From 3db90551169b383bc6b78b81954e20a10cb92f59 Mon Sep 17 00:00:00 2001 From: Oren Novotny Date: Sun, 18 Oct 2015 18:14:08 -0400 Subject: remove files not in master --- crypto/doc/wp7/crypto.xml | 19296 --------------------- crypto/src/asn1/DerUnknownTag.cs | 80 - crypto/src/cms/NullOutputStream.cs | 20 - crypto/src/crypto/tls/AlwaysValidVerifyer.cs | 24 - crypto/src/crypto/tls/DigestAlgorithm.cs | 21 - crypto/src/crypto/tls/ICertificateVerifyer.cs | 18 - crypto/src/crypto/tls/LegacyTlsAuthentication.cs | 32 - crypto/src/crypto/tls/LegacyTlsClient.cs | 28 - crypto/src/crypto/tls/TlsException.cs | 11 - crypto/src/math/ec/IntArray.cs | 485 - crypto/src/math/ec/multiplier/FpNafMultiplier.cs | 41 - crypto/src/math/ec/multiplier/WNafMultiplier.cs | 243 - 12 files changed, 20299 deletions(-) delete mode 100644 crypto/doc/wp7/crypto.xml delete mode 100644 crypto/src/asn1/DerUnknownTag.cs delete mode 100644 crypto/src/cms/NullOutputStream.cs delete mode 100644 crypto/src/crypto/tls/AlwaysValidVerifyer.cs delete mode 100644 crypto/src/crypto/tls/DigestAlgorithm.cs delete mode 100644 crypto/src/crypto/tls/ICertificateVerifyer.cs delete mode 100644 crypto/src/crypto/tls/LegacyTlsAuthentication.cs delete mode 100644 crypto/src/crypto/tls/LegacyTlsClient.cs delete mode 100644 crypto/src/crypto/tls/TlsException.cs delete mode 100644 crypto/src/math/ec/IntArray.cs delete mode 100644 crypto/src/math/ec/multiplier/FpNafMultiplier.cs delete mode 100644 crypto/src/math/ec/multiplier/WNafMultiplier.cs (limited to 'crypto') diff --git a/crypto/doc/wp7/crypto.xml b/crypto/doc/wp7/crypto.xml deleted file mode 100644 index f1cf2f391..000000000 --- a/crypto/doc/wp7/crypto.xml +++ /dev/null @@ -1,19296 +0,0 @@ - - - - crypto - - - - Base class for both the compress and decompress classes. - Holds common arrays, and static data. - - @author Keiron Liddle - - - An input stream that decompresses from the BZip2 format (with the file - header chars) to be read as any other stream. - - @author Keiron Liddle - - NB: note this class has been modified to read the leading BZ from the - start of the BZIP2 stream to make it compatible with other PGP programs. - - - An output stream that compresses into the BZip2 format (with the file - header chars) into another stream. - - @author Keiron Liddle - - TODO: Update to BZip2 1.0.1 - NB: note this class has been modified to add a leading BZ to the - start of the BZIP2 stream to make it compatible with other PGP programs. - - - - modified by Oliver Merkel, 010128 - - - - A simple class the hold and calculate the CRC for sanity checking - of the data. - - @author Keiron Liddle - - - Return the DER encoding of the object, null if the DER encoding can not be made. - - @return a DER byte array, null otherwise. - - - a general purpose ASN.1 decoder - note: this class differs from the - others in that it returns null after it has read the last object in - the stream. If an ASN.1 Null is encountered a Der/BER Null object is - returned. - - - Create an ASN1InputStream where no DER object will be longer than limit. - - @param input stream containing ASN.1 encoded data. - @param limit maximum size of a DER encoded object. - - - Create an ASN1InputStream based on the input byte array. The length of DER objects in - the stream is automatically limited to the length of the input array. - - @param input array containing ASN.1 encoded data. - - - build an object given its tag and the number of bytes to construct it from. - - - A Null object. - - - Create a base ASN.1 object from a byte array. - The byte array to parse. - The base ASN.1 object represented by the byte array. - If there is a problem parsing the data. - - - Read a base ASN.1 object from a stream. - The stream to parse. - The base ASN.1 object represented by the byte array. - If there is a problem parsing the data. - - - return an Octet string from a tagged object. - - @param obj the tagged object holding the object we want. - @param explicitly true if the object is meant to be explicitly - tagged false otherwise. - @exception ArgumentException if the tagged object cannot - be converted. - - - return an Octet string from the given object. - - @param obj the object we want converted. - @exception ArgumentException if the object cannot be converted. - - - @param string the octets making up the octet string. - - - return an Asn1Sequence from the given object. - - @param obj the object we want converted. - @exception ArgumentException if the object cannot be converted. - - - Return an ASN1 sequence from a tagged object. There is a special - case here, if an object appears to have been explicitly tagged on - reading but we were expecting it to be implicitly tagged in the - normal course of events it indicates that we lost the surrounding - sequence - so we need to add it back (this will happen if the tagged - object is a sequence that contains other sequences). If you are - dealing with implicitly tagged sequences you really should - be using this method. - - @param obj the tagged object. - @param explicitly true if the object is meant to be explicitly tagged, - false otherwise. - @exception ArgumentException if the tagged object cannot - be converted. - - - return the object at the sequence position indicated by index. - - @param index the sequence number (starting at zero) of the object - @return the object at the sequence position indicated by index. - - - return an ASN1Set from the given object. - - @param obj the object we want converted. - @exception ArgumentException if the object cannot be converted. - - - Return an ASN1 set from a tagged object. There is a special - case here, if an object appears to have been explicitly tagged on - reading but we were expecting it to be implicitly tagged in the - normal course of events it indicates that we lost the surrounding - set - so we need to add it back (this will happen if the tagged - object is a sequence that contains other sequences). If you are - dealing with implicitly tagged sets you really should - be using this method. - - @param obj the tagged object. - @param explicitly true if the object is meant to be explicitly tagged - false otherwise. - @exception ArgumentException if the tagged object cannot - be converted. - - - return true if a <= b (arrays are assumed padded with zeros). - - - return the object at the set position indicated by index. - - @param index the set number (starting at zero) of the object - @return the object at the set position indicated by index. - - - ASN.1 TaggedObject - in ASN.1 notation this is any object preceded by - a [n] where n is some number - these are assumed to follow the construction - rules (as with sequences). - - - @param tagNo the tag number for this object. - @param obj the tagged object. - - - @param explicitly true if the object is explicitly tagged. - @param tagNo the tag number for this object. - @param obj the tagged object. - - - return whether or not the object may be explicitly tagged. -

- Note: if the object has been read from an input stream, the only - time you can be sure if isExplicit is returning the true state of - affairs is if it returns false. An implicitly tagged object may appear - to be explicitly tagged, so you need to understand the context under - which the reading was done as well, see GetObject below.

- - - return whatever was following the tag. -

- Note: tagged objects are generally context dependent if you're - trying to extract a tagged object you should be going via the - appropriate GetInstance method.

- - - Return the object held in this tagged object as a parser assuming it has - the type of the passed in tag. If the object doesn't have a parser - associated with it, the base object is returned. - - - Base class for an application specific object - - - Return the enclosed object assuming explicit tagging. - - @return the resulting object - @throws IOException if reconstruction fails. - - - Return the enclosed object assuming implicit tagging. - - @param derTagNo the type tag that should be applied to the object's contents. - @return the resulting object - @throws IOException if reconstruction fails. - - - A BER Null object. - - - A Null object. - - - The octets making up the octet string. - - - convert a vector of octet strings into a single byte string - - - The octets making up the octet string. - - - return the DER octets that make up this string. - - - create an empty sequence - - - create a sequence containing one object - - - create a sequence containing a vector of objects. - - - create an empty sequence - - - create a sequence containing one object - - - create a sequence containing a vector of objects. - - - A Der encoded set object - - - create an empty set - - - @param obj - a single object that makes up the set. - - - @param v - a vector of objects making up the set. - - - create an empty sequence - - - create a set containing one object - - - create a set containing a vector of objects. - - - BER TaggedObject - in ASN.1 notation this is any object preceded by - a [n] where n is some number - these are assumed to follow the construction - rules (as with sequences). - - - DER TaggedObject - in ASN.1 notation this is any object preceded by - a [n] where n is some number - these are assumed to follow the construction - rules (as with sequences). - - - @param tagNo the tag number for this object. - @param obj the tagged object. - - - @param explicitly true if an explicitly tagged object. - @param tagNo the tag number for this object. - @param obj the tagged object. - - - create an implicitly tagged object that contains a zero - length sequence. - - - @param tagNo the tag number for this object. - @param obj the tagged object. - - - @param explicitly true if an explicitly tagged object. - @param tagNo the tag number for this object. - @param obj the tagged object. - - - create an implicitly tagged object that contains a zero - length sequence. - - - 
-            CAKeyUpdAnnContent ::= SEQUENCE {
-                                        oldWithNew   CmpCertificate, -- old pub signed with new priv
-                                        newWithOld   CmpCertificate, -- new pub signed with old priv
-                                        newWithNew   CmpCertificate  -- new pub signed with new priv
-             }
-
- @return a basic ASN.1 object representation. - - - 
-            CertConfirmContent ::= SEQUENCE OF CertStatus
-
- @return a basic ASN.1 object representation. - - - 
-            CertifiedKeyPair ::= SEQUENCE {
-                                             certOrEncCert       CertOrEncCert,
-                                             privateKey      [0] EncryptedValue      OPTIONAL,
-                                             -- see [CRMF] for comment on encoding
-                                             publicationInfo [1] PKIPublicationInfo  OPTIONAL
-                  }
-
- @return a basic ASN.1 object representation. - - - Marker interface for CHOICE objects - if you implement this in a roll-your-own - object, any attempt to tag the object implicitly will convert the tag to an - explicit one as the encoding rules require. -

- If you use this interface your class should also implement the getInstance - pattern which takes a tag object and the tagging mode used. -

