deprecated JcaJceUtils

minor bugfixes in string representations.
modified RFC3211Wrap to use nextBytes on random

Author: dghgit

core/src/main/java/org/bouncycastle/asn1/iso/ISOIECObjectIdentifiers.java

@@ -0,0 +1,17 @@
+package org.bouncycastle.asn1.iso;
+
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+
+/**
+ * OIDS from  ISO/IEC 10118-3:2004
+ */
+public interface ISOIECObjectIdentifiers
+{
+    ASN1ObjectIdentifier iso_encryption_algorithms = new ASN1ObjectIdentifier("1.0.10118");
+
+    ASN1ObjectIdentifier hash_algorithms = iso_encryption_algorithms.branch("3.0");
+
+    ASN1ObjectIdentifier ripemd160 = hash_algorithms.branch("49");
+    ASN1ObjectIdentifier ripemd128 = hash_algorithms.branch("50");
+    ASN1ObjectIdentifier whirlpool = hash_algorithms.branch("55");
+}

core/src/main/java/org/bouncycastle/asn1/misc/MiscObjectIdentifiers.java

@@ -64,7 +64,10 @@ public interface MiscObjectIdentifiers
     /** NortelNetworks Entrust VersionExtension OID: 1.2.840.113533.7.65.0 */
     static final ASN1ObjectIdentifier    entrustVersionExtension = entrust.branch("65.0");
 
-        //
+    /** cast5CBC OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) nt(113533) nsn(7) algorithms(66) 10} SEE RFC 2984 */
+    ASN1ObjectIdentifier    cast5CBC = entrust.branch("66.10");
+
+    //
     // Ascom
     //
     ASN1ObjectIdentifier as_sys_sec_alg_ideaCBC = new ASN1ObjectIdentifier("1.3.6.1.4.1.188.7.1.1.2");

core/src/main/java/org/bouncycastle/crypto/engines/RFC3211WrapEngine.java

@@ -1,5 +1,7 @@
 package org.bouncycastle.crypto.engines;
 
+import java.security.SecureRandom;
+
 import org.bouncycastle.crypto.BlockCipher;
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.InvalidCipherTextException;
@@ -8,8 +10,6 @@
 import org.bouncycastle.crypto.params.ParametersWithIV;
 import org.bouncycastle.crypto.params.ParametersWithRandom;
 
-import java.security.SecureRandom;
-
 /**
  * an implementation of the RFC 3211 Key Wrap
  * Specification.
@@ -87,10 +87,10 @@ public byte[] wrap(
 
         System.arraycopy(in, inOff, cekBlock, 4, inLen);
 
-        for (int i = inLen + 4; i < cekBlock.length; i++)
-        {
-            cekBlock[i] = (byte)rand.nextInt();
-        }
+        byte[] pad = new byte[cekBlock.length - (inLen + 4)];
+
+        rand.nextBytes(pad);
+        System.arraycopy(pad, 0, cekBlock, inLen + 4, pad.length);
 
         for (int i = 0; i < cekBlock.length; i += blockSize)
         {

core/src/main/java/org/bouncycastle/crypto/modes/CCMBlockCipher.java

@@ -87,7 +87,7 @@ else if (params instanceof ParametersWithIV)
         }
         else
         {
-            throw new IllegalArgumentException("invalid parameters passed to CCM");
+            throw new IllegalArgumentException("invalid parameters passed to CCM: " + params.getClass().getName());
         }
 
         // NOTE: Very basic support for key re-use, but no performance gain from it

core/src/main/java/org/bouncycastle/crypto/modes/GCFBBlockCipher.java

@@ -65,7 +65,7 @@ public void init(boolean forEncryption, CipherParameters params)
     public String getAlgorithmName()
     {
         String name = cfbEngine.getAlgorithmName();
-        return name.substring(0, name.indexOf('/') - 1) + "/G" + name.substring(name.indexOf('/') + 1);
+        return name.substring(0, name.indexOf('/')) + "/G" + name.substring(name.indexOf('/') + 1);
     }
 
     public int getBlockSize()

pkix/src/main/java/org/bouncycastle/cert/crmf/jcajce/CRMFHelper.java

@@ -41,8 +41,8 @@
 import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
 import org.bouncycastle.cert.crmf.CRMFException;
 import org.bouncycastle.cms.CMSAlgorithm;
+import org.bouncycastle.jcajce.util.AlgorithmParametersUtils;
 import org.bouncycastle.jcajce.util.JcaJceHelper;
-import org.bouncycastle.jcajce.util.JcaJceUtils;
 
 class CRMFHelper
 {
@@ -183,7 +183,7 @@ public Object doInJCE()
 
