ln-dotnet
/
iTextSharp-LGPL
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

BouncyCastle update. 

git-svn-id: svn://svn.code.sf.net/p/itextsharp/code/trunk@45 820d3149-562b-4f88-9aa4-a8e61a3485cf
master
psoares33 2009-07-01 15:07:44 +00:00
parent 1737ad65dd
commit 1ea1146eb1
14 changed files with 8317 additions and 8279 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/core/srcbc/asn1/pkcs/PrivateKeyInfo.cs
View File

@ -96,7 +96,7 @@ namespace Org.BouncyCastle.Asn1.Pkcs
}
/**
* write out an RSA private key with it's asscociated information
* write out an RSA private key with its associated information
* as described in Pkcs8.
* <pre>
* PrivateKeyInfo ::= Sequence {

4
src/core/srcbc/crypto/modes/SicBlockCipher.cs
View File

@ -55,6 +55,10 @@ namespace Org.BouncyCastle.Crypto.Modes
Reset();
cipher.Init(true, ivParam.Parameters);
}
else
{
throw new ArgumentException("SIC mode requires ParametersWithIV", "parameters");
}
}
public string AlgorithmName

40
src/core/srcbc/crypto/tls/TlsCipherSuiteManager.cs
View File

@ -53,31 +53,31 @@ namespace Org.BouncyCastle.Crypto.Tls
switch (number)
{
case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
return new TlsBlockCipherCipherSuite(new CbcBlockCipher(new DesEdeEngine()), new CbcBlockCipher(new DesEdeEngine()), new Sha1Digest(), new Sha1Digest(), 24, TlsCipherSuite.KE_RSA);
return createDesEdeCipherSuite(24, TlsCipherSuite.KE_RSA);
case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
return new TlsBlockCipherCipherSuite(new CbcBlockCipher(new DesEdeEngine()), new CbcBlockCipher(new DesEdeEngine()), new Sha1Digest(), new Sha1Digest(), 24, TlsCipherSuite.KE_DHE_DSS);
return createDesEdeCipherSuite(24, TlsCipherSuite.KE_DHE_DSS);
case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
return new TlsBlockCipherCipherSuite(new CbcBlockCipher(new DesEdeEngine()), new CbcBlockCipher(new DesEdeEngine()), new Sha1Digest(), new Sha1Digest(), 24, TlsCipherSuite.KE_DHE_RSA);
return createDesEdeCipherSuite(24, TlsCipherSuite.KE_DHE_RSA);
case TLS_RSA_WITH_AES_128_CBC_SHA:
return new TlsBlockCipherCipherSuite(new CbcBlockCipher(new AesFastEngine()), new CbcBlockCipher(new AesFastEngine()), new Sha1Digest(), new Sha1Digest(), 16, TlsCipherSuite.KE_RSA);
return createAesCipherSuite(16, TlsCipherSuite.KE_RSA);
case TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
return new TlsBlockCipherCipherSuite(new CbcBlockCipher(new AesFastEngine()), new CbcBlockCipher(new AesFastEngine()), new Sha1Digest(), new Sha1Digest(), 16, TlsCipherSuite.KE_DHE_DSS);
return createAesCipherSuite(16, TlsCipherSuite.KE_DHE_DSS);
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
return new TlsBlockCipherCipherSuite(new CbcBlockCipher(new AesFastEngine()), new CbcBlockCipher(new AesFastEngine()), new Sha1Digest(), new Sha1Digest(), 16, TlsCipherSuite.KE_DHE_RSA);
return createAesCipherSuite(16, TlsCipherSuite.KE_DHE_RSA);
case TLS_RSA_WITH_AES_256_CBC_SHA:
return new TlsBlockCipherCipherSuite(new CbcBlockCipher(new AesFastEngine()), new CbcBlockCipher(new AesFastEngine()), new Sha1Digest(), new Sha1Digest(), 32, TlsCipherSuite.KE_RSA);
return createAesCipherSuite(32, TlsCipherSuite.KE_RSA);
case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
return new TlsBlockCipherCipherSuite(new CbcBlockCipher(new AesFastEngine()), new CbcBlockCipher(new AesFastEngine()), new Sha1Digest(), new Sha1Digest(), 32, TlsCipherSuite.KE_DHE_DSS);
return createAesCipherSuite(32, TlsCipherSuite.KE_DHE_DSS);
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
return new TlsBlockCipherCipherSuite(new CbcBlockCipher(new AesFastEngine()), new CbcBlockCipher(new AesFastEngine()), new Sha1Digest(), new Sha1Digest(), 32, TlsCipherSuite.KE_DHE_RSA);
return createAesCipherSuite(32, TlsCipherSuite.KE_DHE_RSA);
default:
handler.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_handshake_failure);
@ -88,5 +88,27 @@ namespace Org.BouncyCastle.Crypto.Tls
return null;
}
}
private static TlsCipherSuite createAesCipherSuite(int cipherKeySize, short keyExchange)
{
return new TlsBlockCipherCipherSuite(createAesCipher(), createAesCipher(),
new Sha1Digest(), new Sha1Digest(), cipherKeySize, keyExchange);
}
private static TlsCipherSuite createDesEdeCipherSuite(int cipherKeySize, short keyExchange)
{
return new TlsBlockCipherCipherSuite(createDesEdeCipher(), createDesEdeCipher(),
new Sha1Digest(), new Sha1Digest(), cipherKeySize, keyExchange);
}
private static CbcBlockCipher createAesCipher()
{
return new CbcBlockCipher(new AesFastEngine());
}
private static CbcBlockCipher createDesEdeCipher()
{
return new CbcBlockCipher(new DesEdeEngine());
}
}
}

