diff options
Diffstat (limited to 'libraries/spongycastle/pkix/src/main/jdk1.1')
34 files changed, 0 insertions, 5458 deletions
diff --git a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cert/cmp/GeneralPKIMessage.java b/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cert/cmp/GeneralPKIMessage.java deleted file mode 100644 index 2f74fe551..000000000 --- a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cert/cmp/GeneralPKIMessage.java +++ /dev/null @@ -1,82 +0,0 @@ -package org.spongycastle.cert.cmp; - -import java.io.IOException; - -import org.spongycastle.asn1.ASN1Primitive; -import org.spongycastle.asn1.cmp.PKIBody; -import org.spongycastle.asn1.cmp.PKIHeader; -import org.spongycastle.asn1.cmp.PKIMessage; -import org.spongycastle.cert.CertIOException; - -/** - * General wrapper for a generic PKIMessage - */ -public class GeneralPKIMessage -{ - private PKIMessage pkiMessage; - - private static PKIMessage parseBytes(byte[] encoding) - throws IOException - { - try - { - return PKIMessage.getInstance(ASN1Primitive.fromByteArray(encoding)); - } - catch (ClassCastException e) - { - throw new CertIOException("malformed data: " + e.getMessage(), e); - } - catch (IllegalArgumentException e) - { - throw new CertIOException("malformed data: " + e.getMessage(), e); - } - } - - /** - * Create a PKIMessage from the passed in bytes. - * - * @param encoding BER/DER encoding of the PKIMessage - * @throws IOException in the event of corrupted data, or an incorrect structure. - */ - public GeneralPKIMessage(byte[] encoding) - throws IOException - { - this(parseBytes(encoding)); - } - - /** - * Wrap a PKIMessage ASN.1 structure. - * - * @param pkiMessage base PKI message. - */ - public GeneralPKIMessage(PKIMessage pkiMessage) - { - this.pkiMessage = pkiMessage; - } - - public PKIHeader getHeader() - { - return pkiMessage.getHeader(); - } - - public PKIBody getBody() - { - return pkiMessage.getBody(); - } - - /** - * Return true if this message has protection bits on it. A return value of true - * indicates the message can be used to construct a ProtectedPKIMessage. - * - * @return true if message has protection, false otherwise. - */ - public boolean hasProtection() - { - return pkiMessage.getHeader().getProtectionAlg() != null; - } - - public PKIMessage toASN1Structure() - { - return pkiMessage; - } -} diff --git a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cert/crmf/CertificateRequestMessage.java b/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cert/crmf/CertificateRequestMessage.java deleted file mode 100644 index 6f582812b..000000000 --- a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cert/crmf/CertificateRequestMessage.java +++ /dev/null @@ -1,309 +0,0 @@ -package org.spongycastle.cert.crmf; - -import java.io.IOException; - -import org.spongycastle.asn1.ASN1ObjectIdentifier; -import org.spongycastle.asn1.ASN1Primitive; -import org.spongycastle.asn1.DERUTF8String; -import org.spongycastle.asn1.crmf.AttributeTypeAndValue; -import org.spongycastle.asn1.crmf.CRMFObjectIdentifiers; -import org.spongycastle.asn1.crmf.CertReqMsg; -import org.spongycastle.asn1.crmf.CertTemplate; -import org.spongycastle.asn1.crmf.Controls; -import org.spongycastle.asn1.crmf.PKIArchiveOptions; -import org.spongycastle.asn1.crmf.PKMACValue; -import org.spongycastle.asn1.crmf.POPOSigningKey; -import org.spongycastle.asn1.crmf.ProofOfPossession; -import org.spongycastle.cert.CertIOException; -import org.spongycastle.operator.ContentVerifier; -import org.spongycastle.operator.ContentVerifierProvider; -import org.spongycastle.operator.OperatorCreationException; - -/** - * Carrier for a CRMF CertReqMsg. - */ -public class CertificateRequestMessage -{ - public static final int popRaVerified = ProofOfPossession.TYPE_RA_VERIFIED; - public static final int popSigningKey = ProofOfPossession.TYPE_SIGNING_KEY; - public static final int popKeyEncipherment = ProofOfPossession.TYPE_KEY_ENCIPHERMENT; - public static final int popKeyAgreement = ProofOfPossession.TYPE_KEY_AGREEMENT; - - private CertReqMsg certReqMsg; - private Controls controls; - - private static CertReqMsg parseBytes(byte[] encoding) - throws IOException - { - try - { - return CertReqMsg.getInstance(ASN1Primitive.fromByteArray(encoding)); - } - catch (ClassCastException e) - { - throw new CertIOException("malformed data: " + e.getMessage(), e); - } - catch (IllegalArgumentException e) - { - throw new CertIOException("malformed data: " + e.getMessage(), e); - } - } - - /** - * Create a CertificateRequestMessage from the passed in bytes. - * - * @param certReqMsg BER/DER encoding of the CertReqMsg structure. - * @throws IOException in the event of corrupted data, or an incorrect structure. - */ - public CertificateRequestMessage(byte[] certReqMsg) - throws IOException - { - this(parseBytes(certReqMsg)); - } - - public CertificateRequestMessage(CertReqMsg certReqMsg) - { - this.certReqMsg = certReqMsg; - this.controls = certReqMsg.getCertReq().getControls(); - } - - /** - * Return the underlying ASN.1 object defining this CertificateRequestMessage object. - * - * @return a CertReqMsg. - */ - public CertReqMsg toASN1Structure() - { - return certReqMsg; - } - - /** - * Return the certificate template contained in this message. - * - * @return a CertTemplate structure. - */ - public CertTemplate getCertTemplate() - { - return this.certReqMsg.getCertReq().getCertTemplate(); - } - - /** - * Return whether or not this request has control values associated with it. - * - * @return true if there are control values present, false otherwise. - */ - public boolean hasControls() - { - return controls != null; - } - - /** - * Return whether or not this request has a specific type of control value. - * - * @param type the type OID for the control value we are checking for. - * @return true if a control value of type is present, false otherwise. - */ - public boolean hasControl(ASN1ObjectIdentifier type) - { - return findControl(type) != null; - } - - /** - * Return a control value of the specified type. - * - * @param type the type OID for the control value we are checking for. - * @return the control value if present, null otherwise. - */ - public Control getControl(ASN1ObjectIdentifier type) - { - AttributeTypeAndValue found = findControl(type); - - if (found != null) - { - if (found.getType().equals(CRMFObjectIdentifiers.id_regCtrl_pkiArchiveOptions)) - { - return new PKIArchiveControl(PKIArchiveOptions.getInstance(found.getValue())); - } - if (found.getType().equals(CRMFObjectIdentifiers.id_regCtrl_regToken)) - { - return new RegTokenControl(DERUTF8String.getInstance(found.getValue())); - } - if (found.getType().equals(CRMFObjectIdentifiers.id_regCtrl_authenticator)) - { - return new AuthenticatorControl(DERUTF8String.getInstance(found.getValue())); - } - } - - return null; - } - - private AttributeTypeAndValue findControl(ASN1ObjectIdentifier type) - { - if (controls == null) - { - return null; - } - - AttributeTypeAndValue[] tAndVs = controls.toAttributeTypeAndValueArray(); - AttributeTypeAndValue found = null; - - for (int i = 0; i != tAndVs.length; i++) - { - if (tAndVs[i].getType().equals(type)) - { - found = tAndVs[i]; - break; - } - } - - return found; - } - - /** - * Return whether or not this request message has a proof-of-possession field in it. - * - * @return true if proof-of-possession is present, false otherwise. - */ - public boolean hasProofOfPossession() - { - return this.certReqMsg.getPopo() != null; - } - - /** - * Return the type of the proof-of-possession this request message provides. - * - * @return one of: popRaVerified, popSigningKey, popKeyEncipherment, popKeyAgreement - */ - public int getProofOfPossessionType() - { - return this.certReqMsg.getPopo().getType(); - } - - /** - * Return whether or not the proof-of-possession (POP) is of the type popSigningKey and - * it has a public key MAC associated with it. - * - * @return true if POP is popSigningKey and a PKMAC is present, false otherwise. - */ - public boolean hasSigningKeyProofOfPossessionWithPKMAC() - { - ProofOfPossession pop = certReqMsg.getPopo(); - - if (pop.getType() == popSigningKey) - { - POPOSigningKey popoSign = POPOSigningKey.getInstance(pop.getObject()); - - return popoSign.getPoposkInput().getPublicKeyMAC() != null; - } - - return false; - } - - /** - * Return whether or not a signing key proof-of-possession (POP) is valid. - * - * @param verifierProvider a provider that can produce content verifiers for the signature contained in this POP. - * @return true if the POP is valid, false otherwise. - * @throws CRMFException if there is a problem in verification or content verifier creation. - * @throws IllegalStateException if POP not appropriate. - */ - public boolean isValidSigningKeyPOP(ContentVerifierProvider verifierProvider) - throws CRMFException, IllegalStateException - { - ProofOfPossession pop = certReqMsg.getPopo(); - - if (pop.getType() == popSigningKey) - { - POPOSigningKey popoSign = POPOSigningKey.getInstance(pop.getObject()); - - if (popoSign.getPoposkInput() != null && popoSign.getPoposkInput().getPublicKeyMAC() != null) - { - throw new IllegalStateException("verification requires password check"); - } - - return verifySignature(verifierProvider, popoSign); - } - else - { - throw new IllegalStateException("not Signing Key type of proof of possession"); - } - } - - /** - * Return whether or not a signing key proof-of-possession (POP), with an associated PKMAC, is valid. - * - * @param verifierProvider a provider that can produce content verifiers for the signature contained in this POP. - * @param macBuilder a suitable PKMACBuilder to create the MAC verifier. - * @param password the password used to key the MAC calculation. - * @return true if the POP is valid, false otherwise. - * @throws CRMFException if there is a problem in verification or content verifier creation. - * @throws IllegalStateException if POP not appropriate. - */ - public boolean isValidSigningKeyPOP(ContentVerifierProvider verifierProvider, PKMACBuilder macBuilder, char[] password) - throws CRMFException, IllegalStateException - { - ProofOfPossession pop = certReqMsg.getPopo(); - - if (pop.getType() == popSigningKey) - { - POPOSigningKey popoSign = POPOSigningKey.getInstance(pop.getObject()); - - if (popoSign.getPoposkInput() == null || popoSign.getPoposkInput().getSender() != null) - { - throw new IllegalStateException("no PKMAC present in proof of possession"); - } - - PKMACValue pkMAC = popoSign.getPoposkInput().getPublicKeyMAC(); - PKMACValueVerifier macVerifier = new PKMACValueVerifier(macBuilder); - - if (macVerifier.isValid(pkMAC, password, this.getCertTemplate().getPublicKey())) - { - return verifySignature(verifierProvider, popoSign); - } - - return false; - } - else - { - throw new IllegalStateException("not Signing Key type of proof of possession"); - } - } - - private boolean verifySignature(ContentVerifierProvider verifierProvider, POPOSigningKey popoSign) - throws CRMFException - { - ContentVerifier verifier; - - try - { - verifier = verifierProvider.get(popoSign.getAlgorithmIdentifier()); - } - catch (OperatorCreationException e) - { - throw new CRMFException("unable to create verifier: " + e.getMessage(), e); - } - - if (popoSign.getPoposkInput() != null) - { - CRMFUtil.derEncodeToStream(popoSign.getPoposkInput(), verifier.getOutputStream()); - } - else - { - CRMFUtil.derEncodeToStream(certReqMsg.getCertReq(), verifier.getOutputStream()); - } - - return verifier.verify(popoSign.getSignature().getBytes()); - } - - /** - * Return the ASN.1 encoding of the certReqMsg we wrap. - * - * @return a byte array containing the binary encoding of the certReqMsg. - * @throws IOException if there is an exception creating the encoding. - */ - public byte[] getEncoded() - throws IOException - { - return certReqMsg.getEncoded(); - } -} diff --git a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cert/crmf/FixedLengthMGF1Padder.java b/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cert/crmf/FixedLengthMGF1Padder.java deleted file mode 100644 index cfb33d62e..000000000 --- a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cert/crmf/FixedLengthMGF1Padder.java +++ /dev/null @@ -1,120 +0,0 @@ -package org.spongycastle.cert.crmf; - -import java.security.SecureRandom; - -import org.spongycastle.crypto.Digest; -import org.spongycastle.crypto.digests.SHA1Digest; -import org.spongycastle.crypto.generators.MGF1BytesGenerator; -import org.spongycastle.crypto.params.MGFParameters; - -/** - * An encrypted value padder that uses MGF1 as the basis of the padding. - */ -public class FixedLengthMGF1Padder - implements EncryptedValuePadder -{ - private int length; - private SecureRandom random; - private Digest dig = new SHA1Digest(); - - /** - * Create a padder to so that padded output will always be at least - * length bytes long. - * - * @param length fixed length for padded output. - */ - public FixedLengthMGF1Padder(int length) - { - this(length, null); - } - - /** - * Create a padder to so that padded output will always be at least - * length bytes long, using the passed in source of randomness to - * provide the random material for the padder. - * - * @param length fixed length for padded output. - * @param random a source of randomness. - */ - public FixedLengthMGF1Padder(int length, SecureRandom random) - { - this.length = length; - this.random = random; - } - - public byte[] getPaddedData(byte[] data) - { - byte[] bytes = new byte[length]; - byte[] seed = new byte[dig.getDigestSize()]; - byte[] mask = new byte[length - dig.getDigestSize()]; - - if (random == null) - { - random = new SecureRandom(); - } - - random.nextBytes(seed); - - MGF1BytesGenerator maskGen = new MGF1BytesGenerator(dig); - - maskGen.init(new MGFParameters(seed)); - - maskGen.generateBytes(mask, 0, mask.length); - - System.arraycopy(seed, 0, bytes, 0, seed.length); - System.arraycopy(data, 0, bytes, seed.length, data.length); - - for (int i = seed.length + data.length + 1; i != bytes.length; i++) - { - bytes[i] = (byte)(1 + Math.abs(random.nextInt()) % 254); - } - - for (int i = 0; i != mask.length; i++) - { - bytes[i + seed.length] ^= mask[i]; - } - - return bytes; - } - - public byte[] getUnpaddedData(byte[] paddedData) - { - byte[] seed = new byte[dig.getDigestSize()]; - byte[] mask = new byte[length - dig.getDigestSize()]; - - System.arraycopy(paddedData, 0, seed, 0, seed.length); - - MGF1BytesGenerator maskGen = new MGF1BytesGenerator(dig); - - maskGen.init(new MGFParameters(seed)); - - maskGen.generateBytes(mask, 0, mask.length); - - for (int i = 0; i != mask.length; i++) - { - paddedData[i + seed.length] ^= mask[i]; - } - - int end = 0; - - for (int i = paddedData.length - 1; i != seed.length; i--) - { - if (paddedData[i] == 0) - { - end = i; - break; - } - } - - if (end == 0) - { - throw new IllegalStateException("bad padding in encoding"); - } - - byte[] data = new byte[end - seed.length]; - - System.arraycopy(paddedData, seed.length, data, 0, data.length); - - return data; - } -} diff --git a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cert/crmf/jcajce/CRMFHelper.java b/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cert/crmf/jcajce/CRMFHelper.java deleted file mode 100644 index c11e55f0d..000000000 --- a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cert/crmf/jcajce/CRMFHelper.java +++ /dev/null @@ -1,485 +0,0 @@ -package org.spongycastle.cert.crmf.jcajce; - -import java.io.IOException; -import java.security.AlgorithmParameterGenerator; -import java.security.AlgorithmParameters; -import java.security.GeneralSecurityException; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.KeyFactory; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.InvalidParameterSpecException; -import java.security.spec.X509EncodedKeySpec; -import java.util.HashMap; -import java.util.Map; - -import javax.crypto.Cipher; -import javax.crypto.KeyGenerator; -import javax.crypto.Mac; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.SecretKey; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.RC2ParameterSpec; - -import org.spongycastle.asn1.ASN1Encodable; -import org.spongycastle.asn1.ASN1Null; -import org.spongycastle.asn1.ASN1ObjectIdentifier; -import org.spongycastle.asn1.ASN1OctetString; -import org.spongycastle.asn1.ASN1Primitive; -import org.spongycastle.asn1.DERBitString; -import org.spongycastle.asn1.DERNull; -import org.spongycastle.asn1.iana.IANAObjectIdentifiers; -import org.spongycastle.asn1.nist.NISTObjectIdentifiers; -import org.spongycastle.asn1.oiw.OIWObjectIdentifiers; -import org.spongycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.spongycastle.asn1.x509.AlgorithmIdentifier; -import org.spongycastle.asn1.x509.SubjectPublicKeyInfo; -import org.spongycastle.asn1.x9.X9ObjectIdentifiers; -import org.spongycastle.cert.crmf.CRMFException; -import org.spongycastle.cms.CMSAlgorithm; -import org.spongycastle.cms.CMSEnvelopedDataGenerator; -import org.spongycastle.jcajce.JcaJceHelper; - -class CRMFHelper -{ - protected static final Map BASE_CIPHER_NAMES = new HashMap(); - protected static final Map CIPHER_ALG_NAMES = new HashMap(); - protected static final Map DIGEST_ALG_NAMES = new HashMap(); - protected static final Map KEY_ALG_NAMES = new HashMap(); - protected static final Map MAC_ALG_NAMES = new HashMap(); - - static - { - BASE_CIPHER_NAMES.put(PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE"); - BASE_CIPHER_NAMES.put(NISTObjectIdentifiers.id_aes128_CBC, "AES"); - BASE_CIPHER_NAMES.put(NISTObjectIdentifiers.id_aes192_CBC, "AES"); - BASE_CIPHER_NAMES.put(NISTObjectIdentifiers.id_aes256_CBC, "AES"); - - CIPHER_ALG_NAMES.put(CMSAlgorithm.DES_EDE3_CBC, "DESEDE/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(CMSAlgorithm.AES128_CBC, "AES/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(CMSAlgorithm.AES192_CBC, "AES/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(CMSAlgorithm.AES256_CBC, "AES/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(new ASN1ObjectIdentifier(PKCSObjectIdentifiers.rsaEncryption.getId()), "RSA/ECB/PKCS1Padding"); - - DIGEST_ALG_NAMES.put(OIWObjectIdentifiers.idSHA1, "SHA1"); - DIGEST_ALG_NAMES.put(NISTObjectIdentifiers.id_sha224, "SHA224"); - DIGEST_ALG_NAMES.put(NISTObjectIdentifiers.id_sha256, "SHA256"); - DIGEST_ALG_NAMES.put(NISTObjectIdentifiers.id_sha384, "SHA384"); - DIGEST_ALG_NAMES.put(NISTObjectIdentifiers.id_sha512, "SHA512"); - - MAC_ALG_NAMES.put(IANAObjectIdentifiers.hmacSHA1, "HMACSHA1"); - MAC_ALG_NAMES.put(PKCSObjectIdentifiers.id_hmacWithSHA1, "HMACSHA1"); - MAC_ALG_NAMES.put(PKCSObjectIdentifiers.id_hmacWithSHA224, "HMACSHA224"); - MAC_ALG_NAMES.put(PKCSObjectIdentifiers.id_hmacWithSHA256, "HMACSHA256"); - MAC_ALG_NAMES.put(PKCSObjectIdentifiers.id_hmacWithSHA384, "HMACSHA384"); - MAC_ALG_NAMES.put(PKCSObjectIdentifiers.id_hmacWithSHA512, "HMACSHA512"); - - KEY_ALG_NAMES.put(PKCSObjectIdentifiers.rsaEncryption, "RSA"); - KEY_ALG_NAMES.put(X9ObjectIdentifiers.id_dsa, "DSA"); - } - - private JcaJceHelper helper; - - CRMFHelper(JcaJceHelper helper) - { - this.helper = helper; - } - - PublicKey toPublicKey(SubjectPublicKeyInfo subjectPublicKeyInfo) - throws CRMFException - { - - try - { - X509EncodedKeySpec xspec = new X509EncodedKeySpec(new DERBitString(subjectPublicKeyInfo).getBytes()); - AlgorithmIdentifier keyAlg = subjectPublicKeyInfo.getAlgorithmId(); - return createKeyFactory(keyAlg.getAlgorithm()).generatePublic(xspec); - } - catch (IOException e) - { - throw new CRMFException("invalid key: " + e.getMessage(), e); - } - catch (InvalidKeySpecException e) - { - throw new CRMFException("invalid key: " + e.getMessage(), e); - } - } - - Cipher createCipher(ASN1ObjectIdentifier algorithm) - throws CRMFException - { - try - { - String cipherName = (String)CIPHER_ALG_NAMES.get(algorithm); - - if (cipherName != null) - { - try - { - // this is reversed as the Sun policy files now allow unlimited strength RSA - return helper.createCipher(cipherName); - } - catch (NoSuchAlgorithmException e) - { - // Ignore - } - } - return helper.createCipher(algorithm.getId()); - } - catch (NoSuchPaddingException e) - { - throw new CRMFException("cannot create cipher: " + e.getMessage(), e); - } - catch (NoSuchAlgorithmException e) - { - throw new CRMFException("cannot create cipher: " + e.getMessage(), e); - } - catch (NoSuchProviderException e) - { - throw new CRMFException("cannot create cipher: " + e.getMessage(), e); - } - } - - public KeyGenerator createKeyGenerator(ASN1ObjectIdentifier algorithm) - throws CRMFException - { - try - { - String cipherName = (String)BASE_CIPHER_NAMES.get(algorithm); - - if (cipherName != null) - { - try - { - // this is reversed as the Sun policy files now allow unlimited strength RSA - return helper.createKeyGenerator(cipherName); - } - catch (NoSuchAlgorithmException e) - { - // Ignore - } - } - return helper.createKeyGenerator(algorithm.getId()); - } - catch (NoSuchAlgorithmException e) - { - throw new CRMFException("cannot create key generator: " + e.getMessage(), e); - } - catch (NoSuchProviderException e) - { - throw new CRMFException("cannot create key generator: " + e.getMessage(), e); - } - } - - Cipher createContentCipher(final Key sKey, final AlgorithmIdentifier encryptionAlgID) - throws CRMFException - { - return (Cipher)execute(new JCECallback() - { - public Object doInJCE() - throws CRMFException, InvalidAlgorithmParameterException, - InvalidKeyException, InvalidParameterSpecException, NoSuchAlgorithmException, - NoSuchPaddingException, NoSuchProviderException - { - Cipher cipher = createCipher(encryptionAlgID.getAlgorithm()); - ASN1Primitive sParams = (ASN1Primitive)encryptionAlgID.getParameters(); - String encAlg = encryptionAlgID.getAlgorithm().getId(); - - if (sParams != null && !