BouncyCastle update.
git-svn-id: svn://svn.code.sf.net/p/itextsharp/code/trunk@45 820d3149-562b-4f88-9aa4-a8e61a3485cfmaster
parent
1737ad65dd
commit
1ea1146eb1
|
@ -96,7 +96,7 @@ namespace Org.BouncyCastle.Asn1.Pkcs
|
|||
}
|
||||
|
||||
/**
|
||||
* write out an RSA private key with it's asscociated information
|
||||
* write out an RSA private key with its associated information
|
||||
* as described in Pkcs8.
|
||||
* <pre>
|
||||
* PrivateKeyInfo ::= Sequence {
|
||||
|
|
|
@ -55,6 +55,10 @@ namespace Org.BouncyCastle.Crypto.Modes
|
|||
Reset();
|
||||
cipher.Init(true, ivParam.Parameters);
|
||||
}
|
||||
else
|
||||
{
|
||||
throw new ArgumentException("SIC mode requires ParametersWithIV", "parameters");
|
||||
}
|
||||
}
|
||||
|
||||
public string AlgorithmName
|
||||
|
|
|
@ -53,31 +53,31 @@ namespace Org.BouncyCastle.Crypto.Tls
|
|||
switch (number)
|
||||
{
|
||||
case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
|
||||
return new TlsBlockCipherCipherSuite(new CbcBlockCipher(new DesEdeEngine()), new CbcBlockCipher(new DesEdeEngine()), new Sha1Digest(), new Sha1Digest(), 24, TlsCipherSuite.KE_RSA);
|
||||
return createDesEdeCipherSuite(24, TlsCipherSuite.KE_RSA);
|
||||
|
||||
case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
|
||||
return new TlsBlockCipherCipherSuite(new CbcBlockCipher(new DesEdeEngine()), new CbcBlockCipher(new DesEdeEngine()), new Sha1Digest(), new Sha1Digest(), 24, TlsCipherSuite.KE_DHE_DSS);
|
||||
return createDesEdeCipherSuite(24, TlsCipherSuite.KE_DHE_DSS);
|
||||
|
||||
case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
|
||||
return new TlsBlockCipherCipherSuite(new CbcBlockCipher(new DesEdeEngine()), new CbcBlockCipher(new DesEdeEngine()), new Sha1Digest(), new Sha1Digest(), 24, TlsCipherSuite.KE_DHE_RSA);
|
||||
return createDesEdeCipherSuite(24, TlsCipherSuite.KE_DHE_RSA);
|
||||
|
||||
case TLS_RSA_WITH_AES_128_CBC_SHA:
|
||||
return new TlsBlockCipherCipherSuite(new CbcBlockCipher(new AesFastEngine()), new CbcBlockCipher(new AesFastEngine()), new Sha1Digest(), new Sha1Digest(), 16, TlsCipherSuite.KE_RSA);
|
||||
return createAesCipherSuite(16, TlsCipherSuite.KE_RSA);
|
||||
|
||||
case TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
|
||||
return new TlsBlockCipherCipherSuite(new CbcBlockCipher(new AesFastEngine()), new CbcBlockCipher(new AesFastEngine()), new Sha1Digest(), new Sha1Digest(), 16, TlsCipherSuite.KE_DHE_DSS);
|
||||
return createAesCipherSuite(16, TlsCipherSuite.KE_DHE_DSS);
|
||||
|
||||
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
|
||||
return new TlsBlockCipherCipherSuite(new CbcBlockCipher(new AesFastEngine()), new CbcBlockCipher(new AesFastEngine()), new Sha1Digest(), new Sha1Digest(), 16, TlsCipherSuite.KE_DHE_RSA);
|
||||
return createAesCipherSuite(16, TlsCipherSuite.KE_DHE_RSA);
|
||||
|
||||
case TLS_RSA_WITH_AES_256_CBC_SHA:
|
||||
return new TlsBlockCipherCipherSuite(new CbcBlockCipher(new AesFastEngine()), new CbcBlockCipher(new AesFastEngine()), new Sha1Digest(), new Sha1Digest(), 32, TlsCipherSuite.KE_RSA);
|
||||
return createAesCipherSuite(32, TlsCipherSuite.KE_RSA);
|
||||
|
||||
case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
|
||||
return new TlsBlockCipherCipherSuite(new CbcBlockCipher(new AesFastEngine()), new CbcBlockCipher(new AesFastEngine()), new Sha1Digest(), new Sha1Digest(), 32, TlsCipherSuite.KE_DHE_DSS);
|
||||
return createAesCipherSuite(32, TlsCipherSuite.KE_DHE_DSS);
|
||||
|
||||
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
|
||||
return new TlsBlockCipherCipherSuite(new CbcBlockCipher(new AesFastEngine()), new CbcBlockCipher(new AesFastEngine()), new Sha1Digest(), new Sha1Digest(), 32, TlsCipherSuite.KE_DHE_RSA);
|
||||
return createAesCipherSuite(32, TlsCipherSuite.KE_DHE_RSA);
|
||||
|
||||
default:
|
||||
handler.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_handshake_failure);
|
||||
|
@ -88,5 +88,27 @@ namespace Org.BouncyCastle.Crypto.Tls
|
|||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
private static TlsCipherSuite createAesCipherSuite(int cipherKeySize, short keyExchange)
