Skip to content

Commit

Permalink
Merge pull request jglobus#108 from ebourg/master
Browse files Browse the repository at this point in the history 
Upgrade the dependency on Bouncy Castle (1.46 -> 1.49)
  • Loading branch information
@smarru
smarru committed Aug 11, 2013
2 parents 4f7cc4e + 8d22390 commit 6f31e2f
Show file tree
Hide file tree
Showing 14 changed files with 119 additions and 124 deletions.
4 changes: 2 additions & 2 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -138,8 +138,8 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk16</artifactId>
<version>1.46</version>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.49</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
Expand Down
2 changes: 1 addition & 1 deletion ssl-proxies/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk16</artifactId>
<artifactId>bcprov-jdk15on</artifactId>
</dependency>
<dependency>
<groupId>commons-io</groupId>
Expand Down
29 changes: 15 additions & 14 deletions ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleCertProcessingFactory.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
*/
package org.globus.gsi.bc;

import org.bouncycastle.asn1.x500.style.BCStyle;
import org.globus.gsi.util.CertificateLoadUtil;
import org.globus.gsi.util.ProxyCertificateUtil;

Expand Down Expand Up @@ -48,13 +49,13 @@
import org.bouncycastle.jce.PKCS10CertificationRequest;
import org.bouncycastle.jce.provider.X509CertificateObject;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.x509.X509Name;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.asn1.x509.TBSCertificateStructure;
import org.bouncycastle.asn1.x509.X509CertificateStructure;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.asn1.x509.KeyUsage;
Expand Down Expand Up @@ -149,7 +150,7 @@ public X509Certificate createCertificate(InputStream certRequestInputStream, X50
throws IOException, GeneralSecurityException {

ASN1InputStream derin = new ASN1InputStream(certRequestInputStream);
DERObject reqInfo = derin.readObject();
ASN1Primitive reqInfo = derin.readObject();
PKCS10CertificationRequest certReq = new PKCS10CertificationRequest((ASN1Sequence) reqInfo);

boolean rs = certReq.verify();
Expand Down Expand Up @@ -413,11 +414,11 @@ public X509Certificate createProxyCertificate(X509Certificate issuerCert_, Priva
X509Extension ext;

// handle key usage ext
ext = extensions.getExtension(X509Extensions.KeyUsage);
ext = extensions.getExtension(X509Extension.keyUsage);
if (ext != null) {

// TBD: handle this better
if (extSet != null && (extSet.get(X509Extensions.KeyUsage.getId()) != null)) {
if (extSet != null && (extSet.get(X509Extension.keyUsage.getId()) != null)) {
String err = i18n.getMessage("keyUsageExt");
throw new GeneralSecurityException(err);
}
Expand All @@ -437,7 +438,7 @@ public X509Certificate createProxyCertificate(X509Certificate issuerCert_, Priva

bits = new DERBitString(bytes, bits.getPadBits());

certGen.addExtension(X509Extensions.KeyUsage, ext.isCritical(), bits);
certGen.addExtension(X509Extension.keyUsage, ext.isCritical(), bits);
}
}

Expand Down Expand Up @@ -481,7 +482,7 @@ public X509Certificate createProxyCertificate(X509Certificate issuerCert_, Priva
X509NameHelper issuer = new X509NameHelper(issuerDN);

X509NameHelper subject = new X509NameHelper(issuerDN);
subject.add(X509Name.CN, (cnValue == null) ? delegDN : cnValue);
subject.add(BCStyle.CN, (cnValue == null) ? delegDN : cnValue);

certGen.setSubjectDN(subject.getAsName());
certGen.setIssuerDN(issuer.getAsName());
Expand Down Expand Up @@ -572,7 +573,7 @@ public X509Certificate createCertificate(InputStream certRequestInputStream, X50
String cnValue) throws IOException, GeneralSecurityException {

ASN1InputStream derin = new ASN1InputStream(certRequestInputStream);
DERObject reqInfo = derin.readObject();
ASN1Primitive reqInfo = derin.readObject();
PKCS10CertificationRequest certReq = new PKCS10CertificationRequest((ASN1Sequence) reqInfo);

boolean rs = certReq.verify();
Expand Down Expand Up @@ -817,11 +818,11 @@ public X509Certificate createProxyCertificate(X509Certificate issuerCert_, Priva
X509Extension ext;