(sParams instanceof ASN1Null)) - { - try - { - AlgorithmParameters params = createAlgorithmParameters(encryptionAlgID.getAlgorithm()); - - try - { - params.init(sParams.getEncoded(), "ASN.1"); - } - catch (IOException e) - { - throw new CRMFException("error decoding algorithm parameters.", e); - } - - cipher.init(Cipher.DECRYPT_MODE, sKey, params); - } - catch (NoSuchAlgorithmException e) - { - if (encAlg.equals(CMSEnvelopedDataGenerator.DES_EDE3_CBC) - || encAlg.equals(CMSEnvelopedDataGenerator.IDEA_CBC) - || encAlg.equals(CMSEnvelopedDataGenerator.AES128_CBC) - || encAlg.equals(CMSEnvelopedDataGenerator.AES192_CBC) - || encAlg.equals(CMSEnvelopedDataGenerator.AES256_CBC)) - { - cipher.init(Cipher.DECRYPT_MODE, sKey, new IvParameterSpec( - ASN1OctetString.getInstance(sParams).getOctets())); - } - else - { - throw e; - } - } - } - else - { - if (encAlg.equals(CMSEnvelopedDataGenerator.DES_EDE3_CBC) - || encAlg.equals(CMSEnvelopedDataGenerator.IDEA_CBC) - || encAlg.equals(CMSEnvelopedDataGenerator.CAST5_CBC)) - { - cipher.init(Cipher.DECRYPT_MODE, sKey, new IvParameterSpec(new byte[8])); - } - else - { - cipher.init(Cipher.DECRYPT_MODE, sKey); - } - } - - return cipher; - } - }); - } - - AlgorithmParameters createAlgorithmParameters(ASN1ObjectIdentifier algorithm) - throws NoSuchAlgorithmException, NoSuchProviderException - { - String algorithmName = (String)BASE_CIPHER_NAMES.get(algorithm); - - if (algorithmName != null) - { - try - { - // this is reversed as the Sun policy files now allow unlimited strength RSA - return helper.createAlgorithmParameters(algorithmName); - } - catch (NoSuchAlgorithmException e) - { - // Ignore - } - } - return helper.createAlgorithmParameters(algorithm.getId()); - } - - KeyFactory createKeyFactory(ASN1ObjectIdentifier algorithm) - throws CRMFException - { - try - { - String algName = (String)KEY_ALG_NAMES.get(algorithm); - - if (algName != null) - { - try - { - // this is reversed as the Sun policy files now allow unlimited strength RSA - return helper.createKeyFactory(algName); - } - catch (NoSuchAlgorithmException e) - { - // Ignore - } - } - return helper.createKeyFactory(algorithm.getId()); - } - catch (NoSuchProviderException e) - { - throw new CRMFException("cannot create cipher: " + e.getMessage(), e); - } - catch (NoSuchAlgorithmException e) - { - throw new CRMFException("cannot create cipher: " + e.getMessage(), e); - } - } - - MessageDigest createDigest(ASN1ObjectIdentifier algorithm) - throws CRMFException - { - try - { - String digestName = (String)DIGEST_ALG_NAMES.get(algorithm); - - if (digestName != null) - { - try - { - // this is reversed as the Sun policy files now allow unlimited strength RSA - return helper.createDigest(digestName); - } - catch (NoSuchAlgorithmException e) - { - // Ignore - } - } - return helper.createDigest(algorithm.getId()); - } - catch (NoSuchAlgorithmException e) - { - throw new CRMFException("cannot create cipher: " + e.getMessage(), e); - } - catch (NoSuchProviderException e) - { - throw new CRMFException("cannot create cipher: " + e.getMessage(), e); - } - } - - Mac createMac(ASN1ObjectIdentifier algorithm) - throws CRMFException - { - try - { - String macName = (String)MAC_ALG_NAMES.get(algorithm); - - if (macName != null) - { - try - { - // this is reversed as the Sun policy files now allow unlimited strength RSA - return helper.createMac(macName); - } - catch (NoSuchAlgorithmException e) - { - // Ignore - } - } - return helper.createMac(algorithm.getId()); - } - catch (NoSuchProviderException e) - { - throw new CRMFException("cannot create mac: " + e.getMessage(), e); - } - catch (NoSuchAlgorithmException e) - { - throw new CRMFException("cannot create mac: " + e.getMessage(), e); - } - } - - AlgorithmParameterGenerator createAlgorithmParameterGenerator(ASN1ObjectIdentifier algorithm) - throws GeneralSecurityException - { - String algorithmName = (String)BASE_CIPHER_NAMES.get(algorithm); - - try - { - if (algorithmName != null) - { - try - { - // this is reversed as the Sun policy files now allow unlimited strength RSA - return helper.createAlgorithmParameterGenerator(algorithmName); - } - catch (NoSuchAlgorithmException e) - { - // Ignore - } - } - return helper.createAlgorithmParameterGenerator(algorithm.getId()); - } - catch (NoSuchAlgorithmException e) - { - throw new GeneralSecurityException(e.toString()); - } - catch (NoSuchProviderException e) - { - throw new GeneralSecurityException(e.toString()); - } - } - - AlgorithmParameters generateParameters(ASN1ObjectIdentifier encryptionOID, SecretKey encKey, SecureRandom rand) - throws CRMFException - { - try - { - AlgorithmParameterGenerator pGen = createAlgorithmParameterGenerator(encryptionOID); - - if (encryptionOID.equals(CMSEnvelopedDataGenerator.RC2_CBC)) - { - byte[] iv = new byte[8]; - - rand.nextBytes(iv); - - try - { - pGen.init(new RC2ParameterSpec(encKey.getEncoded().length * 8, iv), rand); - } - catch (InvalidAlgorithmParameterException e) - { - throw new CRMFException("parameters generation error: " + e, e); - } - } - - return pGen.generateParameters(); - } - catch (GeneralSecurityException e) - { - throw new CRMFException("exception creating algorithm parameter generator: " + e, e); - } - } - - AlgorithmIdentifier getAlgorithmIdentifier(ASN1ObjectIdentifier encryptionOID, AlgorithmParameters params) - throws CRMFException - { - ASN1Encodable asn1Params; - if (params != null) - { - try - { - asn1Params = ASN1Primitive.fromByteArray(params.getEncoded("ASN.1")); - } - catch (IOException e) - { - throw new CRMFException("cannot encode parameters: " + e.getMessage(), e); - } - } - else - { - asn1Params = DERNull.INSTANCE; - } - - return new AlgorithmIdentifier( - encryptionOID, - asn1Params); - } - - static Object execute(JCECallback callback) throws CRMFException - { - try - { - return callback.doInJCE(); - } - catch (NoSuchAlgorithmException e) - { - throw new CRMFException("can't find algorithm.", e); - } - catch (InvalidKeyException e) - { - throw new CRMFException("key invalid in message.", e); - } - catch (NoSuchProviderException e) - { - throw new CRMFException("can't find provider.", e); - } - catch (NoSuchPaddingException e) - { - throw new CRMFException("required padding not supported.", e); - } - catch (InvalidAlgorithmParameterException e) - { - throw new CRMFException("algorithm parameters invalid.", e); - } - catch (InvalidParameterSpecException e) - { - throw new CRMFException("MAC algorithm parameter spec invalid.", e); - } - } - - static interface JCECallback - { - Object doInJCE() - throws CRMFException, InvalidAlgorithmParameterException, InvalidKeyException, InvalidParameterSpecException, - NoSuchAlgorithmException, NoSuchPaddingException, NoSuchProviderException; - } -} diff --git a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cert/crmf/jcajce/JceAsymmetricValueDecryptorGenerator.java b/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cert/crmf/jcajce/JceAsymmetricValueDecryptorGenerator.java deleted file mode 100644 index e06e249fa..000000000 --- a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cert/crmf/jcajce/JceAsymmetricValueDecryptorGenerator.java +++ /dev/null @@ -1,121 +0,0 @@ -package org.spongycastle.cert.crmf.jcajce; - -import java.io.InputStream; -import java.security.GeneralSecurityException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.PrivateKey; -import java.security.Provider; -import java.security.ProviderException; -import java.security.NoSuchAlgorithmException; - -import javax.crypto.BadPaddingException; -import javax.crypto.Cipher; -import javax.crypto.CipherInputStream; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.spec.SecretKeySpec; - -import org.spongycastle.asn1.x509.AlgorithmIdentifier; -import org.spongycastle.cert.crmf.CRMFException; -import org.spongycastle.cert.crmf.ValueDecryptorGenerator; -import org.spongycastle.jcajce.DefaultJcaJceHelper; -import org.spongycastle.jcajce.NamedJcaJceHelper; -import org.spongycastle.jcajce.ProviderJcaJceHelper; -import org.spongycastle.operator.InputDecryptor; - -public class JceAsymmetricValueDecryptorGenerator - implements ValueDecryptorGenerator -{ - private PrivateKey recipientKey; - private CRMFHelper helper = new CRMFHelper(new DefaultJcaJceHelper()); - - public JceAsymmetricValueDecryptorGenerator(PrivateKey recipientKey) - { - this.recipientKey = recipientKey; - } - - public JceAsymmetricValueDecryptorGenerator setProvider(Provider provider) - { - this.helper = new CRMFHelper(new ProviderJcaJceHelper(provider)); - - return this; - } - - public JceAsymmetricValueDecryptorGenerator setProvider(String providerName) - { - this.helper = new CRMFHelper(new NamedJcaJceHelper(providerName)); - - return this; - } - - private Key extractSecretKey(AlgorithmIdentifier keyEncryptionAlgorithm, AlgorithmIdentifier contentEncryptionAlgorithm, byte[] encryptedContentEncryptionKey) - throws CRMFException - { - try - { - Key sKey = null; - - Cipher keyCipher = helper.createCipher(keyEncryptionAlgorithm.getAlgorithm()); - - try - { - keyCipher.init(Cipher.UNWRAP_MODE, recipientKey); - sKey = keyCipher.unwrap(encryptedContentEncryptionKey, contentEncryptionAlgorithm.getAlgorithm().getId(), Cipher.SECRET_KEY); - } - catch (NoSuchAlgorithmException e) - { - } - catch (IllegalStateException e) - { - } - catch (UnsupportedOperationException e) - { - } - catch (ProviderException e) - { - } - - // some providers do not support UNWRAP (this appears to be only for asymmetric algorithms) - if (sKey == null) - { - keyCipher.init(Cipher.DECRYPT_MODE, recipientKey); - sKey = new SecretKeySpec(keyCipher.doFinal(encryptedContentEncryptionKey), contentEncryptionAlgorithm.getAlgorithm().getId()); - } - - return sKey; - } - catch (InvalidKeyException e) - { - throw new CRMFException("key invalid in message.", e); - } - catch (IllegalBlockSizeException e) - { - throw new CRMFException("illegal blocksize in message.", e); - } - catch (BadPaddingException e) - { - throw new CRMFException("bad padding in message.", e); - } - } - - public InputDecryptor getValueDecryptor(AlgorithmIdentifier keyEncryptionAlgorithm, final AlgorithmIdentifier contentEncryptionAlgorithm, byte[] encryptedContentEncryptionKey) - throws CRMFException - { - Key secretKey = extractSecretKey(keyEncryptionAlgorithm, contentEncryptionAlgorithm, encryptedContentEncryptionKey); - - final Cipher dataCipher = helper.createContentCipher(secretKey, contentEncryptionAlgorithm); - - return new InputDecryptor() - { - public AlgorithmIdentifier getAlgorithmIdentifier() - { - return contentEncryptionAlgorithm; - } - - public InputStream getInputStream(InputStream dataIn) - { - return new CipherInputStream(dataIn, dataCipher); - } - }; - } -} diff --git a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cert/crmf/jcajce/JceCRMFEncryptorBuilder.java b/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cert/crmf/jcajce/JceCRMFEncryptorBuilder.java deleted file mode 100644 index 6b8e0d2ac..000000000 --- a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cert/crmf/jcajce/JceCRMFEncryptorBuilder.java +++ /dev/null @@ -1,140 +0,0 @@ -package org.spongycastle.cert.crmf.jcajce; - -import java.io.OutputStream; -import java.security.AlgorithmParameters; -import java.security.GeneralSecurityException; -import java.security.Provider; -import java.security.SecureRandom; -import java.security.InvalidKeyException; - -import javax.crypto.Cipher; -import javax.crypto.CipherOutputStream; -import javax.crypto.KeyGenerator; -import javax.crypto.SecretKey; - -import org.spongycastle.asn1.ASN1ObjectIdentifier; -import org.spongycastle.asn1.x509.AlgorithmIdentifier; -import org.spongycastle.cert.crmf.CRMFException; -import org.spongycastle.jcajce.DefaultJcaJceHelper; -import org.spongycastle.jcajce.NamedJcaJceHelper; -import org.spongycastle.jcajce.ProviderJcaJceHelper; -import org.spongycastle.operator.GenericKey; -import org.spongycastle.operator.OutputEncryptor; - -public class JceCRMFEncryptorBuilder -{ - private ASN1ObjectIdentifier encryptionOID; - private int keySize; - - private CRMFHelper helper = new CRMFHelper(new DefaultJcaJceHelper()); - private SecureRandom random; - - public JceCRMFEncryptorBuilder(ASN1ObjectIdentifier encryptionOID) - { - this(encryptionOID, -1); - } - - public JceCRMFEncryptorBuilder(ASN1ObjectIdentifier encryptionOID, int keySize) - { - this.encryptionOID = encryptionOID; - this.keySize = keySize; - } - - public JceCRMFEncryptorBuilder setProvider(Provider provider) - { - this.helper = new CRMFHelper(new ProviderJcaJceHelper(provider)); - - return this; - } - - public JceCRMFEncryptorBuilder setProvider(String providerName) - { - this.helper = new CRMFHelper(new NamedJcaJceHelper(providerName)); - - return this; - } - - public JceCRMFEncryptorBuilder setSecureRandom(SecureRandom random) - { - this.random = random; - - return this; - } - - public OutputEncryptor build() - throws CRMFException - { - return new CRMFOutputEncryptor(encryptionOID, keySize, random); - } - - private class CRMFOutputEncryptor - implements OutputEncryptor - { - private SecretKey encKey; - private AlgorithmIdentifier algorithmIdentifier; - private Cipher cipher; - - CRMFOutputEncryptor(ASN1ObjectIdentifier encryptionOID, int keySize, SecureRandom random) - throws CRMFException - { - KeyGenerator keyGen = helper.createKeyGenerator(encryptionOID); - - if (random == null) - { - random = new SecureRandom(); - } - - if (keySize < 0) - { - keyGen.init(random); - } - else - { - keyGen.init(keySize, random); - } - - cipher = helper.createCipher(encryptionOID); - encKey = keyGen.generateKey(); - AlgorithmParameters params = helper.generateParameters(encryptionOID, encKey, random); - - try - { - cipher.init(Cipher.ENCRYPT_MODE, encKey, params, random); - } - catch (InvalidKeyException e) - { - throw new CRMFException("unable to initialize cipher: " + e.getMessage(), e); - } - catch (GeneralSecurityException e) - { - throw new CRMFException("unable to initialize cipher: " + e.getMessage(), e); - } - - // - // If params are null we try and second guess on them as some providers don't provide - // algorithm parameter generation explicity but instead generate them under the hood. - // - if (params == null) - { - params = cipher.getParameters(); - } - - algorithmIdentifier = helper.getAlgorithmIdentifier(encryptionOID, params); - } - - public AlgorithmIdentifier getAlgorithmIdentifier() - { - return algorithmIdentifier; - } - - public OutputStream getOutputStream(OutputStream dOut) - { - return new CipherOutputStream(dOut, cipher); - } - - public GenericKey getKey() - { - return new GenericKey(encKey); - } - } -} diff --git a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cert/crmf/jcajce/JcePKMACValuesCalculator.java b/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cert/crmf/jcajce/JcePKMACValuesCalculator.java deleted file mode 100644 index 4aaff8618..000000000 --- a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cert/crmf/jcajce/JcePKMACValuesCalculator.java +++ /dev/null @@ -1,70 +0,0 @@ -package org.spongycastle.cert.crmf.jcajce; - -import java.security.GeneralSecurityException; -import java.security.MessageDigest; -import java.security.Provider; -import java.security.InvalidKeyException; - -import javax.crypto.Mac; -import javax.crypto.spec.SecretKeySpec; - -import org.spongycastle.asn1.x509.AlgorithmIdentifier; -import org.spongycastle.cert.crmf.CRMFException; -import org.spongycastle.cert.crmf.PKMACValuesCalculator; -import org.spongycastle.jcajce.DefaultJcaJceHelper; -import org.spongycastle.jcajce.NamedJcaJceHelper; -import org.spongycastle.jcajce.ProviderJcaJceHelper; - -public class JcePKMACValuesCalculator - implements PKMACValuesCalculator -{ - private MessageDigest digest; - private Mac mac; - private CRMFHelper helper; - - public JcePKMACValuesCalculator() - { - this.helper = new CRMFHelper(new DefaultJcaJceHelper()); - } - - public JcePKMACValuesCalculator setProvider(Provider provider) - { - this.helper = new CRMFHelper(new ProviderJcaJceHelper(provider)); - - return this; - } - - public JcePKMACValuesCalculator setProvider(String providerName) - { - this.helper = new CRMFHelper(new NamedJcaJceHelper(providerName)); - - return this; - } - - public void setup(AlgorithmIdentifier digAlg, AlgorithmIdentifier macAlg) - throws CRMFException - { - digest = helper.createDigest(digAlg.getAlgorithm()); - mac = helper.createMac(macAlg.getAlgorithm()); - } - - public byte[] calculateDigest(byte[] data) - { - return digest.digest(data); - } - - public byte[] calculateMac(byte[] pwd, byte[] data) - throws CRMFException - { - try - { - mac.init(new SecretKeySpec(pwd, mac.getAlgorithm())); - - return mac.doFinal(data); - } - catch (InvalidKeyException e) - { - throw new CRMFException("failure in setup: " + e.getMessage(), e); - } - } -} diff --git a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cert/jcajce/JcaCertStoreBuilder.java b/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cert/jcajce/JcaCertStoreBuilder.java deleted file mode 100644 index 63b14ff7b..000000000 --- a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cert/jcajce/JcaCertStoreBuilder.java +++ /dev/null @@ -1,149 +0,0 @@ -package org.spongycastle.cert.jcajce; - -import java.security.GeneralSecurityException; -import java.security.Provider; -import java.security.NoSuchProviderException; -import java.security.NoSuchAlgorithmException; -import java.security.cert.CRLException; -import java.security.cert.CertStore; -import java.security.cert.CertificateException; -import java.security.cert.CollectionCertStoreParameters; -import java.util.ArrayList; -import java.util.Iterator; -import java.util.List; - -import org.spongycastle.cert.X509CRLHolder; -import org.spongycastle.cert.X509CertificateHolder; -import org.spongycastle.util.Store; - -/** - * Builder to create a CertStore from certificate and CRL stores. - */ -public class JcaCertStoreBuilder -{ - private List certs = new ArrayList(); - private List crls = new ArrayList(); - private Object provider; - private JcaX509CertificateConverter certificateConverter = new JcaX509CertificateConverter(); - private