|
||||
{
|
||||
return new TlsBlockCipherCipherSuite(createAesCipher(), createAesCipher(),
|
||||
new Sha1Digest(), new Sha1Digest(), cipherKeySize, keyExchange);
|
||||
}
|
||||
|
||||
private static TlsCipherSuite createDesEdeCipherSuite(int cipherKeySize, short keyExchange)
|
||||
{
|
||||
return new TlsBlockCipherCipherSuite(createDesEdeCipher(), createDesEdeCipher(),
|
||||
new Sha1Digest(), new Sha1Digest(), cipherKeySize, keyExchange);
|
||||
}
|
||||
|
||||
private static CbcBlockCipher createAesCipher()
|
||||
{
|
||||
return new CbcBlockCipher(new AesFastEngine());
|
||||
}
|
||||
|
||||
private static CbcBlockCipher createDesEdeCipher()
|
||||
{
|
||||
return new CbcBlockCipher(new DesEdeEngine());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -88,7 +88,7 @@ namespace Org.BouncyCastle.Pkcs
|
|||
}
|
||||
|
||||
// TODO Consider making obsolete
|
||||
// [Obsolete("User 'Pkcs12StoreBuilder' instead")]
|
||||
// [Obsolete("Use 'Pkcs12StoreBuilder' instead")]
|
||||
public Pkcs12Store()
|
||||
: this(PkcsObjectIdentifiers.PbeWithShaAnd3KeyTripleDesCbc,
|
||||
PkcsObjectIdentifiers.PbewithShaAnd40BitRC2Cbc)
|
||||
|
@ -96,7 +96,7 @@ namespace Org.BouncyCastle.Pkcs
|
|||
}
|
||||
|
||||
// TODO Consider making obsolete
|
||||
// [Obsolete("User 'Pkcs12StoreBuilder' and 'Load' method instead")]
|
||||
// [Obsolete("Use 'Pkcs12StoreBuilder' and 'Load' method instead")]
|
||||
public Pkcs12Store(
|
||||
Stream input,
|
||||
char[] password)
|
||||
|
@ -202,8 +202,19 @@ namespace Org.BouncyCastle.Pkcs
|
|||
attr = attrSet[0];
|
||||
|
||||
// TODO We might want to "merge" attribute sets with
|
||||
// the same OID - currently, it is an error
|
||||
attributes.Add(aOid.Id, attr);
|
||||
// the same OID - currently, differing values give an error
|
||||
if (attributes.ContainsKey(aOid.Id))
|
||||
{
|
||||
// OK, but the value has to be the same
|
||||
if (!attributes[aOid.Id].Equals(attr))
|
||||
{
|
||||
throw new IOException("attempt to add existing attribute with different value");
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
attributes.Add(aOid.Id, attr);
|
||||
}
|
||||
|
||||
if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName))
|
||||
{
|
||||
|
@ -293,8 +304,19 @@ namespace Org.BouncyCastle.Pkcs
|
|||
attr = attrSet[0];
|
||||
|
||||
// TODO We might want to "merge" attribute sets with
|
||||
// the same OID - currently, it is an error
|
||||
attributes.Add(aOid.Id, attr);
|
||||
// the same OID - currently, differing values give an error
|
||||
if (attributes.ContainsKey(aOid.Id))
|
||||
{
|
||||
// OK, but the value has to be the same
|
||||
if (!attributes[aOid.Id].Equals(attr))
|
||||
{
|
||||
throw new IOException("attempt to add existing attribute with different value");
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
attributes.Add(aOid.Id, attr);
|
||||
}
|
||||
|
||||
if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName))
|
||||
{
|
||||
|
@ -350,8 +372,19 @@ namespace Org.BouncyCastle.Pkcs
|
|||
attr = attrSet[0];
|
||||
|
||||
// TODO We might want to "merge" attribute sets with
|
||||
// the same OID - currently, it is an error
|
||||
attributes.Add(aOid.Id, attr);
|
||||
// the same OID - currently, differing values give an error
|
||||
if (attributes.ContainsKey(aOid.Id))
|
||||
{
|
||||
// OK, but the value has to be the same
|
||||
if (!attributes[aOid.Id].Equals(attr))
|
||||
{
|
||||
throw new IOException("attempt to add existing attribute with different value");
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
attributes.Add(aOid.Id, attr);
|
||||
}
|
||||
|
||||
if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName))
|
||||
{
|
||||
|
@ -427,8 +460,19 @@ namespace Org.BouncyCastle.Pkcs
|
|||
Asn1Encodable attr = attrSet[0];
|
||||
|
||||
// TODO We might want to "merge" attribute sets with
|
||||
// the same OID - currently, it is an error
|
||||
attributes.Add(aOid.Id, attr);
|
||||
// the same OID - currently, differing values give an error
|
||||
if (attributes.ContainsKey(aOid.Id))
|
||||
{
|
||||
// OK, but the value has to be the same