                         try
                         {
-                            JcaJceUtils.loadParameters(params, sParams);
+                            AlgorithmParametersUtils.loadParameters(params, sParams);
                         }
                         catch (IOException e)
                         {
@@ -392,7 +392,7 @@ AlgorithmIdentifier getAlgorithmIdentifier(ASN1ObjectIdentifier encryptionOID, A
         {
             try
             {
-                asn1Params = JcaJceUtils.extractParameters(params);
+                asn1Params = AlgorithmParametersUtils.extractParameters(params);
             }
             catch (IOException e)
             {

pkix/src/main/java/org/bouncycastle/cms/jcajce/CMSUtils.java

@@ -17,7 +17,7 @@
 import org.bouncycastle.asn1.x509.Extension;
 import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
 import org.bouncycastle.cms.CMSException;
-import org.bouncycastle.jcajce.util.JcaJceUtils;
+import org.bouncycastle.jcajce.util.AlgorithmParametersUtils;
 
 class CMSUtils
 {
@@ -89,7 +89,7 @@ static ASN1Encodable extractParameters(AlgorithmParameters params)
     {
         try
         {
-            return JcaJceUtils.extractParameters(params);
+            return AlgorithmParametersUtils.extractParameters(params);
         }
         catch (IOException e)
         {
@@ -102,7 +102,7 @@ static void loadParameters(AlgorithmParameters params, ASN1Encodable sParams)
     {
         try
         {
-            JcaJceUtils.loadParameters(params, sParams);
+            AlgorithmParametersUtils.loadParameters(params, sParams);
         }
         catch (IOException e)
         {

pkix/src/main/java/org/bouncycastle/operator/jcajce/OperatorHelper.java

@@ -38,8 +38,9 @@
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
 import org.bouncycastle.cert.X509CertificateHolder;
+import org.bouncycastle.jcajce.util.AlgorithmParametersUtils;
 import org.bouncycastle.jcajce.util.JcaJceHelper;
-import org.bouncycastle.jcajce.util.JcaJceUtils;
+import org.bouncycastle.jcajce.util.MessageDigestUtils;
 import org.bouncycastle.operator.OperatorCreationException;
 
 class OperatorHelper
@@ -242,7 +243,7 @@ MessageDigest createDigest(AlgorithmIdentifier digAlgId)
 
         try
         {
-            dig = helper.createDigest(JcaJceUtils.getDigestAlgName(digAlgId.getAlgorithm()));
+            dig = helper.createDigest(MessageDigestUtils.getDigestName(digAlgId.getAlgorithm()));
         }
         catch (NoSuchAlgorithmException e)
         {
@@ -312,7 +313,7 @@ public Signature createRawSignature(AlgorithmIdentifier algorithm)
             {
                 AlgorithmParameters params = helper.createAlgorithmParameters(algName);
 
-                JcaJceUtils.loadParameters(params, algorithm.getParameters());
+                AlgorithmParametersUtils.loadParameters(params, algorithm.getParameters());
 
                 PSSParameterSpec spec = (PSSParameterSpec)params.getParameterSpec(PSSParameterSpec.class);
                 sig.setParameter(spec);
@@ -336,7 +337,7 @@ private static String getSignatureName(
             if (sigAlgId.getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS))
             {
                 RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params);
-                return JcaJceUtils.getDigestAlgName(rsaParams.getHashAlgorithm().getAlgorithm()) + "WITHRSAANDMGF1";
+                return getDigestName(rsaParams.getHashAlgorithm().getAlgorithm()) + "WITHRSAANDMGF1";
             }
         }
 
@@ -348,6 +349,20 @@ private static String getSignatureName(
         return sigAlgId.getAlgorithm().getId();
     }
 