// handle key usage ext
ext = extensions.getExtension(X509Extensions.KeyUsage);
ext = extensions.getExtension(X509Extension.keyUsage);
if (ext != null) {

// TBD: handle this better
if (extSet != null && (extSet.get(X509Extensions.KeyUsage.getId()) != null)) {
if (extSet != null && (extSet.get(X509Extension.keyUsage.getId()) != null)) {
String err = i18n.getMessage("keyUsageExt");
throw new GeneralSecurityException(err);
}
Expand All @@ -841,7 +842,7 @@ public X509Certificate createProxyCertificate(X509Certificate issuerCert_, Priva

bits = new DERBitString(bytes, bits.getPadBits());

certGen.addExtension(X509Extensions.KeyUsage, ext.isCritical(), bits);
certGen.addExtension(X509Extension.keyUsage, ext.isCritical(), bits);
}
}

Expand Down Expand Up @@ -883,7 +884,7 @@ public X509Certificate createProxyCertificate(X509Certificate issuerCert_, Priva
}
X509NameHelper issuer = new X509NameHelper(issuerDN);
X509NameHelper subject = new X509NameHelper(issuerDN);
subject.add(X509Name.CN, (cnValue == null) ? delegDN : cnValue);
subject.add(BCStyle.CN, (cnValue == null) ? delegDN : cnValue);

certGen.setSubjectDN(subject.getAsName());
certGen.setIssuerDN(issuer.getAsName());
Expand Down Expand Up @@ -922,9 +923,9 @@ public X509Certificate createProxyCertificate(X509Certificate issuerCert_, Priva
*/
public X509Certificate loadCertificate(InputStream in) throws IOException, GeneralSecurityException {
ASN1InputStream derin = new ASN1InputStream(in);
DERObject certInfo = derin.readObject();
ASN1Primitive certInfo = derin.readObject();
ASN1Sequence seq = ASN1Sequence.getInstance(certInfo);
return new X509CertificateObject(new X509CertificateStructure(seq));
return new X509CertificateObject(Certificate.getInstance(seq));
}

/**
Expand Down
12 changes: 6 additions & 6 deletions ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleOpenSSLKey.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,8 @@
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.spec.PKCS8EncodedKeySpec;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
Expand Down Expand Up @@ -121,12 +121,12 @@ protected PrivateKey getKey(String alg, byte[] data)
}
ByteArrayInputStream bis = new ByteArrayInputStream(data);
ASN1InputStream derin = new ASN1InputStream(bis);
DERObject keyInfo = derin.readObject();
ASN1Primitive keyInfo = derin.readObject();

DERObjectIdentifier rsaOid = PKCSObjectIdentifiers.rsaEncryption;
AlgorithmIdentifier rsa = new AlgorithmIdentifier(rsaOid);
PrivateKeyInfo pkeyinfo = new PrivateKeyInfo(rsa, keyInfo);
DERObject derkey = pkeyinfo.getDERObject();
ASN1Primitive derkey = pkeyinfo.toASN1Primitive();
byte[] keyData = BouncyCastleUtil.toByteArray(derkey);
// The DER object needs to be mangled to
// create a proper ProvateKeyInfo object
Expand All @@ -150,10 +150,10 @@ protected byte[] getEncoded(PrivateKey key) {
&& (format.equalsIgnoreCase("PKCS#8") || format
.equalsIgnoreCase("PKCS8"))) {
try {
DERObject keyInfo = BouncyCastleUtil.toDERObject(key
ASN1Primitive keyInfo = BouncyCastleUtil.toASN1Primitive(key
.getEncoded());
PrivateKeyInfo pkey = new PrivateKeyInfo((ASN1Sequence) keyInfo);
DERObject derKey = pkey.getPrivateKey();
ASN1Primitive derKey = pkey.getPrivateKey();
return BouncyCastleUtil.toByteArray(derKey);
} catch (IOException e) {
// that should never happen
Expand All @@ -169,7 +169,7 @@ protected byte[] getEncoded(PrivateKey key) {
.getPrivateExponent(), pKey.getPrimeP(), pKey.getPrimeQ(),
pKey.getPrimeExponentP(), pKey.getPrimeExponentQ(), pKey
.getCrtCoefficient());
DERObject ob = st.getDERObject();
ASN1Primitive ob = st.toASN1Primitive();