|
||||
if (!attributes[aOid.Id].Equals(attr))
|
||||
{
|
||||
throw new IOException("attempt to add existing attribute with different value");
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
attributes.Add(aOid.Id, attr);
|
||||
}
|
||||
|
||||
if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName))
|
||||
{
|
||||
|
|
|
@ -15,47 +15,47 @@ using Org.BouncyCastle.Utilities;
|
|||
|
||||
namespace Org.BouncyCastle.Pkcs
|
||||
{
|
||||
public sealed class PrivateKeyInfoFactory
|
||||
{
|
||||
private PrivateKeyInfoFactory()
|
||||
{
|
||||
}
|
||||
public sealed class PrivateKeyInfoFactory
|
||||
{
|
||||
private PrivateKeyInfoFactory()
|
||||
{
|
||||
}
|
||||
|
||||
public static PrivateKeyInfo CreatePrivateKeyInfo(
|
||||
public static PrivateKeyInfo CreatePrivateKeyInfo(
|
||||
AsymmetricKeyParameter key)
|
||||
{
|
||||
{
|
||||
if (key == null)
|
||||
throw new ArgumentNullException("key");
|
||||
if (!key.IsPrivate)
|
||||
throw new ArgumentException("Public key passed - private key expected", "key");
|
||||
|
||||
if (key is ElGamalPrivateKeyParameters)
|
||||
{
|
||||
ElGamalPrivateKeyParameters _key = (ElGamalPrivateKeyParameters)key;
|
||||
return new PrivateKeyInfo(
|
||||
new AlgorithmIdentifier(
|
||||
OiwObjectIdentifiers.ElGamalAlgorithm,
|
||||
new ElGamalParameter(
|
||||
_key.Parameters.P,
|
||||
_key.Parameters.G).ToAsn1Object()),
|
||||
{
|
||||
ElGamalPrivateKeyParameters _key = (ElGamalPrivateKeyParameters)key;
|
||||
return new PrivateKeyInfo(
|
||||
new AlgorithmIdentifier(
|
||||
OiwObjectIdentifiers.ElGamalAlgorithm,
|
||||
new ElGamalParameter(
|
||||
_key.Parameters.P,
|
||||
_key.Parameters.G).ToAsn1Object()),
|
||||
new DerInteger(_key.X));
|
||||
}
|
||||
|
||||
if (key is DsaPrivateKeyParameters)
|
||||
{
|
||||
DsaPrivateKeyParameters _key = (DsaPrivateKeyParameters)key;
|
||||
return new PrivateKeyInfo(
|
||||
new AlgorithmIdentifier(
|
||||
X9ObjectIdentifiers.IdDsa,
|
||||
new DsaParameter(
|
||||
_key.Parameters.P,
|
||||
_key.Parameters.Q,
|
||||
_key.Parameters.G).ToAsn1Object()),
|
||||
{
|
||||
DsaPrivateKeyParameters _key = (DsaPrivateKeyParameters)key;
|
||||
return new PrivateKeyInfo(
|
||||
new AlgorithmIdentifier(
|
||||
X9ObjectIdentifiers.IdDsa,
|
||||
new DsaParameter(
|
||||
_key.Parameters.P,
|
||||
_key.Parameters.Q,
|
||||
_key.Parameters.G).ToAsn1Object()),
|
||||
new DerInteger(_key.X));
|
||||
}
|
||||
}
|
||||
|
||||
if (key is DHPrivateKeyParameters)
|
||||
{
|
||||
{
|
||||
/*
|
||||
Process DH private key.
|
||||
The value for L was set to zero implicitly.
|
||||
|
@ -68,11 +68,11 @@ namespace Org.BouncyCastle.Pkcs
|
|||
_key.Parameters.P, _key.Parameters.G, 0);
|
||||
|
||||
return new PrivateKeyInfo(
|
||||
new AlgorithmIdentifier(
|
||||
PkcsObjectIdentifiers.DhKeyAgreement,
|
||||
withNewL.ToAsn1Object()),
|
||||
new AlgorithmIdentifier(
|
||||
PkcsObjectIdentifiers.DhKeyAgreement,
|
||||
withNewL.ToAsn1Object()),
|
||||
new DerInteger(_key.X));
|
||||
}
|
||||
}
|
||||
|
||||
if (key is RsaKeyParameters)
|
||||
{
|
||||
|
@ -113,8 +113,8 @@ namespace Org.BouncyCastle.Pkcs
|
|||
}
|
||||
|
||||
if (key is ECPrivateKeyParameters)
|
||||
{
|
||||
ECPrivateKeyParameters _key = (ECPrivateKeyParameters)key;
|
||||
{
|
||||
ECPrivateKeyParameters _key = (ECPrivateKeyParameters)key;
|
||||
AlgorithmIdentifier algID;
|
||||
|
||||
if (_key.AlgorithmName == "ECGOST3410")
|
||||
|
@ -174,7 +174,7 @@ namespace Org.BouncyCastle.Pkcs
|
|||
}
|
||||
|
||||
throw new ArgumentException("Class provided is not convertible: " + key.GetType().FullName);
|
||||
}
|
||||
}
|
||||
|
||||
public static PrivateKeyInfo CreatePrivateKeyInfo(
|
||||
char[] passPhrase,
|
||||
|
@ -187,9 +187,9 @@ namespace Org.BouncyCastle.Pkcs
|
|||
char[] passPhrase,
|
||||
bool wrongPkcs12Zero,
|
||||
EncryptedPrivateKeyInfo encInfo)
|
||||
{
|
||||
{
|
||||
AlgorithmIdentifier algID = encInfo.EncryptionAlgorithm;
|
||||
IBufferedCipher cipher = PbeUtilities.CreateEngine(algID.ObjectID) as IBufferedCipher;
|
||||
IBufferedCipher cipher = PbeUtilities.CreateEngine(algID) as IBufferedCipher;