- - - 
-            CertOrEncCert ::= CHOICE {
-                                 certificate     [0] CMPCertificate,
-                                 encryptedCert   [1] EncryptedValue
-                      }
-
- @return a basic ASN.1 object representation. - - - 
-            CertRepMessage ::= SEQUENCE {
-                                     caPubs       [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
-                                                                                        OPTIONAL,
-                                     response         SEQUENCE OF CertResponse
-            }
-
- @return a basic ASN.1 object representation. - - - 
-            CertResponse ::= SEQUENCE {
-                                       certReqId           INTEGER,
-                                       -- to match this response with corresponding request (a value
-                                       -- of -1 is to be used if certReqId is not specified in the
-                                       -- corresponding request)
-                                       status              PKIStatusInfo,
-                                       certifiedKeyPair    CertifiedKeyPair    OPTIONAL,
-                                       rspInfo             OCTET STRING        OPTIONAL
-                                       -- analogous to the id-regInfo-utf8Pairs string defined
-                                       -- for regInfo in CertReqMsg [CRMF]
-                        }
-
- @return a basic ASN.1 object representation. - - - 
-            CertStatus ::= SEQUENCE {
-                              certHash    OCTET STRING,
-                              -- the hash of the certificate, using the same hash algorithm
-                              -- as is used to create and verify the certificate signature
-                              certReqId   INTEGER,
-                              -- to match this confirmation with the corresponding req/rep
-                              statusInfo  PKIStatusInfo OPTIONAL
-            }
-
- @return a basic ASN.1 object representation. - - - 
-             Challenge ::= SEQUENCE {
-                             owf                 AlgorithmIdentifier  OPTIONAL,
-            
-                             -- MUST be present in the first Challenge; MAY be omitted in
-                             -- any subsequent Challenge in POPODecKeyChallContent (if
-                             -- omitted, then the owf used in the immediately preceding
-                             -- Challenge is to be used).
-            
-                             witness             OCTET STRING,
-                             -- the result of applying the one-way function (owf) to a
-                             -- randomly-generated INTEGER, A.  [Note that a different
-                             -- INTEGER MUST be used for each Challenge.]
-                             challenge           OCTET STRING
-                             -- the encryption (under the public key for which the cert.
-                             -- request is being made) of Rand, where Rand is specified as
-                             --   Rand ::= SEQUENCE {
-                             --      int      INTEGER,
-                             --       - the randomly-generated INTEGER A (above)
-                             --      sender   GeneralName
-                             --       - the sender's name (as included in PKIHeader)
-                             --   }
-                  }
-
- @return a basic ASN.1 object representation. - - - Note: the addition of attribute certificates is a BC extension. - - - 
-             CMPCertificate ::= CHOICE {
-                        x509v3PKCert        Certificate
-                        x509v2AttrCert      [1] AttributeCertificate
-              }
-
- Note: the addition of attribute certificates is a BC extension. - - @return a basic ASN.1 object representation. - - - 
-            CrlAnnContent ::= SEQUENCE OF CertificateList
-
- @return a basic ASN.1 object representation. - - - 
-            ErrorMsgContent ::= SEQUENCE {
-                                   pKIStatusInfo          PKIStatusInfo,
-                                   errorCode              INTEGER           OPTIONAL,
-                                   -- implementation-specific error codes
-                                   errorDetails           PKIFreeText       OPTIONAL
-                                   -- implementation-specific error details
-            }
-
- @return a basic ASN.1 object representation. - - - 
-            GenMsgContent ::= SEQUENCE OF InfoTypeAndValue
-
- @return a basic ASN.1 object representation. - - - 
-            GenRepContent ::= SEQUENCE OF InfoTypeAndValue
-
- @return a basic ASN.1 object representation. - - - Example InfoTypeAndValue contents include, but are not limited - to, the following (un-comment in this ASN.1 module and use as - appropriate for a given environment): - 
-               id-it-caProtEncCert    OBJECT IDENTIFIER ::= {id-it 1}
-                  CAProtEncCertValue      ::= CMPCertificate
-               id-it-signKeyPairTypes OBJECT IDENTIFIER ::= {id-it 2}
-                 SignKeyPairTypesValue   ::= SEQUENCE OF AlgorithmIdentifier
-               id-it-encKeyPairTypes  OBJECT IDENTIFIER ::= {id-it 3}
-                 EncKeyPairTypesValue    ::= SEQUENCE OF AlgorithmIdentifier
-               id-it-preferredSymmAlg OBJECT IDENTIFIER ::= {id-it 4}
-                  PreferredSymmAlgValue   ::= AlgorithmIdentifier
-               id-it-caKeyUpdateInfo  OBJECT IDENTIFIER ::= {id-it 5}
-                  CAKeyUpdateInfoValue    ::= CAKeyUpdAnnContent
-               id-it-currentCRL       OBJECT IDENTIFIER ::= {id-it 6}
-                  CurrentCRLValue         ::= CertificateList
-               id-it-unsupportedOIDs  OBJECT IDENTIFIER ::= {id-it 7}
-                  UnsupportedOIDsValue    ::= SEQUENCE OF OBJECT IDENTIFIER
-               id-it-keyPairParamReq  OBJECT IDENTIFIER ::= {id-it 10}
-                  KeyPairParamReqValue    ::= OBJECT IDENTIFIER
-               id-it-keyPairParamRep  OBJECT IDENTIFIER ::= {id-it 11}
-                  KeyPairParamRepValue    ::= AlgorithmIdentifer
-               id-it-revPassphrase    OBJECT IDENTIFIER ::= {id-it 12}
-                  RevPassphraseValue      ::= EncryptedValue
-               id-it-implicitConfirm  OBJECT IDENTIFIER ::= {id-it 13}
-                  ImplicitConfirmValue    ::= NULL
-               id-it-confirmWaitTime  OBJECT IDENTIFIER ::= {id-it 14}
-                  ConfirmWaitTimeValue    ::= GeneralizedTime
-               id-it-origPKIMessage   OBJECT IDENTIFIER ::= {id-it 15}
-                  OrigPKIMessageValue     ::= PKIMessages
-               id-it-suppLangTags     OBJECT IDENTIFIER ::= {id-it 16}
-                  SuppLangTagsValue       ::= SEQUENCE OF UTF8String
-            
-             where
-            
-               id-pkix OBJECT IDENTIFIER ::= {
-                  iso(1) identified-organization(3)
-                  dod(6) internet(1) security(5) mechanisms(5) pkix(7)}
-             and
-                  id-it   OBJECT IDENTIFIER ::= {id-pkix 4}
-
- - - 
-            InfoTypeAndValue ::= SEQUENCE {
-                                    infoType               OBJECT IDENTIFIER,
-                                    infoValue              ANY DEFINED BY infoType  OPTIONAL
-            }
-
- @return a basic ASN.1 object representation. - - - 
-            KeyRecRepContent ::= SEQUENCE {
-                                    status                  PKIStatusInfo,
-                                    newSigCert          [0] CMPCertificate OPTIONAL,
-                                    caCerts             [1] SEQUENCE SIZE (1..MAX) OF
-                                                                      CMPCertificate OPTIONAL,
-                                    keyPairHist         [2] SEQUENCE SIZE (1..MAX) OF
-                                                                      CertifiedKeyPair OPTIONAL
-                         }
-
- @return a basic ASN.1 object representation. - - - 
-            OobCertHash ::= SEQUENCE {
-                                 hashAlg     [0] AlgorithmIdentifier     OPTIONAL,
-                                 certId      [1] CertId                  OPTIONAL,
-                                 hashVal         BIT STRING
-                                 -- hashVal is calculated over the Der encoding of the
-                                 -- self-signed certificate with the identifier certID.
-                  }
-
- @return a basic ASN.1 object representation. - - - 
-             PbmParameter ::= SEQUENCE {
-                                   salt                OCTET STRING,
-                                   -- note:  implementations MAY wish to limit acceptable sizes
-                                   -- of this string to values appropriate for their environment
-                                   -- in order to reduce the risk of denial-of-service attacks
-                                   owf                 AlgorithmIdentifier,
-                                   -- AlgId for a One-Way Function (SHA-1 recommended)
-                                   iterationCount      INTEGER,
-                                   -- number of times the OWF is applied
-                                   -- note:  implementations MAY wish to limit acceptable sizes
-                                   -- of this integer to values appropriate for their environment
-                                   -- in order to reduce the risk of denial-of-service attacks
-                                   mac                 AlgorithmIdentifier
-                                   -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11],
-               }   -- or HMAC [RFC2104, RFC2202])
-
- @return a basic ASN.1 object representation. - - - Creates a new PkiBody. - @param type one of the TYPE_* constants - @param content message content - - - 
-            PkiBody ::= CHOICE {       -- message-specific body elements
-                   ir       [0]  CertReqMessages,        --Initialization Request
-                   ip       [1]  CertRepMessage,         --Initialization Response
-                   cr       [2]  CertReqMessages,        --Certification Request
-                   cp       [3]  CertRepMessage,         --Certification Response
-                   p10cr    [4]  CertificationRequest,   --imported from [PKCS10]
-                   popdecc  [5]  POPODecKeyChallContent, --pop Challenge
-                   popdecr  [6]  POPODecKeyRespContent,  --pop Response
-                   kur      [7]  CertReqMessages,        --Key Update Request
-                   kup      [8]  CertRepMessage,         --Key Update Response
-                   krr      [9]  CertReqMessages,        --Key Recovery Request
-                   krp      [10] KeyRecRepContent,       --Key Recovery Response
-                   rr       [11] RevReqContent,          --Revocation Request
-                   rp       [12] RevRepContent,          --Revocation Response
-                   ccr      [13] CertReqMessages,        --Cross-Cert. Request
-                   ccp      [14] CertRepMessage,         --Cross-Cert. Response
-                   ckuann   [15] CAKeyUpdAnnContent,     --CA Key Update Ann.
-                   cann     [16] CertAnnContent,         --Certificate Ann.
-                   rann     [17] RevAnnContent,          --Revocation Ann.
-                   crlann   [18] CRLAnnContent,          --CRL Announcement
-                   pkiconf  [19] PKIConfirmContent,      --Confirmation
-                   nested   [20] NestedMessageContent,   --Nested Message
-                   genm     [21] GenMsgContent,          --General Message
-                   genp     [22] GenRepContent,          --General Response
-                   error    [23] ErrorMsgContent,        --Error Message
-                   certConf [24] CertConfirmContent,     --Certificate confirm
-                   pollReq  [25] PollReqContent,         --Polling request
-                   pollRep  [26] PollRepContent          --Polling response
-            }
-
- @return a basic ASN.1 object representation. - - - 
-            PkiConfirmContent ::= NULL
-
- @return a basic ASN.1 object representation. - - - 
-            PKIFailureInfo ::= BIT STRING {
-            badAlg               (0),
-              -- unrecognized or unsupported Algorithm Identifier
-            badMessageCheck      (1), -- integrity check failed (e.g., signature did not verify)
-            badRequest           (2),
-              -- transaction not permitted or supported
-            badTime              (3), -- messageTime was not sufficiently close to the system time, as defined by local policy
-            badCertId            (4), -- no certificate could be found matching the provided criteria
-            badDataFormat        (5),
-              -- the data submitted has the wrong format
-            wrongAuthority       (6), -- the authority indicated in the request is different from the one creating the response token
-            incorrectData        (7), -- the requester's data is incorrect (for notary services)
-            missingTimeStamp     (8), -- when the timestamp is missing but should be there (by policy)
-            badPOP               (9)  -- the proof-of-possession failed
-            timeNotAvailable    (14),
-              -- the TSA's time source is not available
-            unacceptedPolicy    (15),
-              -- the requested TSA policy is not supported by the TSA
-            unacceptedExtension (16),
-              -- the requested extension is not supported by the TSA
-             addInfoNotAvailable (17)
-               -- the additional information requested could not be understood
-               -- or is not available
-             systemFailure       (25)
-               -- the request cannot be handled due to system failure
-
- - - basic interface for Der string objects. - - - return the correct number of pad bits for a bit string defined in - a 32 bit constant - - - return the correct number of bytes for a bit string defined in - a 32 bit constant - - - return a Bit string from the passed in object - - @exception ArgumentException if the object cannot be converted. - - - return a Bit string from a tagged object. - - @param obj the tagged object holding the object we want - @param explicitly true if the object is meant to be explicitly - tagged false otherwise. - @exception ArgumentException if the tagged object cannot - be converted. - - - @param data the octets making up the bit string. - @param padBits the number of extra bits at the end of the string. - - - @return the value of the bit string as an int (truncating if necessary) - - - Basic constructor. - - - 
-            PkiFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
-
- - - Return the number of string elements present. - - @return number of elements present. - - - Return the UTF8STRING at index. - - @param index index of the string of interest - @return the string at index. - - - Value for a "null" recipient or sender. - - - 
-             PkiHeader ::= SEQUENCE {
-                       pvno                INTEGER     { cmp1999(1), cmp2000(2) },
-                       sender              GeneralName,
-                       -- identifies the sender
-                       recipient           GeneralName,
-                       -- identifies the intended recipient
-                       messageTime     [0] GeneralizedTime         OPTIONAL,
-                       -- time of production of this message (used when sender
-                       -- believes that the transport will be "suitable"; i.e.,
-                       -- that the time will still be meaningful upon receipt)
-                       protectionAlg   [1] AlgorithmIdentifier     OPTIONAL,
-                       -- algorithm used for calculation of protection bits
-                       senderKID       [2] KeyIdentifier           OPTIONAL,
-                       recipKID        [3] KeyIdentifier           OPTIONAL,
-                       -- to identify specific keys used for protection
-                       transactionID   [4] OCTET STRING            OPTIONAL,
-                       -- identifies the transaction; i.e., this will be the same in
-                       -- corresponding request, response, certConf, and PKIConf
-                       -- messages
-                       senderNonce     [5] OCTET STRING            OPTIONAL,
-                       recipNonce      [6] OCTET STRING            OPTIONAL,
-                       -- nonces used to provide replay protection, senderNonce
-                       -- is inserted by the creator of this message; recipNonce
-                       -- is a nonce previously inserted in a related message by
-                       -- the intended recipient of this message
-                       freeText        [7] PKIFreeText             OPTIONAL,
-                       -- this may be used to indicate context-specific instructions
-                       -- (this field is intended for human consumption)
-                       generalInfo     [8] SEQUENCE SIZE (1..MAX) OF
-                                            InfoTypeAndValue     OPTIONAL
-                       -- this may be used to convey context-specific information
-                       -- (this field not primarily intended for human consumption)
-            }
-
- @return a basic ASN.1 object representation. - - - 
-             PKIHeader ::= SEQUENCE {
-                       pvno                INTEGER     { cmp1999(1), cmp2000(2) },
-                       sender              GeneralName,
-                       -- identifies the sender
-                       recipient           GeneralName,
-                       -- identifies the intended recipient
-                       messageTime     [0] GeneralizedTime         OPTIONAL,
-                       -- time of production of this message (used when sender
-                       -- believes that the transport will be "suitable"; i.e.,
-                       -- that the time will still be meaningful upon receipt)
-                       protectionAlg   [1] AlgorithmIdentifier     OPTIONAL,
-                       -- algorithm used for calculation of protection bits
-                       senderKID       [2] KeyIdentifier           OPTIONAL,
-                       recipKID        [3] KeyIdentifier           OPTIONAL,
-                       -- to identify specific keys used for protection
-                       transactionID   [4] OCTET STRING            OPTIONAL,
-                       -- identifies the transaction; i.e., this will be the same in
-                       -- corresponding request, response, certConf, and PKIConf
-                       -- messages
-                       senderNonce     [5] OCTET STRING            OPTIONAL,
-                       recipNonce      [6] OCTET STRING            OPTIONAL,
-                       -- nonces used to provide replay protection, senderNonce
-                       -- is inserted by the creator of this message; recipNonce
-                       -- is a nonce previously inserted in a related message by
-                       -- the intended recipient of this message
-                       freeText        [7] PKIFreeText             OPTIONAL,
-                       -- this may be used to indicate context-specific instructions
-                       -- (this field is intended for human consumption)
-                       generalInfo     [8] SEQUENCE SIZE (1..MAX) OF
-                                            InfoTypeAndValue     OPTIONAL
-                       -- this may be used to convey context-specific information
-                       -- (this field not primarily intended for human consumption)
-            }
-
- @return a basic ASN.1 object representation. - - - Creates a new PkiMessage. - - @param header message header - @param body message body - @param protection message protection (may be null) - @param extraCerts extra certificates (may be null) - - - 
-            PkiMessage ::= SEQUENCE {
-                             header           PKIHeader,
-                             body             PKIBody,
-                             protection   [0] PKIProtection OPTIONAL,
-                             extraCerts   [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
-                                                                                OPTIONAL
-            }
-
- @return a basic ASN.1 object representation. - - - 
-            PkiMessages ::= SEQUENCE SIZE (1..MAX) OF PkiMessage
-
- @return a basic ASN.1 object representation. - - - @param status - - - @param status - @param statusString - - - 
-             PkiStatusInfo ::= SEQUENCE {
-                 status        PKIStatus,                (INTEGER)
-                 statusString  PkiFreeText     OPTIONAL,
-                 failInfo      PkiFailureInfo  OPTIONAL  (BIT STRING)
-             }
-            
-             PKIStatus:
-               granted                (0), -- you got exactly what you asked for
-               grantedWithMods        (1), -- you got something like what you asked for
-               rejection              (2), -- you don't get it, more information elsewhere in the message
-               waiting                (3), -- the request body part has not yet been processed, expect to hear more later
-               revocationWarning      (4), -- this message contains a warning that a revocation is imminent
-               revocationNotification (5), -- notification that a revocation has occurred
-               keyUpdateWarning       (6)  -- update already done for the oldCertId specified in CertReqMsg
-            
-             PkiFailureInfo:
-               badAlg           (0), -- unrecognized or unsupported Algorithm Identifier
-               badMessageCheck  (1), -- integrity check failed (e.g., signature did not verify)
-               badRequest       (2), -- transaction not permitted or supported
-               badTime          (3), -- messageTime was not sufficiently close to the system time, as defined by local policy
-               badCertId        (4), -- no certificate could be found matching the provided criteria
-               badDataFormat    (5), -- the data submitted has the wrong format
-               wrongAuthority   (6), -- the authority indicated in the request is different from the one creating the response token
-               incorrectData    (7), -- the requester's data is incorrect (for notary services)
-               missingTimeStamp (8), -- when the timestamp is missing but should be there (by policy)
-               badPOP           (9)  -- the proof-of-possession failed
-            
-
- - - 
-            PollRepContent ::= SEQUENCE OF SEQUENCE {
-                    certReqId              INTEGER,
-                    checkAfter             INTEGER,  -- time in seconds
-                    reason                 PKIFreeText OPTIONAL
-                }
-
- @return a basic ASN.1 object representation. - - - 
-            PollReqContent ::= SEQUENCE OF SEQUENCE {
-                                   certReqId              INTEGER
-            }
-
- @return a basic ASN.1 object representation. - - - 
-            PopoDecKeyChallContent ::= SEQUENCE OF Challenge
-
- @return a basic ASN.1 object representation. - - - 
-            PopoDecKeyRespContent ::= SEQUENCE OF INTEGER
-
- @return a basic ASN.1 object representation. - - - 
-            ProtectedPart ::= SEQUENCE {
-                               header    PKIHeader,
-                               body      PKIBody
-            }
-
- @return a basic ASN.1 object representation. - - - 
-            RevAnnContent ::= SEQUENCE {
-                  status              PKIStatus,
-                  certId              CertId,
-                  willBeRevokedAt     GeneralizedTime,
-                  badSinceDate        GeneralizedTime,
-                  crlDetails          Extensions  OPTIONAL
-                   -- extra CRL details (e.g., crl number, reason, location, etc.)
-            }
-
- @return a basic ASN.1 object representation. - - - 
-            RevDetails ::= SEQUENCE {
-                             certDetails         CertTemplate,
-                              -- allows requester to specify as much as they can about
-                              -- the cert. for which revocation is requested
-                              -- (e.g., for cases in which serialNumber is not available)
-                              crlEntryDetails     Extensions       OPTIONAL
-                              -- requested crlEntryExtensions
-                        }
-
- @return a basic ASN.1 object representation. - - - 
-            RevRepContent ::= SEQUENCE {
-                   status       SEQUENCE SIZE (1..MAX) OF PKIStatusInfo,
-                   -- in same order as was sent in RevReqContent
-                   revCerts [0] SEQUENCE SIZE (1..MAX) OF CertId OPTIONAL,
-                   -- IDs for which revocation was requested
-                   -- (same order as status)
-                   crls     [1] SEQUENCE SIZE (1..MAX) OF CertificateList OPTIONAL
-                   -- the resulting CRLs (there may be more than one)
-              }
-
- @return a basic ASN.1 object representation. - - - 
-            RevReqContent ::= SEQUENCE OF RevDetails
-
- @return a basic ASN.1 object representation. - - - return an Attribute object from the given object. - - @param o the object we want converted. - @exception ArgumentException if the object cannot be converted. - - - Produce an object suitable for an Asn1OutputStream. - 
-            Attribute ::= SEQUENCE {
-                attrType OBJECT IDENTIFIER,
-                attrValues SET OF AttributeValue
-            }
-
- - - 
-            Attributes ::=
-              SET SIZE(1..MAX) OF Attribute -- according to RFC 5652
-
- @return - - - Return all the attributes matching the OBJECT IDENTIFIER oid. The vector will be - empty if there are no attributes of the required type present. - - @param oid type of attribute required. - @return a vector of all the attributes found of type oid. - - - Return a new table with the passed in attribute added. - - @param attrType - @param attrValue - @return - - - Return the first attribute matching the given OBJECT IDENTIFIER - - - return an AuthenticatedData object from a tagged object. - - @param obj the tagged object holding the object we want. - @param isExplicit true if the object is meant to be explicitly - tagged false otherwise. - @throws ArgumentException if the object held by the - tagged object cannot be converted. - - - return an AuthenticatedData object from the given object. - - @param obj the object we want converted. - @throws ArgumentException if the object cannot be converted. - - - Produce an object suitable for an Asn1OutputStream. - 
-             AuthenticatedData ::= SEQUENCE {
-                   version CMSVersion,
-                   originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
-                   recipientInfos RecipientInfos,
-                   macAlgorithm MessageAuthenticationCodeAlgorithm,
-                   digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL,
-                   encapContentInfo EncapsulatedContentInfo,
-                   authAttrs [2] IMPLICIT AuthAttributes OPTIONAL,
-                   mac MessageAuthenticationCode,
-                   unauthAttrs [3] IMPLICIT UnauthAttributes OPTIONAL }
-            
-             AuthAttributes ::= SET SIZE (1..MAX) OF Attribute
-            
-             UnauthAttributes ::= SET SIZE (1..MAX) OF Attribute
-            
-             MessageAuthenticationCode ::= OCTET STRING
-
- - - Produce an object suitable for an Asn1OutputStream. - 
-             AuthenticatedData ::= SEQUENCE {
-                   version CMSVersion,
-                   originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
-                   recipientInfos RecipientInfos,
-                   macAlgorithm MessageAuthenticationCodeAlgorithm,
-                   digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL,
-                   encapContentInfo EncapsulatedContentInfo,
-                   authAttrs [2] IMPLICIT AuthAttributes OPTIONAL,
-                   mac MessageAuthenticationCode,
-                   unauthAttrs [3] IMPLICIT UnauthAttributes OPTIONAL }
-            
-             AuthAttributes ::= SET SIZE (1..MAX) OF Attribute
-            
-             UnauthAttributes ::= SET SIZE (1..MAX) OF Attribute
-            
-             MessageAuthenticationCode ::= OCTET STRING
-
- - - return an AuthEnvelopedData object from a tagged object. - - @param obj the tagged object holding the object we want. - @param isExplicit true if the object is meant to be explicitly - tagged false otherwise. - @throws ArgumentException if the object held by the - tagged object cannot be converted. - - - return an AuthEnvelopedData object from the given object. - - @param obj the object we want converted. - @throws ArgumentException if the object cannot be converted. - - - Produce an object suitable for an Asn1OutputStream. - 
-            AuthEnvelopedData ::= SEQUENCE {
-              version CMSVersion,
-              originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
-              recipientInfos RecipientInfos,
-              authEncryptedContentInfo EncryptedContentInfo,
-              authAttrs [1] IMPLICIT AuthAttributes OPTIONAL,
-              mac MessageAuthenticationCode,
-              unauthAttrs [2] IMPLICIT UnauthAttributes OPTIONAL }
-
- - - Produce an object suitable for an Asn1OutputStream. - - 
-            AuthEnvelopedData ::= SEQUENCE {
-              version CMSVersion,
-              originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
-              recipientInfos RecipientInfos,
-              authEncryptedContentInfo EncryptedContentInfo,
-              authAttrs [1] IMPLICIT AuthAttributes OPTIONAL,
-              mac MessageAuthenticationCode,
-              unauthAttrs [2] IMPLICIT UnauthAttributes OPTIONAL }
-
- - - RFC 3274 - CMS Compressed Data. - 
-            CompressedData ::= Sequence {
-             version CMSVersion,
-             compressionAlgorithm CompressionAlgorithmIdentifier,
-             encapContentInfo EncapsulatedContentInfo
-            }
-
- - - return a CompressedData object from a tagged object. - - @param ato the tagged object holding the object we want. - @param explicitly true if the object is meant to be explicitly - tagged false otherwise. - @exception ArgumentException if the object held by the - tagged object cannot be converted. - - - return a CompressedData object from the given object. - - @param _obj the object we want converted. - @exception ArgumentException if the object cannot be converted. - - - RFC 3274 - CMS Compressed Data. - 
-            CompressedData ::= SEQUENCE {
-             version CMSVersion,
-             compressionAlgorithm CompressionAlgorithmIdentifier,
-             encapContentInfo EncapsulatedContentInfo
-            }
-
- - - Produce an object suitable for an Asn1OutputStream. - 
-            ContentInfo ::= Sequence {
-                     contentType ContentType,
-                     content
-                     [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL }
-
- - - Produce an object suitable for an Asn1OutputStream. - 
-            ContentInfo ::= SEQUENCE {
-                     contentType ContentType,
-                     content
-                     [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL }
-
- - - return an AuthEnvelopedData object from a tagged object. - - @param obj the tagged object holding the object we want. - @param isExplicit true if the object is meant to be explicitly - tagged false otherwise. - @throws ArgumentException if the object held by the - tagged object cannot be converted. - - - return an AuthEnvelopedData object from the given object. - - @param obj the object we want converted. - @throws ArgumentException if the object cannot be converted. - - - Produce an object suitable for an Asn1OutputStream. - 
-            MQVuserKeyingMaterial ::= SEQUENCE {
-              ephemeralPublicKey OriginatorPublicKey,
-              addedukm [0] EXPLICIT UserKeyingMaterial OPTIONAL  }
-
- - - return an EncryptedContentInfo object from the given object. - - @param obj the object we want converted. - @exception ArgumentException if the object cannot be converted. - - - Produce an object suitable for an Asn1OutputStream. - 
-            EncryptedContentInfo ::= Sequence {
-                contentType ContentType,
-                contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
-                encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL
-            }
-
- - - 
-            EncryptedContentInfo ::= SEQUENCE {
-                contentType ContentType,
-                contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
-                encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL
-            }
-
- - - 
-                  EncryptedData ::= SEQUENCE {
-                                version CMSVersion,
-                                encryptedContentInfo EncryptedContentInfo,
-                                unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL }
-
- @return a basic ASN.1 object representation. - - - return an EnvelopedData object from a tagged object. - - @param obj the tagged object holding the object we want. - @param explicitly true if the object is meant to be explicitly - tagged false otherwise. - @exception ArgumentException if the object held by the - tagged object cannot be converted. - - - return an EnvelopedData object from the given object. - - @param obj the object we want converted. - @exception ArgumentException if the object cannot be converted. - - - Produce an object suitable for an Asn1OutputStream. - 
-            EnvelopedData ::= Sequence {
-                version CMSVersion,
-                originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
-                recipientInfos RecipientInfos,
-                encryptedContentInfo EncryptedContentInfo,
-                unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL
-            }
-
- - - Produce an object suitable for an Asn1OutputStream. - 
-            EnvelopedData ::= SEQUENCE {
-                version CMSVersion,
-                originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
-                recipientInfos RecipientInfos,
-                encryptedContentInfo EncryptedContentInfo,
-                unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL
-            }
-
- - - return a KekIdentifier object from a tagged object. - - @param obj the tagged object holding the object we want. - @param explicitly true if the object is meant to be explicitly - tagged false otherwise. - @exception ArgumentException if the object held by the - tagged object cannot be converted. - - - return a KekIdentifier object from the given object. - - @param obj the object we want converted. - @exception ArgumentException if the object cannot be converted. - - - Produce an object suitable for an Asn1OutputStream. - 
-            KekIdentifier ::= Sequence {
-                keyIdentifier OCTET STRING,
-                date GeneralizedTime OPTIONAL,
-                other OtherKeyAttribute OPTIONAL
-            }
-
- - - return a KekRecipientInfo object from a tagged object. - - @param obj the tagged object holding the object we want. - @param explicitly true if the object is meant to be explicitly - tagged false otherwise. - @exception ArgumentException if the object held by the - tagged object cannot be converted. - - - return a KekRecipientInfo object from the given object. - - @param obj the object we want converted. - @exception ArgumentException if the object cannot be converted. - - - Produce an object suitable for an Asn1OutputStream. - 
-            KekRecipientInfo ::= Sequence {
-                version CMSVersion,  -- always set to 4
-                kekID KekIdentifier,
-                keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
-                encryptedKey EncryptedKey
-            }
-
- - - return an KeyAgreeRecipientIdentifier object from a tagged object. - - @param obj the tagged object holding the object we want. - @param isExplicit true if the object is meant to be explicitly - tagged false otherwise. - @exception ArgumentException if the object held by the - tagged object cannot be converted. - - - return an KeyAgreeRecipientIdentifier object from the given object. - - @param obj the object we want converted. - @exception ArgumentException if the object cannot be converted. - - - Produce an object suitable for an Asn1OutputStream. - 
-            KeyAgreeRecipientIdentifier ::= CHOICE {
-                issuerAndSerialNumber IssuerAndSerialNumber,
-                rKeyId [0] IMPLICIT RecipientKeyIdentifier
-            }
-
- - - return a KeyAgreeRecipientInfo object from a tagged object. - - @param obj the tagged object holding the object we want. - @param explicitly true if the object is meant to be explicitly - tagged false otherwise. - @exception ArgumentException if the object held by the - tagged object cannot be converted. - - - return a KeyAgreeRecipientInfo object from the given object. - - @param obj the object we want converted. - @exception ArgumentException if the object cannot be converted. - - - * Produce an object suitable for an Asn1OutputStream. - * 
-                     * KeyAgreeRecipientInfo ::= Sequence {
-                     *     version CMSVersion,  -- always set to 3
-                     *     originator [0] EXPLICIT OriginatorIdentifierOrKey,
-                     *     ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL,
-                     *     keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
-                     *     recipientEncryptedKeys RecipientEncryptedKeys
-                     * }
-            		 *
-            		 * UserKeyingMaterial ::= OCTET STRING
-                     *
- - - return a KeyTransRecipientInfo object from the given object. - - @param obj the object we want converted. - @exception ArgumentException if the object cannot be converted. - - - Produce an object suitable for an Asn1OutputStream. - 
-            KeyTransRecipientInfo ::= Sequence {
-                version CMSVersion,  -- always set to 0 or 2
-                rid RecipientIdentifier,
-                keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
-                encryptedKey EncryptedKey
-            }
-
- - - 
-            MetaData ::= SEQUENCE {
-              hashProtected        BOOLEAN,
-              fileName             UTF8String OPTIONAL,
-              mediaType            IA5String OPTIONAL,
-              otherMetaData        Attributes OPTIONAL
-            }
-
- @return - - - return an OriginatorIdentifierOrKey object from a tagged object. - - @param o the tagged object holding the object we want. - @param explicitly true if the object is meant to be explicitly - tagged false otherwise. - @exception ArgumentException if the object held by the - tagged object cannot be converted. - - - return an OriginatorIdentifierOrKey object from the given object. - - @param o the object we want converted. - @exception ArgumentException if the object cannot be converted. - - - Produce an object suitable for an Asn1OutputStream. - 
-             OriginatorIdentifierOrKey ::= CHOICE {
-                 issuerAndSerialNumber IssuerAndSerialNumber,
-                 subjectKeyIdentifier [0] SubjectKeyIdentifier,
-                 originatorKey [1] OriginatorPublicKey
-             }
-            
-             SubjectKeyIdentifier ::= OCTET STRING
-
- - - return an OriginatorInfo object from a tagged object. - - @param obj the tagged object holding the object we want. - @param explicitly true if the object is meant to be explicitly - tagged false otherwise. - @exception ArgumentException if the object held by the - tagged object cannot be converted. - - - return an OriginatorInfo object from the given object. - - @param obj the object we want converted. - @exception ArgumentException if the object cannot be converted. - - - Produce an object suitable for an Asn1OutputStream. - 
-            OriginatorInfo ::= Sequence {
-                certs [0] IMPLICIT CertificateSet OPTIONAL,
-                crls [1] IMPLICIT CertificateRevocationLists OPTIONAL
-            }
-
- - - return an OriginatorPublicKey object from a tagged object. - - @param obj the tagged object holding the object we want. - @param explicitly true if the object is meant to be explicitly - tagged false otherwise. - @exception ArgumentException if the object held by the - tagged object cannot be converted. - - - return an OriginatorPublicKey object from the given object. - - @param obj the object we want converted. - @exception ArgumentException if the object cannot be converted. - - - Produce an object suitable for an Asn1OutputStream. - 
-            OriginatorPublicKey ::= Sequence {
-                algorithm AlgorithmIdentifier,
-                publicKey BIT STRING
-            }
-
- - - return an OtherKeyAttribute object from the given object. - - @param o the object we want converted. - @exception ArgumentException if the object cannot be converted. - - - Produce an object suitable for an Asn1OutputStream. - 
-            OtherKeyAttribute ::= Sequence {
-                keyAttrId OBJECT IDENTIFIER,
-                keyAttr ANY DEFINED BY keyAttrId OPTIONAL
-            }
-
- - - return a OtherRecipientInfo object from a tagged object. - - @param obj the tagged object holding the object we want. - @param explicitly true if the object is meant to be explicitly - tagged false otherwise. - @exception ArgumentException if the object held by the - tagged object cannot be converted. - - - return a OtherRecipientInfo object from the given object. - - @param obj the object we want converted. - @exception ArgumentException if the object cannot be converted. - - - Produce an object suitable for an Asn1OutputStream. - 
-            OtherRecipientInfo ::= Sequence {
-               oriType OBJECT IDENTIFIER,
-               oriValue ANY DEFINED BY oriType }
-
- - - return a PasswordRecipientInfo object from a tagged object. - - @param obj the tagged object holding the object we want. - @param explicitly true if the object is meant to be explicitly - tagged false otherwise. - @exception ArgumentException if the object held by the - tagged object cannot be converted. - - - return a PasswordRecipientInfo object from the given object. - - @param obj the object we want converted. - @exception ArgumentException if the object cannot be converted. - - - Produce an object suitable for an Asn1OutputStream. - 
-            PasswordRecipientInfo ::= Sequence {
-              version CMSVersion,   -- Always set to 0
-              keyDerivationAlgorithm [0] KeyDerivationAlgorithmIdentifier
-                                        OPTIONAL,
-             keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
-             encryptedKey EncryptedKey }
-
- - - return an RecipientEncryptedKey object from a tagged object. - - @param obj the tagged object holding the object we want. - @param isExplicit true if the object is meant to be explicitly - tagged false otherwise. - @exception ArgumentException if the object held by the - tagged object cannot be converted. - - - return a RecipientEncryptedKey object from the given object. - - @param obj the object we want converted. - @exception ArgumentException if the object cannot be converted. - - - Produce an object suitable for an Asn1OutputStream. - 
-            RecipientEncryptedKey ::= SEQUENCE {
-                rid KeyAgreeRecipientIdentifier,
-                encryptedKey EncryptedKey
-            }
-
- - - return a RecipientIdentifier object from the given object. - - @param o the object we want converted. - @exception ArgumentException if the object cannot be converted. - - - Produce an object suitable for an Asn1OutputStream. - 
-             RecipientIdentifier ::= CHOICE {
-                 issuerAndSerialNumber IssuerAndSerialNumber,
-                 subjectKeyIdentifier [0] SubjectKeyIdentifier
-             }
-            
-             SubjectKeyIdentifier ::= OCTET STRING
-
- - - Produce an object suitable for an Asn1OutputStream. - 
-            RecipientInfo ::= CHOICE {
-                ktri KeyTransRecipientInfo,
-                kari [1] KeyAgreeRecipientInfo,
-                kekri [2] KekRecipientInfo,
-                pwri [3] PasswordRecipientInfo,
-                ori [4] OtherRecipientInfo }
-
- - - return a RecipientKeyIdentifier object from a tagged object. - - @param _ato the tagged object holding the object we want. - @param _explicit true if the object is meant to be explicitly - tagged false otherwise. - @exception ArgumentException if the object held by the - tagged object cannot be converted. - - - return a RecipientKeyIdentifier object from the given object. - - @param _obj the object we want converted. - @exception ArgumentException if the object cannot be converted. - - - Produce an object suitable for an Asn1OutputStream. - 
-             RecipientKeyIdentifier ::= Sequence {
-                 subjectKeyIdentifier SubjectKeyIdentifier,
-                 date GeneralizedTime OPTIONAL,
-                 other OtherKeyAttribute OPTIONAL
-             }
-            
-             SubjectKeyIdentifier ::= OCTET STRING
-
- - - a signed data object. - - - Produce an object suitable for an Asn1OutputStream. - 
-            SignedData ::= Sequence {
-                version CMSVersion,
-                digestAlgorithms DigestAlgorithmIdentifiers,
-                encapContentInfo EncapsulatedContentInfo,
-                certificates [0] IMPLICIT CertificateSet OPTIONAL,
-                crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
-                signerInfos SignerInfos
-              }
-
- - - 
-            SignedData ::= SEQUENCE {
-                version CMSVersion,
-                digestAlgorithms DigestAlgorithmIdentifiers,
-                encapContentInfo EncapsulatedContentInfo,
-                certificates [0] IMPLICIT CertificateSet OPTIONAL,
-                crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
-                signerInfos SignerInfos
-              }
-
- - - return a SignerIdentifier object from the given object. - - @param o the object we want converted. - @exception ArgumentException if the object cannot be converted. - - - Produce an object suitable for an Asn1OutputStream. - 
-             SignerIdentifier ::= CHOICE {
-                 issuerAndSerialNumber IssuerAndSerialNumber,
-                 subjectKeyIdentifier [0] SubjectKeyIdentifier
-             }
-            
-             SubjectKeyIdentifier ::= OCTET STRING
-
- - - Produce an object suitable for an Asn1OutputStream. - 
-              SignerInfo ::= Sequence {
-                  version Version,
-                  SignerIdentifier sid,
-                  digestAlgorithm DigestAlgorithmIdentifier,
-                  authenticatedAttributes [0] IMPLICIT Attributes OPTIONAL,
-                  digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier,
-                  encryptedDigest EncryptedDigest,
-                  unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL
-              }
-            
-              EncryptedDigest ::= OCTET STRING
-            
-              DigestAlgorithmIdentifier ::= AlgorithmIdentifier
-            
-              DigestEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
-
- - - creates a time object from a given date - if the date is between 1950 - and 2049 a UTCTime object is Generated, otherwise a GeneralizedTime - is used. - - - Produce an object suitable for an Asn1OutputStream. - 
-            Time ::= CHOICE {
-                        utcTime        UTCTime,
-                        generalTime    GeneralizedTime }
-
- - - 
-            TimeStampAndCRL ::= SEQUENCE {
-                timeStamp   TimeStampToken,          -- according to RFC 3161
-                crl         CertificateList OPTIONAL -- according to RFC 5280
-             }
-
- @return - - - 
-            TimeStampedData ::= SEQUENCE {
-              version              INTEGER { v1(1) },
-              dataUri              IA5String OPTIONAL,
-              metaData             MetaData OPTIONAL,
-              content              OCTET STRING OPTIONAL,
-              temporalEvidence     Evidence
-            }
-
- @return - - - 
-            TimeStampTokenEvidence ::=
-               SEQUENCE SIZE(1..MAX) OF TimeStampAndCrl
-
- @return - - - 
-            AttributeTypeAndValue ::= SEQUENCE {
-                      type         OBJECT IDENTIFIER,
-                      value        ANY DEFINED BY type }
-
- @return a basic ASN.1 object representation. - - - 
-            CertId ::= SEQUENCE {
-                            issuer           GeneralName,
-                            serialNumber     INTEGER }
-
- @return a basic ASN.1 object representation. - - - 
-            CertReqMessages ::= SEQUENCE SIZE (1..MAX) OF CertReqMsg
-
- @return a basic ASN.1 object representation. - - - Creates a new CertReqMsg. - @param certReq CertRequest - @param popo may be null - @param regInfo may be null - - - 
-            CertReqMsg ::= SEQUENCE {
-                               certReq   CertRequest,
-                               pop       ProofOfPossession  OPTIONAL,
-                               -- content depends upon key type
-                               regInfo   SEQUENCE SIZE(1..MAX) OF AttributeTypeAndValue OPTIONAL }
-
- @return a basic ASN.1 object representation. - - - 
-            CertRequest ::= SEQUENCE {
-                                 certReqId     INTEGER,          -- ID for matching request and reply
-                                 certTemplate  CertTemplate,  -- Selected fields of cert to be issued
-                                 controls      Controls OPTIONAL }   -- Attributes affecting issuance
-
- @return a basic ASN.1 object representation. - - - 
-             CertTemplate ::= SEQUENCE {
-                 version      [0] Version               OPTIONAL,
-                 serialNumber [1] INTEGER               OPTIONAL,
-                 signingAlg   [2] AlgorithmIdentifier   OPTIONAL,
-                 issuer       [3] Name                  OPTIONAL,
-                 validity     [4] OptionalValidity      OPTIONAL,
-                 subject      [5] Name                  OPTIONAL,
-                 publicKey    [6] SubjectPublicKeyInfo  OPTIONAL,
-                 issuerUID    [7] UniqueIdentifier      OPTIONAL,
-                 subjectUID   [8] UniqueIdentifier      OPTIONAL,
-                 extensions   [9] Extensions            OPTIONAL }
-
- @return a basic ASN.1 object representation. - - - Sets the X.509 version. Note: for X509v3, use 2 here. - - - Sets the issuer unique ID (deprecated in X.509v3) - - - Sets the subject unique ID (deprecated in X.509v3) - - - 
-             CertTemplate ::= SEQUENCE {
-                 version      [0] Version               OPTIONAL,
-                 serialNumber [1] INTEGER               OPTIONAL,
-                 signingAlg   [2] AlgorithmIdentifier   OPTIONAL,
-                 issuer       [3] Name                  OPTIONAL,
-                 validity     [4] OptionalValidity      OPTIONAL,
-                 subject      [5] Name                  OPTIONAL,
-                 publicKey    [6] SubjectPublicKeyInfo  OPTIONAL,
-                 issuerUID    [7] UniqueIdentifier      OPTIONAL,
-                 subjectUID   [8] UniqueIdentifier      OPTIONAL,
-                 extensions   [9] Extensions            OPTIONAL }
-
- @return a basic ASN.1 object representation. - - - 
-            Controls  ::= SEQUENCE SIZE(1..MAX) OF AttributeTypeAndValue
-
- @return a basic ASN.1 object representation. - - - 
-            EncKeyWithID ::= SEQUENCE {
-                 privateKey           PrivateKeyInfo,
-                 identifier CHOICE {
-                    string               UTF8String,
-                    generalName          GeneralName
-                } OPTIONAL
-            }
-
- @return - - - 
-               EncryptedKey ::= CHOICE {
-                   encryptedValue        EncryptedValue, -- deprecated
-                   envelopedData     [0] EnvelopedData }
-                   -- The encrypted private key MUST be placed in the envelopedData
-                   -- encryptedContentInfo encryptedContent OCTET STRING.
-
- - - 
-            EncryptedValue ::= SEQUENCE {
-                                intendedAlg   [0] AlgorithmIdentifier  OPTIONAL,
-                                -- the intended algorithm for which the value will be used
-                                symmAlg       [1] AlgorithmIdentifier  OPTIONAL,
-                                -- the symmetric algorithm used to encrypt the value
-                                encSymmKey    [2] BIT STRING           OPTIONAL,
-                                -- the (encrypted) symmetric key used to encrypt the value
-                                keyAlg        [3] AlgorithmIdentifier  OPTIONAL,
-                                -- algorithm used to encrypt the symmetric key
-                                valueHint     [4] OCTET STRING         OPTIONAL,
-                                -- a brief description or identifier of the encValue content
-                                -- (may be meaningful only to the sending entity, and used only
-                                -- if EncryptedValue might be re-examined by the sending entity
-                                -- in the future)
-                                encValue       BIT STRING }
-                                -- the encrypted value itself
-
- @return a basic ASN.1 object representation. - - - 
-            OptionalValidity ::= SEQUENCE {
-                                   notBefore  [0] Time OPTIONAL,
-                                   notAfter   [1] Time OPTIONAL } --at least one MUST be present
-
- @return a basic ASN.1 object representation. - - - 
-             PkiArchiveOptions ::= CHOICE {
-                 encryptedPrivKey     [0] EncryptedKey,
-                 -- the actual value of the private key
-                 keyGenParameters     [1] KeyGenParameters,
-                 -- parameters which allow the private key to be re-generated
-                 archiveRemGenPrivKey [2] BOOLEAN }
-                 -- set to TRUE if sender wishes receiver to archive the private
-                 -- key of a key pair that the receiver generates in response to
-                 -- this request; set to FALSE if no archival is desired.
-
- - - 
-            PkiPublicationInfo ::= SEQUENCE {
-                             action     INTEGER {
-                                            dontPublish (0),
-                                            pleasePublish (1) },
-                             pubInfos  SEQUENCE SIZE (1..MAX) OF SinglePubInfo OPTIONAL }
-            -- pubInfos MUST NOT be present if action is "dontPublish"
-            -- (if action is "pleasePublish" and pubInfos is omitted,
-            -- "dontCare" is assumed)
-
- @return a basic ASN.1 object representation. - - - Password-based MAC value for use with POPOSigningKeyInput. - - - Creates a new PKMACValue. - @param params parameters for password-based MAC - @param value MAC of the DER-encoded SubjectPublicKeyInfo - - - Creates a new PKMACValue. - @param aid CMPObjectIdentifiers.passwordBasedMAC, with PBMParameter - @param value MAC of the DER-encoded SubjectPublicKeyInfo - - - 
-            PKMACValue ::= SEQUENCE {
-                 algId  AlgorithmIdentifier,
-                 -- algorithm value shall be PasswordBasedMac 1.2.840.113533.7.66.13
-                 -- parameter value is PBMParameter
-                 value  BIT STRING }
-
- @return a basic ASN.1 object representation. - - - 
-            PopoPrivKey ::= CHOICE {
-                   thisMessage       [0] BIT STRING,         -- Deprecated
-                    -- possession is proven in this message (which contains the private
-                    -- key itself (encrypted for the CA))
-                   subsequentMessage [1] SubsequentMessage,
-                    -- possession will be proven in a subsequent message
-                   dhMAC             [2] BIT STRING,         -- Deprecated
-                   agreeMAC          [3] PKMACValue,
-                   encryptedKey      [4] EnvelopedData }
-
- - - Creates a new Proof of Possession object for a signing key. - @param poposkIn the PopoSigningKeyInput structure, or null if the - CertTemplate includes both subject and publicKey values. - @param aid the AlgorithmIdentifier used to sign the proof of possession. - @param signature a signature over the DER-encoded value of poposkIn, - or the DER-encoded value of certReq if poposkIn is null. - - - 
-            PopoSigningKey ::= SEQUENCE {
-                                 poposkInput           [0] PopoSigningKeyInput OPTIONAL,
-                                 algorithmIdentifier   AlgorithmIdentifier,
-                                 signature             BIT STRING }
-             -- The signature (using "algorithmIdentifier") is on the
-             -- DER-encoded value of poposkInput.  NOTE: If the CertReqMsg
-             -- certReq CertTemplate contains the subject and publicKey values,
-             -- then poposkInput MUST be omitted and the signature MUST be
-             -- computed on the DER-encoded value of CertReqMsg certReq.  If
-             -- the CertReqMsg certReq CertTemplate does not contain the public
-             -- key and subject values, then poposkInput MUST be present and
-             -- MUST be signed.  This strategy ensures that the public key is
-             -- not present in both the poposkInput and CertReqMsg certReq
-             -- CertTemplate fields.
-
- @return a basic ASN.1 object representation. - - - Creates a new PopoSigningKeyInput with sender name as authInfo. - - - Creates a new PopoSigningKeyInput using password-based MAC. - - - 
-            PopoSigningKeyInput ::= SEQUENCE {
-                   authInfo             CHOICE {
-                                            sender              [0] GeneralName,
-                                            -- used only if an authenticated identity has been
-                                            -- established for the sender (e.g., a DN from a
-                                            -- previously-issued and currently-valid certificate
-                                            publicKeyMac        PKMacValue },
-                                            -- used if no authenticated GeneralName currently exists for
-                                            -- the sender; publicKeyMac contains a password-based MAC
-                                            -- on the DER-encoded value of publicKey
-                   publicKey           SubjectPublicKeyInfo }  -- from CertTemplate
-
- @return a basic ASN.1 object representation. - - - Returns the sender field, or null if authInfo is publicKeyMac - - - Returns the publicKeyMac field, or null if authInfo is sender - - - Creates a ProofOfPossession with type raVerified. - - - Creates a ProofOfPossession for a signing key. - - - Creates a ProofOfPossession for key encipherment or agreement. - @param type one of TYPE_KEY_ENCIPHERMENT or TYPE_KEY_AGREEMENT - - - 
-            ProofOfPossession ::= CHOICE {
-                                      raVerified        [0] NULL,
-                                      -- used if the RA has already verified that the requester is in
-                                      -- possession of the private key
-                                      signature         [1] PopoSigningKey,
-                                      keyEncipherment   [2] PopoPrivKey,
-                                      keyAgreement      [3] PopoPrivKey }
-
- @return a basic ASN.1 object representation. - - - 
-            SinglePubInfo ::= SEQUENCE {
-                   pubMethod    INTEGER {
-                      dontCare    (0),
-                      x500        (1),
-                      web         (2),
-                      ldap        (3) },
-                  pubLocation  GeneralName OPTIONAL }
-
- @return a basic ASN.1 object representation. - - - return an integer from the passed in object - - @exception ArgumentException if the object cannot be converted. - - - return an Integer from a tagged object. - - @param obj the tagged object holding the object we want - @param isExplicit true if the object is meant to be explicitly - tagged false otherwise. - @exception ArgumentException if the tagged object cannot - be converted. - - - in some cases positive values Get crammed into a space, - that's not quite big enough... - - - table of the available named parameters for GOST 3410-2001. - - - return the ECDomainParameters object for the given OID, null if it - isn't present. - - @param oid an object identifier representing a named parameters, if present. - - - return the named curve name represented by the given object identifier. - - - returns an enumeration containing the name strings for curves - contained in this structure. - - - 
-             Gost28147-89-Parameters ::=
-                           SEQUENCE {
-                                   iv                   Gost28147-89-IV,
-                                   encryptionParamSet   OBJECT IDENTIFIER
-                            }
-            
-               Gost28147-89-IV ::= OCTET STRING (SIZE (8))
-
- - - table of the available named parameters for GOST 3410-94. - - - return the GOST3410ParamSetParameters object for the given OID, null if it - isn't present. - - @param oid an object identifier representing a named parameters, if present. - - - returns an enumeration containing the name strings for parameters - contained in this structure. - - - Der BMPString object. - - - return a BMP string from the given object. - - @param obj the object we want converted. - @exception ArgumentException if the object cannot be converted. - - - return a BMP string from a tagged object. - - @param obj the tagged object holding the object we want - @param explicitly true if the object is meant to be explicitly - tagged false otherwise. - @exception ArgumentException if the tagged object cannot - be converted. - - - basic constructor - byte encoded string. - - - basic constructor - - - return a bool from the passed in object. - - @exception ArgumentException if the object cannot be converted. - - - return a DerBoolean from the passed in bool. - - - return a Boolean from a tagged object. - - @param obj the tagged object holding the object we want - @param explicitly true if the object is meant to be explicitly - tagged false otherwise. - @exception ArgumentException if the tagged object cannot - be converted. - - - return an integer from the passed in object - - @exception ArgumentException if the object cannot be converted. - - - return an Enumerated from a tagged object. - - @param obj the tagged object holding the object we want - @param explicitly true if the object is meant to be explicitly - tagged false otherwise. - @exception ArgumentException if the tagged object cannot - be converted. - - - Class representing the DER-type External - - - Creates a new instance of DerExternal - See X.690 for more informations about the meaning of these parameters - @param directReference The direct reference or null if not set. - @param indirectReference The indirect reference or null if not set. - @param dataValueDescriptor The data value descriptor or null if not set. - @param externalData The external data in its encoded form. - - - Creates a new instance of DerExternal. - See X.690 for more informations about the meaning of these parameters - @param directReference The direct reference or null if not set. - @param indirectReference The indirect reference or null if not set. - @param dataValueDescriptor The data value descriptor or null if not set. - @param encoding The encoding to be used for the external data - @param externalData The external data - - - The encoding of the content. Valid values are -
    -
  • 0 single-ASN1-type
    • -
  • 1 OCTET STRING
    • -
  • 2 BIT STRING
    • -
- - - Generalized time object. - - - return a generalized time from the passed in object - - @exception ArgumentException if the object cannot be converted. - - - return a Generalized Time object from a tagged object. - - @param obj the tagged object holding the object we want - @param explicitly true if the object is meant to be explicitly - tagged false otherwise. - @exception ArgumentException if the tagged object cannot - be converted. - - - The correct format for this is YYYYMMDDHHMMSS[.f]Z, or without the Z - for local time, or Z+-HHMM on the end, for difference between local - time and UTC time. The fractional second amount f must consist of at - least one number with trailing zeroes removed. - - @param time the time string. - @exception ArgumentException if string is an illegal format. - - - base constructor from a local time object - - - return the time - always in the form of - YYYYMMDDhhmmssGMT(+hh:mm|-hh:mm). -