64
src/core/srcbc/pkcs/Pkcs12Store.cs
View File

@ -88,7 +88,7 @@ namespace Org.BouncyCastle.Pkcs
}
// TODO Consider making obsolete
// [Obsolete("User 'Pkcs12StoreBuilder' instead")]
// [Obsolete("Use 'Pkcs12StoreBuilder' instead")]
public Pkcs12Store()
: this(PkcsObjectIdentifiers.PbeWithShaAnd3KeyTripleDesCbc,
PkcsObjectIdentifiers.PbewithShaAnd40BitRC2Cbc)
@ -96,7 +96,7 @@ namespace Org.BouncyCastle.Pkcs
}
// TODO Consider making obsolete
// [Obsolete("User 'Pkcs12StoreBuilder' and 'Load' method instead")]
// [Obsolete("Use 'Pkcs12StoreBuilder' and 'Load' method instead")]
public Pkcs12Store(
Stream input,
char[] password)
@ -202,8 +202,19 @@ namespace Org.BouncyCastle.Pkcs
attr = attrSet[0];
// TODO We might want to "merge" attribute sets with
// the same OID - currently, it is an error
attributes.Add(aOid.Id, attr);
// the same OID - currently, differing values give an error
if (attributes.ContainsKey(aOid.Id))
{
// OK, but the value has to be the same
if (!attributes[aOid.Id].Equals(attr))
{
throw new IOException("attempt to add existing attribute with different value");
}
}
else
{
attributes.Add(aOid.Id, attr);
}
if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName))
{
@ -293,8 +304,19 @@ namespace Org.BouncyCastle.Pkcs
attr = attrSet[0];
// TODO We might want to "merge" attribute sets with
// the same OID - currently, it is an error
attributes.Add(aOid.Id, attr);
// the same OID - currently, differing values give an error
if (attributes.ContainsKey(aOid.Id))
{
// OK, but the value has to be the same
if (!attributes[aOid.Id].Equals(attr))
{
throw new IOException("attempt to add existing attribute with different value");
}
}
else
{
attributes.Add(aOid.Id, attr);
}
if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName))
{
@ -350,8 +372,19 @@ namespace Org.BouncyCastle.Pkcs
attr = attrSet[0];
// TODO We might want to "merge" attribute sets with
// the same OID - currently, it is an error
attributes.Add(aOid.Id, attr);
// the same OID - currently, differing values give an error
if (attributes.ContainsKey(aOid.Id))
{
// OK, but the value has to be the same
if (!attributes[aOid.Id].Equals(attr))
{
throw new IOException("attempt to add existing attribute with different value");
}
}
else
{
attributes.Add(aOid.Id, attr);
}
if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName))
{
@ -427,8 +460,19 @@ namespace Org.BouncyCastle.Pkcs
Asn1Encodable attr = attrSet[0];
// TODO We might want to "merge" attribute sets with
// the same OID - currently, it is an error
attributes.Add(aOid.Id, attr);
// the same OID - currently, differing values give an error
if (attributes.ContainsKey(aOid.Id))
{
// OK, but the value has to be the same
if (!attributes[aOid.Id].Equals(attr))
{
throw new IOException("attempt to add existing attribute with different value");
}
}
else
{
attributes.Add(aOid.Id, attr);
}
if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName))
{