|
||||
|
||||
if (cipher == null)
|
||||
{
|
||||
|
@ -197,7 +197,7 @@ namespace Org.BouncyCastle.Pkcs
|
|||
}
|
||||
|
||||
ICipherParameters keyParameters = PbeUtilities.GenerateCipherParameters(
|
||||
algID.ObjectID, passPhrase, wrongPkcs12Zero, algID.Parameters);
|
||||
algID, passPhrase, wrongPkcs12Zero);
|
||||
|
||||
cipher.Init(false, keyParameters);
|
||||
|
||||
|
@ -206,6 +206,6 @@ namespace Org.BouncyCastle.Pkcs
|
|||
Asn1Object asn1Data = Asn1Object.FromByteArray(encoding);
|
||||
|
||||
return PrivateKeyInfo.GetInstance(asn1Data);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -64,7 +64,6 @@ namespace Org.BouncyCastle.Pkix
|
|||
selector.Subject = principals[i];
|
||||
|
||||
issuers.AddAll(PkixCertPathValidatorUtilities.FindCertificates(selector, pkixParams.GetStores()));
|
||||
issuers.AddAll(PkixCertPathValidatorUtilities.FindCertificates(selector, pkixParams.GetX509Stores()));
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
|
|
|
@ -48,7 +48,6 @@ namespace Org.BouncyCastle.Pkix
|
|||
try
|
||||
{
|
||||
targets.AddAll(PkixCertPathValidatorUtilities.FindCertificates((X509CertStoreSelector)certSelect, pkixParams.GetStores()));
|
||||
targets.AddAll(PkixCertPathValidatorUtilities.FindCertificates((X509CertStoreSelector)certSelect, pkixParams.GetX509Stores()));
|
||||
// TODO Should this include an entry for pkixParams.GetAdditionalStores() too?
|
||||
}
|
||||
catch (Exception e)
|
||||
|
|
|
@ -301,14 +301,14 @@ namespace Org.BouncyCastle.Pkix
|
|||
// use all purpose parameters
|
||||
//X509LDAPCertStoreParameters ldapParams = new X509LDAPCertStoreParameters.Builder(
|
||||
// url, baseDN).build();
|
||||
//pkixParams.addAddionalStore(X509Store.getInstance(
|
||||
// "CERTIFICATE/LDAP", ldapParams, "BC"));
|
||||
//pkixParams.addAddionalStore(X509Store.getInstance(
|
||||
// "CRL/LDAP", ldapParams, "BC"));
|
||||
//pkixParams.addAddionalStore(X509Store.getInstance(
|
||||
// "ATTRIBUTECERTIFICATE/LDAP", ldapParams, "BC"));
|
||||
//pkixParams.addAddionalStore(X509Store.getInstance(
|
||||
// "CERTIFICATEPAIR/LDAP", ldapParams, "BC"));
|
||||
//pkixParams.AddAdditionalStore(X509Store.getInstance(
|
||||
// "CERTIFICATE/LDAP", ldapParams));
|
||||
//pkixParams.AddAdditionalStore(X509Store.getInstance(
|
||||
// "CRL/LDAP", ldapParams));
|
||||
//pkixParams.AddAdditionalStore(X509Store.getInstance(
|
||||
// "ATTRIBUTECERTIFICATE/LDAP", ldapParams));
|
||||
//pkixParams.AddAdditionalStore(X509Store.getInstance(
|
||||
// "CERTIFICATEPAIR/LDAP", ldapParams));
|
||||
}
|
||||
}
|
||||
catch (Exception)
|
||||
|
@ -938,7 +938,6 @@ namespace Org.BouncyCastle.Pkix
|
|||
{
|
||||
crls.AddAll(PkixCertPathValidatorUtilities.FindCrls(crlselect, paramsPKIX.GetStores()));
|
||||
crls.AddAll(PkixCertPathValidatorUtilities.FindCrls(crlselect, paramsPKIX.GetAdditionalStores()));
|
||||
crls.AddAll(PkixCertPathValidatorUtilities.FindCrls(crlselect, paramsPKIX.GetX509Stores()));
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
|
@ -1040,7 +1039,6 @@ namespace Org.BouncyCastle.Pkix
|
|||
{
|
||||
temp.AddAll(PkixCertPathValidatorUtilities.FindCrls(deltaSelect, paramsPKIX.GetAdditionalStores()));
|
||||
temp.AddAll(PkixCertPathValidatorUtilities.FindCrls(deltaSelect, paramsPKIX.GetStores()));
|
||||
temp.AddAll(PkixCertPathValidatorUtilities.FindCrls(deltaSelect, paramsPKIX.GetX509Stores()));
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
|
@ -1235,7 +1233,6 @@ namespace Org.BouncyCastle.Pkix
|
|||
{
|
||||
ArrayList matches = new ArrayList();
|
||||
|
||||
matches.AddRange(PkixCertPathValidatorUtilities.FindCertificates(certSelect, pkixParams.GetX509Stores()));
|
||||
matches.AddRange(PkixCertPathValidatorUtilities.FindCertificates(certSelect, pkixParams.GetStores()));
|
||||
matches.AddRange(PkixCertPathValidatorUtilities.FindCertificates(certSelect, pkixParams.GetAdditionalStores()));
|
||||
|
||||
|
|
|
@ -13,7 +13,6 @@ namespace Org.BouncyCastle.Pkix
|
|||
public class PkixParameters
|
||||
// : ICertPathParameters
|
||||
{
|
||||
// TODO Put the validity models in an enumeration?
