Removed BouncyCastle accessor dependencies
This commit is contained in:
parent
8fc979973b
commit
5f3f27a66c
@ -36,7 +36,7 @@ import java.security.SignatureException;
|
|||||||
import java.security.cert.CertificateEncodingException;
|
import java.security.cert.CertificateEncodingException;
|
||||||
import java.security.cert.CertificateException;
|
import java.security.cert.CertificateException;
|
||||||
import java.security.cert.X509Certificate;
|
import java.security.cert.X509Certificate;
|
||||||
import java.security.spec.DSAPublicKeySpec;
|
import java.security.interfaces.DSAParams;
|
||||||
import java.security.spec.InvalidKeySpecException;
|
import java.security.spec.InvalidKeySpecException;
|
||||||
import java.security.spec.RSAPrivateCrtKeySpec;
|
import java.security.spec.RSAPrivateCrtKeySpec;
|
||||||
import java.security.spec.RSAPublicKeySpec;
|
import java.security.spec.RSAPublicKeySpec;
|
||||||
@ -91,14 +91,11 @@ import org.bouncycastle.crypto.params.ECPublicKeyParameters;
|
|||||||
import org.bouncycastle.crypto.params.RSAKeyParameters;
|
import org.bouncycastle.crypto.params.RSAKeyParameters;
|
||||||
import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
|
import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
|
||||||
import org.bouncycastle.jcajce.provider.asymmetric.dsa.BCDSAPublicKey;
|
import org.bouncycastle.jcajce.provider.asymmetric.dsa.BCDSAPublicKey;
|
||||||
import org.bouncycastle.jcajce.provider.asymmetric.dsa.BCDSAPublicKeyAccessor;
|
|
||||||
import org.bouncycastle.jcajce.provider.asymmetric.dsa.DSAUtil;
|
import org.bouncycastle.jcajce.provider.asymmetric.dsa.DSAUtil;
|
||||||
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
|
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
|
||||||
import org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPublicKey;
|
import org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPublicKey;
|
||||||
import org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPublicKeyAccessor;
|
|
||||||
import org.bouncycastle.jcajce.provider.asymmetric.rsa.RSAUtil;
|
import org.bouncycastle.jcajce.provider.asymmetric.rsa.RSAUtil;
|
||||||
import org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory;
|
import org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory;
|
||||||
import org.bouncycastle.jcajce.provider.asymmetric.x509.X509Accessor;
|
|
||||||
import org.bouncycastle.jce.PrincipalUtil;
|
import org.bouncycastle.jce.PrincipalUtil;
|
||||||
import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
|
import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
|
||||||
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
||||||
@ -445,15 +442,18 @@ public class CryptoX509 {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory certificateFactory = new org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory();
|
CertificateFactory certificateFactory = new CertificateFactory();
|
||||||
java.security.cert.Certificate certificate = certificateFactory.engineGenerateCertificate(new ByteArrayInputStream(x509CertificateHolder.getEncoded()));
|
java.security.cert.Certificate certificate = certificateFactory.engineGenerateCertificate(new ByteArrayInputStream(x509CertificateHolder.getEncoded()));
|
||||||
// Note: this requires the BC provider to be loaded!
|
// Note: this requires the BC provider to be loaded!
|
||||||
if (certificate == null || certificate.getPublicKey() == null) {
|
if (certificate == null || certificate.getPublicKey() == null) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TODO: when validating the certificate, it is important to use a date from somewhere other than the host computer! (maybe use google? or something...)
|
||||||
|
// this will validate the DATES of the certificate, to make sure the cert is valid during the correct time period.
|
||||||
|
|
||||||
// Verify the TIME/DATE of the certificate
|
// Verify the TIME/DATE of the certificate
|
||||||
X509Accessor.verifyDate(certificate);
|
((X509Certificate) certificate).checkValidity(new Date());
|
||||||
|
|
||||||
// if we get here, it means that our cert is LEGIT and VALID.
|
// if we get here, it means that our cert is LEGIT and VALID.
