivateKey( - DSAPrivateKey key) - { - this.x = key.getX(); - this.dsaSpec = key.getParams(); - } - - JDKDSAPrivateKey( - DSAPrivateKeySpec spec) - { - this.x = spec.getX(); - this.dsaSpec = new DSAParameterSpec(spec.getP(), spec.getQ(), spec.getG()); - } - - JDKDSAPrivateKey( - PrivateKeyInfo info) - { - DSAParameter params = new DSAParameter((ASN1Sequence)info.getAlgorithmId().getParameters()); - DERInteger derX = (DERInteger)info.getPrivateKey(); - - this.x = derX.getValue(); - this.dsaSpec = new DSAParameterSpec(params.getP(), params.getQ(), params.getG()); - } - - JDKDSAPrivateKey( - DSAPrivateKeyParameters params) - { - this.x = params.getX(); - this.dsaSpec = new DSAParameterSpec(params.getParameters().getP(), params.getParameters().getQ(), params.getParameters().getG()); - } - - public String getAlgorithm() - { - return "DSA"; - } - - /** - * return the encoding format we produce in getEncoded(). - * - * @return the string "PKCS#8" - */ - public String getFormat() - { - return "PKCS#8"; - } - - /** - * Return a PKCS8 representation of the key. The sequence returned - * represents a full PrivateKeyInfo object. - * - * @return a PKCS8 representation of the key. - */ - public byte[] getEncoded() - { - PrivateKeyInfo info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa, new DSAParameter(dsaSpec.getP(), dsaSpec.getQ(), dsaSpec.getG()).getDERObject()), new DERInteger(getX())); - - return info.getDEREncoded(); - } - - public DSAParams getParams() - { - return dsaSpec; - } - - public BigInteger getX() - { - return x; - } - - public boolean equals( - Object o) - { - if (!(o instanceof DSAPrivateKey)) - { - return false; - } - - DSAPrivateKey other = (DSAPrivateKey)o; - - return this.getX().equals(other.getX()) - && this.getParams().getG().equals(other.getParams().getG()) - && this.getParams().getP().equals(other.getParams().getP()) - && this.getParams().getQ().equals(other.getParams().getQ()); - } - - public void setBagAttribute( - DERObjectIdentifier oid, - DEREncodable attribute) - { - pkcs12Attributes.put(oid, attribute); - pkcs12Ordering.addElement(oid); - } - - public DEREncodable getBagAttribute( - DERObjectIdentifier oid) - { - return (DEREncodable)pkcs12Attributes.get(oid); - } - - public Enumeration getBagAttributeKeys() - { - return pkcs12Ordering.elements(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/JDKDSAPublicKey.java b/luni/src/main/java/org/bouncycastle/jce/provider/JDKDSAPublicKey.java deleted file mode 100644 index 56e8470..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/JDKDSAPublicKey.java +++ /dev/null @@ -1,125 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.IOException; -import java.math.BigInteger; -import java.security.interfaces.DSAParams; -import java.security.interfaces.DSAPublicKey; -import java.security.spec.DSAParameterSpec; -import java.security.spec.DSAPublicKeySpec; - -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.DSAParameter; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.crypto.params.DSAPublicKeyParameters; - -public class JDKDSAPublicKey - implements DSAPublicKey -{ - private BigInteger y; - private DSAParams dsaSpec; - - JDKDSAPublicKey( - DSAPublicKeySpec spec) - { - this.y = spec.getY(); - this.dsaSpec = new DSAParameterSpec(spec.getP(), spec.getQ(), spec.getG()); - } - - JDKDSAPublicKey( - DSAPublicKey key) - { - this.y = key.getY(); - this.dsaSpec = key.getParams(); - } - - JDKDSAPublicKey( - DSAPublicKeyParameters params) - { - this.y = params.getY(); - this.dsaSpec = new DSAParameterSpec(params.getParameters().getP(), params.getParameters().getQ(), params.getParameters().getG()); - } - - JDKDSAPublicKey( - BigInteger y, - DSAParameterSpec dsaSpec) - { - this.y = y; - this.dsaSpec = dsaSpec; - } - - JDKDSAPublicKey( - SubjectPublicKeyInfo info) - { - DSAParameter params = new DSAParameter((ASN1Sequence)info.getAlgorithmId().getParameters()); - DERInteger derY = null; - - try - { - derY = (DERInteger)info.getPublicKey(); - } - catch (IOException e) - { - throw new IllegalArgumentException("invalid info structure in DSA public key"); - } - - this.y = derY.getValue(); - this.dsaSpec = new DSAParameterSpec(params.getP(), params.getQ(), params.getG()); - } - - public String getAlgorithm() - { - return "DSA"; - } - - public String getFormat() - { - return "X.509"; - } - - public byte[] getEncoded() - { - SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa, new DSAParameter(dsaSpec.getP(), dsaSpec.getQ(), dsaSpec.getG()).getDERObject()), new DERInteger(y)); - - return info.getDEREncoded(); - } - - public DSAParams getParams() - { - return dsaSpec; - } - - public BigInteger getY() - { - return y; - } - - public String toString() - { - StringBuffer buf = new StringBuffer(); - String nl = System.getProperty("line.separator"); - - buf.append("DSA Public Key").append(nl); - buf.append(" y: ").append(this.getY().toString(16)).append(nl); - - return buf.toString(); - } - - public boolean equals( - Object o) - { - if (!(o instanceof DSAPublicKey)) - { - return false; - } - - DSAPublicKey other = (DSAPublicKey)o; - - return this.getY().equals(other.getY()) - && this.getParams().getG().equals(other.getParams().getG()) - && this.getParams().getP().equals(other.getParams().getP()) - && this.getParams().getQ().equals(other.getParams().getQ()); - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/JDKDSASigner.java b/luni/src/main/java/org/bouncycastle/jce/provider/JDKDSASigner.java deleted file mode 100644 index 9a5eb66..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/JDKDSASigner.java +++ /dev/null @@ -1,426 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.math.BigInteger; -import java.security.InvalidKeyException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.Signature; -import java.security.SignatureException; -import java.security.interfaces.DSAKey; -import java.security.spec.AlgorithmParameterSpec; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DEROutputStream; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.DSA; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.digests.SHA224Digest; -import org.bouncycastle.crypto.digests.SHA256Digest; -import org.bouncycastle.crypto.digests.SHA384Digest; -import org.bouncycastle.crypto.digests.SHA512Digest; -import org.bouncycastle.crypto.params.ParametersWithRandom; -import org.bouncycastle.crypto.signers.DSASigner; -// BEGIN android-removed -// import org.bouncycastle.crypto.signers.ECDSASigner; -// import org.bouncycastle.crypto.signers.ECNRSigner; -// import org.bouncycastle.jce.interfaces.ECKey; -// import org.bouncycastle.jce.interfaces.ECPublicKey; -// import org.bouncycastle.jce.interfaces.GOST3410Key; -// END android-removed - -public class JDKDSASigner - extends Signature implements PKCSObjectIdentifiers, X509ObjectIdentifiers -{ - private Digest digest; - private DSA signer; - private SecureRandom random; - - protected JDKDSASigner( - String name, - Digest digest, - DSA signer) - { - super(name); - - this.digest = digest; - this.signer = signer; - } - - protected void engineInitVerify( - PublicKey publicKey) - throws InvalidKeyException - { - CipherParameters param = null; - - // BEGIN android-removed - // if (publicKey instanceof ECPublicKey) - // { - // param = ECUtil.generatePublicKeyParameter(publicKey); - // } - // else if (publicKey instanceof GOST3410Key) - // { - // param = GOST3410Util.generatePublicKeyParameter(publicKey); - // } - // else if (publicKey instanceof DSAKey) - // END android-removed - // BEGIN android-added - if (publicKey instanceof DSAKey) - // END android-added - { - param = DSAUtil.generatePublicKeyParameter(publicKey); - } - else - { - try - { - byte[] bytes = publicKey.getEncoded(); - - publicKey = JDKKeyFactory.createPublicKeyFromDERStream(bytes); - - // BEGIN android-removed - // if (publicKey instanceof ECPublicKey) - // { - // param = ECUtil.generatePublicKeyParameter(publicKey); - // } - // else if (publicKey instanceof DSAKey) - // END android-removed - // BEGIN android-added - if (publicKey instanceof DSAKey) - // END android-added - { - param = DSAUtil.generatePublicKeyParameter(publicKey); - } - else - { - throw new InvalidKeyException("can't recognise key type in DSA based signer"); - } - } - catch (Exception e) - { - throw new InvalidKeyException("can't recognise key type in DSA based signer"); - } - } - - digest.reset(); - signer.init(false, param); - } - - protected void engineInitSign( - PrivateKey privateKey, - SecureRandom random) - throws InvalidKeyException - { - this.random = random; - engineInitSign(privateKey); - } - - protected void engineInitSign( - PrivateKey privateKey) - throws InvalidKeyException - { - CipherParameters param = null; - - // BEGIN android-removed - // if (privateKey instanceof ECKey) - // { - // param = ECUtil.generatePrivateKeyParameter(privateKey); - // } - // else if (privateKey instanceof GOST3410Key) - // { - // param = GOST3410Util.generatePrivateKeyParameter(privateKey); - // } - // else - // { - // END android-removed - param = DSAUtil.generatePrivateKeyParameter(privateKey); - // BEGIN android-removed - // } - // END android-removed - - digest.reset(); - - if (random != null) - { - signer.init(true, new ParametersWithRandom(param, random)); - } - else - { - signer.init(true, param); - } - } - - protected void engineUpdate( - byte b) - throws SignatureException - { - digest.update(b); - } - - protected void engineUpdate( - byte[] b, - int off, - int len) - throws SignatureException - { - digest.update(b, off, len); - } - - protected byte[] engineSign() - throws SignatureException - { - byte[] hash = new byte[digest.getDigestSize()]; - - digest.doFinal(hash, 0); - - try - { - BigInteger[] sig = signer.generateSignature(hash); - - return derEncode(sig[0], sig[1]); - } - catch (Exception e) - { - throw new SignatureException(e.toString()); - } - } - - protected boolean engineVerify( - byte[] sigBytes) - throws SignatureException - { - byte[] hash = new byte[digest.getDigestSize()]; - - digest.doFinal(hash, 0); - - BigInteger[] sig; - - try - { - sig = derDecode(sigBytes); - } - catch (Exception e) - { - throw new SignatureException("error decoding signature bytes."); - } - - return signer.verifySignature(hash, sig[0], sig[1]); - } - - protected void engineSetParameter( - AlgorithmParameterSpec params) - { - throw new UnsupportedOperationException("engineSetParameter unsupported"); - } - - /** - * @deprecated replaced with <a href = "#engineSetParameter(java.security.spec.AlgorithmParameterSpec)"> - */ - protected void engineSetParameter( - String param, - Object value) - { - throw new UnsupportedOperationException("engineSetParameter unsupported"); - } - - /** - * @deprecated - */ - protected Object engineGetParameter( - String param) - { - throw new UnsupportedOperationException("engineSetParameter unsupported"); - } - - private byte[] derEncode( - BigInteger r, - BigInteger s) - throws IOException - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(new DERInteger(r)); - v.add(new DERInteger(s)); - - dOut.writeObject(new DERSequence(v)); - - return bOut.toByteArray(); - } - - private BigInteger[] derDecode( - byte[] encoding) - throws IOException - { - ASN1InputStream aIn = new ASN1InputStream(encoding); - ASN1Sequence s = (ASN1Sequence)aIn.readObject(); - - BigInteger[] sig = new BigInteger[2]; - - sig[0] = ((DERInteger)s.getObjectAt(0)).getValue(); - sig[1] = ((DERInteger)s.getObjectAt(1)).getValue(); - - return sig; - } - - static public class stdDSA - extends JDKDSASigner - { - public stdDSA() - { - super("SHA1withDSA", new SHA1Digest(), new DSASigner()); - } - } - - static public class noneDSA - extends JDKDSASigner - { - public noneDSA() - { - super("NONEwithDSA", new NullDigest(), new DSASigner()); - } - } - -// BEGIN android-removed -// static public class ecDSA -// extends JDKDSASigner -// { -// public ecDSA() -// { -// super("SHA1withECDSA", new SHA1Digest(), new ECDSASigner()); -// } -// } -// -// static public class ecDSA224 -// extends JDKDSASigner -// { -// public ecDSA224() -// { -// super("SHA224withECDSA", new SHA224Digest(), new ECDSASigner()); -// } -// } -// -// static public class ecDSA256 -// extends JDKDSASigner -// { -// public ecDSA256() -// { -// super("SHA256withECDSA", new SHA256Digest(), new ECDSASigner()); -// } -// } -// -// static public class ecDSA384 -// extends JDKDSASigner -// { -// public ecDSA384() -// { -// super("SHA384withECDSA", new SHA384Digest(), new ECDSASigner()); -// } -// } -// -// static public class ecDSA512 -// extends JDKDSASigner -// { -// public ecDSA512() -// { -// super("SHA512withECDSA", new SHA512Digest(), new ECDSASigner()); -// } -// } -// -// -// static public class ecNR -// extends JDKDSASigner -// { -// public ecNR() -// { -// super("SHA1withECNR", new SHA1Digest(), new ECNRSigner()); -// } -// } -// -// static public class ecNR224 -// extends JDKDSASigner -// { -// public ecNR224() -// { -// super("SHA224withECNR", new SHA224Digest(), new ECNRSigner()); -// } -// } -// -// static public class ecNR256 -// extends JDKDSASigner -// { -// public ecNR256() -// { -// super("SHA256withECNR", new SHA256Digest(), new ECNRSigner()); -// } -// } -// -// static public class ecNR384 -// extends JDKDSASigner -// { -// public ecNR384() -// { -// super("SHA384withECNR", new SHA384Digest(), new ECNRSigner()); -// } -// } -// -// static public class ecNR512 -// extends JDKDSASigner -// { -// public ecNR512() -// { -// super("SHA512withECNR", new SHA512Digest(), new ECNRSigner()); -// } -// } -// END android-removed - - private static class NullDigest - implements Digest - { - private ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - public String getAlgorithmName() - { - return "NULL"; - } - - public int getDigestSize() - { - return bOut.size(); - } - - public void update(byte in) - { - bOut.write(in); - } - - public void update(byte[] in, int inOff, int len) - { - bOut.write(in, inOff, len); - } - - public int doFinal(byte[] out, int outOff) - { - byte[] res = bOut.toByteArray(); - - System.arraycopy(res, 0, out, outOff, res.length); - - return res.length; - } - - public void reset() - { - bOut.reset(); - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/JDKDigestSignature.java b/luni/src/main/java/org/bouncycastle/jce/provider/JDKDigestSignature.java deleted file mode 100644 index 5eea220..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/JDKDigestSignature.java +++ /dev/null @@ -1,343 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.IOException; -import java.security.InvalidKeyException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.Signature; -import java.security.SignatureException; -import java.security.interfaces.RSAPrivateKey; -import java.security.interfaces.RSAPublicKey; -import java.security.spec.AlgorithmParameterSpec; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.DigestInfo; -import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; -import org.bouncycastle.crypto.AsymmetricBlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.Digest; -// BEGIN android-removed -// import org.bouncycastle.crypto.digests.MD2Digest; -// END android-removed -import org.bouncycastle.crypto.digests.MD4Digest; -import org.bouncycastle.crypto.digests.MD5Digest; -// BEGIN android-removed -// import org.bouncycastle.crypto.digests.RIPEMD128Digest; -// import org.bouncycastle.crypto.digests.RIPEMD160Digest; -// import org.bouncycastle.crypto.digests.RIPEMD256Digest; -// END android-removed -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.digests.SHA224Digest; -import org.bouncycastle.crypto.digests.SHA256Digest; -import org.bouncycastle.crypto.digests.SHA384Digest; -import org.bouncycastle.crypto.digests.SHA512Digest; -import org.bouncycastle.crypto.encodings.PKCS1Encoding; -import org.bouncycastle.crypto.engines.RSAEngine; - -public class JDKDigestSignature - extends Signature implements PKCSObjectIdentifiers, X509ObjectIdentifiers -{ - private Digest digest; - private AsymmetricBlockCipher cipher; - private AlgorithmIdentifier algId; - - protected JDKDigestSignature( - String name, - DERObjectIdentifier objId, - Digest digest, - AsymmetricBlockCipher cipher) - { - super(name); - - this.digest = digest; - this.cipher = cipher; - this.algId = new AlgorithmIdentifier(objId); - } - - protected void engineInitVerify( - PublicKey publicKey) - throws InvalidKeyException - { - if (!(publicKey instanceof RSAPublicKey)) - { - throw new InvalidKeyException("Supplied key (" + getType(publicKey) + ") is not a RSAPublicKey instance"); - } - - CipherParameters param = RSAUtil.generatePublicKeyParameter((RSAPublicKey)publicKey); - - digest.reset(); - cipher.init(false, param); - } - - protected void engineInitSign( - PrivateKey privateKey) - throws InvalidKeyException - { - if (!(privateKey instanceof RSAPrivateKey)) - { - throw new InvalidKeyException("Supplied key (" + getType(privateKey) + ") is not a RSAPrivateKey instance"); - } - - CipherParameters param = RSAUtil.generatePrivateKeyParameter((RSAPrivateKey)privateKey); - - digest.reset(); - - cipher.init(true, param); - } - - private String getType( - Object o) - { - if (o == null) - { - return null; - } - - return o.getClass().getName(); - } - - protected void engineUpdate( - byte b) - throws SignatureException - { - digest.update(b); - } - - protected void engineUpdate( - byte[] b, - int off, - int len) - throws SignatureException - { - digest.update(b, off, len); - } - - protected byte[] engineSign() - throws SignatureException - { - byte[] hash = new byte[digest.getDigestSize()]; - - digest.doFinal(hash, 0); - - try - { - byte[] bytes = derEncode(hash); - - return cipher.processBlock(bytes, 0, bytes.length); - } - catch (ArrayIndexOutOfBoundsException e) - { - throw new SignatureException("key too small for signature type"); - } - catch (Exception e) - { - throw new SignatureException(e.toString()); - } - } - - protected boolean engineVerify( - byte[] sigBytes) - throws SignatureException - { - byte[] hash = new byte[digest.getDigestSize()]; - - digest.doFinal(hash, 0); - - byte[] sig; - byte[] expected; - - try - { - sig = cipher.processBlock(sigBytes, 0, sigBytes.length); - - expected = derEncode(hash); - } - catch (Exception e) - { - return false; - } - - if (sig.length == expected.length) - { - for (int i = 0; i < sig.length; i++) - { - if (sig[i] != expected[i]) - { - return false; - } - } - } - else if (expected.length == sig.length - 2) // NULL left out - { - int sigOffset = sig.length - hash.length - 2; - int expectedOffset = expected.length - hash.length - 2; - - sig[1] -= 2; // adjust lengths - sig[3] -= 2; - - for (int i = 0; i < hash.length; i++) - { - if (sig[sigOffset + i] != expected[expectedOffset + i]) // check hash - { - return false; - } - } - - for (int i = 0; i < expectedOffset; i++) - { - if (sig[i] != expected[i]) // check header less NULL - { - return false; - } - } - } - else - { - return false; - } - - return true; - } - - protected void engineSetParameter( - AlgorithmParameterSpec params) - { - throw new UnsupportedOperationException("engineSetParameter unsupported"); - } - - /** - * @deprecated replaced with <a href = "#engineSetParameter(java.security.spec.AlgorithmParameterSpec)"> - */ - protected void engineSetParameter( - String param, - Object value) - { - throw new UnsupportedOperationException("engineSetParameter unsupported"); - } - - /** - * @deprecated - */ - protected Object engineGetParameter( - String param) - { - throw new UnsupportedOperationException("engineSetParameter unsupported"); - } - - private byte[] derEncode( - byte[] hash) - throws IOException - { - DigestInfo dInfo = new DigestInfo(algId, hash); - - return dInfo.getEncoded(ASN1Encodable.DER); - } - - static public class SHA1WithRSAEncryption - extends JDKDigestSignature - { - public SHA1WithRSAEncryption() - { - super("SHA1withRSA", id_SHA1, new SHA1Digest(), new PKCS1Encoding(new RSAEngine())); - } - } - - static public class SHA224WithRSAEncryption - extends JDKDigestSignature - { - public SHA224WithRSAEncryption() - { - super("SHA224withRSA", NISTObjectIdentifiers.id_sha224, new SHA224Digest(), new PKCS1Encoding(new RSAEngine())); - } - } - - static public class SHA256WithRSAEncryption - extends JDKDigestSignature - { - public SHA256WithRSAEncryption() - { - super("SHA256withRSA", NISTObjectIdentifiers.id_sha256, new SHA256Digest(), new PKCS1Encoding(new RSAEngine())); - } - } - - static public class SHA384WithRSAEncryption - extends JDKDigestSignature - { - public SHA384WithRSAEncryption() - { - super("SHA384withRSA", NISTObjectIdentifiers.id_sha384, new SHA384Digest(), new PKCS1Encoding(new RSAEngine())); - } - } - - static public class SHA512WithRSAEncryption - extends JDKDigestSignature - { - public SHA512WithRSAEncryption() - { - super("SHA512withRSA", NISTObjectIdentifiers.id_sha512, new SHA512Digest(), new PKCS1Encoding(new RSAEngine())); - } - } - - // BEGIN android-removed - // static public class MD2WithRSAEncryption - // extends JDKDigestSignature - // { - // public MD2WithRSAEncryption() - // { - // super("MD2withRSA", md2, new MD2Digest(), new PKCS1Encoding(new RSAEngine())); - // } - // } - // END android-removed - - static public class MD4WithRSAEncryption - extends JDKDigestSignature - { - public MD4WithRSAEncryption() - { - super("MD4withRSA", md4, new MD4Digest(), new PKCS1Encoding(new RSAEngine())); - } - } - - static public class MD5WithRSAEncryption - extends JDKDigestSignature - { - public MD5WithRSAEncryption() - { - super("MD5withRSA", md5, new MD5Digest(), new PKCS1Encoding(new RSAEngine())); - } - } - -// BEGIN android-removed -// static public class RIPEMD160WithRSAEncryption -// extends JDKDigestSignature -// { -// public RIPEMD160WithRSAEncryption() -// { -// super("RIPEMD160withRSA", TeleTrusTObjectIdentifiers.ripemd160, new RIPEMD160Digest(), new PKCS1Encoding(new RSAEngine())); -// } -// } -// -// static public class RIPEMD128WithRSAEncryption -// extends JDKDigestSignature -// { -// public RIPEMD128WithRSAEncryption() -// { -// super("RIPEMD128withRSA", TeleTrusTObjectIdentifiers.ripemd128, new RIPEMD128Digest(), new PKCS1Encoding(new RSAEngine())); -// } -// } -// -// static public class RIPEMD256WithRSAEncryption -// extends JDKDigestSignature -// { -// public RIPEMD256WithRSAEncryption() -// { -// super("RIPEMD256withRSA", TeleTrusTObjectIdentifiers.ripemd256, new RIPEMD256Digest(), new PKCS1Encoding(new RSAEngine())); -// } -// } -// END android-removed -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/JDKECDSAAlgParameters.java b/luni/src/main/java/org/bouncycastle/jce/provider/JDKECDSAAlgParameters.java deleted file mode 100644 index 557c705..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/JDKECDSAAlgParameters.java +++ /dev/null @@ -1,75 +0,0 @@ -package org.bouncycastle.jce.provider; - -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DEROctetString; - -import java.io.IOException; -import java.security.AlgorithmParametersSpi; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.InvalidParameterSpecException; - -public abstract class JDKECDSAAlgParameters - extends AlgorithmParametersSpi -{ - public static class SigAlgParameters - extends JDKAlgorithmParameters - { - private DEREncodable params; - - protected byte[] engineGetEncoded() - throws IOException - { - return engineGetEncoded("ASN.1"); - } - - protected byte[] engineGetEncoded( - String format) - throws IOException - { - if (format == null) - { - return engineGetEncoded("ASN.1"); - } - - if (format.equals("ASN.1")) - { - return new DEROctetString(engineGetEncoded("RAW")).getEncoded(); - } - - return null; - } - - protected AlgorithmParameterSpec engineGetParameterSpec( - Class paramSpec) - throws InvalidParameterSpecException - { - throw new InvalidParameterSpecException("unknown parameter spec passed to ECDSA parameters object."); - } - - protected void engineInit( - AlgorithmParameterSpec paramSpec) - throws InvalidParameterSpecException - { - throw new InvalidParameterSpecException("unknown parameter spec passed to ECDSA parameters object."); - } - - protected void engineInit( - byte[] params) - throws IOException - { - } - - protected void engineInit( - byte[] params, - String format) - throws IOException - { - throw new IOException("Unknown parameters format in IV parameters object"); - } - - protected String engineToString() - { - return "ECDSA Parameters"; - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/JDKISOSignature.java b/luni/src/main/java/org/bouncycastle/jce/provider/JDKISOSignature.java deleted file mode 100644 index ec8667d..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/JDKISOSignature.java +++ /dev/null @@ -1,149 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.InvalidKeyException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.Signature; -import java.security.SignatureException; -import java.security.interfaces.RSAPrivateKey; -import java.security.interfaces.RSAPublicKey; -import java.security.spec.AlgorithmParameterSpec; - -import org.bouncycastle.crypto.AsymmetricBlockCipher; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.MD5Digest; -// BEGIN android-removed -// import org.bouncycastle.crypto.digests.RIPEMD160Digest; -// END android-removed -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.engines.RSAEngine; -import org.bouncycastle.crypto.signers.ISO9796d2Signer; - -public class JDKISOSignature - extends Signature -{ - private ISO9796d2Signer signer; - - protected JDKISOSignature( - String name, - Digest digest, - AsymmetricBlockCipher cipher) - { - super(name); - - signer = new ISO9796d2Signer(cipher, digest, true); - } - - protected void engineInitVerify( - PublicKey publicKey) - throws InvalidKeyException - { - CipherParameters param = RSAUtil.generatePublicKeyParameter((RSAPublicKey)publicKey); - - signer.init(false, param); - } - - protected void engineInitSign( - PrivateKey privateKey) - throws InvalidKeyException - { - CipherParameters param = RSAUtil.generatePrivateKeyParameter((RSAPrivateKey)privateKey); - - signer.init(true, param); - } - - protected void engineUpdate( - byte b) - throws SignatureException - { - signer.update(b); - } - - protected void engineUpdate( - byte[] b, - int off, - int len) - throws SignatureException - { - signer.update(b, off, len); - } - - protected byte[] engineSign() - throws SignatureException - { - try - { - byte[] sig = signer.generateSignature(); - - return sig; - } - catch (Exception e) - { - throw new SignatureException(e.toString()); - } - } - - protected boolean engineVerify( - byte[] sigBytes) - throws SignatureException - { - boolean yes = signer.verifySignature(sigBytes); - - return yes; - } - - protected void engineSetParameter( - AlgorithmParameterSpec params) - { - throw new UnsupportedOperationException("engineSetParameter unsupported"); - } - - /** - * @deprecated replaced with <a href = "#engineSetParameter(java.security.spec.AlgorithmParameterSpec)"> - */ - protected void engineSetParameter( - String param, - Object value) - { - throw new UnsupportedOperationException("engineSetParameter unsupported"); - } - - /** - * @deprecated - */ - protected Object engineGetParameter( - String param) - { - throw new UnsupportedOperationException("engineSetParameter unsupported"); - } - - static public class SHA1WithRSAEncryption - extends JDKISOSignature - { - public SHA1WithRSAEncryption() - { - super("SHA1withRSA/ISO9796-2", new SHA1Digest(), new RSAEngine()); - } - } - - static public class MD5WithRSAEncryption - extends JDKISOSignature - { - public MD5WithRSAEncryption() - { - super("MD5withRSA/ISO9796-2", new MD5Digest(), new RSAEngine()); - } - } - -// BEGIN android-removed -// static public class RIPEMD160WithRSAEncryption -// extends JDKISOSignature -// { -// public RIPEMD160WithRSAEncryption() -// { -// super("RIPEMD160withRSA/ISO9796-2", new RIPEMD160Digest(), new RSAEngine()); -// } -// } -// END android-removed -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/JDKKeyFactory.java b/luni/src/main/java/org/bouncycastle/jce/provider/JDKKeyFactory.java deleted file mode 100644 index d5a05df..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/JDKKeyFactory.java +++ /dev/null @@ -1,779 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.IOException; -import java.io.InputStream; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.KeyFactorySpi; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.interfaces.DSAPrivateKey; -import java.security.interfaces.DSAPublicKey; -import java.security.interfaces.RSAPrivateCrtKey; -import java.security.interfaces.RSAPrivateKey; -import java.security.interfaces.RSAPublicKey; -import java.security.spec.DSAPrivateKeySpec; -import java.security.spec.DSAPublicKeySpec; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.KeySpec; -import java.security.spec.PKCS8EncodedKeySpec; -import java.security.spec.RSAPrivateCrtKeySpec; -import java.security.spec.RSAPrivateKeySpec; -import java.security.spec.RSAPublicKeySpec; -import java.security.spec.X509EncodedKeySpec; - -import javax.crypto.interfaces.DHPrivateKey; -import javax.crypto.interfaces.DHPublicKey; -import javax.crypto.spec.DHPrivateKeySpec; -import javax.crypto.spec.DHPublicKeySpec; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -// BEGIN android-removed -// import org.bouncycastle.jce.interfaces.ElGamalPrivateKey; -// import org.bouncycastle.jce.interfaces.ElGamalPublicKey; -// import org.bouncycastle.jce.spec.ECPrivateKeySpec; -// import org.bouncycastle.jce.spec.ECPublicKeySpec; -// import org.bouncycastle.jce.spec.ElGamalPrivateKeySpec; -// import org.bouncycastle.jce.spec.ElGamalPublicKeySpec; -// import org.bouncycastle.jce.spec.GOST3410PrivateKeySpec; -// import org.bouncycastle.jce.spec.GOST3410PublicKeySpec; -// END android-removed - -public abstract class JDKKeyFactory - extends KeyFactorySpi -{ - protected boolean elGamalFactory = false; - - public JDKKeyFactory() - { - } - - protected KeySpec engineGetKeySpec( - Key key, - Class spec) - throws InvalidKeySpecException - { - if (spec.isAssignableFrom(PKCS8EncodedKeySpec.class) && key.getFormat().equals("PKCS#8")) - { - return new PKCS8EncodedKeySpec(key.getEncoded()); - } - else if (spec.isAssignableFrom(X509EncodedKeySpec.class) && key.getFormat().equals("X.509")) - { - return new X509EncodedKeySpec(key.getEncoded()); - } - else if (spec.isAssignableFrom(RSAPublicKeySpec.class) && key instanceof RSAPublicKey) - { - RSAPublicKey k = (RSAPublicKey)key; - - return new RSAPublicKeySpec(k.getModulus(), k.getPublicExponent()); - } - else if (spec.isAssignableFrom(RSAPrivateKeySpec.class) && key instanceof RSAPrivateKey) - { - RSAPrivateKey k = (RSAPrivateKey)key; - - return new RSAPrivateKeySpec(k.getModulus(), k.getPrivateExponent()); - } - else if (spec.isAssignableFrom(RSAPrivateCrtKeySpec.class) && key instanceof RSAPrivateCrtKey) - { - RSAPrivateCrtKey k = (RSAPrivateCrtKey)key; - - return new RSAPrivateCrtKeySpec( - k.getModulus(), k.getPublicExponent(), - k.getPrivateExponent(), - k.getPrimeP(), k.getPrimeQ(), - k.getPrimeExponentP(), k.getPrimeExponentQ(), - k.getCrtCoefficient()); - } - else if (spec.isAssignableFrom(DHPrivateKeySpec.class) && key instanceof DHPrivateKey) - { - DHPrivateKey k = (DHPrivateKey)key; - - return new DHPrivateKeySpec(k.getX(), k.getParams().getP(), k.getParams().getG()); - } - else if (spec.isAssignableFrom(DHPublicKeySpec.class) && key instanceof DHPublicKey) - { - DHPublicKey k = (DHPublicKey)key; - - return new DHPublicKeySpec(k.getY(), k.getParams().getP(), k.getParams().getG()); - } - - throw new RuntimeException("not implemented yet " + key + " " + spec); - } - - protected Key engineTranslateKey( - Key key) - throws InvalidKeyException - { - if (key instanceof RSAPublicKey) - { - return new JCERSAPublicKey((RSAPublicKey)key); - } - else if (key instanceof RSAPrivateCrtKey) - { - return new JCERSAPrivateCrtKey((RSAPrivateCrtKey)key); - } - else if (key instanceof RSAPrivateKey) - { - return new JCERSAPrivateKey((RSAPrivateKey)key); - } - else if (key instanceof DHPublicKey) - { - // BEGIN android-removed - // if (elGamalFactory) - // { - // return new JCEElGamalPublicKey((DHPublicKey)key); - // } - // else - // { - // END android-removed - return new JCEDHPublicKey((DHPublicKey)key); - // BEGIN android-removed - // } - // END android-removed - } - else if (key instanceof DHPrivateKey) - { - // BEGIN android-removed - // if (elGamalFactory) - // { - // return new JCEElGamalPrivateKey((DHPrivateKey)key); - // } - // else - // { - // END android-removed - return new JCEDHPrivateKey((DHPrivateKey)key); - // BEGIN android-removed - // } - // END android-removed - } - else if (key instanceof DSAPublicKey) - { - return new JDKDSAPublicKey((DSAPublicKey)key); - } - else if (key instanceof DSAPrivateKey) - { - return new JDKDSAPrivateKey((DSAPrivateKey)key); - } - // BEGIN android-removed - // else if (key instanceof ElGamalPublicKey) - // { - // return new JCEElGamalPublicKey((ElGamalPublicKey)key); - // } - // else if (key instanceof ElGamalPrivateKey) - // { - // return new JCEElGamalPrivateKey((ElGamalPrivateKey)key); - // } - // END android-removed - - throw new InvalidKeyException("key type unknown"); - } - - /** - * create a public key from the given DER encoded input stream. - */ - static PublicKey createPublicKeyFromDERStream( - byte[] in) - throws IOException - { - return createPublicKeyFromPublicKeyInfo( - new SubjectPublicKeyInfo((ASN1Sequence)(new ASN1InputStream(in).readObject()))); - } - - /** - * create a public key from the given public key info object. - */ - static PublicKey createPublicKeyFromPublicKeyInfo( - SubjectPublicKeyInfo info) - { - DERObjectIdentifier algOid = info.getAlgorithmId().getObjectId(); - - if (RSAUtil.isRsaOid(algOid)) - { - return new JCERSAPublicKey(info); - } - else if (algOid.equals(PKCSObjectIdentifiers.dhKeyAgreement)) - { - return new JCEDHPublicKey(info); - } - else if (algOid.equals(X9ObjectIdentifiers.dhpublicnumber)) - { - return new JCEDHPublicKey(info); - } - // BEGIN android-removed - // else if (algOid.equals(OIWObjectIdentifiers.elGamalAlgorithm)) - // { - // return new JCEElGamalPublicKey(info); - // } - // END android-removed - else if (algOid.equals(X9ObjectIdentifiers.id_dsa)) - { - return new JDKDSAPublicKey(info); - } - else if (algOid.equals(OIWObjectIdentifiers.dsaWithSHA1)) - { - return new JDKDSAPublicKey(info); - } - // BEGIN android-removed - // else if (algOid.equals(X9ObjectIdentifiers.id_ecPublicKey)) - // { - // return new JCEECPublicKey(info); - // } - // else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_94)) - // { - // return new JDKGOST3410PublicKey(info); - // } - // else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_2001)) - // { - // return new JCEECPublicKey(info); - // } - else - { - throw new RuntimeException("algorithm identifier " + algOid + " in key not recognised"); - } - } - - /** - * create a private key from the given DER encoded input stream. - */ - static PrivateKey createPrivateKeyFromDERStream( - byte[] in) - throws IOException - { - return createPrivateKeyFromPrivateKeyInfo( - new PrivateKeyInfo((ASN1Sequence)(new ASN1InputStream(in).readObject()))); - } - - /** - * create a private key from the given public key info object. - */ - static PrivateKey createPrivateKeyFromPrivateKeyInfo( - PrivateKeyInfo info) - { - DERObjectIdentifier algOid = info.getAlgorithmId().getObjectId(); - - if (RSAUtil.isRsaOid(algOid)) - { - return new JCERSAPrivateCrtKey(info); - } - else if (algOid.equals(PKCSObjectIdentifiers.dhKeyAgreement)) - { - return new JCEDHPrivateKey(info); - } - // BEGIN android-removed - // else if (algOid.equals(OIWObjectIdentifiers.elGamalAlgorithm)) - // { - // return new JCEElGamalPrivateKey(info); - // } - // END android-removed - else if (algOid.equals(X9ObjectIdentifiers.id_dsa)) - { - return new JDKDSAPrivateKey(info); - } - // BEGIN android-removed - // else if (algOid.equals(X9ObjectIdentifiers.id_ecPublicKey)) - // { - // return new JCEECPrivateKey(info); - // } - // else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_94)) - // { - // return new JDKGOST3410PrivateKey(info); - // } - // else if (algOid.equals(CryptoProObjectIdentifiers.gostR3410_2001)) - // { - // return new JCEECPrivateKey(info); - // } - // END android-removed - else - { - throw new RuntimeException("algorithm identifier " + algOid + " in key not recognised"); - } - } - - public static class RSA - extends JDKKeyFactory - { - public RSA() - { - } - - protected PrivateKey engineGeneratePrivate( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof PKCS8EncodedKeySpec) - { - try - { - return JDKKeyFactory.createPrivateKeyFromDERStream( - ((PKCS8EncodedKeySpec)keySpec).getEncoded()); - } - catch (Exception e) - { - // - // in case it's just a RSAPrivateKey object... - // - try - { - return new JCERSAPrivateCrtKey( - new RSAPrivateKeyStructure( - (ASN1Sequence)new ASN1InputStream(((PKCS8EncodedKeySpec)keySpec).getEncoded()).readObject())); - } - catch (Exception ex) - { - throw new InvalidKeySpecException(ex.toString()); - } - } - } - else if (keySpec instanceof RSAPrivateCrtKeySpec) - { - return new JCERSAPrivateCrtKey((RSAPrivateCrtKeySpec)keySpec); - } - else if (keySpec instanceof RSAPrivateKeySpec) - { - return new JCERSAPrivateKey((RSAPrivateKeySpec)keySpec); - } - - throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName()); - } - - protected PublicKey engineGeneratePublic( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof X509EncodedKeySpec) - { - try - { - return JDKKeyFactory.createPublicKeyFromDERStream( - ((X509EncodedKeySpec)keySpec).getEncoded()); - } - catch (Exception e) - { - throw new InvalidKeySpecException(e.toString()); - } - } - else if (keySpec instanceof RSAPublicKeySpec) - { - return new JCERSAPublicKey((RSAPublicKeySpec)keySpec); - } - - throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName()); - } - } - - public static class DH - extends JDKKeyFactory - { - public DH() - { - } - - protected PrivateKey engineGeneratePrivate( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof PKCS8EncodedKeySpec) - { - try - { - return JDKKeyFactory.createPrivateKeyFromDERStream( - ((PKCS8EncodedKeySpec)keySpec).getEncoded()); - } - catch (Exception e) - { - throw new InvalidKeySpecException(e.toString()); - } - } - else if (keySpec instanceof DHPrivateKeySpec) - { - return new JCEDHPrivateKey((DHPrivateKeySpec)keySpec); - } - - throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName()); - } - - protected PublicKey engineGeneratePublic( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof X509EncodedKeySpec) - { - try - { - return JDKKeyFactory.createPublicKeyFromDERStream( - ((X509EncodedKeySpec)keySpec).getEncoded()); - } - catch (Exception e) - { - throw new InvalidKeySpecException(e.toString()); - } - } - else if (keySpec instanceof DHPublicKeySpec) - { - return new JCEDHPublicKey((DHPublicKeySpec)keySpec); - } - - throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName()); - } - } - - public static class DSA - extends JDKKeyFactory - { - public DSA() - { - } - - protected PrivateKey engineGeneratePrivate( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof PKCS8EncodedKeySpec) - { - try - { - return JDKKeyFactory.createPrivateKeyFromDERStream( - ((PKCS8EncodedKeySpec)keySpec).getEncoded()); - } - catch (Exception e) - { - throw new InvalidKeySpecException(e.toString()); - } - } - else if (keySpec instanceof DSAPrivateKeySpec) - { - return new JDKDSAPrivateKey((DSAPrivateKeySpec)keySpec); - } - - throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName()); - } - - protected PublicKey engineGeneratePublic( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof X509EncodedKeySpec) - { - try - { - return JDKKeyFactory.createPublicKeyFromDERStream( - ((X509EncodedKeySpec)keySpec).getEncoded()); - } - catch (Exception e) - { - throw new InvalidKeySpecException(e.toString()); - } - } - else if (keySpec instanceof DSAPublicKeySpec) - { - return new JDKDSAPublicKey((DSAPublicKeySpec)keySpec); - } - - throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName()); - } - } - - public static class GOST3410 - extends JDKKeyFactory - { - public GOST3410() - { - } - - protected PrivateKey engineGeneratePrivate( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof PKCS8EncodedKeySpec) - { - try - { - return JDKKeyFactory.createPrivateKeyFromDERStream( - ((PKCS8EncodedKeySpec)keySpec).getEncoded()); - } - catch (Exception e) - { - throw new InvalidKeySpecException(e.toString()); - } - } - // BEGIN android-removed - // else if (keySpec instanceof GOST3410PrivateKeySpec) - // { - // return new JDKGOST3410PrivateKey((GOST3410PrivateKeySpec)keySpec); - // } - // END android-removed - - throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName()); - } - - protected PublicKey engineGeneratePublic( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof X509EncodedKeySpec) - { - try - { - return JDKKeyFactory.createPublicKeyFromDERStream( - ((X509EncodedKeySpec)keySpec).getEncoded()); - } - catch (Exception e) - { - throw new InvalidKeySpecException(e.toString()); - } - } - // BEGIN android-removed - // else if (keySpec instanceof GOST3410PublicKeySpec) - // { - // return new JDKGOST3410PublicKey((GOST3410PublicKeySpec)keySpec); - // } - // END android-removed - - throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName()); - } - } - - public static class ElGamal - extends JDKKeyFactory - { - public ElGamal() - { - elGamalFactory = true; - } - - protected PrivateKey engineGeneratePrivate( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof PKCS8EncodedKeySpec) - { - try - { - return JDKKeyFactory.createPrivateKeyFromDERStream( - ((PKCS8EncodedKeySpec)keySpec).getEncoded()); - } - catch (Exception e) - { - throw new InvalidKeySpecException(e.toString()); - } - } - // BEGIN android-removed - // else if (keySpec instanceof ElGamalPrivateKeySpec) - // { - // return new JCEElGamalPrivateKey((ElGamalPrivateKeySpec)keySpec); - // } - // else if (keySpec instanceof DHPrivateKeySpec) - // { - // return new JCEElGamalPrivateKey((DHPrivateKeySpec)keySpec); - // } - // END android-removed - - throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName()); - } - - protected PublicKey engineGeneratePublic( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof X509EncodedKeySpec) - { - try - { - return JDKKeyFactory.createPublicKeyFromDERStream( - ((X509EncodedKeySpec)keySpec).getEncoded()); - } - catch (Exception e) - { - throw new InvalidKeySpecException(e.toString()); - } - } - // BEGIN android-removed - // else if (keySpec instanceof ElGamalPublicKeySpec) - // { - // return new JCEElGamalPublicKey((ElGamalPublicKeySpec)keySpec); - // } - // else if (keySpec instanceof DHPublicKeySpec) - // { - // return new JCEElGamalPublicKey((DHPublicKeySpec)keySpec); - // } - // END android-removed - - throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName()); - } - } - - - /** - * This isn't really correct, however the class path project API seems to think such - * a key factory will exist. - */ - public static class X509 - extends JDKKeyFactory - { - public X509() - { - } - - protected PrivateKey engineGeneratePrivate( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof PKCS8EncodedKeySpec) - { - try - { - return JDKKeyFactory.createPrivateKeyFromDERStream( - ((PKCS8EncodedKeySpec)keySpec).getEncoded()); - } - catch (Exception e) - { - throw new InvalidKeySpecException(e.toString()); - } - } - - throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName()); - } - - protected PublicKey engineGeneratePublic( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof X509EncodedKeySpec) - { - try - { - return JDKKeyFactory.createPublicKeyFromDERStream( - ((X509EncodedKeySpec)keySpec).getEncoded()); - } - catch (Exception e) - { - throw new InvalidKeySpecException(e.toString()); - } - } - - throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName()); - } - } - - public static class EC - extends JDKKeyFactory - { - String algorithm; - - public EC() - { - this("EC"); - } - - public EC( - String algorithm) - { - this.algorithm = algorithm; - } - - protected PrivateKey engineGeneratePrivate( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof PKCS8EncodedKeySpec) - { - try - { - return JDKKeyFactory.createPrivateKeyFromDERStream( - ((PKCS8EncodedKeySpec)keySpec).getEncoded()); - } - catch (Exception e) - { - throw new InvalidKeySpecException(e.toString()); - } - } - // BEGIN android-removed - // else if (keySpec instanceof ECPrivateKeySpec) - // { - // return new JCEECPrivateKey(algorithm, (ECPrivateKeySpec)keySpec); - // } - // else if (keySpec instanceof java.security.spec.ECPrivateKeySpec) - // { - // return new JCEECPrivateKey(algorithm, (java.security.spec.ECPrivateKeySpec)keySpec); - // } - // END android-removed - - throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName()); - } - - protected PublicKey engineGeneratePublic( - KeySpec keySpec) - throws InvalidKeySpecException - { - if (keySpec instanceof X509EncodedKeySpec) - { - try - { - return JDKKeyFactory.createPublicKeyFromDERStream( - ((X509EncodedKeySpec)keySpec).getEncoded()); - } - catch (Exception e) - { - throw new InvalidKeySpecException(e.toString()); - } - } - // BEGIN android-removed - // else if (keySpec instanceof ECPublicKeySpec) - // { - // return new JCEECPublicKey(algorithm, (ECPublicKeySpec)keySpec); - // } - // else if (keySpec instanceof java.security.spec.ECPublicKeySpec) - // { - // return new JCEECPublicKey(algorithm, (java.security.spec.ECPublicKeySpec)keySpec); - // } - // END android-removed - - throw new InvalidKeySpecException("Unknown KeySpec type: " + keySpec.getClass().getName()); - } - } - - public static class ECDSA - extends EC - { - public ECDSA() - { - super("ECDSA"); - } - } - - public static class ECGOST3410 - extends EC - { - public ECGOST3410() - { - super("ECGOST3410"); - } - } - - public static class ECDH - extends EC - { - public ECDH() - { - super("ECDH"); - } - } - - public static class ECDHC - extends EC - { - public ECDHC() - { - super("ECDHC"); - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java b/luni/src/main/java/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java deleted file mode 100644 index 24233d6..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java +++ /dev/null @@ -1,621 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.math.BigInteger; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidParameterException; -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.DSAParameterSpec; -import java.security.spec.ECField; -import java.security.spec.ECFieldF2m; -import java.security.spec.ECFieldFp; -import java.security.spec.ECGenParameterSpec; -import java.security.spec.RSAKeyGenParameterSpec; -import java.util.Hashtable; - -import javax.crypto.spec.DHParameterSpec; - -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -// BEGIN android-removed -// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves; -// import org.bouncycastle.asn1.nist.NISTNamedCurves; -// import org.bouncycastle.asn1.sec.SECNamedCurves; -// import org.bouncycastle.asn1.x9.X962NamedCurves; -// import org.bouncycastle.asn1.x9.X9ECParameters; -// END android-removed -import org.bouncycastle.crypto.AsymmetricCipherKeyPair; -import org.bouncycastle.crypto.generators.DHBasicKeyPairGenerator; -import org.bouncycastle.crypto.generators.DHParametersGenerator; -import org.bouncycastle.crypto.generators.DSAKeyPairGenerator; -import org.bouncycastle.crypto.generators.DSAParametersGenerator; -// BEGIN android-removed -// import org.bouncycastle.crypto.generators.ECKeyPairGenerator; -// import org.bouncycastle.crypto.generators.ElGamalKeyPairGenerator; -// import org.bouncycastle.crypto.generators.ElGamalParametersGenerator; -// import org.bouncycastle.crypto.generators.GOST3410KeyPairGenerator; -// END android-removed -import org.bouncycastle.crypto.generators.RSAKeyPairGenerator; -import org.bouncycastle.crypto.params.*; -// BEGIN android-removed -// import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec; -// import org.bouncycastle.jce.spec.ECNamedCurveSpec; -// import org.bouncycastle.jce.spec.ECParameterSpec; -// import org.bouncycastle.jce.spec.ElGamalParameterSpec; -// import org.bouncycastle.jce.spec.GOST3410ParameterSpec; -// import org.bouncycastle.jce.spec.GOST3410PublicKeyParameterSetSpec; -// import org.bouncycastle.math.ec.ECCurve; -// import org.bouncycastle.math.ec.ECFieldElement; -// import org.bouncycastle.math.ec.ECPoint; -// END android-removed - -public abstract class JDKKeyPairGenerator - extends KeyPairGenerator -{ - public JDKKeyPairGenerator( - String algorithmName) - { - super(algorithmName); - } - - public abstract void initialize(int strength, SecureRandom random); - - public abstract KeyPair generateKeyPair(); - - public static class RSA - extends JDKKeyPairGenerator - { - final static BigInteger defaultPublicExponent = BigInteger.valueOf(0x10001); - final static int defaultTests = 8; - - RSAKeyGenerationParameters param; - RSAKeyPairGenerator engine; - - public RSA() - { - super("RSA"); - - engine = new RSAKeyPairGenerator(); - param = new RSAKeyGenerationParameters(defaultPublicExponent, - new SecureRandom(), 2048, defaultTests); - engine.init(param); - } - - public void initialize( - int strength, - SecureRandom random) - { - param = new RSAKeyGenerationParameters(defaultPublicExponent, - random, strength, defaultTests); - - engine.init(param); - } - - public void initialize( - AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - if (!(params instanceof RSAKeyGenParameterSpec)) - { - throw new InvalidAlgorithmParameterException("parameter object not a RSAKeyGenParameterSpec"); - } - RSAKeyGenParameterSpec rsaParams = (RSAKeyGenParameterSpec)params; - - param = new RSAKeyGenerationParameters( - rsaParams.getPublicExponent(), - random, rsaParams.getKeysize(), defaultTests); - - engine.init(param); - } - - public KeyPair generateKeyPair() - { - AsymmetricCipherKeyPair pair = engine.generateKeyPair(); - RSAKeyParameters pub = (RSAKeyParameters)pair.getPublic(); - RSAPrivateCrtKeyParameters priv = (RSAPrivateCrtKeyParameters)pair.getPrivate(); - - return new KeyPair(new JCERSAPublicKey(pub), - new JCERSAPrivateCrtKey(priv)); - } - } - - public static class DH - extends JDKKeyPairGenerator - { - DHKeyGenerationParameters param; - DHBasicKeyPairGenerator engine = new DHBasicKeyPairGenerator(); - int strength = 1024; - int certainty = 20; - SecureRandom random = new SecureRandom(); - boolean initialised = false; - - public DH() - { - super("DH"); - } - - public void initialize( - int strength, - SecureRandom random) - { - this.strength = strength; - this.random = random; - } - - public void initialize( - AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - if (!(params instanceof DHParameterSpec)) - { - throw new InvalidAlgorithmParameterException("parameter object not a DHParameterSpec"); - } - DHParameterSpec dhParams = (DHParameterSpec)params; - - param = new DHKeyGenerationParameters(random, new DHParameters(dhParams.getP(), dhParams.getG())); - - engine.init(param); - initialised = true; - } - - public KeyPair generateKeyPair() - { - if (!initialised) - { - DHParametersGenerator pGen = new DHParametersGenerator(); - - pGen.init(strength, certainty, random); - param = new DHKeyGenerationParameters(random, pGen.generateParameters()); - engine.init(param); - initialised = true; - } - - AsymmetricCipherKeyPair pair = engine.generateKeyPair(); - DHPublicKeyParameters pub = (DHPublicKeyParameters)pair.getPublic(); - DHPrivateKeyParameters priv = (DHPrivateKeyParameters)pair.getPrivate(); - - return new KeyPair(new JCEDHPublicKey(pub), - new JCEDHPrivateKey(priv)); - } - } - - public static class DSA - extends JDKKeyPairGenerator - { - DSAKeyGenerationParameters param; - DSAKeyPairGenerator engine = new DSAKeyPairGenerator(); - int strength = 1024; - int certainty = 20; - SecureRandom random = new SecureRandom(); - boolean initialised = false; - - public DSA() - { - super("DSA"); - } - - public void initialize( - int strength, - SecureRandom random) - { - this.strength = strength; - this.random = random; - } - - public void initialize( - AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidAlgorithmParameterException - { - if (!(params instanceof DSAParameterSpec)) - { - throw new InvalidAlgorithmParameterException("parameter object not a DSAParameterSpec"); - } - DSAParameterSpec dsaParams = (DSAParameterSpec)params; - - param = new DSAKeyGenerationParameters(random, new DSAParameters(dsaParams.getP(), dsaParams.getQ(), dsaParams.getG())); - - engine.init(param); - initialised = true; - } - - public KeyPair generateKeyPair() - { - if (!initialised) - { - DSAParametersGenerator pGen = new DSAParametersGenerator(); - - pGen.init(strength, certainty, random); - param = new DSAKeyGenerationParameters(random, pGen.generateParameters()); - engine.init(param); - initialised = true; - } - - AsymmetricCipherKeyPair pair = engine.generateKeyPair(); - DSAPublicKeyParameters pub = (DSAPublicKeyParameters)pair.getPublic(); - DSAPrivateKeyParameters priv = (DSAPrivateKeyParameters)pair.getPrivate(); - - return new KeyPair(new JDKDSAPublicKey(pub), - new JDKDSAPrivateKey(priv)); - } - } - -// BEGIN android-removed -// public static class ElGamal -// extends JDKKeyPairGenerator -// { -// ElGamalKeyGenerationParameters param; -// ElGamalKeyPairGenerator engine = new ElGamalKeyPairGenerator(); -// int strength = 1024; -// int certainty = 20; -// SecureRandom random = new SecureRandom(); -// boolean initialised = false; -// -// public ElGamal() -// { -// super("ElGamal"); -// } -// -// public void initialize( -// int strength, -// SecureRandom random) -// { -// this.strength = strength; -// this.random = random; -// } -// -// public void initialize( -// AlgorithmParameterSpec params, -// SecureRandom random) -// throws InvalidAlgorithmParameterException -// { -// if (!(params instanceof ElGamalParameterSpec) && !(params instanceof DHParameterSpec)) -// { -// throw new InvalidAlgorithmParameterException("parameter object not a DHParameterSpec or an ElGamalParameterSpec"); -// } -// -// if (params instanceof ElGamalParameterSpec) -// { -// ElGamalParameterSpec elParams = (ElGamalParameterSpec)params; -// -// param = new ElGamalKeyGenerationParameters(random, new ElGamalParameters(elParams.getP(), elParams.getG())); -// } -// else -// { -// DHParameterSpec dhParams = (DHParameterSpec)params; -// -// param = new ElGamalKeyGenerationParameters(random, new ElGamalParameters(dhParams.getP(), dhParams.getG())); -// } -// -// engine.init(param); -// initialised = true; -// } -// -// public KeyPair generateKeyPair() -// { -// if (!initialised) -// { -// ElGamalParametersGenerator pGen = new ElGamalParametersGenerator(); -// -// pGen.init(strength, certainty, random); -// param = new ElGamalKeyGenerationParameters(random, pGen.generateParameters()); -// engine.init(param); -// initialised = true; -// } -// -// AsymmetricCipherKeyPair pair = engine.generateKeyPair(); -// ElGamalPublicKeyParameters pub = (ElGamalPublicKeyParameters)pair.getPublic(); -// ElGamalPrivateKeyParameters priv = (ElGamalPrivateKeyParameters)pair.getPrivate(); -// -// return new KeyPair(new JCEElGamalPublicKey(pub), -// new JCEElGamalPrivateKey(priv)); -// } -// } -// -// public static class GOST3410 -// extends JDKKeyPairGenerator -// { -// GOST3410KeyGenerationParameters param; -// GOST3410KeyPairGenerator engine = new GOST3410KeyPairGenerator(); -// GOST3410ParameterSpec gost3410Params; -// int strength = 1024; -// SecureRandom random = null; -// boolean initialised = false; -// -// public GOST3410() -// { -// super("GOST3410"); -// } -// -// public void initialize( -// int strength, -// SecureRandom random) -// { -// this.strength = strength; -// this.random = random; -// } -// -// private void init( -// GOST3410ParameterSpec gParams, -// SecureRandom random) -// { -// GOST3410PublicKeyParameterSetSpec spec = gParams.getPublicKeyParameters(); -// -// param = new GOST3410KeyGenerationParameters(random, new GOST3410Parameters(spec.getP(), spec.getQ(), spec.getA())); -// -// engine.init(param); -// -// initialised = true; -// gost3410Params = gParams; -// } -// -// public void initialize( -// AlgorithmParameterSpec params, -// SecureRandom random) -// throws InvalidAlgorithmParameterException -// { -// if (!