|
||||
/**
|
||||
* This is the default PKIX validity model. Actually there are two variants
|
||||
* of this: The PKIX model and the modified PKIX model. The PKIX model
|
||||
|
@ -42,9 +41,6 @@ namespace Org.BouncyCastle.Pkix
|
|||
private ISet trustAnchors;
|
||||
private DateTimeObject date;
|
||||
private IList certPathCheckers;
|
||||
// TODO Decide whether to separate into certs/crl stores
|
||||
// TODO ExtendedPkixParameters already has stores?
|
||||
private ArrayList x509Stores;
|
||||
private bool revocationEnabled = true;
|
||||
private ISet initialPolicies;
|
||||
//private bool checkOnlyEECertificateCrl = false;
|
||||
|
@ -53,7 +49,7 @@ namespace Org.BouncyCastle.Pkix
|
|||
private bool policyMappingInhibited = false;
|
||||
private bool policyQualifiersRejected = true;
|
||||
private IX509Selector certSelector;
|
||||
private IList stores; /// TODO Redundant with other stores above?
|
||||
private IList stores;
|
||||
private IX509Selector selector;
|
||||
private bool additionalLocationsEnabled;
|
||||
private IList additionalStores;
|
||||
|
@ -89,7 +85,6 @@ namespace Org.BouncyCastle.Pkix
|
|||
|
||||
this.initialPolicies = new HashSet();
|
||||
this.certPathCheckers = new ArrayList();
|
||||
this.x509Stores = new ArrayList();
|
||||
this.stores = new ArrayList();
|
||||
this.additionalStores = new ArrayList();
|
||||
this.trustedACIssuers = new HashSet();
|
||||
|
@ -98,7 +93,7 @@ namespace Org.BouncyCastle.Pkix
|
|||
this.attrCertCheckers = new HashSet();
|
||||
}
|
||||
|
||||
// TODO implement for Pkcs12Store?
|
||||
// // TODO implement for other keystores (see Java build)?
|
||||
// /**
|
||||
// * Creates an instance of <code>PKIXParameters</code> that
|
||||
// * populates the set of most-trusted CAs from the trusted
|
||||
|
@ -114,27 +109,30 @@ namespace Org.BouncyCastle.Pkix
|
|||
// * @throws NullPointerException if the keystore is <code>null</code>
|
||||
// */
|
||||
// public PkixParameters(
|
||||
// KeyStore keystore)
|
||||
// Pkcs12Store keystore)
|
||||
//// throws KeyStoreException, InvalidAlgorithmParameterException
|
||||
// {
|
||||
// if (keystore == null)
|
||||
// throw new ArgumentNullException("keystore");
|
||||
// ISet hashSet = new HashSet();
|
||||
// foreach (string alias in keystore.aliases())
|
||||
// ISet trustAnchors = new HashSet();
|
||||
// foreach (string alias in keystore.Aliases)
|
||||
// {
|
||||
// if (keystore.isCertificateEntry(alias))
|
||||
// if (keystore.IsCertificateEntry(alias))
|
||||
// {
|
||||
// Certificate cert = keystore.getCertificate(alias);
|
||||
// if (cert is X509Certificate)
|
||||
// {
|
||||
// hashSet.add(new TrustAnchor((X509Certificate)cert, null));
|
||||
// }
|
||||
// X509CertificateEntry x509Entry = keystore.GetCertificate(alias);
|
||||
// trustAnchors.Add(new TrustAnchor(x509Entry.Certificate, null));
|
||||
// }
|
||||
// }
|
||||
// SetTrustAnchors(hashSet);
|
||||
// SetTrustAnchors(trustAnchors);
|
||||
//
|
||||
// this.initialPolicies = new HashSet();
|
||||
// this.certPathCheckers = new ArrayList();
|
||||
// this.x509Stores = new ArrayList();
|
||||
// this.stores = new ArrayList();
|
||||
// this.additionalStores = new ArrayList();
|
||||
// this.trustedACIssuers = new HashSet();
|
||||
// this.necessaryACAttributes = new HashSet();
|
||||
// this.prohibitedACAttributes = new HashSet();
|
||||
// this.attrCertCheckers = new HashSet();
|
||||
// }
|
||||
|
||||
public virtual bool IsRevocationEnabled
|
||||
|
@ -206,58 +204,6 @@ namespace Org.BouncyCastle.Pkix
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the list of IX509Store's to be used in finding certificates and CRLs.
|
||||
* May be null, in which case no IX509Store's will be used. The first
|
||||
* IX509Store's in the list may be preferred to those that appear later.<br />
|
||||
* <br />
|
||||
* Note that the IList is copied to protect against subsequent modifications.<br />
|
||||
* <br />
|
||||
*
|
||||
* @param stores
|
||||
* a IList of IX509Store's (or <code>null</code>)
|
||||
*
|
||||
* @exception InvalidCastException
|
||||
* if any of the elements in the list are not of type
|
||||
* <code>IX509Store</code>
|
||||
*
|
||||
* @see #GetX509Stores()
|
||||
*/
|
||||
public virtual void SetX509Stores(
|
||||
IList stores)
|
||||
{
|
||||
ArrayList newStores = new ArrayList();
|
||||
|
||||
if (stores != null && stores.Count != 0)
|
||||
{
|
||||
foreach (IX509Store obj in stores)
|
||||
{
|
||||
newStores.Add(obj);
|
||||
}
|
||||
|
||||
this.x509Stores = newStores;
|
||||
}
|
||||
}
|
||||
|
||||
public virtual void AddX509Store(
|
||||
IX509Store x509Store)
|
||||
{
|
||||
this.x509Stores.Add(x509Store);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns an immutable List of IX509Stores that are used to find certificates.