76
src/core/srcbc/pkcs/PrivateKeyInfoFactory.cs
View File

@ -15,47 +15,47 @@ using Org.BouncyCastle.Utilities;
namespace Org.BouncyCastle.Pkcs
{
public sealed class PrivateKeyInfoFactory
{
private PrivateKeyInfoFactory()
{
}
public sealed class PrivateKeyInfoFactory
{
private PrivateKeyInfoFactory()
{
}
public static PrivateKeyInfo CreatePrivateKeyInfo(
public static PrivateKeyInfo CreatePrivateKeyInfo(
AsymmetricKeyParameter key)
{
{
if (key == null)
throw new ArgumentNullException("key");
if (!key.IsPrivate)
throw new ArgumentException("Public key passed - private key expected", "key");
if (key is ElGamalPrivateKeyParameters)
{
ElGamalPrivateKeyParameters _key = (ElGamalPrivateKeyParameters)key;
return new PrivateKeyInfo(
new AlgorithmIdentifier(
OiwObjectIdentifiers.ElGamalAlgorithm,
new ElGamalParameter(
_key.Parameters.P,
_key.Parameters.G).ToAsn1Object()),
{
ElGamalPrivateKeyParameters _key = (ElGamalPrivateKeyParameters)key;
return new PrivateKeyInfo(
new AlgorithmIdentifier(
OiwObjectIdentifiers.ElGamalAlgorithm,
new ElGamalParameter(
_key.Parameters.P,
_key.Parameters.G).ToAsn1Object()),
new DerInteger(_key.X));
}
if (key is DsaPrivateKeyParameters)
{
DsaPrivateKeyParameters _key = (DsaPrivateKeyParameters)key;
return new PrivateKeyInfo(
new AlgorithmIdentifier(
X9ObjectIdentifiers.IdDsa,
new DsaParameter(
_key.Parameters.P,
_key.Parameters.Q,
_key.Parameters.G).ToAsn1Object()),
{
DsaPrivateKeyParameters _key = (DsaPrivateKeyParameters)key;
return new PrivateKeyInfo(
new AlgorithmIdentifier(
X9ObjectIdentifiers.IdDsa,
new DsaParameter(
_key.Parameters.P,
_key.Parameters.Q,
_key.Parameters.G).ToAsn1Object()),
new DerInteger(_key.X));
}
}
if (key is DHPrivateKeyParameters)
{
{
/*
Process DH private key.
The value for L was set to zero implicitly.
@ -68,11 +68,11 @@ namespace Org.BouncyCastle.Pkcs
_key.Parameters.P, _key.Parameters.G, 0);
return new PrivateKeyInfo(
new AlgorithmIdentifier(
PkcsObjectIdentifiers.DhKeyAgreement,
withNewL.ToAsn1Object()),
new AlgorithmIdentifier(
PkcsObjectIdentifiers.DhKeyAgreement,
withNewL.ToAsn1Object()),
new DerInteger(_key.X));
}
}
if (key is RsaKeyParameters)
{
@ -113,8 +113,8 @@ namespace Org.BouncyCastle.Pkcs
}
if (key is ECPrivateKeyParameters)
{
ECPrivateKeyParameters _key = (ECPrivateKeyParameters)key;
{
ECPrivateKeyParameters _key = (ECPrivateKeyParameters)key;
AlgorithmIdentifier algID;
if (_key.AlgorithmName == "ECGOST3410")
@ -174,7 +174,7 @@ namespace Org.BouncyCastle.Pkcs
}
throw new ArgumentException("Class provided is not convertible: " + key.GetType().FullName);
}
}
public static PrivateKeyInfo CreatePrivateKeyInfo(
char[] passPhrase,
@ -187,9 +187,9 @@ namespace Org.BouncyCastle.Pkcs
char[] passPhrase,
bool wrongPkcs12Zero,
EncryptedPrivateKeyInfo encInfo)
{
{
AlgorithmIdentifier algID = encInfo.EncryptionAlgorithm;
IBufferedCipher cipher = PbeUtilities.CreateEngine(algID.ObjectID) as IBufferedCipher;
IBufferedCipher cipher = PbeUtilities.CreateEngine(algID) as IBufferedCipher;
if (cipher == null)
{
@ -197,7 +197,7 @@ namespace Org.BouncyCastle.Pkcs
}
ICipherParameters keyParameters = PbeUtilities.GenerateCipherParameters(
algID.ObjectID, passPhrase, wrongPkcs12Zero, algID.Parameters);
algID, passPhrase, wrongPkcs12Zero);
cipher.Init(false, keyParameters);
@ -206,6 +206,6 @@ namespace Org.BouncyCastle.Pkcs
Asn1Object asn1Data = Asn1Object.FromByteArray(encoding);
return PrivateKeyInfo.GetInstance(asn1Data);
}
}
}
}
}