(params instanceof GOST3410ParameterSpec)) -// { -// throw new InvalidAlgorithmParameterException("parameter object not a GOST3410ParameterSpec"); -// } -// -// init((GOST3410ParameterSpec)params, random); -// } -// -// public KeyPair generateKeyPair() -// { -// if (!initialised) -// { -// init(new GOST3410ParameterSpec(CryptoProObjectIdentifiers.gostR3410_94_CryptoPro_A.getId()), new SecureRandom()); -// } -// -// AsymmetricCipherKeyPair pair = engine.generateKeyPair(); -// GOST3410PublicKeyParameters pub = (GOST3410PublicKeyParameters)pair.getPublic(); -// GOST3410PrivateKeyParameters priv = (GOST3410PrivateKeyParameters)pair.getPrivate(); -// -// return new KeyPair(new JDKGOST3410PublicKey(pub, gost3410Params), new JDKGOST3410PrivateKey(priv, gost3410Params)); -// } -// } -// -// public static class EC -// extends JDKKeyPairGenerator -// { -// ECKeyGenerationParameters param; -// ECKeyPairGenerator engine = new ECKeyPairGenerator(); -// Object ecParams = null; -// int strength = 239; -// int certainty = 50; -// SecureRandom random = new SecureRandom(); -// boolean initialised = false; -// String algorithm; -// -// static private Hashtable ecParameters; -// -// static { -// ecParameters = new Hashtable(); -// -// ecParameters.put(Integer.valueOf(192), new ECGenParameterSpec("prime192v1")); -// ecParameters.put(Integer.valueOf(239), new ECGenParameterSpec("prime239v1")); -// ecParameters.put(Integer.valueOf(256), new ECGenParameterSpec("prime256v1")); -// } -// -// public EC() -// { -// super("EC"); -// this.algorithm = "EC"; -// } -// -// public EC( -// String algorithm) -// { -// super(algorithm); -// this.algorithm = algorithm; -// } -// -// public void initialize( -// int strength, -// SecureRandom random) -// { -// this.strength = strength; -// this.random = random; -// this.ecParams = (ECGenParameterSpec)ecParameters.get(Integer.valueOf(strength)); -// -// if (ecParams != null) -// { -// try -// { -// initialize((ECGenParameterSpec)ecParams, random); -// } -// catch (InvalidAlgorithmParameterException e) -// { -// throw new InvalidParameterException("key size not configurable."); -// } -// } -// else -// { -// throw new InvalidParameterException("unknown key size."); -// } -// } -// -// public void initialize( -// AlgorithmParameterSpec params, -// SecureRandom random) -// throws InvalidAlgorithmParameterException -// { -// if (params instanceof ECParameterSpec) -// { -// ECParameterSpec p = (ECParameterSpec)params; -// this.ecParams = params; -// -// param = new ECKeyGenerationParameters(new ECDomainParameters(p.getCurve(), p.getG(), p.getN()), random); -// -// engine.init(param); -// initialised = true; -// } -// else if (params instanceof java.security.spec.ECParameterSpec) -// { -// java.security.spec.ECParameterSpec p = (java.security.spec.ECParameterSpec)params; -// this.ecParams = params; -// -// ECCurve curve; -// ECPoint g; -// ECField field = p.getCurve().getField(); -// -// if (field instanceof ECFieldFp) -// { -// curve = new ECCurve.Fp(((ECFieldFp)p.getCurve().getField()).getP(), p.getCurve().getA(), p.getCurve().getB()); -// g = new ECPoint.Fp(curve, new ECFieldElement.Fp(((ECCurve.Fp)curve).getQ(), p.getGenerator().getAffineX()), new ECFieldElement.Fp(((ECCurve.Fp)curve).getQ(), p.getGenerator().getAffineY())); -// } -// else -// { -// ECFieldF2m fieldF2m = (ECFieldF2m)field; -// int m = fieldF2m.getM(); -// int ks[] = ECUtil.convertMidTerms(fieldF2m.getMidTermsOfReductionPolynomial()); -// curve = new ECCurve.F2m(m, ks[0], ks[1], ks[2], p.getCurve().getA(), p.getCurve().getB()); -// g = new ECPoint.F2m(curve, new ECFieldElement.F2m(m, ks[0], ks[1], ks[2], p.getGenerator().getAffineX()), new ECFieldElement.F2m(m, ks[0], ks[1], ks[2], p.getGenerator().getAffineY()), false); -// } -// param = new ECKeyGenerationParameters(new ECDomainParameters(curve, g, p.getOrder(), BigInteger.valueOf(p.getCofactor())), random); -// -// engine.init(param); -// initialised = true; -// } -// else if (params instanceof ECGenParameterSpec) -// { -// if (this.algorithm.equals("ECGOST3410")) -// { -// ECDomainParameters ecP = ECGOST3410NamedCurves.getByName(((ECGenParameterSpec)params).getName()); -// if (ecP == null) -// { -// throw new InvalidAlgorithmParameterException("unknown curve name: " + ((ECGenParameterSpec)params).getName()); -// } -// -// this.ecParams = new ECNamedCurveParameterSpec( -// ((ECGenParameterSpec)params).getName(), -// ecP.getCurve(), -// ecP.getG(), -// ecP.getN(), -// ecP.getH(), -// ecP.getSeed()); -// } -// else -// { -// X9ECParameters ecP = X962NamedCurves.getByName(((ECGenParameterSpec)params).getName()); -// if (ecP == null) -// { -// ecP = SECNamedCurves.getByName(((ECGenParameterSpec)params).getName()); -// if (ecP == null) -// { -// ecP = NISTNamedCurves.getByName(((ECGenParameterSpec)params).getName()); -// } -// if (ecP == null) -// { -// throw new InvalidAlgorithmParameterException("unknown curve name: " + ((ECGenParameterSpec)params).getName()); -// } -// } -// -// this.ecParams = new ECNamedCurveSpec( -// ((ECGenParameterSpec)params).getName(), -// ecP.getCurve(), -// ecP.getG(), -// ecP.getN(), -// ecP.getH(), -// ecP.getSeed()); -// } -// -// java.security.spec.ECParameterSpec p = (java.security.spec.ECParameterSpec)ecParams; -// ECCurve curve; -// ECPoint g; -// ECField field = p.getCurve().getField(); -// -// if (field instanceof ECFieldFp) -// { -// curve = new ECCurve.Fp(((ECFieldFp)p.getCurve().getField()).getP(), p.getCurve().getA(), p.getCurve().getB()); -// g = new ECPoint.Fp(curve, new ECFieldElement.Fp(((ECCurve.Fp)curve).getQ(), p.getGenerator().getAffineX()), new ECFieldElement.Fp(((ECCurve.Fp)curve).getQ(), p.getGenerator().getAffineY())); -// } -// else -// { -// ECFieldF2m fieldF2m = (ECFieldF2m)field; -// int m = fieldF2m.getM(); -// int ks[] = ECUtil.convertMidTerms(fieldF2m.getMidTermsOfReductionPolynomial()); -// curve = new ECCurve.F2m(m, ks[0], ks[1], ks[2], p.getCurve().getA(), p.getCurve().getB()); -// g = new ECPoint.F2m(curve, new ECFieldElement.F2m(m, ks[0], ks[1], ks[2], p.getGenerator().getAffineX()), new ECFieldElement.F2m(m, ks[0], ks[1], ks[2], p.getGenerator().getAffineY()), false); -// } -// -// param = new ECKeyGenerationParameters(new ECDomainParameters(curve, g, p.getOrder(), BigInteger.valueOf(p.getCofactor())), random); -// -// engine.init(param); -// initialised = true; -// } -// else -// { -// throw new InvalidAlgorithmParameterException("parameter object not a ECParameterSpec"); -// } -// } -// -// public KeyPair generateKeyPair() -// { -// if (!initialised) -// { -// throw new IllegalStateException("EC Key Pair Generator not initialised"); -// } -// -// AsymmetricCipherKeyPair pair = engine.generateKeyPair(); -// ECPublicKeyParameters pub = (ECPublicKeyParameters)pair.getPublic(); -// ECPrivateKeyParameters priv = (ECPrivateKeyParameters)pair.getPrivate(); -// -// if (ecParams instanceof ECParameterSpec) -// { -// ECParameterSpec p = (ECParameterSpec)ecParams; -// -// return new KeyPair(new JCEECPublicKey(algorithm, pub, p), -// new JCEECPrivateKey(algorithm, priv, p)); -// } -// else -// { -// java.security.spec.ECParameterSpec p = (java.security.spec.ECParameterSpec)ecParams; -// -// return new KeyPair(new JCEECPublicKey(algorithm, pub, p), new JCEECPrivateKey(algorithm, priv, p)); -// } -// } -// } -// -// public static class ECDSA -// extends EC -// { -// public ECDSA() -// { -// super("ECDSA"); -// } -// } -// -// public static class ECGOST3410 -// extends EC -// { -// public ECGOST3410() -// { -// super("ECGOST3410"); -// } -// } -// -// public static class ECDH -// extends EC -// { -// public ECDH() -// { -// super("ECDH"); -// } -// } -// -// public static class ECDHC -// extends EC -// { -// public ECDHC() -// { -// super("ECDHC"); -// } -// } -// END android-removed -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/JDKKeyStore.java b/luni/src/main/java/org/bouncycastle/jce/provider/JDKKeyStore.java deleted file mode 100644 index 0b1002a..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/JDKKeyStore.java +++ /dev/null @@ -1,1068 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.DataInputStream; -import java.io.DataOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.security.*; -import java.security.cert.Certificate; -import java.security.cert.CertificateEncodingException; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.security.spec.KeySpec; -import java.security.spec.PKCS8EncodedKeySpec; -import java.security.spec.X509EncodedKeySpec; -import java.util.Date; -import java.util.Enumeration; -import java.util.Hashtable; - -import javax.crypto.Cipher; -import javax.crypto.CipherInputStream; -import javax.crypto.CipherOutputStream; -import javax.crypto.SecretKeyFactory; -import javax.crypto.spec.PBEKeySpec; -import javax.crypto.spec.PBEParameterSpec; -import javax.crypto.spec.SecretKeySpec; - -// BEGIN android-added -import org.apache.harmony.xnet.provider.jsse.OpenSSLMessageDigest; - -// END android-added -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.PBEParametersGenerator; -// BEGIN android-removed -// import org.bouncycastle.crypto.digests.SHA1Digest; -// END android-removed -import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator; -import org.bouncycastle.crypto.io.DigestInputStream; -import org.bouncycastle.crypto.io.DigestOutputStream; -import org.bouncycastle.crypto.io.MacInputStream; -import org.bouncycastle.crypto.io.MacOutputStream; -import org.bouncycastle.crypto.macs.HMac; -import org.bouncycastle.jce.interfaces.BCKeyStore; - -public class JDKKeyStore - extends KeyStoreSpi - implements BCKeyStore -{ - private static final int STORE_VERSION = 1; - - private static final int STORE_SALT_SIZE = 20; - private static final String STORE_CIPHER = "PBEWithSHAAndTwofish-CBC"; - - private static final int KEY_SALT_SIZE = 20; - private static final int MIN_ITERATIONS = 1024; - - private static final String KEY_CIPHER = "PBEWithSHAAnd3-KeyTripleDES-CBC"; - - // - // generic object types - // - static final int NULL = 0; - static final int CERTIFICATE = 1; - static final int KEY = 2; - static final int SECRET = 3; - static final int SEALED = 4; - - // - // key types - // - static final int KEY_PRIVATE = 0; - static final int KEY_PUBLIC = 1; - static final int KEY_SECRET = 2; - - protected Hashtable table = new Hashtable(); - - protected SecureRandom random = new SecureRandom(); - - public JDKKeyStore() - { - } - - private class StoreEntry - { - int type; - String alias; - Object obj; - Certificate[] certChain; - Date date = new Date(); - - StoreEntry( - String alias, - Certificate obj) - { - this.type = CERTIFICATE; - this.alias = alias; - this.obj = obj; - this.certChain = null; - } - - StoreEntry( - String alias, - Key obj, - Certificate[] certChain) - { - this.type = KEY; - this.alias = alias; - this.obj = obj; - this.certChain = certChain; - } - - StoreEntry( - String alias, - byte[] obj, - Certificate[] certChain) - { - this.type = SECRET; - this.alias = alias; - this.obj = obj; - this.certChain = certChain; - } - - StoreEntry( - String alias, - Key key, - char[] password, - Certificate[] certChain) - throws Exception - { - this.type = SEALED; - this.alias = alias; - this.certChain = certChain; - - byte[] salt = new byte[KEY_SALT_SIZE]; - - random.setSeed(System.currentTimeMillis()); - random.nextBytes(salt); - - int iterationCount = MIN_ITERATIONS + (random.nextInt() & 0x3ff); - - - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DataOutputStream dOut = new DataOutputStream(bOut); - - dOut.writeInt(salt.length); - dOut.write(salt); - dOut.writeInt(iterationCount); - - Cipher cipher = makePBECipher(KEY_CIPHER, Cipher.ENCRYPT_MODE, password, salt, iterationCount); - CipherOutputStream cOut = new CipherOutputStream(dOut, cipher); - - dOut = new DataOutputStream(cOut); - - encodeKey(key, dOut); - - dOut.close(); - - obj = bOut.toByteArray(); - } - - StoreEntry( - String alias, - Date date, - int type, - Object obj) - { - this.alias = alias; - this.date = date; - this.type = type; - this.obj = obj; - } - - StoreEntry( - String alias, - Date date, - int type, - Object obj, - Certificate[] certChain) - { - this.alias = alias; - this.date = date; - this.type = type; - this.obj = obj; - this.certChain = certChain; - } - - int getType() - { - return type; - } - - String getAlias() - { - return alias; - } - - Object getObject() - { - return obj; - } - - Object getObject( - char[] password) - throws NoSuchAlgorithmException, UnrecoverableKeyException - { - if (password == null || password.length == 0) - { - if (obj instanceof Key) - { - return obj; - } - } - - if (type == SEALED) - { - ByteArrayInputStream bIn = new ByteArrayInputStream((byte[])obj); - DataInputStream dIn = new DataInputStream(bIn); - - try - { - byte[] salt = new byte[dIn.readInt()]; - - dIn.readFully(salt); - - int iterationCount = dIn.readInt(); - - Cipher cipher = makePBECipher(KEY_CIPHER, Cipher.DECRYPT_MODE, password, salt, iterationCount); - - CipherInputStream cIn = new CipherInputStream(dIn, cipher); - - try - { - return decodeKey(new DataInputStream(cIn)); - } - catch (Exception x) - { - bIn = new ByteArrayInputStream((byte[])obj); - dIn = new DataInputStream(bIn); - - salt = new byte[dIn.readInt()]; - - dIn.readFully(salt); - - iterationCount = dIn.readInt(); - - cipher = makePBECipher("Broken" + KEY_CIPHER, Cipher.DECRYPT_MODE, password, salt, iterationCount); - - cIn = new CipherInputStream(dIn, cipher); - - Key k = null; - - try - { - k = decodeKey(new DataInputStream(cIn)); - } - catch (Exception y) - { - bIn = new ByteArrayInputStream((byte[])obj); - dIn = new DataInputStream(bIn); - - salt = new byte[dIn.readInt()]; - - dIn.readFully(salt); - - iterationCount = dIn.readInt(); - - cipher = makePBECipher("Old" + KEY_CIPHER, Cipher.DECRYPT_MODE, password, salt, iterationCount); - - cIn = new CipherInputStream(dIn, cipher); - - k = decodeKey(new DataInputStream(cIn)); - } - - // - // reencrypt key with correct cipher. - // - if (k != null) - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DataOutputStream dOut = new DataOutputStream(bOut); - - dOut.writeInt(salt.length); - dOut.write(salt); - dOut.writeInt(iterationCount); - - Cipher out = makePBECipher(KEY_CIPHER, Cipher.ENCRYPT_MODE, password, salt, iterationCount); - CipherOutputStream cOut = new CipherOutputStream(dOut, out); - - dOut = new DataOutputStream(cOut); - - encodeKey(k, dOut); - - dOut.close(); - - obj = bOut.toByteArray(); - - return k; - } - else - { - throw new UnrecoverableKeyException("no match"); - } - } - } - catch (Exception e) - { - throw new UnrecoverableKeyException("no match"); - } - } - else - { - throw new RuntimeException("forget something!"); - // TODO - // if we get to here key was saved as byte data, which - // according to the docs means it must be a private key - // in EncryptedPrivateKeyInfo (PKCS8 format), later... - // - } - } - - Certificate[] getCertificateChain() - { - return certChain; - } - - Date getDate() - { - return date; - } - } - - private void encodeCertificate( - Certificate cert, - DataOutputStream dOut) - throws IOException - { - try - { - byte[] cEnc = cert.getEncoded(); - - dOut.writeUTF(cert.getType()); - dOut.writeInt(cEnc.length); - dOut.write(cEnc); - } - catch (CertificateEncodingException ex) - { - throw new IOException(ex.toString()); - } - } - - private Certificate decodeCertificate( - DataInputStream dIn) - throws IOException - { - String type = dIn.readUTF(); - byte[] cEnc = new byte[dIn.readInt()]; - - dIn.readFully(cEnc); - - try - { - CertificateFactory cFact = CertificateFactory.getInstance(type, "BC"); - ByteArrayInputStream bIn = new ByteArrayInputStream(cEnc); - - return cFact.generateCertificate(bIn); - } - catch (NoSuchProviderException ex) - { - throw new IOException(ex.toString()); - } - catch (CertificateException ex) - { - throw new IOException(ex.toString()); - } - } - - private void encodeKey( - Key key, - DataOutputStream dOut) - throws IOException - { - byte[] enc = key.getEncoded(); - - if (key instanceof PrivateKey) - { - dOut.write(KEY_PRIVATE); - } - else if (key instanceof PublicKey) - { - dOut.write(KEY_PUBLIC); - } - else - { - dOut.write(KEY_SECRET); - } - - dOut.writeUTF(key.getFormat()); - dOut.writeUTF(key.getAlgorithm()); - dOut.writeInt(enc.length); - dOut.write(enc); - } - - private Key decodeKey( - DataInputStream dIn) - throws IOException - { - int keyType = dIn.read(); - String format = dIn.readUTF(); - String algorithm = dIn.readUTF(); - byte[] enc = new byte[dIn.readInt()]; - KeySpec spec; - - dIn.readFully(enc); - - if (format.equals("PKCS#8") || format.equals("PKCS8")) - { - spec = new PKCS8EncodedKeySpec(enc); - } - else if (format.equals("X.509") || format.equals("X509")) - { - spec = new X509EncodedKeySpec(enc); - } - else if (format.equals("RAW")) - { - return new SecretKeySpec(enc, algorithm); - } - else - { - throw new IOException("Key format " + format + " not recognised!"); - } - - try - { - switch (keyType) - { - case KEY_PRIVATE: - return KeyFactory.getInstance(algorithm, "BC").generatePrivate(spec); - case KEY_PUBLIC: - return KeyFactory.getInstance(algorithm, "BC").generatePublic(spec); - case KEY_SECRET: - return SecretKeyFactory.getInstance(algorithm, "BC").generateSecret(spec); - default: - throw new IOException("Key type " + keyType + " not recognised!"); - } - } - catch (Exception e) - { - throw new IOException("Exception creating key: " + e.toString()); - } - } - - protected Cipher makePBECipher( - String algorithm, - int mode, - char[] password, - byte[] salt, - int iterationCount) - throws IOException - { - try - { - PBEKeySpec pbeSpec = new PBEKeySpec(password); - SecretKeyFactory keyFact = SecretKeyFactory.getInstance(algorithm, "BC"); - PBEParameterSpec defParams = new PBEParameterSpec(salt, iterationCount); - - Cipher cipher = Cipher.getInstance(algorithm, "BC"); - - cipher.init(mode, keyFact.generateSecret(pbeSpec), defParams); - - return cipher; - } - catch (Exception e) - { - throw new IOException("Error initialising store of key store: " + e); - } - } - - public void setRandom( - SecureRandom rand) - { - this.random = rand; - } - - public Enumeration engineAliases() - { - return table.keys(); - } - - public boolean engineContainsAlias( - String alias) - { - return (table.get(alias) != null); - } - - public void engineDeleteEntry( - String alias) - throws KeyStoreException - { - Object entry = table.get(alias); - - if (entry == null) - { - throw new KeyStoreException("no such entry as " + alias); - } - - table.remove(alias); - } - - public Certificate engineGetCertificate( - String alias) - { - StoreEntry entry = (StoreEntry)table.get(alias); - - if (entry != null) - { - if (entry.getType() == CERTIFICATE) - { - return (Certificate)entry.getObject(); - } - else - { - Certificate[] chain = entry.getCertificateChain(); - - if (chain != null) - { - return chain[0]; - } - } - } - - return null; - } - - public String engineGetCertificateAlias( - Certificate cert) - { - Enumeration e = table.elements(); - while (e.hasMoreElements()) - { - StoreEntry entry = (StoreEntry)e.nextElement(); - - if (entry.getObject() instanceof Certificate) - { - Certificate c = (Certificate)entry.getObject(); - - if (c.equals(cert)) - { - return entry.getAlias(); - } - } - else - { - Certificate[] chain = entry.getCertificateChain(); - - if (chain != null && chain[0].equals(cert)) - { - return entry.getAlias(); - } - } - } - - return null; - } - - public Certificate[] engineGetCertificateChain( - String alias) - { - StoreEntry entry = (StoreEntry)table.get(alias); - - if (entry != null) - { - return entry.getCertificateChain(); - } - - return null; - } - - public Date engineGetCreationDate(String alias) - { - StoreEntry entry = (StoreEntry)table.get(alias); - - if (entry != null) - { - return entry.getDate(); - } - - return null; - } - - public Key engineGetKey( - String alias, - char[] password) - throws NoSuchAlgorithmException, UnrecoverableKeyException - { - StoreEntry entry = (StoreEntry)table.get(alias); - - if (entry == null || entry.getType() == CERTIFICATE) - { - return null; - } - - return (Key)entry.getObject(password); - } - - public boolean engineIsCertificateEntry( - String alias) - { - StoreEntry entry = (StoreEntry)table.get(alias); - - if (entry != null && entry.getType() == CERTIFICATE) - { - return true; - } - - return false; - } - - public boolean engineIsKeyEntry( - String alias) - { - StoreEntry entry = (StoreEntry)table.get(alias); - - if (entry != null && entry.getType() != CERTIFICATE) - { - return true; - } - - return false; - } - - public void engineSetCertificateEntry( - String alias, - Certificate cert) - throws KeyStoreException - { - StoreEntry entry = (StoreEntry)table.get(alias); - - if (entry != null && entry.getType() != CERTIFICATE) - { - throw new KeyStoreException("key store already has an entry with alias " + alias); - } - - table.put(alias, new StoreEntry(alias, cert)); - } - - public void engineSetKeyEntry( - String alias, - byte[] key, - Certificate[] chain) - throws KeyStoreException - { - StoreEntry entry = (StoreEntry)table.get(alias); - - if (entry != null) - { - throw new KeyStoreException("key store already has an entry with alias " + alias); - } - - table.put(alias, new StoreEntry(alias, key, chain)); - } - - public void engineSetKeyEntry( - String alias, - Key key, - char[] password, - Certificate[] chain) - throws KeyStoreException - { - if ((key instanceof PrivateKey) && (chain == null)) - { - throw new KeyStoreException("no certificate chain for private key"); - } - - StoreEntry entry = (StoreEntry)table.get(alias); - - if (entry != null && entry.getType() == CERTIFICATE) - { - throw new KeyStoreException("key store already has an entry with alias " + alias); - } - - try - { - table.put(alias, new StoreEntry(alias, key, password, chain)); - } - catch (Exception e) - { - throw new KeyStoreException(e.toString()); - } - } - - public int engineSize() - { - return table.size(); - } - - protected boolean isSameAs( - byte[] one, - byte[] two) - { - if (one.length != two.length) - { - return false; - } - - for (int i = 0; i != one.length; i++) - { - if (one[i] != two[i]) - { - return false; - } - } - - return true; - } - - protected void loadStore( - InputStream in) - throws IOException - { - DataInputStream dIn = new DataInputStream(in); - int type = dIn.read(); - - while (type > NULL) - { - String alias = dIn.readUTF(); - Date date = new Date(dIn.readLong()); - int chainLength = dIn.readInt(); - Certificate[] chain = null; - - if (chainLength != 0) - { - chain = new Certificate[chainLength]; - - for (int i = 0; i != chainLength; i++) - { - chain[i] = decodeCertificate(dIn); - } - } - - switch (type) - { - case CERTIFICATE: - Certificate cert = decodeCertificate(dIn); - - table.put(alias, new StoreEntry(alias, date, CERTIFICATE, cert)); - break; - case KEY: - Key key = decodeKey(dIn); - table.put(alias, new StoreEntry(alias, date, KEY, key, chain)); - break; - case SECRET: - case SEALED: - byte[] b = new byte[dIn.readInt()]; - - dIn.readFully(b); - table.put(alias, new StoreEntry(alias, date, type, b, chain)); - break; - default: - throw new RuntimeException("Unknown object type in store."); - } - - type = dIn.read(); - } - } - - protected void saveStore( - OutputStream out) - throws IOException - { - Enumeration e = table.elements(); - DataOutputStream dOut = new DataOutputStream(out); - - while (e.hasMoreElements()) - { - StoreEntry entry = (StoreEntry)e.nextElement(); - - dOut.write(entry.getType()); - dOut.writeUTF(entry.getAlias()); - dOut.writeLong(entry.getDate().getTime()); - - Certificate[] chain = entry.getCertificateChain(); - if (chain == null) - { - dOut.writeInt(0); - } - else - { - dOut.writeInt(chain.length); - for (int i = 0; i != chain.length; i++) - { - encodeCertificate(chain[i], dOut); - } - } - - switch (entry.getType()) - { - case CERTIFICATE: - encodeCertificate((Certificate)entry.getObject(), dOut); - break; - case KEY: - encodeKey((Key)entry.getObject(), dOut); - break; - case SEALED: - case SECRET: - byte[] b = (byte[])entry.getObject(); - - dOut.writeInt(b.length); - dOut.write(b); - break; - default: - throw new RuntimeException("Unknown object type in store."); - } - } - - dOut.write(NULL); - } - - public void engineLoad( - InputStream stream, - char[] password) - throws IOException - { - table.clear(); - - if (stream == null) // just initialising - { - return; - } - - DataInputStream dIn = new DataInputStream(stream); - int version = dIn.readInt(); - - if (version != STORE_VERSION) - { - if (version != 0) - { - throw new IOException("Wrong version of key store."); - } - } - - byte[] salt = new byte[dIn.readInt()]; - - dIn.readFully(salt); - - int iterationCount = dIn.readInt(); - -// BEGIN android-removed -// HMac hMac = new HMac(new SHA1Digest()); -// MacInputStream mIn = new MacInputStream(dIn, hMac); -// PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new SHA1Digest()); -// END android-removed -// BEGIN android-added - HMac hMac = new HMac(OpenSSLMessageDigest.getInstance("SHA-1")); - MacInputStream mIn = new MacInputStream(dIn, hMac); - PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(OpenSSLMessageDigest.getInstance("SHA-1")); -// END android-added - byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password); - - pbeGen.init(passKey, salt, iterationCount); - - hMac.init(pbeGen.generateDerivedMacParameters(hMac.getMacSize())); - - for (int i = 0; i != passKey.length; i++) - { - passKey[i] = 0; - } - - loadStore(mIn); - - byte[] mac = new byte[hMac.getMacSize()]; - byte[] oldMac = new byte[hMac.getMacSize()]; - - hMac.doFinal(mac, 0); - - for (int i = 0; i != oldMac.length; i++) - { - oldMac[i] = (byte)dIn.read(); - } - - // - // we only do an integrity check if the password is provided. - // - if ((password != null && password.length != 0) && !isSameAs(mac, oldMac)) - { - table.clear(); - throw new IOException("KeyStore integrity check failed."); - } - } - - - public void engineStore(OutputStream stream, char[] password) - throws IOException - { - DataOutputStream dOut = new DataOutputStream(stream); - byte[] salt = new byte[STORE_SALT_SIZE]; - int iterationCount = MIN_ITERATIONS + (random.nextInt() & 0x3ff); - - random.nextBytes(salt); - - dOut.writeInt(STORE_VERSION); - dOut.writeInt(salt.length); - dOut.write(salt); - dOut.writeInt(iterationCount); - -// BEGIN android-removed -// HMac hMac = new HMac(new SHA1Digest()); -// MacOutputStream mOut = new MacOutputStream(dOut, hMac); -// PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new SHA1Digest()); -// END android-removed -// BEGIN android-added - HMac hMac = new HMac(OpenSSLMessageDigest.getInstance("SHA-1")); - MacOutputStream mOut = new MacOutputStream(dOut, hMac); - PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(OpenSSLMessageDigest.getInstance("SHA-1")); -// END android-added - byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password); - - pbeGen.init(passKey, salt, iterationCount); - - hMac.init(pbeGen.generateDerivedMacParameters(hMac.getMacSize())); - - for (int i = 0; i != passKey.length; i++) - { - passKey[i] = 0; - } - - saveStore(mOut); - - byte[] mac = new byte[hMac.getMacSize()]; - - hMac.doFinal(mac, 0); - - dOut.write(mac); - - dOut.close(); - } - - /** - * the BouncyCastle store. This wont work with the key tool as the - * store is stored encrypteed on disk, so the password is mandatory, - * however if you hard drive is in a bad part of town and you absolutely, - * positively, don't want nobody peeking at your things, this is the - * one to use, no problem! After all in a Bouncy Castle nothing can - * touch you. - * - * Also referred to by the alias UBER. - */ - public static class BouncyCastleStore - extends JDKKeyStore - { - public void engineLoad( - InputStream stream, - char[] password) - throws IOException - { - table.clear(); - - if (stream == null) // just initialising - { - return; - } - - Cipher cipher; - DataInputStream dIn = new DataInputStream(stream); - int version = dIn.readInt(); - - if (version != STORE_VERSION) - { - if (version != 0) - { - throw new IOException("Wrong version of key store."); - } - } - - byte[] salt = new byte[dIn.readInt()]; - - if (salt.length != STORE_SALT_SIZE) - { - throw new IOException("Key store corrupted."); - } - - dIn.readFully(salt); - - int iterationCount = dIn.readInt(); - - if ((iterationCount < 0) || (iterationCount > 4 * MIN_ITERATIONS)) - { - throw new IOException("Key store corrupted."); - } - - if (version == 0) - { - cipher = this.makePBECipher("Old" + STORE_CIPHER, Cipher.DECRYPT_MODE, password, salt, iterationCount); - } - else - { - cipher = this.makePBECipher(STORE_CIPHER, Cipher.DECRYPT_MODE, password, salt, iterationCount); - } - - CipherInputStream cIn = new CipherInputStream(dIn, cipher); - -// BEGIN android-removed -// DigestInputStream dgIn = new DigestInputStream(cIn, new SHA1Digest()); -// END android-removed -// BEGIN android-added - DigestInputStream dgIn = new DigestInputStream(cIn, OpenSSLMessageDigest.getInstance("SHA-1")); -// END android-added - - this.loadStore(dgIn); - - Digest dig = dgIn.getDigest(); - int digSize = dig.getDigestSize(); - byte[] hash = new byte[digSize]; - byte[] oldHash = new byte[digSize]; - - dig.doFinal(hash, 0); - - for (int i = 0; i != digSize; i++) - { - oldHash[i] = (byte)cIn.read(); - } - - if (!this.isSameAs(hash, oldHash)) - { - table.clear(); - throw new IOException("KeyStore integrity check failed."); - } - } - - - public void engineStore(OutputStream stream, char[] password) - throws IOException - { - Cipher cipher; - DataOutputStream dOut = new DataOutputStream(stream); - byte[] salt = new byte[STORE_SALT_SIZE]; - int iterationCount = MIN_ITERATIONS + (random.nextInt() & 0x3ff); - - random.nextBytes(salt); - - dOut.writeInt(STORE_VERSION); - dOut.writeInt(salt.length); - dOut.write(salt); - dOut.writeInt(iterationCount); - - cipher = this.makePBECipher(STORE_CIPHER, Cipher.ENCRYPT_MODE, password, salt, iterationCount); - - CipherOutputStream cOut = new CipherOutputStream(dOut, cipher); -// BEGIN android-removed -// DigestOutputStream dgOut = new DigestOutputStream(cOut, new SHA1Digest()); -// END android-removed -// BEGIN android-added - DigestOutputStream dgOut = new DigestOutputStream(cOut, OpenSSLMessageDigest.getInstance("SHA-1")); -//END android-added - this.saveStore(dgOut); - - Digest dig = dgOut.getDigest(); - byte[] hash = new byte[dig.getDigestSize()]; - - dig.doFinal(hash, 0); - - cOut.write(hash); - - cOut.close(); - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/JDKMessageDigest.java b/luni/src/main/java/org/bouncycastle/jce/provider/JDKMessageDigest.java deleted file mode 100644 index bc8f7dd..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/JDKMessageDigest.java +++ /dev/null @@ -1,340 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.MessageDigest; - -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.*; - -public class JDKMessageDigest - extends MessageDigest -{ - Digest digest; - - protected JDKMessageDigest( - Digest digest) - { - super(digest.getAlgorithmName()); - - this.digest = digest; - } - - public void engineReset() - { - digest.reset(); - } - - public void engineUpdate( - byte input) - { - digest.update(input); - } - - public void engineUpdate( - byte[] input, - int offset, - int len) - { - digest.update(input, offset, len); - } - - public byte[] engineDigest() - { - byte[] digestBytes = new byte[digest.getDigestSize()]; - - digest.doFinal(digestBytes, 0); - - return digestBytes; - } - - /** - * classes that extend directly off us. - */ - static public class SHA1 - extends JDKMessageDigest - implements Cloneable - { - public SHA1() - { - super(new SHA1Digest()); - } - - public Object clone() - throws CloneNotSupportedException - { - SHA1 d = (SHA1)super.clone(); - d.digest = new SHA1Digest((SHA1Digest)digest); - - return d; - } - } - - static public class SHA224 - extends JDKMessageDigest - implements Cloneable - { - public SHA224() - { - super(new SHA224Digest()); - } - - public Object clone() - throws CloneNotSupportedException - { - SHA224 d = (SHA224)super.clone(); - d.digest = new SHA224Digest((SHA224Digest)digest); - - return d; - } - } - - static public class SHA256 - extends JDKMessageDigest - implements Cloneable - { - public SHA256() - { - super(new SHA256Digest()); - } - - public Object clone() - throws CloneNotSupportedException - { - SHA256 d = (SHA256)super.clone(); - d.digest = new SHA256Digest((SHA256Digest)digest); - - return d; - } - } - - static public class SHA384 - extends JDKMessageDigest - implements Cloneable - { - public SHA384() - { - super(new SHA384Digest()); - } - - public Object clone() - throws CloneNotSupportedException - { - SHA384 d = (SHA384)super.clone(); - d.digest = new SHA384Digest((SHA384Digest)digest); - - return d; - } - } - - static public class SHA512 - extends JDKMessageDigest - implements Cloneable - { - public SHA512() - { - super(new SHA512Digest()); - } - - public Object clone() - throws CloneNotSupportedException - { - SHA512 d = (SHA512)super.clone(); - d.digest = new SHA512Digest((SHA512Digest)digest); - - return d; - } - } - -// BEGIN android-removed -// static public class MD2 -// extends JDKMessageDigest -// implements Cloneable -// { -// public MD2() -// { -// super(new MD2Digest()); -// } -// -// public Object clone() -// throws CloneNotSupportedException -// { -// MD2 d = (MD2)super.clone(); -// d.digest = new MD2Digest((MD2Digest)digest); -// -// return d; -// } -// } -// -// static public class MD4 -// extends JDKMessageDigest -// implements Cloneable -// { -// public MD4() -// { -// super(new MD4Digest()); -// } -// -// public Object clone() -// throws CloneNotSupportedException -// { -// MD4 d = (MD4)super.clone(); -// d.digest = new MD4Digest((MD4Digest)digest); -// -// return d; -// } -// } -// END android-removed - - static public class MD5 - extends JDKMessageDigest - implements Cloneable - { - public MD5() - { - super(new MD5Digest()); - } - - public Object clone() - throws CloneNotSupportedException - { - MD5 d = (MD5)super.clone(); - d.digest = new MD5Digest((MD5Digest)digest); - - return d; - } - } - -// BEGIN android-removed -// static public class RIPEMD128 -// extends JDKMessageDigest -// implements Cloneable -// { -// public RIPEMD128() -// { -// super(new RIPEMD128Digest()); -// } -// -// public Object clone() -// throws CloneNotSupportedException -// { -// RIPEMD128 d = (RIPEMD128)super.clone(); -// d.digest = new RIPEMD128Digest((RIPEMD128Digest)digest); -// -// return d; -// } -// } -// -// static public class RIPEMD160 -// extends JDKMessageDigest -// implements Cloneable -// { -// public RIPEMD160() -// { -// super(new RIPEMD160Digest()); -// } -// -// public Object clone() -// throws CloneNotSupportedException -// { -// RIPEMD160 d = (RIPEMD160)super.clone(); -// d.digest = new RIPEMD160Digest((RIPEMD160Digest)digest); -// -// return d; -// } -// } -// -// static public class RIPEMD256 -// extends JDKMessageDigest -// implements Cloneable -// { -// public RIPEMD256() -// { -// super(new RIPEMD256Digest()); -// } -// -// public Object clone() -// throws CloneNotSupportedException -// { -// RIPEMD256 d = (RIPEMD256)super.clone(); -// d.digest = new RIPEMD256Digest((RIPEMD256Digest)digest); -// -// return d; -// } -// } -// -// static public class RIPEMD320 -// extends JDKMessageDigest -// implements Cloneable -// { -// public RIPEMD320() -// { -// super(new RIPEMD320Digest()); -// } -// -// public Object clone() -// throws CloneNotSupportedException -// { -// RIPEMD320 d = (RIPEMD320)super.clone(); -// d.digest = new RIPEMD320Digest((RIPEMD320Digest)digest); -// -// return d; -// } -// } -// -// static public class Tiger -// extends JDKMessageDigest -// implements Cloneable -// { -// public Tiger() -// { -// super(new TigerDigest()); -// } -// -// public Object clone() -// throws CloneNotSupportedException -// { -// Tiger d = (Tiger)super.clone(); -// d.digest = new TigerDigest((TigerDigest)digest); -// -// return d; -// } -// } -// -// static public class GOST3411 -// extends JDKMessageDigest -// implements Cloneable -// { -// public GOST3411() -// { -// super(new GOST3411Digest()); -// } -// -// public Object clone() -// throws CloneNotSupportedException -// { -// GOST3411 d = (GOST3411)super.clone(); -// d.digest = new GOST3411Digest((GOST3411Digest)digest); -// -// return d; -// } -// } -// -// static public class Whirlpool -// extends JDKMessageDigest -// implements Cloneable -// { -// public Whirlpool() -// { -// super(new WhirlpoolDigest()); -// } -// -// public Object clone() -// throws CloneNotSupportedException -// { -// Whirlpool d = (Whirlpool)super.clone(); -// d.digest = new WhirlpoolDigest((WhirlpoolDigest)digest); -// -// return d; -// } -// } -// END android-removed -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java b/luni/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java deleted file mode 100644 index 3cf05b1..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java +++ /dev/null @@ -1,1513 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.BufferedInputStream; -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.security.Key; -import java.security.KeyStoreException; -import java.security.KeyStoreSpi; -import java.security.NoSuchAlgorithmException; -import java.security.Principal; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.UnrecoverableKeyException; -import java.security.cert.Certificate; -import java.security.cert.CertificateEncodingException; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; -import java.util.Date; -import java.util.Enumeration; -import java.util.Hashtable; -import java.util.Vector; - -import javax.crypto.Cipher; -import javax.crypto.Mac; -import javax.crypto.SecretKey; -import javax.crypto.SecretKeyFactory; -import javax.crypto.spec.PBEKeySpec; -import javax.crypto.spec.PBEParameterSpec; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.BERConstructedOctetString; -import org.bouncycastle.asn1.BEROutputStream; -import org.bouncycastle.asn1.DERBMPString; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DEROutputStream; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.pkcs.AuthenticatedSafe; -import org.bouncycastle.asn1.pkcs.CertBag; -import org.bouncycastle.asn1.pkcs.ContentInfo; -import org.bouncycastle.asn1.pkcs.EncryptedData; -import org.bouncycastle.asn1.pkcs.MacData; -import org.bouncycastle.asn1.pkcs.PKCS12PBEParams; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.Pfx; -import org.bouncycastle.asn1.pkcs.SafeBag; -import org.bouncycastle.asn1.util.ASN1Dump; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier; -import org.bouncycastle.asn1.x509.DigestInfo; -import org.bouncycastle.asn1.x509.SubjectKeyIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x509.X509Extensions; -import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; -import org.bouncycastle.jce.interfaces.BCKeyStore; -import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; -import org.bouncycastle.util.encoders.Hex; - -public class JDKPKCS12KeyStore - extends KeyStoreSpi - implements PKCSObjectIdentifiers, X509ObjectIdentifiers, BCKeyStore -{ - private static final int SALT_SIZE = 20; - private static final int MIN_ITERATIONS = 100; - - // - // SHA-1 and 3-key-triple DES. - // - private static final String KEY_ALGORITHM = "1.2.840.113549.1.12.1.3"; - - // - // SHA-1 and 40 bit RC2. - // - private static final String CERT_ALGORITHM = "1.2.840.113549.1.12.1.6"; - - private Hashtable keys = new Hashtable(); - private Hashtable localIds = new Hashtable(); - private Hashtable certs = new Hashtable(); - private Hashtable chainCerts = new Hashtable(); - private Hashtable keyCerts = new Hashtable(); - - // - // generic object types - // - static final int NULL = 0; - static final int CERTIFICATE = 1; - static final int KEY = 2; - static final int SECRET = 3; - static final int SEALED = 4; - - // - // key types - // - static final int KEY_PRIVATE = 0; - static final int KEY_PUBLIC = 1; - static final int KEY_SECRET = 2; - - protected SecureRandom random = new SecureRandom(); - - private CertificateFactory certFact = null; - - private class CertId - { - byte[] id; - - CertId( - PublicKey key) - { - this.id = createSubjectKeyId(key).getKeyIdentifier(); - } - - CertId( - byte[] id) - { - this.id = id; - } - - public int hashCode() - { - int hash = id[0] & 0xff; - - for (int i = 1; i != id.length - 4; i++) - { - hash ^= ((id[i] & 0xff) << 24) | ((id[i + 1] & 0xff) << 16) - | ((id[i + 2] & 0xff) << 8) | (id[i + 3] & 0xff); - } - - return hash; - } - - public boolean equals( - Object o) - { - if (!(o instanceof CertId)) - { - return false; - } - - CertId cId = (CertId)o; - - if (cId.id.length != id.length) - { - return false; - } - - for (int i = 0; i != id.length; i++) - { - if (cId.id[i] != id[i]) - { - return false; - } - } - - return true; - } - } - - public JDKPKCS12KeyStore( - String provider) - { - try - { - if (provider != null) - { - certFact = CertificateFactory.getInstance("X.509", provider); - } - else - { - certFact = CertificateFactory.getInstance("X.509"); - } - } - catch (Exception e) - { - throw new IllegalArgumentException("can't create cert factory - " + e.toString()); - } - } - - private SubjectKeyIdentifier createSubjectKeyId( - PublicKey pubKey) - { - try - { - SubjectPublicKeyInfo info = new SubjectPublicKeyInfo( - (ASN1Sequence)new ASN1InputStream(pubKey.getEncoded()).readObject()); - - return new SubjectKeyIdentifier(info); - } - catch (Exception e) - { - throw new RuntimeException("error creating key"); - } - } - - public void setRandom( - SecureRandom rand) - { - this.random = rand; - } - - public Enumeration engineAliases() - { - Hashtable tab = new Hashtable(); - - Enumeration e = certs.keys(); - while (e.hasMoreElements()) - { - tab.put(e.nextElement(), "cert"); - } - - e = keys.keys(); - while (e.hasMoreElements()) - { - String a = (String)e.nextElement(); - if (tab.get(a) == null) - { - tab.put(a, "key"); - } - } - - return tab.keys(); - } - - public boolean engineContainsAlias( - String alias) - { - return (certs.get(alias) != null || keys.get(alias) != null); - } - - /** - * this is quite complete - we should follow up on the chain, a bit - * tricky if a certificate appears in more than one chain... - */ - public void engineDeleteEntry( - String alias) - throws KeyStoreException - { - Key k = (Key)keys.remove(alias); - - Certificate c = (Certificate)certs.remove(alias); - - if (c != null) - { - chainCerts.remove(new CertId(c.getPublicKey())); - } - - if (k != null) - { - String id = (String)localIds.remove(alias); - if (id != null) - { - c = (Certificate)keyCerts.remove(id); - } - if (c != null) - { - chainCerts.remove(new CertId(c.getPublicKey())); - } - } - - if (c == null && k == null) - { - throw new KeyStoreException("no such entry as " + alias); - } - } - - /** - * simply return the cert for the private key - */ - public Certificate engineGetCertificate( - String alias) - { - if (alias == null) - { - throw new IllegalArgumentException("null alias passed to getCertificate."); - } - - Certificate c = (Certificate)certs.get(alias); - - // - // look up the key table - and try the local key id - // - if (c == null) - { - String id = (String)localIds.get(alias); - if (id != null) - { - c = (Certificate)keyCerts.get(id); - } - else - { - c = (Certificate)keyCerts.get(alias); - } - } - - return c; - } - - public String engineGetCertificateAlias( - Certificate cert) - { - Enumeration c = certs.elements(); - Enumeration k = certs.keys(); - - while (c.hasMoreElements()) - { - Certificate tc = (Certificate)c.nextElement(); - String ta = (String)k.nextElement(); - - if (tc.equals(cert)) - { - return ta; - } - } - - c = keyCerts.elements(); - k = keyCerts.keys(); - - while (c.hasMoreElements()) - { - Certificate tc = (Certificate)c.nextElement(); - String ta = (String)k.nextElement(); - - if (tc.equals(cert)) - { - return ta; - } - } - - return null; - } - - public Certificate[] engineGetCertificateChain( - String alias) - { - if (alias == null) - { - throw new IllegalArgumentException("null alias passed to getCertificateChain."); - } - - if (!engineIsKeyEntry(alias)) - { - return null; - } - - Certificate c = engineGetCertificate(alias); - - if (c != null) - { - Vector cs = new Vector(); - - while (c != null) - { - X509Certificate x509c = (X509Certificate)c; - Certificate nextC = null; - - byte[] bytes = x509c.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId()); - if (bytes != null) - { - try - { - ASN1InputStream aIn = new ASN1InputStream(bytes); - - byte[] authBytes = ((ASN1OctetString)aIn.readObject()).getOctets(); - aIn = new ASN1InputStream(authBytes); - - AuthorityKeyIdentifier id = new AuthorityKeyIdentifier((ASN1Sequence)aIn.readObject()); - if (id.getKeyIdentifier() != null) - { - nextC = (Certificate)chainCerts.get(new CertId(id.getKeyIdentifier())); - } - - } - catch (IOException e) - { - throw new RuntimeException(e.toString()); - } - } - - if (nextC == null) - { - // - // no authority key id, try the Issuer DN - // - Principal i = x509c.getIssuerDN(); - Principal s = x509c.getSubjectDN(); - - if (!i.equals(s)) - { - Enumeration e = chainCerts.keys(); - - while (e.hasMoreElements()) - { - X509Certificate crt = (X509Certificate)chainCerts.get(e.nextElement()); - Principal sub = crt.getSubjectDN(); - if (sub.equals(i)) - { - try - { - x509c.verify(crt.getPublicKey()); - nextC = crt; - break; - } - catch (Exception ex) - { - // continue - } - } - } - } - } - - cs.addElement(c); - if (nextC != c) // self signed - end of the chain - { - c = nextC; - } - else - { - c = null; - } - } - - Certificate[] certChain = new Certificate[cs.size()]; - - for (int i = 0; i != certChain.length; i++) - { - certChain[i] = (Certificate)cs.elementAt(i); - } - - return certChain; - } - - return null; - } - - public Date engineGetCreationDate(String alias) - { - return new Date(); - } - - public Key engineGetKey( - String alias, - char[] password) - throws NoSuchAlgorithmException, UnrecoverableKeyException - { - if (alias == null) - { - throw new IllegalArgumentException("null alias passed to getKey."); - } - - return (Key)keys.get(alias); - } - - public boolean engineIsCertificateEntry( - String alias) - { - return (certs.get(alias) != null && keys.get(alias) == null); - } - - public boolean engineIsKeyEntry( - String alias) - { - return (keys.get(alias) != null); - } - - public void engineSetCertificateEntry( - String alias, - Certificate cert) - throws KeyStoreException - { - if (certs.get(alias) != null) - { - throw new KeyStoreException("There is already a certificate with the name " + alias + "."); - } - - certs.put(alias, cert); - chainCerts.put(new CertId(cert.getPublicKey()), cert); - } - - public void engineSetKeyEntry( - String alias, - byte[] key, - Certificate[] chain) - throws KeyStoreException - { - throw new RuntimeException("operation not supported"); - } - - public void engineSetKeyEntry( - String alias, - Key key, - char[] password, - Certificate[] chain) - throws KeyStoreException - { - if ((key instanceof PrivateKey) && (chain == null)) - { - throw new KeyStoreException("no certificate chain for private key"); - } - - if (keys.get(alias) != null && !key.equals(keys.get(alias))) - { - throw new KeyStoreException("There is already a key with the name " + alias + "."); - } - - keys.put(alias, key); - certs.put(alias, chain[0]); - - for (int i = 0; i != chain.length; i++) - { - chainCerts.put(new CertId(chain[i].getPublicKey()), chain[i]); - } - } - - public int engineSize() - { - Hashtable tab = new Hashtable(); - - Enumeration e = certs.keys(); - while (e.hasMoreElements()) - { - tab.put(e.nextElement(), "cert"); - } - - e = keys.keys(); - while (e.hasMoreElements()) - { - String a = (String)e.nextElement(); - if (tab.get(a) == null) - { - tab.put(a, "key"); - } - } - - return tab.size(); - } - - protected PrivateKey unwrapKey( - AlgorithmIdentifier algId, - byte[] data, - char[] password, - boolean wrongPKCS12Zero) - throws IOException - { - String algorithm = algId.getObjectId().getId(); - PKCS12PBEParams pbeParams = new PKCS12PBEParams((ASN1Sequence)algId.getParameters()); - - PBEKeySpec pbeSpec = new PBEKeySpec(password); - PrivateKey out = null; - - try - { - SecretKeyFactory keyFact = SecretKeyFactory.getInstance( - algorithm, "BC"); - PBEParameterSpec defParams = new PBEParameterSpec( - pbeParams.getIV(), - pbeParams.getIterations().intValue()); - - SecretKey k = keyFact.generateSecret(pbeSpec); - - ((JCEPBEKey)k).setTryWrongPKCS12Zero(wrongPKCS12Zero); - - Cipher cipher = Cipher.getInstance(algorithm, "BC"); - - cipher.init(Cipher.UNWRAP_MODE, k, defParams); - - // we pass "" as the key algorithm type as it is unknown at this point - out = (PrivateKey)cipher.unwrap(data, "", Cipher.PRIVATE_KEY); - } - catch (Exception e) - { - throw new IOException("exception unwrapping private key - " + e.toString()); - } - - return out; - } - - protected byte[] wrapKey( - String algorithm, - Key key, - PKCS12PBEParams pbeParams, - char[] password) - throws IOException - { - PBEKeySpec pbeSpec = new PBEKeySpec(password); - byte[] out; - - try - { - SecretKeyFactory keyFact = SecretKeyFactory.getInstance( - algorithm, "BC"); - PBEParameterSpec defParams = new PBEParameterSpec( - pbeParams.getIV(), - pbeParams.getIterations().intValue()); - - Cipher cipher = Cipher.getInstance(algorithm, "BC"); - - cipher.init(Cipher.WRAP_MODE, keyFact.generateSecret(pbeSpec), defParams); - - out = cipher.wrap(key); - } - catch (Exception e) - { - throw new IOException("exception encrypting data - " + e.toString()); - } - - return out; - } - - protected ASN1Sequence decryptData( - AlgorithmIdentifier algId, - byte[] data, - char[] password, - boolean wrongPKCS12Zero) - throws IOException - { - String algorithm = algId.getObjectId().getId(); - PKCS12PBEParams pbeParams = new PKCS12PBEParams((ASN1Sequence)algId.getParameters()); - - PBEKeySpec pbeSpec = new PBEKeySpec(password); - byte[] out = null; - - try - { - SecretKeyFactory keyFact = SecretKeyFactory.getInstance( - algorithm, "BC"); - PBEParameterSpec defParams = new PBEParameterSpec( - pbeParams.getIV(), - pbeParams.getIterations().intValue()); - SecretKey k = keyFact.generateSecret(pbeSpec); - - ((JCEPBEKey)k).setTryWrongPKCS12Zero(wrongPKCS12Zero); - - Cipher cipher = Cipher.getInstance(algorithm, "BC"); - - cipher.init(Cipher.DECRYPT_MODE, k, defParams); - - out = cipher.doFinal(data); - } - catch (Exception e) - { - throw new IOException("exception decrypting data - " + e.toString()); - } - - ASN1InputStream aIn = new ASN1InputStream(out); - - return (ASN1Sequence)aIn.readObject(); - } - - protected byte[] encryptData( - String algorithm, - byte[] data, - PKCS12PBEParams pbeParams, - char[] password) - throws IOException - { - PBEKeySpec pbeSpec = new PBEKeySpec(password); - byte[] out; - - try - { - SecretKeyFactory keyFact = SecretKeyFactory.getInstance( - algorithm, "BC"); - PBEParameterSpec defParams = new PBEParameterSpec( - pbeParams.getIV(), - pbeParams.getIterations().intValue()); - - Cipher cipher = Cipher.getInstance(algorithm, "BC"); - - cipher.init(Cipher.ENCRYPT_MODE, keyFact.generateSecret(pbeSpec), defParams); - - out = cipher.doFinal(data); - } - catch (Exception e) - { - throw new IOException("exception encrypting data - " + e.toString()); - } - - return out; - } - - public void engineLoad( - InputStream stream, - char[] password) - throws IOException - { - if (stream == null) // just initialising - { - return; - } - - if (password == null) - { - throw new NullPointerException("No password supplied for PKCS#12 KeyStore."); - } - - BufferedInputStream bufIn = new BufferedInputStream(stream); - - bufIn.mark(10); - - int head = bufIn.read(); - - if (head != 0x30) - { - throw new IOException("stream does not represent a PKCS12 key store"); - } - - bufIn.reset(); - - ASN1InputStream bIn = new ASN1InputStream(bufIn); - ASN1Sequence obj = (ASN1Sequence)bIn.readObject(); - Pfx bag = new Pfx(obj); - ContentInfo info = bag.getAuthSafe(); - Vector chain = new Vector(); - boolean unmarkedKey = false; - boolean wrongPKCS12Zero = false; - - if (bag.getMacData() != null) // check the mac code - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - BEROutputStream berOut = new BEROutputStream(bOut); - MacData mData = bag.getMacData(); - DigestInfo dInfo = mData.getMac(); - AlgorithmIdentifier algId = dInfo.getAlgorithmId(); - byte[] salt = mData.getSalt(); - int itCount = mData.getIterationCount().intValue(); - - berOut.writeObject(info); - - byte[] data = ((ASN1OctetString)info.getContent()).getOctets(); - - try - { - Mac mac = Mac.getInstance(algId.getObjectId().getId(), "BC"); - SecretKeyFactory keyFact = SecretKeyFactory.getInstance(algId.getObjectId().getId(), "BC"); - PBEParameterSpec defParams = new PBEParameterSpec(salt, itCount); - PBEKeySpec pbeSpec = new PBEKeySpec(password); - - mac.init(keyFact.generateSecret(pbeSpec), defParams); - - mac.update(data); - - byte[] res = mac.doFinal(); - byte[] dig = dInfo.getDigest(); - - if (res.length != dInfo.getDigest().length) - { - throw new IOException("PKCS12 key store mac invalid - wrong password or corrupted file."); - } - - boolean okay = true; - - for (int i = 0; i != res.length; i++) - { - if (res[i] != dig[i]) - { - if (password.length != 0) // may be dodgey zero password - { - throw new IOException("PKCS12 key store mac invalid - wrong password or corrupted file."); - } - else - { - okay = false; - break; - } - } - } - - // - // may be incorrect zero length password - // - if (!okay) - { - SecretKey k = keyFact.generateSecret(pbeSpec); - - ((JCEPBEKey)k).setTryWrongPKCS12Zero(true); - - mac.init(k, defParams); - - mac.update(data); - - res = mac.doFinal(); - dig = dInfo.getDigest(); - - for (int i = 0; i != res.length; i++) - { - if (res[i] != dig[i]) - { - throw new IOException("PKCS12 key store mac invalid - wrong password or corrupted file."); - } - } - - wrongPKCS12Zero = true; - } - } - catch (IOException e) - { - throw e; - } - catch (Exception e) - { - throw new IOException("error constructing MAC: " + e.toString()); - } - } - - keys = new Hashtable(); - localIds = new Hashtable(); - - if (info.getContentType().equals(data)) - { - bIn = new ASN1InputStream(((ASN1OctetString)info.getContent()).getOctets()); - - AuthenticatedSafe authSafe = new AuthenticatedSafe((ASN1Sequence)bIn.readObject()); - ContentInfo[] c = authSafe.getContentInfo(); - - for (int i = 0; i != c.length; i++) - { - if (c[i].getContentType().equals(data)) - { - ASN1InputStream dIn = new ASN1InputStream(((ASN1OctetString)c[i].getContent()).getOctets()); - ASN1Sequence seq = (ASN1Sequence)dIn.readObject(); - - for (int j = 0; j != seq.size(); j++) - { - SafeBag b = new SafeBag((ASN1Sequence)seq.getObjectAt(j)); - if (b.getBagId().equals(pkcs8ShroudedKeyBag)) - { - org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo eIn = new org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo((ASN1Sequence)b.getBagValue()); - PrivateKey privKey = unwrapKey(eIn.getEncryptionAlgorithm(), eIn.getEncryptedData(), password, wrongPKCS12Zero); - - // - // set the attributes on the key - // - PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier)privKey; - String alias = null; - ASN1OctetString localId = null; - - if (b.getBagAttributes() != null) - { - Enumeration e = b.getBagAttributes().getObjects(); - while (e.hasMoreElements()) - { - ASN1Sequence sq = (ASN1Sequence)e.nextElement(); - DERObjectIdentifier aOid = (DERObjectIdentifier)sq.getObjectAt(0); - ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1); - DERObject attr = null; - - if (attrSet.size() > 0) - { - attr = (DERObject)attrSet.getObjectAt(0); - - bagAttr.setBagAttribute(aOid, attr); - } - - if (aOid.equals(pkcs_9_at_friendlyName)) - { - alias = ((DERBMPString)attr).getString(); - keys.put(alias, privKey); - } - else if (aOid.equals(pkcs_9_at_localKeyId)) - { - localId = (ASN1OctetString)attr; - } - } - } - - if (localId != null) - { - String name = new String(Hex.encode(localId.getOctets())); - - if (alias == null) - { - keys.put(name, privKey); - } - else - { - localIds.put(alias, name); - } - } - else - { - unmarkedKey = true; - keys.put("unmarked", privKey); - } - } - else if (b.getBagId().equals(certBag)) - { - chain.addElement(b); - } - else - { - System.out.println("extra in data " + b.getBagId()); - System.out.println(ASN1Dump.dumpAsString(b)); - } - } - } - else if (c[i].getContentType().equals(encryptedData)) - { - EncryptedData d = new EncryptedData((ASN1Sequence)c[i].getContent()); - ASN1Sequence seq = decryptData(d.getEncryptionAlgorithm(), d.getContent().getOctets(), password, wrongPKCS12Zero); - - for (int j = 0; j != seq.size(); j++) - { - SafeBag b = new SafeBag((ASN1Sequence)seq.getObjectAt(j)); - - if (b.getBagId().equals(certBag)) - { - chain.addElement(b); - } - else if (b.getBagId().equals(pkcs8ShroudedKeyBag)) - { - org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo eIn = new org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo((ASN1Sequence)b.getBagValue()); - PrivateKey privKey = unwrapKey(eIn.getEncryptionAlgorithm(), eIn.getEncryptedData(), password, wrongPKCS12Zero); - - // - // set the attributes on the key - // - PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier)privKey; - String alias = null; - ASN1OctetString localId = null; - - Enumeration e = b.getBagAttributes().getObjects(); - while (e.hasMoreElements()) - { - ASN1Sequence sq = (ASN1Sequence)e.nextElement(); - DERObjectIdentifier aOid = (DERObjectIdentifier)sq.getObjectAt(0); - ASN1Set attrSet= (ASN1Set)sq.getObjectAt(1); - DERObject attr = null; - - if (attrSet.size() > 0) - { - attr = (DERObject)attrSet.getObjectAt(0); - - bagAttr.setBagAttribute(aOid, attr); - } - - if (aOid.equals(pkcs_9_at_friendlyName)) - { - alias = ((DERBMPString)attr).getString(); - keys.put(alias, privKey); - } - else if (aOid.equals(pkcs_9_at_localKeyId)) - { - localId = (ASN1OctetString)attr; - } - } - - String name = new String(Hex.encode(localId.getOctets())); - - if (alias == null) - { - keys.put(name, privKey); - } - else - { - localIds.put(alias, name); - } - } - else if (b.getBagId().equals(keyBag)) - { - org.bouncycastle.asn1.pkcs.PrivateKeyInfo pIn = new org.bouncycastle.asn1.pkcs.PrivateKeyInfo((ASN1Sequence)b.getBagValue()); - PrivateKey privKey = JDKKeyFactory.createPrivateKeyFromPrivateKeyInfo(pIn); - - // - // set the attributes on the key - // - PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier)privKey; - String alias = null; - ASN1OctetString localId = null; - - Enumeration e = b.getBagAttributes().getObjects(); - while (e.hasMoreElements()) - { - ASN1Sequence sq = (ASN1Sequence)e.nextElement(); - DERObjectIdentifier aOid = (DERObjectIdentifier)sq.getObjectAt(0); - ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1); - DERObject attr = null; - - if (attrSet.size() > 0) - { - attr = (DERObject)attrSet.getObjectAt(0); - - bagAttr.setBagAttribute(aOid, attr); - } - - if (aOid.equals(pkcs_9_at_friendlyName)) - { - alias = ((DERBMPString)attr).getString(); - keys.put(alias, privKey); - } - else if (aOid.equals(pkcs_9_at_localKeyId)) - { - localId = (ASN1OctetString)attr; - } - } - - String name = new String(Hex.encode(localId.getOctets())); - - if (alias == null) - { - keys.put(name, privKey); - } - else - { - localIds.put(alias, name); - } - } - else - { - System.out.println("extra in encryptedData " + b.getBagId()); - System.out.println(ASN1Dump.dumpAsString(b)); - } - } - } - else - { - System.out.println("extra " + c[i].getContentType().getId()); - System.out.println("extra " + ASN1Dump.dumpAsString(c[i].getContent())); - } - } - } - - certs = new Hashtable(); - chainCerts = new Hashtable(); - keyCerts = new Hashtable(); - - for (int i = 0; i != chain.size(); i++) - { - SafeBag b = (SafeBag)chain.elementAt(i); - CertBag cb = new CertBag((ASN1Sequence)b.getBagValue()); - Certificate cert = null; - - try - { - ByteArrayInputStream cIn = new ByteArrayInputStream( - ((ASN1OctetString)cb.getCertValue()).getOctets()); - cert = certFact.generateCertificate(cIn); - } - catch (Exception e) - { - throw new RuntimeException(e.toString()); - } - - - // - // set the attributes - // - ASN1OctetString localId = null; - String alias = null; - - if (b.getBagAttributes() != null) - { - Enumeration e = b.getBagAttributes().getObjects(); - while (e.hasMoreElements()) - { - ASN1Sequence sq = (ASN1Sequence)e.nextElement(); - DERObjectIdentifier oid = (DERObjectIdentifier)sq.getObjectAt(0); - DERObject attr = (DERObject)((ASN1Set)sq.getObjectAt(1)).getObjectAt(0); - - if (cert instanceof PKCS12BagAttributeCarrier) - { - PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier)cert; - bagAttr.setBagAttribute(oid, attr); - } - - if (oid.equals(pkcs_9_at_friendlyName)) - { - alias = ((DERBMPString)attr).getString(); - } - else if (oid.equals(pkcs_9_at_localKeyId)) - { - localId = (ASN1OctetString)attr; - } - } - } - - chainCerts.put(new CertId(cert.getPublicKey()), cert); - - if (unmarkedKey) - { - if (keyCerts.isEmpty()) - { - String name = new String(Hex.encode(createSubjectKeyId(cert.getPublicKey()).getKeyIdentifier())); - - keyCerts.put(name, cert); - keys.put(name, keys.remove("unmarked")); - } - } - else - { - // - // the local key id needs to override the friendly name - // - if (localId != null) - { - String name = new String(Hex.encode(localId.getOctets())); - - keyCerts.put(name, cert); - } - if (alias != null) - { - certs.put(alias, cert); - } - } - } - } - - public void engineStore(OutputStream stream, char[] password) - throws IOException - { - if (password == null) - { - throw new NullPointerException("No password supplied for PKCS#12 KeyStore."); - } - - ContentInfo[] c = new ContentInfo[2]; - - - // - // handle the key - // - ASN1EncodableVector keyS = new ASN1EncodableVector(); - - - Enumeration ks = keys.keys(); - - while (ks.hasMoreElements()) - { - byte[] kSalt = new byte[SALT_SIZE]; - - random.nextBytes(kSalt); - - String name = (String)ks.nextElement(); - PrivateKey privKey = (PrivateKey)keys.get(name); - PKCS12PBEParams kParams = new PKCS12PBEParams(kSalt, MIN_ITERATIONS); - byte[] kBytes = wrapKey(KEY_ALGORITHM, privKey, kParams, password); - AlgorithmIdentifier kAlgId = new AlgorithmIdentifier(new DERObjectIdentifier(KEY_ALGORITHM), kParams.getDERObject()); - org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo kInfo = new org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo(kAlgId, kBytes); - boolean attrSet = false; - ASN1EncodableVector kName = new ASN1EncodableVector(); - - if (privKey instanceof PKCS12BagAttributeCarrier) - { - PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier)privKey; - // - // make sure we are using the local alias on store - // - DERBMPString nm = (DERBMPString)bagAttrs.getBagAttribute(pkcs_9_at_friendlyName); - if (nm == null || !nm.getString().equals(name)) - { - bagAttrs.setBagAttribute(pkcs_9_at_friendlyName, new DERBMPString(name)); - } - - // - // make sure we have a local key-id - // - if (bagAttrs.getBagAttribute(pkcs_9_at_localKeyId) == null) - { - Certificate ct = engineGetCertificate(name); - - bagAttrs.setBagAttribute(pkcs_9_at_localKeyId, createSubjectKeyId(ct.getPublicKey())); - } - - Enumeration e = bagAttrs.getBagAttributeKeys(); - - while (e.hasMoreElements()) - { - DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); - ASN1EncodableVector kSeq = new ASN1EncodableVector(); - - kSeq.add(oid); - kSeq.add(new DERSet(bagAttrs.getBagAttribute(oid))); - - attrSet = true; - - kName.add(new DERSequence(kSeq)); - } - } - - if (!attrSet) - { - // - // set a default friendly name (from the key id) and local id - // - ASN1EncodableVector kSeq = new ASN1EncodableVector(); - Certificate ct = engineGetCertificate(name); - - kSeq.add(pkcs_9_at_localKeyId); - kSeq.add(new DERSet(createSubjectKeyId(ct.getPublicKey()))); - - kName.add(new DERSequence(kSeq)); - - kSeq = new ASN1EncodableVector(); - - kSeq.add(pkcs_9_at_friendlyName); - kSeq.add(new DERSet(new DERBMPString(name))); - - kName.add(new DERSequence(kSeq)); - } - - SafeBag kBag = new SafeBag(pkcs8ShroudedKeyBag, kInfo.getDERObject(), new DERSet(kName)); - keyS.add(kBag); - } - - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - - dOut.writeObject(new DERSequence(keyS)); - - BERConstructedOctetString keyString = new BERConstructedOctetString(bOut.toByteArray()); - - // - // certficate processing - // - byte[] cSalt = new byte[SALT_SIZE]; - - random.nextBytes(cSalt); - - ASN1EncodableVector certSeq = new ASN1EncodableVector(); - PKCS12PBEParams cParams = new PKCS12PBEParams(cSalt, MIN_ITERATIONS); - AlgorithmIdentifier cAlgId = new AlgorithmIdentifier(new DERObjectIdentifier(CERT_ALGORITHM), cParams.getDERObject()); - Hashtable doneCerts = new Hashtable(); - - Enumeration cs = keys.keys(); - while (cs.hasMoreElements()) - { - try - { - String name = (String)cs.nextElement(); - Certificate cert = engineGetCertificate(name); - boolean cAttrSet = false; - CertBag cBag = new CertBag( - x509certType, - new DEROctetString(cert.getEncoded())); - ASN1EncodableVector fName = new ASN1EncodableVector(); - - if (cert instanceof PKCS12BagAttributeCarrier) - { - PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier)cert; - // - // make sure we are using the local alias on store - // - DERBMPString nm = (DERBMPString)bagAttrs.getBagAttribute(pkcs_9_at_friendlyName); - if (nm == null || !nm.getString().equals(name)) - { - bagAttrs.setBagAttribute(pkcs_9_at_friendlyName, new DERBMPString(name)); - } - - // - // make sure we have a local key-id - // - if (bagAttrs.getBagAttribute(pkcs_9_at_localKeyId) == null) - { - bagAttrs.setBagAttribute(pkcs_9_at_localKeyId, createSubjectKeyId(cert.getPublicKey())); - } - - Enumeration e = bagAttrs.getBagAttributeKeys(); - - while (e.hasMoreElements()) - { - DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); - ASN1EncodableVector fSeq = new ASN1EncodableVector(); - - fSeq.add(oid); - fSeq.add(new DERSet(bagAttrs.getBagAttribute(oid))); - fName.add(new DERSequence(fSeq)); - - cAttrSet = true; - } - } - - if (!cAttrSet) - { - ASN1EncodableVector fSeq = new ASN1EncodableVector(); - - fSeq.add(pkcs_9_at_localKeyId); - fSeq.add(new DERSet(createSubjectKeyId(cert.getPublicKey()))); - fName.add(new DERSequence(fSeq)); - - fSeq = new ASN1EncodableVector(); - - fSeq.add(pkcs_9_at_friendlyName); - fSeq.add(new DERSet(new DERBMPString(name))); - - fName.add(new DERSequence(fSeq)); - } - - SafeBag sBag = new SafeBag(certBag, cBag.getDERObject(), new DERSet(fName)); - - certSeq.add(sBag); - - doneCerts.put(cert, cert); - } - catch (CertificateEncodingException e) - { - throw new IOException("Error encoding certificate: " + e.toString()); - } - } - - cs = certs.keys(); - while (cs.hasMoreElements()) - { - try - { - String certId = (String)cs.nextElement(); - Certificate cert = (Certificate)certs.get(certId); - boolean cAttrSet = false; - - if (keys.get(certId) != null) - { - continue; - } - - CertBag cBag = new CertBag( - x509certType, - new DEROctetString(cert.getEncoded())); - ASN1EncodableVector fName = new ASN1EncodableVector(); - - if (cert instanceof PKCS12BagAttributeCarrier) - { - PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier)cert; - // - // make sure we are using the local alias on store - // - DERBMPString nm = (DERBMPString)bagAttrs.getBagAttribute(pkcs_9_at_friendlyName); - if (nm == null || !nm.getString().equals(certId)) - { - bagAttrs.setBagAttribute(pkcs_9_at_friendlyName, new DERBMPString(certId)); - } - - Enumeration e = bagAttrs.getBagAttributeKeys(); - - while (e.hasMoreElements()) - { - DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); - ASN1EncodableVector fSeq = new ASN1EncodableVector(); - - fSeq.add(oid); - fSeq.add(new DERSet(bagAttrs.getBagAttribute(oid))); - fName.add(new DERSequence(fSeq)); - - cAttrSet = true; - } - } - - if (!cAttrSet) - { - ASN1EncodableVector fSeq = new ASN1EncodableVector(); - - fSeq.add(pkcs_9_at_friendlyName); - fSeq.add(new DERSet(new DERBMPString(certId))); - - fName.add(new DERSequence(fSeq)); - } - - SafeBag sBag = new SafeBag(certBag, cBag.getDERObject(), new DERSet(fName)); - - certSeq.add(sBag); - - doneCerts.put(cert, cert); - } - catch (CertificateEncodingException e) - { - throw new IOException("Error encoding certificate: " + e.toString()); - } - } - - cs = chainCerts.keys(); - while (cs.hasMoreElements()) - { - try - { - CertId certId = (CertId)cs.nextElement(); - Certificate cert = (Certificate)chainCerts.get(certId); - - if (doneCerts.get(cert) != null) - { - continue; - } - - CertBag cBag = new CertBag( - x509certType, - new DEROctetString(cert.getEncoded())); - ASN1EncodableVector fName = new ASN1EncodableVector(); - - if (cert instanceof PKCS12BagAttributeCarrier) - { - PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier)cert; - Enumeration e = bagAttrs.getBagAttributeKeys(); - - while (e.hasMoreElements()) - { - DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); - ASN1EncodableVector fSeq = new ASN1EncodableVector(); - - fSeq.add(oid); - fSeq.add(new DERSet(bagAttrs.getBagAttribute(oid))); - fName.add(new DERSequence(fSeq)); - } - } - - SafeBag sBag = new SafeBag(certBag, cBag.getDERObject(), new DERSet(fName)); - - certSeq.add(sBag); - } - catch (CertificateEncodingException e) - { - throw new IOException("Error encoding certificate: " + e.toString()); - } - } - - bOut.reset(); - - dOut = new DEROutputStream(bOut); - - dOut.writeObject(new DERSequence(certSeq)); - - dOut.close(); - - byte[] certBytes = encryptData(CERT_ALGORITHM, bOut.toByteArray(), cParams, password); - EncryptedData cInfo = new EncryptedData(data, cAlgId, new BERConstructedOctetString(certBytes)); - - c[0] = new ContentInfo(data, keyString); - - c[1] = new ContentInfo(encryptedData, cInfo.getDERObject()); - - AuthenticatedSafe auth = new AuthenticatedSafe(c); - - bOut.reset(); - - BEROutputStream berOut = new BEROutputStream(bOut); - - berOut.writeObject(auth); - - byte[] pkg = bOut.toByteArray(); - - ContentInfo mainInfo = new ContentInfo(data, new BERConstructedOctetString(pkg)); - - // - // create the mac - // - byte[] mSalt = new byte[20]; - int itCount = MIN_ITERATIONS; - - random.nextBytes(mSalt); - - byte[] data = ((ASN1OctetString)mainInfo.getContent()).getOctets(); - - MacData mData = null; - - try - { - Mac mac = Mac.getInstance(id_SHA1.getId(), "BC"); - SecretKeyFactory keyFact = SecretKeyFactory.getInstance(id_SHA1.getId(), "BC"); - PBEParameterSpec defParams = new PBEParameterSpec(mSalt, itCount); - PBEKeySpec pbeSpec = new PBEKeySpec(password); - - mac.init(keyFact.generateSecret(pbeSpec), defParams); - - mac.update(data); - - byte[] res = mac.doFinal(); - - // BEGIN android-changed - AlgorithmIdentifier algId = new AlgorithmIdentifier(id_SHA1, DERNull.THE_ONE); - // END android-changed - DigestInfo dInfo = new DigestInfo(algId, res); - - mData = new MacData(dInfo, mSalt, itCount); - } - catch (Exception e) - { - throw new IOException("error constructing MAC: " + e.toString()); - } - - // - // output the Pfx - // - Pfx pfx = new Pfx(mainInfo, mData); - - berOut = new BEROutputStream(stream); - - berOut.writeObject(pfx); - } - - public static class BCPKCS12KeyStore - extends JDKPKCS12KeyStore - { - public BCPKCS12KeyStore() - { - super("BC"); - } - } - - public static class DefPKCS12KeyStore - extends JDKPKCS12KeyStore - { - public DefPKCS12KeyStore() - { - super(null); - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/JDKPSSSigner.java b/luni/src/main/java/org/bouncycastle/jce/provider/JDKPSSSigner.java deleted file mode 100644 index 33df9fd..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/JDKPSSSigner.java +++ /dev/null @@ -1,289 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.AlgorithmParameters; -import java.security.InvalidKeyException; -import java.security.InvalidParameterException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.Signature; -import java.security.SignatureException; -import java.security.interfaces.RSAPrivateKey; -import java.security.interfaces.RSAPublicKey; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.MGF1ParameterSpec; -import java.security.spec.PSSParameterSpec; - -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.crypto.AsymmetricBlockCipher; -import org.bouncycastle.crypto.CryptoException; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.engines.RSAEngine; -import org.bouncycastle.crypto.params.ParametersWithRandom; -import org.bouncycastle.crypto.signers.PSSSigner; - -public class JDKPSSSigner - extends Signature -{ - private AlgorithmParameters engineParams; - private PSSParameterSpec paramSpec; - private PSSParameterSpec originalSpec; - private AsymmetricBlockCipher signer; - private Digest digest; - private int saltLength; - private byte trailer; - - private PSSSigner pss; - - private byte getTrailer( - int trailerField) - { - if (trailerField == 1) - { - return PSSSigner.TRAILER_IMPLICIT; - } - - throw new IllegalArgumentException("unknown trailer field"); - } - - protected JDKPSSSigner( - String name, - AsymmetricBlockCipher signer, - PSSParameterSpec paramSpec) - { - super(name); - - this.signer = signer; - - if (paramSpec == null) - { - originalSpec = null; - paramSpec = PSSParameterSpec.DEFAULT; - } - else - { - originalSpec = paramSpec; - this.paramSpec = paramSpec; - } - - this.digest = JCEDigestUtil.getDigest(paramSpec.getDigestAlgorithm()); - this.saltLength = paramSpec.getSaltLength(); - this.trailer = getTrailer(paramSpec.getTrailerField()); - } - - protected void engineInitVerify( - PublicKey publicKey) - throws InvalidKeyException - { - if (!(publicKey instanceof RSAPublicKey)) - { - throw new InvalidKeyException("Supplied key is not a RSAPublicKey instance"); - } - - pss = new PSSSigner(signer, digest, saltLength); - pss.init(false, - RSAUtil.generatePublicKeyParameter((RSAPublicKey)publicKey)); - } - - protected void engineInitSign( - PrivateKey privateKey, - SecureRandom random) - throws InvalidKeyException - { - if (!(privateKey instanceof RSAPrivateKey)) - { - throw new InvalidKeyException("Supplied key is not a RSAPrivateKey instance"); - } - - pss = new PSSSigner(signer, digest, saltLength, trailer); - pss.init(true, new ParametersWithRandom(RSAUtil.generatePrivateKeyParameter((RSAPrivateKey)privateKey), random)); - } - - protected void engineInitSign( - PrivateKey privateKey) - throws InvalidKeyException - { - if (!(privateKey instanceof RSAPrivateKey)) - { - throw new InvalidKeyException("Supplied key is not a RSAPrivateKey instance"); - } - - pss = new PSSSigner(signer, digest, saltLength, trailer); - pss.init(true, RSAUtil.generatePrivateKeyParameter((RSAPrivateKey)privateKey)); - } - - protected void engineUpdate( - byte b) - throws SignatureException - { - pss.update(b); - } - - protected void engineUpdate( - byte[] b, - int off, - int len) - throws SignatureException - { - pss.update(b, off, len); - } - - protected byte[] engineSign() - throws SignatureException - { - try - { - return pss.generateSignature(); - } - catch (CryptoException e) - { - throw new SignatureException(e.getMessage()); - } - } - - protected boolean engineVerify( - byte[] sigBytes) - throws SignatureException - { - return pss.verifySignature(sigBytes); - } - - protected void engineSetParameter( - AlgorithmParameterSpec params) - throws InvalidParameterException - { - if (params instanceof PSSParameterSpec) - { - paramSpec = (PSSParameterSpec)params; - - if (originalSpec != null) - { - if (!JCEDigestUtil.isSameDigest(originalSpec.getDigestAlgorithm(), paramSpec.getDigestAlgorithm())) - { - throw new InvalidParameterException("parameter must be using " + originalSpec.getDigestAlgorithm()); - } - } - if (!paramSpec.getMGFAlgorithm().equalsIgnoreCase("MGF1") && !paramSpec.getMGFAlgorithm().equals(PKCSObjectIdentifiers.id_mgf1.getId())) - { - throw new InvalidParameterException("unknown mask generation function specified"); - } - - if (!(paramSpec.getMGFParameters() instanceof MGF1ParameterSpec)) - { - throw new InvalidParameterException("unkown MGF parameters"); - } - - MGF1ParameterSpec mgfParams = (MGF1ParameterSpec)paramSpec.getMGFParameters(); - - if (!JCEDigestUtil.isSameDigest(mgfParams.getDigestAlgorithm(), paramSpec.getDigestAlgorithm())) - { - throw new InvalidParameterException("digest algorithm for MGF should be the same as for PSS parameters."); - } - - digest = JCEDigestUtil.getDigest(mgfParams.getDigestAlgorithm()); - - if (digest == null) - { - throw new InvalidParameterException("no match on MGF digest algorithm: "+ mgfParams.getDigestAlgorithm()); - } - - this.saltLength = paramSpec.getSaltLength(); - this.trailer = getTrailer(paramSpec.getTrailerField()); - } - else - { - throw new InvalidParameterException("Only PSSParameterSpec supported"); - } - } - - protected AlgorithmParameters engineGetParameters() - { - if (engineParams == null) - { - if (paramSpec != null) - { - try - { - engineParams = AlgorithmParameters.getInstance("PSS", "BC"); - engineParams.init(paramSpec); - } - catch (Exception e) - { - throw new RuntimeException(e.toString()); - } - } - } - - return engineParams; - } - - /** - * @deprecated replaced with <a href = "#engineSetParameter(java.security.spec.AlgorithmParameterSpec)"> - */ - protected void engineSetParameter( - String param, - Object value) - { - throw new UnsupportedOperationException("engineSetParameter unsupported"); - } - - protected Object engineGetParameter( - String param) - { - throw new UnsupportedOperationException("engineGetParameter unsupported"); - } - - static public class PSSwithRSA - extends JDKPSSSigner - { - public PSSwithRSA() - { - super("SHA1withRSAandMGF1", new RSAEngine(), null); - } - } - - static public class SHA1withRSA - extends JDKPSSSigner - { - public SHA1withRSA() - { - super("SHA1withRSAandMGF1", new RSAEngine(), PSSParameterSpec.DEFAULT); - } - } - - static public class SHA224withRSA - extends JDKPSSSigner - { - public SHA224withRSA() - { - super("SHA2224withRSAandMGF1", new RSAEngine(), new PSSParameterSpec("SHA-224", "MGF1", new MGF1ParameterSpec("SHA-224"), 28, 1)); - } - } - - static public class SHA256withRSA - extends JDKPSSSigner - { - public SHA256withRSA() - { - super("SHA256withRSAandMGF1", new RSAEngine(), new PSSParameterSpec("SHA-256", "MGF1", new MGF1ParameterSpec("SHA-256"), 32, 1)); - } - } - - static public class SHA384withRSA - extends JDKPSSSigner - { - public SHA384withRSA() - { - super("SHA384withRSAandMGF1", new RSAEngine(), new PSSParameterSpec("SHA-384", "MGF1", new MGF1ParameterSpec("SHA-384"), 48, 1)); - } - } - - static public class SHA512withRSA - extends JDKPSSSigner - { - public SHA512withRSA() - { - super("SHA512withRSAandMGF1", new RSAEngine(), new PSSParameterSpec("SHA-512", "MGF1", new MGF1ParameterSpec("SHA-512"), 64, 1)); - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/JDKX509CertificateFactory.java b/luni/src/main/java/org/bouncycastle/jce/provider/JDKX509CertificateFactory.java deleted file mode 100644 index 31507c6..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/JDKX509CertificateFactory.java +++ /dev/null @@ -1,471 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.BufferedInputStream; -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.security.cert.CRL; -import java.security.cert.CRLException; -import java.security.cert.CertPath; -import java.security.cert.Certificate; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactorySpi; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Iterator; -import java.util.List; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.SignedData; -import org.bouncycastle.asn1.x509.CertificateList; -import org.bouncycastle.asn1.x509.X509CertificateStructure; -import org.bouncycastle.util.encoders.Base64; - -/** - * class for dealing with X509 certificates. - * <p> - * At the moment this will deal with "-----BEGIN CERTIFICATE-----" to "-----END CERTIFICATE-----" - * base 64 encoded certs, as well as the BER binaries of certificates and some classes of PKCS#7 - * objects. - */ -public class JDKX509CertificateFactory - extends CertificateFactorySpi -{ - private static final long MAX_MEMORY = Runtime.getRuntime().maxMemory(); - - private SignedData sData = null; - private int sDataObjectCount = 0; - private InputStream currentStream = null; - - private SignedData sCrlData = null; - private int sCrlDataObjectCount = 0; - private InputStream currentCrlStream = null; - - private int getLimit(InputStream in) - throws IOException - { - if (in instanceof ByteArrayInputStream) - { - return in.available(); - } - - if (MAX_MEMORY > Integer.MAX_VALUE) - { - return Integer.MAX_VALUE; - } - - return (int)MAX_MEMORY; - } - - private String readLine( - InputStream in) - throws IOException - { - int c; - StringBuffer l = new StringBuffer(); - - while (((c = in.read()) != '\n') && (c >= 0)) - { - if (c == '\r') - { - continue; - } - - l.append((char)c); - } - - if (c < 0) - { - return null; - } - - return l.toString(); - } - - private Certificate readDERCertificate( - ASN1InputStream dIn) - throws IOException - { - ASN1Sequence seq = (ASN1Sequence)dIn.readObject(); - - if (seq.size() > 1 - && seq.getObjectAt(0) instanceof DERObjectIdentifier) - { - if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData)) - { - sData = new SignedData(ASN1Sequence.getInstance( - (ASN1TaggedObject)seq.getObjectAt(1), true)); - - return new X509CertificateObject( - X509CertificateStructure.getInstance( - sData.getCertificates().getObjectAt(sDataObjectCount++))); - } - } - - return new X509CertificateObject( - X509CertificateStructure.getInstance(seq)); - } - - /** - * read in a BER encoded PKCS7 certificate. - */ - private Certificate readPKCS7Certificate( - InputStream in) - throws IOException - { - ASN1InputStream dIn = new ASN1InputStream(in, getLimit(in)); - ASN1Sequence seq = (ASN1Sequence)dIn.readObject(); - - if (seq.size() > 1 - && seq.getObjectAt(0) instanceof DERObjectIdentifier) - { - if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData)) - { - sData = new SignedData(ASN1Sequence.getInstance( - (ASN1TaggedObject)seq.getObjectAt(1), true)); - - return new X509CertificateObject( - X509CertificateStructure.getInstance( - sData.getCertificates().getObjectAt(sDataObjectCount++))); - } - } - - return new X509CertificateObject( - X509CertificateStructure.getInstance(seq)); - } - - private Certificate readPEMCertificate( - InputStream in) - throws IOException - { - String line; - StringBuffer pemBuf = new StringBuffer(); - - while ((line = readLine(in)) != null) - { - if (line.equals("-----BEGIN CERTIFICATE-----") - || line.equals("-----BEGIN X509 CERTIFICATE-----")) - { - break; - } - } - - while ((line = readLine(in)) != null) - { - if (line.equals("-----END CERTIFICATE-----") - || line.equals("-----END X509 CERTIFICATE-----")) - { - break; - } - - pemBuf.append(line); - } - - if (pemBuf.length() != 0) - { - return readDERCertificate(new ASN1InputStream(Base64.decode(pemBuf.toString()))); - } - - return null; - } - - private CRL readDERCRL( - ASN1InputStream dIn) - throws IOException, CRLException - { - return new X509CRLObject(new CertificateList((ASN1Sequence)dIn.readObject())); - } - - private CRL readPEMCRL( - InputStream in) - throws IOException, CRLException - { - String line; - StringBuffer pemBuf = new StringBuffer(); - - while ((line = readLine(in)) != null) - { - if (line.equals("-----BEGIN CRL-----") - || line.equals("-----BEGIN X509 CRL-----")) - { - break; - } - } - - while ((line = readLine(in)) != null) - { - if (line.equals("-----END CRL-----") - || line.equals("-----END X509 CRL-----")) - { - break; - } - - pemBuf.append(line); - } - - if (pemBuf.length() != 0) - { - return readDERCRL(new ASN1InputStream(Base64.decode(pemBuf.toString()))); - } - - return null; - } - - private CRL readPKCS7CRL( - InputStream in) - throws IOException, CRLException - { - ASN1InputStream dIn = new ASN1InputStream(in, getLimit(in)); - ASN1Sequence seq = (ASN1Sequence)dIn.readObject(); - - if (seq.size() > 1 - && seq.getObjectAt(0) instanceof DERObjectIdentifier) - { - if (seq.getObjectAt(0).equals(PKCSObjectIdentifiers.signedData)) - { - sCrlData = new SignedData(ASN1Sequence.getInstance( - (ASN1TaggedObject)seq.getObjectAt(1), true)); - - return new X509CRLObject( - CertificateList.getInstance( - sCrlData.getCRLs().getObjectAt(sCrlDataObjectCount++))); - } - } - - return new X509CRLObject( - CertificateList.getInstance(seq)); - } - - /** - * Generates a certificate object and initializes it with the data - * read from the input stream inStream. - */ - public Certificate engineGenerateCertificate( - InputStream in) - throws CertificateException - { - if (currentStream == null) - { - currentStream = in; - sData = null; - sDataObjectCount = 0; - } - else if (currentStream != in) // reset if input stream has changed - { - currentStream = in; - sData = null; - sDataObjectCount = 0; - } - - try - { - if (sData != null) - { - if (sDataObjectCount != sData.getCertificates().size()) - { - return new X509CertificateObject( - X509CertificateStructure.getInstance( - sData.getCertificates().getObjectAt(sDataObjectCount++))); - } - else - { - sData = null; - sDataObjectCount = 0; - return null; - } - } - - if (!in.markSupported()) - { - in = new BufferedInputStream(in); - } - - in.mark(10); - int tag = in.read(); - - if (tag == -1) - { - return null; - } - - if (tag != 0x30) // assume ascii PEM encoded. - { - in.reset(); - return readPEMCertificate(in); - } - else if (in.read() == 0x80) // assume BER encoded. - { - in.reset(); - return readPKCS7Certificate(new ASN1InputStream(in, getLimit(in))); - } - else - { - in.reset(); - return readDERCertificate(new ASN1InputStream(in, getLimit(in))); - } - } - catch (Exception e) - { - throw new CertificateException(e.toString()); - } - } - - /** - * Returns a (possibly empty) collection view of the certificates - * read from the given input stream inStream. - */ - public Collection engineGenerateCertificates( - InputStream inStream) - throws CertificateException - { - Certificate cert; - List certs = new ArrayList(); - - while ((cert = engineGenerateCertificate(inStream)) != null) - { - certs.add(cert); - } - - return certs; - } - - /** - * Generates a certificate revocation list (CRL) object and initializes - * it with the data read from the input stream inStream. - */ - public CRL engineGenerateCRL( - InputStream inStream) - throws CRLException - { - if (currentCrlStream == null) - { - currentCrlStream = inStream; - sCrlData = null; - sCrlDataObjectCount = 0; - } - else if (currentCrlStream != inStream) // reset if input stream has changed - { - currentCrlStream = inStream; - sCrlData = null; - sCrlDataObjectCount = 0; - } - - try - { - if (sCrlData != null) - { - if (sCrlDataObjectCount != sCrlData.getCertificates().size()) - { - return new X509CRLObject( - CertificateList.getInstance( - sCrlData.getCRLs().getObjectAt(sCrlDataObjectCount++))); - } - else - { - sCrlData = null; - sCrlDataObjectCount = 0; - return null; - } - } - - if (!inStream.markSupported()) - { - inStream = new BufferedInputStream(inStream); - } - - inStream.mark(10); - if (inStream.read() != 0x30) // assume ascii PEM encoded. - { - inStream.reset(); - return readPEMCRL(inStream); - } - else if (inStream.read() == 0x80) // assume BER encoded. - { - inStream.reset(); - return readPKCS7CRL(inStream); - } - else - { - inStream.reset(); - return readDERCRL(new ASN1InputStream(inStream, getLimit(inStream))); - } - } - catch (CRLException e) - { - throw e; - } - catch (Exception e) - { - throw new CRLException(e.toString()); - } - } - - /** - * Returns a (possibly empty) collection view of the CRLs read from - * the given input stream inStream. - * - * The inStream may contain a sequence of DER-encoded CRLs, or - * a PKCS#7 CRL set. This is a PKCS#7 SignedData object, with the - * only signficant field being crls. In particular the signature - * and the contents are ignored. - */ - public Collection engineGenerateCRLs( - InputStream inStream) - throws CRLException - { - CRL crl; - List crls = new ArrayList(); - - while ((crl = engineGenerateCRL(inStream)) != null) - { - crls.add(crl); - } - - return crls; - } - - public Iterator engineGetCertPathEncodings() - { - return PKIXCertPath.certPathEncodings.iterator(); - } - - public CertPath engineGenerateCertPath( - InputStream inStream) - throws CertificateException - { - return engineGenerateCertPath(inStream, "PkiPath"); - } - - public CertPath engineGenerateCertPath( - InputStream inStream, - String encoding) - throws CertificateException - { - return new PKIXCertPath(inStream, encoding); - } - - public CertPath engineGenerateCertPath( - List certificates) - throws CertificateException - { - Iterator iter = certificates.iterator(); - Object obj; - while (iter.hasNext()) - { - obj = iter.next(); - if (obj != null) - { - if (!(obj instanceof X509Certificate)) - { - throw new CertificateException("list contains none X509Certificate object while creating CertPath\n" + obj.toString()); - } - } - } - return new PKIXCertPath(certificates); - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/PBE.java b/luni/src/main/java/org/bouncycastle/jce/provider/PBE.java deleted file mode 100644 index 414076d..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/PBE.java +++ /dev/null @@ -1,279 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.spec.PBEKeySpec; -import javax.crypto.spec.PBEParameterSpec; - -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.PBEParametersGenerator; -import org.bouncycastle.crypto.digests.MD5Digest; -// BEGIN android-removed -// import org.bouncycastle.crypto.digests.RIPEMD160Digest; -// END android-removed -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.digests.SHA256Digest; -// BEGIN android-removed -// import org.bouncycastle.crypto.digests.TigerDigest; -// END android-removed -import org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator; -import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator; -import org.bouncycastle.crypto.generators.PKCS5S1ParametersGenerator; -import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator; -import org.bouncycastle.crypto.params.DESParameters; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; - -public interface PBE -{ - // - // PBE Based encryption constants - by default we do PKCS12 with SHA-1 - // - static final int MD5 = 0; - static final int SHA1 = 1; - static final int RIPEMD160 = 2; - static final int TIGER = 3; - static final int SHA256 = 4; - - static final int PKCS5S1 = 0; - static final int PKCS5S2 = 1; - static final int PKCS12 = 2; - static final int OPENSSL = 3; - - /** - * uses the appropriate mixer to generate the key and IV if neccessary. - */ - static class Util - { - static private PBEParametersGenerator makePBEGenerator( - int type, - int hash) - { - PBEParametersGenerator generator; - - if (type == PKCS5S1) - { - switch (hash) - { - case MD5: - generator = new PKCS5S1ParametersGenerator(new MD5Digest()); - break; - case SHA1: - generator = new PKCS5S1ParametersGenerator(new SHA1Digest()); - break; - default: - throw new IllegalStateException("PKCS5 scheme 1 only supports only MD5 and SHA1."); - } - } - else if (type == PKCS5S2) - { - generator = new PKCS5S2ParametersGenerator(); - } - else if (type == PKCS12) - { - switch (hash) - { - case MD5: - generator = new PKCS12ParametersGenerator(new MD5Digest()); - break; - case SHA1: - generator = new PKCS12ParametersGenerator(new SHA1Digest()); - break; - // BEGIN android-removed - // case RIPEMD160: - // generator = new PKCS12ParametersGenerator(new RIPEMD160Digest()); - // break; - // case TIGER: - // generator = new PKCS12ParametersGenerator(new TigerDigest()); - // break; - // END android-removed - case SHA256: - generator = new PKCS12ParametersGenerator(new SHA256Digest()); - break; - default: - throw new IllegalStateException("unknown digest scheme for PBE encryption."); - } - } - else - { - generator = new OpenSSLPBEParametersGenerator(); - } - - return generator; - } - - /** - * construct a key and iv (if neccessary) suitable for use with a - * Cipher. - */ - static CipherParameters makePBEParameters( - JCEPBEKey pbeKey, - AlgorithmParameterSpec spec, - String targetAlgorithm) - { - if ((spec == null) || !(spec instanceof PBEParameterSpec)) - { - throw new IllegalArgumentException("Need a PBEParameter spec with a PBE key."); - } - - PBEParameterSpec pbeParam = (PBEParameterSpec)spec; - PBEParametersGenerator generator = makePBEGenerator(pbeKey.getType(), pbeKey.getDigest()); - byte[] key = pbeKey.getEncoded(); - CipherParameters param; - - if (pbeKey.shouldTryWrongPKCS12()) - { - key = new byte[2]; - } - - generator.init(key, pbeParam.getSalt(), pbeParam.getIterationCount()); - - if (pbeKey.getIvSize() != 0) - { - param = generator.generateDerivedParameters(pbeKey.getKeySize(), pbeKey.getIvSize()); - } - else - { - param = generator.generateDerivedParameters(pbeKey.getKeySize()); - } - - if (targetAlgorithm.startsWith("DES")) - { - if (param instanceof ParametersWithIV) - { - KeyParameter kParam = (KeyParameter)((ParametersWithIV)param).getParameters(); - - DESParameters.setOddParity(kParam.getKey()); - } - else - { - KeyParameter kParam = (KeyParameter)param; - - DESParameters.setOddParity(kParam.getKey()); - } - } - - for (int i = 0; i != key.length; i++) - { - key[i] = 0; - } - - return param; - } - - /** - * generate a PBE based key suitable for a MAC algorithm, the - * key size is chosen according the MAC size, or the hashing algorithm, - * whichever is greater. - */ - static CipherParameters makePBEMacParameters( - JCEPBEKey pbeKey, - AlgorithmParameterSpec spec) - { - if ((spec == null) || !(spec instanceof PBEParameterSpec)) - { - throw new IllegalArgumentException("Need a PBEParameter spec with a PBE key."); - } - - PBEParameterSpec pbeParam = (PBEParameterSpec)spec; - PBEParametersGenerator generator = makePBEGenerator(pbeKey.getType(), pbeKey.getDigest()); - byte[] key = pbeKey.getEncoded(); - CipherParameters param; - - if (pbeKey.shouldTryWrongPKCS12()) - { - key = new byte[2]; - } - - generator.init(key, pbeParam.getSalt(), pbeParam.getIterationCount()); - - param = generator.generateDerivedMacParameters(pbeKey.getKeySize()); - - for (int i = 0; i != key.length; i++) - { - key[i] = 0; - } - - return param; - } - - /** - * construct a key and iv (if neccessary) suitable for use with a - * Cipher. - */ - static CipherParameters makePBEParameters( - PBEKeySpec keySpec, - int type, - int hash, - int keySize, - int ivSize) - { - PBEParametersGenerator generator = makePBEGenerator(type, hash); - byte[] key; - CipherParameters param; - - if (type == PKCS12) - { - key = PBEParametersGenerator.PKCS12PasswordToBytes(keySpec.getPassword()); - } - else - { - key = PBEParametersGenerator.PKCS5PasswordToBytes(keySpec.getPassword()); - } - - generator.init(key, keySpec.getSalt(), keySpec.getIterationCount()); - - if (ivSize != 0) - { - param = generator.generateDerivedParameters(keySize, ivSize); - } - else - { - param = generator.generateDerivedParameters(keySize); - } - - for (int i = 0; i != key.length; i++) - { - key[i] = 0; - } - - return param; - } - - /** - * generate a PBE based key suitable for a MAC algorithm, the - * key size is chosen according the MAC size, or the hashing algorithm, - * whichever is greater. - */ - static CipherParameters makePBEMacParameters( - PBEKeySpec keySpec, - int type, - int hash, - int keySize) - { - PBEParametersGenerator generator = makePBEGenerator(type, hash); - byte[] key; - CipherParameters param; - - if (type == PKCS12) - { - key = PBEParametersGenerator.PKCS12PasswordToBytes(keySpec.getPassword()); - } - else - { - key = PBEParametersGenerator.PKCS5PasswordToBytes(keySpec.getPassword()); - } - - generator.init(key, keySpec.getSalt(), keySpec.getIterationCount()); - - param = generator.generateDerivedMacParameters(keySize); - - for (int i = 0; i != key.length; i++) - { - key[i] = 0; - } - - return param; - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/PKIXCertPath.java b/luni/src/main/java/org/bouncycastle/jce/provider/PKIXCertPath.java deleted file mode 100644 index 69585b8..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/PKIXCertPath.java +++ /dev/null @@ -1,391 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.BufferedInputStream; -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStreamWriter; -import java.security.NoSuchProviderException; -import java.security.cert.CertPath; -import java.security.cert.Certificate; -import java.security.cert.CertificateEncodingException; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Collections; -import java.util.Enumeration; -import java.util.Iterator; -import java.util.List; -import java.util.ListIterator; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DEROutputStream; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.pkcs.ContentInfo; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.SignedData; -// BEGIN android-removed -// import org.bouncycastle.openssl.PEMWriter; -// END android-removed - -/** - * CertPath implementation for X.509 certificates. - * <br /> - **/ -public class PKIXCertPath - extends CertPath -{ - static final List certPathEncodings; - - static - { - List encodings = new ArrayList(); - encodings.add("PkiPath"); - encodings.add("PEM"); - encodings.add("PKCS7"); - certPathEncodings = Collections.unmodifiableList(encodings); - } - - private List certificates; - - /** - * @param certs - */ - private List sortCerts( - List certs) - { - if (certs.size() < 2) - { - return certs; - } - - X500Principal issuer = ((X509Certificate)certs.get(0)).getIssuerX500Principal(); - boolean okay = true; - - for (int i = 1; i != certs.size(); i++) - { - X509Certificate cert = (X509Certificate)certs.get(i); - - if (issuer.equals(cert.getSubjectX500Principal())) - { - issuer = ((X509Certificate)certs.get(i)).getIssuerX500Principal(); - } - else - { - okay = false; - break; - } - } - - if (okay) - { - return certs; - } - - // find end-entity cert - List retList = new ArrayList(certs.size()); - - for (int i = 0; i < certs.size(); i++) - { - X509Certificate cert = (X509Certificate)certs.get(i); - boolean found = false; - - X500Principal subject = cert.getSubjectX500Principal(); - - for (int j = 0; j != certs.size(); j++) - { - X509Certificate c = (X509Certificate)certs.get(j); - if (c.getIssuerX500Principal().equals(subject)) - { - found = true; - break; - } - } - - if (!found) - { - retList.add(cert); - certs.remove(i); - } - } - - // can only have one end entity cert - something's wrong, give up. - if (retList.size() > 1) - { - for (int i = 0; i != certs.size(); i++) - { - retList.add(certs.get(i)); - } - - return retList; - } - - for (int i = 0; i != retList.size(); i++) - { - issuer = ((X509Certificate)retList.get(i)).getIssuerX500Principal(); - - for (int j = 0; j < certs.size(); j++) - { - X509Certificate c = (X509Certificate)certs.get(j); - if (issuer.equals(c.getSubjectX500Principal())) - { - retList.add(c); - certs.remove(j); - break; - } - } - } - - // make sure all certificates are accounted for. - for (int i = 0; i != certs.size(); i++) - { - retList.add(certs.get(i)); - } - - return retList; - } - - PKIXCertPath(List certificates) - { - super("X.509"); - this.certificates = sortCerts(new ArrayList(certificates)); - } - - /** - * Creates a CertPath of the specified type. - * This constructor is protected because most users should use - * a CertificateFactory to create CertPaths. - **/ - PKIXCertPath( - InputStream inStream, - String encoding) - throws CertificateException - { - super("X.509"); - try - { - if (encoding.equalsIgnoreCase("PkiPath")) - { - ASN1InputStream derInStream = new ASN1InputStream(inStream); - DERObject derObject = derInStream.readObject(); - if (!(derObject instanceof ASN1Sequence)) - { - throw new CertificateException("input stream does not contain a ASN1 SEQUENCE while reading PkiPath encoded data to load CertPath"); - } - Enumeration e = ((ASN1Sequence)derObject).getObjects(); - InputStream certInStream; - ByteArrayOutputStream outStream; - DEROutputStream derOutStream; - certificates = new ArrayList(); - CertificateFactory certFactory= CertificateFactory.getInstance("X.509", "BC"); - while (e.hasMoreElements()) - { - outStream = new ByteArrayOutputStream(); - derOutStream = new DEROutputStream(outStream); - - derOutStream.writeObject(e.nextElement()); - derOutStream.close(); - - certInStream = new ByteArrayInputStream(outStream.toByteArray()); - certificates.add(0,certFactory.generateCertificate(certInStream)); - } - } - else if (encoding.equalsIgnoreCase("PKCS7") || encoding.equalsIgnoreCase("PEM")) - { - inStream = new BufferedInputStream(inStream); - certificates = new ArrayList(); - CertificateFactory certFactory= CertificateFactory.getInstance("X.509", "BC"); - Certificate cert; - while ((cert = certFactory.generateCertificate(inStream)) != null) - { - certificates.add(cert); - } - } - else - { - throw new CertificateException("unsupported encoding: " + encoding); - } - } - catch (IOException ex) - { - throw new CertificateException("IOException throw while decoding CertPath:\n" + ex.toString()); - } - catch (NoSuchProviderException ex) - { - throw new CertificateException("BouncyCastle provider not found while trying to get a CertificateFactory:\n" + ex.toString()); - } - - this.certificates = sortCerts(certificates); - } - - /** - * Returns an iteration of the encodings supported by this - * certification path, with the default encoding - * first. Attempts to modify the returned Iterator via its - * remove method result in an UnsupportedOperationException. - * - * @return an Iterator over the names of the supported encodings (as Strings) - **/ - public Iterator getEncodings() - { - return certPathEncodings.iterator(); - } - - /** - * Returns the encoded form of this certification path, using - * the default encoding. - * - * @return the encoded bytes - * @exception CertificateEncodingException if an encoding error occurs - **/ - public byte[] getEncoded() - throws CertificateEncodingException - { - Iterator iter = getEncodings(); - if (iter.hasNext()) - { - Object enc = iter.next(); - if (enc instanceof String) - { - return getEncoded((String)enc); - } - } - return null; - } - - /** - * Returns the encoded form of this certification path, using - * the specified encoding. - * - * @param encoding the name of the encoding to use - * @return the encoded bytes - * @exception CertificateEncodingException if an encoding error - * occurs or the encoding requested is not supported - * - **/ - public byte[] getEncoded(String encoding) - throws CertificateEncodingException - { - if (encoding.equalsIgnoreCase("PkiPath")) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - ListIterator iter = certificates.listIterator(certificates.size()); - while (iter.hasPrevious()) - { - v.add(toASN1Object((X509Certificate)iter.previous())); - } - - return toDEREncoded(new DERSequence(v)); - } - else if (encoding.equalsIgnoreCase("PKCS7")) - { - ContentInfo encInfo = new ContentInfo(PKCSObjectIdentifiers.data, null); - - ASN1EncodableVector v = new ASN1EncodableVector(); - for (int i = 0; i != certificates.size(); i++) - { - v.add(toASN1Object((X509Certificate)certificates.get(i))); - } - - SignedData sd = new SignedData( - new DERInteger(1), - new DERSet(), - encInfo, - new DERSet(v), - null, - new DERSet()); - - return toDEREncoded(new ContentInfo( - PKCSObjectIdentifiers.signedData, sd)); - } - // BEGIN android-removed - // else if (encoding.equalsIgnoreCase("PEM")) - // { - // ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - // PEMWriter pWrt = new PEMWriter(new OutputStreamWriter(bOut)); - // - // try - // { - // for (int i = 0; i != certificates.size(); i++) - // { - // pWrt.writeObject(certificates.get(i)); - // } - // - // pWrt.close(); - // } - // catch (Exception e) - // { - // throw new CertificateEncodingException("can't encode certificate for PEM encoded path"); - // } - // - // return bOut.toByteArray(); - // } - // END android-removed - else - { - throw new CertificateEncodingException("unsupported encoding: " + encoding); - } - } - - /** - * Returns the list of certificates in this certification - * path. The List returned must be immutable and thread-safe. - * - * @return an immutable List of Certificates (may be empty, but not null) - **/ - public List getCertificates() - { - return Collections.unmodifiableList(new ArrayList(certificates)); - } - - /** - * Return a DERObject containing the encoded certificate. - * - * @param cert the X509Certificate object to be encoded - * - * @return the DERObject - **/ - private DERObject toASN1Object( - X509Certificate cert) - throws CertificateEncodingException - { - try - { - return new ASN1InputStream(cert.getEncoded()).readObject(); - } - catch (Exception e) - { - throw new CertificateEncodingException("Exception while encoding certificate: " + e.toString()); - } - } - - private byte[] toDEREncoded(ASN1Encodable obj) - throws CertificateEncodingException - { - try - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - - dOut.writeObject(obj); - dOut.close(); - - return bOut.toByteArray(); - } - catch (IOException e) - { - throw new CertificateEncodingException("Exeption thrown: " + e); - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java b/luni/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java deleted file mode 100644 index 577e5ca..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.java +++ /dev/null @@ -1,353 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.IOException; -import java.security.InvalidAlgorithmParameterException; -import java.security.PublicKey; -import java.security.cert.*; -import java.util.ArrayList; -import java.util.Collection; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; -import java.util.Set; - -import javax.security.auth.x500.X500Principal; - -/** - * Implements the PKIX CertPathBuilding algorithem for BouncyCastle. - * <br /> - * <b>MAYBE: implement more CertPath validation whil build path to omit invalid pathes</b> - * - * @see CertPathBuilderSpi - **/ -public class PKIXCertPathBuilderSpi - extends CertPathBuilderSpi -{ - /** - * Build and validate a CertPath using the given parameter. - * - * @param params PKIXBuilderParameters object containing all - * information to build the CertPath - **/ - public CertPathBuilderResult engineBuild( - CertPathParameters params) - throws CertPathBuilderException, InvalidAlgorithmParameterException - { - if (!(params instanceof PKIXBuilderParameters)) - { - throw new InvalidAlgorithmParameterException("params must be a PKIXBuilderParameters instance"); - } - - PKIXBuilderParameters pkixParams = (PKIXBuilderParameters)params; - - Collection targets; - Iterator targetIter; - List certPathList = new ArrayList(); - X509Certificate cert; - Collection certs; - CertPath certPath = null; - Exception certPathException = null; - - // search target certificates - CertSelector certSelect = pkixParams.getTargetCertConstraints(); - if (certSelect == null) - { - throw new CertPathBuilderException("targetCertConstraints must be non-null for CertPath building"); - } - - try - { - targets = findCertificates(certSelect, pkixParams.getCertStores()); - } - catch (CertStoreException e) - { - throw new CertPathBuilderException(e); - } - - if (targets.isEmpty()) - { - throw new CertPathBuilderException("no certificate found matching targetCertContraints"); - } - - CertificateFactory cFact; - CertPathValidator validator; - - try - { - cFact = CertificateFactory.getInstance("X.509", "BC"); - validator = CertPathValidator.getInstance("PKIX", "BC"); - } - catch (Exception e) - { - throw new CertPathBuilderException("exception creating support classes: " + e); - } - - // - // check all potential target certificates - targetIter = targets.iterator(); - while (targetIter.hasNext()) - { - cert = (X509Certificate)targetIter.next(); - certPathList.clear(); - while (cert != null) - { - // add cert to the certpath - certPathList.add(cert); - - // check wether the issuer of <cert> is a TrustAnchor - if (findTrustAnchor(cert, pkixParams.getTrustAnchors()) != null) - { - try - { - certPath = cFact.generateCertPath(certPathList); - - PKIXCertPathValidatorResult result = (PKIXCertPathValidatorResult)validator.validate(certPath, pkixParams); - - return new PKIXCertPathBuilderResult(certPath, - result.getTrustAnchor(), - result.getPolicyTree(), - result.getPublicKey()); - } - catch (CertificateException ex) - { - certPathException = ex; - } - catch (CertPathValidatorException ex) - { - certPathException = ex; - } - // if validation failed go to next certificate - cert = null; - } - else - { - // try to get the issuer certificate from one - // of the CertStores - try - { - X509Certificate issuer = findIssuer(cert, pkixParams.getCertStores()); - if (issuer.equals(cert)) - { - cert = null; - } - else - { - cert = issuer; - } - } - catch (CertPathValidatorException ex) - { - certPathException = ex; - cert = null; - } - } - } - } - - if (certPath != null) - { - throw new CertPathBuilderException("found certificate chain, but could not be validated", certPathException); - } - - throw new CertPathBuilderException("unable to find certificate chain"); - } - - /** - * Search the given Set of TrustAnchor's for one that is the - * issuer of the fiven X509 certificate. - * - * @param cert the X509 certificate - * @param trustAnchors a Set of TrustAnchor's - * - * @return the <code>TrustAnchor</code> object if found or - * <code>null</code> if not. - * - * @exception CertPathValidatorException if a TrustAnchor was - * found but the signature verificytion on the given certificate - * has thrown an exception. This Exception can be obtainted with - * <code>getCause()</code> method. - **/ - final TrustAnchor findTrustAnchor( - X509Certificate cert, - Set trustAnchors) - throws CertPathBuilderException - { - Iterator iter = trustAnchors.iterator(); - TrustAnchor trust = null; - PublicKey trustPublicKey = null; - Exception invalidKeyEx = null; - - X509CertSelector certSelectX509 = new X509CertSelector(); - - try - { - certSelectX509.setSubject(cert.getIssuerX500Principal().getEncoded()); - } - catch (IOException ex) - { - throw new CertPathBuilderException("can't get trust anchor principal",null); - } - - while (iter.hasNext() && trust == null) - { - trust = (TrustAnchor)iter.next(); - if (trust.getTrustedCert() != null) - { - if (certSelectX509.match(trust.getTrustedCert())) - { - trustPublicKey = trust.getTrustedCert().getPublicKey(); - } - else - { - trust = null; - } - } - else if (trust.getCAName() != null - && trust.getCAPublicKey() != null) - { - try - { - X500Principal certIssuer = cert.getIssuerX500Principal(); - X500Principal caName = new X500Principal(trust.getCAName()); - if (certIssuer.equals(caName)) - { - trustPublicKey = trust.getCAPublicKey(); - } - else - { - trust = null; - } - } - catch (IllegalArgumentException ex) - { - trust = null; - } - } - else - { - trust = null; - } - - if (trustPublicKey != null) - { - try - { - cert.verify(trustPublicKey); - } - catch (Exception ex) - { - invalidKeyEx = ex; - trust = null; - } - } - } - - if (trust == null && invalidKeyEx != null) - { - throw new CertPathBuilderException("TrustAnchor found put certificate validation failed",invalidKeyEx); - } - - return trust; - } - - /** - * Return a Collection of all certificates found in the - * CertStore's that are matching the certSelect criteriums. - * - * @param certSelector a {@link CertSelector CertSelector} - * object that will be used to select the certificates - * @param certStores a List containing only {@link CertStore - * CertStore} objects. These are used to search for - * certificates - * - * @return a Collection of all found {@link Certificate Certificate} - * objects. May be empty but never <code>null</code>. - **/ - private final Collection findCertificates( - CertSelector certSelect, - List certStores) - throws CertStoreException - { - Set certs = new HashSet(); - Iterator iter = certStores.iterator(); - - while (iter.hasNext()) - { - CertStore certStore = (CertStore)iter.next(); - - certs.addAll(certStore.getCertificates(certSelect)); - } - - return certs; - } - - /** - * Find the issuer certificate of the given certificate. - * - * @param cert the certificate hows issuer certificate should - * be found. - * @param certStores a list of <code>CertStore</code> object - * that will be searched - * - * @return then <code>X509Certificate</code> object containing - * the issuer certificate or <code>null</code> if not found - * - * @exception CertPathValidatorException if a TrustAnchor was - * found but the signature verificytion on the given certificate - * has thrown an exception. This Exception can be obtainted with - * <code>getCause()</code> method. - **/ - private final X509Certificate findIssuer( - X509Certificate cert, - List certStores) - throws CertPathValidatorException - { - Exception invalidKeyEx = null; - X509CertSelector certSelect = new X509CertSelector(); - try - { - certSelect.setSubject(cert.getIssuerX500Principal().getEncoded()); - } - catch (IOException ex) - { - throw new CertPathValidatorException("Issuer not found", null, null, -1); - } - - Iterator iter; - try - { - iter = findCertificates(certSelect, certStores).iterator(); - } - catch (CertStoreException e) - { - throw new CertPathValidatorException(e); - } - - X509Certificate issuer = null; - while (iter.hasNext() && issuer == null) - { - issuer = (X509Certificate)iter.next(); - try - { - cert.verify(issuer.getPublicKey()); - } - catch (Exception ex) - { - invalidKeyEx = ex; - issuer = null; - } - } - - if (issuer == null && invalidKeyEx == null) - { - throw new CertPathValidatorException("Issuer not found", null, null, -1); - } - - if (issuer == null && invalidKeyEx != null) - { - throw new CertPathValidatorException("issuer found but certificate validation failed",invalidKeyEx,null,-1); - } - - return issuer; - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java b/luni/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java deleted file mode 100644 index f5d6711..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java +++ /dev/null @@ -1,1468 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.IOException; -import java.math.BigInteger; -import java.security.GeneralSecurityException; -import java.security.InvalidAlgorithmParameterException; -import java.security.PublicKey; -import java.security.cert.CertPath; -import java.security.cert.CertPathParameters; -import java.security.cert.CertPathValidatorException; -import java.security.cert.CertPathValidatorResult; -import java.security.cert.CertPathValidatorSpi; -import java.security.cert.CertificateExpiredException; -import java.security.cert.CertificateNotYetValidException; -import java.security.cert.PKIXCertPathChecker; -import java.security.cert.PKIXCertPathValidatorResult; -import java.security.cert.PKIXParameters; -import java.security.cert.TrustAnchor; -import java.security.cert.X509CRL; -import java.security.cert.X509CRLEntry; -import java.security.cert.X509CRLSelector; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Date; -import java.util.Enumeration; -import java.util.HashMap; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; -import java.util.Map; -import java.util.Set; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DEREnumerated; -import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.BasicConstraints; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.GeneralSubtree; -import org.bouncycastle.asn1.x509.IssuingDistributionPoint; -import org.bouncycastle.asn1.x509.NameConstraints; -import org.bouncycastle.asn1.x509.PolicyInformation; -import org.bouncycastle.asn1.x509.X509Extensions; - -/** - * CertPathValidatorSpi implemenation for X.509 Certificate validation ala rfc 3280<br /> - **/ -public class PKIXCertPathValidatorSpi extends CertPathValidatorSpi -{ - private static final String CERTIFICATE_POLICIES = X509Extensions.CertificatePolicies.getId(); - private static final String POLICY_MAPPINGS = X509Extensions.PolicyMappings.getId(); - private static final String INHIBIT_ANY_POLICY = X509Extensions.InhibitAnyPolicy.getId(); - private static final String ISSUING_DISTRIBUTION_POINT = X509Extensions.IssuingDistributionPoint.getId(); - private static final String DELTA_CRL_INDICATOR = X509Extensions.DeltaCRLIndicator.getId(); - private static final String POLICY_CONSTRAINTS = X509Extensions.PolicyConstraints.getId(); - private static final String BASIC_CONSTRAINTS = X509Extensions.BasicConstraints.getId(); - private static final String SUBJECT_ALTERNATIVE_NAME = X509Extensions.SubjectAlternativeName.getId(); - private static final String NAME_CONSTRAINTS = X509Extensions.NameConstraints.getId(); - private static final String KEY_USAGE = X509Extensions.KeyUsage.getId(); - - private static final String CRL_NUMBER = X509Extensions.CRLNumber.getId(); - - private static final String ANY_POLICY = "2.5.29.32.0"; - - - /* - * key usage bits - */ - private static final int KEY_CERT_SIGN = 5; - private static final int CRL_SIGN = 6; - - private static final String[] crlReasons = new String[] { - "unspecified", - "keyCompromise", - "cACompromise", - "affiliationChanged", - "superseded", - "cessationOfOperation", - "certificateHold", - "unknown", - "removeFromCRL", - "privilegeWithdrawn", - "aACompromise" }; - - - public CertPathValidatorResult engineValidate( - CertPath certPath, - CertPathParameters params) - throws CertPathValidatorException, InvalidAlgorithmParameterException - { - if (!