Репозитории ALT
S: | 2.1.7-alt7_41jpp11 |
5.1: | 1.4-alt1_3jpp5 |
4.1: | 1.4.8-alt1_0.2jpp1.7 |
4.0: | 1.4.8-alt1_0.2jpp1.7 |
Группа :: Разработка/Прочее
Пакет: itext
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: itext-2.1.7-bouncycastle1.52.patch
Скачать
Скачать
diff -Nru itext-2.1.7/src/core/com/lowagie/text/pdf/OcspClientBouncyCastle.java itext-2.1.7.bouncycastle/src/core/com/lowagie/text/pdf/OcspClientBouncyCastle.java
--- itext-2.1.7/src/core/com/lowagie/text/pdf/OcspClientBouncyCastle.java 2009-06-09 10:31:05.000000000 +0200
+++ itext-2.1.7.bouncycastle/src/core/com/lowagie/text/pdf/OcspClientBouncyCastle.java 2015-06-28 03:29:55.209352087 +0200
@@ -59,20 +59,29 @@
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.Security;
+import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Vector;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x509.Extension;
+import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.ocsp.BasicOCSPResp;
-import org.bouncycastle.ocsp.CertificateID;
-import org.bouncycastle.ocsp.CertificateStatus;
-import org.bouncycastle.ocsp.OCSPException;
-import org.bouncycastle.ocsp.OCSPReq;
-import org.bouncycastle.ocsp.OCSPReqGenerator;
-import org.bouncycastle.ocsp.OCSPResp;
-import org.bouncycastle.ocsp.SingleResp;
+import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
+import org.bouncycastle.cert.ocsp.BasicOCSPResp;
+import org.bouncycastle.cert.ocsp.CertificateID;
+import org.bouncycastle.cert.ocsp.CertificateStatus;
+import org.bouncycastle.cert.ocsp.OCSPException;
+import org.bouncycastle.cert.ocsp.OCSPReq;
+import org.bouncycastle.cert.ocsp.OCSPReqBuilder;
+import org.bouncycastle.cert.ocsp.OCSPResp;
+import org.bouncycastle.cert.ocsp.SingleResp;
+import org.bouncycastle.operator.DigestCalculator;
+import org.bouncycastle.operator.DigestCalculatorProvider;
+import org.bouncycastle.operator.OperatorException;
+import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
/**
* OcspClient implementation using BouncyCastle.
@@ -107,28 +116,26 @@
* @throws OCSPException
* @throws IOException
*/
- private static OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws OCSPException, IOException {
+ private static OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws OCSPException, IOException, OperatorException, CertificateEncodingException {
//Add provider BC
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
+ JcaDigestCalculatorProviderBuilder digestCalculatorProviderBuilder = new JcaDigestCalculatorProviderBuilder();
+ DigestCalculatorProvider digestCalculatorProvider = digestCalculatorProviderBuilder.build();
+ DigestCalculator digestCalculator = digestCalculatorProvider.get(CertificateID.HASH_SHA1);
// Generate the id for the certificate we are looking for
- CertificateID id = new CertificateID(CertificateID.HASH_SHA1, issuerCert, serialNumber);
+ CertificateID id = new CertificateID(digestCalculator, new JcaX509CertificateHolder(issuerCert), serialNumber);
// basic request generation with nonce
- OCSPReqGenerator gen = new OCSPReqGenerator();
+ OCSPReqBuilder gen = new OCSPReqBuilder();
gen.addRequest(id);
// create details for nonce extension
- Vector oids = new Vector();
- Vector values = new Vector();
+ Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(new DEROctetString(PdfEncryption.createDocumentId()).getEncoded()));
+ gen.setRequestExtensions(new Extensions(new Extension[]{ext}));
- oids.add(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
- values.add(new X509Extension(false, new DEROctetString(new DEROctetString(PdfEncryption.createDocumentId()).getEncoded())));
-
- gen.setRequestExtensions(new X509Extensions(oids, values));
-
- return gen.generate();
+ return gen.build();
}
/**
@@ -167,7 +174,7 @@
if (status == CertificateStatus.GOOD) {
return basicResponse.getEncoded();
}
- else if (status instanceof org.bouncycastle.ocsp.RevokedStatus) {
+ else if (status instanceof org.bouncycastle.cert.ocsp.RevokedStatus) {
throw new IOException("OCSP Status is revoked!");
}
else {
diff -Nru itext-2.1.7/src/core/com/lowagie/text/pdf/PdfPKCS7.java itext-2.1.7.bouncycastle/src/core/com/lowagie/text/pdf/PdfPKCS7.java
--- itext-2.1.7/src/core/com/lowagie/text/pdf/PdfPKCS7.java 2015-06-28 03:29:57.603235703 +0200
+++ itext-2.1.7.bouncycastle/src/core/com/lowagie/text/pdf/PdfPKCS7.java 2015-06-28 03:18:52.706561173 +0200
@@ -113,9 +113,12 @@
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.cms.SignerInformationVerifier;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
-import org.bouncycastle.ocsp.BasicOCSPResp;
-import org.bouncycastle.ocsp.CertificateID;
-import org.bouncycastle.ocsp.SingleResp;
+import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
+import org.bouncycastle.cert.ocsp.BasicOCSPResp;
+import org.bouncycastle.cert.ocsp.CertificateID;
+import org.bouncycastle.cert.ocsp.SingleResp;
+import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
+import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.tsp.TimeStampToken;
/**
@@ -903,7 +906,7 @@
if (!keystore.isCertificateEntry(alias))
continue;
X509Certificate certStoreX509 = (X509Certificate)keystore.getCertificate(alias);
- if (ocsp.verify(certStoreX509.getPublicKey(), provider))
+ if (ocsp.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(provider).build(certStoreX509.getPublicKey())))
return true;
}
catch (Exception ex) {
@@ -997,7 +1000,8 @@
CertificateID cid = sr.getCertID();
X509Certificate sigcer = getSigningCertificate();
X509Certificate isscer = cs[1];
- CertificateID tis = new CertificateID(CertificateID.HASH_SHA1, isscer, sigcer.getSerialNumber());
+ CertificateID tis = new CertificateID(
+ new JcaDigestCalculatorProviderBuilder().build().get(CertificateID.HASH_SHA1), new JcaX509CertificateHolder(isscer), sigcer.getSerialNumber());
return tis.equals(cid);
}
catch (Exception ex) {