1
src/core/srcbc/pkix/PkixAttrCertPathBuilder.cs
View File

@ -64,7 +64,6 @@ namespace Org.BouncyCastle.Pkix
selector.Subject = principals[i];
issuers.AddAll(PkixCertPathValidatorUtilities.FindCertificates(selector, pkixParams.GetStores()));
issuers.AddAll(PkixCertPathValidatorUtilities.FindCertificates(selector, pkixParams.GetX509Stores()));
}
catch (Exception e)
{

1
src/core/srcbc/pkix/PkixCertPathBuilder.cs
View File

@ -48,7 +48,6 @@ namespace Org.BouncyCastle.Pkix
try
{
targets.AddAll(PkixCertPathValidatorUtilities.FindCertificates((X509CertStoreSelector)certSelect, pkixParams.GetStores()));
targets.AddAll(PkixCertPathValidatorUtilities.FindCertificates((X509CertStoreSelector)certSelect, pkixParams.GetX509Stores()));
// TODO Should this include an entry for pkixParams.GetAdditionalStores() too?
}
catch (Exception e)

19
src/core/srcbc/pkix/PkixCertPathValidatorUtilities.cs
View File

@ -301,14 +301,14 @@ namespace Org.BouncyCastle.Pkix
// use all purpose parameters
//X509LDAPCertStoreParameters ldapParams = new X509LDAPCertStoreParameters.Builder(
// url, baseDN).build();
//pkixParams.addAddionalStore(X509Store.getInstance(
// "CERTIFICATE/LDAP", ldapParams, "BC"));
//pkixParams.addAddionalStore(X509Store.getInstance(
// "CRL/LDAP", ldapParams, "BC"));
//pkixParams.addAddionalStore(X509Store.getInstance(
// "ATTRIBUTECERTIFICATE/LDAP", ldapParams, "BC"));
//pkixParams.addAddionalStore(X509Store.getInstance(
// "CERTIFICATEPAIR/LDAP", ldapParams, "BC"));
//pkixParams.AddAdditionalStore(X509Store.getInstance(
// "CERTIFICATE/LDAP", ldapParams));
//pkixParams.AddAdditionalStore(X509Store.getInstance(
// "CRL/LDAP", ldapParams));
//pkixParams.AddAdditionalStore(X509Store.getInstance(
// "ATTRIBUTECERTIFICATE/LDAP", ldapParams));
//pkixParams.AddAdditionalStore(X509Store.getInstance(
// "CERTIFICATEPAIR/LDAP", ldapParams));
}
}
catch (Exception)
@ -938,7 +938,6 @@ namespace Org.BouncyCastle.Pkix
{
crls.AddAll(PkixCertPathValidatorUtilities.FindCrls(crlselect, paramsPKIX.GetStores()));
crls.AddAll(PkixCertPathValidatorUtilities.FindCrls(crlselect, paramsPKIX.GetAdditionalStores()));
crls.AddAll(PkixCertPathValidatorUtilities.FindCrls(crlselect, paramsPKIX.GetX509Stores()));
}
catch (Exception e)
{
@ -1040,7 +1039,6 @@ namespace Org.BouncyCastle.Pkix
{
temp.AddAll(PkixCertPathValidatorUtilities.FindCrls(deltaSelect, paramsPKIX.GetAdditionalStores()));
temp.AddAll(PkixCertPathValidatorUtilities.FindCrls(deltaSelect, paramsPKIX.GetStores()));
temp.AddAll(PkixCertPathValidatorUtilities.FindCrls(deltaSelect, paramsPKIX.GetX509Stores()));
}
catch (Exception e)
{
@ -1235,7 +1233,6 @@ namespace Org.BouncyCastle.Pkix
{
ArrayList matches = new ArrayList();
matches.AddRange(PkixCertPathValidatorUtilities.FindCertificates(certSelect, pkixParams.GetX509Stores()));
matches.AddRange(PkixCertPathValidatorUtilities.FindCertificates(certSelect, pkixParams.GetStores()));
matches.AddRange(PkixCertPathValidatorUtilities.FindCertificates(certSelect, pkixParams.GetAdditionalStores()));