- Normally in a certificate we would expect "Z" rather than "GMT", - however adding the "GMT" means we can just use: - 

-                dateF = new SimpleDateFormat("yyyyMMddHHmmssz");
-
- To read in the time and Get a date which is compatible with our local - time zone.

- - - Return the time. - @return The time string as it appeared in the encoded object. - - - Der IA5String object - this is an ascii string. - - - return a IA5 string from the passed in object - - @exception ArgumentException if the object cannot be converted. - - - return an IA5 string from a tagged object. - - @param obj the tagged object holding the object we want - @param explicitly true if the object is meant to be explicitly - tagged false otherwise. - @exception ArgumentException if the tagged object cannot - be converted. - - - basic constructor - with bytes. - - - basic constructor - without validation. - - - Constructor with optional validation. - - @param string the base string to wrap. - @param validate whether or not to check the string. - @throws ArgumentException if validate is true and the string - contains characters that should not be in an IA5String. - - - return true if the passed in String can be represented without - loss as an IA5String, false otherwise. - - @return true if in printable set, false otherwise. - - - Der NumericString object - this is an ascii string of characters {0,1,2,3,4,5,6,7,8,9, }. - - - return a Numeric string from the passed in object - - @exception ArgumentException if the object cannot be converted. - - - return an Numeric string from a tagged object. - - @param obj the tagged object holding the object we want - @param explicitly true if the object is meant to be explicitly - tagged false otherwise. - @exception ArgumentException if the tagged object cannot - be converted. - - - basic constructor - with bytes. - - - basic constructor - without validation.. - - - Constructor with optional validation. - - @param string the base string to wrap. - @param validate whether or not to check the string. - @throws ArgumentException if validate is true and the string - contains characters that should not be in a NumericString. - - - Return true if the string can be represented as a NumericString ('0'..'9', ' ') - - @param str string to validate. - @return true if numeric, fale otherwise. - - - return an Oid from the passed in object - - @exception ArgumentException if the object cannot be converted. - - - return an object Identifier from a tagged object. - - @param obj the tagged object holding the object we want - @param explicitly true if the object is meant to be explicitly - tagged false otherwise. - @exception ArgumentException if the tagged object cannot - be converted. - - - Return true if this oid is an extension of the passed in branch, stem. - @param stem the arc or branch that is a possible parent. - @return true if the branch is on the passed in stem, false otherwise. - - - Der PrintableString object. - - - return a printable string from the passed in object. - - @exception ArgumentException if the object cannot be converted. - - - return a Printable string from a tagged object. - - @param obj the tagged object holding the object we want - @param explicitly true if the object is meant to be explicitly - tagged false otherwise. - @exception ArgumentException if the tagged object cannot - be converted. - - - basic constructor - byte encoded string. - - - basic constructor - this does not validate the string - - - Constructor with optional validation. - - @param string the base string to wrap. - @param validate whether or not to check the string. - @throws ArgumentException if validate is true and the string - contains characters that should not be in a PrintableString. - - - return true if the passed in String can be represented without - loss as a PrintableString, false otherwise. - - @return true if in printable set, false otherwise. - - - Der T61String (also the teletex string) - 8-bit characters - - - return a T61 string from the passed in object. - - @exception ArgumentException if the object cannot be converted. - - - return an T61 string from a tagged object. - - @param obj the tagged object holding the object we want - @param explicitly true if the object is meant to be explicitly - tagged false otherwise. - @exception ArgumentException if the tagged object cannot - be converted. - - - basic constructor - with bytes. - - - basic constructor - with string. - - - Der UniversalString object. - - - return a Universal string from the passed in object. - - @exception ArgumentException if the object cannot be converted. - - - return a Universal string from a tagged object. - - @param obj the tagged object holding the object we want - @param explicitly true if the object is meant to be explicitly - tagged false otherwise. - @exception ArgumentException if the tagged object cannot - be converted. - - - basic constructor - byte encoded string. - - - We insert one of these when we find a tag we don't recognise. - - - @param tag the tag value. - @param data the contents octets. - - - UTC time object. - - - return an UTC Time from the passed in object. - - @exception ArgumentException if the object cannot be converted. - - - return an UTC Time from a tagged object. - - @param obj the tagged object holding the object we want - @param explicitly true if the object is meant to be explicitly - tagged false otherwise. - @exception ArgumentException if the tagged object cannot - be converted. - - - The correct format for this is YYMMDDHHMMSSZ (it used to be that seconds were - never encoded. When you're creating one of these objects from scratch, that's - what you want to use, otherwise we'll try to deal with whatever Gets read from - the input stream... (this is why the input format is different from the GetTime() - method output). -

- @param time the time string.

- - - base constructor from a DateTime object - - - return the time as a date based on whatever a 2 digit year will return. For - standardised processing use ToAdjustedDateTime(). - - @return the resulting date - @exception ParseException if the date string cannot be parsed. - - - return the time as an adjusted date - in the range of 1950 - 2049. - - @return a date in the range of 1950 to 2049. - @exception ParseException if the date string cannot be parsed. - - - return the time - always in the form of - YYMMDDhhmmssGMT(+hh:mm|-hh:mm). -

- Normally in a certificate we would expect "Z" rather than "GMT", - however adding the "GMT" means we can just use: - 

-                dateF = new SimpleDateFormat("yyMMddHHmmssz");
-
- To read in the time and Get a date which is compatible with our local - time zone.

-

- Note: In some cases, due to the local date processing, this - may lead to unexpected results. If you want to stick the normal - convention of 1950 to 2049 use the GetAdjustedTime() method.

- - - - Return a time string as an adjusted date with a 4 digit year. - This goes in the range of 1950 - 2049. - - - - Der UTF8String object. - - - return an UTF8 string from the passed in object. - - @exception ArgumentException if the object cannot be converted. - - - return an UTF8 string from a tagged object. - - @param obj the tagged object holding the object we want - @param explicitly true if the object is meant to be explicitly - tagged false otherwise. - @exception ArgumentException if the tagged object cannot - be converted. - - - basic constructor - byte encoded string. - - - basic constructor - - - Der VisibleString object. - - - return a Visible string from the passed in object. - - @exception ArgumentException if the object cannot be converted. - - - return a Visible string from a tagged object. - - @param obj the tagged object holding the object we want - @param explicitly true if the object is meant to be explicitly - tagged false otherwise. - @exception ArgumentException if the tagged object cannot - be converted. - - - basic constructor - byte encoded string. - - - basic constructor - - - - RFC 3126: 4.3.1 Certificate Values Attribute Definition - - CertificateValues ::= SEQUENCE OF Certificate - - - - - 
-            CommitmentTypeIndication ::= SEQUENCE {
-                 commitmentTypeId   CommitmentTypeIdentifier,
-                 commitmentTypeQualifier   SEQUENCE SIZE (1..MAX) OF
-                         CommitmentTypeQualifier OPTIONAL }
-
- - - Commitment type qualifiers, used in the Commitment-Type-Indication attribute (RFC3126). - - 
-               CommitmentTypeQualifier ::= SEQUENCE {
-                   commitmentTypeIdentifier  CommitmentTypeIdentifier,
-                   qualifier          ANY DEFINED BY commitmentTypeIdentifier OPTIONAL }
-
- - - Creates a new CommitmentTypeQualifier instance. - - @param commitmentTypeIdentifier a CommitmentTypeIdentifier value - - - Creates a new CommitmentTypeQualifier instance. - - @param commitmentTypeIdentifier a CommitmentTypeIdentifier value - @param qualifier the qualifier, defined by the above field. - - - Creates a new CommitmentTypeQualifier instance. - - @param as CommitmentTypeQualifier structure - encoded as an Asn1Sequence. - - - Returns a DER-encodable representation of this instance. - - @return a Asn1Object value - - - - RFC 3126: 4.2.1 Complete Certificate Refs Attribute Definition - - CompleteCertificateRefs ::= SEQUENCE OF OtherCertID - - - - - - RFC 3126: 4.2.2 Complete Revocation Refs Attribute Definition - - CompleteRevocationRefs ::= SEQUENCE OF CrlOcspRef - - - - - - RFC 3126: 4.2.2 Complete Revocation Refs Attribute Definition - - CrlIdentifier ::= SEQUENCE - { - crlissuer Name, - crlIssuedTime UTCTime, - crlNumber INTEGER OPTIONAL - } - - - - - - RFC 3126: 4.2.2 Complete Revocation Refs Attribute Definition - - CRLListID ::= SEQUENCE - { - crls SEQUENCE OF CrlValidatedID - } - - - - - - RFC 3126: 4.2.2 Complete Revocation Refs Attribute Definition - - CrlOcspRef ::= SEQUENCE { - crlids [0] CRLListID OPTIONAL, - ocspids [1] OcspListID OPTIONAL, - otherRev [2] OtherRevRefs OPTIONAL - } - - - - - - RFC 3126: 4.2.2 Complete Revocation Refs Attribute Definition - - CrlValidatedID ::= SEQUENCE { - crlHash OtherHash, - crlIdentifier CrlIdentifier OPTIONAL} - - - - - - RFC 3126: 4.2.2 Complete Revocation Refs Attribute Definition - - OcspIdentifier ::= SEQUENCE { - ocspResponderID ResponderID, - -- As in OCSP response data - producedAt GeneralizedTime - -- As in OCSP response data - } - - - - - - RFC 3126: 4.2.2 Complete Revocation Refs Attribute Definition - - OcspListID ::= SEQUENCE { - ocspResponses SEQUENCE OF OcspResponsesID - } - - - - - - RFC 3126: 4.2.2 Complete Revocation Refs Attribute Definition - - OcspResponsesID ::= SEQUENCE { - ocspIdentifier OcspIdentifier, - ocspRepHash OtherHash OPTIONAL - } - - - - - - - OtherCertID ::= SEQUENCE { - otherCertHash OtherHash, - issuerSerial IssuerSerial OPTIONAL - } - - - - - - - OtherHash ::= CHOICE { - sha1Hash OtherHashValue, -- This contains a SHA-1 hash - otherHash OtherHashAlgAndValue - } - - OtherHashValue ::= OCTET STRING - - - - - - Summary description for OtherHashAlgAndValue. - - - - OtherHashAlgAndValue ::= SEQUENCE { - hashAlgorithm AlgorithmIdentifier, - hashValue OtherHashValue - } - - OtherHashValue ::= OCTET STRING - - - - - - RFC 3126: 4.2.2 Complete Revocation Refs Attribute Definition - - OtherRevRefs ::= SEQUENCE - { - otherRevRefType OtherRevRefType, - otherRevRefs ANY DEFINED BY otherRevRefType - } - - OtherRevRefType ::= OBJECT IDENTIFIER - - - - - - RFC 3126: 4.3.2 Revocation Values Attribute Definition - - OtherRevVals ::= SEQUENCE - { - otherRevValType OtherRevValType, - otherRevVals ANY DEFINED BY otherRevValType - } - - OtherRevValType ::= OBJECT IDENTIFIER - - - - - - - OtherSigningCertificate ::= SEQUENCE { - certs SEQUENCE OF OtherCertID, - policies SEQUENCE OF PolicyInformation OPTIONAL - } - - - - - - RFC 5126: 6.3.4. revocation-values Attribute Definition - - RevocationValues ::= SEQUENCE { - crlVals [0] SEQUENCE OF CertificateList OPTIONAL, - ocspVals [1] SEQUENCE OF BasicOCSPResponse OPTIONAL, - otherRevVals [2] OtherRevVals OPTIONAL - } - - - - - - - SignaturePolicyId ::= SEQUENCE { - sigPolicyIdentifier SigPolicyId, - sigPolicyHash SigPolicyHash, - sigPolicyQualifiers SEQUENCE SIZE (1..MAX) OF SigPolicyQualifierInfo OPTIONAL - } - - SigPolicyId ::= OBJECT IDENTIFIER - - SigPolicyHash ::= OtherHashAlgAndValue - - - - - - - SignaturePolicyIdentifier ::= CHOICE { - SignaturePolicyId SignaturePolicyId, - SignaturePolicyImplied SignaturePolicyImplied - } - - SignaturePolicyImplied ::= NULL - - - - - - 
-              SignerAttribute ::= SEQUENCE OF CHOICE {
-                  claimedAttributes   [0] ClaimedAttributes,
-                  certifiedAttributes [1] CertifiedAttributes }
-            
-              ClaimedAttributes ::= SEQUENCE OF Attribute
-              CertifiedAttributes ::= AttributeCertificate -- as defined in RFC 3281: see clause 4.1.
-
- - - Signer-Location attribute (RFC3126). - - 
-               SignerLocation ::= SEQUENCE {
-                   countryName        [0] DirectoryString OPTIONAL,
-                   localityName       [1] DirectoryString OPTIONAL,
-                   postalAddress      [2] PostalAddress OPTIONAL }
-            
-               PostalAddress ::= SEQUENCE SIZE(1..6) OF DirectoryString
-
- - - 
-               SignerLocation ::= SEQUENCE {
-                   countryName        [0] DirectoryString OPTIONAL,
-                   localityName       [1] DirectoryString OPTIONAL,
-                   postalAddress      [2] PostalAddress OPTIONAL }
-            
-               PostalAddress ::= SEQUENCE SIZE(1..6) OF DirectoryString
-            
-               DirectoryString ::= CHOICE {
-                     teletexString           TeletexString (SIZE (1..MAX)),
-                     printableString         PrintableString (SIZE (1..MAX)),
-                     universalString         UniversalString (SIZE (1..MAX)),
-                     utf8String              UTF8String (SIZE (1.. MAX)),
-                     bmpString               BMPString (SIZE (1..MAX)) }
-
- - - - - SigPolicyQualifierInfo ::= SEQUENCE { - sigPolicyQualifierId SigPolicyQualifierId, - sigQualifier ANY DEFINED BY sigPolicyQualifierId - } - - SigPolicyQualifierId ::= OBJECT IDENTIFIER - - - - - constructor - - - 
-            ContentHints ::= SEQUENCE {
-              contentDescription UTF8String (SIZE (1..MAX)) OPTIONAL,
-              contentType ContentType }
-
- - - Create from OCTET STRING whose octets represent the identifier. - - - Create from byte array representing the identifier. - - - The definition of ContentIdentifier is - 
-            ContentIdentifier ::=  OCTET STRING
-
- id-aa-contentIdentifier OBJECT IDENTIFIER ::= { iso(1) - member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) - smime(16) id-aa(2) 7 } - - - constructor - - - 
-            EssCertID ::= SEQUENCE {
-                certHash Hash,
-                issuerSerial IssuerSerial OPTIONAL }
-
- - - 
-             EssCertIDv2 ::=  SEQUENCE {
-                 hashAlgorithm     AlgorithmIdentifier
-                          DEFAULT {algorithm id-sha256},
-                 certHash          Hash,
-                 issuerSerial      IssuerSerial OPTIONAL
-             }
-            
-             Hash ::= OCTET STRING
-            
-             IssuerSerial ::= SEQUENCE {
-                 issuer         GeneralNames,
-                 serialNumber   CertificateSerialNumber
-             }
-
- - - constructor - - - 
-             OtherCertID ::= SEQUENCE {
-                 otherCertHash    OtherHash,
-                 issuerSerial     IssuerSerial OPTIONAL }
-            
-             OtherHash ::= CHOICE {
-                 sha1Hash     OCTET STRING,
-                 otherHash    OtherHashAlgAndValue }
-            
-             OtherHashAlgAndValue ::= SEQUENCE {
-                 hashAlgorithm    AlgorithmIdentifier,
-                 hashValue        OCTET STRING }
-            
-
- - - constructors - - - The definition of OtherSigningCertificate is - 
-            OtherSigningCertificate ::=  SEQUENCE {
-                 certs        SEQUENCE OF OtherCertID,
-                 policies     SEQUENCE OF PolicyInformation OPTIONAL
-            }
-
- id-aa-ets-otherSigCert OBJECT IDENTIFIER ::= { iso(1) - member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) - smime(16) id-aa(2) 19 } - - - constructors - - - The definition of SigningCertificate is - 
-            SigningCertificate ::=  SEQUENCE {
-                 certs        SEQUENCE OF EssCertID,
-                 policies     SEQUENCE OF PolicyInformation OPTIONAL
-            }
-
- id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1) - member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) - smime(16) id-aa(2) 12 } - - - The definition of SigningCertificateV2 is - 
-            SigningCertificateV2 ::=  SEQUENCE {
-                 certs        SEQUENCE OF EssCertIDv2,
-                 policies     SEQUENCE OF PolicyInformation OPTIONAL
-            }
-
- id-aa-signingCertificateV2 OBJECT IDENTIFIER ::= { iso(1) - member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) - smime(16) id-aa(2) 47 } - - - The CscaMasterList object. This object can be wrapped in a - CMSSignedData to be published in LDAP. - - 
-             CscaMasterList ::= SEQUENCE {
-               version                CscaMasterListVersion,
-               certList               SET OF Certificate }
-               
-             CscaMasterListVersion :: INTEGER {v0(0)}
-
- - - The DataGroupHash object. - 
-             DataGroupHash  ::=  SEQUENCE {
-                  dataGroupNumber         DataGroupNumber,
-                  dataGroupHashValue     OCTET STRING }
-            
-             DataGroupNumber ::= INTEGER {
-                     dataGroup1    (1),
-                     dataGroup1    (2),
-                     dataGroup1    (3),
-                     dataGroup1    (4),
-                     dataGroup1    (5),
-                     dataGroup1    (6),
-                     dataGroup1    (7),
-                     dataGroup1    (8),
-                     dataGroup1    (9),
-                     dataGroup1    (10),
-                     dataGroup1    (11),
-                     dataGroup1    (12),
-                     dataGroup1    (13),
-                     dataGroup1    (14),
-                     dataGroup1    (15),
-                     dataGroup1    (16) }
-            
-
- - - The LDSSecurityObject object (V1.8). - 
-             LDSSecurityObject ::= SEQUENCE {
-               version                LDSSecurityObjectVersion,
-               hashAlgorithm          DigestAlgorithmIdentifier,
-               dataGroupHashValues    SEQUENCE SIZE (2..ub-DataGroups) OF DataHashGroup,
-               ldsVersionInfo         LDSVersionInfo OPTIONAL
-                 -- if present, version MUST be v1 }
-            
-             DigestAlgorithmIdentifier ::= AlgorithmIdentifier,
-            
-             LDSSecurityObjectVersion :: INTEGER {V0(0)}
-
- - - 
-            LDSVersionInfo ::= SEQUENCE {
-               ldsVersion PRINTABLE STRING
-               unicodeVersion PRINTABLE STRING
-             }
-
- @return - - - The id-isismtt-cp-accredited OID indicates that the certificate is a - qualified certificate according to Directive 1999/93/EC of the European - Parliament and of the Council of 13 December 1999 on a Community - Framework for Electronic Signatures, which additionally conforms the - special requirements of the SigG and has been issued by an accredited CA. - - - Certificate extensionDate of certificate generation - - 
-            		DateOfCertGenSyntax ::= GeneralizedTime
-
- - - Attribute to indicate that the certificate holder may sign in the name of - a third person. May also be used as extension in a certificate. - - - Attribute to indicate admissions to certain professions. May be used as - attribute in attribute certificate or as extension in a certificate - - - Monetary limit for transactions. The QcEuMonetaryLimit QC statement MUST - be used in new certificates in place of the extension/attribute - MonetaryLimit since January 1, 2004. For the sake of backward - compatibility with certificates already in use, SigG conforming - components MUST support MonetaryLimit (as well as QcEuLimitValue). - - - A declaration of majority. May be used as attribute in attribute - certificate or as extension in a certificate - - - - Serial number of the smart card containing the corresponding private key - - 
-            		ICCSNSyntax ::= OCTET STRING (SIZE(8..20))
-
- - - - Reference for a file of a smartcard that stores the public key of this - certificate and that is used as �security anchor�. - - 
-            		PKReferenceSyntax ::= OCTET STRING (SIZE(20))
-
- - - Some other restriction regarding the usage of this certificate. May be - used as attribute in attribute certificate or as extension in a - certificate. - - 
-            		RestrictionSyntax ::= DirectoryString (SIZE(1..1024))
-
- - @see Org.BouncyCastle.Asn1.IsisMtt.X509.Restriction - - - - (Single)Request extension: Clients may include this extension in a - (single) Request to request the responder to send the certificate in the - response message along with the status information. Besides the LDAP - service, this extension provides another mechanism for the distribution - of certificates, which MAY optionally be provided by certificate - repositories. - - 
-            		RetrieveIfAllowed ::= BOOLEAN
-
- - - SingleOCSPResponse extension: The certificate requested by the client by - inserting the RetrieveIfAllowed extension in the request, will be - returned in this extension. - - @see Org.BouncyCastle.Asn1.IsisMtt.Ocsp.RequestedCertificate - - - Base ObjectIdentifier for naming authorities - - - SingleOCSPResponse extension: Date, when certificate has been published - in the directory and status information has become available. Currently, - accrediting authorities enforce that SigG-conforming OCSP servers include - this extension in the responses. - - 
-            		CertInDirSince ::= GeneralizedTime
-
- - - Hash of a certificate in OCSP. - - @see Org.BouncyCastle.Asn1.IsisMtt.Ocsp.CertHash - - - 
-            		NameAtBirth ::= DirectoryString(SIZE(1..64)
-
- - Used in - {@link Org.BouncyCastle.Asn1.X509.SubjectDirectoryAttributes SubjectDirectoryAttributes} - - - Some other information of non-restrictive nature regarding the usage of - this certificate. May be used as attribute in atribute certificate or as - extension in a certificate. - - 
-                          AdditionalInformationSyntax ::= DirectoryString (SIZE(1..2048))
-
- - @see Org.BouncyCastle.Asn1.IsisMtt.X509.AdditionalInformationSyntax - - - Indicates that an attribute certificate exists, which limits the - usability of this public key certificate. Whenever verifying a signature - with the help of this certificate, the content of the corresponding - attribute certificate should be concerned. This extension MUST be - included in a PKC, if a corresponding attribute certificate (having the - PKC as base certificate) contains some attribute that restricts the - usability of the PKC too. Attribute certificates with restricting content - MUST always be included in the signed document. - - 
-            		LiabilityLimitationFlagSyntax ::= BOOLEAN
-
- - - ISIS-MTT PROFILE: The responder may include this extension in a response to - send the hash of the requested certificate to the responder. This hash is - cryptographically bound to the certificate and serves as evidence that the - certificate is known to the responder (i.e. it has been issued and is present - in the directory). Hence, this extension is a means to provide a positive - statement of availability as described in T8.[8]. As explained in T13.[1], - clients may rely on this information to be able to validate signatures after - the expiry of the corresponding certificate. Hence, clients MUST support this - extension. If a positive statement of availability is to be delivered, this - extension syntax and OID MUST be used. -

