Codebase list jglobus / 0f99599
Use versioned bouncycastle dependencies Mattias Ellert 10 years ago
5 changed file(s) with 786 addition(s) and 780 deletion(s). Raw diff Collapse all Expand all
+7
-1
debian/changelog less more
0 jglobus (2.0.6-2) unstable; urgency=low
1
2 * Use versioned bouncycastle dependencies
3
4 -- Mattias Ellert <mattias.ellert@fysast.uu.se> Mon, 19 Aug 2013 09:52:58 +0200
5
06 jglobus (2.0.6-1) unstable; urgency=low
17
28 * Version 2.0.6 final release
3 * Backport bouncycastle 1.49 adaptation from upsream git (Closes: #713200)
9 * Backport bouncycastle 1.47 adaptation from upsream git (Closes: #713200)
410
511 -- Mattias Ellert <mattias.ellert@fysast.uu.se> Wed, 14 Aug 2013 20:01:52 +0200
612
+2
-2
debian/control less more
00 Source: jglobus
11 Priority: optional
22 Maintainer: Mattias Ellert <mattias.ellert@fysast.uu.se>
3 Build-Depends: debhelper (>> 5), maven-debian-helper, maven-repo-helper, libmaven-compiler-plugin-java, libmaven-clean-plugin-java, libmaven-dependency-plugin-java, libmaven-enforcer-plugin-java, libmaven-install-plugin-java, libmaven-jar-plugin-java, libmaven-javadoc-plugin-java, libmaven-resources-plugin-java, libcommons-codec-java, libcommons-io-java, libcommons-logging-java, libbcprov-java, liblog4j1.2-java, libtomcat6-java, libhttpclient-java, libaxis-java, libservlet2.5-java, junit4
3 Build-Depends: debhelper (>> 5), maven-debian-helper, maven-repo-helper, libmaven-compiler-plugin-java, libmaven-clean-plugin-java, libmaven-dependency-plugin-java, libmaven-enforcer-plugin-java, libmaven-install-plugin-java, libmaven-jar-plugin-java, libmaven-javadoc-plugin-java, libmaven-resources-plugin-java, libcommons-codec-java, libcommons-io-java, libcommons-logging-java, libbcprov-java (>> 1.47), liblog4j1.2-java, libtomcat6-java, libhttpclient-java, libaxis-java, libservlet2.5-java, junit4
44 Standards-Version: 3.9.4
55 Section: java
66 Homepage: http://github.com/jglobus/
1515 Package: libjglobus-ssl-proxies-java
1616 Section: java
1717 Architecture: all
18 Depends: libjglobus-parent-java (= ${binary:Version}), libcommons-codec-java, libcommons-io-java, libcommons-logging-java, libbcprov-java, liblog4j1.2-java, ${misc:Depends}
18 Depends: libjglobus-parent-java (= ${binary:Version}), libcommons-codec-java, libcommons-io-java, libcommons-logging-java, libbcprov-java (>> 1.47), liblog4j1.2-java, ${misc:Depends}
1919 Description: Globus Java - SSL and proxy certificate support
2020 Globus Java library with SSL and proxy certificate support
2121
+775
-0
debian/patches/jglobus-bc147.patch less more
0 diff -ur JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleCertProcessingFactory.java JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleCertProcessingFactory.java
1 --- JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleCertProcessingFactory.java 2013-08-14 22:43:31.807764457 +0200
2 +++ JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleCertProcessingFactory.java 2013-08-14 22:44:40.963763748 +0200
3 @@ -14,6 +14,7 @@
4 */
5 package org.globus.gsi.bc;
6
7 +import org.bouncycastle.asn1.x500.style.BCStyle;
8 import org.globus.gsi.util.CertificateLoadUtil;
9 import org.globus.gsi.util.ProxyCertificateUtil;
10
11 @@ -48,13 +49,13 @@
12 import org.bouncycastle.jce.PKCS10CertificationRequest;
13 import org.bouncycastle.jce.provider.X509CertificateObject;
14 import org.bouncycastle.asn1.DERSet;
15 -import org.bouncycastle.asn1.DERObject;
16 import org.bouncycastle.asn1.DERBitString;
17 import org.bouncycastle.asn1.x509.X509Name;
18 +import org.bouncycastle.asn1.ASN1Primitive;
19 import org.bouncycastle.asn1.ASN1InputStream;
20 import org.bouncycastle.asn1.ASN1Sequence;
21 +import org.bouncycastle.asn1.x509.Certificate;
22 import org.bouncycastle.asn1.x509.TBSCertificateStructure;
23 -import org.bouncycastle.asn1.x509.X509CertificateStructure;
24 import org.bouncycastle.asn1.x509.X509Extensions;
25 import org.bouncycastle.asn1.x509.X509Extension;
26 import org.bouncycastle.asn1.x509.KeyUsage;
27 @@ -149,7 +150,7 @@
28 throws IOException, GeneralSecurityException {
29
30 ASN1InputStream derin = new ASN1InputStream(certRequestInputStream);
31 - DERObject reqInfo = derin.readObject();
32 + ASN1Primitive reqInfo = derin.readObject();
33 PKCS10CertificationRequest certReq = new PKCS10CertificationRequest((ASN1Sequence) reqInfo);
34
35 boolean rs = certReq.verify();
36 @@ -413,11 +414,11 @@
37 X509Extension ext;
38
39 // handle key usage ext
40 - ext = extensions.getExtension(X509Extensions.KeyUsage);
41 + ext = extensions.getExtension(X509Extension.keyUsage);
42 if (ext != null) {
43
44 // TBD: handle this better
45 - if (extSet != null && (extSet.get(X509Extensions.KeyUsage.getId()) != null)) {
46 + if (extSet != null && (extSet.get(X509Extension.keyUsage.getId()) != null)) {
47 String err = i18n.getMessage("keyUsageExt");
48 throw new GeneralSecurityException(err);
49 }
50 @@ -437,7 +438,7 @@
51
52 bits = new DERBitString(bytes, bits.getPadBits());
53
54 - certGen.addExtension(X509Extensions.KeyUsage, ext.isCritical(), bits);
55 + certGen.addExtension(X509Extension.keyUsage, ext.isCritical(), bits);
56 }
57 }
58
59 @@ -481,7 +482,7 @@
60 X509NameHelper issuer = new X509NameHelper(issuerDN);
61
62 X509NameHelper subject = new X509NameHelper(issuerDN);
63 - subject.add(X509Name.CN, (cnValue == null) ? delegDN : cnValue);
64 + subject.add(BCStyle.CN, (cnValue == null) ? delegDN : cnValue);
65
66 certGen.setSubjectDN(subject.getAsName());
67 certGen.setIssuerDN(issuer.getAsName());
68 @@ -572,7 +573,7 @@
69 String cnValue) throws IOException, GeneralSecurityException {
70
71 ASN1InputStream derin = new ASN1InputStream(certRequestInputStream);
72 - DERObject reqInfo = derin.readObject();
73 + ASN1Primitive reqInfo = derin.readObject();
74 PKCS10CertificationRequest certReq = new PKCS10CertificationRequest((ASN1Sequence) reqInfo);
75
76 boolean rs = certReq.verify();
77 @@ -831,11 +832,11 @@
78 X509Extension ext;
79
80 // handle key usage ext
81 - ext = extensions.getExtension(X509Extensions.KeyUsage);
82 + ext = extensions.getExtension(X509Extension.keyUsage);
83 if (ext != null) {
84
85 // TBD: handle this better
86 - if (extSet != null && (extSet.get(X509Extensions.KeyUsage.getId()) != null)) {
87 + if (extSet != null && (extSet.get(X509Extension.keyUsage.getId()) != null)) {
88 String err = i18n.getMessage("keyUsageExt");
89 throw new GeneralSecurityException(err);
90 }
91 @@ -855,7 +856,7 @@
92
93 bits = new DERBitString(bytes, bits.getPadBits());
94
95 - certGen.addExtension(X509Extensions.KeyUsage, ext.isCritical(), bits);
96 + certGen.addExtension(X509Extension.keyUsage, ext.isCritical(), bits);
97 }
98 }
99
100 @@ -897,7 +898,7 @@
101 }
102 X509NameHelper issuer = new X509NameHelper(issuerDN);
103 X509NameHelper subject = new X509NameHelper(issuerDN);
104 - subject.add(X509Name.CN, (cnValue == null) ? delegDN : cnValue);
105 + subject.add(BCStyle.CN, (cnValue == null) ? delegDN : cnValue);
106
107 certGen.setSubjectDN(subject.getAsName());
108 certGen.setIssuerDN(issuer.getAsName());
109 @@ -936,9 +937,9 @@
110 */
111 public X509Certificate loadCertificate(InputStream in) throws IOException, GeneralSecurityException {
112 ASN1InputStream derin = new ASN1InputStream(in);
113 - DERObject certInfo = derin.readObject();
114 + ASN1Primitive certInfo = derin.readObject();
115 ASN1Sequence seq = ASN1Sequence.getInstance(certInfo);
116 - return new X509CertificateObject(new X509CertificateStructure(seq));
117 + return new X509CertificateObject(Certificate.getInstance(seq));
118 }
119
120 /**
121 diff -ur JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleOpenSSLKey.java JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleOpenSSLKey.java
122 --- JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleOpenSSLKey.java 2013-08-13 05:53:37.000000000 +0200
123 +++ JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleOpenSSLKey.java 2013-08-14 22:44:40.963763748 +0200
124 @@ -28,8 +28,8 @@
125 import java.security.interfaces.RSAPrivateCrtKey;