91
src/core/srcbc/pkix/PkixParameters.cs
View File

@ -13,7 +13,6 @@ namespace Org.BouncyCastle.Pkix
public class PkixParameters
// : ICertPathParameters
{
// TODO Put the validity models in an enumeration?
/**
* This is the default PKIX validity model. Actually there are two variants
* of this: The PKIX model and the modified PKIX model. The PKIX model
@ -42,9 +41,6 @@ namespace Org.BouncyCastle.Pkix
private ISet trustAnchors;
private DateTimeObject date;
private IList certPathCheckers;
// TODO Decide whether to separate into certs/crl stores
// TODO ExtendedPkixParameters already has stores?
private ArrayList x509Stores;
private bool revocationEnabled = true;
private ISet initialPolicies;
//private bool checkOnlyEECertificateCrl = false;
@ -53,7 +49,7 @@ namespace Org.BouncyCastle.Pkix
private bool policyMappingInhibited = false;
private bool policyQualifiersRejected = true;
private IX509Selector certSelector;
private IList stores; /// TODO Redundant with other stores above?
private IList stores;
private IX509Selector selector;
private bool additionalLocationsEnabled;
private IList additionalStores;
@ -89,7 +85,6 @@ namespace Org.BouncyCastle.Pkix
this.initialPolicies = new HashSet();
this.certPathCheckers = new ArrayList();
this.x509Stores = new ArrayList();
this.stores = new ArrayList();
this.additionalStores = new ArrayList();
this.trustedACIssuers = new HashSet();
@ -98,7 +93,7 @@ namespace Org.BouncyCastle.Pkix
this.attrCertCheckers = new HashSet();
}
// TODO implement for Pkcs12Store?
// // TODO implement for other keystores (see Java build)?
// /**
// * Creates an instance of <code>PKIXParameters</code> that
// * populates the set of most-trusted CAs from the trusted
@ -114,27 +109,30 @@ namespace Org.BouncyCastle.Pkix
// * @throws NullPointerException if the keystore is <code>null</code>
// */
// public PkixParameters(
// KeyStore keystore)
// Pkcs12Store keystore)
//// throws KeyStoreException, InvalidAlgorithmParameterException
// {
// if (keystore == null)
// throw new ArgumentNullException("keystore");
// ISet hashSet = new HashSet();
// foreach (string alias in keystore.aliases())
// ISet trustAnchors = new HashSet();
// foreach (string alias in keystore.Aliases)
// {
// if (keystore.isCertificateEntry(alias))
// if (keystore.IsCertificateEntry(alias))
// {
// Certificate cert = keystore.getCertificate(alias);
// if (cert is X509Certificate)
// {
// hashSet.add(new TrustAnchor((X509Certificate)cert, null));
// }
// X509CertificateEntry x509Entry = keystore.GetCertificate(alias);
// trustAnchors.Add(new TrustAnchor(x509Entry.Certificate, null));
// }
// }
// SetTrustAnchors(hashSet);
// SetTrustAnchors(trustAnchors);
//
// this.initialPolicies = new HashSet();
// this.certPathCheckers = new ArrayList();
// this.x509Stores = new ArrayList();
// this.stores = new ArrayList();
// this.additionalStores = new ArrayList();
// this.trustedACIssuers = new HashSet();
// this.necessaryACAttributes = new HashSet();
// this.prohibitedACAttributes = new HashSet();
// this.attrCertCheckers = new HashSet();
// }
public virtual bool IsRevocationEnabled
@ -206,58 +204,6 @@ namespace Org.BouncyCastle.Pkix
}
}
/**
* Sets the list of IX509Store's to be used in finding certificates and CRLs.
* May be null, in which case no IX509Store's will be used. The first
* IX509Store's in the list may be preferred to those that appear later.<br />
* <br />
* Note that the IList is copied to protect against subsequent modifications.<br />
* <br />
*
* @param stores
* a IList of IX509Store's (or <code>null</code>)
*
* @exception InvalidCastException
* if any of the elements in the list are not of type
* <code>IX509Store</code>
*
* @see #GetX509Stores()
*/
public virtual void SetX509Stores(
IList stores)
{
ArrayList newStores = new ArrayList();
if (stores != null && stores.Count != 0)
{
foreach (IX509Store obj in stores)
{
newStores.Add(obj);
}
this.x509Stores = newStores;
}
}
public virtual void AddX509Store(
IX509Store x509Store)
{
this.x509Stores.Add(x509Store);
}
/**
* Returns an immutable List of IX509Stores that are used to find certificates.
*
* @return an immutable List of IX509Stores (may be empty, but never
* <code>null</code>)
*
* @see #setCertStores(java.util.List)
*/
public virtual IList GetX509Stores()
{
return new ArrayList(x509Stores);
}
/**
* Returns the required constraints on the target certificate. The
* constraints are returned as an instance of CertSelector. If
@ -506,7 +452,6 @@ namespace Org.BouncyCastle.Pkix
{
Date = parameters.Date;
SetCertPathCheckers(parameters.GetCertPathCheckers());
SetX509Stores(parameters.GetX509Stores());
IsAnyPolicyInhibited = parameters.IsAnyPolicyInhibited;
IsExplicitPolicyRequired = parameters.IsExplicitPolicyRequired;
IsPolicyMappingInhibited = parameters.IsPolicyMappingInhibited;
@ -608,7 +553,7 @@ namespace Org.BouncyCastle.Pkix
}
/**
* Adds a additional Bouncy Castle {@link Store} to find CRLs, certificates,
* Adds an additional Bouncy Castle {@link Store} to find CRLs, certificates,
* attribute certificates or cross certificates.
* <p>
* You should not use this method. This method is used for adding additional
@ -622,7 +567,7 @@ namespace Org.BouncyCastle.Pkix
* @param store The store to add.
* @see #getStores()
*/
public virtual void AddAddionalStore(
public virtual void AddAdditionalStore(
IX509Store store)
{
if (store != null)

