jradius-18; Updating BouncyCastle to v.1.56 (2016) from v.1.44 (2009)

extended/pom.xml

@@ -30,8 +30,8 @@
 
     <dependency>
       <groupId>org.bouncycastle</groupId>
-      <artifactId>bcprov-jdk15</artifactId>
-      <version>1.44</version>
+      <artifactId>bcprov-jdk15on</artifactId>
+      <version>1.56</version>
     </dependency>
 
   </dependencies>

extended/src/main/java/net/jradius/client/auth/EAPTLSAuthenticator.java

@@ -46,22 +46,22 @@
 import net.jradius.tls.DefaultTlsClient;
 import net.jradius.tls.TlsProtocolHandler;
 import net.jradius.util.KeyStoreUtil;
+import org.bouncycastle.asn1.ASN1Encodable;
 
 import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.ASN1Object;
+import org.bouncycastle.asn1.ASN1Integer;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DEREncodable;
-import org.bouncycastle.asn1.DERInteger;
-import org.bouncycastle.asn1.DERObject;
-import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.ASN1TaggedObject;
 import org.bouncycastle.asn1.nist.NISTNamedCurves;
 import org.bouncycastle.asn1.oiw.ElGamalParameter;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.DHParameter;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
 import org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure;
-import org.bouncycastle.asn1.sec.ECPrivateKeyStructure;
+import org.bouncycastle.asn1.sec.ECPrivateKey;
 import org.bouncycastle.asn1.sec.SECNamedCurves;
 import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
@@ -172,7 +172,7 @@ else if (getCaFile() != null)
 					{
 			            ByteArrayInputStream bis = new ByteArrayInputStream(cert.getEncoded());
 			            ASN1InputStream ais = new ASN1InputStream(bis);
-			            DERObject o = ais.readObject();
+			            ASN1Primitive o = ais.readObject();
 			            tmp.addElement(X509CertificateStructure.getInstance(o));
 			            if (bis.available() > 0)
 			            {
@@ -561,8 +561,8 @@ public static AsymmetricKeyParameter createKey(
         throws IOException
     {
         return createKey(
-            PrivateKeyInfo.getInstance(
-                ASN1Object.fromByteArray(privateKeyInfoData)));
+            PrivateKeyInfo.getInstance(ASN1TaggedObject.fromByteArray(privateKeyInfoData))
+        );
     }
 
     /**
@@ -592,9 +592,8 @@ public static AsymmetricKeyParameter createKey(
         PrivateKeyInfo    keyInfo)
         throws IOException
     {
-        AlgorithmIdentifier     algId = keyInfo.getAlgorithmId();
-
-        if (algId.getObjectId().equals(PKCSObjectIdentifiers.rsaEncryption))
+        AlgorithmIdentifier     algId = keyInfo.getPrivateKeyAlgorithm();
+        if (algId.getAlgorithm().equals(PKCSObjectIdentifiers.rsaEncryption))
         {
             RSAPrivateKeyStructure  keyStructure = new RSAPrivateKeyStructure((ASN1Sequence)keyInfo.getPrivateKey());
 
@@ -608,46 +607,45 @@ public static AsymmetricKeyParameter createKey(
                                         keyStructure.getExponent2(),
                                         keyStructure.getCoefficient());
         }
-        else if (algId.getObjectId().equals(PKCSObjectIdentifiers.dhKeyAgreement))
+        else if (algId.getAlgorithm().equals(PKCSObjectIdentifiers.dhKeyAgreement))
         {
-            DHParameter     params = new DHParameter((ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
-            DERInteger      derX = (DERInteger)keyInfo.getPrivateKey();
+            DHParameter     params = DHParameter.getInstance(keyInfo.getPrivateKeyAlgorithm().getParameters());
+            ASN1Integer      derX = (ASN1Integer)keyInfo.parsePrivateKey();
 
             BigInteger lVal = params.getL();
             int l = lVal == null ? 0 : lVal.intValue();
             DHParameters dhParams = new DHParameters(params.getP(), params.getG(), null, l);
 
             return new DHPrivateKeyParameters(derX.getValue(), dhParams);
         }
-        else if (algId.getObjectId().equals(OIWObjectIdentifiers.elGamalAlgorithm))
+        else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm))
         {
-            ElGamalParameter    params = new ElGamalParameter((ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
-            DERInteger          derX = (DERInteger)keyInfo.getPrivateKey();
+            ElGamalParameter    params = ElGamalParameter.getInstance(keyInfo.getPrivateKeyAlgorithm().getParameters());
+            ASN1Integer          derX = (ASN1Integer)keyInfo.parsePrivateKey();
 
             return new ElGamalPrivateKeyParameters(derX.getValue(), new ElGamalParameters(params.getP(), params.getG()));
         }
-        else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_dsa))
+        else if (algId.getAlgorithm().equals(X9ObjectIdentifiers.id_dsa))
         {
-            DERInteger derX = (DERInteger)keyInfo.getPrivateKey();
-            DEREncodable de = keyInfo.getAlgorithmId().getParameters();
+            ASN1Integer          derX = (ASN1Integer)keyInfo.parsePrivateKey();
+            ASN1Encodable de = keyInfo.getPrivateKeyAlgorithm().getParameters();
 