126 import java.security.spec.PKCS8EncodedKeySpec;
127 import org.bouncycastle.asn1.ASN1InputStream;
128 +import org.bouncycastle.asn1.ASN1Primitive;
129 import org.bouncycastle.asn1.ASN1Sequence;
130 -import org.bouncycastle.asn1.DERObject;
131 import org.bouncycastle.asn1.DERObjectIdentifier;
132 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
133 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
134 @@ -121,12 +121,12 @@
135 }
136 ByteArrayInputStream bis = new ByteArrayInputStream(data);
137 ASN1InputStream derin = new ASN1InputStream(bis);
138 - DERObject keyInfo = derin.readObject();
139 + ASN1Primitive keyInfo = derin.readObject();
140
141 DERObjectIdentifier rsaOid = PKCSObjectIdentifiers.rsaEncryption;
142 AlgorithmIdentifier rsa = new AlgorithmIdentifier(rsaOid);
143 PrivateKeyInfo pkeyinfo = new PrivateKeyInfo(rsa, keyInfo);
144 - DERObject derkey = pkeyinfo.getDERObject();
145 + ASN1Primitive derkey = pkeyinfo.toASN1Primitive();
146 byte[] keyData = BouncyCastleUtil.toByteArray(derkey);
147 // The DER object needs to be mangled to
148 // create a proper ProvateKeyInfo object
149 @@ -150,10 +150,10 @@
150 && (format.equalsIgnoreCase("PKCS#8") || format
151 .equalsIgnoreCase("PKCS8"))) {
152 try {
153 - DERObject keyInfo = BouncyCastleUtil.toDERObject(key
154 + ASN1Primitive keyInfo = BouncyCastleUtil.toASN1Primitive(key
155 .getEncoded());
156 PrivateKeyInfo pkey = new PrivateKeyInfo((ASN1Sequence) keyInfo);
157 - DERObject derKey = pkey.getPrivateKey();
158 + ASN1Primitive derKey = pkey.getPrivateKey();
159 return BouncyCastleUtil.toByteArray(derKey);
160 } catch (IOException e) {
161 // that should never happen
162 @@ -169,7 +169,7 @@
163 .getPrivateExponent(), pKey.getPrimeP(), pKey.getPrimeQ(),
164 pKey.getPrimeExponentP(), pKey.getPrimeExponentQ(), pKey
165 .getCrtCoefficient());
166 - DERObject ob = st.getDERObject();
167 + ASN1Primitive ob = st.toASN1Primitive();
168
169 try {
170 return BouncyCastleUtil.toByteArray(ob);
171 diff -ur JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleUtil.java JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleUtil.java
172 --- JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleUtil.java 2013-08-13 05:53:37.000000000 +0200
173 +++ JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleUtil.java 2013-08-14 22:44:40.963763748 +0200
174 @@ -30,16 +30,15 @@
175
176 import org.bouncycastle.asn1.ASN1InputStream;
177 import org.bouncycastle.asn1.ASN1OctetString;
178 +import org.bouncycastle.asn1.ASN1Primitive;
179 import org.bouncycastle.asn1.ASN1Sequence;
180 import org.bouncycastle.asn1.ASN1Set;
181 +import org.bouncycastle.asn1.ASN1String;
182 import org.bouncycastle.asn1.DERBitString;
183 -import org.bouncycastle.asn1.DERBoolean;
184 -import org.bouncycastle.asn1.DEREncodable;
185 -import org.bouncycastle.asn1.DERInteger;
186 -import org.bouncycastle.asn1.DERObject;
187 import org.bouncycastle.asn1.DERObjectIdentifier;
188 import org.bouncycastle.asn1.DEROutputStream;
189 -import org.bouncycastle.asn1.DERString;
190 +import org.bouncycastle.asn1.x500.X500Name;
191 +import org.bouncycastle.asn1.x500.style.BCStyle;
192 import org.bouncycastle.asn1.x509.BasicConstraints;
193 import org.bouncycastle.asn1.x509.TBSCertificateStructure;
194 import org.bouncycastle.asn1.x509.X509Extension;
195 @@ -76,7 +75,7 @@
196 * @return the DER-encoded byte array
197 * @exception IOException if conversion fails
198 */
199 - public static byte[] toByteArray(DERObject obj)
200 + public static byte[] toByteArray(ASN1Primitive obj)
201 throws IOException {
202 ByteArrayOutputStream bout = new ByteArrayOutputStream();
203 DEROutputStream der = new DEROutputStream(bout);
204 @@ -92,7 +91,7 @@
205 * @return the DERObject.
206 * @exception IOException if conversion fails
207 */
208 - public static DERObject toDERObject(byte[] data)
209 + public static ASN1Primitive toASN1Primitive(byte[] data)
210 throws IOException {
211 ByteArrayInputStream inStream = new ByteArrayInputStream(data);
212 ASN1InputStream derInputStream = new ASN1InputStream(inStream);
213 @@ -108,9 +107,9 @@
214 * @return a copy of the DERObject.
215 * @exception IOException if replication fails
216 */
217 - public static DERObject duplicate(DERObject obj)
218 + public static ASN1Primitive duplicate(ASN1Primitive obj)
219 throws IOException {
220 - return toDERObject(toByteArray(obj));
221 + return toASN1Primitive(toByteArray(obj));
222 }
223
224 /**
225 @@ -123,7 +122,7 @@
226 */
227 public static TBSCertificateStructure getTBSCertificateStructure(X509Certificate cert)
228 throws CertificateEncodingException, IOException {
229 - DERObject obj = BouncyCastleUtil.toDERObject(cert.getTBSCertificate());
230 + ASN1Primitive obj = BouncyCastleUtil.toASN1Primitive(cert.getTBSCertificate());
231 return TBSCertificateStructure.getInstance(obj);
232 }
233
234 @@ -133,9 +132,9 @@
235 * @param ext the certificate extension to extract the value from.
236 * @exception IOException if extraction fails.
237 */
238 - public static DERObject getExtensionObject(X509Extension ext)
239 + public static ASN1Primitive getExtensionObject(X509Extension ext)
240 throws IOException {
241 - return toDERObject(ext.getValue().getOctets());
242 + return toASN1Primitive(ext.getValue().getOctets());
243 }
244
245 /**
246 @@ -295,9 +294,9 @@
247 X509Extension ext = null;
248
249 if (extensions != null) {
250 - ext = extensions.getExtension(X509Extensions.BasicConstraints);
251 + ext = extensions.getExtension(X509Extension.basicConstraints);
252 if (ext != null) {
253 - BasicConstraints basicExt = getBasicConstraints(ext);
254 + BasicConstraints basicExt = BasicConstraints.getInstance(ext);
255 if (basicExt.isCA()) {
256 return GSIConstants.CertificateType.CA;
257 }
258 @@ -307,12 +306,12 @@
259 GSIConstants.CertificateType type = GSIConstants.CertificateType.EEC;
260
261 // does not handle multiple AVAs
262 - X509Name subject = crt.getSubject();
263 + X500Name subject = crt.getSubject();
264
265 ASN1Set entry = X509NameHelper.getLastNameEntry(subject);
266 ASN1Sequence ava = (ASN1Sequence)entry.getObjectAt(0);
267 - if (X509Name.CN.equals(ava.getObjectAt(0))) {
268 - String value = ((DERString)ava.getObjectAt(1)).getString();
269 + if (BCStyle.CN.equals(ava.getObjectAt(0))) {
270 + String value = ((ASN1String)ava.getObjectAt(1)).getString();
271 if (value.equalsIgnoreCase("proxy")) {
272 type = GSIConstants.CertificateType.GSI_2_PROXY;
273 } else if (value.equalsIgnoreCase("limited proxy")) {
274 @@ -370,7 +369,7 @@
275 X509NameHelper iss = new X509NameHelper(crt.getIssuer());
276 iss.add((ASN1Set)BouncyCastleUtil.duplicate(entry));
277 X509Name issuer = iss.getAsName();
278 - if (!issuer.equals(subject)) {
279 + if (!issuer.equals(X509Name.getInstance(subject))) {
280 String err = i18n.getMessage("proxyDNErr");
281 throw new CertificateException(err);
282 }
283 @@ -404,36 +403,6 @@
284 }
285
286 /**
287 - * Creates a <code>BasicConstraints</code> object from given
288 - * extension.
289 - *
290 - * @param ext the extension.
291 - * @return the <code>BasicConstraints</code> object.
292 - * @exception IOException if something fails.
293 - */
294 - public static BasicConstraints getBasicConstraints(X509Extension ext)
295 - throws IOException {
296 - DERObject obj = BouncyCastleUtil.getExtensionObject(ext);
297 - if (obj instanceof ASN1Sequence) {
298 - ASN1Sequence seq = (ASN1Sequence)obj;
299 - int size = seq.size();
300 - if (size == 0) {
301 - return new BasicConstraints(false);
302 - } else if (size == 1) {
303 - DEREncodable value = seq.getObjectAt(0);
304 - if (value instanceof DERInteger) {
305 - int length = ((DERInteger)value).getValue().intValue();
306 - return new BasicConstraints(false, length);
307 - } else if (value instanceof DERBoolean) {
308 - boolean ca = ((DERBoolean)value).isTrue();
309 - return new BasicConstraints(ca);
310 - }
311 - }
312 - }
313 - return BasicConstraints.getInstance(obj);
314 - }
315 -
316 - /**
317 * Creates a <code>ProxyCertInfo</code> object from given
318 * extension.