-

- 

-                CertHash ::= SEQUENCE {
-                  hashAlgorithm AlgorithmIdentifier,
-                  certificateHash OCTET STRING
-                }
-
- - - Constructor from Asn1Sequence. -

- The sequence is of type CertHash: -

- 

-                 CertHash ::= SEQUENCE {
-                   hashAlgorithm AlgorithmIdentifier,
-                   certificateHash OCTET STRING
-                 }
-
- - @param seq The ASN.1 sequence. - - - Constructor from a given details. - - @param hashAlgorithm The hash algorithm identifier. - @param certificateHash The hash of the whole DER encoding of the certificate. - - - Produce an object suitable for an Asn1OutputStream. -

- Returns: -

- 

-                 CertHash ::= SEQUENCE {
-                   hashAlgorithm AlgorithmIdentifier,
-                   certificateHash OCTET STRING
-                 }
-
- - @return an Asn1Object - - - ISIS-MTT-Optional: The certificate requested by the client by inserting the - RetrieveIfAllowed extension in the request, will be returned in this - extension. -

- ISIS-MTT-SigG: The signature act allows publishing certificates only then, - when the certificate owner gives his isExplicit permission. Accordingly, there - may be �nondownloadable� certificates, about which the responder must provide - status information, but MUST NOT include them in the response. Clients may - get therefore the following three kind of answers on a single request - including the RetrieveIfAllowed extension: -

    -
  • a) the responder supports the extension and is allowed to publish the - certificate: RequestedCertificate returned including the requested - certificate
    • -
  • b) the responder supports the extension but is NOT allowed to publish - the certificate: RequestedCertificate returned including an empty OCTET - STRING
    • -
  • c) the responder does not support the extension: RequestedCertificate is - not included in the response
    • -
- Clients requesting RetrieveIfAllowed MUST be able to handle these cases. If - any of the OCTET STRING options is used, it MUST contain the DER encoding of - the requested certificate. -

- 

-                       RequestedCertificate ::= CHOICE {
-                         Certificate Certificate,
-                         publicKeyCertificate [0] EXPLICIT OCTET STRING,
-                         attributeCertificate [1] EXPLICIT OCTET STRING
-                       }
-
- - - Constructor from a given details. -

- Only one parameter can be given. All other must be null. - - @param certificate Given as Certificate - - - Produce an object suitable for an Asn1OutputStream. -

- Returns: -

- 

-                        RequestedCertificate ::= CHOICE {
-                          Certificate Certificate,
-                          publicKeyCertificate [0] EXPLICIT OCTET STRING,
-                          attributeCertificate [1] EXPLICIT OCTET STRING
-                        }
-
- - @return an Asn1Object - - - Some other information of non-restrictive nature regarding the usage of this - certificate. - - 
-               AdditionalInformationSyntax ::= DirectoryString (SIZE(1..2048))
-
- - - Constructor from a given details. - - @param information The describtion of the information. - - - Produce an object suitable for an Asn1OutputStream. -

- Returns: -

- 

-               AdditionalInformationSyntax ::= DirectoryString (SIZE(1..2048))
-
- - @return an Asn1Object - - - An Admissions structure. -

- 

-                        Admissions ::= SEQUENCE
-                        {
-                          admissionAuthority [0] EXPLICIT GeneralName OPTIONAL
-                          namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL
-                          professionInfos SEQUENCE OF ProfessionInfo
-                        }
-             

-
- - @see Org.BouncyCastle.Asn1.IsisMtt.X509.AdmissionSyntax - @see Org.BouncyCastle.Asn1.IsisMtt.X509.ProfessionInfo - @see Org.BouncyCastle.Asn1.IsisMtt.X509.NamingAuthority - - - Constructor from Asn1Sequence. -

- The sequence is of type ProcurationSyntax: -

- 

-                        Admissions ::= SEQUENCE
-                        {
-                          admissionAuthority [0] EXPLICIT GeneralName OPTIONAL
-                          namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL
-                          professionInfos SEQUENCE OF ProfessionInfo
-                        }
-
- - @param seq The ASN.1 sequence. - - - Constructor from a given details. -

- Parameter professionInfos is mandatory. - - @param admissionAuthority The admission authority. - @param namingAuthority The naming authority. - @param professionInfos The profession infos. - - - Produce an object suitable for an Asn1OutputStream. -

- Returns: -

- 

-                   Admissions ::= SEQUENCE
-                   {
-                     admissionAuthority [0] EXPLICIT GeneralName OPTIONAL
-                     namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL
-                     professionInfos SEQUENCE OF ProfessionInfo
-                   }
-             

-
- - @return an Asn1Object - - - Attribute to indicate admissions to certain professions. -

- 

-                 AdmissionSyntax ::= SEQUENCE
-                 {
-                   admissionAuthority GeneralName OPTIONAL,
-                   contentsOfAdmissions SEQUENCE OF Admissions
-                 }
-             

-                 Admissions ::= SEQUENCE
-                 {
-                   admissionAuthority [0] EXPLICIT GeneralName OPTIONAL
-                   namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL
-                   professionInfos SEQUENCE OF ProfessionInfo
-                 }
-             

-                 NamingAuthority ::= SEQUENCE
-                 {
-                   namingAuthorityId OBJECT IDENTIFIER OPTIONAL,
-                   namingAuthorityUrl IA5String OPTIONAL,
-                   namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL
-                 }
-             

-                 ProfessionInfo ::= SEQUENCE
-                 {
-                   namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL,
-                   professionItems SEQUENCE OF DirectoryString (SIZE(1..128)),
-                   professionOIDs SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
-                   registrationNumber PrintableString(SIZE(1..128)) OPTIONAL,
-                   addProfessionInfo OCTET STRING OPTIONAL
-                 }
-
-

-

- ISIS-MTT PROFILE: The relatively complex structure of AdmissionSyntax - supports the following concepts and requirements: -

    -
  • External institutions (e.g. professional associations, chambers, unions, - administrative bodies, companies, etc.), which are responsible for granting - and verifying professional admissions, are indicated by means of the data - field admissionAuthority. An admission authority is indicated by a - GeneralName object. Here an X.501 directory name (distinguished name) can be - indicated in the field directoryName, a URL address can be indicated in the - field uniformResourceIdentifier, and an object identifier can be indicated in - the field registeredId.
    • -
  • The names of authorities which are responsible for the administration of - title registers are indicated in the data field namingAuthority. The name of - the authority can be identified by an object identifier in the field - namingAuthorityId, by means of a text string in the field - namingAuthorityText, by means of a URL address in the field - namingAuthorityUrl, or by a combination of them. For example, the text string - can contain the name of the authority, the country and the name of the title - register. The URL-option refers to a web page which contains lists with - �officially� registered professions (text and possibly OID) as well as - further information on these professions. Object identifiers for the - component namingAuthorityId are grouped under the OID-branch - id-isis-at-namingAuthorities and must be applied for.
    • -
  • See http://www.teletrust.de/anwend.asp?Id=30200&Sprache=E_&HomePG=0 - for an application form and http://www.teletrust.de/links.asp?id=30220,11 - for an overview of registered naming authorities.
    • -
  • By means of the data type ProfessionInfo certain professions, - specializations, disciplines, fields of activity, etc. are identified. A - profession is represented by one or more text strings, resp. profession OIDs - in the fields professionItems and professionOIDs and by a registration number - in the field registrationNumber. An indication in text form must always be - present, whereas the other indications are optional. The component - addProfessionInfo may contain additional applicationspecific information in - DER-encoded form.
    • -
-

- By means of different namingAuthority-OIDs or profession OIDs hierarchies of - professions, specializations, disciplines, fields of activity, etc. can be - expressed. The issuing admission authority should always be indicated (field - admissionAuthority), whenever a registration number is presented. Still, - information on admissions can be given without indicating an admission or a - naming authority by the exclusive use of the component professionItems. In - this case the certification authority is responsible for the verification of - the admission information. -

-

-

- This attribute is single-valued. Still, several admissions can be captured in - the sequence structure of the component contentsOfAdmissions of - AdmissionSyntax or in the component professionInfos of Admissions. The - component admissionAuthority of AdmissionSyntax serves as default value for - the component admissionAuthority of Admissions. Within the latter component - the default value can be overwritten, in case that another authority is - responsible. The component namingAuthority of Admissions serves as a default - value for the component namingAuthority of ProfessionInfo. Within the latter - component the default value can be overwritten, in case that another naming - authority needs to be recorded. -

- The length of the string objects is limited to 128 characters. It is - recommended to indicate a namingAuthorityURL in all issued attribute - certificates. If a namingAuthorityURL is indicated, the field professionItems - of ProfessionInfo should contain only registered titles. If the field - professionOIDs exists, it has to contain the OIDs of the professions listed - in professionItems in the same order. In general, the field professionInfos - should contain only one entry, unless the admissions that are to be listed - are logically connected (e.g. they have been issued under the same admission - number). - - @see Org.BouncyCastle.Asn1.IsisMtt.X509.Admissions - @see Org.BouncyCastle.Asn1.IsisMtt.X509.ProfessionInfo - @see Org.BouncyCastle.Asn1.IsisMtt.X509.NamingAuthority - - - Constructor from Asn1Sequence. -

- The sequence is of type ProcurationSyntax: -

- 

-                 AdmissionSyntax ::= SEQUENCE
-                 {
-                   admissionAuthority GeneralName OPTIONAL,
-                   contentsOfAdmissions SEQUENCE OF Admissions
-                 }
-             

-                 Admissions ::= SEQUENCE
-                 {
-                   admissionAuthority [0] EXPLICIT GeneralName OPTIONAL
-                   namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL
-                   professionInfos SEQUENCE OF ProfessionInfo
-                 }
-             

-                 NamingAuthority ::= SEQUENCE
-                 {
-                   namingAuthorityId OBJECT IDENTIFIER OPTIONAL,
-                   namingAuthorityUrl IA5String OPTIONAL,
-                   namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL
-                 }
-             

-                 ProfessionInfo ::= SEQUENCE
-                 {
-                   namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL,
-                   professionItems SEQUENCE OF DirectoryString (SIZE(1..128)),
-                   professionOIDs SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
-                   registrationNumber PrintableString(SIZE(1..128)) OPTIONAL,
-                   addProfessionInfo OCTET STRING OPTIONAL
-                 }
-
- - @param seq The ASN.1 sequence. - - - Constructor from given details. - - @param admissionAuthority The admission authority. - @param contentsOfAdmissions The admissions. - - - Produce an object suitable for an Asn1OutputStream. -

- Returns: -

- 

-                 AdmissionSyntax ::= SEQUENCE
-                 {
-                   admissionAuthority GeneralName OPTIONAL,
-                   contentsOfAdmissions SEQUENCE OF Admissions
-                 }
-             

-                 Admissions ::= SEQUENCE
-                 {
-                   admissionAuthority [0] EXPLICIT GeneralName OPTIONAL
-                   namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL
-                   professionInfos SEQUENCE OF ProfessionInfo
-                 }
-             

-                 NamingAuthority ::= SEQUENCE
-                 {
-                   namingAuthorityId OBJECT IDENTIFIER OPTIONAL,
-                   namingAuthorityUrl IA5String OPTIONAL,
-                   namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL
-                 }
-             

-                 ProfessionInfo ::= SEQUENCE
-                 {
-                   namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL,
-                   professionItems SEQUENCE OF DirectoryString (SIZE(1..128)),
-                   professionOIDs SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
-                   registrationNumber PrintableString(SIZE(1..128)) OPTIONAL,
-                   addProfessionInfo OCTET STRING OPTIONAL
-                 }
-
- - @return an Asn1Object - - - @return Returns the contentsOfAdmissions. - - - @return Returns the admissionAuthority if present, null otherwise. - - - A declaration of majority. -

- 

-                      DeclarationOfMajoritySyntax ::= CHOICE
-                      {
-                        notYoungerThan [0] IMPLICIT INTEGER,
-                        fullAgeAtCountry [1] IMPLICIT SEQUENCE
-                        {
-                          fullAge BOOLEAN DEFAULT TRUE,
-                          country PrintableString (SIZE(2))
-                        }
-                        dateOfBirth [2] IMPLICIT GeneralizedTime
-                      }
-
-

- fullAgeAtCountry indicates the majority of the owner with respect to the laws - of a specific country. - - - Produce an object suitable for an Asn1OutputStream. -

- Returns: -

- 

-                       DeclarationOfMajoritySyntax ::= CHOICE
-                       {
-                         notYoungerThan [0] IMPLICIT INTEGER,
-                         fullAgeAtCountry [1] IMPLICIT SEQUENCE
-                         {
-                           fullAge BOOLEAN DEFAULT TRUE,
-                           country PrintableString (SIZE(2))
-                         }
-                         dateOfBirth [2] IMPLICIT GeneralizedTime
-                       }
-
- - @return an Asn1Object - - - @return notYoungerThan if that's what we are, -1 otherwise - - - Monetary limit for transactions. The QcEuMonetaryLimit QC statement MUST be - used in new certificates in place of the extension/attribute MonetaryLimit - since January 1, 2004. For the sake of backward compatibility with - certificates already in use, components SHOULD support MonetaryLimit (as well - as QcEuLimitValue). -

- Indicates a monetary limit within which the certificate holder is authorized - to act. (This value DOES NOT express a limit on the liability of the - certification authority). -

- 

-               MonetaryLimitSyntax ::= SEQUENCE
-               {
-                 currency PrintableString (SIZE(3)),
-                 amount INTEGER,
-                 exponent INTEGER
-               }
-
-

- currency must be the ISO code. -

- value = amount�10*exponent - - - Constructor from a given details. -

-

- value = amount�10^exponent - - @param currency The currency. Must be the ISO code. - @param amount The amount - @param exponent The exponent - - - Produce an object suitable for an Asn1OutputStream. -

- Returns: -

- 

-                MonetaryLimitSyntax ::= SEQUENCE
-                {
-                  currency PrintableString (SIZE(3)),
-                  amount INTEGER,
-                  exponent INTEGER
-                }
-
- - @return an Asn1Object - - - Names of authorities which are responsible for the administration of title - registers. - - 
-                        NamingAuthority ::= SEQUENCE 
-                        {
-                          namingAuthorityID OBJECT IDENTIFIER OPTIONAL,
-                          namingAuthorityUrl IA5String OPTIONAL,
-                          namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL
-                        }
-
- @see Org.BouncyCastle.Asn1.IsisMtt.X509.AdmissionSyntax - - - - Profession OIDs should always be defined under the OID branch of the - responsible naming authority. At the time of this writing, the work group - �Recht, Wirtschaft, Steuern� (�Law, Economy, Taxes�) is registered as the - first naming authority under the OID id-isismtt-at-namingAuthorities. - - - Constructor from Asn1Sequence. -

-

- 

-                         NamingAuthority ::= SEQUENCE
-                         {
-                           namingAuthorityID OBJECT IDENTIFIER OPTIONAL,
-                           namingAuthorityUrl IA5String OPTIONAL,
-                           namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL
-                         }
-
- - @param seq The ASN.1 sequence. - - - Constructor from given details. -

- All parameters can be combined. - - @param namingAuthorityID ObjectIdentifier for naming authority. - @param namingAuthorityUrl URL for naming authority. - @param namingAuthorityText Textual representation of naming authority. - - - Produce an object suitable for an Asn1OutputStream. -

- Returns: -

- 

-                         NamingAuthority ::= SEQUENCE
-                         {
-                           namingAuthorityID OBJECT IDENTIFIER OPTIONAL,
-                           namingAuthorityUrl IA5String OPTIONAL,
-                           namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL
-                         }
-
- - @return an Asn1Object - - - @return Returns the namingAuthorityID. - - - @return Returns the namingAuthorityText. - - - @return Returns the namingAuthorityUrl. - - - Attribute to indicate that the certificate holder may sign in the name of a - third person. -

- ISIS-MTT PROFILE: The corresponding ProcurationSyntax contains either the - name of the person who is represented (subcomponent thirdPerson) or a - reference to his/her base certificate (in the component signingFor, - subcomponent certRef), furthermore the optional components country and - typeSubstitution to indicate the country whose laws apply, and respectively - the type of procuration (e.g. manager, procuration, custody). -

-

- ISIS-MTT PROFILE: The GeneralName MUST be of type directoryName and MAY only - contain: - RFC3039 attributes, except pseudonym (countryName, commonName, - surname, givenName, serialNumber, organizationName, organizationalUnitName, - stateOrProvincename, localityName, postalAddress) and - SubjectDirectoryName - attributes (title, dateOfBirth, placeOfBirth, gender, countryOfCitizenship, - countryOfResidence and NameAtBirth). -

- 
-                          ProcurationSyntax ::= SEQUENCE {
-                            country [1] EXPLICIT PrintableString(SIZE(2)) OPTIONAL,
-                            typeOfSubstitution [2] EXPLICIT DirectoryString (SIZE(1..128)) OPTIONAL,
-                            signingFor [3] EXPLICIT SigningFor 
-                          }
-                          
-                          SigningFor ::= CHOICE 
-                          { 
-                            thirdPerson GeneralName,
-                            certRef IssuerSerial 
-                          }
-
- - - - Constructor from Asn1Sequence. -

- The sequence is of type ProcurationSyntax: -

- 

-                           ProcurationSyntax ::= SEQUENCE {
-                             country [1] EXPLICIT PrintableString(SIZE(2)) OPTIONAL,
-                             typeOfSubstitution [2] EXPLICIT DirectoryString (SIZE(1..128)) OPTIONAL,
-                             signingFor [3] EXPLICIT SigningFor
-                           }
-             

-                           SigningFor ::= CHOICE
-                           {
-                             thirdPerson GeneralName,
-                             certRef IssuerSerial
-                           }
-
- - @param seq The ASN.1 sequence. - - - Constructor from a given details. -

-

- Either generalName or certRef MUST be - null. - - @param country The country code whose laws apply. - @param typeOfSubstitution The type of procuration. - @param certRef Reference to certificate of the person who is represented. - - - Constructor from a given details. -

-

- Either generalName or certRef MUST be - null. - - @param country The country code whose laws apply. - @param typeOfSubstitution The type of procuration. - @param thirdPerson The GeneralName of the person who is represented. - - - Produce an object suitable for an Asn1OutputStream. -

- Returns: -

- 

-                           ProcurationSyntax ::= SEQUENCE {
-                             country [1] EXPLICIT PrintableString(SIZE(2)) OPTIONAL,
-                             typeOfSubstitution [2] EXPLICIT DirectoryString (SIZE(1..128)) OPTIONAL,
-                             signingFor [3] EXPLICIT SigningFor
-                           }
-             

-                           SigningFor ::= CHOICE
-                           {
-                             thirdPerson GeneralName,
-                             certRef IssuerSerial
-                           }
-
- - @return an Asn1Object - - - Professions, specializations, disciplines, fields of activity, etc. - - 
-                          ProfessionInfo ::= SEQUENCE 
-                          {
-                            namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL,
-                            professionItems SEQUENCE OF DirectoryString (SIZE(1..128)),
-                            professionOids SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
-                            registrationNumber PrintableString(SIZE(1..128)) OPTIONAL,
-                            addProfessionInfo OCTET STRING OPTIONAL 
-                          }
-
- - @see Org.BouncyCastle.Asn1.IsisMtt.X509.AdmissionSyntax - - - Rechtsanw�ltin - - - Rechtsanwalt - - - Rechtsbeistand - - - Steuerberaterin - - - Steuerberater - - - Steuerbevollm�chtigte - - - Steuerbevollm�chtigter - - - Notarin - - - Notar - - - Notarvertreterin - - - Notarvertreter - - - Notariatsverwalterin - - - Notariatsverwalter - - - Wirtschaftspr�ferin - - - Wirtschaftspr�fer - - - Vereidigte Buchpr�ferin - - - Vereidigter Buchpr�fer - - - Patentanw�ltin - - - Patentanwalt - - - Constructor from Asn1Sequence. -

-

- 

-                           ProfessionInfo ::= SEQUENCE
-                           {
-                             namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL,
-                             professionItems SEQUENCE OF DirectoryString (SIZE(1..128)),
-                             professionOids SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
-                             registrationNumber PrintableString(SIZE(1..128)) OPTIONAL,
-                             addProfessionInfo OCTET STRING OPTIONAL
-                           }
-
- - @param seq The ASN.1 sequence. - - - Constructor from given details. -

- professionItems is mandatory, all other parameters are - optional. - - @param namingAuthority The naming authority. - @param professionItems Directory strings of the profession. - @param professionOids DERObjectIdentfier objects for the - profession. - @param registrationNumber Registration number. - @param addProfessionInfo Additional infos in encoded form. - - - Produce an object suitable for an Asn1OutputStream. -

- Returns: -

- 

-                           ProfessionInfo ::= SEQUENCE
-                           {
-                             namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL,
-                             professionItems SEQUENCE OF DirectoryString (SIZE(1..128)),
-                             professionOids SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
-                             registrationNumber PrintableString(SIZE(1..128)) OPTIONAL,
-                             addProfessionInfo OCTET STRING OPTIONAL
-                           }
-
- - @return an Asn1Object - - - @return Returns the professionItems. - - - @return Returns the professionOids. - - - @return Returns the addProfessionInfo. - - - @return Returns the namingAuthority. - - - @return Returns the registrationNumber. - - - Some other restriction regarding the usage of this certificate. -

- 

-             RestrictionSyntax ::= DirectoryString (SIZE(1..1024))
-
- - - Constructor from DirectoryString. -

- The DirectoryString is of type RestrictionSyntax: -

- 

-                  RestrictionSyntax ::= DirectoryString (SIZE(1..1024))
-
- - @param restriction A IAsn1String. - - - Constructor from a given details. - - @param restriction The description of the restriction. - - - Produce an object suitable for an Asn1OutputStream. -