(params instanceof PKIXParameters)) - { - throw new InvalidAlgorithmParameterException("params must be a PKIXParameters instance"); - } - - PKIXParameters paramsPKIX = (PKIXParameters)params; - if (paramsPKIX.getTrustAnchors() == null) - { - throw new InvalidAlgorithmParameterException("trustAnchors is null, this is not allowed for path validation"); - } - - // - // 6.1.1 - inputs - // - - // - // (a) - // - List certs = certPath.getCertificates(); - int n = certs.size(); - - if (certs.isEmpty()) - { - throw new CertPathValidatorException("CertPath is empty", null, certPath, 0); - } - - // - // (b) - // - Date validDate = CertPathValidatorUtilities.getValidDate(paramsPKIX); - - // - // (c) - // - Set userInitialPolicySet = paramsPKIX.getInitialPolicies(); - - // - // (d) - // - X509Certificate lastCert = (X509Certificate)certs.get(certs.size() - 1); - -// BEGIN android-changed - TrustAnchor trust = CertPathValidatorUtilities.findTrustAnchor(lastCert, - certPath, certs.size() - 1, paramsPKIX); -// END android-changed - - if (trust == null) - { - throw new CertPathValidatorException("TrustAnchor for CertPath not found.", null, certPath, -1); - } - - // - // (e), (f), (g) are part of the paramsPKIX object. - // - - Iterator certIter; - int index = 0; - int i; - - // - // 6.1.2 - setup - // - - // - // (a) - // - List [] policyNodes = new ArrayList[n + 1]; - for (int j = 0; j < policyNodes.length; j++) - { - policyNodes[j] = new ArrayList(); - } - - Set policySet = new HashSet(); - - policySet.add(ANY_POLICY); - - PKIXPolicyNode validPolicyTree = new PKIXPolicyNode(new ArrayList(), 0, policySet, null, new HashSet(), ANY_POLICY, false); - - policyNodes[0].add(validPolicyTree); - - // - // (b) - // - Set permittedSubtreesDN = new HashSet(); - Set permittedSubtreesEmail = new HashSet(); - Set permittedSubtreesIP = new HashSet(); - - // - // (c) - // - Set excludedSubtreesDN = new HashSet(); - Set excludedSubtreesEmail = new HashSet(); - Set excludedSubtreesIP = new HashSet(); - - // - // (d) - // - int explicitPolicy; - Set acceptablePolicies = null; - - if (paramsPKIX.isExplicitPolicyRequired()) - { - explicitPolicy = 0; - } - else - { - explicitPolicy = n + 1; - } - - // - // (e) - // - int inhibitAnyPolicy; - - if (paramsPKIX.isAnyPolicyInhibited()) - { - inhibitAnyPolicy = 0; - } - else - { - inhibitAnyPolicy = n + 1; - } - - // - // (f) - // - int policyMapping; - - if (paramsPKIX.isPolicyMappingInhibited()) - { - policyMapping = 0; - } - else - { - policyMapping = n + 1; - } - - // - // (g), (h), (i), (j) - // - PublicKey workingPublicKey; - X500Principal workingIssuerName; - - X509Certificate sign = trust.getTrustedCert(); - boolean trustAnchorInChain = false; - try - { - if (sign != null) - { - workingIssuerName = CertPathValidatorUtilities.getSubjectPrincipal(sign); - workingPublicKey = sign.getPublicKey(); - - // There is similar code in CertPathValidatorUtilities. - try { - byte[] trustBytes = sign.getEncoded(); - byte[] certBytes = lastCert.getEncoded(); - trustAnchorInChain = Arrays.equals(trustBytes, certBytes); - } catch(Exception e) { - // ignore, continue with trustAnchorInChain being false - } - } - else - { - workingIssuerName = new X500Principal(trust.getCAName()); - workingPublicKey = trust.getCAPublicKey(); - } - } - catch (IllegalArgumentException ex) - { - throw new CertPathValidatorException("TrustAnchor subjectDN: " + ex.toString()); - } - - AlgorithmIdentifier workingAlgId = CertPathValidatorUtilities.getAlgorithmIdentifier(workingPublicKey); - DERObjectIdentifier workingPublicKeyAlgorithm = workingAlgId.getObjectId(); - DEREncodable workingPublicKeyParameters = workingAlgId.getParameters(); - - // - // (k) - // - int maxPathLength = n; - - // - // 6.1.3 - // - Iterator tmpIter; - int tmpInt; - - if (paramsPKIX.getTargetCertConstraints() != null - && !paramsPKIX.getTargetCertConstraints().match((X509Certificate)certs.get(0))) - { - throw new CertPathValidatorException("target certificate in certpath does not match targetcertconstraints", null, certPath, 0); - } - - - // - // initialise CertPathChecker's - // - List pathCheckers = paramsPKIX.getCertPathCheckers(); - certIter = pathCheckers.iterator(); - while (certIter.hasNext()) - { - ((PKIXCertPathChecker)certIter.next()).init(false); - } - - X509Certificate cert = null; - - for (index = certs.size() - 1; index >= 0 ; index--) - { - try - { - // - // i as defined in the algorithm description - // - i = n - index; - - // - // set certificate to be checked in this round - // sign and workingPublicKey and workingIssuerName are set - // at the end of the for loop and initialied the - // first time from the TrustAnchor - // - cert = (X509Certificate)certs.get(index); - - // - // 6.1.3 - // - - // - // (a) verify - // - try - { - // (a) (1) - // - if (!(i == 1 && trustAnchorInChain)) // if not at the root certificate - { - cert.verify(workingPublicKey, "BC"); - } - } - catch (GeneralSecurityException e) - { - throw new CertPathValidatorException("Could not validate certificate signature.", e, certPath, index); - } - - try - { - // (a) (2) - // - cert.checkValidity(validDate); - } - catch (CertificateExpiredException e) - { - throw new CertPathValidatorException("Could not validate certificate: " + e.getMessage(), e, certPath, index); - } - catch (CertificateNotYetValidException e) - { - throw new CertPathValidatorException("Could not validate certificate: " + e.getMessage(), e, certPath, index); - } - - // - // (a) (3) - // - if (paramsPKIX.isRevocationEnabled()) - { - checkCRLs(paramsPKIX, cert, validDate, sign, workingPublicKey); - } - - // - // (a) (4) name chaining - // - if (!CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert).equals(workingIssuerName)) - { - throw new CertPathValidatorException( - "IssuerName(" + CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert) + - ") does not match SubjectName(" + workingIssuerName + - ") of signing certificate", null, certPath, index); - } - - // - // (b), (c) permitted and excluded subtree checking. - // - if (!(CertPathValidatorUtilities.isSelfIssued(cert) && (i < n))) - { - X500Principal principal = CertPathValidatorUtilities.getSubjectPrincipal(cert); - ASN1InputStream aIn = new ASN1InputStream(principal.getEncoded()); - ASN1Sequence dns; - - try - { - dns = (ASN1Sequence)aIn.readObject(); - } - catch (IOException e) - { - throw new CertPathValidatorException("exception extracting subject name when checking subtrees"); - } - - CertPathValidatorUtilities.checkPermittedDN(permittedSubtreesDN, dns); - - CertPathValidatorUtilities.checkExcludedDN(excludedSubtreesDN, dns); - - ASN1Sequence altName = (ASN1Sequence)CertPathValidatorUtilities.getExtensionValue(cert, SUBJECT_ALTERNATIVE_NAME); - if (altName != null) - { - for (int j = 0; j < altName.size(); j++) - { - ASN1TaggedObject o = (ASN1TaggedObject)altName.getObjectAt(j); - - switch(o.getTagNo()) - { - case 1: - String email = DERIA5String.getInstance(o, true).getString(); - - CertPathValidatorUtilities.checkPermittedEmail(permittedSubtreesEmail, email); - CertPathValidatorUtilities.checkExcludedEmail(excludedSubtreesEmail, email); - break; - case 4: - ASN1Sequence altDN = ASN1Sequence.getInstance(o, true); - - CertPathValidatorUtilities.checkPermittedDN(permittedSubtreesDN, altDN); - CertPathValidatorUtilities.checkExcludedDN(excludedSubtreesDN, altDN); - break; - case 7: - byte[] ip = ASN1OctetString.getInstance(o, true).getOctets(); - - CertPathValidatorUtilities.checkPermittedIP(permittedSubtreesIP, ip); - CertPathValidatorUtilities.checkExcludedIP(excludedSubtreesIP, ip); - } - } - } - } - - // - // (d) policy Information checking against initial policy and - // policy mapping - // - ASN1Sequence certPolicies = (ASN1Sequence)CertPathValidatorUtilities.getExtensionValue(cert, CERTIFICATE_POLICIES); - if (certPolicies != null && validPolicyTree != null) - { - // - // (d) (1) - // - Enumeration e = certPolicies.getObjects(); - Set pols = new HashSet(); - - while (e.hasMoreElements()) - { - PolicyInformation pInfo = PolicyInformation.getInstance(e.nextElement()); - DERObjectIdentifier pOid = pInfo.getPolicyIdentifier(); - - pols.add(pOid.getId()); - - if (!ANY_POLICY.equals(pOid.getId())) - { - Set pq = CertPathValidatorUtilities.getQualifierSet(pInfo.getPolicyQualifiers()); - - boolean match = CertPathValidatorUtilities.processCertD1i(i, policyNodes, pOid, pq); - - if (!match) - { - CertPathValidatorUtilities.processCertD1ii(i, policyNodes, pOid, pq); - } - } - } - - if (acceptablePolicies == null || acceptablePolicies.contains(ANY_POLICY)) - { - acceptablePolicies = pols; - } - else - { - Iterator it = acceptablePolicies.iterator(); - Set t1 = new HashSet(); - - while (it.hasNext()) - { - Object o = it.next(); - - if (pols.contains(o)) - { - t1.add(o); - } - } - - acceptablePolicies = t1; - } - - // - // (d) (2) - // - if ((inhibitAnyPolicy > 0) || ((i < n) && CertPathValidatorUtilities.isSelfIssued(cert))) - { - e = certPolicies.getObjects(); - - while (e.hasMoreElements()) - { - PolicyInformation pInfo = PolicyInformation.getInstance(e.nextElement()); - - if (ANY_POLICY.equals(pInfo.getPolicyIdentifier().getId())) - { - Set _apq = CertPathValidatorUtilities.getQualifierSet(pInfo.getPolicyQualifiers()); - List _nodes = policyNodes[i - 1]; - - for (int k = 0; k < _nodes.size(); k++) - { - PKIXPolicyNode _node = (PKIXPolicyNode)_nodes.get(k); - - Iterator _policySetIter = _node.getExpectedPolicies().iterator(); - while (_policySetIter.hasNext()) - { - Object _tmp = _policySetIter.next(); - - String _policy; - if (_tmp instanceof String) - { - _policy = (String)_tmp; - } - else if (_tmp instanceof DERObjectIdentifier) - { - _policy = ((DERObjectIdentifier)_tmp).getId(); - } - else - { - continue; - } - - boolean _found = false; - Iterator _childrenIter = _node.getChildren(); - - while (_childrenIter.hasNext()) - { - PKIXPolicyNode _child = (PKIXPolicyNode)_childrenIter.next(); - - if (_policy.equals(_child.getValidPolicy())) - { - _found = true; - } - } - - if (!_found) - { - Set _newChildExpectedPolicies = new HashSet(); - _newChildExpectedPolicies.add(_policy); - - PKIXPolicyNode _newChild = new PKIXPolicyNode(new ArrayList(), - i, - _newChildExpectedPolicies, - _node, - _apq, - _policy, - false); - _node.addChild(_newChild); - policyNodes[i].add(_newChild); - } - } - } - break; - } - } - } - - // - // (d) (3) - // - for (int j = (i - 1); j >= 0; j--) - { - List nodes = policyNodes[j]; - - for (int k = 0; k < nodes.size(); k++) - { - PKIXPolicyNode node = (PKIXPolicyNode)nodes.get(k); - if (!node.hasChildren()) - { - validPolicyTree = CertPathValidatorUtilities.removePolicyNode(validPolicyTree, policyNodes, node); - if (validPolicyTree == null) - { - break; - } - } - } - } - - // - // d (4) - // - Set criticalExtensionOids = cert.getCriticalExtensionOIDs(); - - if (criticalExtensionOids != null) - { - boolean critical = criticalExtensionOids.contains(CERTIFICATE_POLICIES); - - List nodes = policyNodes[i]; - for (int j = 0; j < nodes.size(); j++) - { - PKIXPolicyNode node = (PKIXPolicyNode)nodes.get(j); - node.setCritical(critical); - } - } - } - - // - // (e) - // - if (certPolicies == null) - { - validPolicyTree = null; - } - - // - // (f) - // - if (explicitPolicy <= 0 && validPolicyTree == null) - { - throw new CertPathValidatorException("No valid policy tree found when one expected."); - } - - // - // 6.1.4 - // - - if (i != n) // if not at the end-entity certificate - { - if (cert != null && cert.getVersion() == 1) - { - if (!(i == 1 && trustAnchorInChain)) // if not at the root certificate - { - throw new CertPathValidatorException( - "Version 1 certs can't be used as intermediate certificates"); - } - } - - // - // - // (a) check the policy mappings - // - DERObject pm = CertPathValidatorUtilities.getExtensionValue(cert, POLICY_MAPPINGS); - if (pm != null) - { - ASN1Sequence mappings = (ASN1Sequence)pm; - - for (int j = 0; j < mappings.size(); j++) - { - ASN1Sequence mapping = (ASN1Sequence)mappings.getObjectAt(j); - - DERObjectIdentifier issuerDomainPolicy = (DERObjectIdentifier)mapping.getObjectAt(0); - DERObjectIdentifier subjectDomainPolicy = (DERObjectIdentifier)mapping.getObjectAt(1); - - if (ANY_POLICY.equals(issuerDomainPolicy.getId())) - { - - throw new CertPathValidatorException("IssuerDomainPolicy is anyPolicy"); - } - - if (ANY_POLICY.equals(subjectDomainPolicy.getId())) - { - - throw new CertPathValidatorException("SubjectDomainPolicy is anyPolicy"); - } - } - } - - // (b) - // - if (pm != null) - { - ASN1Sequence mappings = (ASN1Sequence)pm; - Map m_idp = new HashMap(); - Set s_idp = new HashSet(); - - for (int j = 0; j < mappings.size(); j++) - { - ASN1Sequence mapping = (ASN1Sequence)mappings.getObjectAt(j); - String id_p = ((DERObjectIdentifier)mapping.getObjectAt(0)).getId(); - String sd_p = ((DERObjectIdentifier)mapping.getObjectAt(1)).getId(); - Set tmp; - - if (!m_idp.containsKey(id_p)) - { - tmp = new HashSet(); - tmp.add(sd_p); - m_idp.put(id_p, tmp); - s_idp.add(id_p); - } - else - { - tmp = (Set)m_idp.get(id_p); - tmp.add(sd_p); - } - } - - Iterator it_idp = s_idp.iterator(); - while (it_idp.hasNext()) - { - String id_p = (String)it_idp.next(); - - // - // (1) - // - if (policyMapping > 0) - { - boolean idp_found = false; - Iterator nodes_i = policyNodes[i].iterator(); - while (nodes_i.hasNext()) - { - PKIXPolicyNode node = (PKIXPolicyNode)nodes_i.next(); - if (node.getValidPolicy().equals(id_p)) - { - idp_found = true; - node.expectedPolicies = (Set)m_idp.get(id_p); - break; - } - } - - if (!idp_found) - { - nodes_i = policyNodes[i].iterator(); - while (nodes_i.hasNext()) - { - PKIXPolicyNode node = (PKIXPolicyNode)nodes_i.next(); - if (ANY_POLICY.equals(node.getValidPolicy())) - { - Set pq = null; - ASN1Sequence policies = (ASN1Sequence)CertPathValidatorUtilities.getExtensionValue( - cert, CERTIFICATE_POLICIES); - Enumeration e = policies.getObjects(); - while (e.hasMoreElements()) - { - PolicyInformation pinfo = PolicyInformation.getInstance(e.nextElement()); - if (ANY_POLICY.equals(pinfo.getPolicyIdentifier().getId())) - { - pq = CertPathValidatorUtilities.getQualifierSet(pinfo.getPolicyQualifiers()); - break; - } - } - boolean ci = false; - if (cert.getCriticalExtensionOIDs() != null) - { - ci = cert.getCriticalExtensionOIDs().contains(CERTIFICATE_POLICIES); - } - - PKIXPolicyNode p_node = (PKIXPolicyNode)node.getParent(); - if (ANY_POLICY.equals(p_node.getValidPolicy())) - { - PKIXPolicyNode c_node = new PKIXPolicyNode( - new ArrayList(), i, - (Set)m_idp.get(id_p), - p_node, pq, id_p, ci); - p_node.addChild(c_node); - policyNodes[i].add(c_node); - } - break; - } - } - } - - // - // (2) - // - } - else if (policyMapping <= 0) - { - Iterator nodes_i = policyNodes[i].iterator(); - while (nodes_i.hasNext()) - { - PKIXPolicyNode node = (PKIXPolicyNode)nodes_i.next(); - if (node.getValidPolicy().equals(id_p)) - { - PKIXPolicyNode p_node = (PKIXPolicyNode)node.getParent(); - p_node.removeChild(node); - nodes_i.remove(); - for (int k = (i - 1); k >= 0; k--) - { - List nodes = policyNodes[k]; - for (int l = 0; l < nodes.size(); l++) - { - PKIXPolicyNode node2 = (PKIXPolicyNode)nodes.get(l); - if (!node2.hasChildren()) - { - validPolicyTree = CertPathValidatorUtilities.removePolicyNode(validPolicyTree, policyNodes, node2); - if (validPolicyTree == null) - { - break; - } - } - } - } - } - } - } - } - } - - // - // (g) handle the name constraints extension - // - ASN1Sequence ncSeq = (ASN1Sequence)CertPathValidatorUtilities.getExtensionValue(cert, NAME_CONSTRAINTS); - if (ncSeq != null) - { - NameConstraints nc = new NameConstraints(ncSeq); - - // - // (g) (1) permitted subtrees - // - ASN1Sequence permitted = nc.getPermittedSubtrees(); - if (permitted != null) - { - Enumeration e = permitted.getObjects(); - while (e.hasMoreElements()) - { - GeneralSubtree subtree = GeneralSubtree.getInstance(e.nextElement()); - GeneralName base = subtree.getBase(); - - switch(base.getTagNo()) - { - case 1: - permittedSubtreesEmail = CertPathValidatorUtilities.intersectEmail(permittedSubtreesEmail, DERIA5String.getInstance(base.getName()).getString()); - break; - case 4: - permittedSubtreesDN = CertPathValidatorUtilities.intersectDN(permittedSubtreesDN, (ASN1Sequence)base.getName()); - break; - case 7: - permittedSubtreesIP = CertPathValidatorUtilities.intersectIP(permittedSubtreesIP, ASN1OctetString.getInstance(base.getName()).getOctets()); - break; - } - } - } - - // - // (g) (2) excluded subtrees - // - ASN1Sequence excluded = nc.getExcludedSubtrees(); - if (excluded != null) - { - Enumeration e = excluded.getObjects(); - while (e.hasMoreElements()) - { - GeneralSubtree subtree = GeneralSubtree.getInstance(e.nextElement()); - GeneralName base = subtree.getBase(); - - switch(base.getTagNo()) - { - case 1: - excludedSubtreesEmail = CertPathValidatorUtilities.unionEmail(excludedSubtreesEmail, DERIA5String.getInstance(base.getName()).getString()); - break; - case 4: - excludedSubtreesDN = CertPathValidatorUtilities.unionDN(excludedSubtreesDN, (ASN1Sequence)base.getName()); - break; - case 7: - excludedSubtreesIP = CertPathValidatorUtilities.unionIP(excludedSubtreesIP, ASN1OctetString.getInstance(base.getName()).getOctets()); - break; - } - } - } - } - - // - // (h) - // - if (!CertPathValidatorUtilities.isSelfIssued(cert)) - { - // - // (1) - // - if (explicitPolicy != 0) - { - explicitPolicy--; - } - - // - // (2) - // - if (policyMapping != 0) - { - policyMapping--; - } - - // - // (3) - // - if (inhibitAnyPolicy != 0) - { - inhibitAnyPolicy--; - } - } - - // - // (i) - // - ASN1Sequence pc = (ASN1Sequence)CertPathValidatorUtilities.getExtensionValue(cert, POLICY_CONSTRAINTS); - - if (pc != null) - { - Enumeration policyConstraints = pc.getObjects(); - - while (policyConstraints.hasMoreElements()) - { - ASN1TaggedObject constraint = (ASN1TaggedObject)policyConstraints.nextElement(); - switch (constraint.getTagNo()) - { - case 0: - tmpInt = DERInteger.getInstance(constraint).getValue().intValue(); - if (tmpInt < explicitPolicy) - { - explicitPolicy = tmpInt; - } - break; - case 1: - tmpInt = DERInteger.getInstance(constraint).getValue().intValue(); - if (tmpInt < policyMapping) - { - policyMapping = tmpInt; - } - break; - } - } - } - - // - // (j) - // - DERInteger iap = (DERInteger)CertPathValidatorUtilities.getExtensionValue(cert, INHIBIT_ANY_POLICY); - - if (iap != null) - { - int _inhibitAnyPolicy = iap.getValue().intValue(); - - if (_inhibitAnyPolicy < inhibitAnyPolicy) - { - inhibitAnyPolicy = _inhibitAnyPolicy; - } - } - - // - // (k) - // - BasicConstraints bc = BasicConstraints.getInstance( - CertPathValidatorUtilities.getExtensionValue(cert, BASIC_CONSTRAINTS)); - if (bc != null) - { - if (!(bc.isCA())) - { - throw new CertPathValidatorException("Not a CA certificate"); - } - } - else - { - if (!(i == 1 && trustAnchorInChain)) // if not at the root certificate - { - throw new CertPathValidatorException("Intermediate certificate lacks BasicConstraints"); - } - } - - // - // (l) - // - if (!CertPathValidatorUtilities.isSelfIssued(cert)) - { - if (maxPathLength <= 0) - { - throw new CertPathValidatorException("Max path length not greater than zero"); - } - - maxPathLength--; - } - - // - // (m) - // - if (bc != null) - { - BigInteger _pathLengthConstraint = bc.getPathLenConstraint(); - - if (_pathLengthConstraint != null) - { - int _plc = _pathLengthConstraint.intValue(); - - if (_plc < maxPathLength) - { - maxPathLength = _plc; - } - } - } - - // - // (n) - // - boolean[] _usage = cert.getKeyUsage(); - - if ((_usage != null) && !_usage[5]) - { - throw new CertPathValidatorException( - "Issuer certificate keyusage extension is critical an does not permit key signing.\n", - null, certPath, index); - } - - // - // (o) - // - if (cert.getCriticalExtensionOIDs() != null) - { - Set criticalExtensions = new HashSet(cert.getCriticalExtensionOIDs()); - // these extensions are handle by the algorithem - criticalExtensions.remove(KEY_USAGE); - criticalExtensions.remove(CERTIFICATE_POLICIES); - criticalExtensions.remove(POLICY_MAPPINGS); - criticalExtensions.remove(INHIBIT_ANY_POLICY); - criticalExtensions.remove(ISSUING_DISTRIBUTION_POINT); - criticalExtensions.remove(DELTA_CRL_INDICATOR); - criticalExtensions.remove(POLICY_CONSTRAINTS); - criticalExtensions.remove(BASIC_CONSTRAINTS); - criticalExtensions.remove(SUBJECT_ALTERNATIVE_NAME); - criticalExtensions.remove(NAME_CONSTRAINTS); - - tmpIter = pathCheckers.iterator(); - while (tmpIter.hasNext()) - { - try - { - ((PKIXCertPathChecker)tmpIter.next()).check(cert, criticalExtensions); - } - catch (CertPathValidatorException e) - { - throw new CertPathValidatorException(e.getMessage(), e.getCause(), certPath, index); - } - } - if (!criticalExtensions.isEmpty()) - { - throw new CertPathValidatorException( - "Certificate has unsupported critical extension", null, certPath, index); - } - } - } - - // set signing certificate for next round - sign = cert; - workingPublicKey = sign.getPublicKey(); - try - { - workingIssuerName = CertPathValidatorUtilities.getSubjectPrincipal(sign); - } - catch (IllegalArgumentException ex) - { - throw new CertPathValidatorException(sign.getSubjectDN().getName() + " :" + ex.toString()); - } - workingAlgId = CertPathValidatorUtilities.getAlgorithmIdentifier(workingPublicKey); - workingPublicKeyAlgorithm = workingAlgId.getObjectId(); - workingPublicKeyParameters = workingAlgId.getParameters(); - } - catch (AnnotatedException e) - { - throw new CertPathValidatorException(e.getMessage(), e.getUnderlyingException(), certPath, index); - } - } - - // - // 6.1.5 Wrap-up procedure - // - - // - // (a) - // - if (!CertPathValidatorUtilities.isSelfIssued(cert) && (explicitPolicy != 0)) - { - explicitPolicy--; - } - - // - // (b) - // - try - { - ASN1Sequence pc = (ASN1Sequence)CertPathValidatorUtilities.getExtensionValue(cert, POLICY_CONSTRAINTS); - if (pc != null) - { - Enumeration policyConstraints = pc.getObjects(); - - while (policyConstraints.hasMoreElements()) - { - ASN1TaggedObject constraint = (ASN1TaggedObject)policyConstraints.nextElement(); - switch (constraint.getTagNo()) - { - case 0: - tmpInt = DERInteger.getInstance(constraint).getValue().intValue(); - if (tmpInt == 0) - { - explicitPolicy = 0; - } - break; - } - } - } - } - catch (AnnotatedException e) - { - throw new CertPathValidatorException(e.getMessage(), e.getUnderlyingException(), certPath, index); - } - - // - // (c) (d) and (e) are already done - // - - // - // (f) - // - Set criticalExtensions = cert.getCriticalExtensionOIDs(); - - if (criticalExtensions != null) - { - criticalExtensions = new HashSet(criticalExtensions); - // these extensions are handle by the algorithm - criticalExtensions.remove(KEY_USAGE); - criticalExtensions.remove(CERTIFICATE_POLICIES); - criticalExtensions.remove(POLICY_MAPPINGS); - criticalExtensions.remove(INHIBIT_ANY_POLICY); - criticalExtensions.remove(ISSUING_DISTRIBUTION_POINT); - criticalExtensions.remove(DELTA_CRL_INDICATOR); - criticalExtensions.remove(POLICY_CONSTRAINTS); - criticalExtensions.remove(BASIC_CONSTRAINTS); - criticalExtensions.remove(SUBJECT_ALTERNATIVE_NAME); - criticalExtensions.remove(NAME_CONSTRAINTS); - } - else - { - criticalExtensions = new HashSet(); - } - - tmpIter = pathCheckers.iterator(); - while (tmpIter.hasNext()) - { - try - { - ((PKIXCertPathChecker)tmpIter.next()).check(cert, criticalExtensions); - } - catch (CertPathValidatorException e) - { - throw new CertPathValidatorException(e.getMessage(), e.getCause(), certPath, index); - } - } - - if (!criticalExtensions.isEmpty()) - { - throw new CertPathValidatorException( - "Certificate has unsupported critical extension", null, certPath, index); - } - - // - // (g) - // - PKIXPolicyNode intersection; - - - // - // (g) (i) - // - if (validPolicyTree == null) - { - if (paramsPKIX.isExplicitPolicyRequired()) - { - throw new CertPathValidatorException("Explicit policy requested but none available."); - } - intersection = null; - } - else if (CertPathValidatorUtilities.isAnyPolicy(userInitialPolicySet)) // (g) (ii) - { - if (paramsPKIX.isExplicitPolicyRequired()) - { - if (acceptablePolicies.isEmpty()) - { - throw new CertPathValidatorException("Explicit policy requested but none available."); - } - else - { - Set _validPolicyNodeSet = new HashSet(); - - for (int j = 0; j < policyNodes.length; j++) - { - List _nodeDepth = policyNodes[j]; - - for (int k = 0; k < _nodeDepth.size(); k++) - { - PKIXPolicyNode _node = (PKIXPolicyNode)_nodeDepth.get(k); - - if (ANY_POLICY.equals(_node.getValidPolicy())) - { - Iterator _iter = _node.getChildren(); - while (_iter.hasNext()) - { - _validPolicyNodeSet.add(_iter.next()); - } - } - } - } - - Iterator _vpnsIter = _validPolicyNodeSet.iterator(); - while (_vpnsIter.hasNext()) - { - PKIXPolicyNode _node = (PKIXPolicyNode)_vpnsIter.next(); - String _validPolicy = _node.getValidPolicy(); - - if (!acceptablePolicies.contains(_validPolicy)) - { - //validPolicyTree = removePolicyNode(validPolicyTree, policyNodes, _node); - } - } - if (validPolicyTree != null) - { - for (int j = (n - 1); j >= 0; j--) - { - List nodes = policyNodes[j]; - - for (int k = 0; k < nodes.size(); k++) - { - PKIXPolicyNode node = (PKIXPolicyNode)nodes.get(k); - if (!node.hasChildren()) - { - validPolicyTree = CertPathValidatorUtilities.removePolicyNode(validPolicyTree, policyNodes, node); - } - } - } - } - } - } - - intersection = validPolicyTree; - } - else - { - // - // (g) (iii) - // - // This implementation is not exactly same as the one described in RFC3280. - // However, as far as the validation result is concerned, both produce - // adequate result. The only difference is whether AnyPolicy is remain - // in the policy tree or not. - // - // (g) (iii) 1 - // - Set _validPolicyNodeSet = new HashSet(); - - for (int j = 0; j < policyNodes.length; j++) - { - List _nodeDepth = policyNodes[j]; - - for (int k = 0; k < _nodeDepth.size(); k++) - { - PKIXPolicyNode _node = (PKIXPolicyNode)_nodeDepth.get(k); - - if (ANY_POLICY.equals(_node.getValidPolicy())) - { - Iterator _iter = _node.getChildren(); - while (_iter.hasNext()) - { - PKIXPolicyNode _c_node = (PKIXPolicyNode)_iter.next(); - if (!ANY_POLICY.equals(_c_node.getValidPolicy())) - { - _validPolicyNodeSet.add(_c_node); - } - } - } - } - } - - // - // (g) (iii) 2 - // - Iterator _vpnsIter = _validPolicyNodeSet.iterator(); - while (_vpnsIter.hasNext()) - { - PKIXPolicyNode _node = (PKIXPolicyNode)_vpnsIter.next(); - String _validPolicy = _node.getValidPolicy(); - - if (!userInitialPolicySet.contains(_validPolicy)) - { - validPolicyTree = CertPathValidatorUtilities.removePolicyNode(validPolicyTree, policyNodes, _node); - } - } - - // - // (g) (iii) 4 - // - if (validPolicyTree != null) - { - for (int j = (n - 1); j >= 0; j--) - { - List nodes = policyNodes[j]; - - for (int k = 0; k < nodes.size(); k++) - { - PKIXPolicyNode node = (PKIXPolicyNode)nodes.get(k); - if (!node.hasChildren()) - { - validPolicyTree = CertPathValidatorUtilities.removePolicyNode(validPolicyTree, policyNodes, node); - } - } - } - } - - intersection = validPolicyTree; - } - - if ((explicitPolicy > 0) || (intersection != null)) - { - return new PKIXCertPathValidatorResult(trust, intersection, workingPublicKey); - } - - throw new CertPathValidatorException("Path processing failed on policy.", null, certPath, index); - } - - private void checkCRLs(PKIXParameters paramsPKIX, X509Certificate cert, Date validDate, X509Certificate sign, PublicKey workingPublicKey) - throws AnnotatedException - { - X509CRLSelector crlselect; - crlselect = new X509CRLSelector(); - - try - { - crlselect.addIssuerName(CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert).getEncoded()); - } - catch (IOException e) - { - throw new AnnotatedException("Cannot extract issuer from certificate: " + e, e); - } - - crlselect.setCertificateChecking(cert); - - Iterator crl_iter = CertPathValidatorUtilities.findCRLs(crlselect, paramsPKIX.getCertStores()).iterator(); - boolean validCrlFound = false; - X509CRLEntry crl_entry; - while (crl_iter.hasNext()) - { - X509CRL crl = (X509CRL)crl_iter.next(); - - if (cert.getNotAfter().after(crl.getThisUpdate())) - { - if (crl.getNextUpdate() == null - || validDate.before(crl.getNextUpdate())) - { - validCrlFound = true; - } - - if (sign != null) - { - boolean[] keyusage = sign.getKeyUsage(); - - if (keyusage != null - && (keyusage.length < 7 || !keyusage[CRL_SIGN])) - { - throw new AnnotatedException( - "Issuer certificate keyusage extension does not permit crl signing.\n" + sign); - } - } - - try - { - crl.verify(workingPublicKey, "BC"); - } - catch (Exception e) - { - throw new AnnotatedException("can't verify CRL: " + e, e); - } - - crl_entry = crl.getRevokedCertificate(cert.getSerialNumber()); - if (crl_entry != null - && !validDate.before(crl_entry.getRevocationDate())) - { - String reason = null; - - if (crl_entry.hasExtensions()) - { - DEREnumerated reasonCode = DEREnumerated.getInstance(CertPathValidatorUtilities.getExtensionValue(crl_entry, X509Extensions.ReasonCode.getId())); - if (reasonCode != null) - { - reason = crlReasons[reasonCode.getValue().intValue()]; - } - } - - String message = "Certificate revocation after " + crl_entry.getRevocationDate(); - - if (reason != null) - { - message += ", reason: " + reason; - } - - throw new AnnotatedException(message); - } - - // - // check the DeltaCRL indicator, base point and the issuing distribution point - // - DERObject idp = CertPathValidatorUtilities.getExtensionValue(crl, ISSUING_DISTRIBUTION_POINT); - DERObject dci = CertPathValidatorUtilities.getExtensionValue(crl, DELTA_CRL_INDICATOR); - - if (dci != null) - { - X509CRLSelector baseSelect = new X509CRLSelector(); - - try - { - baseSelect.addIssuerName(CertPathValidatorUtilities.getIssuerPrincipal(crl).getEncoded()); - } - catch (IOException e) - { - throw new AnnotatedException("can't extract issuer from certificate: " + e, e); - } - - baseSelect.setMinCRLNumber(((DERInteger)dci).getPositiveValue()); - baseSelect.setMaxCRLNumber(((DERInteger)CertPathValidatorUtilities.getExtensionValue(crl, CRL_NUMBER)).getPositiveValue().subtract(BigInteger.valueOf(1))); - - boolean foundBase = false; - Iterator it = CertPathValidatorUtilities.findCRLs(baseSelect, paramsPKIX.getCertStores()).iterator(); - while (it.hasNext()) - { - X509CRL base = (X509CRL)it.next(); - - DERObject baseIdp = CertPathValidatorUtilities.getExtensionValue(base, ISSUING_DISTRIBUTION_POINT); - - if (idp == null) - { - if (baseIdp == null) - { - foundBase = true; - break; - } - } - else - { - if (idp.equals(baseIdp)) - { - foundBase = true; - break; - } - } - } - - if (!foundBase) - { - throw new AnnotatedException("No base CRL for delta CRL"); - } - } - - if (idp != null) - { - IssuingDistributionPoint p = IssuingDistributionPoint.getInstance(idp); - BasicConstraints bc = BasicConstraints.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, BASIC_CONSTRAINTS)); - - if (p.onlyContainsUserCerts() && (bc != null && bc.isCA())) - { - throw new AnnotatedException("CA Cert CRL only contains user certificates"); - } - - if (p.onlyContainsCACerts() && (bc == null || !bc.isCA())) - { - throw new AnnotatedException("End CRL only contains CA certificates"); - } - - if (p.onlyContainsAttributeCerts()) - { - throw new AnnotatedException("onlyContainsAttributeCerts boolean is asserted"); - } - } - } - } - - if (!validCrlFound) - { - throw new AnnotatedException("no valid CRL found"); - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/PKIXPolicyNode.java b/luni/src/main/java/org/bouncycastle/jce/provider/PKIXPolicyNode.java deleted file mode 100644 index 3437605..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/PKIXPolicyNode.java +++ /dev/null @@ -1,168 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.cert.PolicyNode; -import java.util.ArrayList; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; -import java.util.Set; - -public class PKIXPolicyNode - implements PolicyNode -{ - protected List children; - protected int depth; - protected Set expectedPolicies; - protected PolicyNode parent; - protected Set policyQualifiers; - protected String validPolicy; - protected boolean critical; - - /* - * - * CONSTRUCTORS - * - */ - - public PKIXPolicyNode( - List _children, - int _depth, - Set _expectedPolicies, - PolicyNode _parent, - Set _policyQualifiers, - String _validPolicy, - boolean _critical) - { - children = _children; - depth = _depth; - expectedPolicies = _expectedPolicies; - parent = _parent; - policyQualifiers = _policyQualifiers; - validPolicy = _validPolicy; - critical = _critical; - } - - public void addChild( - PKIXPolicyNode _child) - { - children.add(_child); - _child.setParent(this); - } - - public Iterator getChildren() - { - return children.iterator(); - } - - public int getDepth() - { - return depth; - } - - public Set getExpectedPolicies() - { - return expectedPolicies; - } - - public PolicyNode getParent() - { - return parent; - } - - public Set getPolicyQualifiers() - { - return policyQualifiers; - } - - public String getValidPolicy() - { - return validPolicy; - } - - public boolean hasChildren() - { - return !children.isEmpty(); - } - - public boolean isCritical() - { - return critical; - } - - public void removeChild(PKIXPolicyNode _child) - { - children.remove(_child); - } - - public void setCritical(boolean _critical) - { - critical = _critical; - } - - public void setParent(PKIXPolicyNode _parent) - { - parent = _parent; - } - - public String toString() - { - return toString(""); - } - - public String toString(String _indent) - { - StringBuffer _buf = new StringBuffer(); - _buf.append(_indent); - _buf.append(validPolicy); - _buf.append(" {\n"); - - for(int i = 0; i < children.size(); i++) - { - _buf.append(((PKIXPolicyNode)children.get(i)).toString(_indent + " ")); - } - - _buf.append(_indent); - _buf.append("}\n"); - return _buf.toString(); - } - - public Object clone() - { - return copy(); - } - - public PKIXPolicyNode copy() - { - Set _expectedPolicies = new HashSet(); - Iterator _iter = expectedPolicies.iterator(); - while (_iter.hasNext()) - { - _expectedPolicies.add(new String((String)_iter.next())); - } - - Set _policyQualifiers = new HashSet(); - _iter = policyQualifiers.iterator(); - while (_iter.hasNext()) - { - _policyQualifiers.add(new String((String)_iter.next())); - } - - PKIXPolicyNode _node = new PKIXPolicyNode(new ArrayList(), - depth, - _expectedPolicies, - null, - _policyQualifiers, - new String(validPolicy), - critical); - - _iter = children.iterator(); - while (_iter.hasNext()) - { - PKIXPolicyNode _child = ((PKIXPolicyNode)_iter.next()).copy(); - _child.setParent(_node); - _node.addChild(_child); - } - - return _node; - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/RSAUtil.java b/luni/src/main/java/org/bouncycastle/jce/provider/RSAUtil.java deleted file mode 100644 index 0d99117..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/RSAUtil.java +++ /dev/null @@ -1,53 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.interfaces.RSAPrivateCrtKey; -import java.security.interfaces.RSAPrivateKey; -import java.security.interfaces.RSAPublicKey; - -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; -import org.bouncycastle.crypto.params.RSAKeyParameters; -import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters; - -/** - * utility class for converting java.security RSA objects into their - * org.bouncycastle.crypto counterparts. - */ -class RSAUtil -{ - static boolean isRsaOid( - DERObjectIdentifier algOid) - { - return algOid.equals(PKCSObjectIdentifiers.rsaEncryption) - || algOid.equals(X509ObjectIdentifiers.id_ea_rsa) - || algOid.equals(PKCSObjectIdentifiers.id_RSASSA_PSS) - || algOid.equals(PKCSObjectIdentifiers.id_RSAES_OAEP); - } - - static RSAKeyParameters generatePublicKeyParameter( - RSAPublicKey key) - { - return new RSAKeyParameters(false, key.getModulus(), key.getPublicExponent()); - - } - - static RSAKeyParameters generatePrivateKeyParameter( - RSAPrivateKey key) - { - if (key instanceof RSAPrivateCrtKey) - { - RSAPrivateCrtKey k = (RSAPrivateCrtKey)key; - - return new RSAPrivateCrtKeyParameters(k.getModulus(), - k.getPublicExponent(), k.getPrivateExponent(), - k.getPrimeP(), k.getPrimeQ(), k.getPrimeExponentP(), k.getPrimeExponentQ(), k.getCrtCoefficient()); - } - else - { - RSAPrivateKey k = key; - - return new RSAKeyParameters(true, k.getModulus(), k.getPrivateExponent()); - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/WrapCipherSpi.java b/luni/src/main/java/org/bouncycastle/jce/provider/WrapCipherSpi.java deleted file mode 100644 index 5ac8938..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/WrapCipherSpi.java +++ /dev/null @@ -1,450 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.KeyFactory; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.PKCS8EncodedKeySpec; -import java.security.spec.X509EncodedKeySpec; - -import javax.crypto.BadPaddingException; -import javax.crypto.Cipher; -import javax.crypto.CipherSpi; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.ShortBufferException; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.PBEParameterSpec; -import javax.crypto.spec.RC2ParameterSpec; -import javax.crypto.spec.RC5ParameterSpec; -import javax.crypto.spec.SecretKeySpec; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.crypto.CipherParameters; -import org.bouncycastle.crypto.InvalidCipherTextException; -import org.bouncycastle.crypto.Wrapper; -import org.bouncycastle.crypto.engines.AESWrapEngine; -import org.bouncycastle.crypto.engines.DESedeWrapEngine; -// BEGIN android-removed -// import org.bouncycastle.crypto.engines.RC2WrapEngine; -// END android-removed -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.crypto.params.ParametersWithIV; - -public abstract class WrapCipherSpi extends CipherSpi - implements PBE -{ - // - // specs we can handle. - // - private Class[] availableSpecs = - { - IvParameterSpec.class, - PBEParameterSpec.class, - RC2ParameterSpec.class, - RC5ParameterSpec.class - }; - - protected int pbeType = PKCS12; - protected int pbeHash = SHA1; - protected int pbeKeySize; - protected int pbeIvSize; - - protected AlgorithmParameters engineParams = null; - - protected Wrapper wrapEngine = null; - - protected WrapCipherSpi() - { - } - - protected WrapCipherSpi( - Wrapper wrapEngine) - { - this.wrapEngine = wrapEngine; - } - - protected int engineGetBlockSize() - { - return 0; - } - - protected byte[] engineGetIV() - { - return null; - } - - protected int engineGetKeySize( - Key key) - { - return key.getEncoded().length; - } - - protected int engineGetOutputSize( - int inputLen) - { - return -1; - } - - protected AlgorithmParameters engineGetParameters() - { - return null; - } - - protected void engineSetMode( - String mode) - throws NoSuchAlgorithmException - { - throw new NoSuchAlgorithmException("can't support mode " + mode); - } - - protected void engineSetPadding( - String padding) - throws NoSuchPaddingException - { - throw new NoSuchPaddingException("Padding " + padding + " unknown."); - } - - protected void engineInit( - int opmode, - Key key, - AlgorithmParameterSpec params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - CipherParameters param; - - if (key instanceof JCEPBEKey) - { - JCEPBEKey k = (JCEPBEKey)key; - - if (params instanceof PBEParameterSpec) - { - param = PBE.Util.makePBEParameters(k, params, wrapEngine.getAlgorithmName()); - } - else if (k.getParam() != null) - { - param = k.getParam(); - } - else - { - throw new InvalidAlgorithmParameterException("PBE requires PBE parameters to be set."); - } - } - else - { - param = new KeyParameter(key.getEncoded()); - } - - if (params instanceof javax.crypto.spec.IvParameterSpec) - { - IvParameterSpec iv = (IvParameterSpec) params; - CipherParameters paramPlusIV = new ParametersWithIV(param, iv.getIV()); - param = paramPlusIV; - } - - switch (opmode) - { - case Cipher.WRAP_MODE: - wrapEngine.init(true, param); - break; - case Cipher.UNWRAP_MODE: - wrapEngine.init(false, param); - break; - case Cipher.ENCRYPT_MODE: - case Cipher.DECRYPT_MODE: - throw new IllegalArgumentException("engine only valid for wrapping"); - default: - System.out.println("eeek!"); - } - } - - protected void engineInit( - int opmode, - Key key, - AlgorithmParameters params, - SecureRandom random) - throws InvalidKeyException, InvalidAlgorithmParameterException - { - AlgorithmParameterSpec paramSpec = null; - - if (params != null) - { - for (int i = 0; i != availableSpecs.length; i++) - { - try - { - paramSpec = params.getParameterSpec(availableSpecs[i]); - break; - } - catch (Exception e) - { - continue; - } - } - - if (paramSpec == null) - { - throw new InvalidAlgorithmParameterException("can't handle parameter " + params.toString()); - } - } - - engineParams = params; - engineInit(opmode, key, paramSpec, random); - } - - protected void engineInit( - int opmode, - Key key, - SecureRandom random) - throws InvalidKeyException - { - try - { - engineInit(opmode, key, (AlgorithmParameterSpec)null, random); - } - catch (InvalidAlgorithmParameterException e) - { - throw new IllegalArgumentException(e.getMessage()); - } - } - - protected byte[] engineUpdate( - byte[] input, - int inputOffset, - int inputLen) - { - throw new RuntimeException("not supported for wrapping"); - } - - protected int engineUpdate( - byte[] input, - int inputOffset, - int inputLen, - byte[] output, - int outputOffset) - throws ShortBufferException - { - throw new RuntimeException("not supported for wrapping"); - } - - protected byte[] engineDoFinal( - byte[] input, - int inputOffset, - int inputLen) - throws IllegalBlockSizeException, BadPaddingException - { - return null; - } - - // BEGIN android-changed - // added ShortBufferException to throws statement - protected int engineDoFinal( - byte[] input, - int inputOffset, - int inputLen, - byte[] output, - int outputOffset) - throws IllegalBlockSizeException, BadPaddingException, ShortBufferException - { - return 0; - } - // END android-changed - - protected byte[] engineWrap( - Key key) - throws IllegalBlockSizeException, java.security.InvalidKeyException - { - byte[] encoded = key.getEncoded(); - if (encoded == null) - { - throw new InvalidKeyException("Cannot wrap key, null encoding."); - } - - try - { - if (wrapEngine == null) - { - return engineDoFinal(encoded, 0, encoded.length); - } - else - { - return wrapEngine.wrap(encoded, 0, encoded.length); - } - } - catch (BadPaddingException e) - { - throw new IllegalBlockSizeException(e.getMessage()); - } - } - - protected Key engineUnwrap( - byte[] wrappedKey, - String wrappedKeyAlgorithm, - int wrappedKeyType) - throws InvalidKeyException, NoSuchAlgorithmException - { - // BEGIN android-note - // added ShortBufferException to throws statement - // END android-note - byte[] encoded = null; - try - { - if (wrapEngine == null) - { - encoded = engineDoFinal(wrappedKey, 0, wrappedKey.length); - } - else - { - encoded = wrapEngine.unwrap(wrappedKey, 0, wrappedKey.length); - } - } - catch (InvalidCipherTextException e) - { - throw new InvalidKeyException(e.getMessage()); - } - catch (BadPaddingException e) - { - throw new InvalidKeyException(e.getMessage()); - } - catch (IllegalBlockSizeException e2) - { - throw new InvalidKeyException(e2.getMessage()); - } - - if (wrappedKeyType == Cipher.SECRET_KEY) - { - return new SecretKeySpec(encoded, wrappedKeyAlgorithm); - } - else if (wrappedKeyAlgorithm.equals("") && wrappedKeyType == Cipher.PRIVATE_KEY) - { - /* - * The caller doesnt know the algorithm as it is part of - * the encrypted data. - */ - ASN1InputStream bIn = new ASN1InputStream(encoded); - PrivateKey privKey = null; - - try - { - ASN1Sequence s = (ASN1Sequence)bIn.readObject(); - PrivateKeyInfo in = new PrivateKeyInfo(s); - - DERObjectIdentifier oid = in.getAlgorithmId().getObjectId(); - - // BEGIN android-removed - // if (oid.equals(X9ObjectIdentifiers.id_ecPublicKey)) - // { - // privKey = new JCEECPrivateKey(in); - // } - // else if (oid.equals(CryptoProObjectIdentifiers.gostR3410_94)) - // { - // privKey = new JDKGOST3410PrivateKey(in); - // } - // else if (oid.equals(X9ObjectIdentifiers.id_dsa)) - // END android-removed - // BEGIN android-added - if (oid.equals(X9ObjectIdentifiers.id_dsa)) - // END android-added - { - privKey = new JDKDSAPrivateKey(in); - } - else if (oid.equals(PKCSObjectIdentifiers.dhKeyAgreement)) - { - privKey = new JCEDHPrivateKey(in); - } - else if (oid.equals(X9ObjectIdentifiers.dhpublicnumber)) - { - privKey = new JCEDHPrivateKey(in); - } - else // the old standby! - { - privKey = new JCERSAPrivateCrtKey(in); - } - } - catch (Exception e) - { - throw new InvalidKeyException("Invalid key encoding."); - } - - return privKey; - } - else - { - try - { - KeyFactory kf = KeyFactory.getInstance(wrappedKeyAlgorithm, "BC"); - - if (wrappedKeyType == Cipher.PUBLIC_KEY) - { - return kf.generatePublic(new X509EncodedKeySpec(encoded)); - } - else if (wrappedKeyType == Cipher.PRIVATE_KEY) - { - return kf.generatePrivate(new PKCS8EncodedKeySpec(encoded)); - } - } - catch (NoSuchProviderException e) - { - throw new InvalidKeyException("Unknown key type " + e.getMessage()); - } - // BEGIN android-removed - // catch (NoSuchAlgorithmException e) - // { - // throw new InvalidKeyException("Unknown key type " + e.getMessage()); - // } - // END android-removed - catch (InvalidKeySpecException e2) - { - throw new InvalidKeyException("Unknown key type " + e2.getMessage()); - } - - throw new InvalidKeyException("Unknown key type " + wrappedKeyType); - } - } - - // - // classes that inherit directly from us - // - public static class AESWrap - extends WrapCipherSpi - { - public AESWrap() - { - super(new AESWrapEngine()); - } - } - - public static class DESEDEWrap - extends WrapCipherSpi - { - public DESEDEWrap() - { - super(new DESedeWrapEngine()); - } - } - -// BEGIN android-removed -// public static class RC2Wrap -// extends WrapCipherSpi -// { -// public RC2Wrap() -// { -// super(new RC2WrapEngine()); -// } -// } -// END android-removed -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/X509CRLEntryObject.java b/luni/src/main/java/org/bouncycastle/jce/provider/X509CRLEntryObject.java deleted file mode 100644 index ebf37fb..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/X509CRLEntryObject.java +++ /dev/null @@ -1,241 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.math.BigInteger; -import java.security.cert.CRLException; -import java.security.cert.X509CRLEntry; -import java.util.Date; -import java.util.Enumeration; -import java.util.HashSet; -import java.util.Set; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DEROutputStream; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.GeneralNames; -import org.bouncycastle.asn1.x509.TBSCertList; -import org.bouncycastle.asn1.x509.X509Extension; -import org.bouncycastle.asn1.x509.X509Extensions; -import org.bouncycastle.x509.extension.X509ExtensionUtil; - -/** - * The following extensions are listed in RFC 2459 as relevant to CRL Entries - * - * ReasonCode Hode Instruction Code Invalidity Date Certificate Issuer - * (critical) - */ -public class X509CRLEntryObject extends X509CRLEntry -{ - private TBSCertList.CRLEntry c; - - private boolean isIndirect = false; - - private X500Principal previousCertificateIssuer = null; - - public X509CRLEntryObject(TBSCertList.CRLEntry c) - { - this.c = c; - } - - /** - * Constructor for CRLEntries of indirect CRLs. If <code>isIndirect</code> - * is <code>false</code> {@link #getCertificateIssuer()} will always - * return <code>null</code>, <code>previousCertificateIssuer</code> is - * ignored. If this <code>isIndirect</code> is specified and this CRLEntry - * has no certificate issuer CRL entry extension - * <code>previousCertificateIssuer</code> is returned by - * {@link #getCertificateIssuer()}. - * - * @param c - * TBSCertList.CRLEntry object. - * @param isIndirect - * <code>true</code> if the corresponding CRL is a indirect - * CRL. - * @param previousCertificateIssuer - * Certificate issuer of the previous CRLEntry. - */ - public X509CRLEntryObject( - TBSCertList.CRLEntry c, - boolean isIndirect, - X500Principal previousCertificateIssuer) - { - this.c = c; - this.isIndirect = isIndirect; - this.previousCertificateIssuer = previousCertificateIssuer; - } - - /** - * Will return true if any extensions are present and marked as critical as - * we currently dont handle any extensions! - */ - public boolean hasUnsupportedCriticalExtension() - { - Set extns = getCriticalExtensionOIDs(); - if (extns != null && !extns.isEmpty()) - { - return true; - } - - return false; - } - - public X500Principal getCertificateIssuer() - { - if (!isIndirect) - { - return null; - } - - byte[] ext = getExtensionValue(X509Extensions.CertificateIssuer.getId()); - if (ext == null) - { - return previousCertificateIssuer; - } - - try - { - GeneralName[] names = GeneralNames.getInstance( - X509ExtensionUtil.fromExtensionValue(ext)).getNames(); - for (int i = 0; i < names.length; i++) - { - if (names[i].getTagNo() == GeneralName.directoryName) - { - return new X500Principal(names[i].getName().getDERObject().getDEREncoded()); - } - } - throw new RuntimeException( - "Cannot extract directory name from certificate issuer CRL entry extension"); - } - catch (IOException e) - { - throw new RuntimeException( - "Cannot extract certificate issuer CRL entry extension " - + e); - } - } - - private Set getExtensionOIDs(boolean critical) - { - X509Extensions extensions = c.getExtensions(); - - if (extensions != null) - { - Set set = new HashSet(); - Enumeration e = extensions.oids(); - - while (e.hasMoreElements()) - { - DERObjectIdentifier oid = (DERObjectIdentifier) e.nextElement(); - X509Extension ext = extensions.getExtension(oid); - - if (critical == ext.isCritical()) - { - set.add(oid.getId()); - } - } - - return set; - } - - return null; - } - - public Set getCriticalExtensionOIDs() - { - return getExtensionOIDs(true); - } - - public Set getNonCriticalExtensionOIDs() - { - return getExtensionOIDs(false); - } - - public byte[] getExtensionValue(String oid) - { - X509Extensions exts = c.getExtensions(); - - if (exts != null) - { - X509Extension ext = exts.getExtension(new DERObjectIdentifier(oid)); - - if (ext != null) - { - try - { - return ext.getValue().getEncoded(); - } - catch (Exception e) - { - throw new RuntimeException("error encoding " + e.toString()); - } - } - } - - return null; - } - - public byte[] getEncoded() - throws CRLException - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - - try - { - dOut.writeObject(c); - - return bOut.toByteArray(); - } - catch (IOException e) - { - throw new CRLException(e.toString()); - } - } - - public BigInteger getSerialNumber() - { - return c.getUserCertificate().getValue(); - } - - public Date getRevocationDate() - { - return c.getRevocationDate().getDate(); - } - - public boolean hasExtensions() - { - return c.getExtensions() != null; - } - - public String toString() - { - StringBuffer buf = new StringBuffer(); - String nl = System.getProperty("line.separator"); - - buf.append(" userCertificate: ").append(this.getSerialNumber()).append(nl); - buf.append(" revocationDate: ").append(this.getRevocationDate()).append(nl); - - X509Extensions extensions = c.getExtensions(); - - if (extensions != null) - { - Enumeration e = extensions.oids(); - if (e.hasMoreElements()) - { - buf.append(" crlEntryExtensions:").append(nl); - - while (e.hasMoreElements()) - { - DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); - X509Extension ext = extensions.getExtension(oid); - buf.append(ext); - } - } - } - - return buf.toString(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/X509CRLObject.java b/luni/src/main/java/org/bouncycastle/jce/provider/X509CRLObject.java deleted file mode 100644 index 7533947..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/X509CRLObject.java +++ /dev/null @@ -1,398 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.math.BigInteger; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.Principal; -import java.security.PublicKey; -import java.security.Signature; -import java.security.SignatureException; -import java.security.cert.CRLException; -import java.security.cert.Certificate; -import java.security.cert.X509CRL; -import java.security.cert.X509CRLEntry; -import java.security.cert.X509Certificate; -import java.util.Date; -import java.util.Enumeration; -import java.util.HashSet; -import java.util.Set; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1OutputStream; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DEROutputStream; -import org.bouncycastle.asn1.x509.CertificateList; -import org.bouncycastle.asn1.x509.IssuingDistributionPoint; -import org.bouncycastle.asn1.x509.TBSCertList; -import org.bouncycastle.asn1.x509.X509Extension; -import org.bouncycastle.asn1.x509.X509Extensions; -import org.bouncycastle.jce.X509Principal; -import org.bouncycastle.x509.extension.X509ExtensionUtil; - -/** - * The following extensions are listed in RFC 2459 as relevant to CRLs - * - * Authority Key Identifier - * Issuer Alternative Name - * CRL Number - * Delta CRL Indicator (critical) - * Issuing Distribution Point (critical) - */ -public class X509CRLObject - extends X509CRL -{ - private CertificateList c; - private String sigAlgName; - private byte[] sigAlgParams; - - public X509CRLObject( - CertificateList c) - throws CRLException - { - this.c = c; - - try - { - this.sigAlgName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm()); - - if (c.getSignatureAlgorithm().getParameters() != null) - { - this.sigAlgParams = ((ASN1Encodable)c.getSignatureAlgorithm().getParameters()).getDEREncoded(); - } - else - { - this.sigAlgParams = null; - } - } - catch (Exception e) - { - throw new CRLException("CRL contents invalid: " + e); - } - } - - /** - * Will return true if any extensions are present and marked - * as critical as we currently dont handle any extensions! - */ - public boolean hasUnsupportedCriticalExtension() - { - Set extns = getCriticalExtensionOIDs(); - if (extns != null && !extns.isEmpty()) - { - return true; - } - - return false; - } - - private Set getExtensionOIDs(boolean critical) - { - if (this.getVersion() == 2) - { - Set set = new HashSet(); - X509Extensions extensions = c.getTBSCertList().getExtensions(); - Enumeration e = extensions.oids(); - - while (e.hasMoreElements()) - { - DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); - X509Extension ext = extensions.getExtension(oid); - - if (critical == ext.isCritical()) - { - set.add(oid.getId()); - } - } - - return set; - } - - return null; - } - - public Set getCriticalExtensionOIDs() - { - return getExtensionOIDs(true); - } - - public Set getNonCriticalExtensionOIDs() - { - return getExtensionOIDs(false); - } - - public byte[] getExtensionValue(String oid) - { - X509Extensions exts = c.getTBSCertList().getExtensions(); - - if (exts != null) - { - X509Extension ext = exts.getExtension(new DERObjectIdentifier(oid)); - - if (ext != null) - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - - try - { - dOut.writeObject(ext.getValue()); - - return bOut.toByteArray(); - } - catch (Exception e) - { - throw new RuntimeException("error encoding " + e.toString()); - } - } - } - - return null; - } - - public byte[] getEncoded() - throws CRLException - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - - try - { - dOut.writeObject(c); - - return bOut.toByteArray(); - } - catch (IOException e) - { - throw new CRLException(e.toString()); - } - } - - public void verify(PublicKey key) - throws CRLException, NoSuchAlgorithmException, - InvalidKeyException, NoSuchProviderException, SignatureException - { - verify(key, "BC"); - } - - public void verify(PublicKey key, String sigProvider) - throws CRLException, NoSuchAlgorithmException, - InvalidKeyException, NoSuchProviderException, SignatureException - { - if (!c.getSignatureAlgorithm().equals(c.getTBSCertList().getSignature())) - { - throw new CRLException("Signature algorithm on CertifcateList does not match TBSCertList."); - } - - Signature sig = Signature.getInstance(getSigAlgName(), sigProvider); - - sig.initVerify(key); - sig.update(this.getTBSCertList()); - if (!sig.verify(this.getSignature())) - { - throw new SignatureException("CRL does not verify with supplied public key."); - } - } - - public int getVersion() - { - return c.getVersion(); - } - - public Principal getIssuerDN() - { - return new X509Principal(c.getIssuer()); - } - - public X500Principal getIssuerX500Principal() - { - try - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - ASN1OutputStream aOut = new ASN1OutputStream(bOut); - - aOut.writeObject(c.getIssuer()); - - return new X500Principal(bOut.toByteArray()); - } - catch (IOException e) - { - throw new IllegalStateException("can't encode issuer DN"); - } - } - - public Date getThisUpdate() - { - return c.getThisUpdate().getDate(); - } - - public Date getNextUpdate() - { - if (c.getNextUpdate() != null) - { - return c.getNextUpdate().getDate(); - } - - return null; - } - - public X509CRLEntry getRevokedCertificate(BigInteger serialNumber) - { - TBSCertList.CRLEntry[] certs = c.getRevokedCertificates(); - boolean isIndirect = isIndirectCRL(); - if (certs != null) - { - X500Principal previousCertificateIssuer = getIssuerX500Principal(); - for (int i = 0; i < certs.length; i++) - { - X509CRLEntryObject crlentry = new X509CRLEntryObject(certs[i], - isIndirect, previousCertificateIssuer); - previousCertificateIssuer = crlentry.getCertificateIssuer(); - if (crlentry.getSerialNumber().equals(serialNumber)) - { - return crlentry; - } - } - } - - return null; - } - - private boolean isIndirectCRL() - { - byte[] idp = getExtensionValue(X509Extensions.IssuingDistributionPoint.getId()); - boolean isIndirect = false; - try - { - if (idp != null) - { - isIndirect = IssuingDistributionPoint.getInstance( - X509ExtensionUtil.fromExtensionValue(idp)) - .isIndirectCRL(); - } - } - catch (IOException e) - { - throw new RuntimeException( - "Exception reading IssuingDistributionPoint" + e); - } - - return isIndirect; - } - - public Set getRevokedCertificates() - { - TBSCertList.CRLEntry[] certs = c.getRevokedCertificates(); - boolean isIndirect = isIndirectCRL(); - if (certs != null) - { - Set set = new HashSet(); - X500Principal previousCertificateIssuer = getIssuerX500Principal(); - for (int i = 0; i < certs.length; i++) - { - X509CRLEntryObject crlentry = new X509CRLEntryObject(certs[i], - isIndirect, previousCertificateIssuer); - set.add(crlentry); - previousCertificateIssuer = crlentry.getCertificateIssuer(); - } - - return set; - } - - return null; - } - - public byte[] getTBSCertList() - throws CRLException - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - - try - { - dOut.writeObject(c.getTBSCertList()); - - return bOut.toByteArray(); - } - catch (IOException e) - { - throw new CRLException(e.toString()); - } - } - - public byte[] getSignature() - { - return c.getSignature().getBytes(); - } - - public String getSigAlgName() - { - return sigAlgName; - } - - public String getSigAlgOID() - { - return c.getSignatureAlgorithm().getObjectId().getId(); - } - - public byte[] getSigAlgParams() - { - if (sigAlgParams != null) - { - byte[] tmp = new byte[sigAlgParams.length]; - - System.arraycopy(sigAlgParams, 0, tmp, 0, tmp.length); - - return tmp; - } - - return null; - } - - /** - * Returns a string representation of this CRL. - * - * @return a string representation of this CRL. - */ - public String toString() - { - return "X.509 CRL"; - } - - /** - * Checks whether the given certificate is on this CRL. - * - * @param cert the certificate to check for. - * @return true if the given certificate is on this CRL, - * false otherwise. - */ - public boolean isRevoked(Certificate cert) - { - if (!cert.getType().equals("X.509")) - { - throw new RuntimeException("X.509 CRL used with non X.509 Cert"); - } - - TBSCertList.CRLEntry[] certs = c.getRevokedCertificates(); - - if (certs != null) - { - BigInteger serial = ((X509Certificate)cert).getSerialNumber(); - - for (int i = 0; i < certs.length; i++) - { - if (certs[i].getUserCertificate().getValue().equals(serial)) - { - return true; - } - } - } - - return false; - } -} - diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java b/luni/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java deleted file mode 100644 index d17fd59..