319 *
320 @@ -531,7 +500,7 @@
321 throws IOException {
322 ByteArrayInputStream inStream = new ByteArrayInputStream(certExtValue);
323 ASN1InputStream derInputStream = new ASN1InputStream(inStream);
324 - DERObject object = derInputStream.readObject();
325 + ASN1Primitive object = derInputStream.readObject();
326 if (object instanceof ASN1OctetString) {
327 return ((ASN1OctetString)object).getOctets();
328 } else {
329 diff -ur JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleX509Extension.java JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleX509Extension.java
330 --- JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleX509Extension.java 2013-08-13 05:53:37.000000000 +0200
331 +++ JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleX509Extension.java 2013-08-14 22:44:40.963763748 +0200
332 @@ -16,7 +16,7 @@
333
334 import java.io.IOException;
335
336 -import org.bouncycastle.asn1.DEREncodable;
337 +import org.bouncycastle.asn1.ASN1Encodable;
338
339 import org.globus.gsi.X509Extension;
340
341 @@ -36,22 +36,22 @@
342 this(oid, false, null);
343 }
344
345 - public BouncyCastleX509Extension(String oid, DEREncodable value) {
346 + public BouncyCastleX509Extension(String oid, ASN1Encodable value) {
347 this(oid, false, value);
348 }
349
350 public BouncyCastleX509Extension(String oid, boolean critical,
351 - DEREncodable value) {
352 + ASN1Encodable value) {
353 super(oid, critical, null);
354 setValue(value);
355 }
356
357 - protected void setValue(DEREncodable value) {
358 + protected void setValue(ASN1Encodable value) {
359 if (value == null) {
360 return;
361 }
362 try {
363 - setValue(BouncyCastleUtil.toByteArray(value.getDERObject()));
364 + setValue(BouncyCastleUtil.toByteArray(value.toASN1Primitive()));
365 } catch (IOException e) {
366 throw new RuntimeException(i18n.getMessage("byteArrayErr") +
367 e.getMessage());
368 diff -ur JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/X509NameHelper.java JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/X509NameHelper.java
369 --- JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/X509NameHelper.java 2013-08-13 05:53:37.000000000 +0200
370 +++ JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/X509NameHelper.java 2013-08-14 22:44:40.963763748 +0200
371 @@ -21,11 +21,13 @@
372 import org.bouncycastle.asn1.ASN1EncodableVector;
373 import org.bouncycastle.asn1.ASN1Sequence;
374 import org.bouncycastle.asn1.ASN1Set;
375 +import org.bouncycastle.asn1.ASN1String;
376 import org.bouncycastle.asn1.DERObjectIdentifier;
377 import org.bouncycastle.asn1.DERPrintableString;
378 import org.bouncycastle.asn1.DERSequence;
379 import org.bouncycastle.asn1.DERSet;
380 -import org.bouncycastle.asn1.DERString;
381 +import org.bouncycastle.asn1.x500.RDN;
382 +import org.bouncycastle.asn1.x500.X500Name;
383 import org.bouncycastle.asn1.x509.X509Name;
384
385 /**
386 @@ -45,6 +47,21 @@
387 }
388
389 /**
390 + * Creates an instance using existing {@link X500Name X500Name}
391 + * object.
392 + * This behaves like a copy constructor.
393 + *
394 + * @param name existing <code>X500Name</code>
395 + */
396 + public X509NameHelper(X500Name name) {
397 + try {
398 + this.seq = (ASN1Sequence)BouncyCastleUtil.duplicate(name.toASN1Primitive());
399 + } catch (IOException e) {
400 + throw new RuntimeException(e.getMessage());
401 + }
402 + }
403 +
404 + /**
405 * Creates an instance using existing {@link X509Name X509Name}
406 * object.
407 * This behaves like a copy constructor.
408 @@ -53,7 +70,7 @@
409 */
410 public X509NameHelper(X509Name name) {
411 try {
412 - this.seq = (ASN1Sequence)BouncyCastleUtil.duplicate(name.getDERObject());
413 + this.seq = (ASN1Sequence)BouncyCastleUtil.duplicate(name.toASN1Primitive());
414 } catch (IOException e) {
415 throw new RuntimeException(e.getMessage());
416 }
417 @@ -72,8 +89,8 @@
418 * Appends the specified OID and value pair name component to the end of the
419 * current name.
420 *
421 - * @param oid the name component oid, e.g. {@link X509Name#CN
422 - * X509Name.CN}
423 + * @param oid the name component oid, e.g. {@link org.bouncycastle.asn1.x500.style.BCStyle#CN
424 + * BCStyle.CN}
425 * @param value the value (e.g. "proxy")
426 */
427 public void add(
428 @@ -125,10 +142,10 @@
429 *
430 * @return the last name component. Null if there is none.
431 */
432 - public static ASN1Set getLastNameEntry(X509Name name) {
433 - ASN1Sequence seq = (ASN1Sequence) name.getDERObject();
434 - int size = seq.size();
435 - return (size > 0) ? (ASN1Set) seq.getObjectAt(size - 1) : null;
436 + public static ASN1Set getLastNameEntry(X500Name name) {
437 + RDN[] rdns = name.getRDNs();
438 + int size = rdns.length;
439 + return (size > 0) ? (ASN1Set) rdns[size - 1].toASN1Primitive() : null;
440 }
441
442 /**
443 @@ -142,7 +159,7 @@
444 if (name == null) {
445 return null;
446 }
447 - return toString((ASN1Sequence)name.getDERObject());
448 + return toString((ASN1Sequence)name.toASN1Primitive());
449 }
450
451 private static String toString(ASN1Sequence seq) {
452 @@ -159,14 +176,14 @@
453 while (ee.hasMoreElements()) {
454 ASN1Sequence s = (ASN1Sequence)ee.nextElement();
455 DERObjectIdentifier oid = (DERObjectIdentifier)s.getObjectAt(0);
456 - String sym = (String)X509Name.OIDLookUp.get(oid);
457 + String sym = (String)X509Name.DefaultSymbols.get(oid);
458 if (sym == null) {
459 buf.append(oid.getId());
460 } else {
461 buf.append(sym);
462 }
463 buf.append('=');
464 - buf.append(((DERString)s.getObjectAt(1)).getString());
465 + buf.append(((ASN1String)s.getObjectAt(1)).getString());
466 if (ee.hasMoreElements()) {
467 buf.append('+');
468 }
469 diff -ur JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/proxy/ext/ProxyCertInfo.java JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/proxy/ext/ProxyCertInfo.java
470 --- JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/proxy/ext/ProxyCertInfo.java 2013-08-13 05:53:37.000000000 +0200
471 +++ JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/proxy/ext/ProxyCertInfo.java 2013-08-14 22:44:40.967763533 +0200
472 @@ -20,11 +20,11 @@
473
474 import java.io.IOException;
475
476 +import org.bouncycastle.asn1.ASN1Encodable;
477 import org.bouncycastle.asn1.ASN1EncodableVector;
478 +import org.bouncycastle.asn1.ASN1Primitive;
479 import org.bouncycastle.asn1.ASN1Sequence;
480 -import org.bouncycastle.asn1.DEREncodable;
481 import org.bouncycastle.asn1.DERInteger;
482 -import org.bouncycastle.asn1.DERObject;
483 import org.bouncycastle.asn1.DERSequence;
484
485 /**
486 @@ -34,7 +34,7 @@
487 * ProxyCertInfo ::= SEQUENCE { pCPathLenConstraint INTEGER (0..MAX) OPTIONAL, proxyPolicy ProxyPolicy }
488 * </PRE>
489 */
490 -public class ProxyCertInfo implements DEREncodable {
491 +public class ProxyCertInfo implements ASN1Encodable {
492
493 /** ProxyCertInfo extension OID */
494 public static final DERObjectIdentifier OID
495 @@ -111,9 +111,9 @@
496 } else if (obj instanceof ASN1Sequence) {
497 return new ProxyCertInfo((ASN1Sequence) obj);
498 } else if (obj instanceof byte[]) {
499 - DERObject derObj;
500 + ASN1Primitive derObj;
501 try {
502 - derObj = CertificateUtil.toDERObject((byte[]) obj);
503 + derObj = CertificateUtil.toASN1Primitive((byte[]) obj);
504 } catch (IOException e) {
505 throw new IllegalArgumentException(e.getMessage(), e);
506 }
507 @@ -129,14 +129,14 @@
508 *
509 * @return <code>DERObject</code> the encoded representation of the extension.
510 */
511 - public DERObject getDERObject() {
512 + public ASN1Primitive toASN1Primitive() {
513 ASN1EncodableVector vec = new ASN1EncodableVector();
514
515 if (this.pathLenConstraint != null) {
516 vec.add(this.pathLenConstraint);
517 }
518
519 - vec.add(this.proxyPolicy.getDERObject());
520 + vec.add(this.proxyPolicy.toASN1Primitive());
521
522 return new DERSequence(vec);
523 }
524 diff -ur JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/proxy/ext/ProxyPolicy.java JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/proxy/ext/ProxyPolicy.java
525 --- JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/proxy/ext/ProxyPolicy.java 2013-08-13 05:53:37.000000000 +0200
526 +++ JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/proxy/ext/ProxyPolicy.java 2013-08-14 22:44:40.967763533 +0200
527 @@ -14,10 +14,10 @@
528 */
529 package org.globus.gsi.proxy.ext;
530
531 +import org.bouncycastle.asn1.ASN1Encodable;
532 import org.bouncycastle.asn1.ASN1EncodableVector;
533 +import org.bouncycastle.asn1.ASN1Primitive;
534 import org.bouncycastle.asn1.ASN1Sequence;
535 -import org.bouncycastle.asn1.DEREncodable;
536 -import org.bouncycastle.asn1.DERObject;
537 import org.bouncycastle.asn1.DERObjectIdentifier;
538 import org.bouncycastle.asn1.DEROctetString;
539 import org.bouncycastle.asn1.DERSequence;
540 @@ -27,7 +27,7 @@
541 * Represents the policy part of the ProxyCertInfo extension. <BR> <PRE>
542 * ProxyPolicy ::= SEQUENCE { policyLanguage OBJECT IDENTIFIER, policy OCTET STRING OPTIONAL } </PRE>
543 */
544 -public class ProxyPolicy implements DEREncodable {
545 +public class ProxyPolicy implements ASN1Encodable {
546
547 /**
548 * Impersonation proxy OID
549 @@ -58,7 +58,7 @@
550 }
551 this.policyLanguage = (DERObjectIdentifier) seq.getObjectAt(0);
552 if (seq.size() > 1) {
553 - DEREncodable obj = seq.getObjectAt(1);
554 + ASN1Encodable obj = seq.getObjectAt(1);
555 if (obj instanceof DERTaggedObject) {
556 obj = ((DERTaggedObject) obj).getObject();
557 }
558 @@ -133,7 +133,7 @@
559 * @return <code>DERObject</code> the encoded representation of the proxy
560 * policy.
