Commit 81d23401 authored by Dele Olajide's avatar Dele Olajide

Upgrade bouncycstle from 1.50 to 1.51

parent b41dc3f6
......@@ -3,9 +3,9 @@ Name | Version
ant.jar | Jetty 6.1.0 (1.6.5) | Apache 2.0
ant-contrib.jar | 1.0b1 | Apache 2.0
ant-subdirtask.jar | Revision 1.4 (CVS) |
bcpg-jdk15on.jar | 1.50 | See http://www.bouncycastle.org/licence.html
bcpkix-jdk15on.jar | 1.50 | See http://www.bouncycastle.org/licence.html
bcprov-jdk15on.jar | 1.50 | See http://www.bouncycastle.org/licence.html
bcpg-jdk15on.jar | 1.51 | See http://www.bouncycastle.org/licence.html
bcpkix-jdk15on.jar | 1.51 | See http://www.bouncycastle.org/licence.html
bcprov-jdk15on.jar | 1.51 | See http://www.bouncycastle.org/licence.html
cglib.jar | 2.1.3 (JMock 2.1.0) |
commons-lang.jar | 2.3 | Apache 2.0
commons-logging.jar | Jetty 5.1.10 | Apache 2.0
......
......@@ -32,6 +32,7 @@ import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
......@@ -40,13 +41,17 @@ import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.ocsp.BasicOCSPResp;
import org.bouncycastle.ocsp.CertificateID;
import org.bouncycastle.ocsp.CertificateStatus;
import org.bouncycastle.ocsp.OCSPReq;
import org.bouncycastle.ocsp.OCSPReqGenerator;
import org.bouncycastle.ocsp.OCSPResp;
import org.bouncycastle.ocsp.SingleResp;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.CertificateID;
import org.bouncycastle.cert.ocsp.CertificateStatus;
import org.bouncycastle.cert.ocsp.OCSPReq;
import org.bouncycastle.cert.ocsp.OCSPReqBuilder;
import org.bouncycastle.cert.ocsp.OCSPResp;
import org.bouncycastle.cert.ocsp.SingleResp;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.jivesoftware.util.JiveGlobals;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
......@@ -218,11 +223,11 @@ public class OCSPChecker extends PKIXCertPathChecker {
}
// Construct an OCSP Request
OCSPReqGenerator gen = new OCSPReqGenerator();
OCSPReqBuilder gen = new OCSPReqBuilder();
CertificateID certID = new CertificateID(CertificateID.HASH_SHA1, issuerCert, currCert.getSerialNumber());
CertificateID certID = new CertificateID(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build().get(CertificateID.HASH_SHA1), new X509CertificateHolder(issuerCert.getEncoded()), currCert.getSerialNumber());
gen.addRequest(certID);
OCSPReq ocspRequest = gen.generate();
OCSPReq ocspRequest = gen.build();
URL url;
......@@ -261,10 +266,10 @@ public class OCSPChecker extends PKIXCertPathChecker {
BigInteger serialNumber = currCert.getSerialNumber();
BasicOCSPResp brep = (BasicOCSPResp) ocspResponse.getResponseObject();
try {
if( ! brep.verify(responderCert.getPublicKey(),"BC")) {
if( ! brep.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider("BC").build(responderCert.getPublicKey()))) {
throw new CertPathValidatorException("OCSP response is not verified");
}
} catch (NoSuchProviderException e) {
} catch (Exception e) {
throw new CertPathValidatorException("OCSP response could not be verified ("+e.getMessage()+")" ,null, cp, certIndex);
}
SingleResp[] singleResp = brep.getResponses();
......@@ -278,11 +283,11 @@ public class OCSPChecker extends PKIXCertPathChecker {
serialNumber.toString() + ") is: good");
foundResponse = true;
break;
} else if (status instanceof org.bouncycastle.ocsp.RevokedStatus) {
} else if (status instanceof org.bouncycastle.cert.ocsp.RevokedStatus) {
Log.debug("OCSPChecker: Status of certificate (with serial number " +
serialNumber.toString() + ") is: revoked");
throw new CertPathValidatorException("Certificate has been revoked", null, cp, certIndex);
} else if (status instanceof org.bouncycastle.ocsp.UnknownStatus) {
} else if (status instanceof org.bouncycastle.cert.ocsp.UnknownStatus) {
Log.debug("OCSPChecker: Status of certificate (with serial number " +
serialNumber.toString() + ") is: unknown");
throw new CertPathValidatorException("Certificate's revocation status is unknown", null, cp, certIndex);
......
......@@ -72,6 +72,7 @@ import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROutputStream;
import org.bouncycastle.asn1.ASN1Sequence;
......@@ -386,7 +387,7 @@ public class CertificateManager {
ASN1Sequence otherNameSeq = (ASN1Sequence) decoder.readObject();
// Check the object identifier
DERObjectIdentifier objectId = (DERObjectIdentifier) otherNameSeq.getObjectAt(0);
ASN1ObjectIdentifier objectId = (ASN1ObjectIdentifier) otherNameSeq.getObjectAt(0);
Log.debug("Parsing otherName for subject alternative names: " + objectId.toString() );
if ( !OTHERNAME_XMPP_OID.equals(objectId.getId())) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment