BouncyCastleProvider.java revision 5db505e1f6a68c8d5dfdb0fed0b8607dea7bed96
1package org.bouncycastle.jce.provider; 2 3import java.io.IOException; 4import java.security.AccessController; 5import java.security.PrivateKey; 6import java.security.PrivilegedAction; 7import java.security.Provider; 8import java.security.PublicKey; 9import java.util.HashMap; 10import java.util.Map; 11 12import org.bouncycastle.asn1.ASN1ObjectIdentifier; 13import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; 14import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; 15import org.bouncycastle.jcajce.provider.config.ConfigurableProvider; 16import org.bouncycastle.jcajce.provider.config.ProviderConfiguration; 17import org.bouncycastle.jcajce.provider.util.AlgorithmProvider; 18import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter; 19 20/** 21 * To add the provider at runtime use: 22 * <pre> 23 * import java.security.Security; 24 * import org.bouncycastle.jce.provider.BouncyCastleProvider; 25 * 26 * Security.addProvider(new BouncyCastleProvider()); 27 * </pre> 28 * The provider can also be configured as part of your environment via 29 * static registration by adding an entry to the java.security properties 30 * file (found in $JAVA_HOME/jre/lib/security/java.security, where 31 * $JAVA_HOME is the location of your JDK/JRE distribution). You'll find 32 * detailed instructions in the file but basically it comes down to adding 33 * a line: 34 * <pre> 35 * <code> 36 * security.provider.<n>=org.bouncycastle.jce.provider.BouncyCastleProvider 37 * </code> 38 * </pre> 39 * Where <n> is the preference you want the provider at (1 being the 40 * most preferred). 41 * <p>Note: JCE algorithm names should be upper-case only so the case insensitive 42 * test for getInstance works. 43 */ 44public final class BouncyCastleProvider extends Provider 45 implements ConfigurableProvider 46{ 47 private static String info = "BouncyCastle Security Provider v1.50"; 48 49 public static final String PROVIDER_NAME = "BC"; 50 51 public static final ProviderConfiguration CONFIGURATION = new BouncyCastleProviderConfiguration(); 52 53 private static final Map keyInfoConverters = new HashMap(); 54 55 /* 56 * Configurable symmetric ciphers 57 */ 58 private static final String SYMMETRIC_PACKAGE = "org.bouncycastle.jcajce.provider.symmetric."; 59 60 private static final String[] SYMMETRIC_GENERIC = 61 { 62 "PBEPBKDF2", "PBEPKCS12" 63 }; 64 65 private static final String[] SYMMETRIC_MACS = 66 { 67 // BEGIN android-removed 68 // "SipHash" 69 // END android-removed 70 }; 71 72 private static final String[] SYMMETRIC_CIPHERS = 73 { 74 // BEGIN android-removed 75 // "AES", "ARC4", "Blowfish", "Camellia", "CAST5", "CAST6", "ChaCha", "DES", "DESede", 76 // "GOST28147", "Grainv1", "Grain128", "HC128", "HC256", "IDEA", "Noekeon", "RC2", "RC5", 77 // "RC6", "Rijndael", "Salsa20", "SEED", "Serpent", "Shacal2", "Skipjack", "TEA", "Twofish", "Threefish", 78 // "VMPC", "VMPCKSA3", "XTEA", "XSalsa20" 79 // END android-removed 80 // BEGIN android-added 81 "AES", "ARC4", "Blowfish", "DES", "DESede", "RC2", "Twofish", 82 // END android-added 83 }; 84 85 /* 86 * Configurable asymmetric ciphers 87 */ 88 private static final String ASYMMETRIC_PACKAGE = "org.bouncycastle.jcajce.provider.asymmetric."; 89 90 // this one is required for GNU class path - it needs to be loaded first as the 91 // later ones configure it. 92 private static final String[] ASYMMETRIC_GENERIC = 93 { 94 // BEGIN android-removed 95 // "X509", "IES" 96 // END android-removed 97 // BEGIN android-added 98 "X509" 99 // END android-added 100 }; 101 102 private static final String[] ASYMMETRIC_CIPHERS = 103 { 104 // BEGIN android-removed 105 // "DSA", "DH", "EC", "RSA", "GOST", "ECGOST", "ElGamal", "DSTU4145" 106 // END android-removed 107 // BEGIN android-added 108 "DSA", "DH", "EC", "RSA", 109 // END android-added 110 }; 111 112 /* 113 * Configurable digests 114 */ 115 private static final String DIGEST_PACKAGE = "org.bouncycastle.jcajce.provider.digest."; 116 private static final String[] DIGESTS = 117 { 118 // BEGIN android-removed 119 // "GOST3411", "MD2", "MD4", "MD5", "SHA1", "RIPEMD128", "RIPEMD160", "RIPEMD256", "RIPEMD320", "SHA224", "SHA256", "SHA384", "SHA512", "SHA3", "Skein", "SM3", "Tiger", "Whirlpool" 120 // END android-removed 121 // BEGIN android-added 122 "MD5", "SHA1", "SHA224", "SHA256", "SHA384", "SHA512", 123 // END android-added 124 }; 125 126 /* 127 * Configurable keystores 128 */ 129 private static final String KEYSTORE_PACKAGE = "org.bouncycastle.jcajce.provider.keystore."; 130 private static final String[] KEYSTORES = 131 { 132 "BC", "PKCS12" 133 }; 134 135 /** 136 * Construct a new provider. This should only be required when 137 * using runtime registration of the provider using the 138 * <code>Security.addProvider()</code> mechanism. 139 */ 140 public BouncyCastleProvider() 141 { 142 super(PROVIDER_NAME, 1.50, info); 143 144 AccessController.doPrivileged(new PrivilegedAction() 145 { 146 public Object run() 147 { 148 setup(); 149 return null; 150 } 151 }); 152 } 153 154 private void setup() 155 { 156 loadAlgorithms(DIGEST_PACKAGE, DIGESTS); 157 158 loadAlgorithms(SYMMETRIC_PACKAGE, SYMMETRIC_GENERIC); 159 160 loadAlgorithms(SYMMETRIC_PACKAGE, SYMMETRIC_MACS); 161 162 loadAlgorithms(SYMMETRIC_PACKAGE, SYMMETRIC_CIPHERS); 163 164 loadAlgorithms(ASYMMETRIC_PACKAGE, ASYMMETRIC_GENERIC); 165 166 loadAlgorithms(ASYMMETRIC_PACKAGE, ASYMMETRIC_CIPHERS); 167 168 loadAlgorithms(KEYSTORE_PACKAGE, KEYSTORES); 169 170 // BEGIN android-removed 171 // // 172 // // X509Store 173 // // 174 // put("X509Store.CERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertCollection"); 175 // put("X509Store.ATTRIBUTECERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreAttrCertCollection"); 176 // put("X509Store.CRL/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCRLCollection"); 177 // put("X509Store.CERTIFICATEPAIR/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertPairCollection"); 178 // 179 // put("X509Store.CERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCerts"); 180 // put("X509Store.CRL/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCRLs"); 181 // put("X509Store.ATTRIBUTECERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPAttrCerts"); 182 // put("X509Store.CERTIFICATEPAIR/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCertPairs"); 183 // 184 // // 185 // // X509StreamParser 186 // // 187 // put("X509StreamParser.CERTIFICATE", "org.bouncycastle.jce.provider.X509CertParser"); 188 // put("X509StreamParser.ATTRIBUTECERTIFICATE", "org.bouncycastle.jce.provider.X509AttrCertParser"); 189 // put("X509StreamParser.CRL", "org.bouncycastle.jce.provider.X509CRLParser"); 190 // put("X509StreamParser.CERTIFICATEPAIR", "org.bouncycastle.jce.provider.X509CertPairParser"); 191 // 192 // // 193 // // cipher engines 194 // // 195 // put("Cipher.BROKENPBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithMD5AndDES"); 196 // 197 // put("Cipher.BROKENPBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES"); 198 // 199 // 200 // put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish"); 201 // 202 // // Certification Path API 203 // put("CertPathValidator.