2
src/core/srcbc/pkix/Rfc3280CertPathUtilities.cs
View File

@ -747,7 +747,6 @@ namespace Org.BouncyCastle.Pkix
{
coll.AddRange(PkixCertPathValidatorUtilities.FindCertificates(selector, paramsPKIX.GetStores()));
coll.AddRange(PkixCertPathValidatorUtilities.FindCertificates(selector, paramsPKIX.GetAdditionalStores()));
coll.AddRange(PkixCertPathValidatorUtilities.FindCertificates(selector, paramsPKIX.GetX509Stores()));
}
catch (Exception e)
{
@ -1445,7 +1444,6 @@ namespace Org.BouncyCastle.Pkix
{
completeSet.AddAll(PkixCertPathValidatorUtilities.FindCrls(crlselect, paramsPKIX.GetAdditionalStores()));
completeSet.AddAll(PkixCertPathValidatorUtilities.FindCrls(crlselect, paramsPKIX.GetStores()));
completeSet.AddAll(PkixCertPathValidatorUtilities.FindCrls(crlselect, paramsPKIX.GetX509Stores()));
}
catch (Exception e)
{

94
src/core/srcbc/security/CipherUtilities.cs
View File

@ -21,13 +21,13 @@ using Org.BouncyCastle.Crypto.Paddings;
namespace Org.BouncyCastle.Security
{
/// <remarks>
/// Cipher Utility class contains methods that can not be specifically grouped into other classes.
/// </remarks>
public sealed class CipherUtilities
{
private static readonly Hashtable algorithms = new Hashtable();
private static readonly Hashtable oids = new Hashtable();
/// <remarks>
/// Cipher Utility class contains methods that can not be specifically grouped into other classes.
/// </remarks>
public sealed class CipherUtilities
{
private static readonly Hashtable algorithms = new Hashtable();
private static readonly Hashtable oids = new Hashtable();
static CipherUtilities()
{
@ -71,6 +71,10 @@ namespace Org.BouncyCastle.Security
algorithms[PkcsObjectIdentifiers.RsaEncryption.Id] = "RSA//PKCS1PADDING";
algorithms[OiwObjectIdentifiers.DesCbc.Id] = "DES/CBC";
algorithms[OiwObjectIdentifiers.DesCfb.Id] = "DES/CFB";
algorithms[OiwObjectIdentifiers.DesEcb.Id] = "DES/ECB";
algorithms[OiwObjectIdentifiers.DesOfb.Id] = "DES/OFB";
algorithms[OiwObjectIdentifiers.DesEde.Id] = "DESEDE";
algorithms[PkcsObjectIdentifiers.DesEde3Cbc.Id] = "DESEDE/CBC";
algorithms[PkcsObjectIdentifiers.RC2Cbc.Id] = "RC2/CBC";
algorithms["1.3.6.1.4.1.188.7.1.1.2"] = "IDEA/CBC";
@ -134,18 +138,18 @@ namespace Org.BouncyCastle.Security
}
private CipherUtilities()
{
}
{
}
/// <summary>
/// Returns a ObjectIdentifier for a give encoding.
/// </summary>
/// <param name="mechanism">A string representation of the encoding.</param>
/// <returns>A DerObjectIdentifier, null if the Oid is not available.</returns>
/// Returns a ObjectIdentifier for a give encoding.
/// </summary>
/// <param name="mechanism">A string representation of the encoding.</param>