|
||||
*
|
||||
* @return an immutable List of IX509Stores (may be empty, but never
|
||||
* <code>null</code>)
|
||||
*
|
||||
* @see #setCertStores(java.util.List)
|
||||
*/
|
||||
public virtual IList GetX509Stores()
|
||||
{
|
||||
return new ArrayList(x509Stores);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the required constraints on the target certificate. The
|
||||
* constraints are returned as an instance of CertSelector. If
|
||||
|
@ -506,7 +452,6 @@ namespace Org.BouncyCastle.Pkix
|
|||
{
|
||||
Date = parameters.Date;
|
||||
SetCertPathCheckers(parameters.GetCertPathCheckers());
|
||||
SetX509Stores(parameters.GetX509Stores());
|
||||
IsAnyPolicyInhibited = parameters.IsAnyPolicyInhibited;
|
||||
IsExplicitPolicyRequired = parameters.IsExplicitPolicyRequired;
|
||||
IsPolicyMappingInhibited = parameters.IsPolicyMappingInhibited;
|
||||
|
@ -608,7 +553,7 @@ namespace Org.BouncyCastle.Pkix
|
|||
}
|
||||
|
||||
/**
|
||||
* Adds a additional Bouncy Castle {@link Store} to find CRLs, certificates,
|
||||
* Adds an additional Bouncy Castle {@link Store} to find CRLs, certificates,
|
||||
* attribute certificates or cross certificates.
|
||||
* <p>
|
||||
* You should not use this method. This method is used for adding additional
|
||||
|
@ -622,7 +567,7 @@ namespace Org.BouncyCastle.Pkix
|
|||
* @param store The store to add.
|
||||
* @see #getStores()
|
||||
*/
|
||||
public virtual void AddAddionalStore(
|
||||
public virtual void AddAdditionalStore(
|
||||
IX509Store store)
|
||||
{
|
||||
if (store != null)
|
||||
|
|
|
@ -747,7 +747,6 @@ namespace Org.BouncyCastle.Pkix
|
|||
{
|
||||
coll.AddRange(PkixCertPathValidatorUtilities.FindCertificates(selector, paramsPKIX.GetStores()));
|
||||
coll.AddRange(PkixCertPathValidatorUtilities.FindCertificates(selector, paramsPKIX.GetAdditionalStores()));
|
||||
coll.AddRange(PkixCertPathValidatorUtilities.FindCertificates(selector, paramsPKIX.GetX509Stores()));
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
|
@ -1445,7 +1444,6 @@ namespace Org.BouncyCastle.Pkix
|
|||
{
|
||||
completeSet.AddAll(PkixCertPathValidatorUtilities.FindCrls(crlselect, paramsPKIX.GetAdditionalStores()));
|
||||
completeSet.AddAll(PkixCertPathValidatorUtilities.FindCrls(crlselect, paramsPKIX.GetStores()));
|
||||
completeSet.AddAll(PkixCertPathValidatorUtilities.FindCrls(crlselect, paramsPKIX.GetX509Stores()));
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
|
|
|
@ -21,13 +21,13 @@ using Org.BouncyCastle.Crypto.Paddings;
|
|||
|
||||
namespace Org.BouncyCastle.Security
|
||||
{
|
||||
/// <remarks>
|
||||
/// Cipher Utility class contains methods that can not be specifically grouped into other classes.
|
||||
/// </remarks>
|
||||
public sealed class CipherUtilities
|
||||
{
|
||||
private static readonly Hashtable algorithms = new Hashtable();
|
||||
private static readonly Hashtable oids = new Hashtable();
|
||||
/// <remarks>
|
||||
/// Cipher Utility class contains methods that can not be specifically grouped into other classes.
|
||||
/// </remarks>
|
||||
public sealed class CipherUtilities
|
||||
{
|
||||
private static readonly Hashtable algorithms = new Hashtable();
|
||||
private static readonly Hashtable oids = new Hashtable();
|
||||
|
||||
static CipherUtilities()
|
||||
{
|
||||
|
@ -71,6 +71,10 @@ namespace Org.BouncyCastle.Security
|
|||
algorithms[PkcsObjectIdentifiers.RsaEncryption.Id] = "RSA//PKCS1PADDING";
|
||||
|
||||
algorithms[OiwObjectIdentifiers.DesCbc.Id] = "DES/CBC";
|
||||
algorithms[OiwObjectIdentifiers.DesCfb.Id] = "DES/CFB";
|
||||
algorithms[OiwObjectIdentifiers.DesEcb.Id] = "DES/ECB";
|
||||
algorithms[OiwObjectIdentifiers.DesOfb.Id] = "DES/OFB";
|
||||
algorithms[OiwObjectIdentifiers.DesEde.Id] = "DESEDE";
|
||||
algorithms[PkcsObjectIdentifiers.DesEde3Cbc.Id] = "DESEDE/CBC";
|
||||
algorithms[PkcsObjectIdentifiers.RC2Cbc.Id] = "RC2/CBC";
|
||||
algorithms["1.3.6.1.4.1.188.7.1.1.2"] = "IDEA/CBC";
|
||||
|
@ -134,18 +138,18 @@ namespace Org.BouncyCastle.Security
|
|||
}
|
||||
|
||||
private CipherUtilities()
|
||||
{
|
||||
}
|
||||
{
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Returns a ObjectIdentifier for a give encoding.