try {
return BouncyCastleUtil.toByteArray(ob);
Expand Down
67 changes: 18 additions & 49 deletions ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleUtil.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,16 +30,15 @@

import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.ASN1String;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERBoolean;
import org.bouncycastle.asn1.DEREncodable;
import org.bouncycastle.asn1.DERInteger;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROutputStream;
import org.bouncycastle.asn1.DERString;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.TBSCertificateStructure;
import org.bouncycastle.asn1.x509.X509Extension;
Expand Down Expand Up @@ -76,7 +75,7 @@ public class BouncyCastleUtil {
* @return the DER-encoded byte array
* @exception IOException if conversion fails
*/
public static byte[] toByteArray(DERObject obj)
public static byte[] toByteArray(ASN1Primitive obj)
throws IOException {
ByteArrayOutputStream bout = new ByteArrayOutputStream();
DEROutputStream der = new DEROutputStream(bout);
Expand All @@ -92,7 +91,7 @@ public static byte[] toByteArray(DERObject obj)
* @return the DERObject.
* @exception IOException if conversion fails
*/
public static DERObject toDERObject(byte[] data)
public static ASN1Primitive toASN1Primitive(byte[] data)
throws IOException {
ByteArrayInputStream inStream = new ByteArrayInputStream(data);
ASN1InputStream derInputStream = new ASN1InputStream(inStream);
Expand All @@ -108,9 +107,9 @@ public static DERObject toDERObject(byte[] data)
* @return a copy of the DERObject.
* @exception IOException if replication fails
*/
public static DERObject duplicate(DERObject obj)
public static ASN1Primitive duplicate(ASN1Primitive obj)
throws IOException {
return toDERObject(toByteArray(obj));
return toASN1Primitive(toByteArray(obj));
}

/**
Expand All @@ -123,7 +122,7 @@ public static DERObject duplicate(DERObject obj)
*/
public static TBSCertificateStructure getTBSCertificateStructure(X509Certificate cert)
throws CertificateEncodingException, IOException {
DERObject obj = BouncyCastleUtil.toDERObject(cert.getTBSCertificate());
ASN1Primitive obj = BouncyCastleUtil.toASN1Primitive(cert.getTBSCertificate());
return TBSCertificateStructure.getInstance(obj);
}

Expand All @@ -133,9 +132,9 @@ public static TBSCertificateStructure getTBSCertificateStructure(X509Certificate
* @param ext the certificate extension to extract the value from.
* @exception IOException if extraction fails.
*/
public static DERObject getExtensionObject(X509Extension ext)
public static ASN1Primitive getExtensionObject(X509Extension ext)
throws IOException {
return toDERObject(ext.getValue().getOctets());
return toASN1Primitive(ext.getValue().getOctets());
}

/**
Expand Down Expand Up @@ -295,9 +294,9 @@ private static GSIConstants.CertificateType getCertificateType(TBSCertificateStr
X509Extension ext = null;

if (extensions != null) {
ext = extensions.getExtension(X509Extensions.BasicConstraints);
ext = extensions.getExtension(X509Extension.basicConstraints);
if (ext != null) {
BasicConstraints basicExt = getBasicConstraints(ext);
BasicConstraints basicExt = BasicConstraints.getInstance(ext);
if (basicExt.isCA()) {
return GSIConstants.CertificateType.CA;
}
Expand All @@ -307,12 +306,12 @@ private static GSIConstants.CertificateType getCertificateType(TBSCertificateStr
GSIConstants.CertificateType type = GSIConstants.CertificateType.EEC;

// does not handle multiple AVAs
X509Name subject = crt.getSubject();
X500Name subject = crt.getSubject();