- Returns: -

- 

-                  RestrictionSyntax ::= DirectoryString (SIZE(1..1024))
-             

-
- - @return an Asn1Object - - - Produce an object suitable for an Asn1OutputStream. - 
-            cast5CBCParameters ::= Sequence {
-                                      iv         OCTET STRING DEFAULT 0,
-                                             -- Initialization vector
-                                      keyLength  Integer
-                                             -- Key length, in bits
-                                 }
-
- - - Produce an object suitable for an Asn1OutputStream. - 
-            IDEA-CBCPar ::= Sequence {
-                                 iv    OCTET STRING OPTIONAL -- exactly 8 octets
-                             }
-
- - - The NetscapeCertType object. - 
-               NetscapeCertType ::= BIT STRING {
-                    SSLClient               (0),
-                    SSLServer               (1),
-                    S/MIME                  (2),
-                    Object Signing          (3),
-                    Reserved                (4),
-                    SSL CA                  (5),
-                    S/MIME CA               (6),
-                    Object Signing CA       (7) }
-
- - - Basic constructor. - - @param usage - the bitwise OR of the Key Usage flags giving the - allowed uses for the key. - e.g. (X509NetscapeCertType.sslCA | X509NetscapeCertType.smimeCA) - - - This is designed to parse - the PublicKeyAndChallenge created by the KEYGEN tag included by - Mozilla based browsers. - 
-              PublicKeyAndChallenge ::= SEQUENCE {
-                spki SubjectPublicKeyInfo,
-                challenge IA5STRING
-              }
-            
-
- - - Utility class for fetching curves using their NIST names as published in FIPS-PUB 186-2 - - - return the X9ECParameters object for the named curve represented by - the passed in object identifier. Null if the curve isn't present. - - @param oid an object identifier representing a named curve, if present. - - - return the object identifier signified by the passed in name. Null - if there is no object identifier associated with name. - - @return the object identifier associated with name, if present. - - - return the named curve name represented by the given object identifier. - - - returns an enumeration containing the name strings for curves - contained in this structure. - - - From RFC 3657 - - - Produce an object suitable for an Asn1OutputStream. - 
-            BasicOcspResponse       ::= Sequence {
-                 tbsResponseData      ResponseData,
-                 signatureAlgorithm   AlgorithmIdentifier,
-                 signature            BIT STRING,
-                 certs                [0] EXPLICIT Sequence OF Certificate OPTIONAL }
-
- - - Produce an object suitable for an Asn1OutputStream. - 
-            CertID          ::=     Sequence {
-                hashAlgorithm       AlgorithmIdentifier,
-                issuerNameHash      OCTET STRING, -- Hash of Issuer's DN
-                issuerKeyHash       OCTET STRING, -- Hash of Issuers public key
-                serialNumber        CertificateSerialNumber }
-
- - - create a CertStatus object with a tag of zero. - - - Produce an object suitable for an Asn1OutputStream. - 
-             CertStatus ::= CHOICE {
-                             good        [0]     IMPLICIT Null,
-                             revoked     [1]     IMPLICIT RevokedInfo,
-                             unknown     [2]     IMPLICIT UnknownInfo }
-
- - - Produce an object suitable for an Asn1OutputStream. - 
-            CrlID ::= Sequence {
-                crlUrl               [0]     EXPLICIT IA5String OPTIONAL,
-                crlNum               [1]     EXPLICIT Integer OPTIONAL,
-                crlTime              [2]     EXPLICIT GeneralizedTime OPTIONAL }
-
- - - Produce an object suitable for an Asn1OutputStream. - 
-            OcspRequest     ::=     Sequence {
-                tbsRequest                  TBSRequest,
-                optionalSignature   [0]     EXPLICIT Signature OPTIONAL }
-
- - - Produce an object suitable for an Asn1OutputStream. - 
-            OcspResponse ::= Sequence {
-                responseStatus         OcspResponseStatus,
-                responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }
-
- - - The OcspResponseStatus enumeration. - 
-            OcspResponseStatus ::= Enumerated {
-                successful            (0),  --Response has valid confirmations
-                malformedRequest      (1),  --Illegal confirmation request
-                internalError         (2),  --Internal error in issuer
-                tryLater              (3),  --Try again later
-                                            --(4) is not used
-                sigRequired           (5),  --Must sign the request
-                unauthorized          (6)   --Request unauthorized
-            }
-
- - - Produce an object suitable for an Asn1OutputStream. - 
-            Request         ::=     Sequence {
-                reqCert                     CertID,
-                singleRequestExtensions     [0] EXPLICIT Extensions OPTIONAL }
-
- - - Produce an object suitable for an Asn1OutputStream. - 
-            ResponderID ::= CHOICE {
-                 byName          [1] Name,
-                 byKey           [2] KeyHash }
-
- - - Produce an object suitable for an Asn1OutputStream. - 
-            ResponseBytes ::=       Sequence {
-                responseType   OBJECT IDENTIFIER,
-                response       OCTET STRING }
-
- - - Produce an object suitable for an Asn1OutputStream. - 
-            ResponseData ::= Sequence {
-                version              [0] EXPLICIT Version DEFAULT v1,
-                responderID              ResponderID,
-                producedAt               GeneralizedTime,
-                responses                Sequence OF SingleResponse,
-                responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
-
- - - Produce an object suitable for an Asn1OutputStream. - 
-            RevokedInfo ::= Sequence {
-                 revocationTime              GeneralizedTime,
-                 revocationReason    [0]     EXPLICIT CRLReason OPTIONAL }
-
- - - Produce an object suitable for an Asn1OutputStream. - 
-            ServiceLocator ::= Sequence {
-                issuer    Name,
-                locator   AuthorityInfoAccessSyntax OPTIONAL }
-
- - - Produce an object suitable for an Asn1OutputStream. - 
-            Signature       ::=     Sequence {
-                signatureAlgorithm      AlgorithmIdentifier,
-                signature               BIT STRING,
-                certs               [0] EXPLICIT Sequence OF Certificate OPTIONAL}
-
- - - Produce an object suitable for an Asn1OutputStream. - 
-             SingleResponse ::= Sequence {
-                     certID                       CertID,
-                     certStatus                   CertStatus,
-                     thisUpdate                   GeneralizedTime,
-                     nextUpdate         [0]       EXPLICIT GeneralizedTime OPTIONAL,
-                     singleExtensions   [1]       EXPLICIT Extensions OPTIONAL }
-
- - - Produce an object suitable for an Asn1OutputStream. - 
-            TBSRequest      ::=     Sequence {
-                version             [0]     EXPLICIT Version DEFAULT v1,
-                requestorName       [1]     EXPLICIT GeneralName OPTIONAL,
-                requestList                 Sequence OF Request,
-                requestExtensions   [2]     EXPLICIT Extensions OPTIONAL }
-
- - - class for breaking up an Oid into it's component tokens, ala - java.util.StringTokenizer. We need this class as some of the - lightweight Java environment don't support classes like - StringTokenizer. - - - return an Attribute object from the given object. - - @param o the object we want converted. - @exception ArgumentException if the object cannot be converted. - - - Produce an object suitable for an Asn1OutputStream. - 
-            Attr ::= Sequence {
-                attrType OBJECT IDENTIFIER,
-                attrValues Set OF AttributeValue
-            }
-
- - - Pkcs10 Certfication request object. - 
-            CertificationRequest ::= Sequence {
-              certificationRequestInfo  CertificationRequestInfo,
-              signatureAlgorithm        AlgorithmIdentifier{{ SignatureAlgorithms }},
-              signature                 BIT STRING
-            }
-
- - - Pkcs10 CertificationRequestInfo object. - 
-              CertificationRequestInfo ::= Sequence {
-               version             Integer { v1(0) } (v1,...),
-               subject             Name,
-               subjectPKInfo   SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
-               attributes          [0] Attributes{{ CRIAttributes }}
-              }
-            
-              Attributes { ATTRIBUTE:IOSet } ::= Set OF Attr{{ IOSet }}
-            
-              Attr { ATTRIBUTE:IOSet } ::= Sequence {
-                type    ATTRIBUTE.&id({IOSet}),
-                values  Set SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{\@type})
-              }
-
- - - Produce an object suitable for an Asn1OutputStream. - 
-            ContentInfo ::= Sequence {
-                     contentType ContentType,
-                     content
-                     [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL }
-
- - - The EncryptedData object. - 
-                  EncryptedData ::= Sequence {
-                       version Version,
-                       encryptedContentInfo EncryptedContentInfo
-                  }
-            
-            
-                  EncryptedContentInfo ::= Sequence {
-                      contentType ContentType,
-                      contentEncryptionAlgorithm  ContentEncryptionAlgorithmIdentifier,
-                      encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL
-                }
-            
-                EncryptedContent ::= OCTET STRING
-
- - - Produce an object suitable for an Asn1OutputStream. - 
-             EncryptedPrivateKeyInfo ::= Sequence {
-                  encryptionAlgorithm AlgorithmIdentifier {{KeyEncryptionAlgorithms}},
-                  encryptedData EncryptedData
-             }
-            
-             EncryptedData ::= OCTET STRING
-            
-             KeyEncryptionAlgorithms ALGORITHM-IDENTIFIER ::= {
-                      ... -- For local profiles
-             }
-
- - - Produce an object suitable for an Asn1OutputStream. - 
-                 AlgorithmIdentifier ::= Sequence {
-                                       algorithm OBJECT IDENTIFIER,
-                                       parameters ANY DEFINED BY algorithm OPTIONAL }
-
- - - 
-            MacData ::= SEQUENCE {
-                mac      DigestInfo,
-                macSalt  OCTET STRING,
-                iterations INTEGER DEFAULT 1
-                -- Note: The default is for historic reasons and its use is deprecated. A
-                -- higher value, like 1024 is recommended.
-
- @return the basic DERObject construction. - - - the infamous Pfx from Pkcs12 - - - write out an RSA private key with its associated information - as described in Pkcs8. - 
-                  PrivateKeyInfo ::= Sequence {
-                                          version Version,
-                                          privateKeyAlgorithm AlgorithmIdentifier {{PrivateKeyAlgorithms}},
-                                          privateKey PrivateKey,
-                                          attributes [0] IMPLICIT Attributes OPTIONAL
-                                      }
-                  Version ::= Integer {v1(0)} (v1,...)
-            
-                  PrivateKey ::= OCTET STRING
-            
-                  Attributes ::= Set OF Attr
-
- - - The default version - - - 
-              RSAES-OAEP-params ::= SEQUENCE {
-                 hashAlgorithm      [0] OAEP-PSSDigestAlgorithms     DEFAULT sha1,
-                 maskGenAlgorithm   [1] PKCS1MGFAlgorithms  DEFAULT mgf1SHA1,
-                 pSourceAlgorithm   [2] PKCS1PSourceAlgorithms  DEFAULT pSpecifiedEmpty
-               }
-            
-               OAEP-PSSDigestAlgorithms    ALGORITHM-IDENTIFIER ::= {
-                 { OID id-sha1 PARAMETERS NULL   }|
-                 { OID id-sha256 PARAMETERS NULL }|
-                 { OID id-sha384 PARAMETERS NULL }|
-                 { OID id-sha512 PARAMETERS NULL },
-                 ...  -- Allows for future expansion --
-               }
-               PKCS1MGFAlgorithms    ALGORITHM-IDENTIFIER ::= {
-                 { OID id-mgf1 PARAMETERS OAEP-PSSDigestAlgorithms },
-                ...  -- Allows for future expansion --
-               }
-               PKCS1PSourceAlgorithms    ALGORITHM-IDENTIFIER ::= {
-                 { OID id-pSpecified PARAMETERS OCTET STRING },
-                 ...  -- Allows for future expansion --
-              }
-
- @return the asn1 primitive representing the parameters. - - - This outputs the key in Pkcs1v2 format. - 
-                  RsaPrivateKey ::= Sequence {
-                                      version Version,
-                                      modulus Integer, -- n
-                                      publicExponent Integer, -- e
-                                      privateExponent Integer, -- d
-                                      prime1 Integer, -- p
-                                      prime2 Integer, -- q
-                                      exponent1 Integer, -- d mod (p-1)
-                                      exponent2 Integer, -- d mod (q-1)
-                                      coefficient Integer -- (inverse of q) mod p
-                                  }
-            
-                  Version ::= Integer
-
-

This routine is written to output Pkcs1 version 0, private keys.

- - - The default version - - - 
-             RSASSA-PSS-params ::= SEQUENCE {
-               hashAlgorithm      [0] OAEP-PSSDigestAlgorithms  DEFAULT sha1,
-                maskGenAlgorithm   [1] PKCS1MGFAlgorithms  DEFAULT mgf1SHA1,
-                saltLength         [2] INTEGER  DEFAULT 20,
-                trailerField       [3] TrailerField  DEFAULT trailerFieldBC
-              }
-            
-             OAEP-PSSDigestAlgorithms    ALGORITHM-IDENTIFIER ::= {
-                { OID id-sha1 PARAMETERS NULL   }|
-                { OID id-sha256 PARAMETERS NULL }|
-                { OID id-sha384 PARAMETERS NULL }|
-                { OID id-sha512 PARAMETERS NULL },
-                ...  -- Allows for future expansion --
-             }
-            
-             PKCS1MGFAlgorithms    ALGORITHM-IDENTIFIER ::= {
-               { OID id-mgf1 PARAMETERS OAEP-PSSDigestAlgorithms },
-                ...  -- Allows for future expansion --
-             }
-            
-             TrailerField ::= INTEGER { trailerFieldBC(1) }
-
- @return the asn1 primitive representing the parameters. - - - a Pkcs#7 signed data object. - - - Produce an object suitable for an Asn1OutputStream. - 
-             SignedData ::= Sequence {
-                 version Version,
-                 digestAlgorithms DigestAlgorithmIdentifiers,
-                 contentInfo ContentInfo,
-                 certificates
-                     [0] IMPLICIT ExtendedCertificatesAndCertificates
-                              OPTIONAL,
-                 crls
-                     [1] IMPLICIT CertificateRevocationLists OPTIONAL,
-                 signerInfos SignerInfos }
-
- - - a Pkcs#7 signer info object. - - - Produce an object suitable for an Asn1OutputStream. - 
-              SignerInfo ::= Sequence {
-                  version Version,
-                  issuerAndSerialNumber IssuerAndSerialNumber,
-                  digestAlgorithm DigestAlgorithmIdentifier,
-                  authenticatedAttributes [0] IMPLICIT Attributes OPTIONAL,
-                  digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier,
-                  encryptedDigest EncryptedDigest,
-                  unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL
-              }
-            
-              EncryptedDigest ::= OCTET STRING
-            
-              DigestAlgorithmIdentifier ::= AlgorithmIdentifier
-            
-              DigestEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
-
- - - the elliptic curve private key object from SEC 1 - - - ECPrivateKey ::= SEQUENCE { - version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), - privateKey OCTET STRING, - parameters [0] Parameters OPTIONAL, - publicKey [1] BIT STRING OPTIONAL } - - - return the X9ECParameters object for the named curve represented by - the passed in object identifier. Null if the curve isn't present. - - @param oid an object identifier representing a named curve, if present. - - - return the object identifier signified by the passed in name. Null - if there is no object identifier associated with name. - - @return the object identifier associated with name, if present. - - - return the named curve name represented by the given object identifier. - - - returns an enumeration containing the name strings for curves - contained in this structure. - - - EllipticCurve OBJECT IDENTIFIER ::= { - iso(1) identified-organization(3) certicom(132) curve(0) - } - - - Handler class for dealing with S/MIME Capabilities - - - general preferences - - - encryption algorithms preferences - - - return an Attr object from the given object. - - @param o the object we want converted. - @exception ArgumentException if the object cannot be converted. - - - returns an ArrayList with 0 or more objects of all the capabilities - matching the passed in capability Oid. If the Oid passed is null the - entire set is returned. - - - Produce an object suitable for an Asn1OutputStream. - 
-            SMIMECapabilities ::= Sequence OF SMIMECapability
-
- - - return an Attr object from the given object. - - @param o the object we want converted. - @exception ArgumentException if the object cannot be converted. - - - Produce an object suitable for an Asn1OutputStream. - 
-            Attr ::= Sequence {
-                attrType OBJECT IDENTIFIER,
-                attrValues Set OF AttributeValue
-            }
-
- - - general preferences - - - encryption algorithms preferences - - - Produce an object suitable for an Asn1OutputStream. - 
-            SMIMECapability ::= Sequence {
-                capabilityID OBJECT IDENTIFIER,
-                parameters ANY DEFINED BY capabilityID OPTIONAL
-            }
-
- - - Handler for creating a vector S/MIME Capabilities - - - The SmimeEncryptionKeyPreference object. - 
-            SmimeEncryptionKeyPreference ::= CHOICE {
-                issuerAndSerialNumber   [0] IssuerAndSerialNumber,
-                receipentKeyId          [1] RecipientKeyIdentifier,
-                subjectAltKeyIdentifier [2] SubjectKeyIdentifier
-            }
-
- - - @param sKeyId the subjectKeyIdentifier value (normally the X.509 one) - - - elliptic curves defined in "ECC Brainpool Standard Curves and Curve Generation" - http://www.ecc-brainpool.org/download/draft_pkix_additional_ecc_dp.txt - - - return the X9ECParameters object for the named curve represented by - the passed in object identifier. Null if the curve isn't present. - - @param oid an object identifier representing a named curve, if present. - - - return the object identifier signified by the passed in name. Null - if there is no object identifier associated with name. - - @return the object identifier associated with name, if present. - - - return the named curve name represented by the given object identifier. - - - returns an enumeration containing the name strings for curves - contained in this structure. - - - 
-            Accuracy ::= SEQUENCE {
-                        seconds        INTEGER              OPTIONAL,
-                        millis     [0] INTEGER  (1..999)    OPTIONAL,
-                        micros     [1] INTEGER  (1..999)    OPTIONAL
-                        }
-
- - - @param o - @return a MessageImprint object. - - - 
-               MessageImprint ::= SEQUENCE  {
-                  hashAlgorithm                AlgorithmIdentifier,
-                  hashedMessage                OCTET STRING  }
-
- - - 
-            TimeStampReq ::= SEQUENCE  {
-             version                      INTEGER  { v1(1) },
-             messageImprint               MessageImprint,
-               --a hash algorithm OID and the hash value of the data to be
-               --time-stamped
-             reqPolicy             TSAPolicyId              OPTIONAL,
-             nonce                 INTEGER                  OPTIONAL,
-             certReq               BOOLEAN                  DEFAULT FALSE,
-             extensions            [0] IMPLICIT Extensions  OPTIONAL
-            }
-
- - - 
-            TimeStampResp ::= SEQUENCE  {
-              status                  PkiStatusInfo,
-              timeStampToken          TimeStampToken     OPTIONAL  }
-
- - - 
-            
-                 TstInfo ::= SEQUENCE  {
-                    version                      INTEGER  { v1(1) },
-                    policy                       TSAPolicyId,
-                    messageImprint               MessageImprint,
-                      -- MUST have the same value as the similar field in
-                      -- TimeStampReq
-                    serialNumber                 INTEGER,
-                     -- Time-Stamping users MUST be ready to accommodate integers
-                     -- up to 160 bits.
-                    genTime                      GeneralizedTime,
-                    accuracy                     Accuracy                 OPTIONAL,
-                    ordering                     BOOLEAN             DEFAULT FALSE,
-                    nonce                        INTEGER                  OPTIONAL,
-                      -- MUST be present if the similar field was present
-                      -- in TimeStampReq.  In that case it MUST have the same value.
-                    tsa                          [0] GeneralName          OPTIONAL,
-                    extensions                   [1] IMPLICIT Extensions   OPTIONAL  }
-            
-
- - - dump a Der object as a formatted string with indentation - - @param obj the Asn1Object to be dumped out. - - - dump out a DER object as a formatted string, in non-verbose mode - - @param obj the Asn1Encodable to be dumped out. - @return the resulting string. - - - Dump out the object as a string - - @param obj the Asn1Encodable to be dumped out. - @param verbose if true, dump out the contents of octet and bit strings. - @return the resulting string. - - - 
-             DirectoryString ::= CHOICE {
-               teletexString               TeletexString (SIZE (1..MAX)),
-               printableString             PrintableString (SIZE (1..MAX)),
-               universalString             UniversalString (SIZE (1..MAX)),
-               utf8String                  UTF8String (SIZE (1..MAX)),
-               bmpString                   BMPString (SIZE (1..MAX))  }
-
- - - The AccessDescription object. - 
-            AccessDescription  ::=  SEQUENCE {
-                  accessMethod          OBJECT IDENTIFIER,
-                  accessLocation        GeneralName  }
-
- - - create an AccessDescription with the oid and location provided. - - - - @return the access method. - - - - @return the access location - - - - Don't use this one if you are trying to be RFC 3281 compliant. - Use it for v1 attribute certificates only. - - Our GeneralNames structure - - - Produce an object suitable for an Asn1OutputStream. - 
-             AttCertIssuer ::= CHOICE {
-                  v1Form   GeneralNames,  -- MUST NOT be used in this
-                                          -- profile
-                  v2Form   [0] V2Form     -- v2 only
-             }
-
- - - Produce an object suitable for an Asn1OutputStream. - 
-             AttCertValidityPeriod  ::= Sequence {
-                  notBeforeTime  GeneralizedTime,
-                  notAfterTime   GeneralizedTime
-             }
-
- - - @param obj - @return - - - Produce an object suitable for an Asn1OutputStream. - 
-             AttributeCertificate ::= Sequence {
-                  acinfo               AttributeCertificateInfo,
-                  signatureAlgorithm   AlgorithmIdentifier,
-                  signatureValue       BIT STRING
-             }
-
- - - Produce an object suitable for an Asn1OutputStream. - 
-              AttributeCertificateInfo ::= Sequence {
-                   version              AttCertVersion -- version is v2,
-                   holder               Holder,
-                   issuer               AttCertIssuer,
-                   signature            AlgorithmIdentifier,
-                   serialNumber         CertificateSerialNumber,
-                   attrCertValidityPeriod   AttCertValidityPeriod,
-                   attributes           Sequence OF Attr,
-                   issuerUniqueID       UniqueIdentifier OPTIONAL,
-                   extensions           Extensions OPTIONAL
-              }
-            
-              AttCertVersion ::= Integer { v2(1) }
-
- - - The AuthorityInformationAccess object. - 
-             id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
-            
-             AuthorityInfoAccessSyntax  ::=
-                  Sequence SIZE (1..MAX) OF AccessDescription
-             AccessDescription  ::=  Sequence {
-                   accessMethod          OBJECT IDENTIFIER,
-                   accessLocation        GeneralName  }
-            
-             id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }
-             id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 }
-             id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 }
-
- - - create an AuthorityInformationAccess with the oid and location provided. - - - The AuthorityKeyIdentifier object. - 
-             id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 }
-            
-               AuthorityKeyIdentifier ::= Sequence {
-                  keyIdentifier             [0] IMPLICIT KeyIdentifier           OPTIONAL,
-                  authorityCertIssuer       [1] IMPLICIT GeneralNames            OPTIONAL,
-                  authorityCertSerialNumber [2] IMPLICIT CertificateSerialNumber OPTIONAL  }
-            
-               KeyIdentifier ::= OCTET STRING
-
- - - - * - * Calulates the keyidentifier using a SHA1 hash over the BIT STRING - * from SubjectPublicKeyInfo as defined in RFC2459. - * - * Example of making a AuthorityKeyIdentifier: - * 
-            	     *   SubjectPublicKeyInfo apki = new SubjectPublicKeyInfo((ASN1Sequence)new ASN1InputStream(
-            		 *       publicKey.getEncoded()).readObject());
-                     *   AuthorityKeyIdentifier aki = new AuthorityKeyIdentifier(apki);
-                     *
- * - * - - - create an AuthorityKeyIdentifier with the GeneralNames tag and - the serial number provided as well. - - - create an AuthorityKeyIdentifier with the GeneralNames tag and - the serial number provided. - - - create an AuthorityKeyIdentifier with a precomputed key identifier - - - create an AuthorityKeyIdentifier with a precomupted key identifier - and the GeneralNames tag and the serial number provided as well. - - - Produce an object suitable for an Asn1OutputStream. - - - create a cA=true object for the given path length constraint. - - @param pathLenConstraint - - - Produce an object suitable for an Asn1OutputStream. - 
-            BasicConstraints := Sequence {
-               cA                  Boolean DEFAULT FALSE,
-               pathLenConstraint   Integer (0..MAX) OPTIONAL
-            }
-
- - - PKIX RFC-2459 - - The X.509 v2 CRL syntax is as follows. For signature calculation, - the data that is to be signed is ASN.1 Der encoded. - - 
-             CertificateList  ::=  Sequence  {
-                  tbsCertList          TbsCertList,
-                  signatureAlgorithm   AlgorithmIdentifier,
-                  signatureValue       BIT STRING  }
-
- - - This class helps to support crossCerfificatePairs in a LDAP directory - according RFC 2587 - - 
-                 crossCertificatePairATTRIBUTE::={
-                   WITH SYNTAX   CertificatePair
-                   EQUALITY MATCHING RULE certificatePairExactMatch
-                   ID joint-iso-ccitt(2) ds(5) attributeType(4) crossCertificatePair(40)}
-
- -
The forward elements of the crossCertificatePair attribute of a - CA's directory entry shall be used to store all, except self-issued - certificates issued to this CA. Optionally, the reverse elements of the - crossCertificatePair attribute, of a CA's directory entry may contain a - subset of certificates issued by this CA to other CAs. When both the forward - and the reverse elements are present in a single attribute value, issuer name - in one certificate shall match the subject name in the other and vice versa, - and the subject public key in one certificate shall be capable of verifying - the digital signature on the other certificate and vice versa. - - When a reverse element is present, the forward element value and the reverse - element value need not be stored in the same attribute value; in other words, - they can be stored in either a single attribute value or two attribute - values.
- - 
-                   CertificatePair ::= SEQUENCE {
-                     forward		[0]	Certificate OPTIONAL,
-                     reverse		[1]	Certificate OPTIONAL,
-                     -- at least one of the pair shall be present -- }
-
- - - Constructor from Asn1Sequence. -

- The sequence is of type CertificatePair: -

- 

-                   CertificatePair ::= SEQUENCE {
-                     forward		[0]	Certificate OPTIONAL,
-                     reverse		[1]	Certificate OPTIONAL,
-                     -- at least one of the pair shall be present -- }
-
- - @param seq The ASN.1 sequence. - - - Constructor from a given details. - - @param forward Certificates issued to this CA. - @param reverse Certificates issued by this CA to other CAs. - - - Produce an object suitable for an Asn1OutputStream. -

- Returns: -

- 

-                   CertificatePair ::= SEQUENCE {
-                     forward		[0]	Certificate OPTIONAL,
-                     reverse		[1]	Certificate OPTIONAL,
-                     -- at least one of the pair shall be present -- }
-
- - @return a DERObject - - - @return Returns the forward. - - - @return Returns the reverse. - - - CertPolicyId, used in the CertificatePolicies and PolicyMappings - X509V3 Extensions. - - 
-                 CertPolicyId ::= OBJECT IDENTIFIER
-
- - - Return the distribution points making up the sequence. - - @return DistributionPoint[] - - - Produce an object suitable for an Asn1OutputStream. - 
-            CrlDistPoint ::= Sequence SIZE {1..MAX} OF DistributionPoint
-
- - - The CRLNumber object. - 
-            CRLNumber::= Integer(0..MAX)
-
- - - The CRLReason enumeration. - 
-            CRLReason ::= Enumerated {
-             unspecified             (0),
-             keyCompromise           (1),
-             cACompromise            (2),
-             affiliationChanged      (3),
-             superseded              (4),
-             cessationOfOperation    (5),
-             certificateHold         (6),
-             removeFromCRL           (8),
-             privilegeWithdrawn      (9),
-             aACompromise           (10)
-            }
-
- - - The DigestInfo object. - 
-            DigestInfo::=Sequence{
-                     digestAlgorithm  AlgorithmIdentifier,
-                     digest OCTET STRING }
-
- - - DisplayText class, used in - CertificatePolicies X509 V3 extensions (in policy qualifiers). - -

It stores a string in a chosen encoding. - 

-             DisplayText ::= CHOICE {
-                  ia5String        IA5String      (SIZE (1..200)),
-                  visibleString    VisibleString  (SIZE (1..200)),
-                  bmpString        BMPString      (SIZE (1..200)),
-                  utf8String       UTF8String     (SIZE (1..200)) }
-

- @see PolicyQualifierInfo - @see PolicyInformation - - - Constant corresponding to ia5String encoding. - - - - Constant corresponding to bmpString encoding. - - - - Constant corresponding to utf8String encoding. - - - - Constant corresponding to visibleString encoding. - - - - Describe constant DisplayTextMaximumSize here. - - - - Creates a new DisplayText instance. - - @param type the desired encoding type for the text. - @param text the text to store. Strings longer than 200 - characters are truncated. - - - Creates a new DisplayText instance. - - @param text the text to encapsulate. Strings longer than 200 - characters are truncated. - - - Creates a new DisplayText instance. -

Useful when reading back a DisplayText class - from it's Asn1Encodable form.