|
||||
/// </summary>
|
||||
/// <param name="mechanism">A string representation of the encoding.</param>
|
||||
/// <returns>A DerObjectIdentifier, null if the Oid is not available.</returns>
|
||||
/// Returns a ObjectIdentifier for a give encoding.
|
||||
/// </summary>
|
||||
/// <param name="mechanism">A string representation of the encoding.</param>
|
||||
/// <returns>A DerObjectIdentifier, null if the Oid is not available.</returns>
|
||||
// TODO Don't really want to support this
|
||||
public static DerObjectIdentifier GetObjectIdentifier(
|
||||
string mechanism)
|
||||
{
|
||||
string mechanism)
|
||||
{
|
||||
if (mechanism == null)
|
||||
throw new ArgumentNullException("mechanism");
|
||||
|
||||
|
@ -156,22 +160,22 @@ namespace Org.BouncyCastle.Security
|
|||
mechanism = aliased;
|
||||
|
||||
return (DerObjectIdentifier) oids[mechanism];
|
||||
}
|
||||
}
|
||||
|
||||
public static ICollection Algorithms
|
||||
{
|
||||
get { return oids.Keys; }
|
||||
}
|
||||
{
|
||||
get { return oids.Keys; }
|
||||
}
|
||||
|
||||
public static IBufferedCipher GetCipher(
|
||||
DerObjectIdentifier oid)
|
||||
{
|
||||
return GetCipher(oid.Id);
|
||||
}
|
||||
DerObjectIdentifier oid)
|
||||
{
|
||||
return GetCipher(oid.Id);
|
||||
}
|
||||
|
||||
public static IBufferedCipher GetCipher(
|
||||
string algorithm)
|
||||
{
|
||||
string algorithm)
|
||||
{
|
||||
if (algorithm == null)
|
||||
throw new ArgumentNullException("algorithm");
|
||||
|
||||
|
@ -198,11 +202,11 @@ namespace Org.BouncyCastle.Security
|
|||
{
|
||||
return new BufferedIesCipher(
|
||||
new IesEngine(
|
||||
iesAgreement,
|
||||
new Kdf2BytesGenerator(
|
||||
new Sha1Digest()),
|
||||
new HMac(
|
||||
new Sha1Digest())));
|
||||
iesAgreement,
|
||||
new Kdf2BytesGenerator(
|
||||
new Sha1Digest()),
|
||||
new HMac(
|
||||
new Sha1Digest())));
|
||||
}
|
||||
|
||||
|
||||
|
@ -248,7 +252,7 @@ namespace Org.BouncyCastle.Security
|
|||
string[] parts = algorithm.Split('/');
|
||||
|
||||
IBlockCipher blockCipher = null;
|
||||
IAsymmetricBlockCipher asymBlockCipher = null;
|
||||
IAsymmetricBlockCipher asymBlockCipher = null;
|
||||
IStreamCipher streamCipher = null;
|
||||
|
||||
switch (parts[0])
|
||||
|
@ -365,7 +369,7 @@ namespace Org.BouncyCastle.Security
|
|||
IAeadBlockCipher aeadBlockCipher = null;
|
||||
|
||||
if (parts.Length > 2)
|
||||
{
|
||||
{
|
||||
if (streamCipher != null)
|
||||
throw new ArgumentException("Paddings not used for stream ciphers");
|
||||
|
||||
|
@ -443,11 +447,11 @@ namespace Org.BouncyCastle.Security
|
|||
default:
|
||||
throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
string mode = "";
|
||||
if (parts.Length > 1)
|
||||
{
|
||||
{
|
||||
mode = parts[1];
|
||||
|
||||
int di = GetDigitIndex(mode);
|
||||
|
@ -512,7 +516,7 @@ namespace Org.BouncyCastle.Security
|
|||
default:
|
||||
throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (aeadBlockCipher != null)
|
||||
{
|
||||
|
@ -525,7 +529,7 @@ namespace Org.BouncyCastle.Security
|
|||
}
|
||||
|
||||
if (blockCipher != null)
|
||||
{
|
||||
{
|
||||
if (cts)
|
||||
{
|
||||
return new CtsBlockCipher(blockCipher);
|
||||
|
@ -542,21 +546,21 @@ namespace Org.BouncyCastle.Security
|
|||
}
|
||||
|
||||
return new PaddedBufferedBlockCipher(blockCipher);
|
||||
}
|
||||
}
|
||||
|
||||
if (asymBlockCipher != null)
|
||||
{
|
||||
return new BufferedAsymmetricBlockCipher(asymBlockCipher);
|
||||
}
|
||||
{
|
||||
return new BufferedAsymmetricBlockCipher(asymBlockCipher);
|
||||
}
|
||||
|
||||
throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
|
||||
}
|