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java +++ /dev/null @@ -1,774 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.math.BigInteger; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.Principal; -import java.security.Provider; -import java.security.PublicKey; -import java.security.Security; -import java.security.Signature; -import java.security.SignatureException; -import java.security.cert.Certificate; -import java.security.cert.CertificateEncodingException; -import java.security.cert.CertificateException; -import java.security.cert.CertificateExpiredException; -import java.security.cert.CertificateNotYetValidException; -import java.security.cert.CertificateParsingException; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Collections; -import java.util.Date; -import java.util.Enumeration; -import java.util.HashSet; -import java.util.Hashtable; -import java.util.List; -import java.util.Set; -import java.util.Vector; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1OutputStream; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERBoolean; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DEROutputStream; -// BEGIN android-added -import org.bouncycastle.asn1.OrderedTable; -// END android-added -import org.bouncycastle.asn1.misc.MiscObjectIdentifiers; -import org.bouncycastle.asn1.misc.NetscapeCertType; -import org.bouncycastle.asn1.misc.NetscapeRevocationURL; -import org.bouncycastle.asn1.misc.VerisignCzagExtension; -import org.bouncycastle.asn1.util.ASN1Dump; -import org.bouncycastle.asn1.x509.BasicConstraints; -import org.bouncycastle.asn1.x509.KeyUsage; -import org.bouncycastle.asn1.x509.X509CertificateStructure; -import org.bouncycastle.asn1.x509.X509Extension; -import org.bouncycastle.asn1.x509.X509Extensions; -import org.bouncycastle.jce.X509Principal; -import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; -import org.bouncycastle.util.Arrays; -import org.bouncycastle.util.encoders.Hex; - -public class X509CertificateObject - extends X509Certificate - implements PKCS12BagAttributeCarrier -{ - private X509CertificateStructure c; - // BEGIN android-changed - private OrderedTable pkcs12 = new OrderedTable(); - // END android-changed - - public X509CertificateObject( - X509CertificateStructure c) - { - this.c = c; - } - - public void checkValidity() - throws CertificateExpiredException, CertificateNotYetValidException - { - this.checkValidity(new Date()); - } - - public void checkValidity( - Date date) - throws CertificateExpiredException, CertificateNotYetValidException - { - if (date.after(this.getNotAfter())) - { - throw new CertificateExpiredException("certificate expired on " + c.getEndDate().getTime()); - } - - if (date.before(this.getNotBefore())) - { - throw new CertificateNotYetValidException("certificate not valid till " + c.getStartDate().getTime()); - } - } - - public int getVersion() - { - return c.getVersion(); - } - - public BigInteger getSerialNumber() - { - return c.getSerialNumber().getValue(); - } - - public Principal getIssuerDN() - { - return new X509Principal(c.getIssuer()); - } - - public X500Principal getIssuerX500Principal() - { - try - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - ASN1OutputStream aOut = new ASN1OutputStream(bOut); - - aOut.writeObject(c.getIssuer()); - - return new X500Principal(bOut.toByteArray()); - } - catch (IOException e) - { - throw new IllegalStateException("can't encode issuer DN"); - } - } - - public Principal getSubjectDN() - { - return new X509Principal(c.getSubject()); - } - - public X500Principal getSubjectX500Principal() - { - try - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - ASN1OutputStream aOut = new ASN1OutputStream(bOut); - - aOut.writeObject(c.getSubject()); - - return new X500Principal(bOut.toByteArray()); - } - catch (IOException e) - { - throw new IllegalStateException("can't encode issuer DN"); - } - } - - public Date getNotBefore() - { - return c.getStartDate().getDate(); - } - - public Date getNotAfter() - { - return c.getEndDate().getDate(); - } - - public byte[] getTBSCertificate() - throws CertificateEncodingException - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - - try - { - dOut.writeObject(c.getTBSCertificate()); - - return bOut.toByteArray(); - } - catch (IOException e) - { - throw new CertificateEncodingException(e.toString()); - } - } - - public byte[] getSignature() - { - return c.getSignature().getBytes(); - } - - /** - * return a more "meaningful" representation for the signature algorithm used in - * the certficate. - */ - public String getSigAlgName() - { - Provider prov = Security.getProvider("BC"); - String algName = prov.getProperty("Alg.Alias.Signature." + this.getSigAlgOID()); - - if (algName != null) - { - return algName; - } - - Provider[] provs = Security.getProviders(); - - // - // search every provider looking for a real algorithm - // - for (int i = 0; i != provs.length; i++) - { - algName = provs[i].getProperty("Alg.Alias.Signature." + this.getSigAlgOID()); - if (algName != null) - { - return algName; - } - } - - return this.getSigAlgOID(); - } - - /** - * return the object identifier for the signature. - */ - public String getSigAlgOID() - { - return c.getSignatureAlgorithm().getObjectId().getId(); - } - - /** - * return the signature parameters, or null if there aren't any. - */ - public byte[] getSigAlgParams() - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - if (c.getSignatureAlgorithm().getParameters() != null) - { - try - { - DEROutputStream dOut = new DEROutputStream(bOut); - - dOut.writeObject(c.getSignatureAlgorithm().getParameters()); - } - catch (Exception e) - { - throw new RuntimeException("exception getting sig parameters " + e); - } - - return bOut.toByteArray(); - } - else - { - return null; - } - } - - public boolean[] getIssuerUniqueID() - { - DERBitString id = c.getTBSCertificate().getIssuerUniqueId(); - - if (id != null) - { - byte[] bytes = id.getBytes(); - boolean[] boolId = new boolean[bytes.length * 8 - id.getPadBits()]; - - for (int i = 0; i != boolId.length; i++) - { - boolId[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0; - } - - return boolId; - } - - return null; - } - - public boolean[] getSubjectUniqueID() - { - DERBitString id = c.getTBSCertificate().getSubjectUniqueId(); - - if (id != null) - { - byte[] bytes = id.getBytes(); - boolean[] boolId = new boolean[bytes.length * 8 - id.getPadBits()]; - - for (int i = 0; i != boolId.length; i++) - { - boolId[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0; - } - - return boolId; - } - - return null; - } - - public boolean[] getKeyUsage() - { - byte[] bytes = this.getExtensionBytes("2.5.29.15"); - int length = 0; - - if (bytes != null) - { - try - { - ASN1InputStream dIn = new ASN1InputStream(bytes); - DERBitString bits = (DERBitString)dIn.readObject(); - - bytes = bits.getBytes(); - length = (bytes.length * 8) - bits.getPadBits(); - } - catch (Exception e) - { - throw new RuntimeException("error processing key usage extension"); - } - - boolean[] keyUsage = new boolean[(length < 9) ? 9 : length]; - - for (int i = 0; i != length; i++) - { - keyUsage[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0; - } - - return keyUsage; - } - - return null; - } - - public List getExtendedKeyUsage() - throws CertificateParsingException - { - byte[] bytes = this.getExtensionBytes("2.5.29.37"); - int length = 0; - - if (bytes != null) - { - try - { - ASN1InputStream dIn = new ASN1InputStream(bytes); - ASN1Sequence seq = (ASN1Sequence)dIn.readObject(); - List list = new ArrayList(); - - for (int i = 0; i != seq.size(); i++) - { - list.add(((DERObjectIdentifier)seq.getObjectAt(i)).getId()); - } - - return Collections.unmodifiableList(list); - } - catch (Exception e) - { - throw new CertificateParsingException("error processing extended key usage extension"); - } - } - - return null; - } - - public int getBasicConstraints() - { - byte[] bytes = this.getExtensionBytes("2.5.29.19"); - - if (bytes != null) - { - try - { - ASN1InputStream dIn = new ASN1InputStream(bytes); - ASN1Sequence seq = (ASN1Sequence)dIn.readObject(); - - if (seq.size() == 2) - { - if (((DERBoolean)seq.getObjectAt(0)).isTrue()) - { - return ((DERInteger)seq.getObjectAt(1)).getValue().intValue(); - } - else - { - return -1; - } - } - else if (seq.size() == 1) - { - if (seq.getObjectAt(0) instanceof DERBoolean) - { - if (((DERBoolean)seq.getObjectAt(0)).isTrue()) - { - return Integer.MAX_VALUE; - } - else - { - return -1; - } - } - else - { - return -1; - } - } - } - catch (Exception e) - { - throw new RuntimeException("error processing basic constraints extension"); - } - } - - return -1; - } - - public Set getCriticalExtensionOIDs() - { - if (this.getVersion() == 3) - { - Set set = new HashSet(); - X509Extensions extensions = c.getTBSCertificate().getExtensions(); - - if (extensions != null) - { - Enumeration e = extensions.oids(); - - while (e.hasMoreElements()) - { - DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); - X509Extension ext = extensions.getExtension(oid); - - if (ext.isCritical()) - { - set.add(oid.getId()); - } - } - - return set; - } - } - - return null; - } - - private byte[] getExtensionBytes(String oid) - { - X509Extensions exts = c.getTBSCertificate().getExtensions(); - - if (exts != null) - { - X509Extension ext = exts.getExtension(new DERObjectIdentifier(oid)); - if (ext != null) - { - return ext.getValue().getOctets(); - } - } - - return null; - } - - public byte[] getExtensionValue(String oid) - { - X509Extensions exts = c.getTBSCertificate().getExtensions(); - - if (exts != null) - { - X509Extension ext = exts.getExtension(new DERObjectIdentifier(oid)); - - if (ext != null) - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - - try - { - dOut.writeObject(ext.getValue()); - - return bOut.toByteArray(); - } - catch (Exception e) - { - throw new RuntimeException("error encoding " + e.toString()); - } - } - } - - return null; - } - - public Set getNonCriticalExtensionOIDs() - { - if (this.getVersion() == 3) - { - Set set = new HashSet(); - X509Extensions extensions = c.getTBSCertificate().getExtensions(); - - if (extensions != null) - { - Enumeration e = extensions.oids(); - - while (e.hasMoreElements()) - { - DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); - X509Extension ext = extensions.getExtension(oid); - - if (!ext.isCritical()) - { - set.add(oid.getId()); - } - } - - return set; - } - } - - return null; - } - - public boolean hasUnsupportedCriticalExtension() - { - if (this.getVersion() == 3) - { - X509Extensions extensions = c.getTBSCertificate().getExtensions(); - - if (extensions != null) - { - Enumeration e = extensions.oids(); - - while (e.hasMoreElements()) - { - DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); - if (oid.getId().equals("2.5.29.15") - || oid.getId().equals("2.5.29.19")) - { - continue; - } - - X509Extension ext = extensions.getExtension(oid); - - if (ext.isCritical()) - { - return true; - } - } - } - } - - return false; - } - - public PublicKey getPublicKey() - { - return JDKKeyFactory.createPublicKeyFromPublicKeyInfo(c.getSubjectPublicKeyInfo()); - } - -// BEGIN android-changed - private ByteArrayOutputStream encodedOut; - public byte[] getEncoded() - throws CertificateEncodingException { - synchronized (this) { - if (encodedOut == null) { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - try { - dOut.writeObject(c); - encodedOut = bOut; - } catch (IOException e) { - throw new CertificateEncodingException(e.toString()); - } - } - } - return encodedOut.toByteArray(); - } -// END android-changed - - public boolean equals( - Object o) - { - if (o == this) - { - return true; - } - - if (!(o instanceof Certificate)) - { - return false; - } - - Certificate other = (Certificate)o; - - try - { - byte[] b1 = this.getEncoded(); - byte[] b2 = other.getEncoded(); - - return Arrays.areEqual(b1, b2); - } - catch (CertificateEncodingException e) - { - return false; - } - } - - public int hashCode() - { - return c.hashCode(); - } - - public void setBagAttribute( - DERObjectIdentifier oid, - DEREncodable attribute) - { - // BEGIN android-changed - pkcs12.add(oid, attribute); - // END android-changed - } - - public DEREncodable getBagAttribute( - DERObjectIdentifier oid) - { - // BEGIN android-changed - return (DEREncodable)pkcs12.get(oid); - // END android-changed - } - - public Enumeration getBagAttributeKeys() - { - // BEGIN android-changed - return pkcs12.getKeys(); - // END android-changed - } - - public String toString() - { - StringBuffer buf = new StringBuffer(); - String nl = System.getProperty("line.separator"); - - buf.append(" [0] Version: ").append(this.getVersion()).append(nl); - buf.append(" SerialNumber: ").append(this.getSerialNumber()).append(nl); - buf.append(" IssuerDN: ").append(this.getIssuerDN()).append(nl); - buf.append(" Start Date: ").append(this.getNotBefore()).append(nl); - buf.append(" Final Date: ").append(this.getNotAfter()).append(nl); - buf.append(" SubjectDN: ").append(this.getSubjectDN()).append(nl); - buf.append(" Public Key: ").append(this.getPublicKey()).append(nl); - buf.append(" Signature Algorithm: ").append(this.getSigAlgName()).append(nl); - - byte[] sig = this.getSignature(); - - buf.append(" Signature: ").append(new String(Hex.encode(sig, 0, 20))).append(nl); - for (int i = 20; i < sig.length; i += 20) - { - if (i < sig.length - 20) - { - buf.append(" ").append(new String(Hex.encode(sig, i, 20))).append(nl); - } - else - { - buf.append(" ").append(new String(Hex.encode(sig, i, sig.length - i))).append(nl); - } - } - - X509Extensions extensions = c.getTBSCertificate().getExtensions(); - - if (extensions != null) - { - Enumeration e = extensions.oids(); - - if (e.hasMoreElements()) - { - buf.append(" Extensions: \n"); - } - - while (e.hasMoreElements()) - { - DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); - X509Extension ext = extensions.getExtension(oid); - - if (ext.getValue() != null) - { - byte[] octs = ext.getValue().getOctets(); - ASN1InputStream dIn = new ASN1InputStream(octs); - buf.append(" critical(").append(ext.isCritical()).append(") "); - try - { - if (oid.equals(X509Extensions.BasicConstraints)) - { - buf.append(new BasicConstraints((ASN1Sequence)dIn.readObject())).append(nl); - } - else if (oid.equals(X509Extensions.KeyUsage)) - { - buf.append(new KeyUsage((DERBitString)dIn.readObject())).append(nl); - } - else if (oid.equals(MiscObjectIdentifiers.netscapeCertType)) - { - buf.append(new NetscapeCertType((DERBitString)dIn.readObject())).append(nl); - } - else if (oid.equals(MiscObjectIdentifiers.netscapeRevocationURL)) - { - buf.append(new NetscapeRevocationURL((DERIA5String)dIn.readObject())).append(nl); - } - else if (oid.equals(MiscObjectIdentifiers.verisignCzagExtension)) - { - buf.append(new VerisignCzagExtension((DERIA5String)dIn.readObject())).append(nl); - } - else - { - buf.append(oid.getId()); - buf.append(" value = ").append(ASN1Dump.dumpAsString(dIn.readObject())).append(nl); - //buf.append(" value = ").append("*****").append(nl); - } - } - catch (Exception ex) - { - buf.append(oid.getId()); - // buf.append(" value = ").append(new String(Hex.encode(ext.getValue().getOctets()))).append(nl); - buf.append(" value = ").append("*****").append(nl); - } - } - else - { - buf.append(nl); - } - } - } - - return buf.toString(); - } - - public final void verify( - PublicKey key) - throws CertificateException, NoSuchAlgorithmException, - InvalidKeyException, NoSuchProviderException, SignatureException - { - Signature signature = null; - String sigName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm()); - - try - { - signature = Signature.getInstance(sigName, "BC"); - } - catch (Exception e) - { - signature = Signature.getInstance(sigName); - } - - checkSignature(key, signature); - } - - public final void verify( - PublicKey key, - String sigProvider) - throws CertificateException, NoSuchAlgorithmException, - InvalidKeyException, NoSuchProviderException, SignatureException - { - String sigName = X509SignatureUtil.getSignatureName(c.getSignatureAlgorithm()); - Signature signature = Signature.getInstance(sigName, sigProvider); - - checkSignature(key, signature); - } - - private void checkSignature( - PublicKey key, - Signature signature) - throws CertificateException, NoSuchAlgorithmException, - SignatureException, InvalidKeyException, CertificateEncodingException - { - if (!c.getSignatureAlgorithm().equals(c.getTBSCertificate().getSignature())) - { - throw new CertificateException("signature algorithm in TBS cert not same as outer cert"); - } - - DEREncodable params = c.getSignatureAlgorithm().getParameters(); - - X509SignatureUtil.setSignatureParameters(signature, params); - - signature.initVerify(key); - - signature.update(this.getTBSCertificate()); - - if (!signature.verify(this.getSignature())) - { - throw new InvalidKeyException("Public key presented not for certificate signature"); - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/provider/X509SignatureUtil.java b/luni/src/main/java/org/bouncycastle/jce/provider/X509SignatureUtil.java deleted file mode 100644 index 2a79524..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/provider/X509SignatureUtil.java +++ /dev/null @@ -1,140 +0,0 @@ -package org.bouncycastle.jce.provider; - -import java.io.IOException; -import java.security.AlgorithmParameters; -import java.security.GeneralSecurityException; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.Signature; -import java.security.SignatureException; -import java.security.spec.PSSParameterSpec; - -import org.bouncycastle.asn1.ASN1Null; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.RSASSAPSSparams; -import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -class X509SignatureUtil -{ - // BEGIN android-changed - private static final ASN1Null derNull = DERNull.THE_ONE; - // END android-changed - - static void setSignatureParameters( - Signature signature, - DEREncodable params) - throws NoSuchAlgorithmException, SignatureException, InvalidKeyException - { - if (params != null && !derNull.equals(params)) - { - AlgorithmParameters sigParams = AlgorithmParameters.getInstance(signature.getAlgorithm(), signature.getProvider()); - - try - { - sigParams.init(params.getDERObject().getDEREncoded()); - } - catch (IOException e) - { - throw new SignatureException("IOException decoding parameters: " + e.getMessage()); - } - - if (signature.getAlgorithm().endsWith("MGF1")) - { - try - { - signature.setParameter(sigParams.getParameterSpec(PSSParameterSpec.class)); - } - catch (GeneralSecurityException e) - { - throw new SignatureException("Exception extracting parameters: " + e.getMessage()); - } - } - } - } - - static String getSignatureName( - AlgorithmIdentifier sigAlgId) - { - DEREncodable params = sigAlgId.getParameters(); - - if (params != null && !derNull.equals(params)) - { - if (sigAlgId.getObjectId().equals(PKCSObjectIdentifiers.id_RSASSA_PSS)) - { - RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params); - - return getDigestAlgName(rsaParams.getHashAlgorithm().getObjectId()) + "withRSAandMGF1"; - } - if (sigAlgId.getObjectId().equals(X9ObjectIdentifiers.ecdsa_with_SHA2)) - { - ASN1Sequence ecDsaParams = ASN1Sequence.getInstance(params); - - return getDigestAlgName((DERObjectIdentifier)ecDsaParams.getObjectAt(0)) + "withECDSA"; - } - } - - return sigAlgId.getObjectId().getId(); - } - - /** - * Return the digest algorithm using one of the standard JCA string - * representations rather the the algorithm identifier (if possible). - */ - private static String getDigestAlgName( - DERObjectIdentifier digestAlgOID) - { - if (PKCSObjectIdentifiers.md5.equals(digestAlgOID)) - { - return "MD5"; - } - else if (OIWObjectIdentifiers.idSHA1.equals(digestAlgOID)) - { - return "SHA1"; - } - else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID)) - { - return "SHA224"; - } - else if (NISTObjectIdentifiers.id_sha256.equals(digestAlgOID)) - { - return "SHA256"; - } - else if (NISTObjectIdentifiers.id_sha384.equals(digestAlgOID)) - { - return "SHA384"; - } - else if (NISTObjectIdentifiers.id_sha512.equals(digestAlgOID)) - { - return "SHA512"; - } - else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID)) - { - return "RIPEMD128"; - } - else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID)) - { - return "RIPEMD160"; - } - else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID)) - { - return "RIPEMD256"; - } - else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID)) - { - return "GOST3411"; - } - else - { - return digestAlgOID.getId(); - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/spec/IEKeySpec.java b/luni/src/main/java/org/bouncycastle/jce/spec/IEKeySpec.java deleted file mode 100644 index 9859a22..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/spec/IEKeySpec.java +++ /dev/null @@ -1,70 +0,0 @@ -package org.bouncycastle.jce.spec; - -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.spec.KeySpec; - -import org.bouncycastle.jce.interfaces.IESKey; - -/** - * key pair for use with an integrated encryptor - together - * they provide what's required to generate the message. - */ -public class IEKeySpec - implements KeySpec, IESKey -{ - private PublicKey pubKey; - private PrivateKey privKey; - - /** - * @param privKey our private key. - * @param pubKey the public key of the sender/recipient. - */ - public IEKeySpec( - PrivateKey privKey, - PublicKey pubKey) - { - this.privKey = privKey; - this.pubKey = pubKey; - } - - /** - * return the intended recipient's/sender's public key. - */ - public PublicKey getPublic() - { - return pubKey; - } - - /** - * return the local private key. - */ - public PrivateKey getPrivate() - { - return privKey; - } - - /** - * return "IES" - */ - public String getAlgorithm() - { - return "IES"; - } - - /** - * return null - */ - public String getFormat() - { - return null; - } - - /** - * returns null - */ - public byte[] getEncoded() - { - return null; - } -} diff --git a/luni/src/main/java/org/bouncycastle/jce/spec/IESParameterSpec.java b/luni/src/main/java/org/bouncycastle/jce/spec/IESParameterSpec.java deleted file mode 100644 index 97c7d3a..0000000 --- a/luni/src/main/java/org/bouncycastle/jce/spec/IESParameterSpec.java +++ /dev/null @@ -1,52 +0,0 @@ -package org.bouncycastle.jce.spec; - -import java.security.spec.AlgorithmParameterSpec; - -/** - * Parameter spec for an integrated encryptor, as in IEEE P1363a - */ -public class IESParameterSpec - implements AlgorithmParameterSpec -{ - private byte[] derivation; - private byte[] encoding; - private int macKeySize; - - public IESParameterSpec( - byte[] derivation, - byte[] encoding, - int macKeySize) - { - this.derivation = new byte[derivation.length]; - System.arraycopy(derivation, 0, this.derivation, 0, derivation.length); - - this.encoding = new byte[encoding.length]; - System.arraycopy(encoding, 0, this.encoding, 0, encoding.length); - - this.macKeySize = macKeySize; - } - - /** - * return the derivation vector. - */ - public byte[] getDerivationV() - { - return derivation; - } - - /** - * return the encoding vector. - */ - public byte[] getEncodingV() - { - return encoding; - } - - /** - * return the key size in bits for the MAC used with the message - */ - public int getMacKeySize() - { - return macKeySize; - } -} diff --git a/luni/src/main/java/org/bouncycastle/openssl/PEMWriter.java b/luni/src/main/java/org/bouncycastle/openssl/PEMWriter.java deleted file mode 100644 index 5cbdf91..0000000 --- a/luni/src/main/java/org/bouncycastle/openssl/PEMWriter.java +++ /dev/null @@ -1,295 +0,0 @@ -package org.bouncycastle.openssl; - -import java.io.BufferedWriter; -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.Writer; -import java.math.BigInteger; -import java.security.Key; -import java.security.KeyPair; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.cert.CRLException; -import java.security.cert.CertificateEncodingException; -import java.security.cert.X509CRL; -import java.security.cert.X509Certificate; -import java.security.interfaces.DSAPrivateKey; -import java.security.interfaces.RSAPrivateCrtKey; -import java.security.interfaces.RSAPrivateKey; - -import javax.crypto.Cipher; -import javax.crypto.SecretKey; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.SecretKeySpec; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1OutputStream; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.cms.ContentInfo; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure; -import org.bouncycastle.asn1.x509.DSAParameter; -import org.bouncycastle.crypto.PBEParametersGenerator; -import org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator; -import org.bouncycastle.crypto.params.KeyParameter; -import org.bouncycastle.jce.PKCS10CertificationRequest; -import org.bouncycastle.util.encoders.Base64; -import org.bouncycastle.util.encoders.Hex; -import org.bouncycastle.x509.X509AttributeCertificate; -import org.bouncycastle.x509.X509V2AttributeCertificate; - -/** - * General purpose writer for OpenSSL PEM objects. - */ -public class PEMWriter - extends BufferedWriter -{ - - /** - * Base constructor. - * - * @param out output stream to use. - */ - public PEMWriter(Writer out) - { - super(out); - } - - private void writeHexEncoded(byte[] bytes) - throws IOException - { - bytes = Hex.encode(bytes); - - for (int i = 0; i != bytes.length; i++) - { - this.write((char)bytes[i]); - } - } - - private void writeEncoded(byte[] bytes) - throws IOException - { - char[] buf = new char[64]; - - bytes = Base64.encode(bytes); - - for (int i = 0; i < bytes.length; i += buf.length) - { - int index = 0; - - while (index != buf.length) - { - if ((i + index) >= bytes.length) - { - break; - } - buf[index] = (char)bytes[i + index]; - index++; - } - this.write(buf, 0, index); - this.newLine(); - } - } - - public void writeObject( - Object o) - throws IOException - { - String type; - byte[] encoding; - - if (o instanceof X509Certificate) - { - type = "CERTIFICATE"; - try - { - encoding = ((X509Certificate)o).getEncoded(); - } - catch (CertificateEncodingException e) - { - throw new IOException("Cannot encode object: " + e.toString()); - } - } - else if (o instanceof X509CRL) - { - type = "X509 CRL"; - try - { - encoding = ((X509CRL)o).getEncoded(); - } - catch (CRLException e) - { - throw new IOException("Cannot encode object: " + e.toString()); - } - } - else if (o instanceof KeyPair) - { - writeObject(((KeyPair)o).getPrivate()); - return; - } - else if (o instanceof PrivateKey) - { - ByteArrayInputStream bIn = new ByteArrayInputStream(((Key)o).getEncoded()); - ASN1InputStream aIn = new ASN1InputStream(bIn); - - PrivateKeyInfo info = new PrivateKeyInfo((ASN1Sequence)aIn.readObject()); - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - ASN1OutputStream aOut = new ASN1OutputStream(bOut); - - if (o instanceof RSAPrivateKey) - { - type = "RSA PRIVATE KEY"; - - aOut.writeObject(info.getPrivateKey()); - } - else if (o instanceof DSAPrivateKey) - { - type = "DSA PRIVATE KEY"; - - DSAParameter p = DSAParameter.getInstance(info.getAlgorithmId().getParameters()); - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(new DERInteger(0)); - v.add(new DERInteger(p.getP())); - v.add(new DERInteger(p.getQ())); - v.add(new DERInteger(p.getG())); - - BigInteger x = ((DSAPrivateKey)o).getX(); - BigInteger y = p.getG().modPow(x, p.getP()); - - v.add(new DERInteger(y)); - v.add(new DERInteger(x)); - - aOut.writeObject(new DERSequence(v)); - } - else - { - throw new IOException("Cannot identify private key"); - } - - encoding = bOut.toByteArray(); - } - else if (o instanceof PublicKey) - { - type = "PUBLIC KEY"; - - encoding = ((PublicKey)o).getEncoded(); - } - else if (o instanceof X509AttributeCertificate) - { - type = "ATTRIBUTE CERTIFICATE"; - encoding = ((X509V2AttributeCertificate)o).getEncoded(); - } - else if (o instanceof PKCS10CertificationRequest) - { - type = "CERTIFICATE REQUEST"; - encoding = ((PKCS10CertificationRequest)o).getEncoded(); - } - else if (o instanceof ContentInfo) - { - type = "PKCS7"; - encoding = ((ContentInfo)o).getEncoded(); - } - else - { - throw new IOException("unknown object passed - can't encode."); - } - - this.write("-----BEGIN " + type + "-----"); - this.newLine(); - - writeEncoded(encoding); - - this.write("-----END " + type + "-----"); - this.newLine(); - } - - public void writeObject( - Object o, - String algorithm, - char[] password, - SecureRandom random) - throws IOException - { - byte[] salt = new byte[8]; - - random.nextBytes(salt); - - OpenSSLPBEParametersGenerator pGen = new OpenSSLPBEParametersGenerator(); - - pGen.init(PBEParametersGenerator.PKCS5PasswordToBytes(password), salt); - - SecretKey secretKey = null; - - if (algorithm.equalsIgnoreCase("DESEDE")) - { - // generate key - int keyLength = 24; - - secretKey = new SecretKeySpec(((KeyParameter)pGen.generateDerivedParameters(keyLength * 8)).getKey(), algorithm); - } - else - { - throw new IOException("unknown algorithm in writeObject"); - } - - byte[] keyData = null; - - if (o instanceof RSAPrivateCrtKey) - { - RSAPrivateCrtKey k = (RSAPrivateCrtKey)o; - - RSAPrivateKeyStructure keyStruct = new RSAPrivateKeyStructure( - k.getModulus(), - k.getPublicExponent(), - k.getPrivateExponent(), - k.getPrimeP(), - k.getPrimeQ(), - k.getPrimeExponentP(), - k.getPrimeExponentQ(), - k.getCrtCoefficient()); - - // convert to bytearray - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - ASN1OutputStream aOut = new ASN1OutputStream(bOut); - - aOut.writeObject(keyStruct); - aOut.close(); - - keyData = bOut.toByteArray(); - } - - byte[] encData = null; - - // cipher - try - { - Cipher c = Cipher.getInstance("DESede/CBC/PKCS5Padding", "BC"); - c.init(Cipher.ENCRYPT_MODE, secretKey, new IvParameterSpec(salt)); - - encData = c.doFinal(keyData); - } - catch (Exception e) - { - throw new IOException("exception using cipher: " + e.toString()); - } - - // write the data - this.write("-----BEGIN RSA PRIVATE KEY-----"); - this.newLine(); - this.write("Proc-Type: 4,ENCRYPTED"); - this.newLine(); - this.write("DEK-Info: DES-EDE3-CBC,"); - this.writeHexEncoded(salt); - this.newLine(); - this.newLine(); - - this.writeEncoded(encData); - this.write("-----END RSA PRIVATE KEY-----"); - } -} diff --git a/luni/src/main/java/org/bouncycastle/util/Arrays.java b/luni/src/main/java/org/bouncycastle/util/Arrays.java deleted file mode 100644 index c6566d3..0000000 --- a/luni/src/main/java/org/bouncycastle/util/Arrays.java +++ /dev/null @@ -1,67 +0,0 @@ -package org.bouncycastle.util; - -/** - * General array utilities. - */ -public final class Arrays -{ - private Arrays() - { - // static class, hide constructor - } - - public static boolean areEqual( - byte[] a, - byte[] b) - { - if (a == b) - { - return true; - } - - if (a.length != b.length) - { - return false; - } - - for (int i = 0; i != a.length; i++) - { - if (a[i] != b[i]) - { - return false; - } - } - - return true; - } - - public static void fill( - byte[] array, - byte value) - { - for (int i = 0; i < array.length; i++) - { - array[i] = value; - } - } - - public static void fill( - long[] array, - long value) - { - for (int i = 0; i < array.length; i++) - { - array[i] = value; - } - } - - public static void fill( - short[] array, - short value) - { - for (int i = 0; i < array.length; i++) - { - array[i] = value; - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/util/BigIntegers.java b/luni/src/main/java/org/bouncycastle/util/BigIntegers.java deleted file mode 100644 index 3d1c456..0000000 --- a/luni/src/main/java/org/bouncycastle/util/BigIntegers.java +++ /dev/null @@ -1,32 +0,0 @@ -package org.bouncycastle.util; - -import java.math.BigInteger; - -/** - * BigInteger utilities. - */ -public final class BigIntegers -{ - /** - * Return the passed in value as an unsigned byte array. - * - * @param value value to be converted. - * @return a byte array without a leading zero byte if present in the signed encoding. - */ - public static byte[] asUnsignedByteArray( - BigInteger value) - { - byte[] bytes = value.toByteArray(); - - if (bytes[0] == 0) - { - byte[] tmp = new byte[bytes.length - 1]; - - System.arraycopy(bytes, 1, tmp, 0, tmp.length); - - return tmp; - } - - return bytes; - } -} diff --git a/luni/src/main/java/org/bouncycastle/util/Strings.java b/luni/src/main/java/org/bouncycastle/util/Strings.java deleted file mode 100644 index ff42595..0000000 --- a/luni/src/main/java/org/bouncycastle/util/Strings.java +++ /dev/null @@ -1,191 +0,0 @@ -package org.bouncycastle.util; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; - -public final class Strings -{ - public static String fromUTF8ByteArray(byte[] bytes) - { - int i = 0; - int length = 0; - - while (i < bytes.length) - { - length++; - if ((bytes[i] & 0xf0) == 0xf0) - { - // surrogate pair - length++; - i += 4; - } - else if ((bytes[i] & 0xe0) == 0xe0) - { - i += 3; - } - else if ((bytes[i] & 0xc0) == 0xc0) - { - i += 2; - } - else - { - i += 1; - } - } - - char[] cs = new char[length]; - - i = 0; - length = 0; - - while (i < bytes.length) - { - char ch; - - if ((bytes[i] & 0xf0) == 0xf0) - { - int codePoint = ((bytes[i] & 0x0F) << 18) | ((bytes[i+1] & 0x3F) << 12) | ((bytes[i+2] & 0x3F) << 6) | (bytes[i+3] & 0x3F); - int U = codePoint - 0x10000; - char W1 = (char)(0xD800 | (U >> 10)); - char W2 = (char)(0xDC00 | (U & 0x3FF)); - cs[length++] = W1; - ch = W2; - i += 4; - } - else if ((bytes[i] & 0xe0) == 0xe0) - { - ch = (char)(((bytes[i] & 0x1f) << 12) - | ((bytes[i + 1] & 0x3f) << 6) | (bytes[i + 2] & 0x3f)); - i += 3; - } - else if ((bytes[i] & 0xc0) == 0xc0) - { - ch = (char)(((bytes[i] & 0x3f) << 6) | (bytes[i + 1] & 0x3f)); - i += 2; - } - else - { - ch = (char)(bytes[i] & 0xff); - i += 1; - } - - cs[length++] = ch; - } - - return new String(cs); - } - - public static byte[] toUTF8ByteArray(String string) - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - char[] c = string.toCharArray(); - int i = 0; - - while (i < c.length) - { - char ch = c[i]; - - if (ch < 0x0080) - { - bOut.write(ch); - } - else if (ch < 0x0800) - { - bOut.write(0xc0 | (ch >> 6)); - bOut.write(0x80 | (ch & 0x3f)); - } - // surrogate pair - else if (ch >= 0xD800 && ch <= 0xDFFF) - { - // in error - can only happen, if the Java String class has a - // bug. - if (i + 1 >= c.length) - { - throw new IllegalStateException("invalid UTF-16 codepoint"); - } - char W1 = ch; - ch = c[++i]; - char W2 = ch; - // in error - can only happen, if the Java String class has a - // bug. - if (W1 > 0xDBFF) - { - throw new IllegalStateException("invalid UTF-16 codepoint"); - } - int codePoint = (((W1 & 0x03FF) << 10) | (W2 & 0x03FF)) + 0x10000; - bOut.write(0xf0 | (codePoint >> 18)); - bOut.write(0x80 | ((codePoint >> 12) & 0x3F)); - bOut.write(0x80 | ((codePoint >> 6) & 0x3F)); - bOut.write(0x80 | (codePoint & 0x3F)); - } - else - { - bOut.write(0xe0 | (ch >> 12)); - bOut.write(0x80 | ((ch >> 6) & 0x3F)); - bOut.write(0x80 | (ch & 0x3F)); - } - - i++; - } - - return bOut.toByteArray(); - } - - /** - * A locale independent version of toUpperCase. - * - * @param string input to be converted - * @return a US Ascii uppercase version - */ - public static String toUpperCase(String string) - { - boolean changed = false; - char[] chars = string.toCharArray(); - - for (int i = 0; i != chars.length; i++) - { - char ch = chars[i]; - if ('a' <= ch && 'z' >= ch) - { - changed = true; - chars[i] = (char)(ch - 'a' + 'A'); - } - } - - if (changed) - { - return new String(chars); - } - - return string; - } - - /** - * A locale independent version of toLowerCase. - * - * @param string input to be converted - * @return a US ASCII lowercase version - */ - public static String toLowerCase(String string) - { - boolean changed = false; - char[] chars = string.toCharArray(); - - for (int i = 0; i != chars.length; i++) - { - char ch = chars[i]; - if ('A' <= ch && 'Z' >= ch) - { - changed = true; - chars[i] = (char)(ch - 'A' + 'a'); - } - } - - if (changed) - { - return new String(chars); - } - - return string; - } -} diff --git a/luni/src/main/java/org/bouncycastle/util/encoders/Base64.java b/luni/src/main/java/org/bouncycastle/util/encoders/Base64.java deleted file mode 100644 index 1dc94b5..0000000 --- a/luni/src/main/java/org/bouncycastle/util/encoders/Base64.java +++ /dev/null @@ -1,118 +0,0 @@ -package org.bouncycastle.util.encoders; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.OutputStream; - -public class Base64 -{ - private static final Encoder encoder = new Base64Encoder(); - - /** - * encode the input data producing a base 64 encoded byte array. - * - * @return a byte array containing the base 64 encoded data. - */ - public static byte[] encode( - byte[] data) - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - try - { - encoder.encode(data, 0, data.length, bOut); - } - catch (IOException e) - { - throw new RuntimeException("exception encoding base64 string: " + e); - } - - return bOut.toByteArray(); - } - - /** - * Encode the byte data to base 64 writing it to the given output stream. - * - * @return the number of bytes produced. - */ - public static int encode( - byte[] data, - OutputStream out) - throws IOException - { - return encoder.encode(data, 0, data.length, out); - } - - /** - * Encode the byte data to base 64 writing it to the given output stream. - * - * @return the number of bytes produced. - */ - public static int encode( - byte[] data, - int off, - int length, - OutputStream out) - throws IOException - { - return encoder.encode(data, off, length, out); - } - - /** - * decode the base 64 encoded input data. It is assumed the input data is valid. - * - * @return a byte array representing the decoded data. - */ - public static byte[] decode( - byte[] data) - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - try - { - encoder.decode(data, 0, data.length, bOut); - } - catch (IOException e) - { - throw new RuntimeException("exception decoding base64 string: " + e); - } - - return bOut.toByteArray(); - } - - /** - * decode the base 64 encoded String data - whitespace will be ignored. - * - * @return a byte array representing the decoded data. - */ - public static byte[] decode( - String data) - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - try - { - encoder.decode(data, bOut); - } - catch (IOException e) - { - throw new RuntimeException("exception decoding base64 string: " + e); - } - - return bOut.toByteArray(); - } - - /** - * decode the base 64 encoded String data writing it to the given output stream, - * whitespace characters will be ignored. - * - * @return the number of bytes produced. - */ - public static int decode( - String data, - OutputStream out) - throws IOException - { - return encoder.decode(data, out); - } -} diff --git a/luni/src/main/java/org/bouncycastle/util/encoders/Base64Encoder.java b/luni/src/main/java/org/bouncycastle/util/encoders/Base64Encoder.java deleted file mode 100644 index 3edc068..0000000 --- a/luni/src/main/java/org/bouncycastle/util/encoders/Base64Encoder.java +++ /dev/null @@ -1,298 +0,0 @@ -package org.bouncycastle.util.encoders; - -import java.io.IOException; -import java.io.OutputStream; - -public class Base64Encoder - implements Encoder -{ - protected final byte[] encodingTable = - { - (byte)'A', (byte)'B', (byte)'C', (byte)'D', (byte)'E', (byte)'F', (byte)'G', - (byte)'H', (byte)'I', (byte)'J', (byte)'K', (byte)'L', (byte)'M', (byte)'N', - (byte)'O', (byte)'P', (byte)'Q', (byte)'R', (byte)'S', (byte)'T', (byte)'U', - (byte)'V', (byte)'W', (byte)'X', (byte)'Y', (byte)'Z', - (byte)'a', (byte)'b', (byte)'c', (byte)'d', (byte)'e', (byte)'f', (byte)'g', - (byte)'h', (byte)'i', (byte)'j', (byte)'k', (byte)'l', (byte)'m', (byte)'n', - (byte)'o', (byte)'p', (byte)'q', (byte)'r', (byte)'s', (byte)'t', (byte)'u', - (byte)'v', - (byte)'w', (byte)'x', (byte)'y', (byte)'z', - (byte)'0', (byte)'1', (byte)'2', (byte)'3', (byte)'4', (byte)'5', (byte)'6', - (byte)'7', (byte)'8', (byte)'9', - (byte)'+', (byte)'/' - }; - - protected byte padding = (byte)'='; - - /* - * set up the decoding table. - */ - protected final byte[] decodingTable = new byte[128]; - - protected void initialiseDecodingTable() - { - for (int i = 0; i < encodingTable.length; i++) - { - decodingTable[encodingTable[i]] = (byte)i; - } - } - - public Base64Encoder() - { - initialiseDecodingTable(); - } - - /** - * encode the input data producing a base 64 output stream. - * - * @return the number of bytes produced. - */ - public int encode( - byte[] data, - int off, - int length, - OutputStream out) - throws IOException - { - int modulus = length % 3; - int dataLength = (length - modulus); - int a1, a2, a3; - - for (int i = off; i < off + dataLength; i += 3) - { - a1 = data[i] & 0xff; - a2 = data[i + 1] & 0xff; - a3 = data[i + 2] & 0xff; - - out.write(encodingTable[(a1 >>> 2) & 0x3f]); - out.write(encodingTable[((a1 << 4) | (a2 >>> 4)) & 0x3f]); - out.write(encodingTable[((a2 << 2) | (a3 >>> 6)) & 0x3f]); - out.write(encodingTable[a3 & 0x3f]); - } - - /* - * process the tail end. - */ - int b1, b2, b3; - int d1, d2; - - switch (modulus) - { - case 0: /* nothing left to do */ - break; - case 1: - d1 = data[off + dataLength] & 0xff; - b1 = (d1 >>> 2) & 0x3f; - b2 = (d1 << 4) & 0x3f; - - out.write(encodingTable[b1]); - out.write(encodingTable[b2]); - out.write(padding); - out.write(padding); - break; - case 2: - d1 = data[off + dataLength] & 0xff; - d2 = data[off + dataLength + 1] & 0xff; - - b1 = (d1 >>> 2) & 0x3f; - b2 = ((d1 << 4) | (d2 >>> 4)) & 0x3f; - b3 = (d2 << 2) & 0x3f; - - out.write(encodingTable[b1]); - out.write(encodingTable[b2]); - out.write(encodingTable[b3]); - out.write(padding); - break; - } - - return (dataLength / 3) * 4 + ((modulus == 0) ? 0 : 4); - } - - private boolean ignore( - char c) - { - return (c == '\n' || c =='\r' || c == '\t' || c == ' '); - } - - /** - * decode the base 64 encoded byte data writing it to the given output stream, - * whitespace characters will be ignored. - * - * @return the number of bytes produced. - */ - public int decode( - byte[] data, - int off, - int length, - OutputStream out) - throws IOException - { - byte b1, b2, b3, b4; - int outLen = 0; - - int end = off + length; - - while (end > off) - { - if (!ignore((char)data[end - 1])) - { - break; - } - - end--; - } - - int i = off; - int finish = end - 4; - - i = nextI(data, i, finish); - - while (i < finish) - { - b1 = decodingTable[data[i++]]; - - i = nextI(data, i, finish); - - b2 = decodingTable[data[i++]]; - - i = nextI(data, i, finish); - - b3 = decodingTable[data[i++]]; - - i = nextI(data, i, finish); - - b4 = decodingTable[data[i++]]; - - out.write((b1 << 2) | (b2 >> 4)); - out.write((b2 << 4) | (b3 >> 2)); - out.write((b3 << 6) | b4); - - outLen += 3; - - i = nextI(data, i, finish); - } - - outLen += decodeLastBlock(out, (char)data[end - 4], (char)data[end - 3], (char)data[end - 2], (char)data[end - 1]); - - return outLen; - } - - private int nextI(byte[] data, int i, int finish) - { - while ((i < finish) && ignore((char)data[i])) - { - i++; - } - return i; - } - - /** - * decode the base 64 encoded String data writing it to the given output stream, - * whitespace characters will be ignored. - * - * @return the number of bytes produced. - */ - public int decode( - String data, - OutputStream out) - throws IOException - { - byte b1, b2, b3, b4; - int length = 0; - - int end = data.length(); - - while (end > 0) - { - if (!ignore(data.charAt(end - 1))) - { - break; - } - - end--; - } - - int i = 0; - int finish = end - 4; - - i = nextI(data, i, finish); - - while (i < finish) - { - b1 = decodingTable[data.charAt(i++)]; - - i = nextI(data, i, finish); - - b2 = decodingTable[data.charAt(i++)]; - - i = nextI(data, i, finish); - - b3 = decodingTable[data.charAt(i++)]; - - i = nextI(data, i, finish); - - b4 = decodingTable[data.charAt(i++)]; - - out.write((b1 << 2) | (b2 >> 4)); - out.write((b2 << 4) | (b3 >> 2)); - out.write((b3 << 6) | b4); - - length += 3; - - i = nextI(data, i, finish); - } - - length += decodeLastBlock(out, data.charAt(end - 4), data.charAt(end - 3), data.charAt(end - 2), data.charAt(end - 1)); - - return length; - } - - private int decodeLastBlock(OutputStream out, char c1, char c2, char c3, char c4) - throws IOException - { - byte b1, b2, b3, b4; - - if (c3 == padding) - { - b1 = decodingTable[c1]; - b2 = decodingTable[c2]; - - out.write((b1 << 2) | (b2 >> 4)); - - return 1; - } - else if (c4 == padding) - { - b1 = decodingTable[c1]; - b2 = decodingTable[c2]; - b3 = decodingTable[c3]; - - out.write((b1 << 2) | (b2 >> 4)); - out.write((b2 << 4) | (b3 >> 2)); - - return 2; - } - else - { - b1 = decodingTable[c1]; - b2 = decodingTable[c2]; - b3 = decodingTable[c3]; - b4 = decodingTable[c4]; - - out.write((b1 << 2) | (b2 >> 4)); - out.write((b2 << 4) | (b3 >> 2)); - out.write((b3 << 6) | b4); - - return 3; - } - } - - private int nextI(String data, int i, int finish) - { - while ((i < finish) && ignore(data.charAt(i))) - { - i++; - } - return i; - } -} diff --git a/luni/src/main/java/org/bouncycastle/util/encoders/BufferedDecoder.java b/luni/src/main/java/org/bouncycastle/util/encoders/BufferedDecoder.java deleted file mode 100644 index 672430a..0000000 --- a/luni/src/main/java/org/bouncycastle/util/encoders/BufferedDecoder.java +++ /dev/null @@ -1,96 +0,0 @@ -package org.bouncycastle.util.encoders; - - -/** - * a buffering class to allow translation from one format to another to - * be done in discrete chunks. - */ -public class BufferedDecoder -{ - protected byte[] buf; - protected int bufOff; - - protected Translator translator; - - /** - * @param translator the translator to use. - * @param bufSize amount of input to buffer for each chunk. - */ - public BufferedDecoder( - Translator translator, - int bufSize) - { - this.translator = translator; - - if ((bufSize % translator.getEncodedBlockSize()) != 0) - { - throw new IllegalArgumentException("buffer size not multiple of input block size"); - } - - buf = new byte[bufSize]; - bufOff = 0; - } - - public int processByte( - byte in, - byte[] out, - int outOff) - { - int resultLen = 0; - - buf[bufOff++] = in; - - if (bufOff == buf.length) - { - resultLen = translator.decode(buf, 0, buf.length, out, outOff); - bufOff = 0; - } - - return resultLen; - } - - public int processBytes( - byte[] in, - int inOff, - int len, - byte[] out, - int outOff) - { - if (len < 0) - { - throw new IllegalArgumentException("Can't have a negative input length!"); - } - - int resultLen = 0; - int gapLen = buf.length - bufOff; - - if (len > gapLen) - { - System.arraycopy(in, inOff, buf, bufOff, gapLen); - - resultLen += translator.decode(buf, 0, buf.length, out, outOff); - - bufOff = 0; - - len -= gapLen; - inOff += gapLen; - outOff += resultLen; - - int chunkSize = len - (len % buf.length); - - resultLen += translator.decode(in, inOff, chunkSize, out, outOff); - - len -= chunkSize; - inOff += chunkSize; - } - - if (len != 0) - { - System.arraycopy(in, inOff, buf, bufOff, len); - - bufOff += len; - } - - return resultLen; - } -} diff --git a/luni/src/main/java/org/bouncycastle/util/encoders/BufferedEncoder.java b/luni/src/main/java/org/bouncycastle/util/encoders/BufferedEncoder.java deleted file mode 100644 index 107eee8..0000000 --- a/luni/src/main/java/org/bouncycastle/util/encoders/BufferedEncoder.java +++ /dev/null @@ -1,96 +0,0 @@ -package org.bouncycastle.util.encoders; - - -/** - * a buffering class to allow translation from one format to another to - * be done in discrete chunks. - */ -public class BufferedEncoder -{ - protected byte[] buf; - protected int bufOff; - - protected Translator translator; - - /** - * @param translator the translator to use. - * @param bufSize amount of input to buffer for each chunk. - */ - public BufferedEncoder( - Translator translator, - int bufSize) - { - this.translator = translator; - - if ((bufSize % translator.getEncodedBlockSize()) != 0) - { - throw new IllegalArgumentException("buffer size not multiple of input block size"); - } - - buf = new byte[bufSize]; - bufOff = 0; - } - - public int processByte( - byte in, - byte[] out, - int outOff) - { - int resultLen = 0; - - buf[bufOff++] = in; - - if (bufOff == buf.length) - { - resultLen = translator.encode(buf, 0, buf.length, out, outOff); - bufOff = 0; - } - - return resultLen; - } - - public int processBytes( - byte[] in, - int inOff, - int len, - byte[] out, - int outOff) - { - if (len < 0) - { - throw new IllegalArgumentException("Can't have a negative input length!"); - } - - int resultLen = 0; - int gapLen = buf.length - bufOff; - - if (len > gapLen) - { - System.arraycopy(in, inOff, buf, bufOff, gapLen); - - resultLen += translator.encode(buf, 0, buf.length, out, outOff); - - bufOff = 0; - - len -= gapLen; - inOff += gapLen; - outOff += resultLen; - - int chunkSize = len - (len % buf.length); - - resultLen += translator.encode(in, inOff, chunkSize, out, outOff); - - len -= chunkSize; - inOff += chunkSize; - } - - if (len != 0) - { - System.arraycopy(in, inOff, buf, bufOff, len); - - bufOff += len; - } - - return resultLen; - } -} diff --git a/luni/src/main/java/org/bouncycastle/util/encoders/Encoder.java b/luni/src/main/java/org/bouncycastle/util/encoders/Encoder.java deleted file mode 100644 index b066121..0000000 --- a/luni/src/main/java/org/bouncycastle/util/encoders/Encoder.java +++ /dev/null @@ -1,17 +0,0 @@ -package org.bouncycastle.util.encoders; - -import java.io.IOException; -import java.io.OutputStream; - -/** - * Encode and decode byte arrays (typically from binary to 7-bit ASCII - * encodings). - */ -public interface Encoder -{ - int encode(byte[] data, int off, int length, OutputStream out) throws IOException; - - int decode(byte[] data, int off, int length, OutputStream out) throws IOException; - - int decode(String data, OutputStream out) throws IOException; -} diff --git a/luni/src/main/java/org/bouncycastle/util/encoders/Hex.java b/luni/src/main/java/org/bouncycastle/util/encoders/Hex.java deleted file mode 100644 index d69f773..0000000 --- a/luni/src/main/java/org/bouncycastle/util/encoders/Hex.java +++ /dev/null @@ -1,131 +0,0 @@ -package org.bouncycastle.util.encoders; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.OutputStream; - -public class Hex -{ - private static final Encoder encoder = new HexEncoder(); - - /** - * encode the input data producing a Hex encoded byte array. - * - * @return a byte array containing the Hex encoded data. - */ - public static byte[] encode( - byte[] data) - { - return encode(data, 0, data.length); - } - - /** - * encode the input data producing a Hex encoded byte array. - * - * @return a byte array containing the Hex encoded data. - */ - public static byte[] encode( - byte[] data, - int off, - int length) - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - try - { - encoder.encode(data, off, length, bOut); - } - catch (IOException e) - { - throw new RuntimeException("exception encoding Hex string: " + e); - } - - return bOut.toByteArray(); - } - - /** - * Hex encode the byte data writing it to the given output stream. - * - * @return the number of bytes produced. - */ - public static int encode( - byte[] data, - OutputStream out) - throws IOException - { - return encoder.encode(data, 0, data.length, out); - } - - /** - * Hex encode the byte data writing it to the given output stream. - * - * @return the number of bytes produced. - */ - public static int encode( - byte[] data, - int off, - int length, - OutputStream out) - throws IOException - { - return encoder.encode(data, off, length, out); - } - - /** - * decode the Hex encoded input data. It is assumed the input data is valid. - * - * @return a byte array representing the decoded data. - */ - public static byte[] decode( - byte[] data) - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - try - { - encoder.decode(data, 0, data.length, bOut); - } - catch (IOException e) - { - throw new RuntimeException("exception decoding Hex string: " + e); - } - - return bOut.toByteArray(); - } - - /** - * decode the Hex encoded String data - whitespace will be ignored. - * - * @return a byte array representing the decoded data. - */ - public static byte[] decode( - String data) - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - try - { - encoder.decode(data, bOut); - } - catch (IOException e) - { - throw new RuntimeException("exception decoding Hex string: " + e); - } - - return bOut.toByteArray(); - } - - /** - * decode the Hex encoded String data writing it to the given output stream, - * whitespace characters will be ignored. - * - * @return the number of bytes produced. - */ - public static int decode( - String data, - OutputStream out) - throws IOException - { - return encoder.decode(data, out); - } -} diff --git a/luni/src/main/java/org/bouncycastle/util/encoders/HexEncoder.java b/luni/src/main/java/org/bouncycastle/util/encoders/HexEncoder.java deleted file mode 100644 index 0dcae29..0000000 --- a/luni/src/main/java/org/bouncycastle/util/encoders/HexEncoder.java +++ /dev/null @@ -1,172 +0,0 @@ -package org.bouncycastle.util.encoders; - -import java.io.IOException; -import java.io.OutputStream; - -public class HexEncoder - implements Encoder -{ - protected final byte[] encodingTable = - { - (byte)'0', (byte)'1', (byte)'2', (byte)'3', (byte)'4', (byte)'5', (byte)'6', (byte)'7', - (byte)'8', (byte)'9', (byte)'a', (byte)'b', (byte)'c', (byte)'d', (byte)'e', (byte)'f' - }; - - /* - * set up the decoding table. - */ - protected final byte[] decodingTable = new byte[128]; - - protected void initialiseDecodingTable() - { - for (int i = 0; i < encodingTable.length; i++) - { - decodingTable[encodingTable[i]] = (byte)i; - } - - decodingTable['A'] = decodingTable['a']; - decodingTable['B'] = decodingTable['b']; - decodingTable['C'] = decodingTable['c']; - decodingTable['D'] = decodingTable['d']; - decodingTable['E'] = decodingTable['e']; - decodingTable['F'] = decodingTable['f']; - } - - public HexEncoder() - { - initialiseDecodingTable(); - } - - /** - * encode the input data producing a Hex output stream. - * - * @return the number of bytes produced. - */ - public int encode( - byte[] data, - int off, - int length, - OutputStream out) - throws IOException - { - for (int i = off; i < (off + length); i++) - { - int v = data[i] & 0xff; - - out.write(encodingTable[(v >>> 4)]); - out.write(encodingTable[v & 0xf]); - } - - return length * 2; - } - - private boolean ignore( - char c) - { - return (c == '\n' || c =='\r' || c == '\t' || c == ' '); - } - - /** - * decode the Hex encoded byte data writing it to the given output stream, - * whitespace characters will be ignored. - * - * @return the number of bytes produced. - */ - public int decode( - byte[] data, - int off, - int length, - OutputStream out) - throws IOException - { - byte b1, b2; - int outLen = 0; - - int end = off + length; - - while (end > off) - { - if (!ignore((char)data[end - 1])) - { - break; - } - - end--; - } - - int