- - @param contents an Asn1Encodable instance. - - - Returns the stored string object. - - @return the stored text as a string. - - - The DistributionPoint object. - 
-            DistributionPoint ::= Sequence {
-                 distributionPoint [0] DistributionPointName OPTIONAL,
-                 reasons           [1] ReasonFlags OPTIONAL,
-                 cRLIssuer         [2] GeneralNames OPTIONAL
-            }
-
- - - The DistributionPointName object. - 
-            DistributionPointName ::= CHOICE {
-                fullName                 [0] GeneralNames,
-                nameRelativeToCRLIssuer  [1] RDN
-            }
-
- - - The extendedKeyUsage object. - 
-                 extendedKeyUsage ::= Sequence SIZE (1..MAX) OF KeyPurposeId
-
- - - Returns all extended key usages. - The returned ArrayList contains DerObjectIdentifier instances. - @return An ArrayList with all key purposes. - - - The GeneralName object. - 
-             GeneralName ::= CHOICE {
-                  otherName                       [0]     OtherName,
-                  rfc822Name                      [1]     IA5String,
-                  dNSName                         [2]     IA5String,
-                  x400Address                     [3]     ORAddress,
-                  directoryName                   [4]     Name,
-                  ediPartyName                    [5]     EDIPartyName,
-                  uniformResourceIdentifier       [6]     IA5String,
-                  iPAddress                       [7]     OCTET STRING,
-                  registeredID                    [8]     OBJECT IDENTIFIER}
-            
-             OtherName ::= Sequence {
-                  type-id    OBJECT IDENTIFIER,
-                  value      [0] EXPLICIT ANY DEFINED BY type-id }
-            
-             EDIPartyName ::= Sequence {
-                  nameAssigner            [0]     DirectoryString OPTIONAL,
-                  partyName               [1]     DirectoryString }
-
- - - When the subjectAltName extension contains an Internet mail address, - the address MUST be included as an rfc822Name. The format of an - rfc822Name is an "addr-spec" as defined in RFC 822 [RFC 822]. - - When the subjectAltName extension contains a domain name service - label, the domain name MUST be stored in the dNSName (an IA5String). - The name MUST be in the "preferred name syntax," as specified by RFC - 1034 [RFC 1034]. - - When the subjectAltName extension contains a URI, the name MUST be - stored in the uniformResourceIdentifier (an IA5String). The name MUST - be a non-relative URL, and MUST follow the URL syntax and encoding - rules specified in [RFC 1738]. The name must include both a scheme - (e.g., "http" or "ftp") and a scheme-specific-part. The scheme- - specific-part must include a fully qualified domain name or IP - address as the host. - - When the subjectAltName extension contains a iPAddress, the address - MUST be stored in the octet string in "network byte order," as - specified in RFC 791 [RFC 791]. The least significant bit (LSB) of - each octet is the LSB of the corresponding byte in the network - address. For IP Version 4, as specified in RFC 791, the octet string - MUST contain exactly four octets. For IP Version 6, as specified in - RFC 1883, the octet string MUST contain exactly sixteen octets [RFC - 1883]. - - - Create a GeneralName for the given tag from the passed in string. -

- This constructor can handle: -

    -
  • rfc822Name
    • -
  • iPAddress
    • -
  • directoryName
    • -
  • dNSName
    • -
  • uniformResourceIdentifier
    • -
  • registeredID
    • -
- For x400Address, otherName and ediPartyName there is no common string - format defined. -

- Note: A directory name can be encoded in different ways into a byte - representation. Be aware of this if the byte representation is used for - comparing results. -

- - @param tag tag number - @param name string representation of name - @throws ArgumentException if the string encoding is not correct or - not supported. - - - Construct a GeneralNames object containing one GeneralName. - The name to be contained. - - - Produce an object suitable for an Asn1OutputStream. - 
-            GeneralNames ::= Sequence SIZE {1..MAX} OF GeneralName
-
- - - Class for containing a restriction object subtrees in NameConstraints. See - RFC 3280. - - 
-            
-                   GeneralSubtree ::= SEQUENCE
-                   {
-                     baseName                    GeneralName,
-                     minimum         [0]     BaseDistance DEFAULT 0,
-                     maximum         [1]     BaseDistance OPTIONAL
-                   }
-
- - @see org.bouncycastle.asn1.x509.NameConstraints - - - - Constructor from a given details. - - According RFC 3280, the minimum and maximum fields are not used with any - name forms, thus minimum MUST be zero, and maximum MUST be absent. -

- If minimum is null, zero is assumed, if - maximum is null, maximum is absent.

- - @param baseName - A restriction. - @param minimum - Minimum - - @param maximum - Maximum - - - Produce an object suitable for an Asn1OutputStream. - - Returns: - - 
-                   GeneralSubtree ::= SEQUENCE
-                   {
-                     baseName                    GeneralName,
-                     minimum         [0]     BaseDistance DEFAULT 0,
-                     maximum         [1]     BaseDistance OPTIONAL
-                   }
-
- - @return a DERObject - - - The Holder object. -

- For an v2 attribute certificate this is: - - 

-                       Holder ::= SEQUENCE {
-                             baseCertificateID   [0] IssuerSerial OPTIONAL,
-                                      -- the issuer and serial number of
-                                      -- the holder's Public Key Certificate
-                             entityName          [1] GeneralNames OPTIONAL,
-                                      -- the name of the claimant or role
-                             objectDigestInfo    [2] ObjectDigestInfo OPTIONAL
-                                      -- used to directly authenticate the holder,
-                                      -- for example, an executable
-                       }
-
-

-

- For an v1 attribute certificate this is: - - 

-                    subject CHOICE {
-                     baseCertificateID [0] IssuerSerial,
-                     -- associated with a Public Key Certificate
-                     subjectName [1] GeneralNames },
-                     -- associated with a name
-
-

- - - Constructor for a holder for an v1 attribute certificate. - - @param tagObj The ASN.1 tagged holder object. - - - Constructor for a holder for an v2 attribute certificate. * - - @param seq The ASN.1 sequence. - - - Constructs a holder from a IssuerSerial. - @param baseCertificateID The IssuerSerial. - @param version The version of the attribute certificate. - - - Constructs a holder with an entityName for v2 attribute certificates or - with a subjectName for v1 attribute certificates. - - @param entityName The entity or subject name. - - - Constructs a holder with an entityName for v2 attribute certificates or - with a subjectName for v1 attribute certificates. - - @param entityName The entity or subject name. - @param version The version of the attribute certificate. - - - Constructs a holder from an object digest info. - - @param objectDigestInfo The object digest info object. - - - The Holder object. - 
-             Holder ::= Sequence {
-                   baseCertificateID   [0] IssuerSerial OPTIONAL,
-                            -- the issuer and serial number of
-                            -- the holder's Public Key Certificate
-                   entityName          [1] GeneralNames OPTIONAL,
-                            -- the name of the claimant or role
-                   objectDigestInfo    [2] ObjectDigestInfo OPTIONAL
-                            -- used to directly authenticate the holder,
-                            -- for example, an executable
-             }
-
- - - Returns 1 for v2 attribute certificates or 0 for v1 attribute - certificates. - @return The version of the attribute certificate. - - - Returns the entityName for an v2 attribute certificate or the subjectName - for an v1 attribute certificate. - - @return The entityname or subjectname. - - - Implementation of IetfAttrSyntax as specified by RFC3281. - - - - - - - 
-            
-              IetfAttrSyntax ::= Sequence {
-                policyAuthority [0] GeneralNames OPTIONAL,
-                values Sequence OF CHOICE {
-                  octets OCTET STRING,
-                  oid OBJECT IDENTIFIER,
-                  string UTF8String
-                }
-              }
-            
-
- - - Produce an object suitable for an Asn1OutputStream. - 
-             IssuerSerial  ::=  Sequence {
-                  issuer         GeneralNames,
-                  serial         CertificateSerialNumber,
-                  issuerUid      UniqueIdentifier OPTIONAL
-             }
-
- - - 
-            IssuingDistributionPoint ::= SEQUENCE { 
-              distributionPoint          [0] DistributionPointName OPTIONAL, 
-              onlyContainsUserCerts      [1] BOOLEAN DEFAULT FALSE, 
-              onlyContainsCACerts        [2] BOOLEAN DEFAULT FALSE, 
-              onlySomeReasons            [3] ReasonFlags OPTIONAL, 
-              indirectCRL                [4] BOOLEAN DEFAULT FALSE,
-              onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE }
-
- - - Constructor from given details. - - @param distributionPoint - May contain an URI as pointer to most current CRL. - @param onlyContainsUserCerts Covers revocation information for end certificates. - @param onlyContainsCACerts Covers revocation information for CA certificates. - - @param onlySomeReasons - Which revocation reasons does this point cover. - @param indirectCRL - If true then the CRL contains revocation - information about certificates ssued by other CAs. - @param onlyContainsAttributeCerts Covers revocation information for attribute certificates. - - - Constructor from Asn1Sequence - - - @return Returns the distributionPoint. - - - @return Returns the onlySomeReasons. - - - The KeyPurposeID object. - 
-                KeyPurposeID ::= OBJECT IDENTIFIER
-
- - - The KeyUsage object. - 
-                id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 }
-            
-                KeyUsage ::= BIT STRING {
-                     digitalSignature        (0),
-                     nonRepudiation          (1),
-                     keyEncipherment         (2),
-                     dataEncipherment        (3),
-                     keyAgreement            (4),
-                     keyCertSign             (5),
-                     cRLSign                 (6),
-                     encipherOnly            (7),
-                     decipherOnly            (8) }
-
- - - Basic constructor. - - @param usage - the bitwise OR of the Key Usage flags giving the - allowed uses for the key. - e.g. (KeyUsage.keyEncipherment | KeyUsage.dataEncipherment) - - - Constructor from a given details. - -

permitted and excluded are Vectors of GeneralSubtree objects.

- - @param permitted Permitted subtrees - @param excluded Excluded subtrees - - - NoticeReference class, used in - CertificatePolicies X509 V3 extensions - (in policy qualifiers). - - 
-              NoticeReference ::= Sequence {
-                  organization     DisplayText,
-                  noticeNumbers    Sequence OF Integer }
-            
-
- - @see PolicyQualifierInfo - @see PolicyInformation - - - Creates a new NoticeReference instance. - - @param orgName a string value - @param numbers a ArrayList value - - - Creates a new NoticeReference instance. - - @param orgName a string value - @param numbers an Asn1Sequence value - - - Creates a new NoticeReference instance. - - @param displayTextType an int value - @param orgName a string value - @param numbers an Asn1Sequence value - - - Creates a new NoticeReference instance. -

Useful for reconstructing a NoticeReference - instance from its encodable/encoded form.

- - @param as an Asn1Sequence value obtained from either - calling @{link ToAsn1Object()} for a NoticeReference - instance or from parsing it from a Der-encoded stream. - - - Describe ToAsn1Object method here. - - @return a Asn1Object value - - - ObjectDigestInfo ASN.1 structure used in v2 attribute certificates. - - 
-             
-               ObjectDigestInfo ::= SEQUENCE {
-                    digestedObjectType  ENUMERATED {
-                            publicKey            (0),
-                            publicKeyCert        (1),
-                            otherObjectTypes     (2) },
-                                    -- otherObjectTypes MUST NOT
-                                    -- be used in this profile
-                    otherObjectTypeID   OBJECT IDENTIFIER OPTIONAL,
-                    digestAlgorithm     AlgorithmIdentifier,
-                    objectDigest        BIT STRING
-               }
-              
-
- - - - The public key is hashed. - - - The public key certificate is hashed. - - - An other object is hashed. - - - Constructor from given details. -

- If digestedObjectType is not {@link #publicKeyCert} or - {@link #publicKey} otherObjectTypeID must be given, - otherwise it is ignored.

- - @param digestedObjectType The digest object type. - @param otherObjectTypeID The object type ID for - otherObjectDigest. - @param digestAlgorithm The algorithm identifier for the hash. - @param objectDigest The hash value. - - - Produce an object suitable for an Asn1OutputStream. - - 
-             
-               ObjectDigestInfo ::= SEQUENCE {
-                    digestedObjectType  ENUMERATED {
-                            publicKey            (0),
-                            publicKeyCert        (1),
-                            otherObjectTypes     (2) },
-                                    -- otherObjectTypes MUST NOT
-                                    -- be used in this profile
-                    otherObjectTypeID   OBJECT IDENTIFIER OPTIONAL,
-                    digestAlgorithm     AlgorithmIdentifier,
-                    objectDigest        BIT STRING
-               }
-              
-
- - - PolicyMappings V3 extension, described in RFC3280. - 
-                PolicyMappings ::= Sequence SIZE (1..MAX) OF Sequence {
-                  issuerDomainPolicy      CertPolicyId,
-                  subjectDomainPolicy     CertPolicyId }
-
- - @see RFC 3280, section 4.2.1.6 - - - Creates a new PolicyMappings instance. - - @param seq an Asn1Sequence constructed as specified - in RFC 3280 - - - Creates a new PolicyMappings instance. - - @param mappings a HashMap value that maps - string oids - to other string oids. - - - PolicyQualifierId, used in the CertificatePolicies - X509V3 extension. - - 
-                id-qt          OBJECT IDENTIFIER ::=  { id-pkix 2 }
-                id-qt-cps      OBJECT IDENTIFIER ::=  { id-qt 1 }
-                id-qt-unotice  OBJECT IDENTIFIER ::=  { id-qt 2 }
-              PolicyQualifierId ::=
-                   OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
-
- - - Policy qualifiers, used in the X509V3 CertificatePolicies - extension. - - 
-               PolicyQualifierInfo ::= Sequence {
-                   policyQualifierId  PolicyQualifierId,
-                   qualifier          ANY DEFINED BY policyQualifierId }
-
- - - Creates a new PolicyQualifierInfo instance. - - @param policyQualifierId a PolicyQualifierId value - @param qualifier the qualifier, defined by the above field. - - - Creates a new PolicyQualifierInfo containing a - cPSuri qualifier. - - @param cps the CPS (certification practice statement) uri as a - string. - - - Creates a new PolicyQualifierInfo instance. - - @param as PolicyQualifierInfo X509 structure - encoded as an Asn1Sequence. - - - Returns a Der-encodable representation of this instance. - - @return a Asn1Object value - - - - 
-            PrivateKeyUsagePeriod ::= SEQUENCE
-            {
-            notBefore       [0]     GeneralizedTime OPTIONAL,
-            notAfter        [1]     GeneralizedTime OPTIONAL }
-
- - - - The BiometricData object. - 
-            BiometricData  ::=  SEQUENCE {
-                  typeOfBiometricData  TypeOfBiometricData,
-                  hashAlgorithm        AlgorithmIdentifier,
-                  biometricDataHash    OCTET STRING,
-                  sourceDataUri        IA5String OPTIONAL  }
-
- - - The Iso4217CurrencyCode object. - 
-            Iso4217CurrencyCode  ::=  CHOICE {
-                  alphabetic              PrintableString (SIZE 3), --Recommended
-                  numeric              INTEGER (1..999) }
-            -- Alphabetic or numeric currency code as defined in ISO 4217
-            -- It is recommended that the Alphabetic form is used
-
- - - The MonetaryValue object. - 
-            MonetaryValue  ::=  SEQUENCE {
-                  currency              Iso4217CurrencyCode,
-                  amount               INTEGER,
-                  exponent             INTEGER }
-            -- value = amount * 10^exponent
-
- - - The QCStatement object. - 
-            QCStatement ::= SEQUENCE {
-              statementId        OBJECT IDENTIFIER,
-              statementInfo      ANY DEFINED BY statementId OPTIONAL}
-
- - - The SemanticsInformation object. - 
-                   SemanticsInformation ::= SEQUENCE {
-                     semanticsIdentifier        OBJECT IDENTIFIER   OPTIONAL,
-                     nameRegistrationAuthorities NameRegistrationAuthorities
-                                                                     OPTIONAL }
-                     (WITH COMPONENTS {..., semanticsIdentifier PRESENT}|
-                      WITH COMPONENTS {..., nameRegistrationAuthorities PRESENT})
-            
-                 NameRegistrationAuthorities ::=  SEQUENCE SIZE (1..MAX) OF
-                     GeneralName
-
- - - The TypeOfBiometricData object. - 
-             TypeOfBiometricData ::= CHOICE {
-               predefinedBiometricType   PredefinedBiometricType,
-               biometricDataOid          OBJECT IDENTIFIER }
-            
-             PredefinedBiometricType ::= INTEGER {
-               picture(0),handwritten-signature(1)}
-               (picture|handwritten-signature)
-
- - - The ReasonFlags object. - 
-            ReasonFlags ::= BIT STRING {
-               unused(0),
-               keyCompromise(1),
-               cACompromise(2),
-               affiliationChanged(3),
-               superseded(4),
-               cessationOfOperation(5),
-               certficateHold(6)
-            }
-
- - - @param reasons - the bitwise OR of the Key Reason flags giving the - allowed uses for the key. - - - Implementation of the RoleSyntax object as specified by the RFC3281. - - 
-             RoleSyntax ::= SEQUENCE {
-                             roleAuthority  [0] GeneralNames OPTIONAL,
-                             roleName       [1] GeneralName
-                       }
-
- - - RoleSyntax factory method. - @param obj the object used to construct an instance of - RoleSyntax. It must be an instance of RoleSyntax - or Asn1Sequence. - @return the instance of RoleSyntax built from the - supplied object. - @throws java.lang.ArgumentException if the object passed - to the factory is not an instance of RoleSyntax or - Asn1Sequence. - - - Constructor. - @param roleAuthority the role authority of this RoleSyntax. - @param roleName the role name of this RoleSyntax. - - - Constructor. Invoking this constructor is the same as invoking - new RoleSyntax(null, roleName). - @param roleName the role name of this RoleSyntax. - - - Utility constructor. Takes a string argument representing - the role name, builds a GeneralName to hold the role name - and calls the constructor that takes a GeneralName. - @param roleName - - - Constructor that builds an instance of RoleSyntax by - extracting the encoded elements from the Asn1Sequence - object supplied. - @param seq an instance of Asn1Sequence that holds - the encoded elements used to build this RoleSyntax. - - - Gets the role name as a java.lang.string object. - @return the role name of this RoleSyntax represented as a - string object. - - - Gets the role authority as a string[] object. - @return the role authority of this RoleSyntax represented as a - string[] array. - - - Implementation of the method ToAsn1Object as - required by the superclass ASN1Encodable. - - 
-             RoleSyntax ::= SEQUENCE {
-                             roleAuthority  [0] GeneralNames OPTIONAL,
-                             roleName       [1] GeneralName
-                       }
-
- - - Gets the role authority of this RoleSyntax. - @return an instance of GeneralNames holding the - role authority of this RoleSyntax. - - - Gets the role name of this RoleSyntax. - @return an instance of GeneralName holding the - role name of this RoleSyntax. - - - This outputs the key in Pkcs1v2 format. - 
-                 RSAPublicKey ::= Sequence {
-                                     modulus Integer, -- n
-                                     publicExponent Integer, -- e
-                                 }
-
- - - Structure for a name or pseudonym. - - 
-                  NameOrPseudonym ::= CHOICE {
-                	   surAndGivenName SEQUENCE {
-                	     surName DirectoryString,
-                	     givenName SEQUENCE OF DirectoryString 
-                    },
-                	   pseudonym DirectoryString 
-                  }
-
- - @see org.bouncycastle.asn1.x509.sigi.PersonalData - - - - Constructor from DERString. -

- The sequence is of type NameOrPseudonym: -

- 

-                  NameOrPseudonym ::= CHOICE {
-                	   surAndGivenName SEQUENCE {
-                	     surName DirectoryString,
-                	     givenName SEQUENCE OF DirectoryString
-                    },
-                	   pseudonym DirectoryString
-                  }
-
- @param pseudonym pseudonym value to use. - - - Constructor from Asn1Sequence. -

- The sequence is of type NameOrPseudonym: -

- 

-                   NameOrPseudonym ::= CHOICE {
-                 	   surAndGivenName SEQUENCE {
-                 	     surName DirectoryString,
-                 	     givenName SEQUENCE OF DirectoryString
-                     },
-                 	   pseudonym DirectoryString
-                   }
-
- - @param seq The ASN.1 sequence. - - - Constructor from a given details. - - @param pseudonym The pseudonym. - - - Constructor from a given details. - - @param surname The surname. - @param givenName A sequence of directory strings making up the givenName - - - Produce an object suitable for an Asn1OutputStream. -

- Returns: -

- 

-                   NameOrPseudonym ::= CHOICE {
-                 	   surAndGivenName SEQUENCE {
-                 	     surName DirectoryString,
-                 	     givenName SEQUENCE OF DirectoryString
-                     },
-                 	   pseudonym DirectoryString
-                   }
-
- - @return an Asn1Object - - - Contains personal data for the otherName field in the subjectAltNames - extension. -

- 

-                 PersonalData ::= SEQUENCE {
-                   nameOrPseudonym NameOrPseudonym,
-                   nameDistinguisher [0] INTEGER OPTIONAL,
-                   dateOfBirth [1] GeneralizedTime OPTIONAL,
-                   placeOfBirth [2] DirectoryString OPTIONAL,
-                   gender [3] PrintableString OPTIONAL,
-                   postalAddress [4] DirectoryString OPTIONAL
-                   }
-
- - @see org.bouncycastle.asn1.x509.sigi.NameOrPseudonym - @see org.bouncycastle.asn1.x509.sigi.SigIObjectIdentifiers - - - Constructor from Asn1Sequence. -

- The sequence is of type NameOrPseudonym: -

- 

-                 PersonalData ::= SEQUENCE {
-                   nameOrPseudonym NameOrPseudonym,
-                   nameDistinguisher [0] INTEGER OPTIONAL,
-                   dateOfBirth [1] GeneralizedTime OPTIONAL,
-                   placeOfBirth [2] DirectoryString OPTIONAL,
-                   gender [3] PrintableString OPTIONAL,
-                   postalAddress [4] DirectoryString OPTIONAL
-                   }
-
- - @param seq The ASN.1 sequence. - - - Constructor from a given details. - - @param nameOrPseudonym Name or pseudonym. - @param nameDistinguisher Name distinguisher. - @param dateOfBirth Date of birth. - @param placeOfBirth Place of birth. - @param gender Gender. - @param postalAddress Postal Address. - - - Produce an object suitable for an Asn1OutputStream. -

- Returns: -

- 

-                 PersonalData ::= SEQUENCE {
-                   nameOrPseudonym NameOrPseudonym,
-                   nameDistinguisher [0] INTEGER OPTIONAL,
-                   dateOfBirth [1] GeneralizedTime OPTIONAL,
-                   placeOfBirth [2] DirectoryString OPTIONAL,
-                   gender [3] PrintableString OPTIONAL,
-                   postalAddress [4] DirectoryString OPTIONAL
-                   }
-
- - @return an Asn1Object - - - Object Identifiers of SigI specifciation (German Signature Law - Interoperability specification). - - - Key purpose IDs for German SigI (Signature Interoperability - Specification) - - - Certificate policy IDs for German SigI (Signature Interoperability - Specification) - - - Other Name IDs for German SigI (Signature Interoperability Specification) - - - To be used for for the generation of directory service certificates. - - - ID for PersonalData - - - Certificate is conform to german signature law. - - - This extension may contain further X.500 attributes of the subject. See also - RFC 3039. - - 
-                 SubjectDirectoryAttributes ::= Attributes
-                 Attributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
-                 Attribute ::= SEQUENCE
-                 {
-                   type AttributeType
-                   values SET OF AttributeValue
-                 }
-            
-                 AttributeType ::= OBJECT IDENTIFIER
-                 AttributeValue ::= ANY DEFINED BY AttributeType
-
- - @see org.bouncycastle.asn1.x509.X509Name for AttributeType ObjectIdentifiers. - - - Constructor from Asn1Sequence. - - The sequence is of type SubjectDirectoryAttributes: - - 
-                  SubjectDirectoryAttributes ::= Attributes
-                  Attributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
-                  Attribute ::= SEQUENCE
-                  {
-                    type AttributeType
-                    values SET OF AttributeValue
-                  }
-            
-                  AttributeType ::= OBJECT IDENTIFIER
-                  AttributeValue ::= ANY DEFINED BY AttributeType
-
- - @param seq - The ASN.1 sequence. - - - Constructor from an ArrayList of attributes. - - The ArrayList consists of attributes of type {@link Attribute Attribute} - - @param attributes The attributes. - - - - Produce an object suitable for an Asn1OutputStream. - - Returns: - - 
-                  SubjectDirectoryAttributes ::= Attributes
-                  Attributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
-                  Attribute ::= SEQUENCE
-                  {
-                    type AttributeType
-                    values SET OF AttributeValue
-                  }
-            
-                  AttributeType ::= OBJECT IDENTIFIER
-                  AttributeValue ::= ANY DEFINED BY AttributeType
-
- - @return a DERObject - - - @return Returns the attributes. - - - The SubjectKeyIdentifier object. - 
-            SubjectKeyIdentifier::= OCTET STRING
-
- - - Calculates the keyIdentifier using a SHA1 hash over the BIT STRING - from SubjectPublicKeyInfo as defined in RFC3280. - - @param spki the subject public key info. - - - Return a RFC 3280 type 1 key identifier. As in: - 
-            (1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the
-            value of the BIT STRING subjectPublicKey (excluding the tag,
-            length, and number of unused bits).
-
- @param keyInfo the key info object containing the subjectPublicKey field. - @return the key identifier. - - - Return a RFC 3280 type 2 key identifier. As in: - 
-            (2) The keyIdentifier is composed of a four bit type field with
-            the value 0100 followed by the least significant 60 bits of the
-            SHA-1 hash of the value of the BIT STRING subjectPublicKey.
-
- @param keyInfo the key info object containing the subjectPublicKey field. - @return the key identifier. - - - The object that contains the public key stored in a certficate. -

- The GetEncoded() method in the public keys in the JCE produces a DER - encoded one of these.

- - - for when the public key is an encoded object - if the bitstring - can't be decoded this routine raises an IOException. - - @exception IOException - if the bit string doesn't represent a Der - encoded object. - - - Produce an object suitable for an Asn1OutputStream. - 
-            SubjectPublicKeyInfo ::= Sequence {
-                                     algorithm AlgorithmIdentifier,
-                                     publicKey BIT STRING }
-
- - - for when the public key is raw bits... - - - Target structure used in target information extension for attribute - certificates from RFC 3281. - - 
-                Target  ::= CHOICE {
-                  targetName          [0] GeneralName,
-                  targetGroup         [1] GeneralName,
-                  targetCert          [2] TargetCert
-                }
-
- -

- The targetCert field is currently not supported and must not be used - according to RFC 3281.

- - - Creates an instance of a Target from the given object. -

- obj can be a Target or a {@link Asn1TaggedObject}

- - @param obj The object. - @return A Target instance. - @throws ArgumentException if the given object cannot be - interpreted as Target. - - - Constructor from Asn1TaggedObject. - - @param tagObj The tagged object. - @throws ArgumentException if the encoding is wrong. - - - Constructor from given details. -

- Exactly one of the parameters must be not null.

- - @param type the choice type to apply to the name. - @param name the general name. - @throws ArgumentException if type is invalid. - - - Produce an object suitable for an Asn1OutputStream. - - Returns: - - 
-                Target  ::= CHOICE {
-                  targetName          [0] GeneralName,
-                  targetGroup         [1] GeneralName,
-                  targetCert          [2] TargetCert
-                }
-
- - @return an Asn1Object - - - @return Returns the targetGroup. - - - @return Returns the targetName. - - - Target information extension for attributes certificates according to RFC - 3281. - - 
-                      SEQUENCE OF Targets
-
- - - - Creates an instance of a TargetInformation from the given object. -

- obj can be a TargetInformation or a {@link Asn1Sequence}

- - @param obj The object. - @return A TargetInformation instance. - @throws ArgumentException if the given object cannot be interpreted as TargetInformation. - - - Constructor from a Asn1Sequence. - - @param seq The Asn1Sequence. - @throws ArgumentException if the sequence does not contain - correctly encoded Targets elements. - - - Returns the targets in this target information extension. -

- The ArrayList is cloned before it is returned.

- - @return Returns the targets. - - - Constructs a target information from a single targets element. - According to RFC 3281 only one targets element must be produced. - - @param targets A Targets instance. - - - According to RFC 3281 only one targets element must be produced. If - multiple targets are given they must be merged in - into one targets element. - - @param targets An array with {@link Targets}. - - - Produce an object suitable for an Asn1OutputStream. - - Returns: - - 
-                     SEQUENCE OF Targets
-
- -

- According to RFC 3281 only one targets element must be produced. If - multiple targets are given in the constructor they are merged into one - targets element. If this was produced from a - {@link Org.BouncyCastle.Asn1.Asn1Sequence} the encoding is kept.

- - @return an Asn1Object - - - Targets structure used in target information extension for attribute - certificates from RFC 3281. - - 
-                       Targets ::= SEQUENCE OF Target
-                      
-                       Target  ::= CHOICE {
-                         targetName          [0] GeneralName,
-                         targetGroup         [1] GeneralName,
-                         targetCert          [2] TargetCert
-                       }
-                      
-                       TargetCert  ::= SEQUENCE {
-                         targetCertificate    IssuerSerial,
-                         targetName           GeneralName OPTIONAL,
-                         certDigestInfo       ObjectDigestInfo OPTIONAL
-                       }
-
- - @see org.bouncycastle.asn1.x509.Target - @see org.bouncycastle.asn1.x509.TargetInformation - - - Creates an instance of a Targets from the given object. -

- obj can be a Targets or a {@link Asn1Sequence}

- - @param obj The object. - @return A Targets instance. - @throws ArgumentException if the given object cannot be interpreted as Target. - - - Constructor from Asn1Sequence. - - @param targets The ASN.1 SEQUENCE. - @throws ArgumentException if the contents of the sequence are - invalid. - - - Constructor from given targets. -

- The ArrayList is copied.