JcaX509CRLConverter crlConverter = new JcaX509CRLConverter(); - - /** - * Add a store full of X509CertificateHolder objects. - * - * @param certStore a store of X509CertificateHolder objects. - */ - public JcaCertStoreBuilder addCertificates(Store certStore) - { - certs.addAll(certStore.getMatches(null)); - - return this; - } - - /** - * Add a single certificate. - * - * @param cert the X509 certificate holder containing the certificate. - */ - public JcaCertStoreBuilder addCertificate(X509CertificateHolder cert) - { - certs.add(cert); - - return this; - } - - /** - * Add a store full of X509CRLHolder objects. - * @param crlStore a store of X509CRLHolder objects. - */ - public JcaCertStoreBuilder addCRLs(Store crlStore) - { - crls.addAll(crlStore.getMatches(null)); - - return this; - } - - /** - * Add a single CRL. - * - * @param crl the X509 CRL holder containing the CRL. - */ - public JcaCertStoreBuilder addCRL(X509CRLHolder crl) - { - crls.add(crl); - - return this; - } - - public JcaCertStoreBuilder setProvider(String providerName) - throws GeneralSecurityException - { - certificateConverter.setProvider(providerName); - crlConverter.setProvider(providerName); - this.provider = providerName; - - return this; - } - - public JcaCertStoreBuilder setProvider(Provider provider) - throws GeneralSecurityException - { - certificateConverter.setProvider(provider); - crlConverter.setProvider(provider); - this.provider = provider; - - return this; - } - - /** - * Build the CertStore from the current inputs. - * - * @return a CertStore. - * @throws GeneralSecurityException - */ - public CertStore build() - throws GeneralSecurityException - { - CollectionCertStoreParameters params = convertHolders(certificateConverter, crlConverter); - - try -{ - if (provider instanceof String) - { - return CertStore.getInstance("Collection", params, (String)provider); - } - - if (provider instanceof Provider) - { - return CertStore.getInstance("Collection", params, (Provider)provider); - } - - return CertStore.getInstance("Collection", params); -} -catch (NoSuchAlgorithmException e) -{ - throw new GeneralSecurityException(e.toString()); -} -catch (NoSuchProviderException e) -{ - throw new GeneralSecurityException(e.toString()); -} - } - - private CollectionCertStoreParameters convertHolders(JcaX509CertificateConverter certificateConverter, JcaX509CRLConverter crlConverter) - throws CertificateException, CRLException - { - List jcaObjs = new ArrayList(certs.size() + crls.size()); - - for (Iterator it = certs.iterator(); it.hasNext();) - { - jcaObjs.add(certificateConverter.getCertificate((X509CertificateHolder)it.next())); - } - - for (Iterator it = crls.iterator(); it.hasNext();) - { - jcaObjs.add(crlConverter.getCRL((X509CRLHolder)it.next())); - } - - return new CollectionCertStoreParameters(jcaObjs); - } -} diff --git a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cert/path/CertPathValidationException.java b/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cert/path/CertPathValidationException.java deleted file mode 100644 index d0cbf6079..000000000 --- a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cert/path/CertPathValidationException.java +++ /dev/null @@ -1,24 +0,0 @@ -package org.spongycastle.cert.path; - -public class CertPathValidationException - extends Exception -{ - private Exception cause; - - public CertPathValidationException(String msg) - { - this(msg, null); - } - - public CertPathValidationException(String msg, Exception cause) - { - super(msg); - - this.cause = cause; - } - - public Throwable getCause() - { - return cause; - } -} diff --git a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cert/selector/jcajce/JcaSelectorConverter.java b/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cert/selector/jcajce/JcaSelectorConverter.java deleted file mode 100644 index 8bda2e465..000000000 --- a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cert/selector/jcajce/JcaSelectorConverter.java +++ /dev/null @@ -1,34 +0,0 @@ -package org.spongycastle.cert.selector.jcajce; - -import java.security.cert.X509CertSelector; - -import org.spongycastle.asn1.ASN1OctetString; -import org.spongycastle.asn1.x500.X500Name; -import org.spongycastle.cert.selector.X509CertificateHolderSelector; - -public class JcaSelectorConverter -{ - public JcaSelectorConverter() - { - - } - - public X509CertificateHolderSelector getCertificateHolderSelector(X509CertSelector certSelector) - { -try -{ - if (certSelector.getSubjectKeyIdentifier() != null) - { - return new X509CertificateHolderSelector(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber(), ASN1OctetString.getInstance(certSelector.getSubjectKeyIdentifier()).getOctets()); - } - else - { - return new X509CertificateHolderSelector(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber()); - } -} -catch (Exception e) -{ -throw new IllegalArgumentException("conversion failed: " + e.toString()); -} - } -} diff --git a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cert/selector/jcajce/JcaX509CertSelectorConverter.java b/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cert/selector/jcajce/JcaX509CertSelectorConverter.java deleted file mode 100644 index 6dbcef43f..000000000 --- a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cert/selector/jcajce/JcaX509CertSelectorConverter.java +++ /dev/null @@ -1,57 +0,0 @@ -package org.spongycastle.cert.selector.jcajce; - -import java.io.IOException; -import java.math.BigInteger; -import java.security.cert.X509CertSelector; - -import org.spongycastle.asn1.DEROctetString; -import org.spongycastle.asn1.x500.X500Name; -import org.spongycastle.cert.selector.X509CertificateHolderSelector; - -public class JcaX509CertSelectorConverter -{ - public JcaX509CertSelectorConverter() - { - } - - protected X509CertSelector doConversion(X500Name issuer, BigInteger serialNumber, byte[] subjectKeyIdentifier) - { - X509CertSelector selector = new X509CertSelector(); - - if (issuer != null) - { - try - { - selector.setIssuer(issuer.getEncoded()); - } - catch (IOException e) - { - throw new IllegalArgumentException("unable to convert issuer: " + e.getMessage()); - } - } - - if (serialNumber != null) - { - selector.setSerialNumber(serialNumber); - } - - if (subjectKeyIdentifier != null) - { - try - { - selector.setSubjectKeyIdentifier(new DEROctetString(subjectKeyIdentifier).getEncoded()); - } - catch (IOException e) - { - throw new IllegalArgumentException("unable to convert issuer: " + e.getMessage()); - } - } - - return selector; - } - - public X509CertSelector getCertSelector(X509CertificateHolderSelector holderSelector) - { - return doConversion(holderSelector.getIssuer(), holderSelector.getSerialNumber(), holderSelector.getSubjectKeyIdentifier()); - } -} diff --git a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/CMSAbsentContent.java b/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/CMSAbsentContent.java deleted file mode 100644 index e1d7e5867..000000000 --- a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/CMSAbsentContent.java +++ /dev/null @@ -1,49 +0,0 @@ -package org.spongycastle.cms; - -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; - -import org.spongycastle.asn1.ASN1ObjectIdentifier; -import org.spongycastle.asn1.cms.CMSObjectIdentifiers; - -/** - * a class representing null or absent content. - */ -public class CMSAbsentContent - implements CMSTypedData, CMSReadable -{ - private ASN1ObjectIdentifier type; - - public CMSAbsentContent() - { - this(new ASN1ObjectIdentifier(CMSObjectIdentifiers.data.getId())); - } - - public CMSAbsentContent( - ASN1ObjectIdentifier type) - { - this.type = type; - } - - public InputStream getInputStream() - { - return null; - } - - public void write(OutputStream zOut) - throws IOException, CMSException - { - // do nothing - } - - public Object getContent() - { - return null; - } - - public ASN1ObjectIdentifier getContentType() - { - return type; - } -} diff --git a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/CMSProcessableByteArray.java b/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/CMSProcessableByteArray.java deleted file mode 100644 index 6ac965c78..000000000 --- a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/CMSProcessableByteArray.java +++ /dev/null @@ -1,55 +0,0 @@ -package org.spongycastle.cms; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; - -import org.spongycastle.asn1.ASN1ObjectIdentifier; -import org.spongycastle.asn1.cms.CMSObjectIdentifiers; -import org.spongycastle.util.Arrays; - -/** - * a holding class for a byte array of data to be processed. - */ -public class CMSProcessableByteArray - implements CMSTypedData, CMSReadable -{ - private ASN1ObjectIdentifier type; - private byte[] bytes; - - public CMSProcessableByteArray( - byte[] bytes) - { - this(new ASN1ObjectIdentifier(CMSObjectIdentifiers.data.getId()), bytes); - } - - public CMSProcessableByteArray( - ASN1ObjectIdentifier type, - byte[] bytes) - { - this.type = type; - this.bytes = bytes; - } - - public InputStream getInputStream() - { - return new ByteArrayInputStream(bytes); - } - - public void write(OutputStream zOut) - throws IOException, CMSException - { - zOut.write(bytes); - } - - public Object getContent() - { - return Arrays.clone(bytes); - } - - public ASN1ObjectIdentifier getContentType() - { - return type; - } -} diff --git a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/CMSProcessableFile.java b/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/CMSProcessableFile.java deleted file mode 100644 index 87b7c4e94..000000000 --- a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/CMSProcessableFile.java +++ /dev/null @@ -1,80 +0,0 @@ -package org.spongycastle.cms; - -import java.io.BufferedInputStream; -import java.io.File; -import java.io.FileInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; - -import org.spongycastle.asn1.ASN1ObjectIdentifier; -import org.spongycastle.asn1.cms.CMSObjectIdentifiers; - -/** - * a holding class for a file of data to be processed. - */ -public class CMSProcessableFile - implements CMSTypedData, CMSReadable -{ - private static final int DEFAULT_BUF_SIZE = 32 * 1024; - - private ASN1ObjectIdentifier type; - private File file; - private byte[] buf; - - public CMSProcessableFile( - File file) - { - this(file, DEFAULT_BUF_SIZE); - } - - public CMSProcessableFile( - File file, - int bufSize) - { - this(new ASN1ObjectIdentifier(CMSObjectIdentifiers.data.getId()), file, bufSize); - } - - public CMSProcessableFile( - ASN1ObjectIdentifier type, - File file, - int bufSize) - { - this.type = type; - this.file = file; - buf = new byte[bufSize]; - } - - public InputStream getInputStream() - throws IOException, CMSException - { - return new BufferedInputStream(new FileInputStream(file), DEFAULT_BUF_SIZE); - } - - public void write(OutputStream zOut) - throws IOException, CMSException - { - FileInputStream fIn = new FileInputStream(file); - int len; - - while ((len = fIn.read(buf, 0, buf.length)) > 0) - { - zOut.write(buf, 0, len); - } - - fIn.close(); - } - - /** - * Return the file handle. - */ - public Object getContent() - { - return file; - } - - public ASN1ObjectIdentifier getContentType() - { - return type; - } -} diff --git a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/CMSTypedStream.java b/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/CMSTypedStream.java deleted file mode 100644 index 82466af71..000000000 --- a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/CMSTypedStream.java +++ /dev/null @@ -1,86 +0,0 @@ -package org.spongycastle.cms; - -import java.io.BufferedInputStream; -import java.io.FilterInputStream; -import java.io.IOException; -import java.io.InputStream; - -import org.spongycastle.asn1.ASN1ObjectIdentifier; -import org.spongycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.spongycastle.util.io.Streams; - -public class CMSTypedStream -{ - private static final int BUF_SIZ = 32 * 1024; - - private ASN1ObjectIdentifier _oid; - private InputStream _in; - - public CMSTypedStream( - InputStream in) - { - this(PKCSObjectIdentifiers.data.getId(), in, BUF_SIZ); - } - - public CMSTypedStream( - String oid, - InputStream in) - { - this(new ASN1ObjectIdentifier(oid), in, BUF_SIZ); - } - - public CMSTypedStream( - String oid, - InputStream in, - int bufSize) - { - this(new ASN1ObjectIdentifier(oid), in, bufSize); - } - - public CMSTypedStream( - ASN1ObjectIdentifier oid, - InputStream in) - { - this(oid, in, BUF_SIZ); - } - - public CMSTypedStream( - ASN1ObjectIdentifier oid, - InputStream in, - int bufSize) - { - _oid = oid; - _in = new FullReaderStream(new BufferedInputStream(in, bufSize)); - } - - public ASN1ObjectIdentifier getContentType() - { - return _oid; - } - - public InputStream getContentStream() - { - return _in; - } - - public void drain() - throws IOException - { - Streams.drain(_in); - _in.close(); - } - - private static class FullReaderStream extends FilterInputStream - { - FullReaderStream(InputStream in) - { - super(in); - } - - public int read(byte[] buf, int off, int len) throws IOException - { - int totalRead = Streams.readFully(super.in, buf, off, len); - return totalRead > 0 ? totalRead : -1; - } - } -} diff --git a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/OriginatorInfoGenerator.java b/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/OriginatorInfoGenerator.java deleted file mode 100644 index b6cfdd0be..000000000 --- a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/OriginatorInfoGenerator.java +++ /dev/null @@ -1,54 +0,0 @@ -package org.spongycastle.cms; - -import java.util.ArrayList; -import java.util.List; - -import org.spongycastle.asn1.cms.OriginatorInfo; -import org.spongycastle.cert.X509CertificateHolder; -import org.spongycastle.util.Store; - -public class OriginatorInfoGenerator -{ - private List origCerts; - private List origCRLs; - - public OriginatorInfoGenerator(X509CertificateHolder origCert) - { - this.origCerts = new ArrayList(1); - this.origCRLs = null; - origCerts.add(origCert.toASN1Structure()); - } - - public OriginatorInfoGenerator(Store origCerts) - throws CMSException - { - this(origCerts, null); - } - - public OriginatorInfoGenerator(Store origCerts, Store origCRLs) - throws CMSException - { - this.origCerts = CMSUtils.getCertificatesFromStore(origCerts); - - if (origCRLs != null) - { - this.origCRLs = CMSUtils.getCRLsFromStore(origCRLs); - } - else - { - this.origCRLs = null; - } - } - - public OriginatorInformation generate() - { - if (origCRLs != null) - { - return new OriginatorInformation(new OriginatorInfo(CMSUtils.createDerSetFromList(origCerts), CMSUtils.createDerSetFromList(origCRLs))); - } - else - { - return new OriginatorInformation(new OriginatorInfo(CMSUtils.createDerSetFromList(origCerts), null)); - } - } -} diff --git a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/RecipientId.java b/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/RecipientId.java deleted file mode 100644 index f2dd5dff2..000000000 --- a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/RecipientId.java +++ /dev/null @@ -1,31 +0,0 @@ -package org.spongycastle.cms; - -import org.spongycastle.util.Selector; - -public abstract class RecipientId - implements Selector -{ - public static final int keyTrans = 0; - public static final int kek = 1; - public static final int keyAgree = 2; - public static final int password = 3; - - private int type; - - protected RecipientId(int type) - { - this.type = type; - } - - /** - * Return the type code for this recipient ID. - * - * @return one of keyTrans, kek, keyAgree, password - */ - public int getType() - { - return type; - } - - public abstract Object clone(); -} diff --git a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/SignerInfoGenerator.java b/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/SignerInfoGenerator.java deleted file mode 100644 index 47028b995..000000000 --- a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/SignerInfoGenerator.java +++ /dev/null @@ -1,291 +0,0 @@ -package org.spongycastle.cms; - -import java.io.IOException; -import java.io.OutputStream; -import java.util.Collections; -import java.util.HashMap; -import java.util.Map; - -import org.spongycastle.asn1.ASN1Encoding; -import org.spongycastle.asn1.ASN1ObjectIdentifier; -import org.spongycastle.asn1.ASN1Set; -import org.spongycastle.asn1.DEROctetString; -import org.spongycastle.asn1.DERSet; -import org.spongycastle.asn1.cms.AttributeTable; -import org.spongycastle.asn1.cms.SignerIdentifier; -import org.spongycastle.asn1.cms.SignerInfo; -import org.spongycastle.asn1.x509.AlgorithmIdentifier; -import org.spongycastle.cert.X509CertificateHolder; -import org.spongycastle.operator.ContentSigner; -import org.spongycastle.operator.DefaultDigestAlgorithmIdentifierFinder; -import org.spongycastle.operator.DigestAlgorithmIdentifierFinder; -import org.spongycastle.operator.DigestCalculator; -import org.spongycastle.operator.DigestCalculatorProvider; -import org.spongycastle.operator.OperatorCreationException; -import org.spongycastle.util.Arrays; -import org.spongycastle.util.io.TeeOutputStream; - -public class SignerInfoGenerator -{ - private SignerIdentifier signerIdentifier; - private CMSAttributeTableGenerator sAttrGen; - private CMSAttributeTableGenerator unsAttrGen; - private ContentSigner signer; - private DigestCalculator digester; - private DigestAlgorithmIdentifierFinder digAlgFinder = new DefaultDigestAlgorithmIdentifierFinder(); - private CMSSignatureEncryptionAlgorithmFinder sigEncAlgFinder; - - private byte[] calculatedDigest = null; - private X509CertificateHolder certHolder; - - SignerInfoGenerator( - SignerIdentifier signerIdentifier, - ContentSigner signer, - DigestCalculatorProvider digesterProvider, - CMSSignatureEncryptionAlgorithmFinder sigEncAlgFinder) - throws OperatorCreationException - { - this(signerIdentifier, signer, digesterProvider, sigEncAlgFinder, false); - } - - SignerInfoGenerator( - SignerIdentifier signerIdentifier, - ContentSigner signer, - DigestCalculatorProvider digesterProvider, - CMSSignatureEncryptionAlgorithmFinder sigEncAlgFinder, - boolean isDirectSignature) - throws OperatorCreationException - { - this.signerIdentifier = signerIdentifier; - this.signer = signer; - - if (digesterProvider != null) - { - this.digester = digesterProvider.get(digAlgFinder.find(signer.getAlgorithmIdentifier())); - } - else - { - this.digester = null; - } - - if (isDirectSignature) - { - this.sAttrGen = null; - this.unsAttrGen = null; - } - else - { - this.sAttrGen = new DefaultSignedAttributeTableGenerator(); - this.unsAttrGen = null; - } - - this.sigEncAlgFinder = sigEncAlgFinder; - } - - public SignerInfoGenerator( - SignerInfoGenerator original, - CMSAttributeTableGenerator sAttrGen, - CMSAttributeTableGenerator unsAttrGen) - { - this.signerIdentifier = original.signerIdentifier; - this.signer = original.signer; - this.digester = original.digester; - this.sigEncAlgFinder = original.sigEncAlgFinder; - this.sAttrGen = sAttrGen; - this.unsAttrGen = unsAttrGen; - } - - SignerInfoGenerator( - SignerIdentifier signerIdentifier, - ContentSigner signer, - DigestCalculatorProvider digesterProvider, - CMSSignatureEncryptionAlgorithmFinder sigEncAlgFinder, - CMSAttributeTableGenerator sAttrGen, - CMSAttributeTableGenerator unsAttrGen) - throws OperatorCreationException - { - this.signerIdentifier = signerIdentifier; - this.signer = signer; - - if (digesterProvider != null) - { - this.digester = digesterProvider.get(digAlgFinder.find(signer.getAlgorithmIdentifier())); - } - else - { - this.digester = null; - } - - this.sAttrGen = sAttrGen; - this.unsAttrGen = unsAttrGen; - this.sigEncAlgFinder = sigEncAlgFinder; - } - - public SignerIdentifier getSID() - { - return signerIdentifier; - } - - public int getGeneratedVersion() - { - return signerIdentifier.isTagged() ? 