||||
}
|
||||
|
||||
public static string GetAlgorithmName(
|
||||
public static string GetAlgorithmName(
|
||||
DerObjectIdentifier oid)
|
||||
{
|
||||
return (string) algorithms[oid.Id];
|
||||
}
|
||||
{
|
||||
return (string) algorithms[oid.Id];
|
||||
}
|
||||
|
||||
private static int GetDigitIndex(
|
||||
string s)
|
||||
|
|
|
@ -67,9 +67,13 @@ namespace Org.BouncyCastle.Security
|
|||
"1.2.840.113533.7.66.10");
|
||||
AddKgAlgorithm("CAST6");
|
||||
AddKgAlgorithm("DES",
|
||||
OiwObjectIdentifiers.DesCbc);
|
||||
OiwObjectIdentifiers.DesCbc,
|
||||
OiwObjectIdentifiers.DesCfb,
|
||||
OiwObjectIdentifiers.DesEcb,
|
||||
OiwObjectIdentifiers.DesOfb);
|
||||
AddKgAlgorithm("DESEDE",
|
||||
"DESEDEWRAP",
|
||||
OiwObjectIdentifiers.DesEde,
|
||||
PkcsObjectIdentifiers.IdAlgCms3DesWrap);
|
||||
AddKgAlgorithm("DESEDE3",
|
||||
PkcsObjectIdentifiers.DesEde3Cbc);
|
||||
|
|
|
@ -64,9 +64,13 @@ namespace Org.BouncyCastle.Security
|
|||
"1.2.840.113533.7.66.10");
|
||||
AddAlgorithm("CAST6");
|
||||
AddAlgorithm("DES",
|
||||
OiwObjectIdentifiers.DesCbc);
|
||||
OiwObjectIdentifiers.DesCbc,
|
||||
OiwObjectIdentifiers.DesCfb,
|
||||
OiwObjectIdentifiers.DesEcb,
|
||||
OiwObjectIdentifiers.DesOfb);
|
||||
AddAlgorithm("DESEDE",
|
||||
"DESEDEWRAP",
|
||||
OiwObjectIdentifiers.DesEde,
|
||||
PkcsObjectIdentifiers.IdAlgCms3DesWrap);
|
||||
AddAlgorithm("DESEDE3",
|
||||
PkcsObjectIdentifiers.DesEde3Cbc);
|
||||
|
|
|
@ -7,6 +7,7 @@ using Org.BouncyCastle.Asn1.Nist;
|
|||
using Org.BouncyCastle.Asn1.Oiw;
|
||||
using Org.BouncyCastle.Asn1.Pkcs;
|
||||
using Org.BouncyCastle.Asn1.TeleTrust;
|
||||
using Org.BouncyCastle.Asn1.X509;
|
||||
using Org.BouncyCastle.Crypto;
|
||||
using Org.BouncyCastle.Crypto.Digests;
|
||||
using Org.BouncyCastle.Crypto.Engines;
|
||||
|
@ -14,6 +15,7 @@ using Org.BouncyCastle.Crypto.Generators;
|
|||
using Org.BouncyCastle.Crypto.Macs;
|
||||
using Org.BouncyCastle.Crypto.Modes;
|
||||
using Org.BouncyCastle.Crypto.Paddings;
|
||||
using Org.BouncyCastle.Crypto.Parameters;
|
||||
|
||||
namespace Org.BouncyCastle.Security
|
||||
{
|
||||
|
@ -39,6 +41,8 @@ namespace Org.BouncyCastle.Security
|
|||
{
|
||||
algorithms["PKCS5SCHEME1"] = "Pkcs5scheme1";
|
||||
algorithms["PKCS5SCHEME2"] = "Pkcs5scheme2";
|
||||
algorithms[PkcsObjectIdentifiers.IdPbeS2.Id] = "Pkcs5scheme2";
|
||||
// algorithms[PkcsObjectIdentifiers.IdPbkdf2.Id] = "Pkcs5scheme2";
|
||||
algorithms["PBEWITHMD2ANDDES-CBC"] = "PBEwithMD2andDES-CBC";
|
||||
algorithms[PkcsObjectIdentifiers.PbeWithMD2AndDesCbc.Id] = "PBEwithMD2andDES-CBC";
|
||||
algorithms["PBEWITHMD2ANDRC2-CBC"] = "PBEwithMD2andRC2-CBC";
|
||||
|
@ -322,6 +326,14 @@ namespace Org.BouncyCastle.Security
|
|||
return GenerateCipherParameters(algorithmOid.Id, password, wrongPkcs12Zero, pbeParameters);
|
||||
}
|
||||
|
||||
public static ICipherParameters GenerateCipherParameters(
|
||||
AlgorithmIdentifier algID,
|
||||
char[] password,
|
||||
bool wrongPkcs12Zero)
|
||||
{
|
||||
return GenerateCipherParameters(algID.ObjectID.Id, password, wrongPkcs12Zero, algID.Parameters);
|
||||
}
|
||||
|
||||
public static ICipherParameters GenerateCipherParameters(
|
||||
string algorithm,
|
||||
char[] password,
|
||||
|
@ -496,6 +508,12 @@ namespace Org.BouncyCastle.Security
|
|||
return CreateEngine(algorithmOid.Id);
|
||||
}
|
||||
|
||||
public static object CreateEngine(
|
||||
AlgorithmIdentifier algID)
|
||||
{
|
||||
return CreateEngine(algID.ObjectID.Id);
|
||||
}
|
||||
|
||||
private static bool EndsWith(
|
||||
string s,
|
||||
string ending)
|
||||
|
|
Loading…
Reference in New Issue