561 */
562 - public DERObject getDERObject() {
563 + public ASN1Primitive toASN1Primitive() {
564
565 ASN1EncodableVector vec = new ASN1EncodableVector();
566
567 diff -ur JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/trustmanager/X509ProxyCertPathValidator.java JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/trustmanager/X509ProxyCertPathValidator.java
568 --- JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/trustmanager/X509ProxyCertPathValidator.java 2013-08-13 05:53:37.000000000 +0200
569 +++ JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/trustmanager/X509ProxyCertPathValidator.java 2013-08-14 22:44:40.967763533 +0200
570 @@ -484,12 +484,12 @@
571 while (e.hasMoreElements()) {
572 oid = (DERObjectIdentifier) e.nextElement();
573 proxyExtension = extensions.getExtension(oid);
574 - if (oid.equals(X509Extensions.SubjectAlternativeName)
575 - || oid.equals(X509Extensions.IssuerAlternativeName)) {
576 + if (oid.equals(X509Extension.subjectAlternativeName)
577 + || oid.equals(X509Extension.issuerAlternativeName)) {
578 // No Alt name extensions - 3.2 & 3.5
579 throw new CertPathValidatorException(
580 "Proxy violation: no Subject or Issuer Alternative Name");
581 - } else if (oid.equals(X509Extensions.BasicConstraints)) {
582 + } else if (oid.equals(X509Extension.basicConstraints)) {
583 // Basic Constraint must not be true - 3.8
584 BasicConstraints basicExt =
585 CertificateUtil.getBasicConstraints(proxyExtension);
586 @@ -497,7 +497,7 @@
587 throw new CertPathValidatorException(
588 "Proxy violation: Basic Constraint CA is set to true");
589 }
590 - } else if (oid.equals(X509Extensions.KeyUsage)) {
591 + } else if (oid.equals(X509Extension.keyUsage)) {
592 proxyKeyUsage = proxyExtension;
593
594 checkKeyUsage(issuer, proxyExtension);
595 @@ -528,7 +528,7 @@
596 }
597
598 private void checkExtension(DERObjectIdentifier oid, X509Extension proxyExtension, X509Extension proxyKeyUsage) throws CertPathValidatorException {
599 - if (oid.equals(X509Extensions.KeyUsage)) {
600 + if (oid.equals(X509Extension.keyUsage)) {
601 // If issuer has it then proxy must have it also
602 if (proxyKeyUsage == null) {
603 throw new CertPathValidatorException(
604 diff -ur JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/util/CertificateIOUtil.java JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/util/CertificateIOUtil.java
605 --- JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/util/CertificateIOUtil.java 2013-08-13 05:53:37.000000000 +0200
606 +++ JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/util/CertificateIOUtil.java 2013-08-14 22:47:56.371780680 +0200
607 @@ -95,7 +95,7 @@
608 ByteArrayOutputStream bout = new ByteArrayOutputStream();
609 DEROutputStream der = new DEROutputStream(bout);
610 X509Name nm = (X509Name) subject;
611 - der.writeObject(nm.getDERObject());
612 + der.writeObject(nm.toASN1Primitive());
613 return bout.toByteArray();
614 } else {
615 throw new ClassCastException("unsupported input class: "
616 diff -ur JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/util/CertificateUtil.java JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/util/CertificateUtil.java
617 --- JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/util/CertificateUtil.java 2013-08-14 22:43:31.807764457 +0200
618 +++ JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/util/CertificateUtil.java 2013-08-14 22:49:38.231789154 +0200
619 @@ -59,12 +59,14 @@
620
621 import org.bouncycastle.asn1.ASN1InputStream;
622 import org.bouncycastle.asn1.ASN1Object;
623 +import org.bouncycastle.asn1.ASN1Primitive;
624 import org.bouncycastle.asn1.ASN1Sequence;
625 import org.bouncycastle.asn1.ASN1Set;
626 +import org.bouncycastle.asn1.ASN1String;
627 import org.bouncycastle.asn1.DERBitString;
628 -import org.bouncycastle.asn1.DERObject;
629 import org.bouncycastle.asn1.DERObjectIdentifier;
630 -import org.bouncycastle.asn1.DERString;
631 +import org.bouncycastle.asn1.x500.X500Name;
632 +import org.bouncycastle.asn1.x500.style.BCStyle;
633 import org.bouncycastle.asn1.x509.BasicConstraints;
634 import org.bouncycastle.asn1.x509.TBSCertificateStructure;
635 import org.bouncycastle.asn1.x509.X509Extension;
636 @@ -216,7 +218,7 @@
637 return -1;
638 }
639 X509Extension proxyExtension =
640 - extensions.getExtension(X509Extensions.BasicConstraints);
641 + extensions.getExtension(X509Extension.basicConstraints);
642 if (proxyExtension != null) {
643 BasicConstraints basicExt =
644 getBasicConstraints(proxyExtension);
645 @@ -310,7 +312,7 @@
646 X509Extension ext = null;
647
648 if (extensions != null) {
649 - ext = extensions.getExtension(X509Extensions.BasicConstraints);
650 + ext = extensions.getExtension(X509Extension.basicConstraints);
651 if (ext != null) {
652 BasicConstraints basicExt = getBasicConstraints(ext);
653 if (basicExt.isCA()) {
654 @@ -322,11 +324,11 @@
655 GSIConstants.CertificateType type = GSIConstants.CertificateType.EEC;
656
657 // does not handle multiple AVAs
658 - X509Name subject = crt.getSubject();
659 + X500Name subject = crt.getSubject();
660
661 ASN1Set entry = X509NameHelper.getLastNameEntry(subject);
662 ASN1Sequence ava = (ASN1Sequence) entry.getObjectAt(0);
663 - if (X509Name.CN.equals(ava.getObjectAt(0))) {
664 + if (BCStyle.CN.equals(ava.getObjectAt(0))) {
665 type = processCN(extensions, type, ava);
666 }
667
668 @@ -336,7 +338,7 @@
669 private static GSIConstants.CertificateType processCN(
670 X509Extensions extensions, GSIConstants.CertificateType type, ASN1Sequence ava) throws CertificateException {
671 X509Extension ext;
672 - String value = ((DERString) ava.getObjectAt(1)).getString();
673 + String value = ((ASN1String) ava.getObjectAt(1)).getString();
674 GSIConstants.CertificateType certType = type;
675 if (value.equalsIgnoreCase("proxy")) {
676 certType = GSIConstants.CertificateType.GSI_2_PROXY;
677 @@ -431,7 +433,7 @@
678 * @return the DERObject.
679 * @throws IOException if conversion fails
680 */
681 - public static DERObject toDERObject(byte[] data)
682 + public static ASN1Primitive toASN1Primitive(byte[] data)
683 throws IOException {
684 ByteArrayInputStream inStream = new ByteArrayInputStream(data);
685 ASN1InputStream derInputStream = new ASN1InputStream(inStream);
686 @@ -450,7 +452,7 @@
687 public static TBSCertificateStructure getTBSCertificateStructure(
688 X509Certificate cert)
689 throws CertificateEncodingException, IOException {
690 - DERObject obj = toDERObject(cert.getTBSCertificate());
691 + ASN1Primitive obj = toASN1Primitive(cert.getTBSCertificate());
692 return TBSCertificateStructure.getInstance(obj);
693 }
694
695 @@ -461,7 +463,7 @@
696 return new boolean[0];
697 }
698 X509Extension extension =
699 - extensions.getExtension(X509Extensions.KeyUsage);
700 + extensions.getExtension(X509Extension.keyUsage);
701 return (extension != null) ? getKeyUsage(extension) : new boolean[0];
702 }
703
704 @@ -494,9 +496,9 @@
705 * @param ext the certificate extension to extract the value from.
706 * @throws IOException if extraction fails.