3 : 1; - } - - public boolean hasAssociatedCertificate() - { - return certHolder != null; - } - - public X509CertificateHolder getAssociatedCertificate() - { - return certHolder; - } - - public AlgorithmIdentifier getDigestAlgorithm() - { - if (digester != null) - { - return digester.getAlgorithmIdentifier(); - } - - return digAlgFinder.find(signer.getAlgorithmIdentifier()); - } - - public OutputStream getCalculatingOutputStream() - { - if (digester != null) - { - if (sAttrGen == null) - { - return new TeeOutputStream(digester.getOutputStream(), signer.getOutputStream()); - } - return digester.getOutputStream(); - } - else - { - return signer.getOutputStream(); - } - } - - public SignerInfo generate(ASN1ObjectIdentifier contentType) - throws CMSException - { - try - { - /* RFC 3852 5.4 - * The result of the message digest calculation process depends on - * whether the signedAttrs field is present. When the field is absent, - * the result is just the message digest of the content as described - * - * above. When the field is present, however, the result is the message - * digest of the complete DER encoding of the SignedAttrs value - * contained in the signedAttrs field. - */ - ASN1Set signedAttr = null; - - AlgorithmIdentifier digestAlg = null; - - if (sAttrGen != null) - { - digestAlg = digester.getAlgorithmIdentifier(); - calculatedDigest = digester.getDigest(); - Map parameters = getBaseParameters(contentType, digester.getAlgorithmIdentifier(), calculatedDigest); - AttributeTable signed = sAttrGen.getAttributes(Collections.unmodifiableMap(parameters)); - - signedAttr = getAttributeSet(signed); - - // sig must be composed from the DER encoding. - OutputStream sOut = signer.getOutputStream(); - - sOut.write(signedAttr.getEncoded(ASN1Encoding.DER)); - - sOut.close(); - } - else - { - if (digester != null) - { - digestAlg = digester.getAlgorithmIdentifier(); - calculatedDigest = digester.getDigest(); - } - else - { - digestAlg = digAlgFinder.find(signer.getAlgorithmIdentifier()); - calculatedDigest = null; - } - } - - byte[] sigBytes = signer.getSignature(); - - ASN1Set unsignedAttr = null; - if (unsAttrGen != null) - { - Map parameters = getBaseParameters(contentType, digestAlg, calculatedDigest); - parameters.put(CMSAttributeTableGenerator.SIGNATURE, Arrays.clone(sigBytes)); - - AttributeTable unsigned = unsAttrGen.getAttributes(Collections.unmodifiableMap(parameters)); - - unsignedAttr = getAttributeSet(unsigned); - } - - AlgorithmIdentifier digestEncryptionAlgorithm = sigEncAlgFinder.findEncryptionAlgorithm(signer.getAlgorithmIdentifier()); - - return new SignerInfo(signerIdentifier, digestAlg, - signedAttr, digestEncryptionAlgorithm, new DEROctetString(sigBytes), unsignedAttr); - } - catch (IOException e) - { - throw new CMSException("encoding error.", e); - } - } - - void setAssociatedCertificate(X509CertificateHolder certHolder) - { - this.certHolder = certHolder; - } - - private ASN1Set getAttributeSet( - AttributeTable attr) - { - if (attr != null) - { - return new DERSet(attr.toASN1EncodableVector()); - } - - return null; - } - - private Map getBaseParameters(ASN1ObjectIdentifier contentType, AlgorithmIdentifier digAlgId, byte[] hash) - { - Map param = new HashMap(); - - if (contentType != null) - { - param.put(CMSAttributeTableGenerator.CONTENT_TYPE, contentType); - } - - param.put(CMSAttributeTableGenerator.DIGEST_ALGORITHM_IDENTIFIER, digAlgId); - param.put(CMSAttributeTableGenerator.DIGEST, Arrays.clone(hash)); - return param; - } - - public byte[] getCalculatedDigest() - { - if (calculatedDigest != null) - { - return Arrays.clone(calculatedDigest); - } - - return null; - } - - public CMSAttributeTableGenerator getSignedAttributeTableGenerator() - { - return sAttrGen; - } - - public CMSAttributeTableGenerator getUnsignedAttributeTableGenerator() - { - return unsAttrGen; - } -} diff --git a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/EnvelopedDataHelper.java b/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/EnvelopedDataHelper.java deleted file mode 100644 index 56f6f2f25..000000000 --- a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/EnvelopedDataHelper.java +++ /dev/null @@ -1,671 +0,0 @@ -package org.spongycastle.cms.jcajce; - -import java.security.AlgorithmParameterGenerator; -import java.security.AlgorithmParameters; -import java.security.GeneralSecurityException; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.KeyFactory; -import java.security.KeyPairGenerator; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.InvalidParameterSpecException; -import java.util.HashMap; -import java.util.Map; - -import javax.crypto.Cipher; -import javax.crypto.KeyAgreement; -import javax.crypto.KeyGenerator; -import javax.crypto.Mac; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.SecretKey; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.RC2ParameterSpec; -import javax.crypto.spec.SecretKeySpec; - -import org.spongycastle.asn1.ASN1Encodable; -import org.spongycastle.asn1.ASN1Null; -import org.spongycastle.asn1.ASN1ObjectIdentifier; -import org.spongycastle.asn1.ASN1OctetString; -import org.spongycastle.asn1.DERNull; -import org.spongycastle.asn1.DEROctetString; -import org.spongycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.spongycastle.asn1.pkcs.RC2CBCParameter; -import org.spongycastle.asn1.x509.AlgorithmIdentifier; -import org.spongycastle.cms.CMSAlgorithm; -import org.spongycastle.cms.CMSEnvelopedDataGenerator; -import org.spongycastle.cms.CMSException; -import org.spongycastle.operator.DefaultSecretKeySizeProvider; -import org.spongycastle.operator.GenericKey; -import org.spongycastle.operator.SecretKeySizeProvider; -import org.spongycastle.operator.SymmetricKeyUnwrapper; -import org.spongycastle.operator.jcajce.JceAsymmetricKeyUnwrapper; - -public class EnvelopedDataHelper -{ - protected static final SecretKeySizeProvider KEY_SIZE_PROVIDER = DefaultSecretKeySizeProvider.INSTANCE; - - protected static final Map BASE_CIPHER_NAMES = new HashMap(); - protected static final Map CIPHER_ALG_NAMES = new HashMap(); - protected static final Map MAC_ALG_NAMES = new HashMap(); - - static - { - BASE_CIPHER_NAMES.put(CMSAlgorithm.DES_CBC, "DES"); - BASE_CIPHER_NAMES.put(CMSAlgorithm.DES_EDE3_CBC, "DESEDE"); - BASE_CIPHER_NAMES.put(CMSAlgorithm.AES128_CBC, "AES"); - BASE_CIPHER_NAMES.put(CMSAlgorithm.AES192_CBC, "AES"); - BASE_CIPHER_NAMES.put(CMSAlgorithm.AES256_CBC, "AES"); - BASE_CIPHER_NAMES.put(CMSAlgorithm.RC2_CBC, "RC2"); - BASE_CIPHER_NAMES.put(CMSAlgorithm.CAST5_CBC, "CAST5"); - BASE_CIPHER_NAMES.put(CMSAlgorithm.CAMELLIA128_CBC, "Camellia"); - BASE_CIPHER_NAMES.put(CMSAlgorithm.CAMELLIA192_CBC, "Camellia"); - BASE_CIPHER_NAMES.put(CMSAlgorithm.CAMELLIA256_CBC, "Camellia"); - BASE_CIPHER_NAMES.put(CMSAlgorithm.SEED_CBC, "SEED"); - BASE_CIPHER_NAMES.put(PKCSObjectIdentifiers.rc4, "RC4"); - - CIPHER_ALG_NAMES.put(CMSAlgorithm.DES_CBC, "DES/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(CMSAlgorithm.RC2_CBC, "RC2/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(CMSAlgorithm.DES_EDE3_CBC, "DESEDE/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(CMSAlgorithm.AES128_CBC, "AES/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(CMSAlgorithm.AES192_CBC, "AES/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(CMSAlgorithm.AES256_CBC, "AES/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(PKCSObjectIdentifiers.rsaEncryption, "RSA/ECB/PKCS1Padding"); - CIPHER_ALG_NAMES.put(CMSAlgorithm.CAST5_CBC, "CAST5/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(CMSAlgorithm.CAMELLIA128_CBC, "Camellia/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(CMSAlgorithm.CAMELLIA192_CBC, "Camellia/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(CMSAlgorithm.CAMELLIA256_CBC, "Camellia/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(CMSAlgorithm.SEED_CBC, "SEED/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(PKCSObjectIdentifiers.rc4, "RC4"); - - MAC_ALG_NAMES.put(CMSAlgorithm.DES_EDE3_CBC, "DESEDEMac"); - MAC_ALG_NAMES.put(CMSAlgorithm.AES128_CBC, "AESMac"); - MAC_ALG_NAMES.put(CMSAlgorithm.AES192_CBC, "AESMac"); - MAC_ALG_NAMES.put(CMSAlgorithm.AES256_CBC, "AESMac"); - MAC_ALG_NAMES.put(CMSAlgorithm.RC2_CBC, "RC2Mac"); - } - - private static final short[] rc2Table = { - 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0, - 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a, - 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36, - 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c, - 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60, - 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa, - 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e, - 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf, - 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6, - 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3, - 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c, - 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2, - 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5, - 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5, - 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f, - 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab - }; - - private static final short[] rc2Ekb = { - 0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5, - 0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5, - 0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef, - 0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d, - 0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb, - 0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d, - 0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3, - 0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61, - 0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1, - 0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21, - 0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42, - 0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f, - 0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7, - 0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15, - 0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7, - 0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd - }; - - private JcaJceExtHelper helper; - - EnvelopedDataHelper(JcaJceExtHelper helper) - { - this.helper = helper; - } - - String getBaseCipherName(ASN1ObjectIdentifier algorithm) - { - String name = (String)BASE_CIPHER_NAMES.get(algorithm); - - if (name == null) - { - return algorithm.getId(); - } - - return name; - } - - Key getJceKey(GenericKey key) - { - if (key.getRepresentation() instanceof Key) - { - return (Key)key.getRepresentation(); - } - - if (key.getRepresentation() instanceof byte[]) - { - return new SecretKeySpec((byte[])key.getRepresentation(), "ENC"); - } - - throw new IllegalArgumentException("unknown generic key type"); - } - - public Key getJceKey(ASN1ObjectIdentifier algorithm, GenericKey key) - { - if (key.getRepresentation() instanceof Key) - { - return (Key)key.getRepresentation(); - } - - if (key.getRepresentation() instanceof byte[]) - { - return new SecretKeySpec((byte[])key.getRepresentation(), getBaseCipherName(algorithm)); - } - - throw new IllegalArgumentException("unknown generic key type"); - } - - public void keySizeCheck(AlgorithmIdentifier keyAlgorithm, Key key) - throws CMSException - { - int expectedKeySize = EnvelopedDataHelper.KEY_SIZE_PROVIDER.getKeySize(keyAlgorithm); - if (expectedKeySize > 0) - { - byte[] keyEnc = null; - - try - { - keyEnc = key.getEncoded(); - } - catch (Exception e) - { - // ignore - we're using a HSM... - } - - if (keyEnc != null) - { - if (keyEnc.length * 8 != expectedKeySize) - { - throw new CMSException("Expected key size for algorithm OID not found in recipient."); - } - } - } - } - - Cipher createCipher(ASN1ObjectIdentifier algorithm) - throws CMSException - { - try - { - String cipherName = (String)CIPHER_ALG_NAMES.get(algorithm); - - if (cipherName != null) - { - try - { - // this is reversed as the Sun policy files now allow unlimited strength RSA - return helper.createCipher(cipherName); - } - catch (NoSuchAlgorithmException e) - { - // Ignore - } - } - return helper.createCipher(algorithm.getId()); - } - catch (Exception e) - { - throw new CMSException("cannot create cipher: " + e.getMessage(), e); - } - } - - Mac createMac(ASN1ObjectIdentifier algorithm) - throws CMSException - { - try - { - String macName = (String)MAC_ALG_NAMES.get(algorithm); - - if (macName != null) - { - try - { - // this is reversed as the Sun policy files now allow unlimited strength RSA - return helper.createMac(macName); - } - catch (NoSuchAlgorithmException e) - { - // Ignore - } - } - return helper.createMac(algorithm.getId()); - } - catch (Exception e) - { - throw new CMSException("cannot create mac: " + e.getMessage(), e); - } - } - - Cipher createRFC3211Wrapper(ASN1ObjectIdentifier algorithm) - throws CMSException - { - String cipherName = (String)BASE_CIPHER_NAMES.get(algorithm); - - if (cipherName == null) - { - throw new CMSException("no name for " + algorithm); - } - - cipherName += "RFC3211Wrap"; - - try - { - return helper.createCipher(cipherName); - } - catch (Exception e) - { - throw new CMSException("cannot create cipher: " + e.getMessage(), e); - } - } - - KeyAgreement createKeyAgreement(ASN1ObjectIdentifier algorithm) - throws CMSException - { - try - { - String agreementName = (String)BASE_CIPHER_NAMES.get(algorithm); - - if (agreementName != null) - { - try - { - // this is reversed as the Sun policy files now allow unlimited strength RSA - return helper.createKeyAgreement(agreementName); - } - catch (NoSuchAlgorithmException e) - { - // Ignore - } - } - return helper.createKeyAgreement(algorithm.getId()); - } - catch (Exception e) - { - throw new CMSException("cannot create key pair generator: " + e.getMessage(), e); - } - } - - AlgorithmParameterGenerator createAlgorithmParameterGenerator(ASN1ObjectIdentifier algorithm) - throws CMSException - { - String algorithmName = (String)BASE_CIPHER_NAMES.get(algorithm); - - try - { - if (algorithmName != null) - { - try - { - // this is reversed as the Sun policy files now allow unlimited strength RSA - return helper.createAlgorithmParameterGenerator(algorithmName); - } - catch (NoSuchAlgorithmException e) - { - // Ignore - } - } - return helper.createAlgorithmParameterGenerator(algorithm.getId()); - } - catch (Exception e) - { - throw new CMSException("cannot create key pair generator: " + e.getMessage(), e); - } - } - - public Cipher createContentCipher(final Key sKey, final AlgorithmIdentifier encryptionAlgID) - throws CMSException - { - return (Cipher)execute(new JCECallback() - { - public Object doInJCE() - throws CMSException, InvalidAlgorithmParameterException, - InvalidKeyException, InvalidParameterSpecException, NoSuchAlgorithmException, - NoSuchPaddingException, NoSuchProviderException - { - Cipher cipher = createCipher(encryptionAlgID.getAlgorithm()); - ASN1Encodable sParams = encryptionAlgID.getParameters(); - String encAlg = encryptionAlgID.getAlgorithm().getId(); - - if (sParams != null && !(sParams instanceof ASN1Null)) - { - try - { - AlgorithmParameters params = createAlgorithmParameters(encryptionAlgID.getAlgorithm()); - - CMSUtils.loadParameters(params, sParams); - - cipher.init(Cipher.DECRYPT_MODE, sKey, params); - } - catch (NoSuchAlgorithmException e) - { - if (encAlg.equals(CMSAlgorithm.DES_CBC.getId()) - || encAlg.equals(CMSEnvelopedDataGenerator.DES_EDE3_CBC) - || encAlg.equals(CMSEnvelopedDataGenerator.IDEA_CBC) - || encAlg.equals(CMSEnvelopedDataGenerator.AES128_CBC) - || encAlg.equals(CMSEnvelopedDataGenerator.AES192_CBC) - || encAlg.equals(CMSEnvelopedDataGenerator.AES256_CBC)) - { - cipher.init(Cipher.DECRYPT_MODE, sKey, new IvParameterSpec( - ASN1OctetString.getInstance(sParams).getOctets())); - } - else - { - throw e; - } - } - } - else - { - if (encAlg.equals(CMSAlgorithm.DES_CBC.getId()) - || encAlg.equals(CMSEnvelopedDataGenerator.DES_EDE3_CBC) - || encAlg.equals(CMSEnvelopedDataGenerator.IDEA_CBC) - || encAlg.equals(CMSEnvelopedDataGenerator.CAST5_CBC)) - { - cipher.init(Cipher.DECRYPT_MODE, sKey, new IvParameterSpec(new byte[8])); - } - else - { - cipher.init(Cipher.DECRYPT_MODE, sKey); - } - } - - return cipher; - } - }); - } - - Mac createContentMac(final Key sKey, final AlgorithmIdentifier macAlgId) - throws CMSException - { - return (Mac)execute(new JCECallback() - { - public Object doInJCE() - throws CMSException, InvalidAlgorithmParameterException, - InvalidKeyException, InvalidParameterSpecException, NoSuchAlgorithmException, - NoSuchPaddingException, NoSuchProviderException - { - Mac mac = createMac(macAlgId.getAlgorithm()); - ASN1Encodable sParams = macAlgId.getParameters(); - String macAlg = macAlgId.getAlgorithm().getId(); - - if (sParams != null && !(sParams instanceof ASN1Null)) - { - try - { - AlgorithmParameters params = createAlgorithmParameters(macAlgId.getAlgorithm()); - - CMSUtils.loadParameters(params, sParams); - - mac.init(sKey, params.getParameterSpec(IvParameterSpec.class)); - } - catch (NoSuchAlgorithmException e) - { - throw e; - } - } - else - { - mac.init(sKey); - } - - return mac; - } - }); - } - - AlgorithmParameters createAlgorithmParameters(ASN1ObjectIdentifier algorithm) - throws NoSuchAlgorithmException, NoSuchProviderException - { - String algorithmName = (String)BASE_CIPHER_NAMES.get(algorithm); - - if (algorithmName != null) - { - try - { - // this is reversed as the Sun policy files now allow unlimited strength RSA - return helper.createAlgorithmParameters(algorithmName); - } - catch (NoSuchAlgorithmException e) - { - // Ignore - } - } - return helper.createAlgorithmParameters(algorithm.getId()); - } - - - KeyPairGenerator createKeyPairGenerator(ASN1ObjectIdentifier algorithm) - throws CMSException - { - try - { - String cipherName = (String)BASE_CIPHER_NAMES.get(algorithm); - - if (cipherName != null) - { - try - { - // this is reversed as the Sun policy files now allow unlimited strength RSA - return helper.createKeyPairGenerator(cipherName); - } - catch (NoSuchAlgorithmException e) - { - // Ignore - } - } - return helper.createKeyPairGenerator(algorithm.getId()); - } - catch (Exception e) - { - throw new CMSException("cannot create key pair generator: " + e.getMessage(), e); - } - } - - public KeyGenerator createKeyGenerator(ASN1ObjectIdentifier algorithm) - throws CMSException - { - try - { - String cipherName = (String)BASE_CIPHER_NAMES.get(algorithm); - - if (cipherName != null) - { - try - { - // this is reversed as the Sun policy files now allow unlimited strength RSA - return helper.createKeyGenerator(cipherName); - } - catch (NoSuchAlgorithmException e) - { - // Ignore - } - } - return helper.createKeyGenerator(algorithm.getId()); - } - catch (Exception e) - { - throw new CMSException("cannot create key generator: " + e.getMessage(), e); - } - } - - AlgorithmParameters generateParameters(ASN1ObjectIdentifier encryptionOID, SecretKey encKey, SecureRandom rand) - throws CMSException - { - try - { - AlgorithmParameterGenerator pGen = createAlgorithmParameterGenerator(encryptionOID); - - if (encryptionOID.equals(CMSAlgorithm.RC2_CBC)) - { - byte[] iv = new byte[8]; - - rand.nextBytes(iv); - - try - { - pGen.init(new RC2ParameterSpec(encKey.getEncoded().length * 8, iv), rand); - } - catch (InvalidAlgorithmParameterException e) - { - throw new CMSException("parameters generation error: " + e, e); - } - } - - return pGen.generateParameters(); - } - catch (Exception e) - { - throw new CMSException("exception creating algorithm parameter generator: " + e, e); - } - } - - AlgorithmIdentifier getAlgorithmIdentifier(ASN1ObjectIdentifier encryptionOID, AlgorithmParameters params) - throws CMSException - { - ASN1Encodable asn1Params; - if (params != null) - { - asn1Params = CMSUtils.extractParameters(params); - } - else - { - asn1Params = DERNull.INSTANCE; - } - - return new AlgorithmIdentifier( - encryptionOID, - asn1Params); - } - - static Object execute(JCECallback