+    // we need to remove the - to create a correct signature name
+    private static String getDigestName(ASN1ObjectIdentifier oid)
+    {
+        String name = MessageDigestUtils.getDigestName(oid);
+
+        int dIndex = name.indexOf('-');
+        if (dIndex > 0)
+        {
+            return name.substring(0, dIndex) + name.substring(dIndex + 1);
+        }
+
+        return MessageDigestUtils.getDigestName(oid);
+    }
+
     public X509Certificate convertCertificate(X509CertificateHolder certHolder)
         throws CertificateException
     {

prov/src/main/java/org/bouncycastle/jcajce/util/AlgorithmParametersUtils.java

@@ -0,0 +1,68 @@
+/***************************************************************/
+/******    DO NOT EDIT THIS CLASS bc-java SOURCE FILE     ******/
+/***************************************************************/
+package org.bouncycastle.jcajce.util;
+
+import java.io.IOException;
+import java.security.AlgorithmParameters;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1Primitive;
+
+/**
+ * General JCA/JCE utility methods.
+ */
+public class AlgorithmParametersUtils
+{
+
+
+    private AlgorithmParametersUtils()
+    {
+
+    }
+
+    /**
+     * Extract an ASN.1 encodable from an AlgorithmParameters object.
+     *
+     * @param params the object to get the encoding used to create the return value.
+     * @return an ASN.1 object representing the primitives making up the params parameter.
+     * @throws IOException if an encoding cannot be extracted.
+     */
+    public static ASN1Encodable extractParameters(AlgorithmParameters params)
+        throws IOException
+    {
+        // we try ASN.1 explicitly first just in case and then role back to the default.
+        ASN1Encodable asn1Params;
+        try
+        {
+            asn1Params = ASN1Primitive.fromByteArray(params.getEncoded("ASN.1"));
+        }
+        catch (Exception ex)
+        {
+            asn1Params = ASN1Primitive.fromByteArray(params.getEncoded());
+        }
+
+        return asn1Params;
+    }
+
+    /**
+     * Load an AlgorithmParameters object with the passed in ASN.1 encodable - if possible.
+     *
+     * @param params the AlgorithmParameters object to be initialised.
+     * @param sParams the ASN.1 encodable to initialise params with.
+     * @throws IOException if the parameters cannot be initialised.
+     */
+    public static void loadParameters(AlgorithmParameters params, ASN1Encodable sParams)
+        throws IOException
+    {
+        // we try ASN.1 explicitly first just in case and then role back to the default.
+        try
+        {
+            params.init(sParams.toASN1Primitive().getEncoded(), "ASN.1");
+        }
+        catch (Exception ex)
+        {
+            params.init(sParams.toASN1Primitive().getEncoded());
+        }
+    }
+}

prov/src/main/java/org/bouncycastle/jcajce/util/JcaJceUtils.java

@@ -28,6 +28,7 @@ private JcaJceUtils()
      * @param params the object to get the encoding used to create the return value.
      * @return an ASN.1 object representing the primitives making up the params parameter.
      * @throws IOException if an encoding cannot be extracted.
+     * @deprecated use AlgorithmParametersUtils.extractParameters(AlgorithmParameters params)
      */
     public static ASN1Encodable extractParameters(AlgorithmParameters params)
         throws IOException
@@ -52,6 +53,7 @@ public static ASN1Encodable extractParameters(AlgorithmParameters params)
      * @param params the AlgorithmParameters object to be initialised.
      * @param sParams the ASN.1 encodable to initialise params with.
      * @throws IOException if the parameters cannot be initialised.
+     * @deprecated use AlgorithmParametersUtils.loadParameters(AlgorithmParameters params, ASN1Encodable sParams)
      */
     public static void loadParameters(AlgorithmParameters params, ASN1Encodable sParams)
         throws IOException
@@ -72,6 +74,7 @@ public static void loadParameters(AlgorithmParameters params, ASN1Encodable sPar
      *
      * @param digestAlgOID the OID of the digest algorithm of interest.
      * @return a string representing the standard name - the OID as a string if none available.
+     * @deprecated use MessageDigestUtils,getDigestName()
      */
     public static String getDigestAlgName(
         ASN1ObjectIdentifier digestAlgOID)