i = off; - while (i < end) - { - while (i < end && ignore((char)data[i])) - { - i++; - } - - b1 = decodingTable[data[i++]]; - - while (i < end && ignore((char)data[i])) - { - i++; - } - - b2 = decodingTable[data[i++]]; - - out.write((b1 << 4) | b2); - - outLen++; - } - - return outLen; - } - - /** - * decode the Hex encoded String data writing it to the given output stream, - * whitespace characters will be ignored. - * - * @return the number of bytes produced. - */ - public int decode( - String data, - OutputStream out) - throws IOException - { - byte b1, b2; - int length = 0; - - int end = data.length(); - - while (end > 0) - { - if (!ignore(data.charAt(end - 1))) - { - break; - } - - end--; - } - - int i = 0; - while (i < end) - { - while (i < end && ignore(data.charAt(i))) - { - i++; - } - - b1 = decodingTable[data.charAt(i++)]; - - while (i < end && ignore(data.charAt(i))) - { - i++; - } - - b2 = decodingTable[data.charAt(i++)]; - - out.write((b1 << 4) | b2); - - length++; - } - - return length; - } -} diff --git a/luni/src/main/java/org/bouncycastle/util/encoders/HexTranslator.java b/luni/src/main/java/org/bouncycastle/util/encoders/HexTranslator.java deleted file mode 100644 index 3fff65a..0000000 --- a/luni/src/main/java/org/bouncycastle/util/encoders/HexTranslator.java +++ /dev/null @@ -1,87 +0,0 @@ -package org.bouncycastle.util.encoders; - -/** - * Converters for going from hex to binary and back. Note: this class assumes ASCII processing. - */ -public class HexTranslator - implements Translator -{ - private static final byte[] hexTable = - { - (byte)'0', (byte)'1', (byte)'2', (byte)'3', (byte)'4', (byte)'5', (byte)'6', (byte)'7', - (byte)'8', (byte)'9', (byte)'a', (byte)'b', (byte)'c', (byte)'d', (byte)'e', (byte)'f' - }; - - /** - * size of the output block on encoding produced by getDecodedBlockSize() - * bytes. - */ - public int getEncodedBlockSize() - { - return 2; - } - - public int encode( - byte[] in, - int inOff, - int length, - byte[] out, - int outOff) - { - for (int i = 0, j = 0; i < length; i++, j += 2) - { - out[outOff + j] = hexTable[(in[inOff] >> 4) & 0x0f]; - out[outOff + j + 1] = hexTable[in[inOff] & 0x0f]; - - inOff++; - } - - return length * 2; - } - - /** - * size of the output block on decoding produced by getEncodedBlockSize() - * bytes. - */ - public int getDecodedBlockSize() - { - return 1; - } - - public int decode( - byte[] in, - int inOff, - int length, - byte[] out, - int outOff) - { - int halfLength = length / 2; - byte left, right; - for (int i = 0; i < halfLength; i++) - { - left = in[inOff + i * 2]; - right = in[inOff + i * 2 + 1]; - - if (left < (byte)'a') - { - out[outOff] = (byte)((left - '0') << 4); - } - else - { - out[outOff] = (byte)((left - 'a' + 10) << 4); - } - if (right < (byte)'a') - { - out[outOff] += (byte)(right - '0'); - } - else - { - out[outOff] += (byte)(right - 'a' + 10); - } - - outOff++; - } - - return halfLength; - } -} diff --git a/luni/src/main/java/org/bouncycastle/util/encoders/Translator.java b/luni/src/main/java/org/bouncycastle/util/encoders/Translator.java deleted file mode 100644 index a3a0cb8..0000000 --- a/luni/src/main/java/org/bouncycastle/util/encoders/Translator.java +++ /dev/null @@ -1,23 +0,0 @@ -package org.bouncycastle.util.encoders; - -/** - * general interface for an translator. - */ -public interface Translator -{ - /** - * size of the output block on encoding produced by getDecodedBlockSize() - * bytes. - */ - public int getEncodedBlockSize(); - - public int encode(byte[] in, int inOff, int length, byte[] out, int outOff); - - /** - * size of the output block on decoding produced by getEncodedBlockSize() - * bytes. - */ - public int getDecodedBlockSize(); - - public int decode(byte[] in, int inOff, int length, byte[] out, int outOff); -} diff --git a/luni/src/main/java/org/bouncycastle/util/encoders/UrlBase64.java b/luni/src/main/java/org/bouncycastle/util/encoders/UrlBase64.java deleted file mode 100644 index a22d94a..0000000 --- a/luni/src/main/java/org/bouncycastle/util/encoders/UrlBase64.java +++ /dev/null @@ -1,129 +0,0 @@ -package org.bouncycastle.util.encoders; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.OutputStream; - -/** - * Convert binary data to and from UrlBase64 encoding. This is identical to - * Base64 encoding, except that the padding character is "." and the other - * non-alphanumeric characters are "-" and "_" instead of "+" and "/". - * <p> - * The purpose of UrlBase64 encoding is to provide a compact encoding of binary - * data that is safe for use as an URL parameter. Base64 encoding does not - * produce encoded values that are safe for use in URLs, since "/" can be - * interpreted as a path delimiter; "+" is the encoded form of a space; and - * "=" is used to separate a name from the corresponding value in an URL - * parameter. - */ -public class UrlBase64 -{ - private static final Encoder encoder = new UrlBase64Encoder(); - - /** - * Encode the input data producing a URL safe base 64 encoded byte array. - * - * @return a byte array containing the URL safe base 64 encoded data. - */ - public static byte[] encode( - byte[] data) - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - try - { - encoder.encode(data, 0, data.length, bOut); - } - catch (IOException e) - { - throw new RuntimeException("exception encoding URL safe base64 string: " + e); - } - - return bOut.toByteArray(); - } - - /** - * Encode the byte data writing it to the given output stream. - * - * @return the number of bytes produced. - */ - public static int encode( - byte[] data, - OutputStream out) - throws IOException - { - return encoder.encode(data, 0, data.length, out); - } - - /** - * Decode the URL safe base 64 encoded input data - white space will be ignored. - * - * @return a byte array representing the decoded data. - */ - public static byte[] decode( - byte[] data) - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - try - { - encoder.decode(data, 0, data.length, bOut); - } - catch (IOException e) - { - throw new RuntimeException("exception decoding URL safe base64 string: " + e); - } - - return bOut.toByteArray(); - } - - /** - * decode the URL safe base 64 encoded byte data writing it to the given output stream, - * whitespace characters will be ignored. - * - * @return the number of bytes produced. - */ - public static int decode( - byte[] data, - OutputStream out) - throws IOException - { - return encoder.decode(data, 0, data.length, out); - } - - /** - * decode the URL safe base 64 encoded String data - whitespace will be ignored. - * - * @return a byte array representing the decoded data. - */ - public static byte[] decode( - String data) - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - try - { - encoder.decode(data, bOut); - } - catch (IOException e) - { - throw new RuntimeException("exception decoding URL safe base64 string: " + e); - } - - return bOut.toByteArray(); - } - - /** - * Decode the URL safe base 64 encoded String data writing it to the given output stream, - * whitespace characters will be ignored. - * - * @return the number of bytes produced. - */ - public static int decode( - String data, - OutputStream out) - throws IOException - { - return encoder.decode(data, out); - } -} diff --git a/luni/src/main/java/org/bouncycastle/util/encoders/UrlBase64Encoder.java b/luni/src/main/java/org/bouncycastle/util/encoders/UrlBase64Encoder.java deleted file mode 100644 index a5fff5e..0000000 --- a/luni/src/main/java/org/bouncycastle/util/encoders/UrlBase64Encoder.java +++ /dev/null @@ -1,25 +0,0 @@ -package org.bouncycastle.util.encoders; - -/** - * Convert binary data to and from UrlBase64 encoding. This is identical to - * Base64 encoding, except that the padding character is "." and the other - * non-alphanumeric characters are "-" and "_" instead of "+" and "/". - * <p> - * The purpose of UrlBase64 encoding is to provide a compact encoding of binary - * data that is safe for use as an URL parameter. Base64 encoding does not - * produce encoded values that are safe for use in URLs, since "/" can be - * interpreted as a path delimiter; "+" is the encoded form of a space; and - * "=" is used to separate a name from the corresponding value in an URL - * parameter. - */ -public class UrlBase64Encoder extends Base64Encoder -{ - public UrlBase64Encoder() - { - encodingTable[encodingTable.length - 2] = (byte) '-'; - encodingTable[encodingTable.length - 1] = (byte) '_'; - padding = (byte) '.'; - // we must re-create the decoding table with the new encoded values. - initialiseDecodingTable(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/x509/AttributeCertificateHolder.java b/luni/src/main/java/org/bouncycastle/x509/AttributeCertificateHolder.java deleted file mode 100644 index d8aa122..0000000 --- a/luni/src/main/java/org/bouncycastle/x509/AttributeCertificateHolder.java +++ /dev/null @@ -1,263 +0,0 @@ -package org.bouncycastle.x509; - -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.GeneralNames; -import org.bouncycastle.asn1.x509.Holder; -import org.bouncycastle.asn1.x509.IssuerSerial; -import org.bouncycastle.jce.PrincipalUtil; -import org.bouncycastle.jce.X509Principal; - -import java.io.IOException; -import java.math.BigInteger; - -import java.security.Principal; -import java.security.cert.CertSelector; -import java.security.cert.Certificate; -import java.security.cert.CertificateParsingException; -import java.security.cert.CertificateEncodingException; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.List; - -import javax.security.auth.x500.X500Principal; - -/** - * The Holder object. - * <pre> - * Holder ::= SEQUENCE { - * baseCertificateID [0] IssuerSerial OPTIONAL, - * -- the issuer and serial number of - * -- the holder's Public Key Certificate - * entityName [1] GeneralNames OPTIONAL, - * -- the name of the claimant or role - * objectDigestInfo [2] ObjectDigestInfo OPTIONAL - * -- used to directly authenticate the holder, - * -- for example, an executable - * } - * </pre> - * This holder currently supports use of the baseCertificateID and the entityName. - */ -public class AttributeCertificateHolder - implements CertSelector -{ - final Holder holder; - - AttributeCertificateHolder( - ASN1Sequence seq) - { - holder = Holder.getInstance(seq); - } - - public AttributeCertificateHolder( - X509Principal issuerName, - BigInteger serialNumber) - { - holder = new org.bouncycastle.asn1.x509.Holder(new IssuerSerial( - new GeneralNames(new DERSequence(new GeneralName(issuerName))), - new DERInteger(serialNumber))); - } - - public AttributeCertificateHolder( - X500Principal issuerName, - BigInteger serialNumber) - { - this(X509Util.convertPrincipal(issuerName), serialNumber); - } - - public AttributeCertificateHolder( - X509Certificate cert) - throws CertificateParsingException - { - X509Principal name; - - try - { - name = PrincipalUtil.getIssuerX509Principal(cert); - } - catch (Exception e) - { - throw new CertificateParsingException(e.getMessage()); - } - - holder = new Holder(new IssuerSerial(generateGeneralNames(name), new DERInteger(cert.getSerialNumber()))); - } - - public AttributeCertificateHolder( - X509Principal principal) - { - holder = new Holder(generateGeneralNames(principal)); - } - - public AttributeCertificateHolder( - X500Principal principal) - { - this(X509Util.convertPrincipal(principal)); - } - - private GeneralNames generateGeneralNames(X509Principal principal) - { - return new GeneralNames(new DERSequence(new GeneralName(principal))); - } - - private boolean matchesDN(X509Principal subject, GeneralNames targets) - { - GeneralName[] names = targets.getNames(); - - for (int i = 0; i != names.length; i++) - { - GeneralName gn = names[i]; - - if (gn.getTagNo() == GeneralName.directoryName) - { - try - { - if (new X509Principal(((ASN1Encodable)gn.getName()).getEncoded()).equals(subject)) - { - return true; - } - } - catch (IOException e) - { - } - } - } - - return false; - } - - private Object[] getNames( - GeneralName[] names) - { - List l = new ArrayList(names.length); - - for (int i = 0; i != names.length; i++) - { - if (names[i].getTagNo() == GeneralName.directoryName) - { - try - { - l.add(new X500Principal(((ASN1Encodable)names[i].getName()).getEncoded())); - } - catch (IOException e) - { - throw new RuntimeException("badly formed Name object"); - } - } - } - - return l.toArray(new Object[l.size()]); - } - - private Principal[] getPrincipals( - GeneralNames names) - { - Object[] p = this.getNames(names.getNames()); - List l = new ArrayList(); - - for (int i = 0; i != p.length; i++) - { - if (p[i] instanceof Principal) - { - l.add(p[i]); - } - } - - return (Principal[])l.toArray(new Principal[l.size()]); - } - - /** - * Return any principal objects inside the attribute certificate holder entity names field. - * - * @return an array of Principal objects (usually X500Principal), null if no entity names field is set. - */ - public Principal[] getEntityNames() - { - if (holder.getEntityName() != null) - { - return getPrincipals(holder.getEntityName()); - } - - return null; - } - - /** - * Return the principals associated with the issuer attached to this holder - * - * @return an array of principals, null if no BaseCertificateID is set. - */ - public Principal[] getIssuer() - { - if (holder.getBaseCertificateID() != null) - { - return getPrincipals(holder.getBaseCertificateID().getIssuer()); - } - - return null; - } - - /** - * Return the serial number associated with the issuer attached to this holder. - * - * @return the certificate serial number, null if no BaseCertificateID is set. - */ - public BigInteger getSerialNumber() - { - if (holder.getBaseCertificateID() != null) - { - return holder.getBaseCertificateID().getSerial().getValue(); - } - - return null; - } - - /* (non-Javadoc) - * @see java.security.cert.CertSelector#clone() - */ - public Object clone() - { - return new AttributeCertificateHolder((ASN1Sequence)holder.toASN1Object()); - } - - /* (non-Javadoc) - * @see java.security.cert.CertSelector#match(java.security.cert.Certificate) - */ - public boolean match(Certificate cert) - { - if (!(cert instanceof X509Certificate)) - { - return false; - } - - X509Certificate x509Cert = (X509Certificate)cert; - - try - { - if (holder.getBaseCertificateID() != null) - { - return holder.getBaseCertificateID().getSerial().getValue().equals(x509Cert.getSerialNumber()) - && matchesDN(PrincipalUtil.getIssuerX509Principal(x509Cert), holder.getBaseCertificateID().getIssuer()); - } - - if (holder.getEntityName() != null) - { - if (matchesDN(PrincipalUtil.getSubjectX509Principal(x509Cert), holder.getEntityName())) - { - return true; - } - } - } - catch (CertificateEncodingException e) - { - return false; - } - - /** - * objectDigestInfo not supported - */ - return false; - } -} diff --git a/luni/src/main/java/org/bouncycastle/x509/AttributeCertificateIssuer.java b/luni/src/main/java/org/bouncycastle/x509/AttributeCertificateIssuer.java deleted file mode 100644 index 0679a5c..0000000 --- a/luni/src/main/java/org/bouncycastle/x509/AttributeCertificateIssuer.java +++ /dev/null @@ -1,180 +0,0 @@ -package org.bouncycastle.x509; - -import java.io.IOException; -import java.security.Principal; -import java.security.cert.CertSelector; -import java.security.cert.Certificate; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.List; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.AttCertIssuer; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.GeneralNames; -import org.bouncycastle.asn1.x509.V2Form; -import org.bouncycastle.asn1.x509.X509Name; -import org.bouncycastle.jce.X509Principal; - -/** - * Carrying class for an attribute certificate issuer. - */ -public class AttributeCertificateIssuer - implements CertSelector -{ - final ASN1Encodable form; - - /** - * @param issuer - */ - AttributeCertificateIssuer( - AttCertIssuer issuer) - { - form = issuer.getIssuer(); - } - - public AttributeCertificateIssuer( - X500Principal principal) - throws IOException - { - this(new X509Principal(principal.getEncoded())); - } - - public AttributeCertificateIssuer( - X509Principal principal) - { - form = new V2Form(new GeneralNames(new DERSequence(new GeneralName(principal)))); - } - - private Object[] getNames() - { - GeneralNames name; - - if (form instanceof V2Form) - { - name = ((V2Form)form).getIssuerName(); - } - else - { - name = (GeneralNames)form; - } - - GeneralName[] names = name.getNames(); - - List l = new ArrayList(names.length); - - for (int i = 0; i != names.length; i++) - { - if (names[i].getTagNo() == GeneralName.directoryName) - { - try - { - l.add(new X500Principal(((ASN1Encodable)names[i].getName()).getEncoded())); - } - catch (IOException e) - { - throw new RuntimeException("badly formed Name object"); - } - } - } - - return l.toArray(new Object[l.size()]); - } - - /** - * Return any principal objects inside the attribute certificate issuer object. - * - * @return an array of Principal objects (usually X500Principal) - */ - public Principal[] getPrincipals() - { - Object[] p = this.getNames(); - List l = new ArrayList(); - - for (int i = 0; i != p.length; i++) - { - if (p[i] instanceof Principal) - { - l.add(p[i]); - } - } - - return (Principal[])l.toArray(new Principal[l.size()]); - } - - private boolean matchesDN(X500Principal subject, GeneralNames targets) - { - GeneralName[] names = targets.getNames(); - - for (int i = 0; i != names.length; i++) - { - GeneralName gn = names[i]; - - if (gn.getTagNo() == GeneralName.directoryName) - { - try - { - if (new X500Principal(((ASN1Encodable)gn.getName()).getEncoded()).equals(subject)) - { - return true; - } - } - catch (IOException e) - { - } - } - } - - return false; - } - - /* (non-Javadoc) - * @see java.security.cert.CertSelector#clone() - */ - public Object clone() - { - return new AttributeCertificateIssuer(AttCertIssuer.getInstance(form)); - } - - /* (non-Javadoc) - * @see java.security.cert.CertSelector#match(java.security.cert.Certificate) - */ - public boolean match(Certificate cert) - { - if (!(cert instanceof X509Certificate)) - { - return false; - } - - X509Certificate x509Cert = (X509Certificate)cert; - - if (form instanceof V2Form) - { - V2Form issuer = (V2Form)form; - if (issuer.getBaseCertificateID() != null) - { - return issuer.getBaseCertificateID().getSerial().getValue().equals(x509Cert.getSerialNumber()) - && matchesDN(x509Cert.getIssuerX500Principal(), issuer.getBaseCertificateID().getIssuer()); - } - - GeneralNames name = issuer.getIssuerName(); - if (matchesDN(x509Cert.getSubjectX500Principal(), name)) - { - return true; - } - } - else - { - GeneralNames name = (GeneralNames)form; - if (matchesDN(x509Cert.getSubjectX500Principal(), name)) - { - return true; - } - } - - return false; - } -} diff --git a/luni/src/main/java/org/bouncycastle/x509/CertPathReviewerException.java b/luni/src/main/java/org/bouncycastle/x509/CertPathReviewerException.java deleted file mode 100644 index 173d478..0000000 --- a/luni/src/main/java/org/bouncycastle/x509/CertPathReviewerException.java +++ /dev/null @@ -1,72 +0,0 @@ -package org.bouncycastle.x509; - -import java.security.cert.CertPath; - -import org.bouncycastle.i18n.ErrorBundle; -import org.bouncycastle.i18n.LocalizedException; - -public class CertPathReviewerException extends LocalizedException -{ - - private int index = -1; - - private CertPath certPath = null; - - public CertPathReviewerException(ErrorBundle errorMessage, Throwable throwable) - { - super(errorMessage, throwable); - } - - public CertPathReviewerException(ErrorBundle errorMessage) - { - super(errorMessage); - } - - public CertPathReviewerException( - ErrorBundle errorMessage, - Throwable throwable, - CertPath certPath, - int index) - { - super(errorMessage, throwable); - if (certPath == null || index == -1) - { - throw new IllegalArgumentException(); - } - if (index < -1 || (certPath != null && index >= certPath.getCertificates().size())) - { - throw new IndexOutOfBoundsException(); - } - this.certPath = certPath; - this.index = index; - } - - public CertPathReviewerException( - ErrorBundle errorMessage, - CertPath certPath, - int index) - { - super(errorMessage); - if (certPath == null || index == -1) - { - throw new IllegalArgumentException(); - } - if (index < -1 || (certPath != null && index >= certPath.getCertificates().size())) - { - throw new IndexOutOfBoundsException(); - } - this.certPath = certPath; - this.index = index; - } - - public CertPath getCertPath() - { - return certPath; - } - - public int getIndex() - { - return index; - } - -} diff --git a/luni/src/main/java/org/bouncycastle/x509/CertPathReviewerMessages.properties b/luni/src/main/java/org/bouncycastle/x509/CertPathReviewerMessages.properties deleted file mode 100644 index 9df5e89..0000000 --- a/luni/src/main/java/org/bouncycastle/x509/CertPathReviewerMessages.properties +++ /dev/null @@ -1,563 +0,0 @@ - -## constructor exceptions - -# cert path is empty -CertPathReviewer.emptyCertPath.title = CertPath is empty -CertPathReviewer.emptyCertPath.text = PKIXCertPathReviewer: the CertPath is empty. -CertPathReviewer.emptyCertPath.summary = PKIXCertPathReviewer: the CertPath is empty. -CertPathReviewer.emptyCertPath.details = PKIXCertPathReviewer: the CertPath is empty. - -## name constraints processing errors - -# cert DN is not in the permitted tree -# {0} DN as String -CertPathReviewer.notPermittedDN.title = Name constraint error: certificate DN is not permitted -CertPathReviewer.notPermittedDN.text = Name constraint error: the certificate DN {0} is not permitted. -CertPathReviewer.notPermittedDN.summary = Name constraint error: certificate DN is not permitted. -CertPathReviewer.notPermittedDN.details = Name constraint checking error. The certificate DN {0} is not in the permitted set of DNs. - -# cert DN is in the excluded tree -# {0} DN as String -CertPathReviewer.excludedDN.title = Name constraint error: certificate DN is excluded -CertPathReviewer.excludedDN.text = Name constraint error: The certificate DN {0} is excluded. -CertPathReviewer.excludedDN.summary = Name constraint error: certificate DN is excluded. -CertPathReviewer.excludedDN.details = Name constraint checking error. The certificate DN {0} is inside of the excluded set of DNs. - -# cert email is not in the permitted tree -# {0} email address as String -CertPathReviewer.notPermittedEmail.title = Name constraint error: not permitted email address -CertPathReviewer.notPermittedEmail.text = Name constraint error: certificate contains the not permitted email address {0}. -CertPathReviewer.notPermittedEmail.summary = Name constraint error: not permitted email address. -CertPathReviewer.notPermittedEmail.details = Name constraint checking error. The certificate contains the email address {0} which is not in the permitted set of email addresses. - -# cert email is in the excluded tree -# {0} email as String -CertPathReviewer.excludedEmail.title = Name constraint error: excluded email address -CertPathReviewer.excludedEmail.text = Name constraint error: certificate contains the excluded email address {0}. -CertPathReviewer.excludedEmail.summary = Name constraint error: excluded email address. -CertPathReviewer.excludedEmail.details = Name constraint checking error. The certificate contains the email address {0} which is in the excluded set of email addresses. - -# cert IP is not in the permitted tree -# {0} ip address as String -CertPathReviewer.notPermittedIP.title = Name constraint error: not permitted IP address -CertPathReviewer.notPermittedIP.text = Name constraint error: certificate contains the not permitted IP address {0}. -CertPathReviewer.notPermittedIP.summary = Name constraint error: not permitted IP address. -CertPathReviewer.notPermittedIP.details = Name constraint checking error. The certificate contains the IP address {0} which is not in the permitted set of IP addresses. - -# cert ip is in the excluded tree -# {0} ip address as String -CertPathReviewer.excludedIP.title = Name constraint error: excluded IP address -CertPathReviewer.excludedIP.text = Name constraint error: certificate contains the excluded IP address {0}. -CertPathReviewer.excludedIP.summary = Name constraint error: excluded IP address. -CertPathReviewer.excludedIP.details = Name constraint checking error. The certificate contains the IP address {0} which is in the excluded set of IP addresses. - -# error processing the name constraints extension -CertPathReviewer.ncExtError.title = Name constraint checking failed -CertPathReviewer.ncExtError.text = Name constraint checking failed: there was an error processing the name constraints extension of the certificate. -CertPathReviewer.ncExtError.summary = Error processing the name constraints extension. -CertPathReviewer.ncExtError.details = Name constraint checking failed: there was an error processing the name constraints extension of the certificate. - -# error processing the subject alternative name extension -CertPathReviewer.subjAltNameExtError.title = Name constraint checking failed -CertPathReviewer.subjAltNameExtError.text = Name constraint checking failed: there was an error processing the subject alernative name extension of the certificate. -CertPathReviewer.subjAltNameExtError.summary = Error processing the subject alternative name extension. -CertPathReviewer.subjAltNameExtError.details = Name constraint checking failed: there was an error processing the subject alternative name extension of the certificate. - -# exception extracting subject name when checking subtrees -# {0} subject Principal -CertPathReviewer.ncSubjectNameError.title = Name constraint checking failed -CertPathReviewer.ncSubjectNameError.text = Name constraint checking failed: there was an exception extracting the DN from the certificate. -CertPathReviewer.ncSubjectNameError.summary = Name constraint checking failed: exception extracting the DN. -CertPathReviewer.ncSubjectNameError.details = Name constraint checking failed: there was an exception extracting the DN from the certificate. - - -## path length errors - -# max path length extended -CertPathReviewer.pathLenghtExtended.title = Maximum path length extended -CertPathReviewer.pathLenghtExtended.text = Certificate path invalid: Maximum path length extended. -CertPathReviewer.pathLenghtExtended.summary = Certificate path invalid: Maximum path length extended. -CertPathReviewer.pathLenghtExtended.details = Certificate path invalid: Maximum path length extended. - -# error reading length constraint from basic constraint extension -CertPathReviewer.processLengthConstError.title = Path length checking failed -CertPathReviewer.processLengthConstError.text = Path length checking failed: there was an error processing the basic constraint extension of the certificate. -CertPathReviewer.processLengthConstError.summary = Error processing the subject alternative name extension. -CertPathReviewer.processLengthConstError.details = Path length checking failed: there was an error processing the basic constraint extension of the certificate. - - -## path length notifications - -# total path length as defined in rfc 3280 -# {0} the path length as Integer -CertPathReviewer.totalPathLength.title = Total path length -CertPathReviewer.totalPathLength.text = The total path length without self-signed certificates is {0}. -CertPathReviewer.totalPathLength.summary = The total path length without self-signed certificates is {0}. -CertPathReviewer.totalPathLength.details = The total path length without self-signed certificates, as defined in RFC 3280, is {0}. - - -## critical extensions errors - -# one unknown critical extension -# {0} extension as String -CertPathReviewer.unknownCriticalExt.title = Unknown critical extension -CertPathReviewer.unknownCriticalExt.text = The certificate contains the unknown critical extension {0}. -CertPathReviewer.unknownCriticalExt.summary = Unknown critical extension: {0}. -CertPathReviewer.unknownCriticalExt.details = The certificate contains the unknown critical extension with the OID {0}. - -# more unknown critical extensions -# {0} extensions as Set of Strings -CertPathReviewer.unknownCriticalExts.title = Unknown critical extensions -CertPathReviewer.unknownCriticalExts.text = The certificate contains two or more unknown critical extensions: {0}. -CertPathReviewer.unknownCriticalExts.summary = Unknown critical extensions: {0}. -CertPathReviewer.unknownCriticalExts.details = The certificate contains two or more unknown critical extensions with the OIDs: {0}. - -# error processing critical extension -# {0} the message of the underlying exception -# {1} the underlying exception -CertPathReviewer.criticalExtensionError.title = Error processing a critical extension -CertPathReviewer.criticalExtensionError.text = Error processing a critical extension. Cause: {0}. -CertPathReviewer.criticalExtensionError.summary = Error processing a critical extension. Cause: {0}. -CertPathReviewer.criticalExtensionError.details = Error processing a critical extension. Cause: {0}. - -# error initializing the certpath checkers -# {0} the message of the underlying exception -# {1} the underlying exception -CertPathReviewer.certPathCheckerError.title = Checking critical extensions failed -CertPathReviewer.certPathCheckerError.text = Checking critical extensions failed: there was an error initializing a CertPathChecker. -CertPathReviewer.certPathCheckerError.summary = Checking critical extensions failed: error initializing a CertPathChecker -CertPathReviewer.certPathCheckerError.details = Checking critical extensions failed: there was an error initializing a CertPathChecker. Cause: {0} - - -## check signature errors - -# trustanchor found, but certificate validation failed -CertPathReviewer.trustButInvalidCert.title = TrustAnchor found, but certificate invalid -CertPathReviewer.trustButInvalidCert.text = A TrustAnchor was found but the certificate validation failed. -CertPathReviewer.trustButInvalidCert.summary = TrustAnchor found but certificate validation failed. -CertPathReviewer.trustButInvalidCert.details = A TrustAnchor was found but the certificate validation failed. - -# trustanchor - cannot extract issuer -CertPathReviewer.trustAnchorIssuerError.title = Finding TrustAnchor failed -CertPathReviewer.trustAnchorIssuerError.text = Finding TrustAnchor failed: cannot extract issuer from certificate. -CertPathReviewer.trustAnchorIssuerError.summary = Finding TrustAnchor failed: cannot extract issuer from certificate. -CertPathReviewer.trustAnchorIssuerError.details = Finding TrustAnchor failed: cannot extract issuer from certificate. - -# no trustanchor was found for the certificate path -# {0} issuer of the root certificate of the path -# {1} number of trusted root certificates (trustanchors) provided -CertPathReviewer.noTrustAnchorFound.title = No trusted root certificate found -CertPathReviewer.noTrustAnchorFound.text = The root certificate of the certificate path was issued by a CA that is not in the the trusted-root-certificate-store used for the path validation. The name of the CA is "{0}". -CertPathReviewer.noTrustAnchorFound.summary = The root certificate of the certificate path was issued by a CA that is not in the the trusted-root-certificate-store used for the path validation. -CertPathReviewer.noTrustAnchorFound.details = The root certificate of the certificate path was issued by a CA that is not in the the trusted-root-certificate-store used for the path validation. The name of the CA is "{0}". The trusted-root-certificate store contains {1} CA(s). - -# conflicting trust anchors -# {0} number of trustanchors found (Integer) -# {1} the ca name -CertPathReviewer.conflictingTrustAnchors.title = Corrupt trust root store -CertPathReviewer.conflictingTrustAnchors.text = Warning: corrupt trust root store: There are {0} trusted public keys for the CA "{1}" - please ensure with CA which is the correct key. -CertPathReviewer.conflictingTrustAnchors.summary = Warning: corrupt trust root store: There are {0} trusted public keys for the CA "{1}" - please ensure with CA which is the correct key. -CertPathReviewer.conflictingTrustAnchors.details = Warning: corrupt trust root store: There are {0} trusted public keys for the CA "{1}" - please ensure with CA which is the correct key. - -# trustanchor DN is invalid -# {0} DN of the Trustanchor -CertPathReviewer.trustDNInvalid.title = DN of TrustAnchor is improperly specified -CertPathReviewer.trustDNInvalid.text = The DN of the TrustAnchor is improperly specified: {0}. -CertPathReviewer.trustDNInvalid.summary = The DN of the TrustAnchor is improperly specified. -CertPathReviewer.trustDNInvalid.details = The DN of the TrustAnchor is improperly specified: {0}. It's not a valid X.500 name. See RFC 1779 or RFC 2253. - -# trustanchor public key algorithm error -CertPathReviewer.trustPubKeyError.title = Error processing public key of the trust anchor -CertPathReviewer.trustPubKeyError.text = Error processing public key of the trust anchor. -CertPathReviewer.trustPubKeyError.summary = Error processing public key of the trust anchor. -CertPathReviewer.trustPubKeyError.details = Error processing public key of the trust anchor. Could not extract the AlorithmIdentifier for the key. - -# can not verifiy signature: issuer public key unknown -CertPathReviewer.NoIssuerPublicKey.title = Can not verify the certificate signature -CertPathReviewer.NoIssuerPublicKey.text = Can not verify the certificate signature: Issuer public key is unknown. -CertPathReviewer.NoIssuerPublicKey.summary = Can not verify the certificate signature: Issuer public key is unknown. -CertPathReviewer.NoIssuerPublicKey.details = Can not verify the certificate signature: Issuer public key is unknown. - -# signature can not be verified -# {0} message of the underlying exception (english) -# {1} the underlying exception -CertPathReviewer.signatureNotVerified.title = Certificate signature invalid -CertPathReviewer.signatureNotVerified.text = The certificate signature is invalid. -CertPathReviewer.signatureNotVerified.summary = The certificate signature is invalid. -CertPathReviewer.signatureNotVerified.details = The certificate signature is invalid. Cause: {0} - -# certificate expired -# {0} the date the certificate expired -CertPathReviewer.certificateExpired.title = Certificate is expired -CertPathReviewer.certificateExpired.text = Could not validate the certificate. Certificate expired on {0,date} {0,time,full}. -CertPathReviewer.certificateExpired.summary = Certificate expired on {0,date} {0,time,full}. -CertPathReviewer.certificateExpired.details = Could not validate the certificate. Certificate expired on {0,date} {0,time,full}. - -# certificate not yet valid -# {0} the date from which on the certificate is valid -CertPathReviewer.certificateNotYetValid.title = Certificate is not yet valid -CertPathReviewer.certificateNotYetValid.text = Could not validate the certificate. Certificate is not valid untill {0,date} {0,time,full}. -CertPathReviewer.certificateNotYetValid.summary = Certificate is not valid untill {0,date} {0,time,full}. -CertPathReviewer.certificateNotYetValid.details = Could not validate the certificate. Certificate is not valid untill {0,date} {0,time,full}. - -# certificate invalid issuer DN -# {0} expected issuer DN as String -# {1} found issuer DN as String -CertPathReviewer.certWrongIssuer.title = Issuer of certificate not valid -CertPathReviewer.certWrongIssuer.text = Issuer of certificate is not valid. Expected {0}, but found {1}. -CertPathReviewer.certWrongIssuer.summary = Issuer of certificate is not valid. -CertPathReviewer.certWrongIssuer.details = Issuer of certificate is not valid. Expected {0}, but found {1}. - -# intermediate certificate is no ca cert -CertPathReviewer.noCACert.title = Certificate is no CA certificate -CertPathReviewer.noCACert.text = Intermediate certificate is no CA certificate. -CertPathReviewer.noCACert.summary = The certificate is no CA certificate. -CertPathReviewer.noCACert.details = The certificate is no CA certificate but used as one. - -# cert laks basic constraints -CertPathReviewer.noBasicConstraints.title = Certificate has no basic constraints -CertPathReviewer.noBasicConstraints.text = Intermediate certificate has no basic constraints. -CertPathReviewer.noBasicConstraints.summary = Intermediate certificate has no basic constraints. -CertPathReviewer.noBasicConstraints.details = Intermediate certificate has no basic constraints. - -# error processing basic constraints -CertPathReviewer.errorProcesingBC.title = Error processing the basic constraints extension -CertPathReviewer.errorProcesingBC.text = There was an error while processing the basic constraints extension of this certificate. -CertPathReviewer.errorProcesingBC.summary = Error processing the basic constraints extension. -CertPathReviewer.errorProcesingBC.details = There was an error while processing the basic constraints extension of this certificate. - -# certificate not usable for signing certs -CertPathReviewer.noCertSign.title = Key not usable for signing certificates -CertPathReviewer.noCertSign.text = The key usage constraint does not allow the use of this certificate key for signing certificates. -CertPathReviewer.noCertSign.summary = The certificate key can not be used for signing certificates. -CertPathReviewer.noCertSign.details = The key usage constraint does not allow the use of this certificate key for signing certificates. - -# error processing public key -CertPathReviewer.pubKeyError.title = Error processing public key -CertPathReviewer.pubKeyError.text = Error processing public key of the certificate. -CertPathReviewer.pubKeyError.summary = Error processing public key of the certificate. -CertPathReviewer.pubKeyError.details = Error processing public key of the certificate. Could not extract the AlorithmIdentifier for the key. - - -## check signatures notifications - -# certificate path validation date -# {0} date for which the cert path is validated -# {1} current date -CertPathReviewer.certPathValidDate.title = Certificate path validation date -CertPathReviewer.certPathValidDate.text = The certificate path was applied on {0,date} {0,time,full}. It was validated at {1,date} {1,time,full}. -CertPathReviewer.certPathValidDate.summary = The certificate path was validated for {0,date} {0,time,full}. It was validated at {1,date} {1,time,full}. -CertPathReviewer.certPathValidDate.details = The certificate path was validated for {0,date} {0,time,full}. It was validated at {1,date} {1,time,full}. - - -## check policy errors - -# error processing certificate policy extension -CertPathReviewer.policyExtError.title = Policy checking failed -CertPathReviewer.policyExtError.text = Policy checking failed: there was an error processing the certificate policy extension. -CertPathReviewer.policyExtError.summary = Error processing the certificate policy extension. -CertPathReviewer.policyExtError.details = Policy checking failed: there was an error processing the certificate policy extension. - -# error processing policy constraints extension -CertPathReviewer.policyConstExtError.title = Policy checking failed -CertPathReviewer.policyConstExtError.text = Policy checking failed: there was an error processing the policy constraints extension. -CertPathReviewer.policyConstExtError.summary = Error processing the policy constraints extension. -CertPathReviewer.policyConstExtError.details = Policy checking failed: there was an error processing the policy constraints extension. - -# error processing policy mapping extension -CertPathReviewer.policyMapExtError.title = Policy checking failed -CertPathReviewer.policyMapExtError.text = Policy checking failed: there was an error processing the policy mapping extension. -CertPathReviewer.policyMapExtError.summary = Error processing the policy mapping extension. -CertPathReviewer.policyMapExtError.details = Policy checking failed: there was an error processing the policy mapping extension. - -# error processing inhibit any policy extension -CertPathReviewer.policyInhibitExtError.title = Policy checking failed -CertPathReviewer.policyInhibitExtError.text = Policy checking failed: there was an error processing the policy mapping extension. -CertPathReviewer.policyInhibitExtError.summary = Error processing the inhibit any policy extension. -CertPathReviewer.policyInhibitExtError.details = Policy checking failed: there was an error processing the policy mapping extension. - -# error building qualifier set -CertPathReviewer.policyQualifierError.title = Policy checking failed -CertPathReviewer.policyQualifierError.text = Policy checking failed: error building the policy qualifier set. -CertPathReviewer.policyQualifierError.summary = Policy checking failed: error building the policy qualifier set. -CertPathReviewer.policyQualifierError.details = Policy checking failed: error building the policy qualifier set. - -# no valid policy tree - explicit policy required -CertPathReviewer.noValidPolicyTree.title = Policy checking failed -CertPathReviewer.noValidPolicyTree.text = Policy checking failed: no valid policy tree found when one expected. -CertPathReviewer.noValidPolicyTree.summary = Policy checking failed: no valid policy tree found when one expected. -CertPathReviewer.noValidPolicyTree.details = Policy checking failed: no valid policy tree found when one expected. - -# expicit policy requested, but no policy available -CertPathReviewer.explicitPolicy.title = Policy checking failed -CertPathReviewer.explicitPolicy.text = Policy checking failed: explicit policy requested but no policy available. -CertPathReviewer.explicitPolicy.summary = Policy checking failed: explicit policy requested but no policy available. -CertPathReviewer.explicitPolicy.details = Policy checking failed: explicit policy requested but no policy available. - -# path processing failed on policy -CertPathReviewer.invalidPolicy.title = Path processing failed on policy -CertPathReviewer.invalidPolicy.text = Path processing failed on policy. -CertPathReviewer.invalidPolicy.summary = Path processing failed on policy. -CertPathReviewer.invalidPolicy.details = Path processing failed on policy. - -# invalid policy mapping -CertPathReviewer.invalidPolicyMapping.title = Invalid policy mapping -CertPathReviewer.invalidPolicyMapping.text = Certificate contains an invalid policy mapping. -CertPathReviewer.invalidPolicyMapping.summary = Certificate contains an invalid policy mapping. -CertPathReviewer.invalidPolicyMapping.details = Certificate contains a policy mapping including the value any policy which is invalid. - -## check CRL notifications - -# found local valid CRL -# {0} thisUpdate of the CRL -# {1} nextUpdate of the CRL -CertPathReviewer.localValidCRL.title = Found valid local CRL -CertPathReviewer.localValidCRL.text = Found a valid CRL in local certstore. Issued on {0,date}, next update {1,date}. -CertPathReviewer.localValidCRL.summary = Found a valid CRL in local certstore. Issued on {0,date}, next update {1,date}. -CertPathReviewer.localValidCRL.details = Found a valid CRL in local certstore. Issued on {0,date}, next update {1,date}. - - -# found matching CRL, but not valid -# {0} thisUpdate of the CRL -# {1} nextUpdate of the CRL -CertPathReviewer.localInvalidCRL.title = Local CRL outdated -CertPathReviewer.localInvalidCRL.text = Did not use a matching CRL in a local certstore, because it is outdated. Issued on {0,date}, next update {1,date}. -CertPathReviewer.localInvalidCRL.summary = Did not use a matching CRL in a local certstore, because it is outdated. Issued on {0,date}, next update {1,date}. -CertPathReviewer.localInvalidCRL.details = Did not use a matching CRL in a local certstore, because it is outdated. Issued on {0,date}, next update {1,date}. - -# found a valid crl at crl distribution point -# {0} thisUpdate of the CRL -# {1} nextUpdate of the CRL -# {2} the url of the distribution point -CertPathReviewer.onlineValidCRL.title = Found valid CRL at CRL distribution point -CertPathReviewer.onlineValidCRL.text = Found a valid CRL at: {2}. Issued on {0,date}, next update on {1,date}. -CertPathReviewer.onlineValidCRL.summary = Found a valid CRL at: {2}. Issued on {0,date}, next update on {1,date}. -CertPathReviewer.onlineValidCRL.details = Found a valid CRL at: {2}. Issued on {0,date}, next update on {1,date}. - -# found an invalid CRL at crl distribution point -# {0} thisUpdate of the CRL -# {1} nextUpdate of the CRL -# {2} the url of the distribution point -CertPathReviewer.onlineInvalidCRL.title = Outdated CRL at CRL distribution point -CertPathReviewer.onlineInvalidCRL.text = The CRL loaded from {2} was outdated. Issued on {0,date}, next update on {1,date}. -CertPathReviewer.onlineInvalidCRL.summary = The CRL loaded from {2} was outdated. Issued on {0,date}, next update on {1,date}. -CertPathReviewer.onlineInvalidCRL.details = The CRL loaded from {2} was outdated. Issued on {0,date}, next update on {1,date}. - -# Certificate not revoked -CertPathReviewer.notRevoked.title = Certificate not revoked -CertPathReviewer.notRevoked.text = The certificate was not revoked. -CertPathReviewer.notRevoked.summary = The certificate was not revoked. -CertPathReviewer.notRevoked.details = The certificate was not revoked. - -# CRL found: certificate was revoked, but after the validationDate -# {0} the date the certificate was revoked -# {1} the reason for revoking the certificate -CertPathReviewer.revokedAfterValidation.title = Certificate was revoked after the validation date -CertPathReviewer.revokedAfterValidation.text = The certificate was revoked after the validation date at {0,date} {0,time,full}. Reason: {1}. -CertPathReviewer.revokedAfterValidation.summary = The certificate was revoked after the validation date at {0,date} {0,time,full}. -CertPathReviewer.revokedAfterValidation.details = The certificate was revoked after the validation date at {0,date} {0,time,full}. Reason: {1}. - -# updated crl available -# {0} date since when the update is available -CertPathReviewer.crlUpdateAvailable.title = CRL update available -CertPathReviewer.crlUpdateAvailable.text = An update for the CRL of this certificate is available since {0,date} {0,time,full}. -CertPathReviewer.crlUpdateAvailable.summary = An update for the CRL of this certificate is available since {0,date} {0,time,full}. -CertPathReviewer.crlUpdateAvailable.details = An update for the CRL of this certificate is available since {0,date} {0,time,full}. - -# crl distribution point url -# {0} the crl distribution point url as String -CertPathReviewer.crlDistPoint.title = CRL distribution point -CertPathReviewer.crlDistPoint.text = A CRL can be obtained from: {0}. -CertPathReviewer.crlDistPoint.summary = A CRL can be obtained from: {0}. -CertPathReviewer.crlDistPoint.details = A CRL can be obtained from: {0}. - -# ocsp location -# {0} the url on which the ocsp service can be found -CertPathReviewer.ocspLocation.title = OCSP responder location -CertPathReviewer.ocspLocation.text = OCSP responder location: {0}. -CertPathReviewer.ocspLocation.summary = OCSP responder location: {0}. -CertPathReviewer.ocspLocation.details = OCSP responder location: {0}. - -# unable to get crl from crl distribution point -# {0} the url of the distribution point -# {1} the message of the occured exception -# {2} the occured exception -CertPathReviewer.loadCrlDistPointError.title = Cannot load CRL from CRL distribution point -CertPathReviewer.loadCrlDistPointError.text = Unable to load a CRL from: {0}. An Exception occured. -CertPathReviewer.loadCrlDistPointError.summary = Unable to load a CRL from: {0}. An Exception occured. -CertPathReviewer.loadCrlDistPointError.details = Unable to load a CRL from: {0}. An Exception occured: Cause: {1}. - -# no crl found in certstores -# {0} the issuers which we searched for -# {1} list of crl issuer names that are found in the certstores -# {2} number of crls in the certstores -CertPathReviewer.noCrlInCertstore.title = No matching CRL found in local certstores -CertPathReviewer.noCrlInCertstore.text = No matching CRL was found in the provided local certstore. -CertPathReviewer.noCrlInCertstore.summary = No matching CRL was found in the provided local certstore. -CertPathReviewer.noCrlInCertstore.details = No matching CRL was found in the provided local certstore. \ -No CRL was found for the selector "{0}". The {2} CRL(s) in the certstores are from "{1}". - - -## check CRL exceptions - -# cannot extract issuer from certificate -CertPathReviewer.crlIssuerException.title = CRL checking failed -CertPathReviewer.crlIssuerException.text = CRL checking failed: cannot extract issuer from certificate. -CertPathReviewer.crlIssuerException.summary = CRL checking failed: cannot extract issuer from certificate. -CertPathReviewer.crlIssuerException.details = CRL checking failed: cannot extract issuer from certificate. - -# cannot extract crls -# {0} message from the underlying exception -# {1} the underlying exception -CertPathReviewer.crlExtractionError.title = CRL checking failed -CertPathReviewer.crlExtractionError.text = CRL checking failed: Cannot extract CRL from CertStore. -CertPathReviewer.crlExtractionError.summary = CRL checking failed: Cannot extract CRL from CertStore. -CertPathReviewer.crlExtractionError.details = CRL checking failed: Cannot extract CRL from CertStore. Cause: {0}. - -# Issuer certificate key usage extension does not permit crl signing -CertPathReviewer.noCrlSigningPermited.title = CRL checking failed -CertPathReviewer.noCrlSigningPermited.text = CRL checking failed: issuer certificate does not permit CRL signing. -CertPathReviewer.noCrlSigningPermited.summary = CRL checking failed: issuer certificate does not permit CRL signing. -CertPathReviewer.noCrlSigningPermited.details = CRL checking failed: issuer certificate does not permit CRL signing. - -# can not verify crl: issuer public key unknown -CertPathReviewer.crlNoIssuerPublicKey.title = CRL checking failed -CertPathReviewer.crlNoIssuerPublicKey.text = CRL checking failed: Can not verify the CRL: Issuer public key is unknown. -CertPathReviewer.crlNoIssuerPublicKey.summary = CRL checking failed: Can not verify the CRL: Issuer public key is unknown. -CertPathReviewer.crlNoIssuerPublicKey.details = CRL checking failed: Can not verify the CRL: Issuer public key is unknown. - -# crl verification failed -CertPathReviewer.crlVerifyFailed.title = CRL checking failed -CertPathReviewer.crlVerifyFailed.text = CRL checking failed: CRL signature is invalid. -CertPathReviewer.crlVerifyFailed.summary = CRL checking failed: CRL signature is invalid. -CertPathReviewer.crlVerifyFailed.details = CRL checking failed: CRL signature is invalid. - -# no valid CRL found -CertPathReviewer.noValidCrlFound.title = CRL checking failed -CertPathReviewer.noValidCrlFound.text = CRL checking failed: no valid CRL found. -CertPathReviewer.noValidCrlFound.summary = CRL checking failed: no valid CRL found. -CertPathReviewer.noValidCrlFound.details = CRL checking failed: no valid CRL found. - -# No base CRL for delta CRL -CertPathReviewer.noBaseCRL.title = CRL checking failed -CertPathReviewer.noBaseCRL.text = CRL checking failed: no base CRL found for delta CRL. -CertPathReviewer.noBaseCRL.summary = CRL checking failed: no base CRL found for delta CRL. -CertPathReviewer.noBaseCRL.details = CRL checking failed: no base CRL found for delta CRL. - -# certificate revoked -# {0} the date the certificate was revoked -# {1} the reason for revoking the certificate -CertPathReviewer.certRevoked.title = Certificate was revoked -CertPathReviewer.certRevoked.text = The certificate is invalid, because it was revoked at {0,date} {0,time,full}. Reason: {1}. -CertPathReviewer.certRevoked.summary = The certificate is invalid, because it was revoked at {0,date} {0,time,full}. -CertPathReviewer.certRevoked.details = The certificate is invalid, because it was revoked at {0,date} {0,time,full}. Reason: {1}. - -# error processing issuing distribution point extension -CertPathReviewer.distrPtExtError.title = CRL checking failed -CertPathReviewer.distrPtExtError.text = CRL checking failed: there was an error processing the issuing distribution point extension. -CertPathReviewer.distrPtExtError.summary = Error processing the issuing distribution point extension. -CertPathReviewer.distrPtExtError.details = CRL checking failed: there was an error processing the issuing distribution point extension. - -# error processing crl distribution points extension -CertPathReviewer.crlDistPtExtError.title = CRL checking failed -CertPathReviewer.crlDistPtExtError.text = CRL checking failed: there was an error processing the crl distribution points extension. -CertPathReviewer.crlDistPtExtError.summary = Error processing the crl distribution points extension. -CertPathReviewer.crlDistPtExtError.details = CRL checking failed: there was an error processing the crl distribution points extension. - -# error processing the authority info access extension -CertPathReviewer.crlAuthInfoAccError.title = CRL checking failed -CertPathReviewer.crlAuthInfoAccError.text = CRL checking failed: there was an error processing the authority info access extension. -CertPathReviewer.crlAuthInfoAccError.summary = Error processing the authority info access extension. -CertPathReviewer.crlAuthInfoAccError.details = CRL checking failed: there was an error processing the authority info access extension. - -# error processing delta crl indicator extension -CertPathReviewer.deltaCrlExtError.title = CRL checking failed -CertPathReviewer.deltaCrlExtError.text = CRL checking failed: there was an error processing the delta CRL indicator extension. -CertPathReviewer.deltaCrlExtError.summary = Error processing the delta CRL indicator extension. -CertPathReviewer.deltaCrlExtError.details = CRL checking failed: there was an error processing the delta CRL indicator extension. - -# error porcessing crl number extension -CertPathReviewer.crlNbrExtError.title = CRL checking failed -CertPathReviewer.crlNbrExtError.text = CRL checking failed: there was an error processing the CRL number extension. -CertPathReviewer.crlNbrExtError.summary = Error processing the CRL number extension. -CertPathReviewer.crlNbrExtError.details = CRL checking failed: there was an error processing the CRL number extension. - -# error processing crl reason code extension -CertPathReviewer.crlReasonExtError.title = CRL checking failed -CertPathReviewer.crlReasonExtError.text = CRL checking failed: there was an error processing the CRL reason code extension. -CertPathReviewer.crlReasonExtError.summary = Error processing the CRL reason code extension. -CertPathReviewer.crlReasonExtError.details = CRL checking failed: there was an error processing the CRL reason code extension. - -# error processing basic constraints extension -CertPathReviewer.crlBCExtError.title = CRL checking failed -CertPathReviewer.crlBCExtError.text = CRL checking failed: there was an error processing the basic constraints extension. -CertPathReviewer.crlBCExtError.summary = Error processing the basic constraints extension. -CertPathReviewer.crlBCExtError.details = CRL checking failed: there was an error processing the basic constraints extension. - -# CA Cert CRL only contains user certificates -CertPathReviewer.crlOnlyUserCert.title = CRL checking failed -CertPathReviewer.crlOnlyUserCert.text = CRL checking failed: CRL only contains user certificates. -CertPathReviewer.crlOnlyUserCert.summary = CRL checking failed: CRL only contains user certificates. -CertPathReviewer.crlOnlyUserCert.details = CRL checking failed: CRL for CA certificate only contains user certificates. - -# End CRL only contains CA certificates -CertPathReviewer.crlOnlyCaCert.title = CRL checking failed -CertPathReviewer.crlOnlyCaCert.text = CRL checking failed: CRL only contains CA certificates. -CertPathReviewer.crlOnlyCaCert.summary = CRL checking failed: CRL only contains CA certificates. -CertPathReviewer.crlOnlyCaCert.details = CRL checking failed: CRL for end certificate only contains CA certificates. - -# onlyContainsAttributeCerts boolean is asserted -CertPathReviewer.crlOnlyAttrCert.title = CRL checking failed -CertPathReviewer.crlOnlyAttrCert.text = CRL checking failed: CRL only contains attribute certificates. -CertPathReviewer.crlOnlyAttrCert.summary = CRL checking failed: CRL only contains attribute certificates. -CertPathReviewer.crlOnlyAttrCert.details = CRL checking failed: CRL only contains attribute certificates. - - -## QcStatement notifications - -# unkown statement -# {0} statement OID -# {1} statement as ANS1Sequence -CertPathReviewer.QcUnknownStatement.title = Unknown statement in QcStatement extension -CertPathReviewer.QcUnknownStatement.text = Unknown statement in QcStatement extension: OID = {0} -CertPathReviewer.QcUnknownStatement.summary = Unknown statement in QcStatement extension: OID = {0} -CertPathReviewer.QcUnknownStatement.details = Unknown statement in QcStatement extension: OID = {0}, statement = {1} - -# QcLimitValue Alpha currency code -# {0} currency code -# {1} limit value -# {2} monetary value as MonetaryValue -CertPathReviewer.QcLimitValueAlpha.title = Transaction Value Limit -CertPathReviewer.QcLimitValueAlpha.text = This certificate has a limit for the transaction value: {1,number,currency} {0}. -CertPathReviewer.QcLimitValueAlpha.summary = Transaction value limit: {1,number,currency} {0}. -CertPathReviewer.QcLimitValueAlpha.details = This certificate has a limitation on the value of transaction for which this certificate can be used to the specified amount, according to the Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures, as implemented in the law of the country specified in the issuer field of this certificate. The limit for this certificate is {1,number,currency} {0}. - -# QcLimitValue Numeric currency code -# {0} currency