callback) throws CMSException - { - try - { - return callback.doInJCE(); - } - catch (NoSuchAlgorithmException e) - { - throw new CMSException("can't find algorithm.", e); - } - catch (InvalidKeyException e) - { - throw new CMSException("key invalid in message.", e); - } - catch (NoSuchProviderException e) - { - throw new CMSException("can't find provider.", e); - } - catch (NoSuchPaddingException e) - { - throw new CMSException("required padding not supported.", e); - } - catch (InvalidAlgorithmParameterException e) - { - throw new CMSException("algorithm parameters invalid.", e); - } - catch (InvalidParameterSpecException e) - { - throw new CMSException("MAC algorithm parameter spec invalid.", e); - } - } - - public KeyFactory createKeyFactory(ASN1ObjectIdentifier algorithm) - throws CMSException - { - try - { - String cipherName = (String)BASE_CIPHER_NAMES.get(algorithm); - - if (cipherName != null) - { - try - { - // this is reversed as the Sun policy files now allow unlimited strength RSA - return helper.createKeyFactory(cipherName); - } - catch (NoSuchAlgorithmException e) - { - // Ignore - } - } - return helper.createKeyFactory(algorithm.getId()); - } - catch (Exception e) - { - throw new CMSException("cannot create key factory: " + e.getMessage(), e); - } - } - - public JceAsymmetricKeyUnwrapper createAsymmetricUnwrapper(AlgorithmIdentifier keyEncryptionAlgorithm, PrivateKey keyEncryptionKey) - { - return helper.createAsymmetricUnwrapper(keyEncryptionAlgorithm, keyEncryptionKey); - } - - public SymmetricKeyUnwrapper createSymmetricUnwrapper(AlgorithmIdentifier keyEncryptionAlgorithm, SecretKey keyEncryptionKey) - { - return helper.createSymmetricUnwrapper(keyEncryptionAlgorithm, keyEncryptionKey); - } - - public AlgorithmIdentifier getAlgorithmIdentifier(ASN1ObjectIdentifier macOID, AlgorithmParameterSpec paramSpec) - { - if (paramSpec instanceof IvParameterSpec) - { - return new AlgorithmIdentifier(macOID, new DEROctetString(((IvParameterSpec)paramSpec).getIV())); - } - - if (paramSpec instanceof RC2ParameterSpec) - { - RC2ParameterSpec rc2Spec = (RC2ParameterSpec)paramSpec; - - int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits(); - - if (effKeyBits != -1) - { - int parameterVersion; - - if (effKeyBits < 256) - { - parameterVersion = rc2Table[effKeyBits]; - } - else - { - parameterVersion = effKeyBits; - } - - return new AlgorithmIdentifier(macOID, new RC2CBCParameter(parameterVersion, rc2Spec.getIV())); - } - - return new AlgorithmIdentifier(macOID, new RC2CBCParameter(rc2Spec.getIV())); - } - - throw new IllegalStateException("unknown parameter spec: " + paramSpec); - } - - static interface JCECallback - { - Object doInJCE() - throws CMSException, InvalidAlgorithmParameterException, InvalidKeyException, InvalidParameterSpecException, - NoSuchAlgorithmException, NoSuchPaddingException, NoSuchProviderException; - } -} diff --git a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JcaSelectorConverter.java b/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JcaSelectorConverter.java deleted file mode 100644 index 6f0224679..000000000 --- a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JcaSelectorConverter.java +++ /dev/null @@ -1,54 +0,0 @@ -package org.spongycastle.cms.jcajce; - -import java.security.cert.X509CertSelector; - -import org.spongycastle.asn1.ASN1OctetString; -import org.spongycastle.asn1.x500.X500Name; -import org.spongycastle.cms.KeyTransRecipientId; -import org.spongycastle.cms.SignerId; - -public class JcaSelectorConverter -{ - public JcaSelectorConverter() - { - - } - - public SignerId getSignerId(X509CertSelector certSelector) - { -try -{ - if (certSelector.getSubjectKeyIdentifier() != null) - { - return new SignerId(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber(), ASN1OctetString.getInstance(certSelector.getSubjectKeyIdentifier()).getOctets()); - } - else - { - return new SignerId(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber()); - } -} -catch (Exception e) -{ - throw new IllegalArgumentException("conversion failed: " + e.toString()); -} - } - - public KeyTransRecipientId getKeyTransRecipientId(X509CertSelector certSelector) - { -try -{ - if (certSelector.getSubjectKeyIdentifier() != null) - { - return new KeyTransRecipientId(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber(), ASN1OctetString.getInstance(certSelector.getSubjectKeyIdentifier()).getOctets()); - } - else - { - return new KeyTransRecipientId(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber()); - } -} -catch (Exception e) -{ - throw new IllegalArgumentException("conversion failed: " + e.toString()); -} - } -} diff --git a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JcaX509CertSelectorConverter.java b/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JcaX509CertSelectorConverter.java deleted file mode 100644 index ceb138ed6..000000000 --- a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JcaX509CertSelectorConverter.java +++ /dev/null @@ -1,24 +0,0 @@ -package org.spongycastle.cms.jcajce; - -import java.security.cert.X509CertSelector; - -import org.spongycastle.cms.KeyTransRecipientId; -import org.spongycastle.cms.SignerId; - -public class JcaX509CertSelectorConverter - extends org.spongycastle.cert.selector.jcajce.JcaX509CertSelectorConverter -{ - public JcaX509CertSelectorConverter() - { - } - - public X509CertSelector getCertSelector(KeyTransRecipientId recipientId) - { - return doConversion(recipientId.getIssuer(), recipientId.getSerialNumber(), recipientId.getSubjectKeyIdentifier()); - } - - public X509CertSelector getCertSelector(SignerId signerId) - { - return doConversion(signerId.getIssuer(), signerId.getSerialNumber(), signerId.getSubjectKeyIdentifier()); - } -} diff --git a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JceCMSContentEncryptorBuilder.java b/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JceCMSContentEncryptorBuilder.java deleted file mode 100644 index b4bdd4ad7..000000000 --- a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JceCMSContentEncryptorBuilder.java +++ /dev/null @@ -1,166 +0,0 @@ -package org.spongycastle.cms.jcajce; - -import java.io.OutputStream; -import java.security.AlgorithmParameters; -import java.security.GeneralSecurityException; -import java.security.InvalidKeyException; -import java.security.Provider; -import java.security.SecureRandom; -import java.util.HashMap; -import java.util.Map; - -import javax.crypto.Cipher; -import javax.crypto.CipherOutputStream; -import javax.crypto.KeyGenerator; -import javax.crypto.SecretKey; - -import org.spongycastle.asn1.ASN1ObjectIdentifier; -import org.spongycastle.asn1.x509.AlgorithmIdentifier; -import org.spongycastle.cms.CMSAlgorithm; -import org.spongycastle.cms.CMSException; -import org.spongycastle.operator.GenericKey; -import org.spongycastle.operator.OutputEncryptor; -import org.spongycastle.util.Integers; - -public class JceCMSContentEncryptorBuilder -{ - private static Map keySizes = new HashMap(); - - static - { - keySizes.put(CMSAlgorithm.AES128_CBC, Integers.valueOf(128)); - keySizes.put(CMSAlgorithm.AES192_CBC, Integers.valueOf(192)); - keySizes.put(CMSAlgorithm.AES256_CBC, Integers.valueOf(256)); - - keySizes.put(CMSAlgorithm.CAMELLIA128_CBC, Integers.valueOf(128)); - keySizes.put(CMSAlgorithm.CAMELLIA192_CBC, Integers.valueOf(192)); - keySizes.put(CMSAlgorithm.CAMELLIA256_CBC, Integers.valueOf(256)); - } - - private static int getKeySize(ASN1ObjectIdentifier oid) - { - Integer size = (Integer)keySizes.get(oid); - - if (size != null) - { - return size.intValue(); - } - - return -1; - } - - private ASN1ObjectIdentifier encryptionOID; - private int keySize; - - private EnvelopedDataHelper helper = new EnvelopedDataHelper(new DefaultJcaJceExtHelper()); - private SecureRandom random; - - public JceCMSContentEncryptorBuilder(ASN1ObjectIdentifier encryptionOID) - { - this(encryptionOID, getKeySize(encryptionOID)); - } - - public JceCMSContentEncryptorBuilder(ASN1ObjectIdentifier encryptionOID, int keySize) - { - this.encryptionOID = encryptionOID; - this.keySize = keySize; - } - - public JceCMSContentEncryptorBuilder setProvider(Provider provider) - { - this.helper = new EnvelopedDataHelper(new ProviderJcaJceExtHelper(provider)); - - return this; - } - - public JceCMSContentEncryptorBuilder setProvider(String providerName) - { - this.helper = new EnvelopedDataHelper(new NamedJcaJceExtHelper(providerName)); - - return this; - } - - public JceCMSContentEncryptorBuilder setSecureRandom(SecureRandom random) - { - this.random = random; - - return this; - } - - public OutputEncryptor build() - throws CMSException - { - return new CMSOutputEncryptor(encryptionOID, keySize, random); - } - - private class CMSOutputEncryptor - implements OutputEncryptor - { - private SecretKey encKey; - private AlgorithmIdentifier algorithmIdentifier; - private Cipher cipher; - - CMSOutputEncryptor(ASN1ObjectIdentifier encryptionOID, int keySize, SecureRandom random) - throws CMSException - { - KeyGenerator keyGen = helper.createKeyGenerator(encryptionOID); - - if (random == null) - { - random = new SecureRandom(); - } - - if (keySize < 0) - { - keyGen.init(random); - } - else - { - keyGen.init(keySize, random); - } - - cipher = helper.createCipher(encryptionOID); - encKey = keyGen.generateKey(); - AlgorithmParameters params = helper.generateParameters(encryptionOID, encKey, random); - - try - { - cipher.init(Cipher.ENCRYPT_MODE, encKey, params, random); - } - catch (InvalidKeyException e) - { - throw new CMSException("unable to initialize cipher: " + e.getMessage(), e); - } - catch (GeneralSecurityException e) - { - throw new CMSException("unable to initialize cipher: " + e.getMessage(), e); - } - - // - // If params are null we try and second guess on them as some providers don't provide - // algorithm parameter generation explicity but instead generate them under the hood. - // - if (params == null) - { - params = cipher.getParameters(); - } - - algorithmIdentifier = helper.getAlgorithmIdentifier(encryptionOID, params); - } - - public AlgorithmIdentifier getAlgorithmIdentifier() - { - return algorithmIdentifier; - } - - public OutputStream getOutputStream(OutputStream dOut) - { - return new CipherOutputStream(dOut, cipher); - } - - public GenericKey getKey() - { - return new GenericKey(encKey); - } - } -} diff --git a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JceKeyAgreeRecipient.java b/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JceKeyAgreeRecipient.java deleted file mode 100644 index 93c11b215..000000000 --- a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JceKeyAgreeRecipient.java +++ /dev/null @@ -1,184 +0,0 @@ -package org.spongycastle.cms.jcajce; - -import java.io.IOException; -import java.security.GeneralSecurityException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.KeyFactory; -import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.Provider; -import java.security.PublicKey; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.X509EncodedKeySpec; - -import javax.crypto.Cipher; -import javax.crypto.KeyAgreement; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.SecretKey; - -import org.spongycastle.asn1.ASN1ObjectIdentifier; -import org.spongycastle.asn1.ASN1OctetString; -import org.spongycastle.asn1.ASN1Primitive; -import org.spongycastle.asn1.cms.ecc.MQVuserKeyingMaterial; -import org.spongycastle.asn1.pkcs.PrivateKeyInfo; -import org.spongycastle.asn1.x509.AlgorithmIdentifier; -import org.spongycastle.asn1.x509.SubjectPublicKeyInfo; -import org.spongycastle.cms.CMSEnvelopedGenerator; -import org.spongycastle.cms.CMSException; -import org.spongycastle.cms.KeyAgreeRecipient; -import org.spongycastle.jce.spec.MQVPrivateKeySpec; -import org.spongycastle.jce.spec.MQVPublicKeySpec; - -public abstract class JceKeyAgreeRecipient - implements KeyAgreeRecipient -{ - private PrivateKey recipientKey; - protected EnvelopedDataHelper helper = new EnvelopedDataHelper(new DefaultJcaJceExtHelper()); - protected EnvelopedDataHelper contentHelper = helper; - - public JceKeyAgreeRecipient(PrivateKey recipientKey) - { - this.recipientKey = recipientKey; - } - - /** - * Set the provider to use for key recovery and content processing. - * - * @param provider provider to use. - * @return this recipient. - */ - public JceKeyAgreeRecipient setProvider(Provider provider) - { - this.helper = new EnvelopedDataHelper(new ProviderJcaJceExtHelper(provider)); - this.contentHelper = helper; - - return this; - } - - /** - * Set the provider to use for key recovery and content processing. - * - * @param providerName the name of the provider to use. - * @return this recipient. - */ - public JceKeyAgreeRecipient setProvider(String providerName) - { - this.helper = new EnvelopedDataHelper(new NamedJcaJceExtHelper(providerName)); - this.contentHelper = helper; - - return this; - } - - /** - * Set the provider to use for content processing. If providerName is null a "no provider" search will be - * used to satisfy getInstance calls. - * - * @param provider the provider to use. - * @return this recipient. - */ - public JceKeyAgreeRecipient setContentProvider(Provider provider) - { - this.contentHelper = CMSUtils.createContentHelper(provider); - - return this; - } - - /** - * Set the provider to use for content processing. If providerName is null a "no provider" search will be - * used to satisfy getInstance calls. - * - * @param providerName the name of the provider to use. - * @return this recipient. - */ - public JceKeyAgreeRecipient setContentProvider(String providerName) - { - this.contentHelper = CMSUtils.createContentHelper(providerName); - - return this; - } - - private SecretKey calculateAgreedWrapKey(AlgorithmIdentifier keyEncAlg, ASN1ObjectIdentifier wrapAlg, - PublicKey senderPublicKey, ASN1OctetString userKeyingMaterial, PrivateKey receiverPrivateKey) - throws CMSException, GeneralSecurityException, IOException, InvalidKeyException, NoSuchAlgorithmException - { - String agreeAlg = keyEncAlg.getAlgorithm().getId(); - - if (agreeAlg.equals(CMSEnvelopedGenerator.ECMQV_SHA1KDF)) - { - byte[] ukmEncoding = userKeyingMaterial.getOctets(); - MQVuserKeyingMaterial ukm = MQVuserKeyingMaterial.getInstance( - ASN1Primitive.fromByteArray(ukmEncoding)); - - SubjectPublicKeyInfo pubInfo = new SubjectPublicKeyInfo( - getPrivateKeyAlgorithmIdentifier(), - ukm.getEphemeralPublicKey().getPublicKey().getBytes()); - - X509EncodedKeySpec pubSpec = new X509EncodedKeySpec(pubInfo.getEncoded()); - KeyFactory fact = helper.createKeyFactory(keyEncAlg.getAlgorithm()); - PublicKey ephemeralKey = fact.generatePublic(pubSpec); - - senderPublicKey = new MQVPublicKeySpec(senderPublicKey, ephemeralKey); - receiverPrivateKey = new MQVPrivateKeySpec(receiverPrivateKey, receiverPrivateKey); - } - - KeyAgreement agreement = helper.createKeyAgreement(keyEncAlg.getAlgorithm()); - - agreement.init(receiverPrivateKey); - agreement.doPhase(senderPublicKey, true); - - return agreement.generateSecret(wrapAlg.getId()); - } - - private Key unwrapSessionKey(ASN1ObjectIdentifier wrapAlg, SecretKey agreedKey, ASN1ObjectIdentifier contentEncryptionAlgorithm, byte[] encryptedContentEncryptionKey) - throws CMSException, InvalidKeyException, NoSuchAlgorithmException - { - Cipher keyCipher = helper.createCipher(wrapAlg); - keyCipher.init(Cipher.UNWRAP_MODE, agreedKey); - return keyCipher.unwrap(encryptedContentEncryptionKey, helper.getBaseCipherName(contentEncryptionAlgorithm), Cipher.SECRET_KEY); - } - - protected Key extractSecretKey(AlgorithmIdentifier keyEncryptionAlgorithm, AlgorithmIdentifier contentEncryptionAlgorithm, SubjectPublicKeyInfo senderKey, ASN1OctetString userKeyingMaterial, byte[] encryptedContentEncryptionKey) - throws CMSException - { - try - { - ASN1ObjectIdentifier wrapAlg = - AlgorithmIdentifier.getInstance(keyEncryptionAlgorithm.getParameters()).getAlgorithm(); - - X509EncodedKeySpec pubSpec = new X509EncodedKeySpec(senderKey.getEncoded()); - KeyFactory fact = helper.createKeyFactory(keyEncryptionAlgorithm.getAlgorithm()); - PublicKey senderPublicKey = fact.generatePublic(pubSpec); - - SecretKey agreedWrapKey = calculateAgreedWrapKey(keyEncryptionAlgorithm, wrapAlg, - senderPublicKey, userKeyingMaterial, recipientKey); - - return unwrapSessionKey(wrapAlg, agreedWrapKey, contentEncryptionAlgorithm.getAlgorithm(), encryptedContentEncryptionKey); - } - catch (NoSuchAlgorithmException e) - { - throw new CMSException("can't find algorithm.", e); - } - catch (InvalidKeyException e) - { - throw new CMSException("key invalid in message.", e); - } - catch (InvalidKeySpecException e) - { - throw new CMSException("originator key spec invalid.", e); - } - catch (NoSuchPaddingException e) - { - throw new CMSException("required padding not supported.", e); - } - catch (Exception e) - { - throw new CMSException("originator key invalid.", e); - } - } - - public AlgorithmIdentifier getPrivateKeyAlgorithmIdentifier() - { - return PrivateKeyInfo.getInstance(recipientKey.getEncoded()).getAlgorithmId(); - } -} diff --git a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JceKeyAgreeRecipientInfoGenerator.java b/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JceKeyAgreeRecipientInfoGenerator.java deleted file mode 100644 index b37828840..000000000 --- a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JceKeyAgreeRecipientInfoGenerator.java +++ /dev/null @@ -1,212 +0,0 @@ -package org.spongycastle.cms.jcajce; - -import java.security.GeneralSecurityException; -import java.security.InvalidAlgorithmParameterException; -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.PrivateKey; -import java.security.Provider; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.cert.CertificateEncodingException; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.List; - -import javax.crypto.Cipher; -import javax.crypto.KeyAgreement; -import javax.crypto.SecretKey; - -import org.spongycastle.asn1.ASN1Encodable; -import org.spongycastle.asn1.ASN1EncodableVector; -import org.spongycastle.asn1.ASN1ObjectIdentifier; -import org.spongycastle.asn1.ASN1OctetString; -import org.spongycastle.asn1.ASN1Sequence; -import org.spongycastle.asn1.DEROctetString; -import org.spongycastle.asn1.DERSequence; -import org.spongycastle.asn1.cms.KeyAgreeRecipientIdentifier; -import org.spongycastle.asn1.cms.RecipientEncryptedKey; -import org.spongycastle.asn1.cms.RecipientKeyIdentifier; -import org.spongycastle.asn1.cms.ecc.MQVuserKeyingMaterial; -import org.spongycastle.asn1.x509.AlgorithmIdentifier; -import org.spongycastle.asn1.x509.SubjectPublicKeyInfo; -import org.spongycastle.cms.CMSAlgorithm; -import org.spongycastle.cms.CMSEnvelopedGenerator; -import org.spongycastle.cms.CMSException; -import org.spongycastle.cms.KeyAgreeRecipientInfoGenerator; -import org.spongycastle.jce.interfaces.ECPublicKey; -import org.spongycastle.jce.spec.ECParameterSpec; -import org.spongycastle.jce.spec.MQVPrivateKeySpec; -import org.spongycastle.jce.spec.MQVPublicKeySpec; -import org.spongycastle.operator.GenericKey; - -public class JceKeyAgreeRecipientInfoGenerator - extends KeyAgreeRecipientInfoGenerator -{ - private List recipientIDs = new ArrayList(); - private List recipientKeys = new ArrayList(); - private PublicKey senderPublicKey; - private PrivateKey senderPrivateKey; - - private EnvelopedDataHelper helper = new EnvelopedDataHelper(new DefaultJcaJceExtHelper()); - private SecureRandom random; - private KeyPair ephemeralKP; - - public JceKeyAgreeRecipientInfoGenerator(ASN1ObjectIdentifier keyAgreementOID, PrivateKey senderPrivateKey, PublicKey senderPublicKey, ASN1ObjectIdentifier keyEncryptionOID) - { - super(keyAgreementOID, SubjectPublicKeyInfo.getInstance(senderPublicKey.getEncoded()), keyEncryptionOID); - - this.senderPublicKey = senderPublicKey; - this.senderPrivateKey = senderPrivateKey; - } - - public JceKeyAgreeRecipientInfoGenerator setProvider(Provider provider) - { - this.helper = new EnvelopedDataHelper(new