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathValidatorSpi"); 204 // put("CertPathBuilder.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathBuilderSpi"); 205 // put("CertPathValidator.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi"); 206 // put("CertPathBuilder.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi"); 207 // END android-removed 208 put("CertPathValidator.PKIX", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi"); 209 put("CertPathBuilder.PKIX", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi"); 210 put("CertStore.Collection", "org.bouncycastle.jce.provider.CertStoreCollectionSpi"); 211 // BEGIN android-removed 212 // put("CertStore.LDAP", "org.bouncycastle.jce.provider.X509LDAPCertStoreSpi"); 213 // put("CertStore.Multi", "org.bouncycastle.jce.provider.MultiCertStoreSpi"); 214 // put("Alg.Alias.CertStore.X509LDAP", "LDAP"); 215 // END android-removed 216 } 217 218 private void loadAlgorithms(String packageName, String[] names) 219 { 220 for (int i = 0; i != names.length; i++) 221 { 222 Class clazz = null; 223 try 224 { 225 ClassLoader loader = this.getClass().getClassLoader(); 226 227 if (loader != null) 228 { 229 clazz = loader.loadClass(packageName + names[i] + "$Mappings"); 230 } 231 else 232 { 233 clazz = Class.forName(packageName + names[i] + "$Mappings"); 234 } 235 } 236 catch (ClassNotFoundException e) 237 { 238 // ignore 239 } 240 241 if (clazz != null) 242 { 243 try 244 { 245 ((AlgorithmProvider)clazz.newInstance()).configure(this); 246 } 247 catch (Exception e) 248 { // this should never ever happen!! 249 throw new InternalError("cannot create instance of " 250 + packageName + names[i] + "$Mappings : " + e); 251 } 252 } 253 } 254 } 255 256 public void setParameter(String parameterName, Object parameter) 257 { 258 synchronized (CONFIGURATION) 259 { 260 ((BouncyCastleProviderConfiguration)CONFIGURATION).setParameter(parameterName, parameter); 261 } 262 } 263 264 public boolean hasAlgorithm(String type, String name) 265 { 266 return containsKey(type + "." + name) || containsKey("Alg.Alias." + type + "." + name); 267 } 268 269 public void addAlgorithm(String key, String value) 270 { 271 if (containsKey(key)) 272 { 273 throw new IllegalStateException("duplicate provider key (" + key + ") found"); 274 } 275 276 put(key, value); 277 } 278 279 public void addKeyInfoConverter(ASN1ObjectIdentifier oid, AsymmetricKeyInfoConverter keyInfoConverter) 280 { 281 keyInfoConverters.put(oid, keyInfoConverter); 282 } 283 284 public static PublicKey getPublicKey(SubjectPublicKeyInfo publicKeyInfo) 285 throws IOException 286 { 287 AsymmetricKeyInfoConverter converter = (AsymmetricKeyInfoConverter)keyInfoConverters.get(publicKeyInfo.getAlgorithm().getAlgorithm()); 288 289 if (converter == null) 290 { 291 return null; 292 } 293 294 return converter.generatePublic(publicKeyInfo); 295 } 296 297 public static PrivateKey getPrivateKey(PrivateKeyInfo privateKeyInfo) 298 throws IOException 299 { 300 AsymmetricKeyInfoConverter converter = (AsymmetricKeyInfoConverter)keyInfoConverters.get(privateKeyInfo.getPrivateKeyAlgorithm().getAlgorithm()); 301 302 if (converter == null) 303 { 304 return null; 305 } 306 307 return converter.generatePrivate(privateKeyInfo); 308 } 309} 310