707 */
708 - public static DERObject getExtensionObject(X509Extension ext)
709 + public static ASN1Primitive getExtensionObject(X509Extension ext)
710 throws IOException {
711 - return toDERObject(ext.getValue().getOctets());
712 + return toASN1Primitive(ext.getValue().getOctets());
713 }
714
715 /**
716 diff -ur JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/test/java/org/globus/gsi/bc/BouncyCastleCertProcessingFactoryTest.java JGlobus-jglobus-2.0.6/ssl-proxies/src/test/java/org/globus/gsi/bc/BouncyCastleCertProcessingFactoryTest.java
717 --- JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/test/java/org/globus/gsi/bc/BouncyCastleCertProcessingFactoryTest.java 2013-08-13 05:53:37.000000000 +0200
718 +++ JGlobus-jglobus-2.0.6/ssl-proxies/src/test/java/org/globus/gsi/bc/BouncyCastleCertProcessingFactoryTest.java 2013-08-14 22:44:40.971763313 +0200
719 @@ -26,6 +26,11 @@
720 import org.globus.gsi.proxy.ext.ProxyCertInfo;
721 import org.globus.gsi.proxy.ext.ProxyCertInfoExtension;
722
723 +import org.bouncycastle.asn1.ASN1Boolean;
724 +import org.bouncycastle.asn1.ASN1Encodable;
725 +import org.bouncycastle.asn1.ASN1Integer;
726 +import org.bouncycastle.asn1.DERBoolean;
727 +import org.bouncycastle.asn1.DERSequence;
728 import org.bouncycastle.asn1.x509.BasicConstraints;
729 import org.bouncycastle.asn1.x509.X509Extensions;
730
731 @@ -88,9 +93,10 @@
732 X509ExtensionSet extSet = new X509ExtensionSet();
733 ext = new X509Extension(oid, critical, expectedValue.getBytes());
734 extSet.add(ext);
735 -
736 - BasicConstraints constraints = new BasicConstraints(false, 15);
737 - ext = new BouncyCastleX509Extension(X509Extensions.BasicConstraints.getId(),
738 +
739 + DERSequence seq = new DERSequence(new ASN1Encodable[] { DERBoolean.FALSE, new ASN1Integer(15) });
740 + BasicConstraints constraints = BasicConstraints.getInstance(seq);
741 + ext = new BouncyCastleX509Extension(org.bouncycastle.asn1.x509.X509Extension.basicConstraints.getId(),
742 false, constraints);
743 extSet.add(ext);
744
745 diff -ur JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/test/java/org/globus/gsi/proxy/ext/ProxyCertInfoTest.java JGlobus-jglobus-2.0.6/ssl-proxies/src/test/java/org/globus/gsi/proxy/ext/ProxyCertInfoTest.java
746 --- JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/test/java/org/globus/gsi/proxy/ext/ProxyCertInfoTest.java 2013-08-13 05:53:37.000000000 +0200
747 +++ JGlobus-jglobus-2.0.6/ssl-proxies/src/test/java/org/globus/gsi/proxy/ext/ProxyCertInfoTest.java 2013-08-14 22:44:40.971763313 +0200
748 @@ -24,7 +24,7 @@
749
750 import org.bouncycastle.asn1.DERObjectIdentifier;
751 import org.bouncycastle.asn1.DEROutputStream;
752 -import org.bouncycastle.asn1.DERObject;
753 +import org.bouncycastle.asn1.ASN1Primitive;
754 import org.bouncycastle.asn1.ASN1Sequence;
755
756 import junit.framework.TestCase;
757 @@ -63,7 +63,7 @@
758 ByteArrayInputStream bIn =
759 new ByteArrayInputStream(bOut.toByteArray());
760 ASN1InputStream dIn = new ASN1InputStream(bIn);
761 - DERObject obj = dIn.readObject();
762 + ASN1Primitive obj = dIn.readObject();
763
764 assertTrue(obj instanceof ASN1Sequence);
765
766 @@ -112,7 +112,7 @@
767 ByteArrayInputStream bIn =
768 new ByteArrayInputStream(bOut.toByteArray());
769 ASN1InputStream dIn = new ASN1InputStream(bIn);
770 - DERObject obj = dIn.readObject();
771 + ASN1Primitive obj = dIn.readObject();
772
773 ProxyCertInfo testInfo = new ProxyCertInfo((ASN1Sequence)obj);
774
+0
-775
debian/patches/jglobus-bc149.patch less more
0 diff -ur JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleCertProcessingFactory.java JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleCertProcessingFactory.java
1 --- JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleCertProcessingFactory.java 2013-08-14 22:43:31.807764457 +0200
2 +++ JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleCertProcessingFactory.java 2013-08-14 22:44:40.963763748 +0200
3 @@ -14,6 +14,7 @@
4 */
5 package org.globus.gsi.bc;
6
7 +import org.bouncycastle.asn1.x500.style.BCStyle;
8 import org.globus.gsi.util.CertificateLoadUtil;
9 import org.globus.gsi.util.ProxyCertificateUtil;
10
11 @@ -48,13 +49,13 @@
12 import org.bouncycastle.jce.PKCS10CertificationRequest;
13 import org.bouncycastle.jce.provider.X509CertificateObject;
14 import org.bouncycastle.asn1.DERSet;
15 -import org.bouncycastle.asn1.DERObject;
16 import org.bouncycastle.asn1.DERBitString;
17 import org.bouncycastle.asn1.x509.X509Name;
18 +import org.bouncycastle.asn1.ASN1Primitive;
19 import org.bouncycastle.asn1.ASN1InputStream;
20 import org.bouncycastle.asn1.ASN1Sequence;
21 +import org.bouncycastle.asn1.x509.Certificate;
22 import org.bouncycastle.asn1.x509.TBSCertificateStructure;
23 -import org.bouncycastle.asn1.x509.X509CertificateStructure;
24 import org.bouncycastle.asn1.x509.X509Extensions;
25 import org.bouncycastle.asn1.x509.X509Extension;
26 import org.bouncycastle.asn1.x509.KeyUsage;
27 @@ -149,7 +150,7 @@
28 throws IOException, GeneralSecurityException {
29
30 ASN1InputStream derin = new ASN1InputStream(certRequestInputStream);
31 - DERObject reqInfo = derin.readObject();
32 + ASN1Primitive reqInfo = derin.readObject();
33 PKCS10CertificationRequest certReq = new PKCS10CertificationRequest((ASN1Sequence) reqInfo);
34
35 boolean rs = certReq.verify();
36 @@ -413,11 +414,11 @@
37 X509Extension ext;
38
39 // handle key usage ext
40 - ext = extensions.getExtension(X509Extensions.KeyUsage);
41 + ext = extensions.getExtension(X509Extension.keyUsage);
42 if (ext != null) {
43
44 // TBD: handle this better
45 - if (extSet != null && (extSet.get(X509Extensions.KeyUsage.getId()) != null)) {
46 + if (extSet != null && (extSet.get(X509Extension.keyUsage.getId()) != null)) {
47 String err = i18n.getMessage("keyUsageExt");
48 throw new GeneralSecurityException(err);
49 }
50 @@ -437,7 +438,7 @@
51
52 bits = new DERBitString(bytes, bits.getPadBits());
53
54 - certGen.addExtension(X509Extensions.KeyUsage, ext.isCritical(), bits);
55 + certGen.addExtension(X509Extension.keyUsage, ext.isCritical(), bits);
56 }
57 }
58
59 @@ -481,7 +482,7 @@
60 X509NameHelper issuer = new X509NameHelper(issuerDN);
61
62 X509NameHelper subject = new X509NameHelper(issuerDN);
63 - subject.add(X509Name.CN, (cnValue == null) ? delegDN : cnValue);
64 + subject.add(BCStyle.CN, (cnValue == null) ? delegDN : cnValue);
65
66 certGen.setSubjectDN(subject.getAsName());
67 certGen.setIssuerDN(issuer.getAsName());
68 @@ -572,7 +573,7 @@
69 String cnValue) throws IOException, GeneralSecurityException {
70
71 ASN1InputStream derin = new ASN1InputStream(certRequestInputStream);
72 - DERObject reqInfo = derin.readObject();
73 + ASN1Primitive reqInfo = derin.readObject();
74 PKCS10CertificationRequest certReq = new PKCS10CertificationRequest((ASN1Sequence) reqInfo);
75
76 boolean rs = certReq.verify();
77 @@ -831,11 +832,11 @@
78 X509Extension ext;
79
80 // handle key usage ext
81 - ext = extensions.getExtension(X509Extensions.KeyUsage);
82 + ext = extensions.getExtension(X509Extension.keyUsage);
83 if (ext != null) {
84
85 // TBD: handle this better
86 - if (extSet != null && (extSet.get(X509Extensions.KeyUsage.getId()) != null)) {
87 + if (extSet != null && (extSet.get(X509Extension.keyUsage.getId()) != null)) {
88 String err = i18n.getMessage("keyUsageExt");
89 throw new GeneralSecurityException(err);
90 }
91 @@ -855,7 +856,7 @@
92
93 bits = new DERBitString(bytes, bits.getPadBits());
94
95 - certGen.addExtension(X509Extensions.KeyUsage, ext.isCritical(), bits);
96 + certGen.addExtension(X509Extension.keyUsage, ext.isCritical(), bits);
97 }
98 }
99
100 @@ -897,7 +898,7 @@
101 }
102 X509NameHelper issuer = new X509NameHelper(issuerDN);
103 X509NameHelper subject = new X509NameHelper(issuerDN);
104 - subject.add(X509Name.CN, (cnValue == null) ? delegDN : cnValue);
105 + subject.add(BCStyle.CN, (cnValue == null) ? delegDN : cnValue);
106
107 certGen.setSubjectDN(subject.getAsName());
108 certGen.setIssuerDN(issuer.getAsName());
109 @@ -936,9 +937,9 @@
110 */
111 public X509Certificate loadCertificate(InputStream in) throws IOException, GeneralSecurityException {
112 ASN1InputStream derin = new ASN1InputStream(in);
113 - DERObject certInfo = derin.readObject();
114 + ASN1Primitive certInfo = derin.readObject();
115 ASN1Sequence seq = ASN1Sequence.getInstance(certInfo);
116 - return new X509CertificateObject(new X509CertificateStructure(seq));
117 + return new X509CertificateObject(Certificate.getInstance(seq));
118 }
119
120 /**
121 diff -ur JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleOpenSSLKey.java JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleOpenSSLKey.java
122 --- JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleOpenSSLKey.java 2013-08-13 05:53:37.000000000 +0200
123 +++ JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleOpenSSLKey.java 2013-08-14 22:44:40.963763748 +0200
124 @@ -28,8 +28,8 @@
125 import java.security.interfaces.RSAPrivateCrtKey;
126 import java.security.spec.PKCS8EncodedKeySpec;
127 import org.bouncycastle.asn1.ASN1InputStream;
128 +import org.bouncycastle.asn1.ASN1Primitive;
129 import org.bouncycastle.asn1.ASN1Sequence;
130 -import org.bouncycastle.asn1.DERObject;
131 import org.bouncycastle.asn1.DERObjectIdentifier;
132 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
133 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
134 @@ -121,12 +121,12 @@
135 }
136 ByteArrayInputStream bis = new ByteArrayInputStream(data);
137 ASN1InputStream derin = new ASN1InputStream(bis);
138 - DERObject keyInfo = derin.readObject();
139 + ASN1Primitive keyInfo = derin.readObject();
140
141 DERObjectIdentifier rsaOid = PKCSObjectIdentifiers.rsaEncryption;
142 AlgorithmIdentifier rsa = new AlgorithmIdentifier(rsaOid);
143 PrivateKeyInfo pkeyinfo = new PrivateKeyInfo(rsa, keyInfo);
144 - DERObject derkey = pkeyinfo.getDERObject();
145 + ASN1Primitive derkey = pkeyinfo.toASN1Primitive();
146 byte[] keyData = BouncyCastleUtil.toByteArray(derkey);
147 // The DER object needs to be mangled to
148 // create a proper ProvateKeyInfo object
149 @@ -150,10 +150,10 @@
150 && (format.equalsIgnoreCase("PKCS#8") || format
151 .equalsIgnoreCase("PKCS8"))) {
152 try {
153 - DERObject keyInfo = BouncyCastleUtil.toDERObject(key
154 + ASN1Primitive keyInfo = BouncyCastleUtil.toASN1Primitive(key
155 .getEncoded());
156 PrivateKeyInfo pkey = new PrivateKeyInfo((ASN1Sequence) keyInfo);
157 - DERObject derKey = pkey.getPrivateKey();
158 + ASN1Primitive derKey = pkey.getPrivateKey();
159 return BouncyCastleUtil.toByteArray(derKey);
160 } catch (IOException e) {
161 // that should never happen
162 @@ -169,7 +169,7 @@
163 .getPrivateExponent(), pKey.getPrimeP(), pKey.getPrimeQ(),
164 pKey.getPrimeExponentP(), pKey.getPrimeExponentQ(), pKey
165 .getCrtCoefficient());
166 - DERObject ob = st.getDERObject();
167 + ASN1Primitive ob = st.toASN1Primitive();
168
169 try {
170 return BouncyCastleUtil.toByteArray(ob);
171 diff -ur JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleUtil.java JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleUtil.java
172 --- JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleUtil.java 2013-08-13 05:53:37.000000000 +0200
173 +++ JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleUtil.java 2013-08-14 22:44:40.963763748 +0200
174 @@ -30,16 +30,15 @@
175
176 import org.bouncycastle.asn1.ASN1InputStream;
177 import org.bouncycastle.asn1.ASN1OctetString;
178 +import org.bouncycastle.asn1.ASN1Primitive;
179 import org.bouncycastle.asn1.ASN1Sequence;
180 import org.bouncycastle.asn1.ASN1Set;
181 +import org.bouncycastle.asn1.ASN1String;
182 import org.bouncycastle.asn1.DERBitString;
183 -import org.bouncycastle.asn1.DERBoolean;
184 -import org.bouncycastle.asn1.DEREncodable;
185 -import org.bouncycastle.asn1.DERInteger;
186 -import org.bouncycastle.asn1.DERObject;
187 import org.bouncycastle.asn1.DERObjectIdentifier;
188 import org.bouncycastle.asn1.DEROutputStream;
189 -import org.bouncycastle.asn1.DERString;
190 +import org.bouncycastle.asn1.x500.X500Name;
191 +import org.bouncycastle.asn1.x500.style.BCStyle;
192 import org.bouncycastle.asn1.x509.BasicConstraints;
193 import org.bouncycastle.asn1.x509.TBSCertificateStructure;
194 import org.bouncycastle.asn1.x509.X509Extension;
195 @@ -76,7 +75,7 @@
196 * @return the DER-encoded byte array
197 * @exception IOException if conversion fails
198 */
199 - public static byte[] toByteArray(DERObject obj)
200 + public static byte[] toByteArray(ASN1Primitive obj)
201 throws IOException {
202 ByteArrayOutputStream bout = new ByteArrayOutputStream();
203 DEROutputStream der = new DEROutputStream(bout);
204 @@ -92,7 +91,7 @@
205 * @return the DERObject.