ProviderJcaJceExtHelper(provider)); - - return this; - } - - public JceKeyAgreeRecipientInfoGenerator setProvider(String providerName) - { - this.helper = new EnvelopedDataHelper(new NamedJcaJceExtHelper(providerName)); - - return this; - } - - public JceKeyAgreeRecipientInfoGenerator setSecureRandom(SecureRandom random) - { - this.random = random; - - return this; - } - - /** - * Add a recipient based on the passed in certificate's public key and its issuer and serial number. - * - * @param recipientCert recipient's certificate - * @return the current instance. - * @throws CertificateEncodingException if the necessary data cannot be extracted from the certificate. - */ - public JceKeyAgreeRecipientInfoGenerator addRecipient(X509Certificate recipientCert) - throws CertificateEncodingException - { - recipientIDs.add(new KeyAgreeRecipientIdentifier(CMSUtils.getIssuerAndSerialNumber(recipientCert))); - recipientKeys.add(recipientCert.getPublicKey()); - - return this; - } - - /** - * Add a recipient identified by the passed in subjectKeyID and the for the passed in public key. - * - * @param subjectKeyID identifier actual recipient will use to match the private key. - * @param publicKey the public key for encrypting the secret key. - * @return the current instance. - * @throws CertificateEncodingException - */ - public JceKeyAgreeRecipientInfoGenerator addRecipient(byte[] subjectKeyID, PublicKey publicKey) - throws CertificateEncodingException - { - recipientIDs.add(new KeyAgreeRecipientIdentifier(new RecipientKeyIdentifier(subjectKeyID))); - recipientKeys.add(publicKey); - - return this; - } - - public ASN1Sequence generateRecipientEncryptedKeys(AlgorithmIdentifier keyAgreeAlgorithm, AlgorithmIdentifier keyEncryptionAlgorithm, GenericKey contentEncryptionKey) - throws CMSException - { - init(keyAgreeAlgorithm.getAlgorithm()); - - PrivateKey senderPrivateKey = this.senderPrivateKey; - - ASN1ObjectIdentifier keyAgreementOID = keyAgreeAlgorithm.getAlgorithm(); - - if (keyAgreementOID.getId().equals(CMSEnvelopedGenerator.ECMQV_SHA1KDF)) - { - senderPrivateKey = new MQVPrivateKeySpec( - senderPrivateKey, ephemeralKP.getPrivate(), ephemeralKP.getPublic()); - } - - ASN1EncodableVector recipientEncryptedKeys = new ASN1EncodableVector(); - for (int i = 0; i != recipientIDs.size(); i++) - { - PublicKey recipientPublicKey = (PublicKey)recipientKeys.get(i); - KeyAgreeRecipientIdentifier karId = (KeyAgreeRecipientIdentifier)recipientIDs.get(i); - - if (keyAgreementOID.getId().equals(CMSEnvelopedGenerator.ECMQV_SHA1KDF)) - { - recipientPublicKey = new MQVPublicKeySpec(recipientPublicKey, recipientPublicKey); - } - - try - { - // Use key agreement to choose a wrap key for this recipient - KeyAgreement keyAgreement = helper.createKeyAgreement(keyAgreementOID); - keyAgreement.init(senderPrivateKey, random); - keyAgreement.doPhase(recipientPublicKey, true); - SecretKey keyEncryptionKey = keyAgreement.generateSecret(keyEncryptionAlgorithm.getAlgorithm().getId()); - - // Wrap the content encryption key with the agreement key - Cipher keyEncryptionCipher = helper.createCipher(keyEncryptionAlgorithm.getAlgorithm()); - - keyEncryptionCipher.init(Cipher.WRAP_MODE, keyEncryptionKey, random); - - byte[] encryptedKeyBytes = keyEncryptionCipher.wrap(helper.getJceKey(contentEncryptionKey)); - - ASN1OctetString encryptedKey = new DEROctetString(encryptedKeyBytes); - - recipientEncryptedKeys.add(new RecipientEncryptedKey(karId, encryptedKey)); - } - catch (NoSuchAlgorithmException e) - { - throw new CMSException("cannot perform agreement step: " + e.getMessage(), e); - } - catch (InvalidKeyException e) - { - throw new CMSException("cannot perform agreement step: " + e.getMessage(), e); - } - catch (GeneralSecurityException e) - { - throw new CMSException("cannot perform agreement step: " + e.getMessage(), e); - } - } - - return new DERSequence(recipientEncryptedKeys); - } - - protected ASN1Encodable getUserKeyingMaterial(AlgorithmIdentifier keyAgreeAlg) - throws CMSException - { - init(keyAgreeAlg.getAlgorithm()); - - if (ephemeralKP != null) - { - return new MQVuserKeyingMaterial( - createOriginatorPublicKey(SubjectPublicKeyInfo.getInstance(ephemeralKP.getPublic().getEncoded())), null); - } - - return null; - } - - private void init(ASN1ObjectIdentifier keyAgreementOID) - throws CMSException - { - if (random == null) - { - random = new SecureRandom(); - } - - if (keyAgreementOID.equals(CMSAlgorithm.ECMQV_SHA1KDF)) - { - if (ephemeralKP == null) - { - throw new CMSException( - "cannot determine MQV ephemeral key pair parameters from public key"); - } - } - } -} diff --git a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JcePasswordRecipient.java b/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JcePasswordRecipient.java deleted file mode 100644 index 0572364bf..000000000 --- a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JcePasswordRecipient.java +++ /dev/null @@ -1,92 +0,0 @@ -package org.spongycastle.cms.jcajce; - -import java.security.GeneralSecurityException; -import java.security.Key; -import java.security.Provider; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; - -import javax.crypto.Cipher; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.SecretKeySpec; - -import org.spongycastle.asn1.ASN1OctetString; -import org.spongycastle.asn1.x509.AlgorithmIdentifier; -import org.spongycastle.cms.CMSException; -import org.spongycastle.cms.PasswordRecipient; - -/** - * the RecipientInfo class for a recipient who has been sent a message - * encrypted using a password. - */ -public abstract class JcePasswordRecipient - implements PasswordRecipient -{ - private int schemeID = PasswordRecipient.PKCS5_SCHEME2_UTF8; - protected EnvelopedDataHelper helper = new EnvelopedDataHelper(new DefaultJcaJceExtHelper()); - private char[] password; - - JcePasswordRecipient( - char[] password) - { - this.password = password; - } - - public JcePasswordRecipient setPasswordConversionScheme(int schemeID) - { - this.schemeID = schemeID; - - return this; - } - - public JcePasswordRecipient setProvider(Provider provider) - { - this.helper = new EnvelopedDataHelper(new ProviderJcaJceExtHelper(provider)); - - return this; - } - - public JcePasswordRecipient setProvider(String providerName) - { - this.helper = new EnvelopedDataHelper(new NamedJcaJceExtHelper(providerName)); - - return this; - } - - protected Key extractSecretKey(AlgorithmIdentifier keyEncryptionAlgorithm, AlgorithmIdentifier contentEncryptionAlgorithm, byte[] derivedKey, byte[] encryptedContentEncryptionKey) - throws CMSException - { - Cipher keyEncryptionCipher = helper.createRFC3211Wrapper(keyEncryptionAlgorithm.getAlgorithm()); - - try - { - IvParameterSpec ivSpec = new IvParameterSpec(ASN1OctetString.getInstance(keyEncryptionAlgorithm.getParameters()).getOctets()); - - keyEncryptionCipher.init(Cipher.UNWRAP_MODE, new SecretKeySpec(derivedKey, keyEncryptionCipher.getAlgorithm()), ivSpec); - - return keyEncryptionCipher.unwrap(encryptedContentEncryptionKey, contentEncryptionAlgorithm.getAlgorithm().getId(), Cipher.SECRET_KEY); - } - catch (NoSuchAlgorithmException e) - { - throw new CMSException("cannot process content encryption key: " + e.getMessage(), e); - } - catch (InvalidKeyException e) - { - throw new CMSException("cannot process content encryption key: " + e.getMessage(), e); - } - catch (GeneralSecurityException e) - { - throw new CMSException("cannot process content encryption key: " + e.getMessage(), e); - } - } - - public int getPasswordConversionScheme() - { - return schemeID; - } - - public char[] getPassword() - { - return password; - } -} diff --git a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JcePasswordRecipientInfoGenerator.java b/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JcePasswordRecipientInfoGenerator.java deleted file mode 100644 index e1306fd9e..000000000 --- a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/JcePasswordRecipientInfoGenerator.java +++ /dev/null @@ -1,66 +0,0 @@ -package org.spongycastle.cms.jcajce; - -import java.security.GeneralSecurityException; -import java.security.Key; -import java.security.Provider; -import java.security.InvalidKeyException; - -import javax.crypto.Cipher; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.SecretKeySpec; - -import org.spongycastle.asn1.ASN1ObjectIdentifier; -import org.spongycastle.asn1.ASN1OctetString; -import org.spongycastle.asn1.x509.AlgorithmIdentifier; -import org.spongycastle.cms.CMSException; -import org.spongycastle.cms.PasswordRecipientInfoGenerator; -import org.spongycastle.operator.GenericKey; - -public class JcePasswordRecipientInfoGenerator - extends PasswordRecipientInfoGenerator -{ - private EnvelopedDataHelper helper = new EnvelopedDataHelper(new DefaultJcaJceExtHelper()); - - public JcePasswordRecipientInfoGenerator(ASN1ObjectIdentifier kekAlgorithm, char[] password) - { - super(kekAlgorithm, password); - } - - public JcePasswordRecipientInfoGenerator setProvider(Provider provider) - { - this.helper = new EnvelopedDataHelper(new ProviderJcaJceExtHelper(provider)); - - return this; - } - - public JcePasswordRecipientInfoGenerator setProvider(String providerName) - { - this.helper = new EnvelopedDataHelper(new NamedJcaJceExtHelper(providerName)); - - return this; - } - - public byte[] generateEncryptedBytes(AlgorithmIdentifier keyEncryptionAlgorithm, byte[] derivedKey, GenericKey contentEncryptionKey) - throws CMSException - { - Key contentEncryptionKeySpec = helper.getJceKey(contentEncryptionKey); - Cipher keyEncryptionCipher = helper.createRFC3211Wrapper(keyEncryptionAlgorithm.getAlgorithm()); - - try - { - IvParameterSpec ivSpec = new IvParameterSpec(ASN1OctetString.getInstance(keyEncryptionAlgorithm.getParameters()).getOctets()); - - keyEncryptionCipher.init(Cipher.WRAP_MODE, new SecretKeySpec(derivedKey, keyEncryptionCipher.getAlgorithm()), ivSpec); - - return keyEncryptionCipher.wrap(contentEncryptionKeySpec); - } - catch (InvalidKeyException e) - { - throw new CMSException("cannot process content encryption key: " + e.getMessage(), e); - } - catch (GeneralSecurityException e) - { - throw new CMSException("cannot process content encryption key: " + e.getMessage(), e); - } - } -} diff --git a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/ZlibExpanderProvider.java b/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/ZlibExpanderProvider.java deleted file mode 100644 index 880dc2cea..000000000 --- a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/cms/jcajce/ZlibExpanderProvider.java +++ /dev/null @@ -1,113 +0,0 @@ -package org.spongycastle.cms.jcajce; - -import java.io.FilterInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.util.zip.InflaterInputStream; - -import org.spongycastle.asn1.x509.AlgorithmIdentifier; -import org.spongycastle.operator.InputExpander; -import org.spongycastle.operator.InputExpanderProvider; -import org.spongycastle.util.io.StreamOverflowException; - -public class ZlibExpanderProvider - implements InputExpanderProvider -{ - private long limit; - - public ZlibExpanderProvider() - { - this.limit = -1; - } - - /** - * Create a provider which caps the number of expanded bytes that can be produced when the - * compressed stream is parsed. - * - * @param limit max number of bytes allowed in an expanded stream. - */ - public ZlibExpanderProvider(long limit) - { - this.limit = limit; - } - - public InputExpander get(final AlgorithmIdentifier algorithm) - { - return new InputExpander() - { - public AlgorithmIdentifier getAlgorithmIdentifier() - { - return algorithm; - } - - public InputStream getInputStream(InputStream comIn) - { - InputStream s = new InflaterInputStream(comIn); - if (limit >= 0) - { - s = new LimitedInputStream(s, limit); - } - return s; - } - }; - } - - private static class LimitedInputStream - extends FilterInputStream - { - private long remaining; - - public LimitedInputStream(InputStream input, long limit) - { - super(input); - - this.remaining = limit; - } - - public int read() - throws IOException - { - // Only a single 'extra' byte will ever be read - if (remaining >= 0) - { - int b = super.in.read(); - if (b < 0 || --remaining >= 0) - { - return b; - } - } - - throw new StreamOverflowException("expanded byte limit exceeded"); - } - - public int read(byte[] buf, int off, int len) - throws IOException - { - if (len < 1) - { - // This will give correct exceptions/returns for strange lengths - return super.read(buf, off, len); - } - - if (remaining < 1) - { - // Will either return EOF or throw exception - read(); - return -1; - } - - /* - * Limit the underlying request to 'remaining' bytes. This ensures the - * caller will see the full 'limit' bytes before getting an exception. - * Also, only one extra byte will ever be read. - */ - int actualLen = (remaining > len ? len : (int)remaining); - int numRead = super.in.read(buf, off, actualLen); - if (numRead > 0) - { - remaining -= numRead; - } - return numRead; - } - } -} diff --git a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/openssl/jcajce/JceOpenSSLPKCS8DecryptorProviderBuilder.java b/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/openssl/jcajce/JceOpenSSLPKCS8DecryptorProviderBuilder.java deleted file mode 100644 index 22c8c3de3..000000000 --- a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/openssl/jcajce/JceOpenSSLPKCS8DecryptorProviderBuilder.java +++ /dev/null @@ -1,156 +0,0 @@ -package org.spongycastle.openssl.jcajce; - -import java.io.IOException; -import java.io.InputStream; -import java.security.AlgorithmParameters; -import java.security.GeneralSecurityException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.InvalidKeyException; -import java.security.Provider; - -import javax.crypto.Cipher; -import javax.crypto.CipherInputStream; -import javax.crypto.SecretKey; -import javax.crypto.SecretKeyFactory; -import javax.crypto.spec.PBEKeySpec; -import javax.crypto.spec.PBEParameterSpec; - -import org.spongycastle.asn1.pkcs.KeyDerivationFunc; -import org.spongycastle.asn1.pkcs.EncryptionScheme; -import org.spongycastle.asn1.pkcs.PBEParameter; -import org.spongycastle.asn1.pkcs.PBES2Parameters; -import org.spongycastle.asn1.pkcs.PBKDF2Params; -import org.spongycastle.asn1.pkcs.PKCS12PBEParams; -import org.spongycastle.asn1.x509.AlgorithmIdentifier; -import org.spongycastle.jcajce.DefaultJcaJceHelper; -import org.spongycastle.jcajce.JcaJceHelper; -import org.spongycastle.jcajce.NamedJcaJceHelper; -import org.spongycastle.jcajce.ProviderJcaJceHelper; -import org.spongycastle.openssl.PEMException; -import org.spongycastle.operator.InputDecryptor; -import org.spongycastle.operator.InputDecryptorProvider; -import org.spongycastle.operator.OperatorCreationException; - -public class JceOpenSSLPKCS8DecryptorProviderBuilder -{ - private JcaJceHelper helper = new DefaultJcaJceHelper(); - - public JceOpenSSLPKCS8DecryptorProviderBuilder() - { - helper = new DefaultJcaJceHelper(); - } - - public JceOpenSSLPKCS8DecryptorProviderBuilder setProvider(String providerName) - { - helper = new NamedJcaJceHelper(providerName); - - return this; - } - - public JceOpenSSLPKCS8DecryptorProviderBuilder setProvider(Provider provider) - { - helper = new ProviderJcaJceHelper(provider); - - return this; - } - - public InputDecryptorProvider build(final char[] password) - throws OperatorCreationException - { - return new InputDecryptorProvider() - { - public InputDecryptor get(final AlgorithmIdentifier algorithm) - throws OperatorCreationException - { - final Cipher cipher; - - try - { - if (PEMUtilities.isPKCS5Scheme2(algorithm.getAlgorithm())) - { - PBES2Parameters params = PBES2Parameters.getInstance(algorithm.getParameters()); - KeyDerivationFunc func = params.getKeyDerivationFunc(); - EncryptionScheme scheme = params.getEncryptionScheme(); - PBKDF2Params defParams = (PBKDF2Params)func.getParameters(); - - int iterationCount = defParams.getIterationCount().intValue(); - byte[] salt = defParams.getSalt(); - - String oid = scheme.getAlgorithm().getId(); - - SecretKey key = PEMUtilities.generateSecretKeyForPKCS5Scheme2(oid, password, salt, iterationCount); - - cipher = helper.createCipher(oid); - AlgorithmParameters algParams = helper.createAlgorithmParameters(oid); - - algParams.init(scheme.getParameters().toASN1Primitive().getEncoded()); - - cipher.init(Cipher.DECRYPT_MODE, key, algParams); - } - else if (PEMUtilities.isPKCS12(algorithm.getAlgorithm())) - { - PKCS12PBEParams params = PKCS12PBEParams.getInstance(algorithm.getParameters()); - PBEKeySpec pbeSpec = new PBEKeySpec(password); - - SecretKeyFactory secKeyFact = helper.createSecretKeyFactory(algorithm.getAlgorithm().getId()); - PBEParameterSpec defParams = new PBEParameterSpec(params.getIV(), params.getIterations().intValue()); - - cipher = helper.createCipher(algorithm.getAlgorithm().getId()); - - cipher.init(Cipher.DECRYPT_MODE, secKeyFact.generateSecret(pbeSpec), defParams); - } - else if (PEMUtilities.isPKCS5Scheme1(algorithm.getAlgorithm())) - { - PBEParameter params = PBEParameter.getInstance(algorithm.getParameters()); - PBEKeySpec pbeSpec = new PBEKeySpec(password); - - SecretKeyFactory secKeyFact = helper.createSecretKeyFactory(algorithm.getAlgorithm().getId()); - PBEParameterSpec defParams = new PBEParameterSpec(params.getSalt(), params.getIterationCount().intValue()); - - cipher = helper.createCipher(algorithm.getAlgorithm().getId()); - - cipher.init(Cipher.DECRYPT_MODE, secKeyFact.generateSecret(pbeSpec), defParams); - } - else - { - throw new PEMException("Unknown algorithm: " + algorithm.getAlgorithm()); - } - - return new InputDecryptor() - { - public AlgorithmIdentifier getAlgorithmIdentifier() - { - return algorithm; - } - - public InputStream getInputStream(InputStream encIn) - { - return new CipherInputStream(encIn, cipher); - } - }; - } - catch (IOException e) - { - throw new OperatorCreationException(algorithm.getAlgorithm() + " not available: " + e.getMessage(), e); - } - catch (InvalidKeyException e) - { - throw new OperatorCreationException(algorithm.getAlgorithm() + " not available: " + e.getMessage(), e); - } - catch (NoSuchProviderException e) - { - throw new OperatorCreationException(algorithm.getAlgorithm() + " not available: " + e.getMessage(), e); - } - catch (NoSuchAlgorithmException e) - { - throw new OperatorCreationException(algorithm.getAlgorithm() + " not available: " + e.getMessage(), e); - } - catch (GeneralSecurityException e) - { - throw new OperatorCreationException(algorithm.getAlgorithm() + " not available: " + e.getMessage(), e); - } - }; - }; - } -} diff --git a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/openssl/jcajce/JceOpenSSLPKCS8EncryptorBuilder.java b/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/openssl/jcajce/JceOpenSSLPKCS8EncryptorBuilder.java deleted file mode 100644 index 60b715d45..000000000 --- a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/openssl/jcajce/JceOpenSSLPKCS8EncryptorBuilder.java +++ /dev/null @@ -1,240 +0,0 @@ -package org.spongycastle.openssl.jcajce; - -import java.io.IOException; -import java.io.OutputStream; -import java.security.AlgorithmParameterGenerator; -import java.security.AlgorithmParameters; -import java.security.GeneralSecurityException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.InvalidKeyException; -import java.security.Provider; -import java.security.SecureRandom; - -import javax.crypto.Cipher; -import javax.crypto.CipherOutputStream; -import javax.crypto.SecretKey; -import javax.crypto.SecretKeyFactory; -import javax.crypto.spec.PBEKeySpec; -import javax.crypto.spec.PBEParameterSpec; - -import org.spongycastle.asn1.ASN1EncodableVector; -import org.spongycastle.asn1.ASN1Integer; -import org.spongycastle.asn1.ASN1ObjectIdentifier; -import org.spongycastle.asn1.ASN1Primitive; -import org.spongycastle.asn1.DEROctetString; -import org.spongycastle.asn1.DERSequence; -import org.spongycastle.asn1.nist.NISTObjectIdentifiers; -import