/// <returns>A DerObjectIdentifier, null if the Oid is not available.</returns>
// TODO Don't really want to support this
public static DerObjectIdentifier GetObjectIdentifier(
string mechanism)
{
string mechanism)
{
if (mechanism == null)
throw new ArgumentNullException("mechanism");
@ -156,22 +160,22 @@ namespace Org.BouncyCastle.Security
mechanism = aliased;
return (DerObjectIdentifier) oids[mechanism];
}
}
public static ICollection Algorithms
{
get { return oids.Keys; }
}
{
get { return oids.Keys; }
}
public static IBufferedCipher GetCipher(
DerObjectIdentifier oid)
{
return GetCipher(oid.Id);
}
DerObjectIdentifier oid)
{
return GetCipher(oid.Id);
}
public static IBufferedCipher GetCipher(
string algorithm)
{
string algorithm)
{
if (algorithm == null)
throw new ArgumentNullException("algorithm");
@ -198,11 +202,11 @@ namespace Org.BouncyCastle.Security
{
return new BufferedIesCipher(
new IesEngine(
iesAgreement,
new Kdf2BytesGenerator(
new Sha1Digest()),
new HMac(
new Sha1Digest())));
iesAgreement,
new Kdf2BytesGenerator(
new Sha1Digest()),
new HMac(
new Sha1Digest())));
}
@ -248,7 +252,7 @@ namespace Org.BouncyCastle.Security
string[] parts = algorithm.Split('/');
IBlockCipher blockCipher = null;
IAsymmetricBlockCipher asymBlockCipher = null;
IAsymmetricBlockCipher asymBlockCipher = null;
IStreamCipher streamCipher = null;
switch (parts[0])
@ -365,7 +369,7 @@ namespace Org.BouncyCastle.Security
IAeadBlockCipher aeadBlockCipher = null;
if (parts.Length > 2)
{
{
if (streamCipher != null)
throw new ArgumentException("Paddings not used for stream ciphers");
@ -443,11 +447,11 @@ namespace Org.BouncyCastle.Security
default:
throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
}
}
}
string mode = "";
if (parts.Length > 1)
{
{
mode = parts[1];
int di = GetDigitIndex(mode);
@ -512,7 +516,7 @@ namespace Org.BouncyCastle.Security
default:
throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
}
}
}
if (aeadBlockCipher != null)
{
@ -525,7 +529,7 @@ namespace Org.BouncyCastle.Security
}
if (blockCipher != null)
{
{
if (cts)
{
return new CtsBlockCipher(blockCipher);
@ -542,21 +546,21 @@ namespace Org.BouncyCastle.Security
}
return new PaddedBufferedBlockCipher(blockCipher);
}
}
if (asymBlockCipher != null)
{
return new BufferedAsymmetricBlockCipher(asymBlockCipher);
}
{
return new BufferedAsymmetricBlockCipher(asymBlockCipher);
}
throw new SecurityUtilityException("Cipher " + algorithm + " not recognised.");
}
}
public static string GetAlgorithmName(
public static string GetAlgorithmName(
DerObjectIdentifier oid)
{
return (string) algorithms[oid.Id];
}
{
return (string) algorithms[oid.Id];
}
private static int GetDigitIndex(
string s)