206 * @exception IOException if conversion fails
207 */
208 - public static DERObject toDERObject(byte[] data)
209 + public static ASN1Primitive toASN1Primitive(byte[] data)
210 throws IOException {
211 ByteArrayInputStream inStream = new ByteArrayInputStream(data);
212 ASN1InputStream derInputStream = new ASN1InputStream(inStream);
213 @@ -108,9 +107,9 @@
214 * @return a copy of the DERObject.
215 * @exception IOException if replication fails
216 */
217 - public static DERObject duplicate(DERObject obj)
218 + public static ASN1Primitive duplicate(ASN1Primitive obj)
219 throws IOException {
220 - return toDERObject(toByteArray(obj));
221 + return toASN1Primitive(toByteArray(obj));
222 }
223
224 /**
225 @@ -123,7 +122,7 @@
226 */
227 public static TBSCertificateStructure getTBSCertificateStructure(X509Certificate cert)
228 throws CertificateEncodingException, IOException {
229 - DERObject obj = BouncyCastleUtil.toDERObject(cert.getTBSCertificate());
230 + ASN1Primitive obj = BouncyCastleUtil.toASN1Primitive(cert.getTBSCertificate());
231 return TBSCertificateStructure.getInstance(obj);
232 }
233
234 @@ -133,9 +132,9 @@
235 * @param ext the certificate extension to extract the value from.
236 * @exception IOException if extraction fails.
237 */
238 - public static DERObject getExtensionObject(X509Extension ext)
239 + public static ASN1Primitive getExtensionObject(X509Extension ext)
240 throws IOException {
241 - return toDERObject(ext.getValue().getOctets());
242 + return toASN1Primitive(ext.getValue().getOctets());
243 }
244
245 /**
246 @@ -295,9 +294,9 @@
247 X509Extension ext = null;
248
249 if (extensions != null) {
250 - ext = extensions.getExtension(X509Extensions.BasicConstraints);
251 + ext = extensions.getExtension(X509Extension.basicConstraints);
252 if (ext != null) {
253 - BasicConstraints basicExt = getBasicConstraints(ext);
254 + BasicConstraints basicExt = BasicConstraints.getInstance(ext);
255 if (basicExt.isCA()) {
256 return GSIConstants.CertificateType.CA;
257 }
258 @@ -307,12 +306,12 @@
259 GSIConstants.CertificateType type = GSIConstants.CertificateType.EEC;
260
261 // does not handle multiple AVAs
262 - X509Name subject = crt.getSubject();
263 + X500Name subject = crt.getSubject();
264
265 ASN1Set entry = X509NameHelper.getLastNameEntry(subject);
266 ASN1Sequence ava = (ASN1Sequence)entry.getObjectAt(0);
267 - if (X509Name.CN.equals(ava.getObjectAt(0))) {
268 - String value = ((DERString)ava.getObjectAt(1)).getString();
269 + if (BCStyle.CN.equals(ava.getObjectAt(0))) {
270 + String value = ((ASN1String)ava.getObjectAt(1)).getString();
271 if (value.equalsIgnoreCase("proxy")) {
272 type = GSIConstants.CertificateType.GSI_2_PROXY;
273 } else if (value.equalsIgnoreCase("limited proxy")) {
274 @@ -370,7 +369,7 @@
275 X509NameHelper iss = new X509NameHelper(crt.getIssuer());
276 iss.add((ASN1Set)BouncyCastleUtil.duplicate(entry));
277 X509Name issuer = iss.getAsName();
278 - if (!issuer.equals(subject)) {
279 + if (!issuer.equals(X509Name.getInstance(subject))) {
280 String err = i18n.getMessage("proxyDNErr");
281 throw new CertificateException(err);
282 }
283 @@ -404,36 +403,6 @@
284 }
285
286 /**
287 - * Creates a <code>BasicConstraints</code> object from given
288 - * extension.
289 - *
290 - * @param ext the extension.
291 - * @return the <code>BasicConstraints</code> object.
292 - * @exception IOException if something fails.
293 - */
294 - public static BasicConstraints getBasicConstraints(X509Extension ext)
295 - throws IOException {
296 - DERObject obj = BouncyCastleUtil.getExtensionObject(ext);
297 - if (obj instanceof ASN1Sequence) {
298 - ASN1Sequence seq = (ASN1Sequence)obj;
299 - int size = seq.size();
300 - if (size == 0) {
301 - return new BasicConstraints(false);
302 - } else if (size == 1) {
303 - DEREncodable value = seq.getObjectAt(0);
304 - if (value instanceof DERInteger) {
305 - int length = ((DERInteger)value).getValue().intValue();
306 - return new BasicConstraints(false, length);
307 - } else if (value instanceof DERBoolean) {
308 - boolean ca = ((DERBoolean)value).isTrue();
309 - return new BasicConstraints(ca);
310 - }
311 - }
312 - }
313 - return BasicConstraints.getInstance(obj);
314 - }
315 -
316 - /**
317 * Creates a <code>ProxyCertInfo</code> object from given
318 * extension.
319 *
320 @@ -531,7 +500,7 @@
321 throws IOException {
322 ByteArrayInputStream inStream = new ByteArrayInputStream(certExtValue);
323 ASN1InputStream derInputStream = new ASN1InputStream(inStream);
324 - DERObject object = derInputStream.readObject();
325 + ASN1Primitive object = derInputStream.readObject();
326 if (object instanceof ASN1OctetString) {
327 return ((ASN1OctetString)object).getOctets();
328 } else {
329 diff -ur JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleX509Extension.java JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleX509Extension.java
330 --- JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleX509Extension.java 2013-08-13 05:53:37.000000000 +0200
331 +++ JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleX509Extension.java 2013-08-14 22:44:40.963763748 +0200
332 @@ -16,7 +16,7 @@
333
334 import java.io.IOException;
335
336 -import org.bouncycastle.asn1.DEREncodable;
337 +import org.bouncycastle.asn1.ASN1Encodable;
338
339 import org.globus.gsi.X509Extension;
340
341 @@ -36,22 +36,22 @@
342 this(oid, false, null);
343 }
344
345 - public BouncyCastleX509Extension(String oid, DEREncodable value) {
346 + public BouncyCastleX509Extension(String oid, ASN1Encodable value) {
347 this(oid, false, value);
348 }
349
350 public BouncyCastleX509Extension(String oid, boolean critical,
351 - DEREncodable value) {
352 + ASN1Encodable value) {
353 super(oid, critical, null);
354 setValue(value);
355 }
356
357 - protected void setValue(DEREncodable value) {
358 + protected void setValue(ASN1Encodable value) {
359 if (value == null) {
360 return;
361 }
362 try {
363 - setValue(BouncyCastleUtil.toByteArray(value.getDERObject()));
364 + setValue(BouncyCastleUtil.toByteArray(value.toASN1Primitive()));
365 } catch (IOException e) {
366 throw new RuntimeException(i18n.getMessage("byteArrayErr") +
367 e.getMessage());
368 diff -ur JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/X509NameHelper.java JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/X509NameHelper.java
369 --- JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/X509NameHelper.java 2013-08-13 05:53:37.000000000 +0200
370 +++ JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/X509NameHelper.java 2013-08-14 22:44:40.963763748 +0200
371 @@ -21,11 +21,13 @@
372 import org.bouncycastle.asn1.ASN1EncodableVector;
373 import org.bouncycastle.asn1.ASN1Sequence;
374 import org.bouncycastle.asn1.ASN1Set;
375 +import org.bouncycastle.asn1.ASN1String;
376 import org.bouncycastle.asn1.DERObjectIdentifier;
377 import org.bouncycastle.asn1.DERPrintableString;
378 import org.bouncycastle.asn1.DERSequence;
379 import org.bouncycastle.asn1.DERSet;
380 -import org.bouncycastle.asn1.DERString;
381 +import org.bouncycastle.asn1.x500.RDN;
382 +import org.bouncycastle.asn1.x500.X500Name;
383 import org.bouncycastle.asn1.x509.X509Name;
384
385 /**
386 @@ -45,6 +47,21 @@
387 }
388
389 /**
390 + * Creates an instance using existing {@link X500Name X500Name}
391 + * object.