|
||||||
return true;
|
return true;
|
||||||
@ -493,22 +493,19 @@ public class CryptoX509 {
|
|||||||
org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory certificateFactory = new org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory();
|
org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory certificateFactory = new org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory();
|
||||||
java.security.cert.Certificate engineGenerateCert = certificateFactory.engineGenerateCertificate(newSigIn);
|
java.security.cert.Certificate engineGenerateCert = certificateFactory.engineGenerateCertificate(newSigIn);
|
||||||
|
|
||||||
PublicKey publicKey2 = engineGenerateCert.getPublicKey();
|
BCDSAPublicKey publicKey2 = (BCDSAPublicKey) engineGenerateCert.getPublicKey();
|
||||||
|
|
||||||
if (optionalOriginalPublicKey != null) {
|
if (optionalOriginalPublicKey != null) {
|
||||||
// absolutely RETARDED that we have package private constructors .. but fortunately, we can get around that
|
DSAParams params = publicKey2.getParams();
|
||||||
DSAParameters parameters = optionalOriginalPublicKey.getParameters();
|
DSAParameters parameters = optionalOriginalPublicKey.getParameters();
|
||||||
DSAPublicKeySpec dsaPublicKeySpec = new DSAPublicKeySpec(optionalOriginalPublicKey.getY(),
|
|
||||||
parameters.getP(),
|
|
||||||
parameters.getQ(),
|
|
||||||
parameters.getG());
|
|
||||||
|
|
||||||
BCDSAPublicKey origPublicKey = BCDSAPublicKeyAccessor.newInstance(dsaPublicKeySpec);
|
if (!publicKey2.getY().equals(optionalOriginalPublicKey.getY()) ||
|
||||||
boolean equals = origPublicKey.equals(publicKey2);
|
!params.getP().equals(parameters.getP()) ||
|
||||||
if (!equals) {
|
!params.getQ().equals(parameters.getQ()) ||
|
||||||
|
!params.getG().equals(parameters.getG())) {
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
publicKey2 = origPublicKey;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
engineGenerateCert.verify(publicKey2);
|
engineGenerateCert.verify(publicKey2);
|
||||||
@ -987,15 +984,23 @@ public class CryptoX509 {
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory certificateFactory = new org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory();
|
java.security.cert.Certificate certificate = new CertificateFactory().engineGenerateCertificate(
|
||||||
java.security.cert.Certificate certificate = certificateFactory.engineGenerateCertificate(new ByteArrayInputStream(x509CertificateHolder.getEncoded()));
|
new ByteArrayInputStream(x509CertificateHolder.getEncoded()));
|
||||||
|
|
||||||
// Note: this requires the BC provider to be loaded!
|
// Note: this requires the BC provider to be loaded!
|
||||||
if (certificate == null || certificate.getPublicKey() == null) {
|
if (certificate == null || certificate.getPublicKey() == null) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!(certificate instanceof X509Certificate)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
// TODO: when validating the certificate, it is important to use a date from somewhere other than the host computer! (maybe use google? or something...)
|
||||||
|
// this will validate the DATES of the certificate, to make sure the cert is valid during the correct time period.
|
||||||
|
|
||||||
// Verify the TIME/DATE of the certificate
|
// Verify the TIME/DATE of the certificate
|
||||||
X509Accessor.verifyDate(certificate);
|
((X509Certificate) certificate).checkValidity(new Date());
|
||||||
|
|
||||||
// if we get here, it means that our cert is LEGIT and VALID.
|
// if we get here, it means that our cert is LEGIT and VALID.
|
||||||
return true;
|
return true;
|
||||||
@ -1034,18 +1039,17 @@ public class CryptoX509 {
|
|||||||
DERSequence newSigDERElement = (DERSequence) newSigElement;
|
DERSequence newSigDERElement = (DERSequence) newSigElement;
|
||||||
InputStream newSigIn = new ByteArrayInputStream(newSigDERElement.getEncoded());
|
InputStream newSigIn = new ByteArrayInputStream(newSigDERElement.getEncoded());
|
||||||
|
|
||||||
org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory certificateFactory = new org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory();
|
org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory certFactory = new org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory();
|
||||||
java.security.cert.Certificate certificate = certificateFactory.engineGenerateCertificate(newSigIn);
|
java.security.cert.Certificate certificate = certFactory.engineGenerateCertificate(newSigIn);
|
||||||
|
|
||||||
PublicKey publicKey2 = certificate.getPublicKey();
|
BCRSAPublicKey publicKey2 = (BCRSAPublicKey) certificate.getPublicKey();
|
||||||
|
|
||||||
if (publicKey != null) {
|
if (publicKey != null) {
|
||||||
BCRSAPublicKey origPublicKey = BCRSAPublicKeyAccessor.newInstance(publicKey);
|
if (!publicKey.getModulus().equals(publicKey2.getModulus()) ||
|
||||||
boolean equals = origPublicKey.equals(publicKey2);
|
!publicKey.getExponent().equals(publicKey2.getPublicExponent())) {
|
||||||
if (!equals) {
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
publicKey2 = origPublicKey;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
certificate.verify(publicKey2);
|
certificate.verify(publicKey2);
|
||||||
@ -1143,15 +1147,19 @@ public class CryptoX509 {
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory certificateFactory = new org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory();
|
CertificateFactory certFactory = new CertificateFactory();
|
||||||
java.security.cert.Certificate certificate = certificateFactory.engineGenerateCertificate(new ByteArrayInputStream(x509CertificateHolder.getEncoded()));
|
java.security.cert.Certificate certificate = certFactory.engineGenerateCertificate(new ByteArrayInputStream(x509CertificateHolder.getEncoded()));
|
||||||
|
|
||||||
// Note: this requires the BC provider to be loaded!