6
src/core/srcbc/security/GeneratorUtilities.cs
View File

@ -67,9 +67,13 @@ namespace Org.BouncyCastle.Security
"1.2.840.113533.7.66.10");
AddKgAlgorithm("CAST6");
AddKgAlgorithm("DES",
OiwObjectIdentifiers.DesCbc);
OiwObjectIdentifiers.DesCbc,
OiwObjectIdentifiers.DesCfb,
OiwObjectIdentifiers.DesEcb,
OiwObjectIdentifiers.DesOfb);
AddKgAlgorithm("DESEDE",
"DESEDEWRAP",
OiwObjectIdentifiers.DesEde,
PkcsObjectIdentifiers.IdAlgCms3DesWrap);
AddKgAlgorithm("DESEDE3",
PkcsObjectIdentifiers.DesEde3Cbc);

6
src/core/srcbc/security/ParameterUtilities.cs
View File

@ -64,9 +64,13 @@ namespace Org.BouncyCastle.Security
"1.2.840.113533.7.66.10");
AddAlgorithm("CAST6");
AddAlgorithm("DES",
OiwObjectIdentifiers.DesCbc);
OiwObjectIdentifiers.DesCbc,
OiwObjectIdentifiers.DesCfb,
OiwObjectIdentifiers.DesEcb,
OiwObjectIdentifiers.DesOfb);
AddAlgorithm("DESEDE",
"DESEDEWRAP",
OiwObjectIdentifiers.DesEde,
PkcsObjectIdentifiers.IdAlgCms3DesWrap);
AddAlgorithm("DESEDE3",
PkcsObjectIdentifiers.DesEde3Cbc);

18
src/core/srcbc/security/PbeUtilities.cs
View File

@ -7,6 +7,7 @@ using Org.BouncyCastle.Asn1.Nist;
using Org.BouncyCastle.Asn1.Oiw;
using Org.BouncyCastle.Asn1.Pkcs;
using Org.BouncyCastle.Asn1.TeleTrust;
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Digests;
using Org.BouncyCastle.Crypto.Engines;
@ -14,6 +15,7 @@ using Org.BouncyCastle.Crypto.Generators;
using Org.BouncyCastle.Crypto.Macs;
using Org.BouncyCastle.Crypto.Modes;
using Org.BouncyCastle.Crypto.Paddings;
using Org.BouncyCastle.Crypto.Parameters;
namespace Org.BouncyCastle.Security
{
@ -39,6 +41,8 @@ namespace Org.BouncyCastle.Security
{
algorithms["PKCS5SCHEME1"] = "Pkcs5scheme1";
algorithms["PKCS5SCHEME2"] = "Pkcs5scheme2";
algorithms[PkcsObjectIdentifiers.IdPbeS2.Id] = "Pkcs5scheme2";
// algorithms[PkcsObjectIdentifiers.IdPbkdf2.Id] = "Pkcs5scheme2";
algorithms["PBEWITHMD2ANDDES-CBC"] = "PBEwithMD2andDES-CBC";
algorithms[PkcsObjectIdentifiers.PbeWithMD2AndDesCbc.Id] = "PBEwithMD2andDES-CBC";
algorithms["PBEWITHMD2ANDRC2-CBC"] = "PBEwithMD2andRC2-CBC";
@ -322,6 +326,14 @@ namespace Org.BouncyCastle.Security
return GenerateCipherParameters(algorithmOid.Id, password, wrongPkcs12Zero, pbeParameters);
}
public static ICipherParameters GenerateCipherParameters(
AlgorithmIdentifier algID,
char[] password,
bool wrongPkcs12Zero)
{
return GenerateCipherParameters(algID.ObjectID.Id, password, wrongPkcs12Zero, algID.Parameters);
}
public static ICipherParameters GenerateCipherParameters(
string algorithm,
char[] password,
@ -496,6 +508,12 @@ namespace Org.BouncyCastle.Security
return CreateEngine(algorithmOid.Id);
}
public static object CreateEngine(
AlgorithmIdentifier algID)
{
return CreateEngine(algID.ObjectID.Id);
}
private static bool EndsWith(
string s,
string ending)