392 + * This behaves like a copy constructor.
393 + *
394 + * @param name existing <code>X500Name</code>
395 + */
396 + public X509NameHelper(X500Name name) {
397 + try {
398 + this.seq = (ASN1Sequence)BouncyCastleUtil.duplicate(name.toASN1Primitive());
399 + } catch (IOException e) {
400 + throw new RuntimeException(e.getMessage());
401 + }
402 + }
403 +
404 + /**
405 * Creates an instance using existing {@link X509Name X509Name}
406 * object.
407 * This behaves like a copy constructor.
408 @@ -53,7 +70,7 @@
409 */
410 public X509NameHelper(X509Name name) {
411 try {
412 - this.seq = (ASN1Sequence)BouncyCastleUtil.duplicate(name.getDERObject());
413 + this.seq = (ASN1Sequence)BouncyCastleUtil.duplicate(name.toASN1Primitive());
414 } catch (IOException e) {
415 throw new RuntimeException(e.getMessage());
416 }
417 @@ -72,8 +89,8 @@
418 * Appends the specified OID and value pair name component to the end of the
419 * current name.
420 *
421 - * @param oid the name component oid, e.g. {@link X509Name#CN
422 - * X509Name.CN}
423 + * @param oid the name component oid, e.g. {@link org.bouncycastle.asn1.x500.style.BCStyle#CN
424 + * BCStyle.CN}
425 * @param value the value (e.g. "proxy")
426 */
427 public void add(
428 @@ -125,10 +142,10 @@
429 *
430 * @return the last name component. Null if there is none.
431 */
432 - public static ASN1Set getLastNameEntry(X509Name name) {
433 - ASN1Sequence seq = (ASN1Sequence) name.getDERObject();
434 - int size = seq.size();
435 - return (size > 0) ? (ASN1Set) seq.getObjectAt(size - 1) : null;
436 + public static ASN1Set getLastNameEntry(X500Name name) {
437 + RDN[] rdns = name.getRDNs();
438 + int size = rdns.length;
439 + return (size > 0) ? (ASN1Set) rdns[size - 1].toASN1Primitive() : null;
440 }
441
442 /**
443 @@ -142,7 +159,7 @@
444 if (name == null) {
445 return null;
446 }
447 - return toString((ASN1Sequence)name.getDERObject());
448 + return toString((ASN1Sequence)name.toASN1Primitive());
449 }
450
451 private static String toString(ASN1Sequence seq) {
452 @@ -159,14 +176,14 @@
453 while (ee.hasMoreElements()) {
454 ASN1Sequence s = (ASN1Sequence)ee.nextElement();
455 DERObjectIdentifier oid = (DERObjectIdentifier)s.getObjectAt(0);
456 - String sym = (String)X509Name.OIDLookUp.get(oid);
457 + String sym = (String)X509Name.DefaultSymbols.get(oid);
458 if (sym == null) {
459 buf.append(oid.getId());
460 } else {
461 buf.append(sym);
462 }
463 buf.append('=');
464 - buf.append(((DERString)s.getObjectAt(1)).getString());
465 + buf.append(((ASN1String)s.getObjectAt(1)).getString());
466 if (ee.hasMoreElements()) {
467 buf.append('+');
468 }
469 diff -ur JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/proxy/ext/ProxyCertInfo.java JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/proxy/ext/ProxyCertInfo.java
470 --- JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/proxy/ext/ProxyCertInfo.java 2013-08-13 05:53:37.000000000 +0200
471 +++ JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/proxy/ext/ProxyCertInfo.java 2013-08-14 22:44:40.967763533 +0200
472 @@ -20,11 +20,11 @@
473
474 import java.io.IOException;
475
476 +import org.bouncycastle.asn1.ASN1Encodable;
477 import org.bouncycastle.asn1.ASN1EncodableVector;
478 +import org.bouncycastle.asn1.ASN1Primitive;
479 import org.bouncycastle.asn1.ASN1Sequence;
480 -import org.bouncycastle.asn1.DEREncodable;
481 import org.bouncycastle.asn1.DERInteger;
482 -import org.bouncycastle.asn1.DERObject;
483 import org.bouncycastle.asn1.DERSequence;
484
485 /**
486 @@ -34,7 +34,7 @@
487 * ProxyCertInfo ::= SEQUENCE { pCPathLenConstraint INTEGER (0..MAX) OPTIONAL, proxyPolicy ProxyPolicy }
488 * </PRE>
489 */
490 -public class ProxyCertInfo implements DEREncodable {
491 +public class ProxyCertInfo implements ASN1Encodable {
492
493 /** ProxyCertInfo extension OID */
494 public static final DERObjectIdentifier OID
495 @@ -111,9 +111,9 @@
496 } else if (obj instanceof ASN1Sequence) {
497 return new ProxyCertInfo((ASN1Sequence) obj);
498 } else if (obj instanceof byte[]) {
499 - DERObject derObj;
500 + ASN1Primitive derObj;
501 try {
502 - derObj = CertificateUtil.toDERObject((byte[]) obj);
503 + derObj = CertificateUtil.toASN1Primitive((byte[]) obj);
504 } catch (IOException e) {
505 throw new IllegalArgumentException(e.getMessage(), e);
506 }
507 @@ -129,14 +129,14 @@
508 *
509 * @return <code>DERObject</code> the encoded representation of the extension.
510 */
511 - public DERObject getDERObject() {
512 + public ASN1Primitive toASN1Primitive() {
513 ASN1EncodableVector vec = new ASN1EncodableVector();
514
515 if (this.pathLenConstraint != null) {
516 vec.add(this.pathLenConstraint);
517 }
518
519 - vec.add(this.proxyPolicy.getDERObject());
520 + vec.add(this.proxyPolicy.toASN1Primitive());
521
522 return new DERSequence(vec);
523 }
524 diff -ur JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/proxy/ext/ProxyPolicy.java JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/proxy/ext/ProxyPolicy.java
525 --- JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/proxy/ext/ProxyPolicy.java 2013-08-13 05:53:37.000000000 +0200
526 +++ JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/proxy/ext/ProxyPolicy.java 2013-08-14 22:44:40.967763533 +0200
527 @@ -14,10 +14,10 @@
528 */
529 package org.globus.gsi.proxy.ext;
530
531 +import org.bouncycastle.asn1.ASN1Encodable;
532 import org.bouncycastle.asn1.ASN1EncodableVector;
533 +import org.bouncycastle.asn1.ASN1Primitive;
534 import org.bouncycastle.asn1.ASN1Sequence;
535 -import org.bouncycastle.asn1.DEREncodable;
536 -import org.bouncycastle.asn1.DERObject;
537 import org.bouncycastle.asn1.DERObjectIdentifier;
538 import org.bouncycastle.asn1.DEROctetString;
539 import org.bouncycastle.asn1.DERSequence;
540 @@ -27,7 +27,7 @@
541 * Represents the policy part of the ProxyCertInfo extension. <BR> <PRE>
542 * ProxyPolicy ::= SEQUENCE { policyLanguage OBJECT IDENTIFIER, policy OCTET STRING OPTIONAL } </PRE>
543 */
544 -public class ProxyPolicy implements DEREncodable {
545 +public class ProxyPolicy implements ASN1Encodable {
546
547 /**
548 * Impersonation proxy OID
549 @@ -58,7 +58,7 @@
550 }
551 this.policyLanguage = (DERObjectIdentifier) seq.getObjectAt(0);
552 if (seq.size() > 1) {
553 - DEREncodable obj = seq.getObjectAt(1);
554 + ASN1Encodable obj = seq.getObjectAt(1);
555 if (obj instanceof DERTaggedObject) {
556 obj = ((DERTaggedObject) obj).getObject();
557 }
558 @@ -133,7 +133,7 @@
559 * @return <code>DERObject</code> the encoded representation of the proxy
560 * policy.