ASN1Set entry = X509NameHelper.getLastNameEntry(subject);
ASN1Sequence ava = (ASN1Sequence)entry.getObjectAt(0);
if (X509Name.CN.equals(ava.getObjectAt(0))) {
String value = ((DERString)ava.getObjectAt(1)).getString();
if (BCStyle.CN.equals(ava.getObjectAt(0))) {
String value = ((ASN1String)ava.getObjectAt(1)).getString();
if (value.equalsIgnoreCase("proxy")) {
type = GSIConstants.CertificateType.GSI_2_PROXY;
} else if (value.equalsIgnoreCase("limited proxy")) {
Expand Down Expand Up @@ -370,7 +369,7 @@ private static GSIConstants.CertificateType getCertificateType(TBSCertificateStr
X509NameHelper iss = new X509NameHelper(crt.getIssuer());
iss.add((ASN1Set)BouncyCastleUtil.duplicate(entry));
X509Name issuer = iss.getAsName();
if (!issuer.equals(subject)) {
if (!issuer.equals(X509Name.getInstance(subject))) {
String err = i18n.getMessage("proxyDNErr");
throw new CertificateException(err);
}
Expand Down Expand Up @@ -403,36 +402,6 @@ public static boolean[] getKeyUsage(X509Extension ext)
return keyUsage;
}

/**
* Creates a <code>BasicConstraints</code> object from given
* extension.
*
* @param ext the extension.
* @return the <code>BasicConstraints</code> object.
* @exception IOException if something fails.
*/
public static BasicConstraints getBasicConstraints(X509Extension ext)
throws IOException {
DERObject obj = BouncyCastleUtil.getExtensionObject(ext);
if (obj instanceof ASN1Sequence) {
ASN1Sequence seq = (ASN1Sequence)obj;
int size = seq.size();
if (size == 0) {
return new BasicConstraints(false);
} else if (size == 1) {
DEREncodable value = seq.getObjectAt(0);
if (value instanceof DERInteger) {
int length = ((DERInteger)value).getValue().intValue();
return new BasicConstraints(false, length);
} else if (value instanceof DERBoolean) {
boolean ca = ((DERBoolean)value).isTrue();
return new BasicConstraints(ca);
}
}
}
return BasicConstraints.getInstance(obj);
}

/**
* Creates a <code>ProxyCertInfo</code> object from given
* extension.
Expand Down Expand Up @@ -531,7 +500,7 @@ public static byte[] getExtensionValue(byte [] certExtValue)
throws IOException {
ByteArrayInputStream inStream = new ByteArrayInputStream(certExtValue);
ASN1InputStream derInputStream = new ASN1InputStream(inStream);
DERObject object = derInputStream.readObject();
ASN1Primitive object = derInputStream.readObject();
if (object instanceof ASN1OctetString) {
return ((ASN1OctetString)object).getOctets();
} else {
Expand Down
10 changes: 5 additions & 5 deletions ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleX509Extension.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@

import java.io.IOException;

import org.bouncycastle.asn1.DEREncodable;
import org.bouncycastle.asn1.ASN1Encodable;

import org.globus.gsi.X509Extension;

Expand All @@ -36,22 +36,22 @@ public BouncyCastleX509Extension(String oid) {
this(oid, false, null);
}

public BouncyCastleX509Extension(String oid, DEREncodable value) {
public BouncyCastleX509Extension(String oid, ASN1Encodable value) {
this(oid, false, value);
}

public BouncyCastleX509Extension(String oid, boolean critical,
DEREncodable value) {
ASN1Encodable value) {
super(oid, critical, null);
setValue(value);
}

protected void setValue(DEREncodable value) {
protected void setValue(ASN1Encodable value) {
if (value == null) {
return;
}
try {
setValue(BouncyCastleUtil.toByteArray(value.getDERObject()));
setValue(BouncyCastleUtil.toByteArray(value.toASN1Primitive()));
} catch (IOException e) {
throw new RuntimeException(i18n.getMessage("byteArrayErr") +
e.getMessage());
Expand Down
Loading

0 comments on commit 6f31e2f

Please sign in to comment.