             DSAParameters parameters = null;
             if (de != null)
             {
-                DSAParameter params = DSAParameter.getInstance(de.getDERObject());
+                DSAParameter params = DSAParameter.getInstance(de);
                 parameters = new DSAParameters(params.getP(), params.getQ(), params.getG());
             }
 
             return new DSAPrivateKeyParameters(derX.getValue(), parameters);
         }
-        else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_ecPublicKey))
+        else if (algId.getAlgorithm().equals(X9ObjectIdentifiers.id_ecPublicKey))
         {
-            X962Parameters      params = new X962Parameters((DERObject)keyInfo.getAlgorithmId().getParameters());
+            X962Parameters      params = X962Parameters.getInstance(keyInfo.getPrivateKeyAlgorithm().getParameters());
             ECDomainParameters  dParams = null;
-
             if (params.isNamedCurve())
             {
-                DERObjectIdentifier oid = (DERObjectIdentifier)params.getParameters();
+                ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) params.getParameters();
                 X9ECParameters      ecP = X962NamedCurves.getByOID(oid);
 
                 if (ecP == null)
@@ -674,17 +672,15 @@ else if (algId.getObjectId().equals(X9ObjectIdentifiers.id_ecPublicKey))
             }
             else
             {
-                X9ECParameters ecP = new X9ECParameters(
-                            (ASN1Sequence)params.getParameters());
+                X9ECParameters ecP = X9ECParameters.getInstance(params.getParameters());
                 dParams = new ECDomainParameters(
                                             ecP.getCurve(),
                                             ecP.getG(),
                                             ecP.getN(),
                                             ecP.getH(),
                                             ecP.getSeed());
             }
-
-            ECPrivateKeyStructure   ec = new ECPrivateKeyStructure((ASN1Sequence)keyInfo.getPrivateKey());
+            ECPrivateKey ec = ECPrivateKey.getInstance(keyInfo.getPrivateKeyAlgorithm());
 
             return new ECPrivateKeyParameters(ec.getKey(), dParams);
         }

extended/src/main/java/net/jradius/client/gui/JRadiusSimulator.java

@@ -40,6 +40,7 @@
 import java.net.ConnectException;
 import java.net.InetAddress;
 import java.net.URL;
+import java.security.Security;
 import java.text.DecimalFormat;
 import java.text.NumberFormat;
 import java.util.ArrayList;
@@ -121,6 +122,7 @@
 import net.jradius.util.Base64;
 import net.jradius.util.KeyStoreUtil;
 import net.jradius.util.RadiusRandom;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
 
 /**
  * Java Swing Graphical User Interface for the JRadius RADIUS Client.
@@ -243,7 +245,7 @@ public class JRadiusSimulator extends JFrame
     public JRadiusSimulator() {
         super();
 
- //       Security.addProvider(new BouncyCastleProvider());
+        Security.addProvider(new BouncyCastleProvider());
         String version = System.getProperty("java.version");
         if (version.startsWith("1.4")) 
         {

extended/src/main/java/net/jradius/tls/Certificate.java

@@ -6,9 +6,8 @@
 import java.io.OutputStream;
 import java.util.Vector;
 
-import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1InputStream;
-import org.bouncycastle.asn1.DERObject;
+import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.x509.X509CertificateStructure;
 
 /**
@@ -41,7 +40,7 @@ public static Certificate parse(InputStream is) throws IOException
             TlsUtils.readFully(buf, is);
             ByteArrayInputStream bis = new ByteArrayInputStream(buf);
             ASN1InputStream ais = new ASN1InputStream(bis);
-            DERObject o = ais.readObject();
+            ASN1Primitive o = ais.readObject();
             tmp.addElement(X509CertificateStructure.getInstance(o));
             if (bis.available() > 0)
             {
@@ -69,7 +68,7 @@ protected void encode(OutputStream os) throws IOException
         int totalSize = 0;
         for (int i = 0; i < this.certs.length; ++i)
         {
-            byte[] encCert = certs[i].getEncoded(ASN1Encodable.DER);
+            byte[] encCert = certs[i].getEncoded();
             encCerts.addElement(encCert);
             totalSize += encCert.length + 3;
         }

extended/src/main/java/net/jradius/tls/TlsDHKeyExchange.java

@@ -4,7 +4,6 @@
 import java.io.InputStream;
 import java.math.BigInteger;
 