561 */
562 - public DERObject getDERObject() {
563 + public ASN1Primitive toASN1Primitive() {
564
565 ASN1EncodableVector vec = new ASN1EncodableVector();
566
567 diff -ur JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/trustmanager/X509ProxyCertPathValidator.java JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/trustmanager/X509ProxyCertPathValidator.java
568 --- JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/trustmanager/X509ProxyCertPathValidator.java 2013-08-13 05:53:37.000000000 +0200
569 +++ JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/trustmanager/X509ProxyCertPathValidator.java 2013-08-14 22:44:40.967763533 +0200
570 @@ -484,12 +484,12 @@
571 while (e.hasMoreElements()) {
572 oid = (DERObjectIdentifier) e.nextElement();
573 proxyExtension = extensions.getExtension(oid);
574 - if (oid.equals(X509Extensions.SubjectAlternativeName)
575 - || oid.equals(X509Extensions.IssuerAlternativeName)) {
576 + if (oid.equals(X509Extension.subjectAlternativeName)
577 + || oid.equals(X509Extension.issuerAlternativeName)) {
578 // No Alt name extensions - 3.2 & 3.5
579 throw new CertPathValidatorException(
580 "Proxy violation: no Subject or Issuer Alternative Name");
581 - } else if (oid.equals(X509Extensions.BasicConstraints)) {
582 + } else if (oid.equals(X509Extension.basicConstraints)) {
583 // Basic Constraint must not be true - 3.8
584 BasicConstraints basicExt =
585 CertificateUtil.getBasicConstraints(proxyExtension);
586 @@ -497,7 +497,7 @@
587 throw new CertPathValidatorException(
588 "Proxy violation: Basic Constraint CA is set to true");
589 }
590 - } else if (oid.equals(X509Extensions.KeyUsage)) {
591 + } else if (oid.equals(X509Extension.keyUsage)) {
592 proxyKeyUsage = proxyExtension;
593
594 checkKeyUsage(issuer, proxyExtension);
595 @@ -528,7 +528,7 @@
596 }
597
598 private void checkExtension(DERObjectIdentifier oid, X509Extension proxyExtension, X509Extension proxyKeyUsage) throws CertPathValidatorException {
599 - if (oid.equals(X509Extensions.KeyUsage)) {
600 + if (oid.equals(X509Extension.keyUsage)) {
601 // If issuer has it then proxy must have it also
602 if (proxyKeyUsage == null) {
603 throw new CertPathValidatorException(
604 diff -ur JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/util/CertificateIOUtil.java JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/util/CertificateIOUtil.java
605 --- JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/util/CertificateIOUtil.java 2013-08-13 05:53:37.000000000 +0200
606 +++ JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/util/CertificateIOUtil.java 2013-08-14 22:47:56.371780680 +0200
607 @@ -95,7 +95,7 @@
608 ByteArrayOutputStream bout = new ByteArrayOutputStream();
609 DEROutputStream der = new DEROutputStream(bout);
610 X509Name nm = (X509Name) subject;
611 - der.writeObject(nm.getDERObject());
612 + der.writeObject(nm.toASN1Primitive());
613 return bout.toByteArray();
614 } else {
615 throw new ClassCastException("unsupported input class: "
616 diff -ur JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/util/CertificateUtil.java JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/util/CertificateUtil.java
617 --- JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/util/CertificateUtil.java 2013-08-14 22:43:31.807764457 +0200
618 +++ JGlobus-jglobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/util/CertificateUtil.java 2013-08-14 22:49:38.231789154 +0200
619 @@ -59,12 +59,14 @@
620
621 import org.bouncycastle.asn1.ASN1InputStream;
622 import org.bouncycastle.asn1.ASN1Object;
623 +import org.bouncycastle.asn1.ASN1Primitive;
624 import org.bouncycastle.asn1.ASN1Sequence;
625 import org.bouncycastle.asn1.ASN1Set;
626 +import org.bouncycastle.asn1.ASN1String;
627 import org.bouncycastle.asn1.DERBitString;
628 -import org.bouncycastle.asn1.DERObject;
629 import org.bouncycastle.asn1.DERObjectIdentifier;
630 -import org.bouncycastle.asn1.DERString;
631 +import org.bouncycastle.asn1.x500.X500Name;
632 +import org.bouncycastle.asn1.x500.style.BCStyle;
633 import org.bouncycastle.asn1.x509.BasicConstraints;
634 import org.bouncycastle.asn1.x509.TBSCertificateStructure;
635 import org.bouncycastle.asn1.x509.X509Extension;
636 @@ -216,7 +218,7 @@
637 return -1;
638 }
639 X509Extension proxyExtension =
640 - extensions.getExtension(X509Extensions.BasicConstraints);
641 + extensions.getExtension(X509Extension.basicConstraints);
642 if (proxyExtension != null) {
643 BasicConstraints basicExt =
644 getBasicConstraints(proxyExtension);
645 @@ -310,7 +312,7 @@
646 X509Extension ext = null;
647
648 if (extensions != null) {
649 - ext = extensions.getExtension(X509Extensions.BasicConstraints);
650 + ext = extensions.getExtension(X509Extension.basicConstraints);
651 if (ext != null) {
652 BasicConstraints basicExt = getBasicConstraints(ext);
653 if (basicExt.isCA()) {
654 @@ -322,11 +324,11 @@
655 GSIConstants.CertificateType type = GSIConstants.CertificateType.EEC;
656
657 // does not handle multiple AVAs
658 - X509Name subject = crt.getSubject();
659 + X500Name subject = crt.getSubject();
660
661 ASN1Set entry = X509NameHelper.getLastNameEntry(subject);
662 ASN1Sequence ava = (ASN1Sequence) entry.getObjectAt(0);
663 - if (X509Name.CN.equals(ava.getObjectAt(0))) {
664 + if (BCStyle.CN.equals(ava.getObjectAt(0))) {
665 type = processCN(extensions, type, ava);
666 }
667
668 @@ -336,7 +338,7 @@
669 private static GSIConstants.CertificateType processCN(
670 X509Extensions extensions, GSIConstants.CertificateType type, ASN1Sequence ava) throws CertificateException {
671 X509Extension ext;
672 - String value = ((DERString) ava.getObjectAt(1)).getString();
673 + String value = ((ASN1String) ava.getObjectAt(1)).getString();
674 GSIConstants.CertificateType certType = type;
675 if (value.equalsIgnoreCase("proxy")) {
676 certType = GSIConstants.CertificateType.GSI_2_PROXY;
677 @@ -431,7 +433,7 @@
678 * @return the DERObject.
679 * @throws IOException if conversion fails
680 */
681 - public static DERObject toDERObject(byte[] data)
682 + public static ASN1Primitive toASN1Primitive(byte[] data)
683 throws IOException {
684 ByteArrayInputStream inStream = new ByteArrayInputStream(data);
685 ASN1InputStream derInputStream = new ASN1InputStream(inStream);
686 @@ -450,7 +452,7 @@
687 public static TBSCertificateStructure getTBSCertificateStructure(
688 X509Certificate cert)
689 throws CertificateEncodingException, IOException {
690 - DERObject obj = toDERObject(cert.getTBSCertificate());
691 + ASN1Primitive obj = toASN1Primitive(cert.getTBSCertificate());
692 return TBSCertificateStructure.getInstance(obj);
693 }
694
695 @@ -461,7 +463,7 @@
696 return new boolean[0];
697 }
698 X509Extension extension =
699 - extensions.getExtension(X509Extensions.KeyUsage);
700 + extensions.getExtension(X509Extension.keyUsage);
701 return (extension != null) ? getKeyUsage(extension) : new boolean[0];
702 }
703
704 @@ -494,9 +496,9 @@
705 * @param ext the certificate extension to extract the value from.
706 * @throws IOException if extraction fails.
707 */
708 - public static DERObject getExtensionObject(X509Extension ext)
709 + public static ASN1Primitive getExtensionObject(X509Extension ext)
710 throws IOException {
711 - return toDERObject(ext.getValue().getOctets());
712 + return toASN1Primitive(ext.getValue().getOctets());
713 }
714
715 /**
716 diff -ur JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/test/java/org/globus/gsi/bc/BouncyCastleCertProcessingFactoryTest.java JGlobus-jglobus-2.0.6/ssl-proxies/src/test/java/org/globus/gsi/bc/BouncyCastleCertProcessingFactoryTest.java
717 --- JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/test/java/org/globus/gsi/bc/BouncyCastleCertProcessingFactoryTest.java 2013-08-13 05:53:37.000000000 +0200
718 +++ JGlobus-jglobus-2.0.6/ssl-proxies/src/test/java/org/globus/gsi/bc/BouncyCastleCertProcessingFactoryTest.java 2013-08-14 22:44:40.971763313 +0200
719 @@ -26,6 +26,11 @@
720 import org.globus.gsi.proxy.ext.ProxyCertInfo;
721 import org.globus.gsi.proxy.ext.ProxyCertInfoExtension;
722
723 +import org.bouncycastle.asn1.ASN1Boolean;
724 +import org.bouncycastle.asn1.ASN1Encodable;
725 +import org.bouncycastle.asn1.ASN1Integer;
726 +import org.bouncycastle.asn1.DERBoolean;
727 +import org.bouncycastle.asn1.DERSequence;
728 import org.bouncycastle.asn1.x509.BasicConstraints;
729 import org.bouncycastle.asn1.x509.X509Extensions;
730
731 @@ -88,9 +93,10 @@
732 X509ExtensionSet extSet = new X509ExtensionSet();
733 ext = new X509Extension(oid, critical, expectedValue.getBytes());
734 extSet.add(ext);
735 -
736 - BasicConstraints constraints = new BasicConstraints(false, 15);
737 - ext = new BouncyCastleX509Extension(X509Extensions.BasicConstraints.getId(),
738 +
739 + DERSequence seq = new DERSequence(new ASN1Encodable[] { DERBoolean.FALSE, new ASN1Integer(15) });
740 + BasicConstraints constraints = BasicConstraints.getInstance(seq);
741 + ext = new BouncyCastleX509Extension(org.bouncycastle.asn1.x509.X509Extension.basicConstraints.getId(),
742 false, constraints);
743 extSet.add(ext);
744
745 diff -ur JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/test/java/org/globus/gsi/proxy/ext/ProxyCertInfoTest.java JGlobus-jglobus-2.0.6/ssl-proxies/src/test/java/org/globus/gsi/proxy/ext/ProxyCertInfoTest.java
746 --- JGlobus-jglobus-2.0.6.orig/ssl-proxies/src/test/java/org/globus/gsi/proxy/ext/ProxyCertInfoTest.java 2013-08-13 05:53:37.000000000 +0200
747 +++ JGlobus-jglobus-2.0.6/ssl-proxies/src/test/java/org/globus/gsi/proxy/ext/ProxyCertInfoTest.java 2013-08-14 22:44:40.971763313 +0200
748 @@ -24,7 +24,7 @@
749
750 import org.bouncycastle.asn1.DERObjectIdentifier;
751 import org.bouncycastle.asn1.DEROutputStream;
752 -import org.bouncycastle.asn1.DERObject;
753 +import org.bouncycastle.asn1.ASN1Primitive;
754 import org.bouncycastle.asn1.ASN1Sequence;
755
756 import junit.framework.TestCase;
757 @@ -63,7 +63,7 @@
758 ByteArrayInputStream bIn =
759 new ByteArrayInputStream(bOut.toByteArray());
760 ASN1InputStream dIn = new ASN1InputStream(bIn);
761 - DERObject obj = dIn.readObject();
762 + ASN1Primitive obj = dIn.readObject();
763
764 assertTrue(obj instanceof ASN1Sequence);
765
766 @@ -112,7 +112,7 @@
767 ByteArrayInputStream bIn =
768 new ByteArrayInputStream(bOut.toByteArray());
769 ASN1InputStream dIn = new ASN1InputStream(bIn);
770 - DERObject obj = dIn.readObject();
771 + ASN1Primitive obj = dIn.readObject();
772
773 ProxyCertInfo testInfo = new ProxyCertInfo((ASN1Sequence)obj);
774
+2
-2
debian/patches/series less more
1111 # Fix javadoc warnings
1212 jglobus-doc.patch
1313
14 # Port to bouncycastle 1.49 - backport from upstream git
15 jglobus-bc149.patch
14 # Port to bouncycastle 1.47 - backport from upstream git
15 jglobus-bc147.patch