|
// Note: this requires the BC provider to be loaded!
|
||||||
if (certificate == null || certificate.getPublicKey() == null) {
|
if (certificate == null || certificate.getPublicKey() == null) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TODO: when validating the certificate, it is important to use a date from somewhere other than the host computer! (maybe use google? or something...)
|
||||||
|
// this will validate the DATES of the certificate, to make sure the cert is valid during the correct time period.
|
||||||
|
|
||||||
// Verify the TIME/DATE of the certificate
|
// Verify the TIME/DATE of the certificate
|
||||||
X509Accessor.verifyDate(certificate);
|
((X509Certificate) certificate).checkValidity(new Date());
|
||||||
|
|
||||||
// if we get here, it means that our cert is LEGIT and VALID.
|
// if we get here, it means that our cert is LEGIT and VALID.
|
||||||
return true;
|
return true;
|
||||||
|
@ -1,24 +0,0 @@
|
|||||||
/*
|
|
||||||
* Copyright 2010 dorkbox, llc
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
package org.bouncycastle.jcajce.provider.asymmetric.dsa;
|
|
||||||
|
|
||||||
import java.security.spec.DSAPublicKeySpec;
|
|
||||||
|
|
||||||
public class BCDSAPublicKeyAccessor {
|
|
||||||
public static BCDSAPublicKey newInstance(DSAPublicKeySpec dsaPublicKeySpec) {
|
|
||||||
return new BCDSAPublicKey(dsaPublicKeySpec);
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,24 +0,0 @@
|
|||||||
/*
|
|
||||||
* Copyright 2010 dorkbox, llc
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
package org.bouncycastle.jcajce.provider.asymmetric.rsa;
|
|
||||||
|
|
||||||
import org.bouncycastle.crypto.params.RSAKeyParameters;
|
|
||||||
|
|
||||||
public class BCRSAPublicKeyAccessor {
|
|
||||||
public static BCRSAPublicKey newInstance(RSAKeyParameters publicKey) {
|
|
||||||
return new BCRSAPublicKey(publicKey);
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,36 +0,0 @@
|
|||||||
/*
|
|
||||||
* Copyright 2010 dorkbox, llc
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
package org.bouncycastle.jcajce.provider.asymmetric.x509;
|
|
||||||
|
|
||||||
import java.security.cert.CertificateExpiredException;
|
|
||||||
import java.security.cert.CertificateNotYetValidException;
|
|
||||||
import java.util.Date;
|
|
||||||
|
|
||||||
public class X509Accessor {
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Verify the TIME/DATE of the certificate
|
|
||||||
* Stupid BC is package private, so this will let us access this method.
|
|
||||||
*/
|
|
||||||
public static void verifyDate(java.security.cert.Certificate certificate) throws CertificateExpiredException, CertificateNotYetValidException {
|
|
||||||
// TODO: when checking the validite of the certificate, it is important to use a date from somewhere other than the
|
|
||||||
// host computer! (maybe use google? or something...)
|
|
||||||
// this will validate the DATES of the certificate, to make sure the cert is valid during the correct time period.
|
|
||||||
|
|
||||||
org.bouncycastle.jcajce.provider.asymmetric.x509.X509CertificateObject cert = (org.bouncycastle.jcajce.provider.asymmetric.x509.X509CertificateObject) certificate;
|
|
||||||
cert.checkValidity(new Date());
|
|
||||||
}
|
|
||||||
}
|
|
Loading…
Reference in New Issue
Block a user