- - @param targets An ArrayList of {@link Target}s. - @see Target - @throws ArgumentException if the ArrayList contains not only Targets. - - - Returns the targets in an ArrayList. -

- The ArrayList is cloned before it is returned.

- - @return Returns the targets. - - - Produce an object suitable for an Asn1OutputStream. - - Returns: - - 
-                       Targets ::= SEQUENCE OF Target
-
- - @return an Asn1Object - - - The TbsCertificate object. - 
-            TbsCertificate ::= Sequence {
-                 version          [ 0 ]  Version DEFAULT v1(0),
-                 serialNumber            CertificateSerialNumber,
-                 signature               AlgorithmIdentifier,
-                 issuer                  Name,
-                 validity                Validity,
-                 subject                 Name,
-                 subjectPublicKeyInfo    SubjectPublicKeyInfo,
-                 issuerUniqueID    [ 1 ] IMPLICIT UniqueIdentifier OPTIONAL,
-                 subjectUniqueID   [ 2 ] IMPLICIT UniqueIdentifier OPTIONAL,
-                 extensions        [ 3 ] Extensions OPTIONAL
-                 }
-
-

- Note: issuerUniqueID and subjectUniqueID are both deprecated by the IETF. This class - will parse them, but you really shouldn't be creating new ones.

- - - PKIX RFC-2459 - TbsCertList object. - 
-            TbsCertList  ::=  Sequence  {
-                 version                 Version OPTIONAL,
-                                              -- if present, shall be v2
-                 signature               AlgorithmIdentifier,
-                 issuer                  Name,
-                 thisUpdate              Time,
-                 nextUpdate              Time OPTIONAL,
-                 revokedCertificates     Sequence OF Sequence  {
-                      userCertificate         CertificateSerialNumber,
-                      revocationDate          Time,
-                      crlEntryExtensions      Extensions OPTIONAL
-                                                    -- if present, shall be v2
-                                           }  OPTIONAL,
-                 crlExtensions           [0]  EXPLICIT Extensions OPTIONAL
-                                                    -- if present, shall be v2
-                                           }
-
- - - creates a time object from a given date - if the date is between 1950 - and 2049 a UTCTime object is Generated, otherwise a GeneralizedTime - is used. - - - - Return our time as DateTime. - - A date time. - - - Produce an object suitable for an Asn1OutputStream. - 
-            Time ::= CHOICE {
-                        utcTime        UTCTime,
-                        generalTime    GeneralizedTime }
-
- - - UserNotice class, used in - CertificatePolicies X509 extensions (in policy - qualifiers). - 
-             UserNotice ::= Sequence {
-                  noticeRef        NoticeReference OPTIONAL,
-                  explicitText     DisplayText OPTIONAL}
-            
-
- - @see PolicyQualifierId - @see PolicyInformation - - - Creates a new UserNotice instance. - - @param noticeRef a NoticeReference value - @param explicitText a DisplayText value - - - Creates a new UserNotice instance. - - @param noticeRef a NoticeReference value - @param str the explicitText field as a string. - - - Creates a new UserNotice instance. -

Useful from reconstructing a UserNotice instance - from its encodable/encoded form. - - @param as an ASN1Sequence value obtained from either - calling @{link toASN1Object()} for a UserNotice - instance or from parsing it from a DER-encoded stream.

- - - Generator for Version 1 TbsCertificateStructures. - 
-             TbsCertificate ::= Sequence {
-                  version          [ 0 ]  Version DEFAULT v1(0),
-                  serialNumber            CertificateSerialNumber,
-                  signature               AlgorithmIdentifier,
-                  issuer                  Name,
-                  validity                Validity,
-                  subject                 Name,
-                  subjectPublicKeyInfo    SubjectPublicKeyInfo,
-                  }
-
- - - - Generator for Version 2 AttributeCertificateInfo - 
-             AttributeCertificateInfo ::= Sequence {
-                   version              AttCertVersion -- version is v2,
-                   holder               Holder,
-                   issuer               AttCertIssuer,
-                   signature            AlgorithmIdentifier,
-                   serialNumber         CertificateSerialNumber,
-                   attrCertValidityPeriod   AttCertValidityPeriod,
-                   attributes           Sequence OF Attr,
-                   issuerUniqueID       UniqueIdentifier OPTIONAL,
-                   extensions           Extensions OPTIONAL
-             }
-
- - - - @param attribute - - - Produce an object suitable for an Asn1OutputStream. - 
-             V2Form ::= Sequence {
-                  issuerName            GeneralNames  OPTIONAL,
-                  baseCertificateID     [0] IssuerSerial  OPTIONAL,
-                  objectDigestInfo      [1] ObjectDigestInfo  OPTIONAL
-                    -- issuerName MUST be present in this profile
-                    -- baseCertificateID and objectDigestInfo MUST NOT
-                    -- be present in this profile
-             }
-
- - - Generator for Version 2 TbsCertList structures. - 
-              TbsCertList  ::=  Sequence  {
-                   version                 Version OPTIONAL,
-                                                -- if present, shall be v2
-                   signature               AlgorithmIdentifier,
-                   issuer                  Name,
-                   thisUpdate              Time,
-                   nextUpdate              Time OPTIONAL,
-                   revokedCertificates     Sequence OF Sequence  {
-                        userCertificate         CertificateSerialNumber,
-                        revocationDate          Time,
-                        crlEntryExtensions      Extensions OPTIONAL
-                                                      -- if present, shall be v2
-                                             }  OPTIONAL,
-                   crlExtensions           [0]  EXPLICIT Extensions OPTIONAL
-                                                      -- if present, shall be v2
-                                             }
-
- - Note: This class may be subject to change - - - Generator for Version 3 TbsCertificateStructures. - 
-             TbsCertificate ::= Sequence {
-                  version          [ 0 ]  Version DEFAULT v1(0),
-                  serialNumber            CertificateSerialNumber,
-                  signature               AlgorithmIdentifier,
-                  issuer                  Name,
-                  validity                Validity,
-                  subject                 Name,
-                  subjectPublicKeyInfo    SubjectPublicKeyInfo,
-                  issuerUniqueID    [ 1 ] IMPLICIT UniqueIdentifier OPTIONAL,
-                  subjectUniqueID   [ 2 ] IMPLICIT UniqueIdentifier OPTIONAL,
-                  extensions        [ 3 ] Extensions OPTIONAL
-                  }
-
- - - - an X509Certificate structure. - 
-             Certificate ::= Sequence {
-                 tbsCertificate          TbsCertificate,
-                 signatureAlgorithm      AlgorithmIdentifier,
-                 signature               BIT STRING
-             }
-
- - - The default converter for X509 DN entries when going from their - string value to ASN.1 strings. - - - * It turns out that the number of standard ways the fields in a DN should be - * encoded into their ASN.1 counterparts is rapidly approaching the - * number of machines on the internet. By default the X509Name class - * will produce UTF8Strings in line with the current recommendations (RFC 3280). - *

- * An example of an encoder look like below: - * 

-                 * public class X509DirEntryConverter
-                 *     : X509NameEntryConverter
-                 * {
-                 *     public Asn1Object GetConvertedValue(
-                 *         DerObjectIdentifier  oid,
-                 *         string               value)
-                 *     {
-                 *         if (str.Length() != 0 && str.charAt(0) == '#')
-                 *         {
-                 *             return ConvertHexEncoded(str, 1);
-                 *         }
-                 *         if (oid.Equals(EmailAddress))
-                 *         {
-                 *             return new DerIA5String(str);
-                 *         }
-                 *         else if (CanBePrintable(str))
-                 *         {
-                 *             return new DerPrintableString(str);
-                 *         }
-                 *         else if (CanBeUTF8(str))
-                 *         {
-                 *             return new DerUtf8String(str);
-                 *         }
-                 *         else
-                 *         {
-                 *             return new DerBmpString(str);
-                 *         }
-                 *     }
-                 * }
-            	 *
- *

- - - Convert an inline encoded hex string rendition of an ASN.1 - object back into its corresponding ASN.1 object. - - @param str the hex encoded object - @param off the index at which the encoding starts - @return the decoded object - - - return true if the passed in string can be represented without - loss as a PrintableString, false otherwise. - - - Convert the passed in string value into the appropriate ASN.1 - encoded object. - - @param oid the oid associated with the value in the DN. - @param value the value of the particular DN component. - @return the ASN.1 equivalent for the value. - - - Apply default conversion for the given value depending on the oid - and the character range of the value. - - @param oid the object identifier for the DN entry - @param value the value associated with it - @return the ASN.1 equivalent for the string value. - - - an object for the elements in the X.509 V3 extension block. - - - Convert the value of the passed in extension to an object. - The extension to parse. - The object the value string contains. - If conversion is not possible. - - - Subject Directory Attributes - - - Subject Key Identifier - - - Key Usage - - - Private Key Usage Period - - - Subject Alternative Name - - - Issuer Alternative Name - - - Basic Constraints - - - CRL Number - - - Reason code - - - Hold Instruction Code - - - Invalidity Date - - - Delta CRL indicator - - - Issuing Distribution Point - - - Certificate Issuer - - - Name Constraints - - - CRL Distribution Points - - - Certificate Policies - - - Policy Mappings - - - Authority Key Identifier - - - Policy Constraints - - - Extended Key Usage - - - Freshest CRL - - - Inhibit Any Policy - - - Authority Info Access - - - Subject Info Access - - - Logo Type - - - BiometricInfo - - - QCStatements - - - Audit identity extension in attribute certificates. - - - NoRevAvail extension in attribute certificates. - - - TargetInformation extension in attribute certificates. - - - Constructor from Asn1Sequence. - - the extensions are a list of constructed sequences, either with (Oid, OctetString) or (Oid, Boolean, OctetString) - - - constructor from a table of extensions. -

- it's is assumed the table contains Oid/string pairs.

- - - Constructor from a table of extensions with ordering. -

- It's is assumed the table contains Oid/string pairs.

- - - Constructor from two vectors - - @param objectIDs an ArrayList of the object identifiers. - @param values an ArrayList of the extension values. - - - return the extension represented by the object identifier - passed in. - - @return the extension if it's present, null otherwise. - - - 
-                 Extensions        ::=   SEQUENCE SIZE (1..MAX) OF Extension
-            
-                 Extension         ::=   SEQUENCE {
-                    extnId            EXTENSION.&id ({ExtensionSet}),
-                    critical          BOOLEAN DEFAULT FALSE,
-                    extnValue         OCTET STRING }
-
- - - return an Enumeration of the extension field's object ids. - - - Generator for X.509 extensions - - - Reset the generator - - - - Add an extension with the given oid and the passed in value to be included - in the OCTET STRING associated with the extension. - - OID for the extension. - True if critical, false otherwise. - The ASN.1 object to be included in the extension. - - - - Add an extension with the given oid and the passed in byte array to be wrapped - in the OCTET STRING associated with the extension. - - OID for the extension. - True if critical, false otherwise. - The byte array to be wrapped. - - - Generate an X509Extensions object based on the current state of the generator. - An X509Extensions object - - - Return true if there are no extension present in this generator. - True if empty, false otherwise - - - 
-                 RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
-            
-                 RelativeDistinguishedName ::= SET SIZE (1..MAX) OF AttributeTypeAndValue
-            
-                 AttributeTypeAndValue ::= SEQUENCE {
-                                               type  OBJECT IDENTIFIER,
-                                               value ANY }
-
- - - country code - StringType(SIZE(2)) - - - organization - StringType(SIZE(1..64)) - - - organizational unit name - StringType(SIZE(1..64)) - - - Title - - - common name - StringType(SIZE(1..64)) - - - street - StringType(SIZE(1..64)) - - - device serial number name - StringType(SIZE(1..64)) - - - locality name - StringType(SIZE(1..64)) - - - state, or province name - StringType(SIZE(1..64)) - - - Naming attributes of type X520name - - - businessCategory - DirectoryString(SIZE(1..128) - - - postalCode - DirectoryString(SIZE(1..40) - - - dnQualifier - DirectoryString(SIZE(1..64) - - - RFC 3039 Pseudonym - DirectoryString(SIZE(1..64) - - - RFC 3039 DateOfBirth - GeneralizedTime - YYYYMMDD000000Z - - - RFC 3039 PlaceOfBirth - DirectoryString(SIZE(1..128) - - - RFC 3039 DateOfBirth - PrintableString (SIZE(1)) -- "M", "F", "m" or "f" - - - RFC 3039 CountryOfCitizenship - PrintableString (SIZE (2)) -- ISO 3166 - codes only - - - RFC 3039 CountryOfCitizenship - PrintableString (SIZE (2)) -- ISO 3166 - codes only - - - ISIS-MTT NameAtBirth - DirectoryString(SIZE(1..64) - - - RFC 3039 PostalAddress - SEQUENCE SIZE (1..6) OF - DirectoryString(SIZE(1..30)) - - - RFC 2256 dmdName - - - id-at-telephoneNumber - - - id-at-name - - - Email address (RSA PKCS#9 extension) - IA5String. -

Note: if you're trying to be ultra orthodox, don't use this! It shouldn't be in here.

- - - more from PKCS#9 - - - email address in Verisign certificates - - - LDAP User id. - - - default look up table translating OID values into their common symbols following - the convention in RFC 2253 with a few extras - - - look up table translating OID values into their common symbols following the convention in RFC 2253 - - - look up table translating OID values into their common symbols following the convention in RFC 1779 - - - - look up table translating common symbols into their OIDS. - - - Return a X509Name based on the passed in tagged object. - - @param obj tag object holding name. - @param explicitly true if explicitly tagged false otherwise. - @return the X509Name - - - Constructor from Asn1Sequence - - the principal will be a list of constructed sets, each containing an (OID, string) pair. - - - Constructor from a table of attributes with ordering. -

- it's is assumed the table contains OID/string pairs, and the contents - of the table are copied into an internal table as part of the - construction process. The ordering ArrayList should contain the OIDs - in the order they are meant to be encoded or printed in ToString.

- - - Constructor from a table of attributes with ordering. -

- it's is assumed the table contains OID/string pairs, and the contents - of the table are copied into an internal table as part of the - construction process. The ordering ArrayList should contain the OIDs - in the order they are meant to be encoded or printed in ToString.

-

- The passed in converter will be used to convert the strings into their - ASN.1 counterparts.

- - - Takes two vectors one of the oids and the other of the values. - - - Takes two vectors one of the oids and the other of the values. -

- The passed in converter will be used to convert the strings into their - ASN.1 counterparts.

- - - Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or - some such, converting it into an ordered set of name attributes. - - - Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or - some such, converting it into an ordered set of name attributes with each - string value being converted to its associated ASN.1 type using the passed - in converter. - - - Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or - some such, converting it into an ordered set of name attributes. If reverse - is true, create the encoded version of the sequence starting from the - last element in the string. - - - Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or - some such, converting it into an ordered set of name attributes with each - string value being converted to its associated ASN.1 type using the passed - in converter. If reverse is true the ASN.1 sequence representing the DN will - be built by starting at the end of the string, rather than the start. - - - Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or - some such, converting it into an ordered set of name attributes. lookUp - should provide a table of lookups, indexed by lowercase only strings and - yielding a DerObjectIdentifier, other than that OID. and numeric oids - will be processed automatically. -
- If reverse is true, create the encoded version of the sequence - starting from the last element in the string. - @param reverse true if we should start scanning from the end (RFC 2553). - @param lookUp table of names and their oids. - @param dirName the X.500 string to be parsed. - - - Takes an X509 dir name as a string of the format "C=AU, ST=Victoria", or - some such, converting it into an ordered set of name attributes. lookUp - should provide a table of lookups, indexed by lowercase only strings and - yielding a DerObjectIdentifier, other than that OID. and numeric oids - will be processed automatically. The passed in converter is used to convert the - string values to the right of each equals sign to their ASN.1 counterparts. -
- @param reverse true if we should start scanning from the end, false otherwise. - @param lookUp table of names and oids. - @param dirName the string dirName - @param converter the converter to convert string values into their ASN.1 equivalents - - - return an IList of the oids in the name, in the order they were found. - - - return an IList of the values found in the name, in the order they - were found. - - - return an IList of the values found in the name, in the order they - were found, with the DN label corresponding to passed in oid. - - - The X509Name object to test equivalency against. - If true, the order of elements must be the same, - as well as the values associated with each element. - - - test for equivalence - note: case is ignored. - - - convert the structure to a string - if reverse is true the - oids and values are listed out starting with the last element - in the sequence (ala RFC 2253), otherwise the string will begin - with the first element of the structure. If no string definition - for the oid is found in oidSymbols the string value of the oid is - added. Two standard symbol tables are provided DefaultSymbols, and - RFC2253Symbols as part of this class. - - @param reverse if true start at the end of the sequence and work back. - @param oidSymbols look up table strings for oids. - - - determines whether or not strings should be processed and printed - from back to front. - - - class for breaking up an X500 Name into it's component tokens, ala - java.util.StringTokenizer. We need this class as some of the - lightweight Java environment don't support classes like - StringTokenizer. - - - ASN.1 def for Diffie-Hellman key exchange KeySpecificInfo structure. See - RFC 2631, or X9.42, for further details. - - - Produce an object suitable for an Asn1OutputStream. - 
-             KeySpecificInfo ::= Sequence {
-                 algorithm OBJECT IDENTIFIER,
-                 counter OCTET STRING SIZE (4..4)
-             }
-
- - - ANS.1 def for Diffie-Hellman key exchange OtherInfo structure. See - RFC 2631, or X9.42, for further details. - - - Produce an object suitable for an Asn1OutputStream. - 
-             OtherInfo ::= Sequence {
-                 keyInfo KeySpecificInfo,
-                 partyAInfo [0] OCTET STRING OPTIONAL,
-                 suppPubInfo [2] OCTET STRING
-             }
-
- - - table of the current named curves defined in X.962 EC-DSA. - - - return the X9ECParameters object for the named curve represented by - the passed in object identifier. Null if the curve isn't present. - - @param oid an object identifier representing a named curve, if present. - - - return the object identifier signified by the passed in name. Null - if there is no object identifier associated with name. - - @return the object identifier associated with name, if present. - - - return the named curve name represented by the given object identifier. - - - returns an enumeration containing the name strings for curves - contained in this structure. - - - Produce an object suitable for an Asn1OutputStream. - 
-            Parameters ::= CHOICE {
-               ecParameters ECParameters,
-               namedCurve   CURVES.&id({CurveNames}),
-               implicitlyCA Null
-            }
-
- - - ASN.1 def for Elliptic-Curve Curve structure. See - X9.62, for further details. - - - Produce an object suitable for an Asn1OutputStream. - 
-             Curve ::= Sequence {
-                 a               FieldElement,
-                 b               FieldElement,
-                 seed            BIT STRING      OPTIONAL
-             }
-
- - - ASN.1 def for Elliptic-Curve ECParameters structure. See - X9.62, for further details. - - - Produce an object suitable for an Asn1OutputStream. - 
-             ECParameters ::= Sequence {
-                 version         Integer { ecpVer1(1) } (ecpVer1),
-                 fieldID         FieldID {{FieldTypes}},
-                 curve           X9Curve,
-                 base            X9ECPoint,
-                 order           Integer,
-                 cofactor        Integer OPTIONAL
-             }
-
- - - class for describing an ECPoint as a Der object. - - - Produce an object suitable for an Asn1OutputStream. - 
-             ECPoint ::= OCTET STRING
-
-

- Octet string produced using ECPoint.GetEncoded().

- - - Class for processing an ECFieldElement as a DER object. - - - Produce an object suitable for an Asn1OutputStream. - 
-             FieldElement ::= OCTET STRING
-
-

-

    -
  1. if q is an odd prime then the field element is - processed as an Integer and converted to an octet string - according to x 9.62 4.3.1.
    2. -
  2. if q is 2m then the bit string - contained in the field element is converted into an octet - string with the same ordering padded at the front if necessary. -
    3. -
-

- - - ASN.1 def for Elliptic-Curve Field ID structure. See - X9.62, for further details. - - - Constructor for elliptic curves over prime fields - F2. - @param primeP The prime p defining the prime field. - - - Constructor for elliptic curves over binary fields - F2m. - @param m The exponent m of - F2m. - @param k1 The integer k1 where xm + - xk3 + xk2 + xk1 + 1 - represents the reduction polynomial f(z). - @param k2 The integer k2 where xm + - xk3 + xk2 + xk1 + 1 - represents the reduction polynomial f(z). - @param k3 The integer k3 where xm + - xk3 + xk2 + xk1 + 1 - represents the reduction polynomial f(z).. - - - Produce a Der encoding of the following structure. - 
-             FieldID ::= Sequence {
-                 fieldType       FIELD-ID.&id({IOSet}),
-                 parameters      FIELD-ID.&Type({IOSet}{@fieldType})
-             }
-
- - - X9.42 - - - id-dsa-with-sha1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) - us(840) x9-57 (10040) x9cm(4) 3 } - - - X9.63 - - - reader for Base64 armored objects - read the headers and then start returning - bytes when the data is reached. An IOException is thrown if the CRC check - fails. - - - decode the base 64 encoded input data. - - @return the offset the data starts in out. - - - Create a stream for reading a PGP armoured message, parsing up to a header - and then reading the data that follows. - - @param input - - - Create an armoured input stream which will assume the data starts - straight away, or parse for headers first depending on the value of - hasHeaders. - - @param input - @param hasHeaders true if headers are to be looked for, false otherwise. - - - @return true if we are inside the clear text section of a PGP - signed message. - - - @return true if the stream is actually at end of file. - - - Return the armor header line (if there is one) - @return the armor header line, null if none present. - - - Return the armor headers (the lines after the armor header line), - @return an array of armor headers, null if there aren't any. - - - Basic output stream. - - - encode the input data producing a base 64 encoded byte array. - - - Set an additional header entry. - - @param name the name of the header entry. - @param v the value of the header entry. - - - Reset the headers to only contain a Version string. - - - Start a clear text signed message. - @param hashAlgorithm - - - Note: Dispose does nor Dispose the underlying stream. So it is possible to write - multiple objects using armoring to a single stream. - - - Basic type for a image attribute packet. - - - Basic type for a user attribute sub-packet. - - - return the generic data making up the packet. - - - Reader for PGP objects. - - - Returns the next packet tag in the stream. - - - - A stream that overlays our input stream, allowing the user to only read a segment of it. - NB: dataLength will be negative if the segment length is in the upper range above 2**31. - - - - Base class for a PGP object. - - - Basic output stream. - - - Create a stream representing a general packet. - Output stream to write to. - - - Create a stream representing an old style partial object. - Output stream to write to. - The packet tag for the object. - - - Create a stream representing a general packet. - Output stream to write to. - Packet tag. - Size of chunks making up the packet. - If true, the header is written out in old format. - - - Create a new style partial input stream buffered into chunks. - Output stream to write to. - Packet tag. - Size of chunks making up the packet. - - - Create a new style partial input stream buffered into chunks. - Output stream to write to. - Packet tag. - Buffer to use for collecting chunks. - - - Flush the underlying stream. - - - Finish writing out the current packet without closing the underlying stream. - - - Generic compressed data object. - - - Note: you can only read from this once... - - - The algorithm tag value. - - - Basic tags for compression algorithms. - - - Basic type for a PGP packet. - - - Base class for a DSA public key. - - - Base interface for a PGP key. - - - - The base format for this key - in the case of the symmetric keys it will generally - be raw indicating that the key is just a straight byte representation, for an asymmetric - key the format will be PGP, indicating the key is a string of MPIs encoded in PGP format. - - "RAW" or "PGP". - - - The stream to read the packet from. - - - Return the standard PGP encoding of the key. - - - The format, as a string, always "PGP". - - - Base class for a DSA secret key. - - - @param in - - - Return the standard PGP encoding of the key. - - - The format, as a string, always "PGP". - - - @return x - - - Base class for an ElGamal public key. - - - Return the standard PGP encoding of the key. - - - The format, as a string, always "PGP". - - - Base class for an ElGamal secret key. - - - @param in - - - @param x - - - Return the standard PGP encoding of the key. - - - The format, as a string, always "PGP". - - - Basic packet for an experimental packet. - - - Basic tags for hash algorithms. - - - Generic literal data packet. - - - The format tag value. - - - The modification time of the file in milli-seconds (since Jan 1, 1970 UTC) - - - Basic type for a marker packet. - - - Basic packet for a modification detection code packet. - - - A multiple precision integer - - - Generic signature object - - - The encryption algorithm tag. - - - The hash algorithm tag. - - - Basic PGP packet tag types. - - - Public Key Algorithm tag numbers. - - - Basic packet for a PGP public key. - - - Basic packet for a PGP public key. - - - Construct a version 4 public key packet. - - - Basic packet for a PGP public subkey - - - Construct a version 4 public subkey packet. - - - Base class for an RSA public key. - - - Construct an RSA public key from the passed in stream. - - - The modulus. - The public exponent. - - - Return the standard PGP encoding of the key. - - - The format, as a string, always "PGP". - - - Base class for an RSA secret (or priate) key. - - - Return the standard PGP encoding of the key. - - - The format, as a string, always "PGP". - - - The string to key specifier class. - - - The IV for the key generation algorithm. - - - The hash algorithm. - - - The iteration count - - - The protection mode - only if GnuDummyS2K - - - Basic packet for a PGP secret key. - - - Basic packet for a PGP secret key. - - - Generic signature packet. - - - Generate a version 4 signature packet. - - @param signatureType - @param keyAlgorithm - @param hashAlgorithm - @param hashedData - @param unhashedData - @param fingerprint - @param signature - - - Generate a version 2/3 signature packet. - - @param signatureType - @param keyAlgorithm - @param hashAlgorithm - @param fingerprint - @param signature - - - return the signature trailer that must be included with the data - to reconstruct the signature - - @return byte[] - - - * return the signature as a set of integers - note this is normalised to be the - * ASN.1 encoding of what appears in the signature packet. - - - Return the byte encoding of the signature section. - @return uninterpreted signature bytes. - - - return the keyId - @return the keyId that created the signature. - - - Return the creation time in milliseconds since 1 Jan., 1970 UTC. - - - Basic type for a PGP Signature sub-packet. - - - Return the generic data making up the packet. - - - reader for signature sub-packets - - - Basic PGP signature sub-packet tag types. - - - Packet embedded signature - - - packet giving signature creation time. - - - packet giving signature creation time. - - - packet giving time after creation at which the key expires. - - - Return the number of seconds after creation time a key is valid for. - - @return second count for key validity. - - - Packet holding the key flag values. - - - - Return the flag values contained in the first 4 octets (note: at the moment - the standard only uses the first one). - - - - Class provided a NotationData object according to - RFC2440, Chapter 5.2.3.15. Notation Data - - - packet giving signature creation time. - - - packet giving whether or not the signature is signed using the primary user ID for the key. - - - packet giving whether or not is revocable. - - - - Represents revocation key OpenPGP signature sub packet. - - - - - Represents revocation reason OpenPGP signature sub packet. - - - - packet giving signature creation time. - - - packet giving signature expiration time. - - - return time in seconds before signature expires after creation time. - - - packet giving the User ID of the signer. - - - packet giving trust. - - - Basic type for a symmetric key encrypted packet. - - - Basic tags for symmetric key algorithms - - - Basic type for a symmetric encrypted session key packet - - - @return byte[] - - - @return int - - - @return S2k - - - @return int - - - Basic type for a trust packet. - - - Basic type for a user attribute packet. - - - reader for user attribute sub-packets - - - Basic PGP user attribute sub-packet tag types. - - - Basic type for a user ID packet. - - - - The 'Signature' parameter is only available when generating unsigned attributes. - - - - containing class for an CMS Authenticated Data object - - - return a store of the intended recipients for this message - - - return a table of the digested attributes indexed by - the OID of the attribute. - - - return a table of the undigested attributes indexed by - the OID of the attribute. - - - return the ASN.1 encoded representation of this object. - - - return the object identifier for the content MAC algorithm. - - - return the ContentInfo - - - General class for generating a CMS authenticated-data message. - - A simple example of usage. - - 
-                  CMSAuthenticatedDataGenerator  fact = new CMSAuthenticatedDataGenerator();
-            
-                  fact.addKeyTransRecipient(cert);
-            
-                  CMSAuthenticatedData         data = fact.generate(content, algorithm, "BC");
-
- - - General class for generating a CMS enveloped-data message. - - A simple example of usage. - - 
-                  CMSEnvelopedDataGenerator  fact = new CMSEnvelopedDataGenerator();
-            
-                  fact.addKeyTransRecipient(cert);
-            
-                  CMSEnvelopedData         data = fact.generate(content, algorithm, "BC");
-
- - - Constructor allowing specific source of randomness - Instance of SecureRandom to use. - - - add a recipient. - - @param cert recipient's public key certificate - @exception ArgumentException if there is a problem with the certificate - - - add a recipient - - @param key the public key used by the recipient - @param subKeyId the identifier for the recipient's public key - @exception ArgumentException if there is a problem with the key - - - add a KEK recipient. - @param key the secret key to use for wrapping - @param keyIdentifier the byte string that identifies the key - - - add a KEK recipient. - @param key the secret key to use for wrapping - @param keyIdentifier the byte string that identifies the key - - - Add a key agreement based recipient. - - @param agreementAlgorithm key agreement algorithm to use. - @param senderPrivateKey private key to initialise sender side of agreement with. - @param senderPublicKey sender public key to include with message. - @param recipientCert recipient's public key certificate. - @param cekWrapAlgorithm OID for key wrapping algorithm to use. - @exception SecurityUtilityException if the algorithm requested cannot be found - @exception InvalidKeyException if the keys are inappropriate for the algorithm specified - - - Add multiple key agreement based recipients (sharing a single KeyAgreeRecipientInfo structure). - - @param agreementAlgorithm key agreement algorithm to use. - @param senderPrivateKey private key to initialise sender side of agreement with. - @param senderPublicKey sender public key to include with message. - @param recipientCerts recipients' public key certificates. - @param cekWrapAlgorithm OID for key wrapping algorithm to use. - @exception SecurityUtilityException if the algorithm requested cannot be found - @exception InvalidKeyException if the keys are inappropriate for the algorithm specified - - - base constructor - - - constructor allowing specific source of randomness - - @param rand instance of SecureRandom to use - - - base constructor - - - constructor allowing specific source of randomness - @param rand instance of SecureRandom to use - - - generate an enveloped object that contains an CMS Enveloped Data - object using the given provider and the passed in key generator. - - - generate an authenticated object that contains an CMS Authenticated Data object - - - Parsing class for an CMS Authenticated Data object from an input stream. -