org.spongycastle.asn1.pkcs.KeyDerivationFunc; -import org.spongycastle.asn1.pkcs.PBES2Parameters; -import org.spongycastle.asn1.pkcs.PBKDF2Params; -import org.spongycastle.asn1.pkcs.PKCS12PBEParams; -import org.spongycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.spongycastle.asn1.x509.AlgorithmIdentifier; -import org.spongycastle.jcajce.DefaultJcaJceHelper; -import org.spongycastle.jcajce.JcaJceHelper; -import org.spongycastle.jcajce.NamedJcaJceHelper; -import org.spongycastle.jcajce.ProviderJcaJceHelper; -import org.spongycastle.operator.GenericKey; -import org.spongycastle.operator.OperatorCreationException; -import org.spongycastle.operator.OutputEncryptor; -import org.spongycastle.operator.jcajce.JceGenericKey; - -public class JceOpenSSLPKCS8EncryptorBuilder -{ - public static final String AES_128_CBC = NISTObjectIdentifiers.id_aes128_CBC.getId(); - public static final String AES_192_CBC = NISTObjectIdentifiers.id_aes192_CBC.getId(); - public static final String AES_256_CBC = NISTObjectIdentifiers.id_aes256_CBC.getId(); - - public static final String DES3_CBC = PKCSObjectIdentifiers.des_EDE3_CBC.getId(); - - public static final String PBE_SHA1_RC4_128 = PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC4.getId(); - public static final String PBE_SHA1_RC4_40 = PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC4.getId(); - public static final String PBE_SHA1_3DES = PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC.getId(); - public static final String PBE_SHA1_2DES = PKCSObjectIdentifiers.pbeWithSHAAnd2_KeyTripleDES_CBC.getId(); - public static final String PBE_SHA1_RC2_128 = PKCSObjectIdentifiers.pbeWithSHAAnd128BitRC2_CBC.getId(); - public static final String PBE_SHA1_RC2_40 = PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC2_CBC.getId(); - - private JcaJceHelper helper = new DefaultJcaJceHelper(); - - private AlgorithmParameters params; - private ASN1ObjectIdentifier algOID; - byte[] salt; - int iterationCount; - private Cipher cipher; - private SecureRandom random; - private AlgorithmParameterGenerator paramGen; - private SecretKeyFactory secKeyFact; - private char[] password; - - private SecretKey key; - - public JceOpenSSLPKCS8EncryptorBuilder(ASN1ObjectIdentifier algorithm) - { - algOID = algorithm; - - this.iterationCount = 2048; - } - - public JceOpenSSLPKCS8EncryptorBuilder setRandom(SecureRandom random) - { - this.random = random; - - return this; - } - - public JceOpenSSLPKCS8EncryptorBuilder setPasssword(char[] password) - { - this.password = password; - - return this; - } - - public JceOpenSSLPKCS8EncryptorBuilder setIterationCount(int iterationCount) - { - this.iterationCount = iterationCount; - - return this; - } - - public JceOpenSSLPKCS8EncryptorBuilder setProvider(String providerName) - { - helper = new NamedJcaJceHelper(providerName); - - return this; - } - - public JceOpenSSLPKCS8EncryptorBuilder setProvider(Provider provider) - { - helper = new ProviderJcaJceHelper(provider); - - return this; - } - - public OutputEncryptor build() - throws OperatorCreationException - { - final AlgorithmIdentifier algID; - - salt = new byte[20]; - - if (random == null) - { - random = new SecureRandom(); - } - - random.nextBytes(salt); - - try - { - this.cipher = helper.createCipher(algOID.getId()); - - if (PEMUtilities.isPKCS5Scheme2(algOID)) - { - this.paramGen = helper.createAlgorithmParameterGenerator(algOID.getId()); - } - else - { - this.secKeyFact = helper.createSecretKeyFactory(algOID.getId()); - } - } - catch (NoSuchAlgorithmException e) - { - throw new OperatorCreationException(algOID + " not available: " + e.getMessage(), e); - } - catch (NoSuchProviderException e) - { - throw new OperatorCreationException(algOID + " not available: " + e.getMessage(), e); - } - catch (GeneralSecurityException e) - { - throw new OperatorCreationException(algOID + " not available: " + e.getMessage(), e); - } - - if (PEMUtilities.isPKCS5Scheme2(algOID)) - { - params = paramGen.generateParameters(); - - try - { - KeyDerivationFunc scheme = new KeyDerivationFunc(algOID, ASN1Primitive.fromByteArray(params.getEncoded())); - KeyDerivationFunc func = new KeyDerivationFunc(PKCSObjectIdentifiers.id_PBKDF2, new PBKDF2Params(salt, iterationCount)); - - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(func); - v.add(scheme); - - algID = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_PBES2, PBES2Parameters.getInstance(new DERSequence(v))); - } - catch (IOException e) - { - throw new OperatorCreationException(e.getMessage(), e); - } - - key = PEMUtilities.generateSecretKeyForPKCS5Scheme2(algOID.getId(), password, salt, iterationCount); - - try - { - cipher.init(Cipher.ENCRYPT_MODE, key, params); - } - catch (InvalidKeyException e) - { - throw new OperatorCreationException(e.getMessage(), e); - } - catch (GeneralSecurityException e) - { - throw new OperatorCreationException(e.getMessage(), e); - } - } - else if (PEMUtilities.isPKCS12(algOID)) - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(new DEROctetString(salt)); - v.add(new ASN1Integer(iterationCount)); - - algID = new AlgorithmIdentifier(algOID, PKCS12PBEParams.getInstance(new DERSequence(v))); - - try - { - PBEKeySpec pbeSpec = new PBEKeySpec(password); - PBEParameterSpec defParams = new PBEParameterSpec(salt, iterationCount); - - key = secKeyFact.generateSecret(pbeSpec); - - cipher.init(Cipher.ENCRYPT_MODE, key, defParams); - } - catch (InvalidKeyException e) - { - throw new OperatorCreationException(e.getMessage(), e); - } - catch (GeneralSecurityException e) - { - throw new OperatorCreationException(e.getMessage(), e); - } - } - else - { - throw new OperatorCreationException("unknown algorithm: " + algOID, null); - } - - return new OutputEncryptor() - { - public AlgorithmIdentifier getAlgorithmIdentifier() - { - return algID; - } - - public OutputStream getOutputStream(OutputStream encOut) - { - return new CipherOutputStream(encOut, cipher); - } - - public GenericKey getKey() - { - return new JceGenericKey(algID, key); - } - }; - } -} diff --git a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/operator/jcajce/JcaContentSignerBuilder.java b/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/operator/jcajce/JcaContentSignerBuilder.java deleted file mode 100644 index f677e3f93..000000000 --- a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/operator/jcajce/JcaContentSignerBuilder.java +++ /dev/null @@ -1,166 +0,0 @@ -package org.spongycastle.operator.jcajce; - -import java.io.IOException; -import java.io.OutputStream; -import java.security.GeneralSecurityException; -import java.security.InvalidKeyException; -import java.security.PrivateKey; -import java.security.Provider; -import java.security.SecureRandom; -import java.security.Signature; -import java.security.SignatureException; - -import org.spongycastle.asn1.x509.AlgorithmIdentifier; -import org.spongycastle.jcajce.JcaJceHelper; -import org.spongycastle.jcajce.DefaultJcaJceHelper; -import org.spongycastle.jcajce.NamedJcaJceHelper; -import org.spongycastle.jcajce.ProviderJcaJceHelper; -import org.spongycastle.operator.ContentSigner; -import org.spongycastle.operator.DefaultSignatureAlgorithmIdentifierFinder; -import org.spongycastle.operator.OperatorCreationException; -import org.spongycastle.operator.OperatorStreamException; -import org.spongycastle.operator.RuntimeOperatorException; - -public class JcaContentSignerBuilder -{ - private OperatorHelper helper = new OperatorHelper(new DefaultJcaJceHelper()); - private SecureRandom random; - private String signatureAlgorithm; - private AlgorithmIdentifier sigAlgId; - - public JcaContentSignerBuilder(String signatureAlgorithm) - { - this.signatureAlgorithm = signatureAlgorithm; - this.sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(signatureAlgorithm); - } - - public JcaContentSignerBuilder setProvider(Provider provider) - { - this.helper = new OperatorHelper(new ProviderJcaJceHelper(provider)); - - return this; - } - - public JcaContentSignerBuilder setProvider(String providerName) - { - this.helper = new OperatorHelper(new NamedJcaJceHelper(providerName)); - - return this; - } - - public JcaContentSignerBuilder setSecureRandom(SecureRandom random) - { - this.random = random; - - return this; - } - - public ContentSigner build(PrivateKey privateKey) - throws OperatorCreationException - { - try - { - final Signature sig = helper.createSignature(sigAlgId); - - if (random != null) - { - sig.initSign(privateKey); - } - else - { - sig.initSign(privateKey); - } - - return new ContentSigner() - { - private SignatureOutputStream stream = new SignatureOutputStream(sig); - - public AlgorithmIdentifier getAlgorithmIdentifier() - { - return sigAlgId; - } - - public OutputStream getOutputStream() - { - return stream; - } - - public byte[] getSignature() - { - try - { - return stream.getSignature(); - } - catch (SignatureException e) - { - throw new RuntimeOperatorException("exception obtaining signature: " + e.getMessage(), e); - } - } - }; - } - catch (InvalidKeyException e) - { - throw new OperatorCreationException("cannot create signer: " + e.getMessage(), e); - } - catch (Exception e) - { - throw new OperatorCreationException("cannot create signer: " + e.getMessage(), e); - } - } - - private class SignatureOutputStream - extends OutputStream - { - private Signature sig; - - SignatureOutputStream(Signature sig) - { - this.sig = sig; - } - - public void write(byte[] bytes, int off, int len) - throws IOException - { - try - { - sig.update(bytes, off, len); - } - catch (SignatureException e) - { - throw new OperatorStreamException("exception in content signer: " + e.getMessage(), e); - } - } - - public void write(byte[] bytes) - throws IOException - { - try - { - sig.update(bytes); - } - catch (SignatureException e) - { - throw new OperatorStreamException("exception in content signer: " + e.getMessage(), e); - } - } - - public void write(int b) - throws IOException - { - try - { - sig.update((byte)b); - } - catch (SignatureException e) - { - throw new OperatorStreamException("exception in content signer: " + e.getMessage(), e); - } - } - - byte[] getSignature() - throws SignatureException - { - return sig.sign(); - } - } -} diff --git a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/operator/jcajce/JcaContentVerifierProviderBuilder.java b/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/operator/jcajce/JcaContentVerifierProviderBuilder.java deleted file mode 100644 index fe44d94e3..000000000 --- a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/operator/jcajce/JcaContentVerifierProviderBuilder.java +++ /dev/null @@ -1,312 +0,0 @@ -package org.spongycastle.operator.jcajce; - -import java.io.IOException; -import java.io.OutputStream; -import java.security.GeneralSecurityException; -import java.security.Provider; -import java.security.PublicKey; -import java.security.Signature; -import java.security.SignatureException; -import java.security.cert.CertificateEncodingException; -import java.security.cert.CertificateException; -import java.security.cert.X509Certificate; - -import org.spongycastle.asn1.x509.AlgorithmIdentifier; -import org.spongycastle.asn1.x509.SubjectPublicKeyInfo; -import org.spongycastle.cert.X509CertificateHolder; -import org.spongycastle.cert.jcajce.JcaX509CertificateHolder; -import org.spongycastle.jcajce.DefaultJcaJceHelper; -import org.spongycastle.jcajce.NamedJcaJceHelper; -import org.spongycastle.jcajce.ProviderJcaJceHelper; -import org.spongycastle.operator.ContentVerifier; -import org.spongycastle.operator.ContentVerifierProvider; -import org.spongycastle.operator.OperatorCreationException; -import org.spongycastle.operator.OperatorStreamException; -import org.spongycastle.operator.RawContentVerifier; -import org.spongycastle.operator.RuntimeOperatorException; - -public class JcaContentVerifierProviderBuilder -{ - private OperatorHelper helper = new OperatorHelper(new DefaultJcaJceHelper()); - - public JcaContentVerifierProviderBuilder() - { - } - - public JcaContentVerifierProviderBuilder setProvider(Provider provider) - { - this.helper = new OperatorHelper(new ProviderJcaJceHelper(provider)); - - return this; - } - - public JcaContentVerifierProviderBuilder setProvider(String providerName) - { - this.helper = new OperatorHelper(new NamedJcaJceHelper(providerName)); - - return this; - } - - public ContentVerifierProvider build(X509CertificateHolder certHolder) - throws OperatorCreationException, CertificateException - { - return build(helper.convertCertificate(certHolder)); - } - - public ContentVerifierProvider build(final X509Certificate certificate) - throws OperatorCreationException - { - final X509CertificateHolder certHolder; - - try - { - certHolder = new JcaX509CertificateHolder(certificate); - } - catch (CertificateEncodingException e) - { - throw new OperatorCreationException("cannot process certificate: " + e.getMessage(), e); - } - - return new ContentVerifierProvider() - { - private SignatureOutputStream stream; - - public boolean hasAssociatedCertificate() - { - return true; - } - - public X509CertificateHolder getAssociatedCertificate() - { - return certHolder; - } - - public ContentVerifier get(AlgorithmIdentifier algorithm) - throws OperatorCreationException - { - try - { - Signature sig = helper.createSignature(algorithm); - - sig.initVerify(certificate.getPublicKey()); - - stream = new SignatureOutputStream(sig); - } - catch (Exception e) - { - throw new OperatorCreationException("exception on setup: " + e, e); - } - - Signature rawSig = createRawSig(algorithm, certificate.getPublicKey()); - - if (rawSig != null) - { - return new RawSigVerifier(algorithm, stream, rawSig); - } - else - { - return new SigVerifier(algorithm, stream); - } - } - }; - } - - public ContentVerifierProvider build(final PublicKey publicKey) - throws OperatorCreationException - { - return new ContentVerifierProvider() - { - public boolean hasAssociatedCertificate() - { - return false; - } - - public X509CertificateHolder getAssociatedCertificate() - { - return null; - } - - public ContentVerifier get(AlgorithmIdentifier algorithm) - throws OperatorCreationException - { - SignatureOutputStream stream = createSignatureStream(algorithm, publicKey); - - Signature rawSig = createRawSig(algorithm, publicKey); - - if (rawSig != null) - { - return new RawSigVerifier(algorithm, stream, rawSig); - } - else - { - return new SigVerifier(algorithm, stream); - } - } - }; - } - - public ContentVerifierProvider build(SubjectPublicKeyInfo publicKey) - throws OperatorCreationException - { - return this.build(helper.convertPublicKey(publicKey)); - } - - private SignatureOutputStream createSignatureStream(AlgorithmIdentifier algorithm, PublicKey publicKey) - throws OperatorCreationException - { - try - { - Signature sig = helper.createSignature(algorithm); - - sig.initVerify(publicKey); - - return new SignatureOutputStream(sig); - } - catch (Exception e) - { - throw new OperatorCreationException("exception on setup: " + e, e); - } - } - - private Signature createRawSig(AlgorithmIdentifier algorithm, PublicKey publicKey) - { - Signature rawSig; - try - { - rawSig = helper.createRawSignature(algorithm); - - if (rawSig != null) - { - rawSig.initVerify(publicKey); - } - } - catch (Exception e) - { - rawSig = null; - } - return rawSig; - } - - private class SigVerifier - implements ContentVerifier - { - private SignatureOutputStream stream; - private AlgorithmIdentifier algorithm; - - SigVerifier(AlgorithmIdentifier algorithm, SignatureOutputStream stream) - { - this.algorithm = algorithm; - this.stream = stream; - } - - public AlgorithmIdentifier getAlgorithmIdentifier() - { - return algorithm; - } - - public OutputStream getOutputStream() - { - if (stream == null) - { - throw new IllegalStateException("verifier not initialised"); - } - - return stream; - } - - public boolean verify(byte[] expected) - { - try - { - return stream.verify(expected); - } - catch (SignatureException e) - { - throw new RuntimeOperatorException("exception obtaining signature: " + e.getMessage(), e); - } - } - } - - private class RawSigVerifier - extends SigVerifier - implements RawContentVerifier - { - private Signature rawSignature; - - RawSigVerifier(AlgorithmIdentifier algorithm, SignatureOutputStream stream, Signature rawSignature) - { - super(algorithm, stream); - this.rawSignature = rawSignature; - } - - public boolean verify(byte[] digest, byte[] expected) - { - try - { - rawSignature.update(digest); - - return rawSignature.verify(expected); - } - catch (SignatureException e) - { - throw new RuntimeOperatorException("exception obtaining raw signature: " + e.getMessage(), e); - } - } - } - - private class SignatureOutputStream - extends OutputStream - { - private Signature sig; - - SignatureOutputStream(Signature sig) - { - this.sig = sig; - } - - public void write(byte[] bytes, int off, int len) - throws IOException - { - try - { - sig.update(bytes, off, len); - } - catch (SignatureException e) - { - throw new OperatorStreamException("exception in content signer: " + e.getMessage(), e); - } - } - - public void write(byte[] bytes) - throws IOException - { - try - { - sig.update(bytes); - } - catch (SignatureException e) - { - throw new OperatorStreamException("exception in content signer: " + e.getMessage(), e); - } - } - - public void write(int b) - throws IOException - { - try - { - sig.update((byte)b); - } - catch (SignatureException e) - { - throw new OperatorStreamException("exception in content signer: " + e.getMessage(), e); - } - } - - boolean verify(byte[] expected) - throws SignatureException - { - return sig.verify(expected); - } - } -} diff --git a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/operator/jcajce/JceAsymmetricKeyUnwrapper.java b/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/operator/jcajce/JceAsymmetricKeyUnwrapper.java deleted file mode 100644 index 3cf379a2b..000000000 --- a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/operator/jcajce/JceAsymmetricKeyUnwrapper.java +++ /dev/null @@ -1,128 +0,0 @@ -package org.spongycastle.operator.jcajce; - -import java.security.GeneralSecurityException; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.Key; -import java.security.PrivateKey; -import java.security.Provider; -import java.security.ProviderException; -import java.util.HashMap; -import java.util.Map; - -import javax.crypto.BadPaddingException; -import javax.crypto.Cipher; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.spec.SecretKeySpec; - -import org.spongycastle.asn1.ASN1ObjectIdentifier; -import org.spongycastle.asn1.x509.AlgorithmIdentifier; -import org.spongycastle.jcajce.DefaultJcaJceHelper; -import org.spongycastle.jcajce.NamedJcaJceHelper; -import org.spongycastle.jcajce.ProviderJcaJceHelper; -import org.spongycastle.operator.AsymmetricKeyUnwrapper; -import org.spongycastle.operator.GenericKey; -import org.spongycastle.operator.OperatorException; - -public class JceAsymmetricKeyUnwrapper - extends AsymmetricKeyUnwrapper -{ - private OperatorHelper helper = new OperatorHelper(new DefaultJcaJceHelper()); - private Map extraMappings = new HashMap(); - private PrivateKey privKey; - - public JceAsymmetricKeyUnwrapper(AlgorithmIdentifier algorithmIdentifier, PrivateKey privKey) - { - super(algorithmIdentifier); - - this.privKey = privKey; - } - - public JceAsymmetricKeyUnwrapper setProvider(Provider provider) - { - this.helper = new OperatorHelper(new ProviderJcaJceHelper(provider)); - - return this; - } - - public JceAsymmetricKeyUnwrapper setProvider(String providerName) - { - this.helper = new OperatorHelper(new NamedJcaJceHelper(providerName)); - - return this; - } - - /** - * Internally algorithm ids are converted into cipher names using a lookup table. For some providers - * the standard lookup table won't work. Use this method to establish a specific mapping from an - * algorithm identifier to a specific algorithm. - * <p> - * For example: - * <pre> - * unwrapper.setAlgorithmMapping(PKCSObjectIdentifiers.rsaEncryption, "RSA"); - * </pre> - * </p> - * @param algorithm OID of algorithm in recipient. - * @param algorithmName JCE algorithm name to use. - * @return the current Unwrapper. - */ - public JceAsymmetricKeyUnwrapper setAlgorithmMapping(ASN1ObjectIdentifier algorithm, String algorithmName) - { - extraMappings.put(algorithm, algorithmName); - - return this; - } - - public GenericKey generateUnwrappedKey(AlgorithmIdentifier encryptedKeyAlgorithm, byte[] encryptedKey) - throws OperatorException - { - try - { - Key sKey = null; - - Cipher keyCipher = helper.createAsymmetricWrapper(this.getAlgorithmIdentifier().getAlgorithm(), extraMappings); - - try - { - keyCipher.init(Cipher.UNWRAP_MODE, privKey); - sKey = keyCipher.unwrap(encryptedKey, helper.getKeyAlgorithmName(encryptedKeyAlgorithm.getAlgorithm()), Cipher.SECRET_KEY); - } - catch (NoSuchAlgorithmException e) - { - } - catch (InvalidKeyException e) - { - } - catch (IllegalStateException e) - { - } - catch (UnsupportedOperationException e) - { - } - catch (ProviderException e) - { - } - - // some providers do not support UNWRAP (this appears to be only for asymmetric algorithms) - if (sKey == null) - { - keyCipher.init(Cipher.DECRYPT_MODE, privKey); - sKey = new SecretKeySpec(keyCipher.doFinal(encryptedKey), encryptedKeyAlgorithm.getAlgorithm().getId()); - } - - return new GenericKey(sKey); - } - catch (InvalidKeyException e) - { - throw new OperatorException("key invalid: " + e.getMessage(), e); - } - catch (IllegalBlockSizeException e) - { - throw new OperatorException("illegal blocksize: " + e.getMessage(), e); - } - catch (BadPaddingException e) - { - throw new OperatorException("bad padding: " + e.getMessage(), e); - } - } -} diff --git a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/operator/jcajce/JceSymmetricKeyWrapper.java b/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/operator/jcajce/JceSymmetricKeyWrapper.java deleted file mode 100644 index 4f5818246..000000000 --- a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/operator/jcajce/JceSymmetricKeyWrapper.java +++ /dev/null @@ -1,159 +0,0 @@ -package org.spongycastle.operator.jcajce; - -import java.security.GeneralSecurityException; -import java.security.Key; -import java.security.Provider; -import java.security.SecureRandom; -import java.security.InvalidKeyException; - -import javax.crypto.Cipher; -import javax.crypto.SecretKey; - -import org.spongycastle.asn1.DERInteger; -import org.spongycastle.asn1.DERNull; -import org.spongycastle.asn1.DERObjectIdentifier; -import org.spongycastle.asn1.kisa.KISAObjectIdentifiers; -import org.spongycastle.asn1.nist.NISTObjectIdentifiers; -import org.spongycastle.asn1.ntt.NTTObjectIdentifiers; -import org.spongycastle.asn1.x509.AlgorithmIdentifier; -import org.spongycastle.jcajce.DefaultJcaJceHelper; -import org.spongycastle.jcajce.NamedJcaJceHelper; -import org.spongycastle.jcajce.ProviderJcaJceHelper; -import org.spongycastle.operator.GenericKey; -import org.spongycastle.operator.OperatorException; -import org.spongycastle.operator.SymmetricKeyWrapper; - -public class JceSymmetricKeyWrapper - extends SymmetricKeyWrapper -{ - private OperatorHelper helper = new OperatorHelper(new DefaultJcaJceHelper()); - private SecureRandom random; - private SecretKey wrappingKey; - - public JceSymmetricKeyWrapper(SecretKey wrappingKey) - { - super(determineKeyEncAlg(wrappingKey)); - - this.wrappingKey = wrappingKey; - } - - public JceSymmetricKeyWrapper setProvider(Provider provider) - { - this.helper = new OperatorHelper(new ProviderJcaJceHelper(provider)); - - return this; - } - - public JceSymmetricKeyWrapper setProvider(String providerName) - { - this.helper = new OperatorHelper(new NamedJcaJceHelper(providerName)); - - return this; - } - - public JceSymmetricKeyWrapper setSecureRandom(SecureRandom random) - { - this.random = random; - - return this; - } - - public byte[] generateWrappedKey(GenericKey encryptionKey) - throws OperatorException - { - Key contentEncryptionKeySpec = OperatorUtils.getJceKey(encryptionKey); - - Cipher keyEncryptionCipher = helper.createSymmetricWrapper(this.getAlgorithmIdentifier().getAlgorithm()); - - try - { - keyEncryptionCipher.init(Cipher.WRAP_MODE, wrappingKey, random); - - return keyEncryptionCipher.wrap(contentEncryptionKeySpec); - } - catch (InvalidKeyException e) - { - throw new OperatorException("cannot wrap key: " + e.getMessage(), e); - } - catch (GeneralSecurityException e) - { - throw new OperatorException("cannot wrap key: " + e.getMessage(), e); - } - } - - private static AlgorithmIdentifier determineKeyEncAlg(SecretKey key) - { - String algorithm = key.getAlgorithm(); - - if (algorithm.startsWith("DES")) - { - return new AlgorithmIdentifier(new DERObjectIdentifier( - "1.2.840.113549.1.9.16.3.6"), new DERNull()); - } - else if (algorithm.startsWith("RC2")) - { - return new AlgorithmIdentifier(new DERObjectIdentifier( - "1.2.840.113549.1.9.16.3.7"), new DERInteger(58)); - } - else if (algorithm.startsWith("AES")) - { - int length = key.getEncoded().length * 8; - DERObjectIdentifier wrapOid; - - if (length == 128) - { - wrapOid = NISTObjectIdentifiers.id_aes128_wrap; - } - else if (length == 192) - { - wrapOid = NISTObjectIdentifiers.id_aes192_wrap; - } - else if (length == 256) - { - wrapOid = NISTObjectIdentifiers.id_aes256_wrap; - } - else - { - throw new IllegalArgumentException("illegal keysize in AES"); - } - - return new AlgorithmIdentifier(wrapOid); // parameters absent - } - else if (algorithm.startsWith("SEED")) - { - // parameters absent - return new AlgorithmIdentifier( - KISAObjectIdentifiers.id_npki_app_cmsSeed_wrap); - } - else if (algorithm.startsWith("Camellia")) - { - int length = key.getEncoded().length * 8; - DERObjectIdentifier wrapOid; - - if (length == 128) - { - wrapOid = NTTObjectIdentifiers.id_camellia128_wrap; - } - else if (length == 192) - { - wrapOid = NTTObjectIdentifiers.id_camellia192_wrap; - } - else if (length == 256) - { - wrapOid = NTTObjectIdentifiers.id_camellia256_wrap; - } - else - { - throw new IllegalArgumentException( - "illegal keysize in Camellia"); - } - - return new AlgorithmIdentifier(wrapOid); // parameters must be - // absent - } - else - { - throw new IllegalArgumentException("unknown algorithm"); - } - } -} diff --git a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/operator/jcajce/OperatorHelper.java b/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/operator/jcajce/OperatorHelper.java deleted file mode 100644 index 25aaefd38..000000000 --- a/libraries/spongycastle/pkix/src/main/jdk1.1/org/spongycastle/operator/jcajce/OperatorHelper.java +++ /dev/null @@ -1,478 +0,0 @@ -package org.spongycastle.operator.jcajce; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.security.AlgorithmParameters; -import java.security.GeneralSecurityException; -import java.security.KeyFactory; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PublicKey; -import java.security.Signature; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; -import java.security.spec.InvalidKeySpecException; -//import java.security.spec.PSSParameterSpec; -import java.security.spec.X509EncodedKeySpec; -import java.util.HashMap; -import java.util.Map; - -import javax.crypto.Cipher; - -import org.spongycastle.asn1.ASN1Encodable; -import org.spongycastle.asn1.ASN1ObjectIdentifier; -import org.spongycastle.asn1.DERNull; -import org.spongycastle.asn1.cryptopro.CryptoProObjectIdentifiers; -import org.spongycastle.asn1.kisa.KISAObjectIdentifiers; -import org.spongycastle.asn1.nist.NISTObjectIdentifiers; -import org.spongycastle.asn1.ntt.NTTObjectIdentifiers; -import org.spongycastle.asn1.oiw.OIWObjectIdentifiers; -import org.spongycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.spongycastle.asn1.pkcs.RSASSAPSSparams; -import org.spongycastle.asn1.teletrust.TeleTrusTObjectIdentifiers; -import org.spongycastle.asn1.x509.AlgorithmIdentifier; -import org.spongycastle.asn1.x509.SubjectPublicKeyInfo; -import org.spongycastle.asn1.x9.X9ObjectIdentifiers; -import org.spongycastle.cert.X509CertificateHolder; -import org.spongycastle.jcajce.JcaJceHelper; -import org.spongycastle.jcajce.JcaJceUtils; -import org.spongycastle.operator.OperatorCreationException; - -class OperatorHelper -{ - private static final Map oids = new HashMap(); - private static final Map asymmetricWrapperAlgNames = new HashMap(); - private static final Map symmetricWrapperAlgNames = new HashMap(); - private static final Map symmetricKeyAlgNames = new HashMap(); - - static - { - // - // reverse mappings - // - oids.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.5"), "SHA1WITHRSA"); - oids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224WITHRSA"); - oids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256WITHRSA"); - oids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384WITHRSA"); - oids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512WITHRSA"); - oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410"); - oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410"); - - oids.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"), "MD5WITHRSA"); - oids.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA"); - oids.put(new ASN1ObjectIdentifier("1.2.840.10040.4.3"), "SHA1WITHDSA"); - oids.put(X9ObjectIdentifiers.ecdsa_with_SHA1, "SHA1WITHECDSA"); - oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA"); - oids.put(X9ObjectIdentifiers.ecdsa_with_SHA256, "SHA256WITHECDSA"); - oids.put(X9ObjectIdentifiers.ecdsa_with_SHA384, "SHA384WITHECDSA"); - oids.put(X9ObjectIdentifiers.ecdsa_with_SHA512, "SHA512WITHECDSA"); - oids.put(OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA"); - oids.put(OIWObjectIdentifiers.dsaWithSHA1, "SHA1WITHDSA"); - oids.put(NISTObjectIdentifiers.dsa_with_sha224, "SHA224WITHDSA"); - oids.put(NISTObjectIdentifiers.dsa_with_sha256, "SHA256WITHDSA"); - - oids.put(OIWObjectIdentifiers.idSHA1, "SHA-1"); - oids.put(NISTObjectIdentifiers.id_sha224, "SHA-224"); - oids.put(NISTObjectIdentifiers.id_sha256, "SHA-256"); - oids.put(NISTObjectIdentifiers.id_sha384, "SHA-384"); - oids.put(NISTObjectIdentifiers.id_sha512, "SHA-512"); - oids.put(TeleTrusTObjectIdentifiers.ripemd128, "RIPEMD-128"); - oids.put(TeleTrusTObjectIdentifiers.ripemd160, "RIPEMD-160"); - oids.put(TeleTrusTObjectIdentifiers.ripemd256, "RIPEMD-256"); - - asymmetricWrapperAlgNames.put(PKCSObjectIdentifiers.rsaEncryption, "RSA/ECB/PKCS1Padding"); - - symmetricWrapperAlgNames.put(PKCSObjectIdentifiers.id_alg_CMS3DESwrap, "DESEDEWrap"); - symmetricWrapperAlgNames.put(PKCSObjectIdentifiers.id_alg_CMSRC2wrap, "RC2Wrap"); - symmetricWrapperAlgNames.put(NISTObjectIdentifiers.id_aes128_wrap, "AESWrap"); - symmetricWrapperAlgNames.put(NISTObjectIdentifiers.id_aes192_wrap, "AESWrap"); - symmetricWrapperAlgNames.put(NISTObjectIdentifiers.id_aes256_wrap, "AESWrap"); - symmetricWrapperAlgNames.put(NTTObjectIdentifiers.id_camellia128_wrap, "CamelliaWrap"); - symmetricWrapperAlgNames.put(NTTObjectIdentifiers.id_camellia192_wrap, "CamelliaWrap"); - symmetricWrapperAlgNames.put(NTTObjectIdentifiers.id_camellia256_wrap, "CamelliaWrap"); - symmetricWrapperAlgNames.put(KISAObjectIdentifiers.id_npki_app_cmsSeed_wrap, "SEEDWrap"); - symmetricWrapperAlgNames.put(PKCSObjectIdentifiers.des_EDE3_CBC, "DESede"); - - symmetricKeyAlgNames.put(NISTObjectIdentifiers.aes, "AES"); - symmetricKeyAlgNames.put(NISTObjectIdentifiers.id_aes128_CBC, "AES"); - symmetricKeyAlgNames.put(NISTObjectIdentifiers.id_aes192_CBC, "AES"); - symmetricKeyAlgNames.put(NISTObjectIdentifiers.id_aes256_CBC, "AES"); - symmetricKeyAlgNames.put(PKCSObjectIdentifiers.des_EDE3_CBC, "DESede"); - symmetricKeyAlgNames.put(PKCSObjectIdentifiers.RC2_CBC, "RC2"); - } - - private JcaJceHelper helper; - - OperatorHelper(JcaJceHelper helper) - { - this.helper = helper; - } - - Cipher createAsymmetricWrapper(ASN1ObjectIdentifier algorithm, Map extraAlgNames) - throws OperatorCreationException - { - try - { - String cipherName = null; - - if (!extraAlgNames.isEmpty()) - { - cipherName = (String)extraAlgNames.get(algorithm); - } - - if (cipherName == null) - { - cipherName = (String)asymmetricWrapperAlgNames.get(algorithm); - } - - if (cipherName != null) - { - try - { - // this is reversed as the Sun policy files now allow unlimited strength RSA - return helper.createCipher(cipherName); - } - catch (NoSuchAlgorithmException e) - { - // try alternate for RSA - if (cipherName.equals("RSA/ECB/PKCS1Padding")) - { - try - { - return helper.createCipher("RSA/NONE/PKCS1Padding"); - } - catch (NoSuchAlgorithmException ex) - { - // Ignore - } - } - // Ignore - } - } - - return helper.createCipher(algorithm.getId()); - } - catch (Exception e) - { - throw new OperatorCreationException("cannot create cipher: " + e.getMessage(), e); - } - } - - Cipher createSymmetricWrapper(ASN1ObjectIdentifier algorithm) - throws OperatorCreationException - { - try - { - String cipherName = (String)symmetricWrapperAlgNames.get(algorithm); - - if (cipherName != null) - { - try - { - // this is reversed as the Sun policy files now allow unlimited strength RSA - return helper.createCipher(cipherName); - } - catch (NoSuchAlgorithmException e) - { - // Ignore - } - } - return helper.createCipher(algorithm.getId()); - } - catch (Exception e) - { - throw new OperatorCreationException("cannot create cipher: " + e.getMessage(), e); - } - } - - AlgorithmParameters createAlgorithmParameters(AlgorithmIdentifier cipherAlgId) - throws OperatorCreationException - { - AlgorithmParameters parameters; - - if (cipherAlgId.getAlgorithm().equals(PKCSObjectIdentifiers.rsaEncryption)) - { - return null; - } - - try - { - parameters = helper.createAlgorithmParameters(cipherAlgId.getAlgorithm().getId()); - } - catch (NoSuchAlgorithmException e) - { - return null; // There's a good chance there aren't any! - } - catch (NoSuchProviderException e) - { - throw new OperatorCreationException("cannot create algorithm parameters: " + e.getMessage(), e); - } - - try - { - parameters.init(cipherAlgId.getParameters().toASN1Primitive().getEncoded()); - } - catch (IOException e) - { - throw new OperatorCreationException("cannot initialise algorithm parameters: " + e.getMessage(), e); - } - - return parameters; - } - - MessageDigest createDigest(AlgorithmIdentifier digAlgId) - throws GeneralSecurityException - { - MessageDigest dig; - - try - { - try - { - dig = helper.createDigest(getDigestAlgName(digAlgId.getAlgorithm())); - } - catch (NoSuchAlgorithmException e) - { - // - // try an alternate - // - if (oids.get(digAlgId.getAlgorithm()) != null) - { - String digestAlgorithm = (String)oids.get(digAlgId.getAlgorithm()); - - dig = helper.createDigest(digestAlgorithm); - } - else - { - throw e; - } - } - } - catch (Exception ex) - { - throw new GeneralSecurityException(ex.toString()); - } - - return dig; - } - - Signature createSignature(AlgorithmIdentifier sigAlgId) - throws Exception - { - Signature sig; - - try - { - sig = helper.createSignature(getSignatureName(sigAlgId)); - } - catch (NoSuchAlgorithmException e) - { - // - // try an alternate - // - if (oids.get(sigAlgId.getAlgorithm()) != null) - { - String signatureAlgorithm = (String)oids.get(sigAlgId.getAlgorithm()); - - sig = helper.createSignature(signatureAlgorithm); - } - else - { - throw e; - } - } - - return sig; - } - - public Signature createRawSignature(AlgorithmIdentifier algorithm) - { - Signature sig; - - try - { - String algName = getSignatureName(algorithm); - - algName = "NONE" + algName.substring(algName.indexOf("WITH")); - - sig = helper.createSignature(algName); - - // RFC 4056 - // When the id-RSASSA-PSS algorithm identifier is used for a signature, - // the AlgorithmIdentifier parameters field MUST contain RSASSA-PSS-params. -/* - if (algorithm.getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS)) - { - AlgorithmParameters params = helper.createAlgorithmParameters(algName); - - JcaJceUtils.loadParameters(params, algorithm.getParameters()); - - PSSParameterSpec spec = (PSSParameterSpec)params.getParameterSpec(PSSParameterSpec.class); - sig.setParameter(spec); - } -*/ - } - catch (Exception e) - { - return null; - } - - return sig; - } - - private static String getSignatureName( - AlgorithmIdentifier sigAlgId) - { - ASN1Encodable params = sigAlgId.getParameters(); - - if (params != null && !DERNull.INSTANCE.equals(params)) - { - if (sigAlgId.getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS)) - { - RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params); - return getDigestAlgName(rsaParams.getHashAlgorithm().getAlgorithm()) + "WITHRSAANDMGF1"; - } - } - - if (oids.containsKey(sigAlgId.getAlgorithm())) - { - return (String)oids.get(sigAlgId.getAlgorithm()); - } - - return sigAlgId.getAlgorithm().getId(); - } - - private static String getDigestAlgName( - ASN1ObjectIdentifier digestAlgOID) - { - if (PKCSObjectIdentifiers.md5.equals(digestAlgOID)) - { - return "MD5"; - } - else if (OIWObjectIdentifiers.idSHA1.equals(digestAlgOID)) - { - return "SHA1"; - } - else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID)) - { - return "SHA224"; - } - else if (NISTObjectIdentifiers.id_sha256.equals(digestAlgOID)) - { - return "SHA256"; - } - else if (NISTObjectIdentifiers.id_sha384.equals(digestAlgOID)) - { - return "SHA384"; - } - else if (NISTObjectIdentifiers.id_sha512.equals(digestAlgOID)) - { - return "SHA512"; - } - else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID)) - { - return "RIPEMD128"; - } - else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID)) - { - return "RIPEMD160"; - } - else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID)) - { - return "RIPEMD256"; - } - else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID)) - { - return "GOST3411"; - } - else - { - return digestAlgOID.getId(); - } - } - - public X509Certificate convertCertificate(X509CertificateHolder certHolder) - throws CertificateException - { - - try - { - CertificateFactory certFact = helper.createCertificateFactory("X.509"); - - return (X509Certificate)certFact.generateCertificate(new ByteArrayInputStream(certHolder.getEncoded())); - } - catch (IOException e) - { - throw new OpCertificateException("cannot get encoded form of certificate: " + e.getMessage(), e); - } - catch (NoSuchAlgorithmException e) - { - throw new OpCertificateException("cannot create certificate factory: " + e.getMessage(), e); - } - catch (NoSuchProviderException e) - { - throw new OpCertificateException("cannot find factory provider: " + e.getMessage(), e); - } - } - - public PublicKey convertPublicKey(SubjectPublicKeyInfo publicKeyInfo) - throws OperatorCreationException - { - try - { - KeyFactory keyFact = helper.createKeyFactory(publicKeyInfo.getAlgorithm().getAlgorithm().getId()); - - return keyFact.generatePublic(new X509EncodedKeySpec(publicKeyInfo.getEncoded())); - } - catch (IOException e) - { - throw new OperatorCreationException("cannot get encoded form of key: " + e.getMessage(), e); - } - catch (NoSuchAlgorithmException e) - { - throw new OperatorCreationException("cannot create key factory: " + e.getMessage(), e); - } - catch (NoSuchProviderException e) - { - throw new OperatorCreationException("cannot find factory provider: " + e.getMessage(), e); - } - catch (InvalidKeySpecException e) - { - throw new OperatorCreationException("cannot create key factory: " + e.getMessage(), e); - } - } - - // TODO: put somewhere public so cause easily accessed - private static class OpCertificateException - extends CertificateException - { - private Throwable cause; - - public OpCertificateException(String msg, Throwable cause) - { - super(msg); - - this.cause = cause; - } - - public Throwable getCause() - { - return cause; - } - } - - String getKeyAlgorithmName(ASN1ObjectIdentifier oid) - { - - String name = (String)symmetricKeyAlgNames.get(oid); - - if (name != null) - { - return name; - } - - return oid.getId(); - } -} |