-import org.bouncycastle.asn1.DERBitString;
 import org.bouncycastle.asn1.x509.KeyUsage;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.asn1.x509.X509CertificateStructure;
@@ -242,7 +241,7 @@ private void validateKeyUsage(X509CertificateStructure c, int keyUsageBits) thro
             X509Extension ext = exts.getExtension(X509Extensions.KeyUsage);
             if (ext != null)
             {
-                DERBitString ku = KeyUsage.getInstance(ext);
+                KeyUsage ku = KeyUsage.getInstance(ext);
                 int bits = ku.getBytes()[0] & 0xff;
                 if ((bits & keyUsageBits) != keyUsageBits)
                 {

extended/src/main/java/net/jradius/tls/TlsDSSSigner.java

@@ -2,11 +2,11 @@
 
 import org.bouncycastle.crypto.CryptoException;
 import org.bouncycastle.crypto.Signer;
+import org.bouncycastle.crypto.digests.NullDigest;
 import org.bouncycastle.crypto.digests.SHA1Digest;
 import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
 import org.bouncycastle.crypto.signers.DSADigestSigner;
 import org.bouncycastle.crypto.signers.DSASigner;
-import org.bouncycastle.jce.provider.util.NullDigest;
 
 class TlsDSSSigner implements TlsSigner
 {

extended/src/main/java/net/jradius/tls/TlsProtocolHandler.java

@@ -14,6 +14,7 @@
 import javax.net.ssl.TrustManager;
 
 import org.bouncycastle.asn1.ASN1Object;
+import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.x509.X509Name;
 import org.bouncycastle.crypto.prng.ThreadedSeedGenerator;
 
@@ -578,7 +579,7 @@ private void processHandshakeMessage(short type, byte[] buf) throws IOException
                         while (bis.available() > 0)
                         {
                             byte[] dnBytes = TlsUtils.readOpaque16(bis);
-                            authorityDNs.add(X509Name.getInstance(ASN1Object.fromByteArray(dnBytes)));
+                            authorityDNs.add(X509Name.getInstance(ASN1Primitive.fromByteArray(dnBytes)));
                         }
 
                         this.tlsClient.processServerCertificateRequest(types, authorityDNs);

extended/src/main/java/net/jradius/tls/TlsRSAKeyExchange.java

@@ -141,7 +141,7 @@ private void validateKeyUsage(X509CertificateStructure c, int keyUsageBits) thro
             X509Extension ext = exts.getExtension(X509Extensions.KeyUsage);
             if (ext != null)
             {
-                DERBitString ku = KeyUsage.getInstance(ext);
+                KeyUsage ku = KeyUsage.getInstance(ext);
                 int bits = ku.getBytes()[0] & 0xff;
                 if ((bits & keyUsageBits) != keyUsageBits)
                 {

extended/src/main/java/net/jradius/tls/TlsRSASigner.java

@@ -2,11 +2,11 @@
 
 import org.bouncycastle.crypto.CryptoException;
 import org.bouncycastle.crypto.Signer;
+import org.bouncycastle.crypto.digests.NullDigest;
 import org.bouncycastle.crypto.encodings.PKCS1Encoding;
 import org.bouncycastle.crypto.engines.RSABlindedEngine;
 import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
 import org.bouncycastle.crypto.signers.GenericSigner;
-import org.bouncycastle.jce.provider.util.NullDigest;
 
 class TlsRSASigner implements TlsSigner
 {

extended/src/main/java/net/jradius/tls/TlsSRPKeyExchange.java

@@ -225,7 +225,7 @@ private void validateKeyUsage(X509CertificateStructure c, int keyUsageBits) thro
             X509Extension ext = exts.getExtension(X509Extensions.KeyUsage);
             if (ext != null)
             {
-                DERBitString ku = KeyUsage.getInstance(ext);
+                KeyUsage ku = KeyUsage.getInstance(ext);
                 int bits = ku.getBytes()[0] & 0xff;
                 if ((bits & keyUsageBits) != keyUsageBits)
                 {

extended/src/main/java/net/jradius/util/KeyStoreUtil.java

@@ -36,8 +36,7 @@
 import javax.net.ssl.X509TrustManager;
 
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.openssl.PEMReader;
-import org.bouncycastle.openssl.PasswordFinder;
+import org.bouncycastle.util.io.pem.PemReader;
 
 public class KeyStoreUtil 
 {
@@ -57,15 +56,11 @@ public static KeyManager[] loadKeyManager(String type, InputStream in, String pa
 
 		if (type.equalsIgnoreCase("pem"))
 		{
-			PEMReader pemReader = new PEMReader(new InputStreamReader(in), new PasswordFinder() {
-				public char[] getPassword() {
-					return pwd;
-				}
-			});
+			PemReader pemReader = new PemReader(new InputStreamReader(in));
 
 			Object obj, keyObj=null, certObj=null, keyPair=null;
 
-			while ((obj = pemReader.readObject()) != null)
+			while ((obj = pemReader.readPemObject()) != null)
 			{
 				if (obj instanceof X509Certificate) certObj = obj;
 				else if (obj instanceof PrivateKey) keyObj = obj;
@@ -141,14 +136,10 @@ public static X509Certificate loadCertificateFromPEM(InputStream in, final char[
 	{
 		loadBC();
 
-        PEMReader pemReader = new PEMReader(new InputStreamReader(in), new PasswordFinder() {
-			public char[] getPassword() {
-				return pwd;
-			}
-		});
+        PemReader pemReader = new PemReader(new InputStreamReader(in));
 
 		Object obj;
-		while ((obj = pemReader.readObject()) != null)
+		while ((obj = pemReader.readPemObject()) != null)
 		{
 			if (obj instanceof X509Certificate)
 			{