Репозиторий Sisyphus
Последнее обновление: 1 октября 2023 | Пакетов: 18631 | Посещений: 37736291
en ru br
Репозитории ALT
S:2.1.7-alt7_41jpp11
5.1: 1.4-alt1_3jpp5
4.1: 1.4.8-alt1_0.2jpp1.7
4.0: 1.4.8-alt1_0.2jpp1.7
www.altlinux.org/Changes

Группа :: Разработка/Прочее
Пакет: itext

 Главная   Изменения   Спек   Патчи   Sources   Загрузить   Gear   Bugs and FR  Repocop 

Патч: itext-2.1.7-bouncycastle1.52.patch
Скачать

diff -Nru itext-2.1.7/src/core/com/lowagie/text/pdf/OcspClientBouncyCastle.java itext-2.1.7.bouncycastle/src/core/com/lowagie/text/pdf/OcspClientBouncyCastle.java
--- itext-2.1.7/src/core/com/lowagie/text/pdf/OcspClientBouncyCastle.java	2009-06-09 10:31:05.000000000 +0200
+++ itext-2.1.7.bouncycastle/src/core/com/lowagie/text/pdf/OcspClientBouncyCastle.java	2015-06-28 03:29:55.209352087 +0200
@@ -59,20 +59,29 @@
 import java.net.HttpURLConnection;

 import java.net.URL;

 import java.security.Security;

+import java.security.cert.CertificateEncodingException;

 import java.security.cert.X509Certificate;

 import java.util.Vector;

 import org.bouncycastle.asn1.DEROctetString;

 import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;

+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;

+import org.bouncycastle.asn1.x509.Extension;

+import org.bouncycastle.asn1.x509.Extensions;

 import org.bouncycastle.asn1.x509.X509Extension;

 import org.bouncycastle.asn1.x509.X509Extensions;

-import org.bouncycastle.ocsp.BasicOCSPResp;

-import org.bouncycastle.ocsp.CertificateID;

-import org.bouncycastle.ocsp.CertificateStatus;

-import org.bouncycastle.ocsp.OCSPException;

-import org.bouncycastle.ocsp.OCSPReq;

-import org.bouncycastle.ocsp.OCSPReqGenerator;

-import org.bouncycastle.ocsp.OCSPResp;

-import org.bouncycastle.ocsp.SingleResp;

+import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;

+import org.bouncycastle.cert.ocsp.BasicOCSPResp;

+import org.bouncycastle.cert.ocsp.CertificateID;

+import org.bouncycastle.cert.ocsp.CertificateStatus;

+import org.bouncycastle.cert.ocsp.OCSPException;

+import org.bouncycastle.cert.ocsp.OCSPReq;

+import org.bouncycastle.cert.ocsp.OCSPReqBuilder;

+import org.bouncycastle.cert.ocsp.OCSPResp;

+import org.bouncycastle.cert.ocsp.SingleResp;

+import org.bouncycastle.operator.DigestCalculator;

+import org.bouncycastle.operator.DigestCalculatorProvider;

+import org.bouncycastle.operator.OperatorException;

+import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;

 

 /**

  * OcspClient implementation using BouncyCastle.

@@ -107,28 +116,26 @@
      * @throws OCSPException

      * @throws IOException

      */

-    private static OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws OCSPException, IOException {

+    private static OCSPReq generateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) throws OCSPException, IOException, OperatorException, CertificateEncodingException {

         //Add provider BC

         Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());

         

+        JcaDigestCalculatorProviderBuilder digestCalculatorProviderBuilder = new JcaDigestCalculatorProviderBuilder();

+        DigestCalculatorProvider digestCalculatorProvider = digestCalculatorProviderBuilder.build();

+        DigestCalculator digestCalculator = digestCalculatorProvider.get(CertificateID.HASH_SHA1);

         // Generate the id for the certificate we are looking for

-        CertificateID id = new CertificateID(CertificateID.HASH_SHA1, issuerCert, serialNumber);

+        CertificateID id = new CertificateID(digestCalculator, new JcaX509CertificateHolder(issuerCert), serialNumber);

         

         // basic request generation with nonce

-        OCSPReqGenerator gen = new OCSPReqGenerator();

+        OCSPReqBuilder gen = new OCSPReqBuilder();

         

         gen.addRequest(id);

         

         // create details for nonce extension

-        Vector oids = new Vector();

-        Vector values = new Vector();

+        Extension ext = new Extension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce, false, new DEROctetString(new DEROctetString(PdfEncryption.createDocumentId()).getEncoded()));

+        gen.setRequestExtensions(new Extensions(new Extension[]{ext}));

         

-        oids.add(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);

-        values.add(new X509Extension(false, new DEROctetString(new DEROctetString(PdfEncryption.createDocumentId()).getEncoded())));

-        

-        gen.setRequestExtensions(new X509Extensions(oids, values));

-        

-        return gen.generate();

+        return gen.build();

     }

     

     /**

@@ -167,7 +174,7 @@
                     if (status == CertificateStatus.GOOD) {

                         return basicResponse.getEncoded();

                     }

-                    else if (status instanceof org.bouncycastle.ocsp.RevokedStatus) {

+                    else if (status instanceof org.bouncycastle.cert.ocsp.RevokedStatus) {

                         throw new IOException("OCSP Status is revoked!");

                     }

                     else {

diff -Nru itext-2.1.7/src/core/com/lowagie/text/pdf/PdfPKCS7.java itext-2.1.7.bouncycastle/src/core/com/lowagie/text/pdf/PdfPKCS7.java
--- itext-2.1.7/src/core/com/lowagie/text/pdf/PdfPKCS7.java	2015-06-28 03:29:57.603235703 +0200
+++ itext-2.1.7.bouncycastle/src/core/com/lowagie/text/pdf/PdfPKCS7.java	2015-06-28 03:18:52.706561173 +0200
@@ -113,9 +113,12 @@
 import org.bouncycastle.asn1.x509.X509Extensions;
 import org.bouncycastle.cms.SignerInformationVerifier;
 import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
-import org.bouncycastle.ocsp.BasicOCSPResp;
-import org.bouncycastle.ocsp.CertificateID;
-import org.bouncycastle.ocsp.SingleResp;
+import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
+import org.bouncycastle.cert.ocsp.BasicOCSPResp;
+import org.bouncycastle.cert.ocsp.CertificateID;
+import org.bouncycastle.cert.ocsp.SingleResp;
+import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
+import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
 import org.bouncycastle.tsp.TimeStampToken;
 
 /**
@@ -903,7 +906,7 @@
                     if (!keystore.isCertificateEntry(alias))
                         continue;
                     X509Certificate certStoreX509 = (X509Certificate)keystore.getCertificate(alias);
-                    if (ocsp.verify(certStoreX509.getPublicKey(), provider))
+                    if (ocsp.isSignatureValid(new JcaContentVerifierProviderBuilder().setProvider(provider).build(certStoreX509.getPublicKey())))
                         return true;
                 }
                 catch (Exception ex) {
@@ -997,7 +1000,8 @@
             CertificateID cid = sr.getCertID();
             X509Certificate sigcer = getSigningCertificate();
             X509Certificate isscer = cs[1];
-            CertificateID tis = new CertificateID(CertificateID.HASH_SHA1, isscer, sigcer.getSerialNumber());
+            CertificateID tis = new CertificateID(
+               new JcaDigestCalculatorProviderBuilder().build().get(CertificateID.HASH_SHA1), new JcaX509CertificateHolder(isscer), sigcer.getSerialNumber());
             return tis.equals(cid);
         }
         catch (Exception ex) {
 
дизайн и разработка: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
текущий майнтейнер: Michael Shigorin