code -# {1} limit value -# {2} monetary value as MonetaryValue -CertPathReviewer.QcLimitValueNum.title = Transaction Value Limit -CertPathReviewer.QcLimitValueNum.text = This certificate has a limit for the transaction value: {1,number,currency} of currency {0} (See RFC 4217 for currency codes). -CertPathReviewer.QcLimitValueNum.summary = Transaction value limit: {1,number,currency} of currency {0} (See RFC 4217 for currency codes). -CertPathReviewer.QcLimitValueNum.details = This certificate has a limitation on the value of transaction for which this certificate can be used to the specified amount, according to the Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures, as implemented in the law of the country specified in the issuer field of this certificate. The limit for this certificate is {1,number,currency} of currency {0} (See RFC 4217 for currency codes). - -# QcSSCD -CertPathReviewer.QcSSCD.title = QcSSCD Statement -CertPathReviewer.QcSSCD.text = The issuer claims that for the certificate where this statement appears that the private key associated with the public key in the certificate is protected according to Annex III of the Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures. -CertPathReviewer.QcSSCD.summary = The issuer claims that for the certificate where this statement appears that the private key associated with the public key in the certificate is protected according to Annex III of the Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures. -CertPathReviewer.QcSSCD.details = The issuer claims that for the certificate where this statement appears that the private key associated with the public key in the certificate is protected according to Annex III of the Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures. - -# QcEuCompliance -CertPathReviewer.QcEuCompliance.title = Qualified Certificate -CertPathReviewer.QcEuCompliance.text = This certificate is issued as a Qualified Certificate according Annex I and II of the Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures, as implemented in the law of the country specified in the issuer field of this certificate. -CertPathReviewer.QcEuCompliance.summary = This certificate is issued as a Qualified Certificate according Annex I and II of the Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures, as implemented in the law of the country specified in the issuer field of this certificate. -CertPathReviewer.QcEuCompliance.details = This certificate is issued as a Qualified Certificate according Annex I and II of the Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures, as implemented in the law of the country specified in the issuer field of this certificate. - -## QcStatement errors - -# error processing the QcStatement extension -CertPathReviewer.QcStatementExtError.title = Error processing the qc statements extension -CertPathReviewer.QcStatementExtError.text = Error processing the qc statements extension. -CertPathReviewer.QcStatementExtError.summary = Error processing the qc statements extension. -CertPathReviewer.QcStatementExtError.details = Error processing the qc statements extension. - diff --git a/luni/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.java b/luni/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.java deleted file mode 100644 index cc00697..0000000 --- a/luni/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.java +++ /dev/null @@ -1,2437 +0,0 @@ -package org.bouncycastle.x509; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.math.BigInteger; -import java.net.HttpURLConnection; -import java.net.InetAddress; -import java.net.URL; -import java.security.GeneralSecurityException; -import java.security.PublicKey; -import java.security.cert.CertPath; -import java.security.cert.CertPathValidatorException; -import java.security.cert.CertificateExpiredException; -import java.security.cert.CertificateFactory; -import java.security.cert.CertificateNotYetValidException; -import java.security.cert.PKIXCertPathChecker; -import java.security.cert.PKIXParameters; -import java.security.cert.PolicyNode; -import java.security.cert.TrustAnchor; -import java.security.cert.X509CRL; -import java.security.cert.X509CRLEntry; -import java.security.cert.X509CRLSelector; -import java.security.cert.X509CertSelector; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Date; -import java.util.Enumeration; -import java.util.HashMap; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; -import java.util.Map; -import java.util.Set; -import java.util.Vector; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.ASN1TaggedObject; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DEREnumerated; -import org.bouncycastle.asn1.DERIA5String; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.x509.AccessDescription; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.AuthorityInformationAccess; -import org.bouncycastle.asn1.x509.BasicConstraints; -import org.bouncycastle.asn1.x509.CRLDistPoint; -import org.bouncycastle.asn1.x509.DistributionPoint; -import org.bouncycastle.asn1.x509.DistributionPointName; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.GeneralNames; -import org.bouncycastle.asn1.x509.GeneralSubtree; -import org.bouncycastle.asn1.x509.IssuingDistributionPoint; -import org.bouncycastle.asn1.x509.NameConstraints; -import org.bouncycastle.asn1.x509.PolicyInformation; -import org.bouncycastle.asn1.x509.X509Extensions; -import org.bouncycastle.asn1.x509.X509Name; -import org.bouncycastle.asn1.x509.qualified.Iso4217CurrencyCode; -import org.bouncycastle.asn1.x509.qualified.MonetaryValue; -import org.bouncycastle.asn1.x509.qualified.QCStatement; -import org.bouncycastle.i18n.ErrorBundle; -import org.bouncycastle.i18n.filter.UntrustedInput; -import org.bouncycastle.jce.provider.CertPathValidatorUtilities; -import org.bouncycastle.jce.provider.PKIXPolicyNode; -import org.bouncycastle.jce.provider.AnnotatedException; - -/** - * PKIXCertPathReviewer<br> - * Validation of X.509 Certificate Paths. Tries to find as much errors in the Path as possible. - */ -public class PKIXCertPathReviewer extends CertPathValidatorUtilities -{ - - private static final String QC_STATEMENT = X509Extensions.QCStatements.getId(); - private static final String CRL_DIST_POINTS = X509Extensions.CRLDistributionPoints.getId(); - private static final String AUTH_INFO_ACCESS = X509Extensions.AuthorityInfoAccess.getId(); - - private static final String RESOURCE_NAME = "org.bouncycastle.x509.CertPathReviewerMessages"; - - // input parameters - - protected CertPath certPath; - - protected PKIXParameters pkixParams; - - protected Date validDate; - - // state variables - - protected List certs; - - protected int n; - - // output variables - - protected List[] notifications; - protected List[] errors; - protected TrustAnchor trustAnchor; - protected PublicKey subjectPublicKey; - protected PolicyNode policyTree; - - - /** - * Creates a PKIXCertPathReviewer for the given {@link CertPath} and {@link PKIXParameters} params - * @param certPath the {@link CertPath} to validate - * @param params the {@link PKIXParameters} to use - * @throws CertPathReviewerException if the certPath is empty - */ - public PKIXCertPathReviewer(CertPath certPath, PKIXParameters params) - throws CertPathReviewerException - { - // check input parameters - if (certPath == null) - { - throw new NullPointerException("certPath was null"); - } - this.certPath = certPath; - - certs = certPath.getCertificates(); - n = certs.size(); - if (certs.isEmpty()) - { - throw new CertPathReviewerException( - new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.emptyCertPath")); - } - - pkixParams = (PKIXParameters) params.clone(); - - // 6.1.1 - Inputs - - // a) done - - // b) - - validDate = getValidDate(pkixParams); - - // c) part of pkixParams - - // d) done at the beginning of checkSignatures - - // e) f) g) part of pkixParams - - // initialize output parameters - - notifications = null; - errors = null; - trustAnchor = null; - subjectPublicKey = null; - policyTree = null; - - } - - /** - * - * @return the CertPath that was validated - */ - public CertPath getCertPath() - { - return certPath; - } - - /** - * - * @return the size of the CertPath - */ - public int getCertPathSize() - { - return n; - } - - /** - * Returns an Array of Lists which contains a List of global error messages - * and a List of error messages for each certificate in the path. - * The global error List is at index 0. The error lists for each certificate at index 1 to n. - * The error messages are of type. - * @return the Array of Lists which contain the error messages - */ - public List[] getErrors() - { - doChecks(); - return errors; - } - - /** - * Returns an List of error messages for the certificate at the given index in the CertPath. - * If index == -1 then the list of global errors is returned with errors not specific to a certificate. - * @param index the index of the certificate in the CertPath - * @return List of error messages for the certificate - */ - public List getErrors(int index) - { - doChecks(); - return errors[index + 1]; - } - - /** - * Returns an Array of Lists which contains a List of global notification messages - * and a List of botification messages for each certificate in the path. - * The global notificatio List is at index 0. The notification lists for each certificate at index 1 to n. - * The error messages are of type. - * @return the Array of Lists which contain the notification messages - */ - public List[] getNotifications() - { - doChecks(); - return notifications; - } - - /** - * Returns an List of notification messages for the certificate at the given index in the CertPath. - * If index == -1 then the list of global notifications is returned with notifications not specific to a certificate. - * @param index the index of the certificate in the CertPath - * @return List of notification messages for the certificate - */ - public List getNotifications(int index) - { - doChecks(); - return notifications[index + 1]; - } - - /** - * - * @return the valid policy tree, <b>null</b> if no valid policy exists. - */ - public PolicyNode getPolicyTree() - { - doChecks(); - return policyTree; - } - - /** - * - * @return the PublicKey if the last certificate in the CertPath - */ - public PublicKey getSubjectPublicKey() - { - doChecks(); - return subjectPublicKey; - } - - /** - * - * @return the TrustAnchor for the CertPath, <b>null</b> if no valid TrustAnchor was found. - */ - public TrustAnchor getTrustAnchor() - { - doChecks(); - return trustAnchor; - } - - /** - * - * @return if the CertPath is valid - */ - public boolean isValidCertPath() - { - doChecks(); - boolean valid = true; - for (int i = 0; i < errors.length; i++) - { - if (!errors[i].isEmpty()) - { - valid = false; - break; - } - } - return valid; - } - - protected void addNotification(ErrorBundle msg) - { - notifications[0].add(msg); - } - - protected void addNotification(ErrorBundle msg, int index) - { - if (index < -1 || index >= n) - { - throw new IndexOutOfBoundsException(); - } - notifications[index + 1].add(msg); - } - - protected void addError(ErrorBundle msg) - { - errors[0].add(msg); - } - - protected void addError(ErrorBundle msg, int index) - { - if (index < -1 || index >= n) - { - throw new IndexOutOfBoundsException(); - } - errors[index + 1].add(msg); - } - - protected void doChecks() - { - if (notifications == null) - { - // initialize lists - notifications = new List[n+1]; - errors = new List[n+1]; - - for (int i = 0; i < notifications.length; i++) - { - notifications[i] = new ArrayList(); - errors[i] = new ArrayList(); - } - - // check Signatures - checkSignatures(); - - // check Name Constraints - checkNameConstraints(); - - // check Path Length - checkPathLength(); - - // check Policy - checkPolicy(); - - // check other critical extensions - checkCriticalExtensions(); - - } - } - - private void checkNameConstraints() - { - X509Certificate cert = null; - - // - // Setup - // - - // (b) - Set permittedSubtreesDN = new HashSet(); - Set permittedSubtreesEmail = new HashSet(); - Set permittedSubtreesIP = new HashSet(); - - // (c) - Set excludedSubtreesDN = new HashSet(); - Set excludedSubtreesEmail = new HashSet(); - Set excludedSubtreesIP = new HashSet(); - - // - // process each certificate except the last in the path - // - int index; - int i; - - try - { - for (index = certs.size()-1; index>0; index--) - { - i = n - index; - - // - // certificate processing - // - - cert = (X509Certificate) certs.get(index); - - // b),c) - - if (!isSelfIssued(cert)) - { - X500Principal principal = getSubjectPrincipal(cert); - ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(principal.getEncoded())); - ASN1Sequence dns; - - try - { - dns = (ASN1Sequence)aIn.readObject(); - } - catch (IOException e) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.ncSubjectNameError", - new Object[] {new UntrustedInput(principal)}); - throw new CertPathReviewerException(msg,e,certPath,index); - } - - try - { - checkPermittedDN(permittedSubtreesDN, dns); - } - catch (CertPathValidatorException cpve) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.notPermittedDN", - new Object[] {new UntrustedInput(principal.getName())}); - throw new CertPathReviewerException(msg,cpve,certPath,index); - } - - try - { - checkExcludedDN(excludedSubtreesDN, dns); - } - catch (CertPathValidatorException cpve) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.excludedDN", - new Object[] {new UntrustedInput(principal.getName())}); - throw new CertPathReviewerException(msg,cpve,certPath,index); - } - - ASN1Sequence altName; - try - { - altName = (ASN1Sequence)getExtensionValue(cert, SUBJECT_ALTERNATIVE_NAME); - } - catch (AnnotatedException ae) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.subjAltNameExtError"); - throw new CertPathReviewerException(msg,ae,certPath,index); - } - - if (altName != null) - { - for (int j = 0; j < altName.size(); j++) - { - ASN1TaggedObject o = (ASN1TaggedObject)altName.getObjectAt(j); - - switch(o.getTagNo()) - { - case 1: - String email = DERIA5String.getInstance(o, true).getString(); - - try - { - checkPermittedEmail(permittedSubtreesEmail, email); - } - catch (CertPathValidatorException cpve) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.notPermittedEmail", - new Object[] {new UntrustedInput(email)}); - throw new CertPathReviewerException(msg,cpve,certPath,index); - } - - try - { - checkExcludedEmail(excludedSubtreesEmail, email); - } - catch (CertPathValidatorException cpve) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.excludedEmail", - new Object[] {new UntrustedInput(email)}); - throw new CertPathReviewerException(msg,cpve,certPath,index); - } - - break; - case 4: - ASN1Sequence altDN = ASN1Sequence.getInstance(o, true); - - try - { - checkPermittedDN(permittedSubtreesDN, altDN); - } - catch (CertPathValidatorException cpve) - { - X509Name altDNName = new X509Name(altDN); - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.notPermittedDN", - new Object[] {new UntrustedInput(altDNName)}); - throw new CertPathReviewerException(msg,cpve,certPath,index); - } - - try - { - checkExcludedDN(excludedSubtreesDN, altDN); - } - catch (CertPathValidatorException cpve) - { - X509Name altDNName = new X509Name(altDN); - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.excludedDN", - new Object[] {new UntrustedInput(altDNName)}); - throw new CertPathReviewerException(msg,cpve,certPath,index); - } - - break; - case 7: - byte[] ip = ASN1OctetString.getInstance(o, true).getOctets(); - - try - { - checkPermittedIP(permittedSubtreesIP, ip); - } - catch (CertPathValidatorException cpve) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.notPermittedIP", - new Object[] {IPtoString(ip)}); - throw new CertPathReviewerException(msg,cpve,certPath,index); - } - - try - { - checkExcludedIP(excludedSubtreesIP, ip); - } - catch (CertPathValidatorException cpve) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.excludedIP", - new Object[] {IPtoString(ip)}); - throw new CertPathReviewerException(msg,cpve,certPath,index); - } - } - } - } - } - - // - // prepare for next certificate - // - - // - // (g) handle the name constraints extension - // - ASN1Sequence ncSeq; - try - { - ncSeq = (ASN1Sequence)getExtensionValue(cert, NAME_CONSTRAINTS); - } - catch (AnnotatedException ae) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.ncExtError"); - throw new CertPathReviewerException(msg,ae,certPath,index); - } - - if (ncSeq != null) - { - NameConstraints nc = new NameConstraints(ncSeq); - - // - // (g) (1) permitted subtrees - // - ASN1Sequence permitted = nc.getPermittedSubtrees(); - if (permitted != null) - { - Enumeration e = permitted.getObjects(); - while (e.hasMoreElements()) - { - GeneralSubtree subtree = GeneralSubtree.getInstance(e.nextElement()); - GeneralName base = subtree.getBase(); - - switch(base.getTagNo()) - { - case 1: - permittedSubtreesEmail = intersectEmail(permittedSubtreesEmail, DERIA5String.getInstance(base.getName()).getString()); - break; - case 4: - permittedSubtreesDN = intersectDN(permittedSubtreesDN, (ASN1Sequence)base.getName()); - break; - case 7: - permittedSubtreesIP = intersectIP(permittedSubtreesIP, ASN1OctetString.getInstance(base.getName()).getOctets()); - break; - } - } - } - - // - // (g) (2) excluded subtrees - // - ASN1Sequence excluded = nc.getExcludedSubtrees(); - if (excluded != null) - { - Enumeration e = excluded.getObjects(); - while (e.hasMoreElements()) - { - GeneralSubtree subtree = GeneralSubtree.getInstance(e.nextElement()); - GeneralName base = subtree.getBase(); - - switch(base.getTagNo()) - { - case 1: - excludedSubtreesEmail = unionEmail(excludedSubtreesEmail, DERIA5String.getInstance(base.getName()).getString()); - break; - case 4: - excludedSubtreesDN = unionDN(excludedSubtreesDN, (ASN1Sequence)base.getName()); - break; - case 7: - excludedSubtreesIP = unionIP(excludedSubtreesIP, ASN1OctetString.getInstance(base.getName()).getOctets()); - break; - } - } - } - } - - } // for - } - catch (CertPathReviewerException cpre) - { - addError(cpre.getErrorMessage(),cpre.getIndex()); - } - - } - - /* - * checks: - path length constraints and reports - total path length - */ - private void checkPathLength() - { - // init - int maxPathLength = n; - int totalPathLength = 0; - - X509Certificate cert = null; - - int i; - for (int index = certs.size() - 1; index > 0; index--) - { - i = n - index; - - cert = (X509Certificate) certs.get(index); - - // l) - - if (!isSelfIssued(cert)) - { - if (maxPathLength <= 0) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.pathLenghtExtended"); - addError(msg); - } - maxPathLength--; - totalPathLength++; - } - - // m) - - BasicConstraints bc; - try - { - bc = BasicConstraints.getInstance(getExtensionValue(cert, - BASIC_CONSTRAINTS)); - } - catch (AnnotatedException ae) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.processLengthConstError"); - addError(msg,index); - bc = null; - } - - if (bc != null) - { - BigInteger _pathLengthConstraint = bc.getPathLenConstraint(); - - if (_pathLengthConstraint != null) - { - int _plc = _pathLengthConstraint.intValue(); - - if (_plc < maxPathLength) - { - maxPathLength = _plc; - } - } - } - - } - - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.totalPathLength", - new Object[] {Integer.valueOf(totalPathLength)}); - - addNotification(msg); - } - - /* - * checks: - signatures - name chaining - validity of certificates - todo: - * if certificate revoked (if specified in the parameters) - */ - private void checkSignatures() - { - // 1.6.1 - Inputs - - // d) - - TrustAnchor trust = null; - X500Principal trustPrincipal = null; - - // validation date - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.certPathValidDate", - new Object[] {validDate, new Date()}); - addNotification(msg); - } - - // find trust anchors - try - { - X509Certificate cert = (X509Certificate) certs.get(certs.size() - 1); - Collection trustColl = getTrustAnchors(cert,pkixParams.getTrustAnchors()); - if (trustColl.size() > 1) - { - // conflicting trust anchors - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, - "CertPathReviewer.conflictingTrustAnchors", - new Object[] {Integer.valueOf(trustColl.size()), - new UntrustedInput(cert.getIssuerX500Principal())}); - addError(msg); - } - else if (trustColl.isEmpty()) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, - "CertPathReviewer.noTrustAnchorFound", - new Object[] {new UntrustedInput(cert.getIssuerX500Principal()), - Integer.valueOf(pkixParams.getTrustAnchors().size())}); - addError(msg); - } - else - { - PublicKey trustPublicKey; - trust = (TrustAnchor) trustColl.iterator().next(); - if (trust.getTrustedCert() != null) - { - trustPublicKey = trust.getTrustedCert().getPublicKey(); - } - else - { - trustPublicKey = trust.getCAPublicKey(); - } - try - { - cert.verify(trustPublicKey); - } - catch (Exception e) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.trustButInvalidCert"); - addError(msg); - trust = null; - } - } - } - catch (CertPathReviewerException cpre) - { - addError(cpre.getErrorMessage()); - } - - if (trust != null) - { - // get the name of the trustAnchor - X509Certificate sign = trust.getTrustedCert(); - try - { - if (sign != null) - { - trustPrincipal = getSubjectPrincipal(sign); - } - else - { - trustPrincipal = new X500Principal(trust.getCAName()); - } - } - catch (IllegalArgumentException ex) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.trustDNInvalid", - new Object[] {new UntrustedInput(trust.getCAName())}); - addError(msg); - } - } - - // 1.6.2 - Initialization - - PublicKey workingPublicKey = null; - X500Principal workingIssuerName = trustPrincipal; - - X509Certificate sign = null; - - AlgorithmIdentifier workingAlgId = null; - DERObjectIdentifier workingPublicKeyAlgorithm = null; - DEREncodable workingPublicKeyParameters = null; - - if (trust != null) - { - sign = trust.getTrustedCert(); - - if (sign != null) - { - workingPublicKey = sign.getPublicKey(); - } - else - { - workingPublicKey = trust.getCAPublicKey(); - } - - try - { - workingAlgId = getAlgorithmIdentifier(workingPublicKey); - workingPublicKeyAlgorithm = workingAlgId.getObjectId(); - workingPublicKeyParameters = workingAlgId.getParameters(); - } - catch (CertPathValidatorException ex) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.trustPubKeyError"); - addError(msg); - workingAlgId = null; - } - - } - - // Basic cert checks - - X509Certificate cert = null; - int i; - - for (int index = certs.size() - 1; index >= 0; index--) - { - // - // i as defined in the algorithm description - // - i = n - index; - - // - // set certificate to be checked in this round - // sign and workingPublicKey and workingIssuerName are set - // at the end of the for loop and initialied the - // first time from the TrustAnchor - // - cert = (X509Certificate) certs.get(index); - - // verify signature - if (workingPublicKey != null) - { - try - { - cert.verify(workingPublicKey, "BC"); - } - catch (GeneralSecurityException ex) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.signatureNotVerified", - new Object[] {ex.getMessage(),ex}); - addError(msg,index); - } - } - else - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.NoIssuerPublicKey"); - addError(msg,index); - } - - // certificate valid? - try - { - cert.checkValidity(validDate); - } - catch (CertificateNotYetValidException cnve) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.certificateNotYetValid", - new Object[] {cert.getNotBefore()}); - addError(msg,index); - } - catch (CertificateExpiredException cee) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.certificateExpired", - new Object[] {cert.getNotAfter()}); - addError(msg,index); - } - - // certificate revoked? - if (pkixParams.isRevocationEnabled()) - { - // read crl distribution points extension - CRLDistPoint crlDistPoints = null; - try - { - DERObject crl_dp = getExtensionValue(cert,CRL_DIST_POINTS); - if (crl_dp != null) - { - crlDistPoints = CRLDistPoint.getInstance(crl_dp); - } - } - catch (AnnotatedException ae) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlDistPtExtError"); - addError(msg,index); - } - - // read authority information access extension - AuthorityInformationAccess authInfoAcc = null; - try - { - DERObject auth_info_acc = getExtensionValue(cert,AUTH_INFO_ACCESS); - if (auth_info_acc != null) - { - authInfoAcc = AuthorityInformationAccess.getInstance(auth_info_acc); - } - } - catch (AnnotatedException ae) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlAuthInfoAccError"); - addError(msg,index); - } - - Vector crlDistPointUrls = getCRLDistUrls(crlDistPoints,authInfoAcc); - Vector ocspUrls = getOCSPUrls(authInfoAcc); - - // add notifications with the crl distribution points - - // output crl distribution points - Iterator urlIt = crlDistPointUrls.iterator(); - while (urlIt.hasNext()) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlDistPoint", - new Object[] {new UntrustedInput(urlIt.next())}); - addNotification(msg,index); - } - - // output ocsp urls - urlIt = ocspUrls.iterator(); - while (urlIt.hasNext()) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.ocspLocation", - new Object[] {new UntrustedInput(urlIt.next())}); - addNotification(msg,index); - } - - // TODO also support Netscapes revocation-url and/or OCSP instead of CRLs for revocation checking - // check CRLs - try - { - checkCRLs(pkixParams, cert, validDate, sign, workingPublicKey, crlDistPointUrls, index); - } - catch (CertPathReviewerException cpre) - { - addError(cpre.getErrorMessage(),index); - } - } - - // certificate issuer correct - if (workingIssuerName != null && !cert.getIssuerX500Principal().equals(workingIssuerName)) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.certWrongIssuer", - new Object[] {workingIssuerName.getName(), - cert.getIssuerX500Principal().getName()}); - addError(msg,index); - } - - // - // prepare for next certificate - // - if (i != n) - { - - if (cert != null && cert.getVersion() == 1) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.noCACert"); - addError(msg,index); - } - - // k) - - BasicConstraints bc; - try - { - bc = BasicConstraints.getInstance(getExtensionValue(cert, - BASIC_CONSTRAINTS)); - if (bc != null) - { - if (!bc.isCA()) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.noCACert"); - addError(msg,index); - } - } - else - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.noBasicConstraints"); - addError(msg,index); - } - } - catch (AnnotatedException ae) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.errorProcesingBC"); - addError(msg,index); - } - - // n) - - boolean[] _usage = cert.getKeyUsage(); - - if ((_usage != null) && !_usage[KEY_CERT_SIGN]) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.noCertSign"); - addError(msg,index); - } - - } // if - - // set signing certificate for next round - sign = cert; - - // c) - - workingIssuerName = cert.getSubjectX500Principal(); - - // d) - - workingPublicKey = cert.getPublicKey(); - - // e) f) - - try - { - workingAlgId = getAlgorithmIdentifier(workingPublicKey); - workingPublicKeyAlgorithm = workingAlgId.getObjectId(); - workingPublicKeyParameters = workingAlgId.getParameters(); - } - catch (CertPathValidatorException ex) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.pubKeyError"); - addError(msg,index); - workingAlgId = null; - workingPublicKeyAlgorithm = null; - workingPublicKeyParameters = null; - } - - } // for - - trustAnchor = trust; - subjectPublicKey = workingPublicKey; - } - - private void checkPolicy() - { - // - // 6.1.1 Inputs - // - - // c) Initial Policy Set - - Set userInitialPolicySet = pkixParams.getInitialPolicies(); - - // e) f) g) are part of pkixParams - - // - // 6.1.2 Initialization - // - - // a) valid policy tree - - List[] policyNodes = new ArrayList[n + 1]; - for (int j = 0; j < policyNodes.length; j++) - { - policyNodes[j] = new ArrayList(); - } - - Set policySet = new HashSet(); - - policySet.add(ANY_POLICY); - - PKIXPolicyNode validPolicyTree = new PKIXPolicyNode(new ArrayList(), 0, - policySet, null, new HashSet(), ANY_POLICY, false); - - policyNodes[0].add(validPolicyTree); - - // d) explicit policy - - int explicitPolicy; - if (pkixParams.isExplicitPolicyRequired()) - { - explicitPolicy = 0; - } - else - { - explicitPolicy = n + 1; - } - - // e) inhibit any policy - - int inhibitAnyPolicy; - if (pkixParams.isAnyPolicyInhibited()) - { - inhibitAnyPolicy = 0; - } - else - { - inhibitAnyPolicy = n + 1; - } - - // f) policy mapping - - int policyMapping; - if (pkixParams.isPolicyMappingInhibited()) - { - policyMapping = 0; - } - else - { - policyMapping = n + 1; - } - - Set acceptablePolicies = null; - - // - // 6.1.3 Basic Certificate processing - // - - X509Certificate cert = null; - int index; - int i; - - try - { - for (index = certs.size() - 1; index >= 0; index--) - { - // i as defined in the algorithm description - i = n - index; - - // set certificate to be checked in this round - cert = (X509Certificate) certs.get(index); - - // d) process policy information - - ASN1Sequence certPolicies; - try - { - certPolicies = (ASN1Sequence) getExtensionValue( - cert, CERTIFICATE_POLICIES); - } - catch (AnnotatedException ae) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.policyExtError"); - throw new CertPathReviewerException(msg,ae,certPath,index); - } - if (certPolicies != null && validPolicyTree != null) - { - - // d) 1) - - Enumeration e = certPolicies.getObjects(); - Set pols = new HashSet(); - - while (e.hasMoreElements()) - { - PolicyInformation pInfo = PolicyInformation.getInstance(e.nextElement()); - DERObjectIdentifier pOid = pInfo.getPolicyIdentifier(); - - pols.add(pOid.getId()); - - if (!ANY_POLICY.equals(pOid.getId())) - { - Set pq; - try - { - pq = getQualifierSet(pInfo.getPolicyQualifiers()); - } - catch (CertPathValidatorException cpve) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.policyQualifierError"); - throw new CertPathReviewerException(msg,cpve,certPath,index); - } - - boolean match = processCertD1i(i, policyNodes, pOid, pq); - - if (!match) - { - processCertD1ii(i, policyNodes, pOid, pq); - } - } - } - - if (acceptablePolicies == null || acceptablePolicies.contains(ANY_POLICY)) - { - acceptablePolicies = pols; - } - else - { - Iterator it = acceptablePolicies.iterator(); - Set t1 = new HashSet(); - - while (it.hasNext()) - { - Object o = it.next(); - - if (pols.contains(o)) - { - t1.add(o); - } - } - - acceptablePolicies = t1; - } - - // d) 2) - - if ((inhibitAnyPolicy > 0) || ((i < n) && isSelfIssued(cert))) - { - e = certPolicies.getObjects(); - - while (e.hasMoreElements()) - { - PolicyInformation pInfo = PolicyInformation.getInstance(e.nextElement()); - - if (ANY_POLICY.equals(pInfo.getPolicyIdentifier().getId())) - { - Set _apq; - try - { - _apq = getQualifierSet(pInfo.getPolicyQualifiers()); - } - catch (CertPathValidatorException cpve) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.policyQualifierError"); - throw new CertPathReviewerException(msg,cpve,certPath,index); - } - List _nodes = policyNodes[i - 1]; - - for (int k = 0; k < _nodes.size(); k++) - { - PKIXPolicyNode _node = (PKIXPolicyNode) _nodes.get(k); - - Iterator _policySetIter = _node.getExpectedPolicies().iterator(); - while (_policySetIter.hasNext()) - { - Object _tmp = _policySetIter.next(); - - String _policy; - if (_tmp instanceof String) - { - _policy = (String) _tmp; - } - else if (_tmp instanceof DERObjectIdentifier) - { - _policy = ((DERObjectIdentifier) _tmp).getId(); - } - else - { - continue; - } - - boolean _found = false; - Iterator _childrenIter = _node - .getChildren(); - - while (_childrenIter.hasNext()) - { - PKIXPolicyNode _child = (PKIXPolicyNode) _childrenIter.next(); - - if (_policy.equals(_child.getValidPolicy())) - { - _found = true; - } - } - - if (!_found) - { - Set _newChildExpectedPolicies = new HashSet(); - _newChildExpectedPolicies.add(_policy); - - PKIXPolicyNode _newChild = new PKIXPolicyNode( - new ArrayList(), i, - _newChildExpectedPolicies, - _node, _apq, _policy, false); - _node.addChild(_newChild); - policyNodes[i].add(_newChild); - } - } - } - break; - } - } - } - - // - // (d) (3) - // - for (int j = (i - 1); j >= 0; j--) - { - List nodes = policyNodes[j]; - - for (int k = 0; k < nodes.size(); k++) - { - PKIXPolicyNode node = (PKIXPolicyNode) nodes.get(k); - if (!node.hasChildren()) - { - validPolicyTree = removePolicyNode( - validPolicyTree, policyNodes, node); - if (validPolicyTree == null) - { - break; - } - } - } - } - - // - // d (4) - // - Set criticalExtensionOids = cert.getCriticalExtensionOIDs(); - - if (criticalExtensionOids != null) - { - boolean critical = criticalExtensionOids.contains(CERTIFICATE_POLICIES); - - List nodes = policyNodes[i]; - for (int j = 0; j < nodes.size(); j++) - { - PKIXPolicyNode node = (PKIXPolicyNode) nodes.get(j); - node.setCritical(critical); - } - } - - } - - // e) - - if (certPolicies == null) - { - validPolicyTree = null; - } - - // f) - - if (explicitPolicy <= 0 && validPolicyTree == null) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.noValidPolicyTree"); - throw new CertPathReviewerException(msg); - } - - // - // 6.1.4 preparation for next Certificate - // - - if (i != n) - { - - // a) - - DERObject pm; - try - { - pm = getExtensionValue(cert, POLICY_MAPPINGS); - } - catch (AnnotatedException ae) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.policyMapExtError"); - throw new CertPathReviewerException(msg,ae,certPath,index); - } - - if (pm != null) - { - ASN1Sequence mappings = (ASN1Sequence) pm; - for (int j = 0; j < mappings.size(); j++) - { - ASN1Sequence mapping = (ASN1Sequence) mappings.getObjectAt(j); - DERObjectIdentifier ip_id = (DERObjectIdentifier) mapping.getObjectAt(0); - DERObjectIdentifier sp_id = (DERObjectIdentifier) mapping.getObjectAt(1); - if (ANY_POLICY.equals(ip_id.getId())) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.invalidPolicyMapping"); - throw new CertPathReviewerException(msg,certPath,index); - } - if (ANY_POLICY.equals(sp_id.getId())) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.invalidPolicyMapping"); - throw new CertPathReviewerException(msg,certPath,index); - } - } - } - - // b) - - if (pm != null) - { - ASN1Sequence mappings = (ASN1Sequence)pm; - Map m_idp = new HashMap(); - Set s_idp = new HashSet(); - - for (int j = 0; j < mappings.size(); j++) - { - ASN1Sequence mapping = (ASN1Sequence)mappings.getObjectAt(j); - String id_p = ((DERObjectIdentifier)mapping.getObjectAt(0)).getId(); - String sd_p = ((DERObjectIdentifier)mapping.getObjectAt(1)).getId(); - Set tmp; - - if (!m_idp.containsKey(id_p)) - { - tmp = new HashSet(); - tmp.add(sd_p); - m_idp.put(id_p, tmp); - s_idp.add(id_p); - } - else - { - tmp = (Set)m_idp.get(id_p); - tmp.add(sd_p); - } - } - - Iterator it_idp = s_idp.iterator(); - while (it_idp.hasNext()) - { - String id_p = (String)it_idp.next(); - - // - // (1) - // - if (policyMapping > 0) - { - try - { - prepareNextCertB1(i,policyNodes,id_p,m_idp,cert); - } - catch (AnnotatedException ae) - { - // error processing certificate policies extension - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.policyExtError"); - throw new CertPathReviewerException(msg,ae,certPath,index); - } - catch (CertPathValidatorException cpve) - { - // error building qualifier set - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.policyQualifierError"); - throw new CertPathReviewerException(msg,cpve,certPath,index); - } - - // - // (2) - // - } - else if (policyMapping <= 0) - { - validPolicyTree = prepareNextCertB2(i,policyNodes,id_p,validPolicyTree); - } - - } - } - - // - // h) - // - - if (!isSelfIssued(cert)) - { - - // (1) - if (explicitPolicy != 0) - { - explicitPolicy--; - } - - // (2) - if (policyMapping != 0) - { - policyMapping--; - } - - // (3) - if (inhibitAnyPolicy != 0) - { - inhibitAnyPolicy--; - } - - } - - // - // i) - // - - try - { - ASN1Sequence pc = (ASN1Sequence) getExtensionValue(cert,POLICY_CONSTRAINTS); - if (pc != null) - { - Enumeration policyConstraints = pc.getObjects(); - - while (policyConstraints.hasMoreElements()) - { - ASN1TaggedObject constraint = (ASN1TaggedObject) policyConstraints.nextElement(); - int tmpInt; - - switch (constraint.getTagNo()) - { - case 0: - tmpInt = DERInteger.getInstance(constraint).getValue().intValue(); - if (tmpInt < explicitPolicy) - { - explicitPolicy = tmpInt; - } - break; - case 1: - tmpInt = DERInteger.getInstance(constraint).getValue().intValue(); - if (tmpInt < policyMapping) - { - policyMapping = tmpInt; - } - break; - } - } - } - } - catch (AnnotatedException ae) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.policyConstExtError"); - throw new CertPathReviewerException(msg,certPath,index); - } - - // - // j) - // - - try - { - DERInteger iap = (DERInteger)getExtensionValue(cert, INHIBIT_ANY_POLICY); - - if (iap != null) - { - int _inhibitAnyPolicy = iap.getValue().intValue(); - - if (_inhibitAnyPolicy < inhibitAnyPolicy) - { - inhibitAnyPolicy = _inhibitAnyPolicy; - } - } - } - catch (AnnotatedException ae) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.policyInhibitExtError"); - throw new CertPathReviewerException(msg,certPath,index); - } - } - - } - - // - // 6.1.5 Wrap up - // - - // - // a) - // - - if (!isSelfIssued(cert) && explicitPolicy > 0) - { - explicitPolicy--; - } - - // - // b) - // - - try - { - ASN1Sequence pc = (ASN1Sequence) getExtensionValue(cert, POLICY_CONSTRAINTS); - if (pc != null) - { - Enumeration policyConstraints = pc.getObjects(); - - while (policyConstraints.hasMoreElements()) - { - ASN1TaggedObject constraint = (ASN1TaggedObject)policyConstraints.nextElement(); - switch (constraint.getTagNo()) - { - case 0: - int tmpInt = DERInteger.getInstance(constraint).getValue().intValue(); - if (tmpInt == 0) - { - explicitPolicy = 0; - } - break; - } - } - } - } - catch (AnnotatedException e) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.policyConstExtError"); - throw new CertPathReviewerException(msg,certPath,index); - } - - - // - // (g) - // - PKIXPolicyNode intersection; - - - // - // (g) (i) - // - if (validPolicyTree == null) - { - if (pkixParams.isExplicitPolicyRequired()) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.explicitPolicy"); - throw new CertPathReviewerException(msg,certPath,index); - } - intersection = null; - } - else if (isAnyPolicy(userInitialPolicySet)) // (g) (ii) - { - if (pkixParams.isExplicitPolicyRequired()) - { - if (acceptablePolicies.isEmpty()) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.explicitPolicy"); - throw new CertPathReviewerException(msg,certPath,index); - } - else - { - Set _validPolicyNodeSet = new HashSet(); - - for (int j = 0; j < policyNodes.length; j++) - { - List _nodeDepth = policyNodes[j]; - - for (int k = 0; k < _nodeDepth.size(); k++) - { - PKIXPolicyNode _node = (PKIXPolicyNode)_nodeDepth.get(k); - - if (ANY_POLICY.equals(_node.getValidPolicy())) - { - Iterator _iter = _node.getChildren(); - while (_iter.hasNext()) - { - _validPolicyNodeSet.add(_iter.next()); - } - } - } - } - - Iterator _vpnsIter = _validPolicyNodeSet.iterator(); - while (_vpnsIter.hasNext()) - { - PKIXPolicyNode _node = (PKIXPolicyNode)_vpnsIter.next(); - String _validPolicy = _node.getValidPolicy(); - - if (!acceptablePolicies.contains(_validPolicy)) - { - //validPolicyTree = removePolicyNode(validPolicyTree, policyNodes, _node); - } - } - if (validPolicyTree != null) - { - for (int j = (n - 1); j >= 0; j--) - { - List nodes = policyNodes[j]; - - for (int k = 0; k < nodes.size(); k++) - { - PKIXPolicyNode node = (PKIXPolicyNode)nodes.get(k); - if (!node.hasChildren()) - { - validPolicyTree = removePolicyNode(validPolicyTree, policyNodes, node); - } - } - } - } - } - } - - intersection = validPolicyTree; - } - else - { - // - // (g) (iii) - // - // This implementation is not exactly same as the one described in RFC3280. - // However, as far as the validation result is concerned, both produce - // adequate result. The only difference is whether AnyPolicy is remain - // in the policy tree or not. - // - // (g) (iii) 1 - // - Set _validPolicyNodeSet = new HashSet(); - - for (int j = 0; j < policyNodes.length; j++) - { - List _nodeDepth = policyNodes[j]; - - for (int k = 0; k < _nodeDepth.size(); k++) - { - PKIXPolicyNode _node = (PKIXPolicyNode)_nodeDepth.get(k); - - if (ANY_POLICY.equals(_node.getValidPolicy())) - { - Iterator _iter = _node.getChildren(); - while (_iter.hasNext()) - { - PKIXPolicyNode _c_node = (PKIXPolicyNode)_iter.next(); - if (!ANY_POLICY.equals(_c_node.getValidPolicy())) - { - _validPolicyNodeSet.add(_c_node); - } - } - } - } - } - - // - // (g) (iii) 2 - // - Iterator _vpnsIter = _validPolicyNodeSet.iterator(); - while (_vpnsIter.hasNext()) - { - PKIXPolicyNode _node = (PKIXPolicyNode)_vpnsIter.next(); - String _validPolicy = _node.getValidPolicy(); - - if (!userInitialPolicySet.contains(_validPolicy)) - { - validPolicyTree = removePolicyNode(validPolicyTree, policyNodes, _node); - } - } - - // - // (g) (iii) 4 - // - if (validPolicyTree != null) - { - for (int j = (n - 1); j >= 0; j--) - { - List nodes = policyNodes[j]; - - for (int k = 0; k < nodes.size(); k++) - { - PKIXPolicyNode node = (PKIXPolicyNode)nodes.get(k); - if (!node.hasChildren()) - { - validPolicyTree = removePolicyNode(validPolicyTree, policyNodes, node); - } - } - } - } - - intersection = validPolicyTree; - } - - if ((explicitPolicy <= 0) && (intersection == null)) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.invalidPolicy"); - throw new CertPathReviewerException(msg); - } - - validPolicyTree = intersection; - } - catch (CertPathReviewerException cpre) - { - addError(cpre.getErrorMessage(),cpre.getIndex()); - validPolicyTree = null; - } - } - - private void checkCriticalExtensions() - { - // - // initialise CertPathChecker's - // - List pathCheckers = pkixParams.getCertPathCheckers(); - Iterator certIter = pathCheckers.iterator(); - - try - { - try - { - while (certIter.hasNext()) - { - ((PKIXCertPathChecker)certIter.next()).init(false); - } - } - catch (CertPathValidatorException cpve) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.certPathCheckerError", - new Object[] {cpve.getMessage(),cpve}); - throw new CertPathReviewerException(msg,cpve); - } - - // - // process critical extesions for each certificate - // - - X509Certificate cert = null; - - int index; - - for (index = certs.size()-1; index >= 0; index--) - { - cert = (X509Certificate) certs.get(index); - - Set criticalExtensions = new HashSet(cert.getCriticalExtensionOIDs()); - // remove already processed extensions - criticalExtensions.remove(KEY_USAGE); - criticalExtensions.remove(CERTIFICATE_POLICIES); - criticalExtensions.remove(POLICY_MAPPINGS); - criticalExtensions.remove(INHIBIT_ANY_POLICY); - criticalExtensions.remove(ISSUING_DISTRIBUTION_POINT); - criticalExtensions.remove(DELTA_CRL_INDICATOR); - criticalExtensions.remove(POLICY_CONSTRAINTS); - criticalExtensions.remove(BASIC_CONSTRAINTS); - criticalExtensions.remove(SUBJECT_ALTERNATIVE_NAME); - criticalExtensions.remove(NAME_CONSTRAINTS); - - // process qcStatements extension - if (criticalExtensions.contains(QC_STATEMENT)) - { - if (processQcStatements(cert,index)) - { - criticalExtensions.remove(QC_STATEMENT); - } - } - - Iterator tmpIter = pathCheckers.iterator(); - while (tmpIter.hasNext()) - { - try - { - ((PKIXCertPathChecker)tmpIter.next()).check(cert, criticalExtensions); - } - catch (CertPathValidatorException e) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.criticalExtensionError", - new Object[] {e.getMessage(),e}); - throw new CertPathReviewerException(msg,e.getCause(),certPath,index); - } - } - if (!criticalExtensions.isEmpty()) - { - ErrorBundle msg; - if (criticalExtensions.size() == 1) - { - msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.unknownCriticalExt", - new Object[] {criticalExtensions.iterator().next()}); - } - else - { - msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.unknownCriticalExts", - new Object[] {new UntrustedInput(criticalExtensions)}); - } - throw new CertPathReviewerException(msg,certPath,index); - } - } - } - catch (CertPathReviewerException cpre) - { - addError(cpre.getErrorMessage(),cpre.getIndex()); - } - } - - private boolean processQcStatements( - X509Certificate cert, - int index) - { - try - { - boolean unknownStatement = false; - - ASN1Sequence qcSt = (ASN1Sequence) getExtensionValue(cert,QC_STATEMENT); - for (int j = 0; j < qcSt.size(); j++) - { - QCStatement stmt = QCStatement.getInstance(qcSt.getObjectAt(j)); - if (QCStatement.id_etsi_qcs_QcCompliance.equals(stmt.getStatementId())) - { - // process statement - just write a notification that the certificate contains this statement - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.QcEuCompliance"); - addNotification(msg,index); - } - else if (QCStatement.id_qcs_pkixQCSyntax_v1.equals(stmt.getStatementId())) - { - // process statement - just recognize the statement - } - else if (QCStatement.id_etsi_qcs_QcSSCD.equals(stmt.getStatementId())) - { - // process statement - just write a notification that the certificate contains this statement - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.QcSSCD"); - addNotification(msg,index); - } - else if (QCStatement.id_etsi_qcs_LimiteValue.equals(stmt.getStatementId())) - { - // process statement - write a notification containing the limit value - MonetaryValue limit = MonetaryValue.getInstance(stmt.getStatementInfo()); - Iso4217CurrencyCode currency = limit.getCurrency(); - double value = limit.getAmount().doubleValue() * Math.pow(10,limit.getExponent().doubleValue()); - ErrorBundle msg; - if (limit.getCurrency().isAlphabetic()) - { - msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.QcLimitValueAlpha", - new Object[] {limit.getCurrency().getAlphabetic(), - new Double(value), - limit}); - } - else - { - msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.QcLimitValueNum", - new Object[] {Integer.valueOf(limit.getCurrency().getNumeric()), - new Double(value), - limit}); - } - addNotification(msg,index); - } - else - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.QcUnknownStatement", - new Object[] {stmt.getStatementId(),new UntrustedInput(stmt)}); - addNotification(msg,index); - unknownStatement = true; - } - } - - return !unknownStatement; - } - catch (AnnotatedException ae) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.QcStatementExtError"); - addError(msg,index); - } - - return false; - } - - private String IPtoString(byte[] ip) - { - String result; - try - { - result = InetAddress.getByAddress(ip).getHostAddress(); - } - catch (Exception e) - { - StringBuffer b = new StringBuffer(); - - for (int i = 0; i != ip.length; i++) - { - b.append(Integer.toHexString(ip[i] & 0xff)); - b.append(' '); - } - - result = b.toString(); - } - - return result; - } - - private void checkCRLs( - PKIXParameters paramsPKIX, - X509Certificate cert, - Date validDate, - X509Certificate sign, - PublicKey workingPublicKey, - Vector crlDistPointUrls, - int index) - throws CertPathReviewerException - { - X509CRLSelector crlselect; - crlselect = new X509CRLSelector(); - - try - { - crlselect.addIssuerName(getEncodedIssuerPrincipal(cert).getEncoded()); - } - catch (IOException e) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlIssuerException"); - throw new CertPathReviewerException(msg,e); - } - - crlselect.setCertificateChecking(cert); - - Iterator crl_iter; - try - { - Collection crl_coll = findCRLs(crlselect, paramsPKIX.getCertStores()); - crl_iter = crl_coll.iterator(); - - if (crl_coll.isEmpty()) - { - // notifcation - no local crls found - crl_coll = findCRLs(new X509CRLSelector(),paramsPKIX.getCertStores()); - Iterator it = crl_coll.iterator(); - List nonMatchingCrlNames = new ArrayList(); - while (it.hasNext()) - { - nonMatchingCrlNames.add(((X509CRL) it.next()).getIssuerX500Principal()); - } - int numbOfCrls = nonMatchingCrlNames.size(); - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, - "CertPathReviewer.noCrlInCertstore", - new Object[] {new UntrustedInput(crlselect.getIssuers()), - new UntrustedInput(nonMatchingCrlNames), - Integer.valueOf(numbOfCrls)}); - addNotification(msg,index); - } - - } - catch (AnnotatedException ae) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlExtractionError", - new Object[] {ae.getCause().getMessage(),ae.getCause()}); - addError(msg,index); - crl_iter = new ArrayList().iterator(); - } - boolean validCrlFound = false; - X509CRL crl = null; - while (crl_iter.hasNext()) - { - crl = (X509CRL)crl_iter.next(); - - if (crl.getNextUpdate() == null - || new Date().before(crl.getNextUpdate())) - { - validCrlFound = true; - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, - "CertPathReviewer.localValidCRL", - new Object[] {crl.getThisUpdate(),crl.getNextUpdate()}); - addNotification(msg,index); - break; - } - else - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, - "CertPathReviewer.localInvalidCRL", - new Object[] {crl.getThisUpdate(),crl.getNextUpdate()}); - addNotification(msg,index); - } - } - - // if no valid crl was found in the CertStores try to get one from a - // crl distribution point - if (!validCrlFound) - { - X509CRL onlineCRL = null; - Iterator urlIt = crlDistPointUrls.iterator(); - while (urlIt.hasNext()) - { - try - { - String location = (String) urlIt.next(); - onlineCRL = getCRL(location); - if (onlineCRL != null) - { - if (onlineCRL.getNextUpdate() == null - || new Date().before(onlineCRL.getNextUpdate())) - { - validCrlFound = true; - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, - "CertPathReviewer.onlineValidCRL", - new Object[] {onlineCRL.getThisUpdate(), - onlineCRL.getNextUpdate(), - new UntrustedInput(location)}); - addNotification(msg,index); - crl = onlineCRL; - break; - } - else - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, - "CertPathReviewer.onlineInvalidCRL", - new Object[] {onlineCRL.getThisUpdate(), - onlineCRL.getNextUpdate(), - new UntrustedInput(location)}); - addNotification(msg,index); - } - } - } - catch (CertPathReviewerException cpre) - { - addNotification(cpre.getErrorMessage(),index); - } - } - } - - // check the crl - X509CRLEntry crl_entry; - if (crl != null) - { - if (sign != null) - { - boolean[] keyusage = sign.getKeyUsage(); - - if (keyusage != null - && (keyusage.length < 7 || !keyusage[CRL_SIGN])) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.noCrlSigningPermited"); - throw new CertPathReviewerException(msg); - } - } - - if (workingPublicKey != null) - { - try - { - crl.verify(workingPublicKey, "BC"); - } - catch (Exception e) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlVerifyFailed"); - throw new CertPathReviewerException(msg,e); - } - } - else // issuer public key not known - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlNoIssuerPublicKey"); - throw new CertPathReviewerException(msg); - } - - crl_entry = crl.getRevokedCertificate(cert.getSerialNumber()); - if (crl_entry != null) - { - String reason = null; - - if (crl_entry.hasExtensions()) - { - DEREnumerated reasonCode; - try - { - reasonCode = DEREnumerated.getInstance(getExtensionValue(crl_entry, X509Extensions.ReasonCode.getId())); - } - catch (AnnotatedException ae) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlReasonExtError"); - throw new CertPathReviewerException(msg,ae); - } - if (reasonCode != null) - { - reason = crlReasons[reasonCode.getValue().intValue()]; - } - } - - // FIXME reason not i18n - - if (!validDate.before(crl_entry.getRevocationDate())) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.certRevoked", - new Object[] {crl_entry.getRevocationDate(),reason}); - throw new CertPathReviewerException(msg); - } - else // cert was revoked after validation date - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.revokedAfterValidation", - new Object[] {crl_entry.getRevocationDate(),reason}); - addNotification(msg,index); - } - } - else // cert is not revoked - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.notRevoked"); - addNotification(msg,index); - } - - // - // warn if a new crl is available - // - if (crl.getNextUpdate() != null && crl.getNextUpdate().before(new Date())) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlUpdateAvailable", - new Object[] {crl.getNextUpdate()}); - addNotification(msg,index); - } - - // - // check the DeltaCRL indicator, base point and the issuing distribution point - // - DERObject idp; - try - { - idp = getExtensionValue(crl, ISSUING_DISTRIBUTION_POINT); - } - catch (AnnotatedException ae) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.distrPtExtError"); - throw new CertPathReviewerException(msg); - } - DERObject dci; - try - { - dci = getExtensionValue(crl, DELTA_CRL_INDICATOR); - } - catch (AnnotatedException ae) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.deltaCrlExtError"); - throw new CertPathReviewerException(msg); - } - - if (dci != null) - { - X509CRLSelector baseSelect = new X509CRLSelector(); - - try - { - baseSelect.addIssuerName(getIssuerPrincipal(crl).getEncoded()); - } - catch (IOException e) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlIssuerException"); - throw new CertPathReviewerException(msg,e); - } - - baseSelect.setMinCRLNumber(((DERInteger)dci).getPositiveValue()); - try - { - baseSelect.setMaxCRLNumber(((DERInteger)getExtensionValue(crl, CRL_NUMBER)).getPositiveValue().subtract(BigInteger.valueOf(1))); - } - catch (AnnotatedException ae) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlNbrExtError"); - throw new CertPathReviewerException(msg,ae); - } - - boolean foundBase = false; - Iterator it; - try - { - it = findCRLs(baseSelect, paramsPKIX.getCertStores()).iterator(); - } - catch (AnnotatedException ae) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlExtractionError"); - throw new CertPathReviewerException(msg,ae); - } - while (it.hasNext()) - { - X509CRL base = (X509CRL)it.next(); - - DERObject baseIdp; - try - { - baseIdp = getExtensionValue(base, ISSUING_DISTRIBUTION_POINT); - } - catch (AnnotatedException ae) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.distrPtExtError"); - throw new CertPathReviewerException(msg,ae); - } - - if (idp == null) - { - if (baseIdp == null) - { - foundBase = true; - break; - } - } - else - { - if (idp.equals(baseIdp)) - { - foundBase = true; - break; - } - } - } - - if (!foundBase) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.noBaseCRL"); - throw new CertPathReviewerException(msg); - } - } - - if (idp != null) - { - IssuingDistributionPoint p = IssuingDistributionPoint.getInstance(idp); - BasicConstraints bc = null; - try - { - bc = BasicConstraints.getInstance(getExtensionValue(cert, BASIC_CONSTRAINTS)); - } - catch (AnnotatedException ae) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlBCExtError"); - throw new CertPathReviewerException(msg,ae); - } - - if (p.onlyContainsUserCerts() && (bc != null && bc.isCA())) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlOnlyUserCert"); - throw new CertPathReviewerException(msg); - } - - if (p.onlyContainsCACerts() && (bc == null || !bc.isCA())) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlOnlyCaCert"); - throw new CertPathReviewerException(msg); - } - - if (p.onlyContainsAttributeCerts()) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.crlOnlyAttrCert"); - throw new CertPathReviewerException(msg); - } - } - } - - if (!validCrlFound) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.noValidCrlFound"); - throw new CertPathReviewerException(msg); - } - - } - - private Vector getCRLDistUrls(CRLDistPoint crlDistPoints, AuthorityInformationAccess authInfoAcc) - { - Vector urls = new Vector(); - - if (crlDistPoints != null) - { - DistributionPoint[] distPoints = crlDistPoints.getDistributionPoints(); - for (int i = 0; i < distPoints.length; i++) - { - DistributionPointName dp_name = distPoints[i].getDistributionPoint(); - if (dp_name.getType() == DistributionPointName.FULL_NAME) - { - GeneralName[] generalNames = GeneralNames.getInstance(dp_name.getName()).getNames(); - for (int j = 0; j < generalNames.length; j++) - { - if (generalNames[j].getTagNo() == GeneralName.uniformResourceIdentifier) - { - String url = ((DERIA5String) generalNames[j].getName()).getString(); - urls.add(url); - } - } - } - } - } - - if (authInfoAcc != null) - { - AccessDescription[] ads = authInfoAcc.getAccessDescriptions(); - for (int i = 0; i < ads.length; i++) - { - if (ads[i].getAccessMethod().equals(AccessDescription.id_ad_caIssuers)) - { - GeneralName name = ads[i].getAccessLocation(); - if (name.getTagNo() == GeneralName.uniformResourceIdentifier) - { - String url = ((DERIA5String) name.getName()).getString(); - urls.add(url); - } - } - } - } - - return urls; - } - - private Vector getOCSPUrls(AuthorityInformationAccess authInfoAccess) - { - Vector urls = new Vector(); - - if (authInfoAccess != null) - { - AccessDescription[] ads = authInfoAccess.getAccessDescriptions(); - for (int i = 0; i < ads.length; i++) - { - if (ads[i].getAccessMethod().equals(AccessDescription.id_ad_ocsp)) - { - GeneralName name = ads[i].getAccessLocation(); - if (name.getTagNo() == GeneralName.uniformResourceIdentifier) - { - String url = ((DERIA5String) name.getName()).getString(); - urls.add(url); - } - } - } - } - - return urls; - } - - private X509CRL getCRL(String location) throws CertPathReviewerException - { - X509CRL result = null; - try - { - URL url = new URL(location); - - if (url.getProtocol().equals("http") || url.getProtocol().equals("https")) - { - HttpURLConnection conn = (HttpURLConnection) url.openConnection(); - conn.setUseCaches(false); - conn.setConnectTimeout(2000); - conn.setDoInput(true); - conn.connect(); - if (conn.getResponseCode() == HttpURLConnection.HTTP_OK) - { - CertificateFactory cf = CertificateFactory.getInstance("X.509","BC"); - result = (X509CRL) cf.generateCRL(conn.getInputStream()); - } - else - { - throw new Exception(conn.getResponseMessage()); - } - } - } - catch (Exception e) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME, - "CertPathReviewer.loadCrlDistPointError", - new Object[] {new UntrustedInput(location), - e.getMessage(),e}); - throw new CertPathReviewerException(msg); - } - return result; - } - - private Collection getTrustAnchors(X509Certificate cert, Set trustanchors) throws CertPathReviewerException - { - Collection trustColl = new ArrayList(); - Iterator it = trustanchors.iterator(); - - X509CertSelector certSelectX509 = new X509CertSelector(); - - try - { - certSelectX509.setSubject(getEncodedIssuerPrincipal(cert).getEncoded()); - } - catch (IOException ex) - { - ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.trustAnchorIssuerError"); - throw new CertPathReviewerException(msg); - } - - while (it.hasNext()) - { - TrustAnchor trust = (TrustAnchor) it.next(); - if (trust.getTrustedCert() != null) - { - if (certSelectX509.match(trust.getTrustedCert())) - { - trustColl.add(trust); - } - } - else if (trust.getCAName() != null && trust.getCAPublicKey() != null) - { - X500Principal certIssuer = getEncodedIssuerPrincipal(cert); - X500Principal caName = new X500Principal(trust.getCAName()); - if (certIssuer.equals(caName)) - { - trustColl.add(trust); - } - } - } - return trustColl; - } -} diff --git a/luni/src/main/java/org/bouncycastle/x509/X509Attribute.java b/luni/src/main/java/org/bouncycastle/x509/X509Attribute.java deleted file mode 100644 index f4c65ab..0000000 --- a/luni/src/main/java/org/bouncycastle/x509/X509Attribute.java +++ /dev/null @@ -1,78 +0,0 @@ -package org.bouncycastle.x509; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Set; -import org.bouncycastle.asn1.DERObject; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DERSet; -import org.bouncycastle.asn1.x509.Attribute; - -/** - * Class for carrying the values in an X.509 Attribute. - */ -public class X509Attribute - extends ASN1Encodable -{ - Attribute attr; - - /** - * @param at an object representing an attribute. - */ - X509Attribute( - ASN1Encodable at) - { - this.attr = Attribute.getInstance(at); - } - - /** - * Create an X.509 Attribute with the type given by the passed in oid and - * the value represented by an ASN.1 Set containing value. - * - * @param oid type of the attribute - * @param value value object to go into the atribute's value set. - */ - public X509Attribute( - String oid, - ASN1Encodable value) - { - this.attr = new Attribute(new DERObjectIdentifier(oid), new DERSet(value)); - } - - /** - * Create an X.59 Attribute with the type given by the passed in oid and the - * value represented by an ASN.1 Set containing the objects in value. - * - * @param oid type of the attribute - * @param value vector of values to go in the attribute's value set. - */ - public X509Attribute( - String oid, - ASN1EncodableVector value) - { - this.attr = new Attribute(new DERObjectIdentifier(oid), new DERSet(value)); - } - - public String getOID() - { - return attr.getAttrType().getId(); - } - - public ASN1Encodable[] getValues() - { - ASN1Set s = attr.getAttrValues(); - ASN1Encodable[] values = new ASN1Encodable[s.size()]; - - for (int i = 0; i != s.size(); i++) - { - values[i] = (ASN1Encodable)s.getObjectAt(i); - } - - return values; - } - - public DERObject toASN1Object() - { - return attr.toASN1Object(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/x509/X509AttributeCertificate.java b/luni/src/main/java/org/bouncycastle/x509/X509AttributeCertificate.java deleted file mode 100644 index f3b0668..0000000 --- a/luni/src/main/java/org/bouncycastle/x509/X509AttributeCertificate.java +++ /dev/null @@ -1,106 +0,0 @@ -package org.bouncycastle.x509; - -import java.io.IOException; -import java.math.BigInteger; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PublicKey; -import java.security.SignatureException; -import java.security.cert.CertificateException; -import java.security.cert.CertificateExpiredException; -import java.security.cert.CertificateNotYetValidException; -import java.security.cert.X509Extension; -import java.util.Date; -import java.util.Set; - -/** - * Interface for an X.509 Attribute Certificate. - */ -public interface X509AttributeCertificate - extends X509Extension -{ - /** - * Return the version number for the certificate. - * - * @return the version number. - */ - public int getVersion(); - - /** - * Return the serial number for the certificate. - * - * @return the serial number. - */ - public BigInteger getSerialNumber(); - - /** - * Return the date before which the certificate is not valid. - * - * @return the "not valid before" date. - */ - public Date getNotBefore(); - - /** - * Return the date after which the certificate is not valid. - * - * @return the "not valid afer" date. - */ - public Date getNotAfter(); - - /** - * Return the holder of the certificate. - * - * @return the holder. - */ - public AttributeCertificateHolder getHolder(); - - /** - * Return the issuer details for the certificate. - * - * @return the issuer details. - */ - public AttributeCertificateIssuer getIssuer(); - - /** - * Return the attributes contained in the attribute block in the certificate. - * - * @return an array of attributes. - */ - public X509Attribute[] getAttributes(); - - /** - * Return the attributes with the same type as the passed in oid. - * - * @param oid the object identifier we wish to match. - * @return an array of matched attributes, null if there is no match. - */ - public X509Attribute[] getAttributes(String oid); - - public boolean[] getIssuerUniqueID(); - - public Set getNonCriticalExtensionOIDs(); - - public Set getCriticalExtensionOIDs(); - - public void checkValidity() - throws CertificateExpiredException, CertificateNotYetValidException; - - public void checkValidity(Date date) - throws CertificateExpiredException, CertificateNotYetValidException; - - public byte[] getSignature(); - - public void verify(PublicKey key, String provider) - throws CertificateException, NoSuchAlgorithmException, - InvalidKeyException, NoSuchProviderException, SignatureException; - - /** - * Return an ASN.1 encoded byte array representing the attribute certificate. - * - * @return an ASN.1 encoded byte array. - * @throws IOException if the certificate cannot be encoded. - */ - public byte[] getEncoded() - throws IOException; -} diff --git a/luni/src/main/java/org/bouncycastle/x509/X509Util.java b/luni/src/main/java/org/bouncycastle/x509/X509Util.java deleted file mode 100644 index 2130d0e..0000000 --- a/luni/src/main/java/org/bouncycastle/x509/X509Util.java +++ /dev/null @@ -1,127 +0,0 @@ -package org.bouncycastle.x509; - -import java.io.IOException; -import java.util.ArrayList; -import java.util.Enumeration; -import java.util.HashSet; -import java.util.Hashtable; -import java.util.Iterator; -import java.util.List; -import java.util.Set; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.jce.X509Principal; -import org.bouncycastle.util.Strings; - -class X509Util -{ - private static Hashtable algorithms = new Hashtable(); - private static Set noParams = new HashSet(); - - static - { - algorithms.put("MD2WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.2")); - algorithms.put("MD2WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.2")); - algorithms.put("MD5WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.4")); - algorithms.put("MD5WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.4")); - algorithms.put("SHA1WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.5")); - algorithms.put("SHA1WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.5")); - algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption); - algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption); - algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption); - algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption); - algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption); - algorithms.put("SHA384WITHRSA", PKCSObjectIdentifiers.sha384WithRSAEncryption); - algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption); - algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption); - algorithms.put("RIPEMD160WITHRSAENCRYPTION", new DERObjectIdentifier("1.3.36.3.3.1.2")); - algorithms.put("RIPEMD160WITHRSA", new DERObjectIdentifier("1.3.36.3.3.1.2")); - algorithms.put("SHA1WITHDSA", X9ObjectIdentifiers.id_dsa_with_sha1); - algorithms.put("DSAWITHSHA1", X9ObjectIdentifiers.id_dsa_with_sha1); - algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224); - algorithms.put("SHA256WITHDSA", NISTObjectIdentifiers.dsa_with_sha256); - algorithms.put("SHA1WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1); - algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1); - algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224); - algorithms.put("SHA256WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256); - algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384); - algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512); - algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); - algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94); - - // - // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field. - // The parameters field SHALL be NULL for RSA based signature algorithms. - // - noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA1); - noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224); - noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA256); - noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA384); - noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA512); - noParams.add(X9ObjectIdentifiers.id_dsa_with_sha1); - noParams.add(NISTObjectIdentifiers.dsa_with_sha224); - noParams.add(NISTObjectIdentifiers.dsa_with_sha256); - } - - static DERObjectIdentifier getAlgorithmOID( - String algorithmName) - { - algorithmName = Strings.toUpperCase(algorithmName); - - if (algorithms.containsKey(algorithmName)) - { - return (DERObjectIdentifier)algorithms.get(algorithmName); - } - - return new DERObjectIdentifier(algorithmName); - } - - static AlgorithmIdentifier getSigAlgID( - DERObjectIdentifier sigOid) - { - if (noParams.contains(sigOid)) - { - return new AlgorithmIdentifier(sigOid); - } - else - { - // BEGIN android-changed - return new AlgorithmIdentifier(sigOid, DERNull.THE_ONE); - // END android-changed - } - } - - static Iterator getAlgNames() - { - Enumeration e = algorithms.keys(); - List l = new ArrayList(); - - while (e.hasMoreElements()) - { - l.add(e.nextElement()); - } - - return l.iterator(); - } - - static X509Principal convertPrincipal( - X500Principal principal) - { - try - { - return new X509Principal(principal.getEncoded()); - } - catch (IOException e) - { - throw new IllegalArgumentException("cannot convert principal"); - } - } -} diff --git a/luni/src/main/java/org/bouncycastle/x509/X509V1CertificateGenerator.java b/luni/src/main/java/org/bouncycastle/x509/X509V1CertificateGenerator.java deleted file mode 100644 index 09531b6..0000000 --- a/luni/src/main/java/org/bouncycastle/x509/X509V1CertificateGenerator.java +++ /dev/null @@ -1,301 +0,0 @@ -package org.bouncycastle.x509; - -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.math.BigInteger; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.Signature; -import java.security.SignatureException; -import java.security.cert.X509Certificate; -import java.util.Date; -import java.util.Iterator; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DEROutputStream; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x509.TBSCertificateStructure; -import org.bouncycastle.asn1.x509.Time; -import org.bouncycastle.asn1.x509.V1TBSCertificateGenerator; -import org.bouncycastle.asn1.x509.X509CertificateStructure; -import org.bouncycastle.asn1.x509.X509Name; -import org.bouncycastle.jce.X509Principal; -import org.bouncycastle.jce.provider.X509CertificateObject; - -/** - * class to produce an X.509 Version 1 certificate. - */ -public class X509V1CertificateGenerator -{ - private V1TBSCertificateGenerator tbsGen; - private DERObjectIdentifier sigOID; - private AlgorithmIdentifier sigAlgId; - private String signatureAlgorithm; - - public X509V1CertificateGenerator() - { - tbsGen = new V1TBSCertificateGenerator(); - } - - /** - * reset the generator - */ - public void reset() - { - tbsGen = new V1TBSCertificateGenerator(); - } - - /** - * set the serial number for the certificate. - */ - public void setSerialNumber( - BigInteger serialNumber) - { - if (serialNumber.compareTo(BigInteger.ZERO) <= 0) - { - throw new IllegalArgumentException("serial number must be a positive integer"); - } - - tbsGen.setSerialNumber(new DERInteger(serialNumber)); - } - - /** - * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the - * certificate. - */ - public void setIssuerDN( - X500Principal issuer) - { - try - { - tbsGen.setIssuer(new X509Principal(issuer.getEncoded())); - } - catch (IOException e) - { - throw new IllegalArgumentException("can't process principal: " + e); - } - } - - /** - * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the - * certificate. - */ - public void setIssuerDN( - X509Name issuer) - { - tbsGen.setIssuer(issuer); - } - - public void setNotBefore( - Date date) - { - tbsGen.setStartDate(new Time(date)); - } - - public void setNotAfter( - Date date) - { - tbsGen.setEndDate(new Time(date)); - } - - /** - * Set the subject distinguished name. The subject describes the entity associated with the public key. - */ - public void setSubjectDN( - X500Principal subject) - { - try - { - tbsGen.setSubject(new X509Principal(subject.getEncoded())); - } - catch (IOException e) - { - throw new IllegalArgumentException("can't process principal: " + e); - } - } - - /** - * Set the subject distinguished name. The subject describes the entity associated with the public key. - */ - public void setSubjectDN( - X509Name subject) - { - tbsGen.setSubject(subject); - } - - public void setPublicKey( - PublicKey key) - { - try - { - tbsGen.setSubjectPublicKeyInfo(new SubjectPublicKeyInfo((ASN1Sequence)new ASN1InputStream( - new ByteArrayInputStream(key.getEncoded())).readObject())); - } - catch (Exception e) - { - throw new IllegalArgumentException("unable to process key - " + e.toString()); - } - } - - /** - * Set the signature algorithm. This can be either a name or an OID, names - * are treated as case insensitive. - * - * @param signatureAlgorithm string representation of the algorithm name. - */ - public void setSignatureAlgorithm( - String signatureAlgorithm) - { - this.signatureAlgorithm = signatureAlgorithm; - - try - { - sigOID = X509Util.getAlgorithmOID(signatureAlgorithm); - } - catch (Exception e) - { - throw new IllegalArgumentException("Unknown signature type requested"); - } - - sigAlgId = X509Util.getSigAlgID(sigOID); - - tbsGen.setSignature(sigAlgId); - } - - /** - * generate an X509 certificate, based on the current issuer and subject - * using the default provider "BC". - */ - public X509Certificate generateX509Certificate( - PrivateKey key) - throws SecurityException, SignatureException, InvalidKeyException - { - try - { - return generateX509Certificate(key, "BC", null); - } - catch (NoSuchProviderException e) - { - throw new SecurityException("BC provider not installed!"); - } - } - - /** - * generate an X509 certificate, based on the current issuer and subject - * using the default provider "BC" and the passed in source of randomness - */ - public X509Certificate generateX509Certificate( - PrivateKey key, - SecureRandom random) - throws SecurityException, SignatureException, InvalidKeyException - { - try - { - return generateX509Certificate(key, "BC", random); - } - catch (NoSuchProviderException e) - { - throw new SecurityException("BC provider not installed!"); - } - } - - /** - * generate an X509 certificate, based on the current issuer and subject, - * using the passed in provider for the signing, and the passed in source - * of randomness (if required). - */ - public X509Certificate generateX509Certificate( - PrivateKey key, - String provider) - throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException - { - return generateX509Certificate(key, provider, null); - } - - /** - * generate an X509 certificate, based on the current issuer and subject, - * using the passed in provider for the signing, and the passed in source - * of randomness (if required). - */ - public X509Certificate generateX509Certificate( - PrivateKey key, - String provider, - SecureRandom random) - throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException - { - Signature sig = null; - - try - { - sig = Signature.getInstance(sigOID.getId(), provider); - } - catch (NoSuchAlgorithmException ex) - { - try - { - sig = Signature.getInstance(signatureAlgorithm, provider); - } - catch (NoSuchAlgorithmException e) - { - throw new SecurityException("exception creating signature: " + e.toString()); - } - } - - if (random != null) - { - sig.initSign(key, random); - } - else - { - sig.initSign(key); - } - - TBSCertificateStructure tbsCert = tbsGen.generateTBSCertificate(); - - try - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - - dOut.writeObject(tbsCert); - - sig.update(bOut.toByteArray()); - } - catch (Exception e) - { - throw new SecurityException("exception encoding TBS cert - " + e); - } - - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(tbsCert); - v.add(sigAlgId); - v.add(new DERBitString(sig.sign())); - - return new X509CertificateObject(new X509CertificateStructure(new DERSequence(v))); - } - - /** - * Return an iterator of the signature names supported by the generator. - * - * @return an iterator containing recognised names. - */ - public Iterator getSignatureAlgNames() - { - return X509Util.getAlgNames(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/x509/X509V2AttributeCertificate.java b/luni/src/main/java/org/bouncycastle/x509/X509V2AttributeCertificate.java deleted file mode 100644 index 7348b87..0000000 --- a/luni/src/main/java/org/bouncycastle/x509/X509V2AttributeCertificate.java +++ /dev/null @@ -1,297 +0,0 @@ -package org.bouncycastle.x509; - -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.math.BigInteger; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PublicKey; -import java.security.Signature; -import java.security.SignatureException; -import java.security.cert.CertificateException; -import java.security.cert.CertificateExpiredException; -import java.security.cert.CertificateNotYetValidException; -import java.text.ParseException; -import java.util.ArrayList; -import java.util.Date; -import java.util.Enumeration; -import java.util.HashSet; -import java.util.List; -import java.util.Set; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DEROutputStream; -import org.bouncycastle.asn1.x509.AttributeCertificate; -import org.bouncycastle.asn1.x509.X509Extension; -import org.bouncycastle.asn1.x509.X509Extensions; - -/* - * An implementation of a version 2 X.509 Attribute Certificate. - */ -public class X509V2AttributeCertificate - implements X509AttributeCertificate -{ - private AttributeCertificate cert; - private Date notBefore; - private Date notAfter; - - public X509V2AttributeCertificate( - InputStream encIn) - throws IOException - { - this(AttributeCertificate.getInstance(new ASN1InputStream(encIn).readObject())); - } - - public X509V2AttributeCertificate( - byte[] encoded) - throws IOException - { - this(new ByteArrayInputStream(encoded)); - } - - X509V2AttributeCertificate( - AttributeCertificate cert) - throws IOException - { - this.cert = cert; - - try - { - this.notAfter = cert.getAcinfo().getAttrCertValidityPeriod().getNotAfterTime().getDate(); - this.notBefore = cert.getAcinfo().getAttrCertValidityPeriod().getNotBeforeTime().getDate(); - } - catch (ParseException e) - { - throw new IOException("invalid data structure in certificate!"); - } - } - - public int getVersion() - { - return cert.getAcinfo().getVersion().getValue().intValue(); - } - - public BigInteger getSerialNumber() - { - return cert.getAcinfo().getSerialNumber().getValue(); - } - - public AttributeCertificateHolder getHolder() - { - return new AttributeCertificateHolder((ASN1Sequence)cert.getAcinfo().getHolder().toASN1Object()); - } - - public AttributeCertificateIssuer getIssuer() - { - return new AttributeCertificateIssuer(cert.getAcinfo().getIssuer()); - } - - public Date getNotBefore() - { - return notBefore; - } - - public Date getNotAfter() - { - return notAfter; - } - - public boolean[] getIssuerUniqueID() - { - DERBitString id = cert.getAcinfo().getIssuerUniqueID(); - - if (id != null) - { - byte[] bytes = id.getBytes(); - boolean[] boolId = new boolean[bytes.length * 8 - id.getPadBits()]; - - for (int i = 0; i != boolId.length; i++) - { - boolId[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0; - } - - return boolId; - } - - return null; - } - - public void checkValidity() - throws CertificateExpiredException, CertificateNotYetValidException - { - this.checkValidity(new Date()); - } - - public void checkValidity( - Date date) - throws CertificateExpiredException, CertificateNotYetValidException - { - if (date.after(this.getNotAfter())) - { - throw new CertificateExpiredException("certificate expired on " + this.getNotAfter()); - } - - if (date.before(this.getNotBefore())) - { - throw new CertificateNotYetValidException("certificate not valid till " + this.getNotBefore()); - } - } - - public byte[] getSignature() - { - return cert.getSignatureValue().getBytes(); - } - - public final void verify( - PublicKey key, - String provider) - throws CertificateException, NoSuchAlgorithmException, - InvalidKeyException, NoSuchProviderException, SignatureException - { - Signature signature = null; - - if (!cert.getSignatureAlgorithm().equals(cert.getAcinfo().getSignature())) - { - throw new CertificateException("Signature algorithm in certificate info not same as outer certificate"); - } - - signature = Signature.getInstance(cert.getSignatureAlgorithm().getObjectId().getId(), provider); - - signature.initVerify(key); - - try - { - signature.update(cert.getAcinfo().getEncoded()); - } - catch (IOException e) - { - throw new SignatureException("Exception encoding certificate info object"); - } - - if (!signature.verify(this.getSignature())) - { - throw new InvalidKeyException("Public key presented not for certificate signature"); - } - } - - public byte[] getEncoded() - throws IOException - { - return cert.getEncoded(); - } - - public byte[] getExtensionValue(String oid) - { - X509Extensions extensions = cert.getAcinfo().getExtensions(); - - if (extensions != null) - { - X509Extension ext = extensions.getExtension(new DERObjectIdentifier(oid)); - - if (ext != null) - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - - try - { - dOut.writeObject(ext.getValue()); - - return bOut.toByteArray(); - } - catch (Exception e) - { - throw new RuntimeException("error encoding " + e.toString()); - } - } - } - - return null; - } - - private Set getExtensionOIDs( - boolean critical) - { - X509Extensions extensions = cert.getAcinfo().getExtensions(); - - if (extensions != null) - { - Set set = new HashSet(); - Enumeration e = extensions.oids(); - - while (e.hasMoreElements()) - { - DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); - X509Extension ext = extensions.getExtension(oid); - - if (ext.isCritical() == critical) - { - set.add(oid.getId()); - } - } - - return set; - } - - return null; - } - - public Set getNonCriticalExtensionOIDs() - { - return getExtensionOIDs(false); - } - - public Set getCriticalExtensionOIDs() - { - return getExtensionOIDs(true); - } - - public boolean hasUnsupportedCriticalExtension() - { - Set extensions = getCriticalExtensionOIDs(); - - return extensions != null && !extensions.isEmpty(); - } - - public X509Attribute[] getAttributes() - { - ASN1Sequence seq = cert.getAcinfo().getAttributes(); - X509Attribute[] attrs = new X509Attribute[seq.size()]; - - for (int i = 0; i != seq.size(); i++) - { - attrs[i] = new X509Attribute((ASN1Encodable)seq.getObjectAt(i)); - } - - return attrs; - } - - public X509Attribute[] getAttributes(String oid) - { - ASN1Sequence seq = cert.getAcinfo().getAttributes(); - List list = new ArrayList(); - - for (int i = 0; i != seq.size(); i++) - { - X509Attribute attr = new X509Attribute((ASN1Encodable)seq.getObjectAt(i)); - if (attr.getOID().equals(oid)) - { - list.add(attr); - } - } - - if (list.size() == 0) - { - return null; - } - - return (X509Attribute[])list.toArray(new X509Attribute[list.size()]); - } -} diff --git a/luni/src/main/java/org/bouncycastle/x509/X509V2AttributeCertificateGenerator.java b/luni/src/main/java/org/bouncycastle/x509/X509V2AttributeCertificateGenerator.java deleted file mode 100644 index ec1a0d7..0000000 --- a/luni/src/main/java/org/bouncycastle/x509/X509V2AttributeCertificateGenerator.java +++ /dev/null @@ -1,283 +0,0 @@ -package org.bouncycastle.x509; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.math.BigInteger; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.SecureRandom; -import java.security.Signature; -import java.security.SignatureException; -import java.util.Date; -import java.util.Hashtable; -import java.util.Iterator; -import java.util.Vector; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DEROutputStream; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.AttCertIssuer; -import org.bouncycastle.asn1.x509.Attribute; -import org.bouncycastle.asn1.x509.AttributeCertificate; -import org.bouncycastle.asn1.x509.V2AttributeCertificateInfoGenerator; -import org.bouncycastle.asn1.x509.AttributeCertificateInfo; -import org.bouncycastle.asn1.x509.X509Extension; -import org.bouncycastle.asn1.x509.X509Extensions; - -/** - * class to produce an X.509 Version 2 AttributeCertificate. - */ -public class X509V2AttributeCertificateGenerator -{ - private V2AttributeCertificateInfoGenerator acInfoGen; - private DERObjectIdentifier sigOID; - private AlgorithmIdentifier sigAlgId; - private String signatureAlgorithm; - private Hashtable extensions = null; - private Vector extOrdering = null; - - public X509V2AttributeCertificateGenerator() - { - acInfoGen = new V2AttributeCertificateInfoGenerator(); - } - - /** - * reset the generator - */ - public void reset() - { - acInfoGen = new V2AttributeCertificateInfoGenerator(); - extensions = null; - extOrdering = null; - } - - /** - * Set the Holder of this Attribute Certificate - */ - public void setHolder( - AttributeCertificateHolder holder) - { - acInfoGen.setHolder(holder.holder); - } - - /** - * Set the issuer - */ - public void setIssuer( - AttributeCertificateIssuer issuer) - { - acInfoGen.setIssuer(AttCertIssuer.getInstance(issuer.form)); - } - - /** - * set the serial number for the certificate. - */ - public void setSerialNumber( - BigInteger serialNumber) - { - acInfoGen.setSerialNumber(new DERInteger(serialNumber)); - } - - public void setNotBefore( - Date date) - { - acInfoGen.setStartDate(new DERGeneralizedTime(date)); - } - - public void setNotAfter( - Date date) - { - acInfoGen.setEndDate(new DERGeneralizedTime(date)); - } - - /** - * Set the signature algorithm. This can be either a name or an OID, names - * are treated as case insensitive. - * - * @param signatureAlgorithm string representation of the algorithm name. - */ - public void setSignatureAlgorithm( - String signatureAlgorithm) - { - this.signatureAlgorithm = signatureAlgorithm; - - try - { - sigOID = X509Util.getAlgorithmOID(signatureAlgorithm); - } - catch (Exception e) - { - throw new IllegalArgumentException("Unknown signature type requested"); - } - - // BEGIN android-changed - sigAlgId = new AlgorithmIdentifier(this.sigOID, DERNull.THE_ONE); - // END android-changed - - acInfoGen.setSignature(sigAlgId); - } - - /** - * add an attribute - */ - public void addAttribute( - X509Attribute attribute) - { - acInfoGen.addAttribute(Attribute.getInstance(attribute.toASN1Object())); - } - - public void setIssuerUniqueId( - boolean[] iui) - { - // [TODO] convert boolean array to bit string - //acInfoGen.setIssuerUniqueID(iui); - throw new RuntimeException("not implemented (yet)"); - } - - /** - * add a given extension field for the standard extensions tag - * @throws IOException - */ - public void addExtension( - String OID, - boolean critical, - ASN1Encodable value) - throws IOException - { - this.addExtension(OID, critical, value.getEncoded()); - } - - /** - * add a given extension field for the standard extensions tag - * The value parameter becomes the contents of the octet string associated - * with the extension. - */ - public void addExtension( - String OID, - boolean critical, - byte[] value) - { - if (extensions == null) - { - extensions = new Hashtable(); - extOrdering = new Vector(); - } - - DERObjectIdentifier oid = new DERObjectIdentifier(OID); - - extensions.put(oid, new X509Extension(critical, new DEROctetString(value))); - extOrdering.addElement(oid); - } - - /** - * generate an X509 certificate, based on the current issuer and subject, - * using the passed in provider for the signing. - */ - public X509AttributeCertificate generateCertificate( - PrivateKey key, - String provider) - throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException - { - return generateCertificate(key, provider, null); - } - - /** - * generate an X509 certificate, based on the current issuer and subject, - * using the passed in provider for the signing and the supplied source - * of randomness, if required. - */ - public X509AttributeCertificate generateCertificate( - PrivateKey key, - String provider, - SecureRandom random) - throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException - { - Signature sig = null; - - if (sigOID == null) - { - throw new IllegalStateException("no signature algorithm specified"); - } - - try - { - sig = Signature.getInstance(sigOID.getId(), provider); - } - catch (NoSuchAlgorithmException ex) - { - try - { - sig = Signature.getInstance(signatureAlgorithm, provider); - } - catch (NoSuchAlgorithmException e) - { - throw new SecurityException("exception creating signature: " + e.toString()); - } - } - - if (random != null) - { - sig.initSign(key, random); - } - else - { - sig.initSign(key); - } - - if (extensions != null) - { - acInfoGen.setExtensions(new X509Extensions(extOrdering, extensions)); - } - - AttributeCertificateInfo acInfo = acInfoGen.generateAttributeCertificateInfo(); - - try - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - - dOut.writeObject(acInfo); - - sig.update(bOut.toByteArray()); - } - catch (Exception e) - { - throw new SecurityException("exception encoding Attribute cert - " + e); - } - - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(acInfo); - v.add(sigAlgId); - v.add(new DERBitString(sig.sign())); - - try - { - return new X509V2AttributeCertificate(new AttributeCertificate(new DERSequence(v))); - } - catch (IOException e) - { - throw new RuntimeException("constructed invalid certificate!"); - } - } - - /** - * Return an iterator of the signature names supported by the generator. - * - * @return an iterator containing recognised names. - */ - public Iterator getSignatureAlgNames() - { - return X509Util.getAlgNames(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/x509/X509V2CRLGenerator.java b/luni/src/main/java/org/bouncycastle/x509/X509V2CRLGenerator.java deleted file mode 100644 index f639be6..0000000 --- a/luni/src/main/java/org/bouncycastle/x509/X509V2CRLGenerator.java +++ /dev/null @@ -1,400 +0,0 @@ -package org.bouncycastle.x509; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.math.BigInteger; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.SecureRandom; -import java.security.Signature; -import java.security.SignatureException; -import java.security.cert.CRLException; -import java.security.cert.X509CRL; -import java.security.cert.X509CRLEntry; -import java.text.SimpleDateFormat; -import java.util.Date; -import java.util.Hashtable; -import java.util.Iterator; -import java.util.Set; -import java.util.SimpleTimeZone; -import java.util.Vector; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.DEREncodable; -import org.bouncycastle.asn1.DERGeneralizedTime; -import org.bouncycastle.asn1.DERInteger; -import org.bouncycastle.asn1.DERObjectIdentifier; -import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.DEROutputStream; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.CertificateList; -import org.bouncycastle.asn1.x509.TBSCertList; -import org.bouncycastle.asn1.x509.Time; -import org.bouncycastle.asn1.x509.V2TBSCertListGenerator; -import org.bouncycastle.asn1.x509.X509Extension; -import org.bouncycastle.asn1.x509.X509Extensions; -import org.bouncycastle.asn1.x509.X509Name; -import org.bouncycastle.jce.X509Principal; -import org.bouncycastle.jce.provider.X509CRLObject; - -/** - * class to produce an X.509 Version 2 CRL. - */ -public class X509V2CRLGenerator -{ - private SimpleDateFormat dateF = new SimpleDateFormat("yyMMddHHmmss"); - private SimpleTimeZone tz = new SimpleTimeZone(0, "Z"); - private V2TBSCertListGenerator tbsGen; - private DERObjectIdentifier sigOID; - private AlgorithmIdentifier sigAlgId; - private String signatureAlgorithm; - private Hashtable extensions = null; - private Vector extOrdering = null; - - public X509V2CRLGenerator() - { - dateF.setTimeZone(tz); - - tbsGen = new V2TBSCertListGenerator(); - } - - /** - * reset the generator - */ - public void reset() - { - tbsGen = new V2TBSCertListGenerator(); - } - - /** - * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the - * certificate. - */ - public void setIssuerDN( - X500Principal issuer) - { - try - { - tbsGen.setIssuer(new X509Principal(issuer.getEncoded())); - } - catch (IOException e) - { - throw new IllegalArgumentException("can't process principal: " + e); - } - } - - /** - * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the - * certificate. - */ - public void setIssuerDN( - X509Name issuer) - { - tbsGen.setIssuer(issuer); - } - - public void setThisUpdate( - Date date) - { - tbsGen.setThisUpdate(new Time(date)); - } - - public void setNextUpdate( - Date date) - { - tbsGen.setNextUpdate(new Time(date)); - } - - /** - * Reason being as indicated by ReasonFlags, i.e. ReasonFlags.keyCompromise - * or 0 if ReasonFlags are not to be used - **/ - public void addCRLEntry(BigInteger userCertificate, Date revocationDate, int reason) - { - tbsGen.addCRLEntry(new DERInteger(userCertificate), new Time(revocationDate), reason); - } - - /** - * Add a CRL entry with an Invalidity Date extension as well as a CRLReason extension. - * Reason being as indicated by ReasonFlags, i.e. ReasonFlags.keyCompromise - * or 0 if ReasonFlags are not to be used - **/ - public void addCRLEntry(BigInteger userCertificate, Date revocationDate, int reason, Date invalidityDate) - { - tbsGen.addCRLEntry(new DERInteger(userCertificate), new Time(revocationDate), reason, new DERGeneralizedTime(invalidityDate)); - } - - /** - * Add a CRL entry with extensions. - **/ - public void addCRLEntry(BigInteger userCertificate, Date revocationDate, X509Extensions extensions) - { - tbsGen.addCRLEntry(new DERInteger(userCertificate), new Time(revocationDate), extensions); - } - - /** - * Add the CRLEntry objects contained in a previous CRL. - * - * @param other the X509CRL to source the other entries from. - */ - public void addCRL(X509CRL other) - throws CRLException - { - Set revocations = other.getRevokedCertificates(); - - Iterator it = revocations.iterator(); - while (it.hasNext()) - { - X509CRLEntry entry = (X509CRLEntry)it.next(); - - ASN1InputStream aIn = new ASN1InputStream(entry.getEncoded()); - - try - { - tbsGen.addCRLEntry(ASN1Sequence.getInstance(aIn.readObject())); - } - catch (IOException e) - { - throw new CRLException("exception processing encoding of CRL: " + e.toString()); - } - } - } - - /** - * Set the signature algorithm. This can be either a name or an OID, names - * are treated as case insensitive. - * - * @param signatureAlgorithm string representation of the algorithm name. - */ - public void setSignatureAlgorithm( - String signatureAlgorithm) - { - this.signatureAlgorithm = signatureAlgorithm; - - try - { - sigOID = X509Util.getAlgorithmOID(signatureAlgorithm); - } - catch (Exception e) - { - throw new IllegalArgumentException("Unknown signature type requested"); - } - - sigAlgId = X509Util.getSigAlgID(sigOID); - - tbsGen.setSignature(sigAlgId); - } - - /** - * add a given extension field for the standard extensions tag (tag 0) - */ - public void addExtension( - String OID, - boolean critical, - DEREncodable value) - { - this.addExtension(new DERObjectIdentifier(OID), critical, value); - } - - /** - * add a given extension field for the standard extensions tag (tag 0) - */ - public void addExtension( - DERObjectIdentifier OID, - boolean critical, - DEREncodable value) - { - if (extensions == null) - { - extensions = new Hashtable(); - extOrdering = new Vector(); - } - - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - - try - { - dOut.writeObject(value); - } - catch (IOException e) - { - throw new IllegalArgumentException("error encoding value: " + e); - } - - this.addExtension(OID, critical, bOut.toByteArray()); - } - - /** - * add a given extension field for the standard extensions tag (tag 0) - */ - public void addExtension( - String OID, - boolean critical, - byte[] value) - { - this.addExtension(new DERObjectIdentifier(OID), critical, value); - } - - /** - * add a given extension field for the standard extensions tag (tag 0) - */ - public void addExtension( - DERObjectIdentifier OID, - boolean critical, - byte[] value) - { - if (extensions == null) - { - extensions = new Hashtable(); - extOrdering = new Vector(); - } - - extensions.put(OID, new X509Extension(critical, new DEROctetString(value))); - extOrdering.addElement(OID); - } - - /** - * generate an X509 CRL, based on the current issuer and subject - * using the default provider "BC". - */ - public X509CRL generateX509CRL( - PrivateKey key) - throws SecurityException, SignatureException, InvalidKeyException - { - try - { - return generateX509CRL(key, "BC", null); - } - catch (NoSuchProviderException e) - { - throw new SecurityException("BC provider not installed!"); - } - } - - /** - * generate an X509 CRL, based on the current issuer and subject - * using the default provider "BC" and an user defined SecureRandom object as - * source of randomness. - */ - public X509CRL generateX509CRL( - PrivateKey key, - SecureRandom random) - throws SecurityException, SignatureException, InvalidKeyException - { - try - { - return generateX509CRL(key, "BC", random); - } - catch (NoSuchProviderException e) - { - throw new SecurityException("BC provider not installed!"); - } - } - - /** - * generate an X509 certificate, based on the current issuer and subject - * using the passed in provider for the signing. - */ - public X509CRL generateX509CRL( - PrivateKey key, - String provider) - throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException - { - return generateX509CRL(key, provider, null); - } - - /** - * generate an X509 CRL, based on the current issuer and subject, - * using the passed in provider for the signing. - */ - public X509CRL generateX509CRL( - PrivateKey key, - String provider, - SecureRandom random) - throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException - { - Signature sig = null; - - try - { - sig = Signature.getInstance(sigOID.getId(), provider); - } - catch (NoSuchAlgorithmException ex) - { - try - { - sig = Signature.getInstance(signatureAlgorithm, provider); - } - catch (NoSuchAlgorithmException e) - { - throw new SecurityException("exception creating signature: " + e.toString()); - } - } - - if (random != null) - { - sig.initSign(key, random); - } - else - { - sig.initSign(key); - } - - if (extensions != null) - { - tbsGen.setExtensions(new X509Extensions(extOrdering, extensions)); - } - - TBSCertList tbsCrl = tbsGen.generateTBSCertList(); - - try - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - - dOut.writeObject(tbsCrl); - - sig.update(bOut.toByteArray()); - } - catch (Exception e) - { - throw new SecurityException("exception encoding TBS cert - " + e); - } - - // Construct the CRL - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(tbsCrl); - v.add(sigAlgId); - v.add(new DERBitString(sig.sign())); - - try - { - return new X509CRLObject(new CertificateList(new DERSequence(v))); - } - catch (CRLException e) - { - throw new SecurityException("exception creating CRL: " + e.getMessage()); - } - } - - - /** - * Return an iterator of the signature names supported by the generator. - * - * @return an iterator containing recognised names. - */ - public Iterator getSignatureAlgNames() - { - return X509Util.getAlgNames(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/x509/X509V3CertificateGenerator.java b/luni/src/main/java/org/bouncycastle/x509/X509V3CertificateGenerator.java deleted file mode 100644 index acfa0b4..0000000 --- a/luni/src/main/java/org/bouncycastle/x509/X509V3CertificateGenerator.java +++ /dev/null @@ -1,429 +0,0 @@ -package org.bouncycastle.x509; - -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.math.BigInteger; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.Signature; -import java.security.SignatureException; -import java.security.cert.CertificateParsingException; -import java.security.cert.X509Certificate; -import java.util.Date; -import java.util.Hashtable; -import java.util.Iterator; -import java.util.Vector; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.*; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x509.TBSCertificateStructure; -import org.bouncycastle.asn1.x509.Time; -import org.bouncycastle.asn1.x509.V3TBSCertificateGenerator; -import org.bouncycastle.asn1.x509.X509CertificateStructure; -import org.bouncycastle.asn1.x509.X509Extension; -import org.bouncycastle.asn1.x509.X509Extensions; -import org.bouncycastle.asn1.x509.X509Name; -import org.bouncycastle.jce.X509Principal; -import org.bouncycastle.jce.provider.X509CertificateObject; -import org.bouncycastle.x509.extension.X509ExtensionUtil; - -/** - * class to produce an X.509 Version 3 certificate. - */ -public class X509V3CertificateGenerator -{ - private V3TBSCertificateGenerator tbsGen; - private DERObjectIdentifier sigOID; - private AlgorithmIdentifier sigAlgId; - private String signatureAlgorithm; - private Hashtable extensions = null; - private Vector extOrdering = null; - - public X509V3CertificateGenerator() - { - tbsGen = new V3TBSCertificateGenerator(); - } - - /** - * reset the generator - */ - public void reset() - { - tbsGen = new V3TBSCertificateGenerator(); - extensions = null; - extOrdering = null; - } - - /** - * set the serial number for the certificate. - */ - public void setSerialNumber( - BigInteger serialNumber) - { - if (serialNumber.compareTo(BigInteger.ZERO) <= 0) - { - throw new IllegalArgumentException("serial number must be a positive integer"); - } - - tbsGen.setSerialNumber(new DERInteger(serialNumber)); - } - - /** - * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the - * certificate. - */ - public void setIssuerDN( - X500Principal issuer) - { - try - { - tbsGen.setIssuer(new X509Principal(issuer.getEncoded())); - } - catch (IOException e) - { - throw new IllegalArgumentException("can't process principal: " + e); - } - } - - /** - * Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the - * certificate. - */ - public void setIssuerDN( - X509Name issuer) - { - tbsGen.setIssuer(issuer); - } - - public void setNotBefore( - Date date) - { - tbsGen.setStartDate(new Time(date)); - } - - public void setNotAfter( - Date date) - { - tbsGen.setEndDate(new Time(date)); - } - - /** - * Set the subject distinguished name. The subject describes the entity associated with the public key. - */ - public void setSubjectDN( - X500Principal subject) - { - try - { - tbsGen.setSubject(new X509Principal(subject.getEncoded())); - } - catch (IOException e) - { - throw new IllegalArgumentException("can't process principal: " + e); - } - } - - /** - * Set the subject distinguished name. The subject describes the entity associated with the public key. - */ - public void setSubjectDN( - X509Name subject) - { - tbsGen.setSubject(subject); - } - - public void setPublicKey( - PublicKey key) - { - try - { - tbsGen.setSubjectPublicKeyInfo(new SubjectPublicKeyInfo((ASN1Sequence)new ASN1InputStream( - new ByteArrayInputStream(key.getEncoded())).readObject())); - } - catch (Exception e) - { - throw new IllegalArgumentException("unable to process key - " + e.toString()); - } - } - - /** - * Set the signature algorithm. This can be either a name or an OID, names - * are treated as case insensitive. - * - * @param signatureAlgorithm string representation of the algorithm name. - */ - public void setSignatureAlgorithm( - String signatureAlgorithm) - { - this.signatureAlgorithm = signatureAlgorithm; - - try - { - sigOID = X509Util.getAlgorithmOID(signatureAlgorithm); - } - catch (Exception e) - { - throw new IllegalArgumentException("Unknown signature type requested: " + signatureAlgorithm); - } - - sigAlgId = X509Util.getSigAlgID(sigOID); - - tbsGen.setSignature(sigAlgId); - } - - /** - * add a given extension field for the standard extensions tag (tag 3) - */ - public void addExtension( - String oid, - boolean critical, - DEREncodable value) - { - this.addExtension(new DERObjectIdentifier(oid), critical, value); - } - - /** - * add a given extension field for the standard extensions tag (tag 3) - */ - public void addExtension( - DERObjectIdentifier oid, - boolean critical, - DEREncodable value) - { - if (extensions == null) - { - extensions = new Hashtable(); - extOrdering = new Vector(); - } - - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - - try - { - dOut.writeObject(value); - } - catch (IOException e) - { - throw new IllegalArgumentException("error encoding value: " + e); - } - - this.addExtension(oid, critical, bOut.toByteArray()); - } - - /** - * add a given extension field for the standard extensions tag (tag 3) - * The value parameter becomes the contents of the octet string associated - * with the extension. - */ - public void addExtension( - String oid, - boolean critical, - byte[] value) - { - this.addExtension(new DERObjectIdentifier(oid), critical, value); - } - - /** - * add a given extension field for the standard extensions tag (tag 3) - */ - public void addExtension( - DERObjectIdentifier oid, - boolean critical, - byte[] value) - { - if (extensions == null) - { - extensions = new Hashtable(); - extOrdering = new Vector(); - } - - extensions.put(oid, new X509Extension(critical, new DEROctetString(value))); - extOrdering.addElement(oid); - } - - /** - * add a given extension field for the standard extensions tag (tag 3) - * copying the extension value from another certificate. - * @throws CertificateParsingException if the extension cannot be extracted. - */ - public void copyAndAddExtension( - String oid, - boolean critical, - X509Certificate cert) - throws CertificateParsingException - { - byte[] extValue = cert.getExtensionValue(oid); - - if (extValue == null) - { - throw new CertificateParsingException("extension " + oid + " not present"); - } - - try - { - ASN1Encodable value = X509ExtensionUtil.fromExtensionValue(extValue); - - this.addExtension(oid, critical, value); - } - catch (IOException e) - { - throw new CertificateParsingException(e.toString()); - } - } - - /** - * add a given extension field for the standard extensions tag (tag 3) - * copying the extension value from another certificate. - * @throws CertificateParsingException if the extension cannot be extracted. - */ - public void copyAndAddExtension( - DERObjectIdentifier oid, - boolean critical, - X509Certificate cert) - throws CertificateParsingException - { - this.copyAndAddExtension(oid.getId(), critical, cert); - } - - /** - * generate an X509 certificate, based on the current issuer and subject - * using the default provider "BC". - */ - public X509Certificate generateX509Certificate( - PrivateKey key) - throws SecurityException, SignatureException, InvalidKeyException - { - try - { - return generateX509Certificate(key, "BC", null); - } - catch (NoSuchProviderException e) - { - throw new SecurityException("BC provider not installed!"); - } - } - - /** - * generate an X509 certificate, based on the current issuer and subject - * using the default provider "BC", and the passed in source of randomness - * (if required). - */ - public X509Certificate generateX509Certificate( - PrivateKey key, - SecureRandom random) - throws SecurityException, SignatureException, InvalidKeyException - { - try - { - return generateX509Certificate(key, "BC", random); - } - catch (NoSuchProviderException e) - { - throw new SecurityException("BC provider not installed!"); - } - } - - /** - * generate an X509 certificate, based on the current issuer and subject, - * using the passed in provider for the signing. - */ - public X509Certificate generateX509Certificate( - PrivateKey key, - String provider) - throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException - { - return generateX509Certificate(key, provider, null); - } - - /** - * generate an X509 certificate, based on the current issuer and subject, - * using the passed in provider for the signing and the supplied source - * of randomness, if required. - */ - public X509Certificate generateX509Certificate( - PrivateKey key, - String provider, - SecureRandom random) - throws NoSuchProviderException, SecurityException, SignatureException, InvalidKeyException - { - Signature sig = null; - - if (sigOID == null) - { - throw new IllegalStateException("no signature algorithm specified"); - } - - try - { - sig = Signature.getInstance(sigOID.getId(), provider); - } - catch (NoSuchAlgorithmException ex) - { - try - { - sig = Signature.getInstance(signatureAlgorithm, provider); - } - catch (NoSuchAlgorithmException e) - { - throw new SecurityException("exception creating signature: " + e.toString()); - } - } - - if (random != null) - { - sig.initSign(key, random); - } - else - { - sig.initSign(key); - } - - if (extensions != null) - { - tbsGen.setExtensions(new X509Extensions(extOrdering, extensions)); - } - - TBSCertificateStructure tbsCert = tbsGen.generateTBSCertificate(); - - try - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - DEROutputStream dOut = new DEROutputStream(bOut); - - dOut.writeObject(tbsCert); - - sig.update(bOut.toByteArray()); - } - catch (Exception e) - { - throw new SecurityException("exception encoding TBS cert - " + e); - } - - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(tbsCert); - v.add(sigAlgId); - v.add(new DERBitString(sig.sign())); - - return new X509CertificateObject(new X509CertificateStructure(new DERSequence(v))); - } - - /** - * Return an iterator of the signature names supported by the generator. - * - * @return an iterator containing recognised names. - */ - public Iterator getSignatureAlgNames() - { - return X509Util.getAlgNames(); - } -} diff --git a/luni/src/main/java/org/bouncycastle/x509/extension/AuthorityKeyIdentifierStructure.java b/luni/src/main/java/org/bouncycastle/x509/extension/AuthorityKeyIdentifierStructure.java deleted file mode 100644 index 2280198..0000000 --- a/luni/src/main/java/org/bouncycastle/x509/extension/AuthorityKeyIdentifierStructure.java +++ /dev/null @@ -1,126 +0,0 @@ -package org.bouncycastle.x509.extension; - -import java.io.IOException; -import java.security.InvalidKeyException; -import java.security.PublicKey; -import java.security.cert.CertificateParsingException; -import java.security.cert.X509Certificate; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.GeneralNames; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x509.X509Extensions; -import org.bouncycastle.jce.PrincipalUtil; - -/** - * A high level authority key identifier. - */ -public class AuthorityKeyIdentifierStructure - extends AuthorityKeyIdentifier -{ - /** - * Constructor which will take the byte[] returned from getExtensionValue() - * - * @param encodedValue a DER octet encoded string with the extension structure in it. - * @throws IOException on parsing errors. - */ - public AuthorityKeyIdentifierStructure( - byte[] encodedValue) - throws IOException - { - super((ASN1Sequence)X509ExtensionUtil.fromExtensionValue(encodedValue)); - } - - private static ASN1Sequence fromCertificate( - X509Certificate certificate) - throws CertificateParsingException - { - try - { - if (certificate.getVersion() != 3) - { - GeneralName genName = new GeneralName(PrincipalUtil.getIssuerX509Principal(certificate)); - SubjectPublicKeyInfo info = new SubjectPublicKeyInfo( - (ASN1Sequence)new ASN1InputStream(certificate.getPublicKey().getEncoded()).readObject()); - - return (ASN1Sequence)new AuthorityKeyIdentifier( - info, new GeneralNames(genName), certificate.getSerialNumber()).toASN1Object(); - } - else - { - GeneralName genName = new GeneralName(PrincipalUtil.getIssuerX509Principal(certificate)); - - byte[] ext = certificate.getExtensionValue(X509Extensions.SubjectKeyIdentifier.getId()); - - if (ext != null) - { - ASN1OctetString str = (ASN1OctetString)X509ExtensionUtil.fromExtensionValue(ext); - - return (ASN1Sequence)new AuthorityKeyIdentifier( - str.getOctets(), new GeneralNames(genName), certificate.getSerialNumber()).toASN1Object(); - } - else - { - SubjectPublicKeyInfo info = new SubjectPublicKeyInfo( - (ASN1Sequence)new ASN1InputStream(certificate.getPublicKey().getEncoded()).readObject()); - - return (ASN1Sequence)new AuthorityKeyIdentifier( - info, new GeneralNames(genName), certificate.getSerialNumber()).toASN1Object(); - } - } - } - catch (Exception e) - { - throw new CertificateParsingException("Exception extracting certificate details: " + e.toString()); - } - } - - private static ASN1Sequence fromKey( - PublicKey pubKey) - throws InvalidKeyException - { - try - { - SubjectPublicKeyInfo info = new SubjectPublicKeyInfo( - (ASN1Sequence)new ASN1InputStream(pubKey.getEncoded()).readObject()); - - return (ASN1Sequence)new AuthorityKeyIdentifier(info).toASN1Object(); - } - catch (Exception e) - { - throw new InvalidKeyException("can't process key: " + e); - } - } - - /** - * Create an AuthorityKeyIdentifier using the passed in certificate's public - * key, issuer and serial number. - * - * @param certificate the certificate providing the information. - * @throws CertificateParsingException if there is a problem processing the certificate - */ - public AuthorityKeyIdentifierStructure( - X509Certificate certificate) - throws CertificateParsingException - { - super(fromCertificate(certificate)); - } - - /** - * Create an AuthorityKeyIdentifier using just the hash of the - * public key. - * - * @param pubKey the key to generate the hash from. - * @throws InvalidKeyException if there is a problem using the key. - */ - public AuthorityKeyIdentifierStructure( - PublicKey pubKey) - throws InvalidKeyException - { - super(fromKey(pubKey)); - } -} diff --git a/luni/src/main/java/org/bouncycastle/x509/extension/SubjectKeyIdentifierStructure.java b/luni/src/main/java/org/bouncycastle/x509/extension/SubjectKeyIdentifierStructure.java deleted file mode 100644 index 0b7ecd6..0000000 --- a/luni/src/main/java/org/bouncycastle/x509/extension/SubjectKeyIdentifierStructure.java +++ /dev/null @@ -1,58 +0,0 @@ -package org.bouncycastle.x509.extension; - -import java.io.IOException; -import java.security.PublicKey; -import java.security.cert.CertificateParsingException; - -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Sequence; -import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier; -import org.bouncycastle.asn1.x509.SubjectKeyIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; - -/** - * A high level subject key identifier. - */ -public class SubjectKeyIdentifierStructure - extends SubjectKeyIdentifier -{ - private AuthorityKeyIdentifier authKeyID; - - /** - * Constructor which will take the byte[] returned from getExtensionValue() - * - * @param encodedValue a DER octet encoded string with the extension structure in it. - * @throws IOException on parsing errors. - */ - public SubjectKeyIdentifierStructure( - byte[] encodedValue) - throws IOException - { - super((ASN1OctetString)X509ExtensionUtil.fromExtensionValue(encodedValue)); - } - - private static ASN1OctetString fromPublicKey( - PublicKey pubKey) - throws CertificateParsingException - { - try - { - SubjectPublicKeyInfo info = new SubjectPublicKeyInfo( - (ASN1Sequence)new ASN1InputStream(pubKey.getEncoded()).readObject()); - - return (ASN1OctetString)(new SubjectKeyIdentifier(info).toASN1Object()); - } - catch (Exception e) - { - throw new CertificateParsingException("Exception extracting certificate details: " + e.toString()); - } - } - - public SubjectKeyIdentifierStructure( - PublicKey pubKey) - throws CertificateParsingException - { - super(fromPublicKey(pubKey)); - } -} diff --git a/luni/src/main/java/org/bouncycastle/x509/extension/X509ExtensionUtil.java b/luni/src/main/java/org/bouncycastle/x509/extension/X509ExtensionUtil.java deleted file mode 100644 index 22b1c12..0000000 --- a/luni/src/main/java/org/bouncycastle/x509/extension/X509ExtensionUtil.java +++ /dev/null @@ -1,22 +0,0 @@ -package org.bouncycastle.x509.extension; - -import java.io.IOException; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1InputStream; -import org.bouncycastle.asn1.ASN1OctetString; - - -public class X509ExtensionUtil -{ - public static ASN1Encodable fromExtensionValue( - byte[] encodedValue) - throws IOException - { - ASN1InputStream aIn = new ASN1InputStream(encodedValue); - - aIn = new ASN1InputStream(((ASN1OctetString)aIn.readObject()).getOctets()); - - return (ASN1Encodable)aIn.readObject(); - } -} |