- Note: that because we are in a streaming mode only one recipient can be tried and it is important - that the methods on the parser are called in the appropriate order. -

-

- Example of use - assuming the first recipient matches the private key we have. - 

-                  CMSAuthenticatedDataParser     ad = new CMSAuthenticatedDataParser(inputStream);
-            
-                  RecipientInformationStore  recipients = ad.getRecipientInfos();
-            
-                  Collection  c = recipients.getRecipients();
-                  Iterator    it = c.iterator();
-            
-                  if (it.hasNext())
-                  {
-                      RecipientInformation   recipient = (RecipientInformation)it.next();
-            
-                      CMSTypedStream recData = recipient.getContentStream(privateKey, "BC");
-            
-                      processDataStream(recData.getContentStream());
-            
-                      if (!Arrays.equals(ad.getMac(), recipient.getMac())
-                      {
-                          System.err.println("Data corrupted!!!!");
-                      }
-                  }
-
- Note: this class does not introduce buffering - if you are processing large files you should create - the parser with: - 
-                      CMSAuthenticatedDataParser     ep = new CMSAuthenticatedDataParser(new BufferedInputStream(inputStream, bufSize));
-
- where bufSize is a suitably large buffer size. -

- - - Close the underlying data stream. - @throws IOException if the close fails. - - - return a store of the intended recipients for this message - - - return a table of the unauthenticated attributes indexed by - the OID of the attribute. - @exception java.io.IOException - - - return a table of the unauthenticated attributes indexed by - the OID of the attribute. - @exception java.io.IOException - - - return the object identifier for the mac algorithm. - - - return the ASN.1 encoded encryption algorithm parameters, or null if - there aren't any. - - - General class for generating a CMS authenticated-data message stream. -

- A simple example of usage. - 

-                  CMSAuthenticatedDataStreamGenerator edGen = new CMSAuthenticatedDataStreamGenerator();
-            
-                  edGen.addKeyTransRecipient(cert);
-            
-                  ByteArrayOutputStream  bOut = new ByteArrayOutputStream();
-            
-                  OutputStream out = edGen.open(
-                                          bOut, CMSAuthenticatedDataGenerator.AES128_CBC, "BC");*
-                  out.write(data);
-            
-                  out.close();
-
-

- - - base constructor - - - constructor allowing specific source of randomness - @param rand instance of SecureRandom to use - - - Set the underlying string size for encapsulated data - - @param bufferSize length of octet strings to buffer the data. - - - Use a BER Set to store the recipient information - - - generate an enveloped object that contains an CMS Enveloped Data - object using the given provider and the passed in key generator. - @throws java.io.IOException - - - generate an enveloped object that contains an CMS Enveloped Data object - - - generate an enveloped object that contains an CMS Enveloped Data object - - - containing class for an CMS AuthEnveloped Data object - - - containing class for an CMS Compressed Data object - - - Return the uncompressed content. - - @return the uncompressed content - @throws CmsException if there is an exception uncompressing the data. - - - Return the uncompressed content, throwing an exception if the data size - is greater than the passed in limit. If the content is exceeded getCause() - on the CMSException will contain a StreamOverflowException - - @param limit maximum number of bytes to read - @return the content read - @throws CMSException if there is an exception uncompressing the data. - - - return the ASN.1 encoded representation of this object. - - - return the ContentInfo - - - * General class for generating a compressed CMS message. - *

- * A simple example of usage.

- *

- * 

-                *      CMSCompressedDataGenerator fact = new CMSCompressedDataGenerator();
-                *      CMSCompressedData data = fact.Generate(content, algorithm);
-                *
- *

- - - Generate an object that contains an CMS Compressed Data - - - Class for reading a CMS Compressed Data stream. - 
-                 CMSCompressedDataParser cp = new CMSCompressedDataParser(inputStream);
-            
-                 process(cp.GetContent().GetContentStream());
-
- Note: this class does not introduce buffering - if you are processing large files you should create - the parser with: - 
-                  CMSCompressedDataParser     ep = new CMSCompressedDataParser(new BufferedInputStream(inputStream, bufSize));
-
- where bufSize is a suitably large buffer size. - - - General class for generating a compressed CMS message stream. -

- A simple example of usage. -

- 
-                  CMSCompressedDataStreamGenerator gen = new CMSCompressedDataStreamGenerator();
-            
-                  Stream cOut = gen.Open(outputStream, CMSCompressedDataStreamGenerator.ZLIB);
-            
-                  cOut.Write(data);
-            
-                  cOut.Close();
-
- - - base constructor - - - Set the underlying string size for encapsulated data - - @param bufferSize length of octet strings to buffer the data. - - - containing class for an CMS Enveloped Data object - - - return a store of the intended recipients for this message - - - return a table of the unprotected attributes indexed by - the OID of the attribute. - - - return the ASN.1 encoded representation of this object. - - - return the object identifier for the content encryption algorithm. - - - return the ContentInfo - - - - General class for generating a CMS enveloped-data message. - - A simple example of usage. - - 
-                  CmsEnvelopedDataGenerator  fact = new CmsEnvelopedDataGenerator();
-            
-                  fact.AddKeyTransRecipient(cert);
-            
-                  CmsEnvelopedData         data = fact.Generate(content, algorithm);
-
- - - - Constructor allowing specific source of randomness - Instance of SecureRandom to use. - - - - Generate an enveloped object that contains a CMS Enveloped Data - object using the passed in key generator. - - - - Generate an enveloped object that contains an CMS Enveloped Data object. - - - Generate an enveloped object that contains an CMS Enveloped Data object. - - - Parsing class for an CMS Enveloped Data object from an input stream. -

- Note: that because we are in a streaming mode only one recipient can be tried and it is important - that the methods on the parser are called in the appropriate order. -

-

- Example of use - assuming the first recipient matches the private key we have. - 

-                  CmsEnvelopedDataParser     ep = new CmsEnvelopedDataParser(inputStream);
-            
-                  RecipientInformationStore  recipients = ep.GetRecipientInfos();
-            
-                  Collection  c = recipients.getRecipients();
-                  Iterator    it = c.iterator();
-            
-                  if (it.hasNext())
-                  {
-                      RecipientInformation   recipient = (RecipientInformation)it.next();
-            
-                      CMSTypedStream recData = recipient.getContentStream(privateKey);
-            
-                      processDataStream(recData.getContentStream());
-                  }
-
- Note: this class does not introduce buffering - if you are processing large files you should create - the parser with: - 
-                      CmsEnvelopedDataParser     ep = new CmsEnvelopedDataParser(new BufferedInputStream(inputStream, bufSize));
-
- where bufSize is a suitably large buffer size. -

- - - return a store of the intended recipients for this message - - - return a table of the unprotected attributes indexed by - the OID of the attribute. - @throws IOException - - - return the object identifier for the content encryption algorithm. - - - return the ASN.1 encoded encryption algorithm parameters, or null if - there aren't any. - - - General class for generating a CMS enveloped-data message stream. -

- A simple example of usage. - 

-                  CmsEnvelopedDataStreamGenerator edGen = new CmsEnvelopedDataStreamGenerator();
-            
-                  edGen.AddKeyTransRecipient(cert);
-            
-                  MemoryStream  bOut = new MemoryStream();
-            
-                  Stream out = edGen.Open(
-                                          bOut, CMSEnvelopedDataGenerator.AES128_CBC);*
-                  out.Write(data);
-            
-                  out.Close();
-
-

- - - Constructor allowing specific source of randomness - Instance of SecureRandom to use. - - - Set the underlying string size for encapsulated data. - Length of octet strings to buffer the data. - - - Use a BER Set to store the recipient information. - - - - Generate an enveloped object that contains an CMS Enveloped Data - object using the passed in key generator. - - - - generate an enveloped object that contains an CMS Enveloped Data object - @throws IOException - - - generate an enveloped object that contains an CMS Enveloped Data object - @throws IOException - - - all parameter classes implement this. - - - - Generic routine to copy out the data we want processed. - - - This routine may be called multiple times. - - - - a holding class for a byte array of data to be processed. - - - A clone of the byte array - - - general class for handling a pkcs7-signature message. - - A simple example of usage - note, in the example below the validity of - the certificate isn't verified, just the fact that one of the certs - matches the given signer... - - 
-              IX509Store              certs = s.GetCertificates();
-              SignerInformationStore  signers = s.GetSignerInfos();
-            
-              foreach (SignerInformation signer in signers.GetSigners())
-              {
-                  ArrayList       certList = new ArrayList(certs.GetMatches(signer.SignerID));
-                  X509Certificate cert = (X509Certificate) certList[0];
-            
-                  if (signer.Verify(cert.GetPublicKey()))
-                  {
-                      verified++;
-                  }
-              }
-
- - - Content with detached signature, digests precomputed - - @param hashes a map of precomputed digests for content indexed by name of hash. - @param sigBlock the signature object. - - - base constructor - content with detached signature. - - @param signedContent the content that was signed. - @param sigData the signature object. - - - base constructor - with encapsulated content - - - return the collection of signers that are associated with the - signatures for the message. - - - return a X509Store containing the attribute certificates, if any, contained - in this message. - - @param type type of store to create - @return a store of attribute certificates - @exception NoSuchStoreException if the store type isn't available. - @exception CmsException if a general exception prevents creation of the X509Store - - - return a X509Store containing the public key certificates, if any, contained - in this message. - - @param type type of store to create - @return a store of public key certificates - @exception NoSuchStoreException if the store type isn't available. - @exception CmsException if a general exception prevents creation of the X509Store - - - return a X509Store containing CRLs, if any, contained - in this message. - - @param type type of store to create - @return a store of CRLs - @exception NoSuchStoreException if the store type isn't available. - @exception CmsException if a general exception prevents creation of the X509Store - - - return the ASN.1 encoded representation of this object. - - - Replace the signerinformation store associated with this - CmsSignedData object with the new one passed in. You would - probably only want to do this if you wanted to change the unsigned - attributes associated with a signer, or perhaps delete one. - - @param signedData the signed data object to be used as a base. - @param signerInformationStore the new signer information store to use. - @return a new signed data object. - - - Replace the certificate and CRL information associated with this - CmsSignedData object with the new one passed in. - - @param signedData the signed data object to be used as a base. - @param x509Certs the new certificates to be used. - @param x509Crls the new CRLs to be used. - @return a new signed data object. - @exception CmsException if there is an error processing the stores - - - Return the version number for this object. - - - - Return the DerObjectIdentifier associated with the encapsulated - content info structure carried in the signed data. - - - - return the ContentInfo - - - * general class for generating a pkcs7-signature message. - *

- * A simple example of usage. - * - * 

-                 *      IX509Store certs...
-                 *      IX509Store crls...
-                 *      CmsSignedDataGenerator gen = new CmsSignedDataGenerator();
-                 *
-                 *      gen.AddSigner(privKey, cert, CmsSignedGenerator.DigestSha1);
-                 *      gen.AddCertificates(certs);
-                 *      gen.AddCrls(crls);
-                 *
-                 *      CmsSignedData data = gen.Generate(content);
-                 *
- *

- - - Default type for the signed data. - - - Constructor allowing specific source of randomness - Instance of SecureRandom to use. - - - Add the attribute certificates contained in the passed in store to the - generator. - - @param store a store of Version 2 attribute certificates - @throws CmsException if an error occurse processing the store. - - - Add a store of precalculated signers to the generator. - - @param signerStore store of signers - - - Return a map of oids and byte arrays representing the digests calculated on the content during - the last generate. - - @return a map of oids (as String objects) and byte[] representing digests. - - - Constructor allowing specific source of randomness - Instance of SecureRandom to use. - - - * add a signer - no attributes other than the default ones will be - * provided here. - * - * @param key signing key to use - * @param cert certificate containing corresponding public key - * @param digestOID digest algorithm OID - - - add a signer, specifying the digest encryption algorithm to use - no attributes other than the default ones will be - provided here. - - @param key signing key to use - @param cert certificate containing corresponding public key - @param encryptionOID digest encryption algorithm OID - @param digestOID digest algorithm OID - - - add a signer - no attributes other than the default ones will be - provided here. - - - add a signer, specifying the digest encryption algorithm to use - no attributes other than the default ones will be - provided here. - - - * add a signer with extra signed/unsigned attributes. - * - * @param key signing key to use - * @param cert certificate containing corresponding public key - * @param digestOID digest algorithm OID - * @param signedAttr table of attributes to be included in signature - * @param unsignedAttr table of attributes to be included as unsigned - - - add a signer, specifying the digest encryption algorithm, with extra signed/unsigned attributes. - - @param key signing key to use - @param cert certificate containing corresponding public key - @param encryptionOID digest encryption algorithm OID - @param digestOID digest algorithm OID - @param signedAttr table of attributes to be included in signature - @param unsignedAttr table of attributes to be included as unsigned - - - * add a signer with extra signed/unsigned attributes. - * - * @param key signing key to use - * @param subjectKeyID subjectKeyID of corresponding public key - * @param digestOID digest algorithm OID - * @param signedAttr table of attributes to be included in signature - * @param unsignedAttr table of attributes to be included as unsigned - - - add a signer, specifying the digest encryption algorithm, with extra signed/unsigned attributes. - - @param key signing key to use - @param subjectKeyID subjectKeyID of corresponding public key - @param encryptionOID digest encryption algorithm OID - @param digestOID digest algorithm OID - @param signedAttr table of attributes to be included in signature - @param unsignedAttr table of attributes to be included as unsigned - - - add a signer with extra signed/unsigned attributes based on generators. - - - add a signer, specifying the digest encryption algorithm, with extra signed/unsigned attributes based on generators. - - - add a signer with extra signed/unsigned attributes based on generators. - - - add a signer, including digest encryption algorithm, with extra signed/unsigned attributes based on generators. - - - generate a signed object that for a CMS Signed Data object - - - generate a signed object that for a CMS Signed Data - object - if encapsulate is true a copy - of the message will be included in the signature. The content type - is set according to the OID represented by the string signedContentType. - - - generate a signed object that for a CMS Signed Data - object - if encapsulate is true a copy - of the message will be included in the signature with the - default content type "data". - - - generate a set of one or more SignerInformation objects representing counter signatures on - the passed in SignerInformation object. - - @param signer the signer to be countersigned - @param sigProvider the provider to be used for counter signing. - @return a store containing the signers. - - - Parsing class for an CMS Signed Data object from an input stream. -

- Note: that because we are in a streaming mode only one signer can be tried and it is important - that the methods on the parser are called in the appropriate order. -

-

- A simple example of usage for an encapsulated signature. -

-

- Two notes: first, in the example below the validity of - the certificate isn't verified, just the fact that one of the certs - matches the given signer, and, second, because we are in a streaming - mode the order of the operations is important. -

- 
-                  CmsSignedDataParser     sp = new CmsSignedDataParser(encapSigData);
-            
-                  sp.GetSignedContent().Drain();
-            
-                  IX509Store              certs = sp.GetCertificates();
-                  SignerInformationStore  signers = sp.GetSignerInfos();
-            
-                  foreach (SignerInformation signer in signers.GetSigners())
-                  {
-                      ArrayList       certList = new ArrayList(certs.GetMatches(signer.SignerID));
-                      X509Certificate cert = (X509Certificate) certList[0];
-            
-                      Console.WriteLine("verify returns: " + signer.Verify(cert));
-                  }
-
- Note also: this class does not introduce buffering - if you are processing large files you should create - the parser with: - 
-                      CmsSignedDataParser     ep = new CmsSignedDataParser(new BufferedInputStream(encapSigData, bufSize));
-
- where bufSize is a suitably large buffer size. - - - base constructor - with encapsulated content - - - base constructor - - @param signedContent the content that was signed. - @param sigData the signature object. - - - return the collection of signers that are associated with the - signatures for the message. - @throws CmsException - - - return a X509Store containing the attribute certificates, if any, contained - in this message. - - @param type type of store to create - @return a store of attribute certificates - @exception org.bouncycastle.x509.NoSuchStoreException if the store type isn't available. - @exception CmsException if a general exception prevents creation of the X509Store - - - return a X509Store containing the public key certificates, if any, contained - in this message. - - @param type type of store to create - @return a store of public key certificates - @exception NoSuchStoreException if the store type isn't available. - @exception CmsException if a general exception prevents creation of the X509Store - - - return a X509Store containing CRLs, if any, contained - in this message. - - @param type type of store to create - @return a store of CRLs - @exception NoSuchStoreException if the store type isn't available. - @exception CmsException if a general exception prevents creation of the X509Store - - - Replace the signerinformation store associated with the passed - in message contained in the stream original with the new one passed in. - You would probably only want to do this if you wanted to change the unsigned - attributes associated with a signer, or perhaps delete one. -

- The output stream is returned unclosed. -

- @param original the signed data stream to be used as a base. - @param signerInformationStore the new signer information store to use. - @param out the stream to Write the new signed data object to. - @return out. - - - Replace the certificate and CRL information associated with this - CMSSignedData object with the new one passed in. -

- The output stream is returned unclosed. -

- @param original the signed data stream to be used as a base. - @param certsAndCrls the new certificates and CRLs to be used. - @param out the stream to Write the new signed data object to. - @return out. - @exception CmsException if there is an error processing the CertStore - - - Return the version number for the SignedData object - - @return the version number - - - - Return the DerObjectIdentifier associated with the encapsulated - content info structure carried in the signed data. - - - - General class for generating a pkcs7-signature message stream. -

- A simple example of usage. -

- 
-                  IX509Store                   certs...
-                  CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator();
-            
-                  gen.AddSigner(privateKey, cert, CmsSignedDataStreamGenerator.DIGEST_SHA1);
-            
-                  gen.AddCertificates(certs);
-            
-                  Stream sigOut = gen.Open(bOut);
-            
-                  sigOut.Write(Encoding.UTF8.GetBytes("Hello World!"));
-            
-                  sigOut.Close();
-
- - - Constructor allowing specific source of randomness - Instance of SecureRandom to use. - - - Set the underlying string size for encapsulated data - - @param bufferSize length of octet strings to buffer the data. - - - add a signer - no attributes other than the default ones will be - provided here. - @throws NoSuchAlgorithmException - @throws InvalidKeyException - - - add a signer, specifying the digest encryption algorithm - no attributes other than the default ones will be - provided here. - @throws NoSuchProviderException - @throws NoSuchAlgorithmException - @throws InvalidKeyException - - - add a signer with extra signed/unsigned attributes. - @throws NoSuchAlgorithmException - @throws InvalidKeyException - - - add a signer with extra signed/unsigned attributes - specifying digest - encryption algorithm. - @throws NoSuchProviderException - @throws NoSuchAlgorithmException - @throws InvalidKeyException - - - add a signer - no attributes other than the default ones will be - provided here. - @throws NoSuchAlgorithmException - @throws InvalidKeyException - - - add a signer - no attributes other than the default ones will be - provided here. - @throws NoSuchProviderException - @throws NoSuchAlgorithmException - @throws InvalidKeyException - - - add a signer with extra signed/unsigned attributes. - @throws NoSuchAlgorithmException - @throws InvalidKeyException - - - generate a signed object that for a CMS Signed Data object - - - generate a signed object that for a CMS Signed Data - object - if encapsulate is true a copy - of the message will be included in the signature with the - default content type "data". - - - generate a signed object that for a CMS Signed Data - object using the given provider - if encapsulate is true a copy - of the message will be included in the signature with the - default content type "data". If dataOutputStream is non null the data - being signed will be written to the stream as it is processed. - @param out stream the CMS object is to be written to. - @param encapsulate true if data should be encapsulated. - @param dataOutputStream output stream to copy the data being signed to. - - - generate a signed object that for a CMS Signed Data - object - if encapsulate is true a copy - of the message will be included in the signature. The content type - is set according to the OID represented by the string signedContentType. - - - generate a signed object that for a CMS Signed Data - object using the given provider - if encapsulate is true a copy - of the message will be included in the signature. The content type - is set according to the OID represented by the string signedContentType. - @param out stream the CMS object is to be written to. - @param signedContentType OID for data to be signed. - @param encapsulate true if data should be encapsulated. - @param dataOutputStream output stream to copy the data being signed to. - - - Return the digest algorithm using one of the standard JCA string - representations rather than the algorithm identifier (if possible). - - - Return the digest encryption algorithm using one of the standard - JCA string representations rather than the algorithm identifier (if - possible). - - - Default authenticated attributes generator. - - - Initialise to use all defaults - - - Initialise with some extra attributes or overrides. - - @param attributeTable initial attribute table to use. - - - Create a standard attribute table from the passed in parameters - this will - normally include contentType and messageDigest. If the constructor - using an AttributeTable was used, entries in it for contentType and - messageDigest will override the generated ones. - - @param parameters source parameters for table generation. - - @return a filled in IDictionary of attributes. - - - @param parameters source parameters - @return the populated attribute table - - - Default signed attributes generator. - - - Initialise to use all defaults - - - Initialise with some extra attributes or overrides. - - @param attributeTable initial attribute table to use. - - - Create a standard attribute table from the passed in parameters - this will - normally include contentType, signingTime, and messageDigest. If the constructor - using an AttributeTable was used, entries in it for contentType, signingTime, and - messageDigest will override the generated ones. - - @param parameters source parameters for table generation. - - @return a filled in Hashtable of attributes. - - - @param parameters source parameters - @return the populated attribute table - - - - Generate a RecipientInfo object for the given key. - - - A - - - A - - - A - - - - - the RecipientInfo class for a recipient who has been sent a message - encrypted using a secret key known to the other side. - - - Return the MAC calculated for the content stream. Note: this call is only meaningful once all - the content has been read. - - @return byte array containing the mac. - - - * return the object identifier for the key encryption algorithm. - * - * @return OID for key encryption algorithm. - - - * return the ASN.1 encoded key encryption algorithm parameters, or null if - * there aren't any. - * - * @return ASN.1 encoding of key encryption algorithm parameters. - - - decrypt the content and return an input stream. - - - the RecipientInfo class for a recipient who has been sent a message - encrypted using key agreement. - - - decrypt the content and return an input stream. - - - the KeyTransRecipientInformation class for a recipient who has been sent a secret - key encrypted using their public key that needs to be used to - extract the message. - - - decrypt the content and return it as a byte array. - - - a basic index for an originator. - - - - An ISet of DerObjectIdentifier objects. - - - - the RecipientInfo class for a recipient who has been sent a message - encrypted using a password. - - - decrypt the content and return an input stream. - - - return the object identifier for the key derivation algorithm, or null - if there is none present. - - @return OID for key derivation algorithm, if present. - - - - PKCS5 scheme-2 - password converted to bytes assuming ASCII. - - - - PKCS5 scheme-2 - password converted to bytes using UTF-8. - - - Return the first RecipientInformation object that matches the - passed in selector. Null if there are no matches. - - @param selector to identify a recipient - @return a single RecipientInformation object. Null if none matches. - - - Return all recipients in the collection - - @return a collection of recipients. - - - Return possible empty collection with recipients matching the passed in RecipientID - - @param selector a recipient id to select against. - @return a collection of RecipientInformation objects. - - - Return the number of recipients in the collection. - - @return number of recipients identified. - - - a basic index for a signer. - - - an expanded SignerInfo block from a CMS Signed message - - - return the content digest that was calculated during verification. - - - return the encoded signature - - - Return a SignerInformationStore containing the counter signatures attached to this - signer. If no counter signatures are present an empty store is returned. - - - return the DER encoding of the signed attributes. - @throws IOException if an encoding error occurs. - - - verify that the given public key successfully handles and confirms the - signature associated with this signer. - - - verify that the given certificate successfully handles and confirms - the signature associated with this signer and, if a signingTime - attribute is available, that the certificate was valid at the time the - signature was generated. - - - Return the base ASN.1 CMS structure that this object contains. - - @return an object containing a CMS SignerInfo structure. - - - Return a signer information object with the passed in unsigned - attributes replacing the ones that are current associated with - the object passed in. - - @param signerInformation the signerInfo to be used as the basis. - @param unsignedAttributes the unsigned attributes to add. - @return a copy of the original SignerInformationObject with the changed attributes. - - - Return a signer information object with passed in SignerInformationStore representing counter - signatures attached as an unsigned attribute. - - @param signerInformation the signerInfo to be used as the basis. - @param counterSigners signer info objects carrying counter signature. - @return a copy of the original SignerInformationObject with the changed attributes. - - - return the version number for this objects underlying SignerInfo structure. - - - return the object identifier for the signature. - - - return the signature parameters, or null if there aren't any. - - - return the object identifier for the signature. - - - return the signature/encryption algorithm parameters, or null if - there aren't any. - - - return a table of the signed attributes - indexed by - the OID of the attribute. - - - return a table of the unsigned attributes indexed by - the OID of the attribute. - - - Return the first SignerInformation object that matches the - passed in selector. Null if there are no matches. - - @param selector to identify a signer - @return a single SignerInformation object. Null if none matches. - - - An ICollection of all signers in the collection - - - Return possible empty collection with signers matching the passed in SignerID - - @param selector a signer id to select against. - @return a collection of SignerInformation objects. - - - The number of signers in the collection. - - - Basic generator that just returns a preconstructed attribute table - - - a Diffie-Hellman key exchange engine. -

- note: This uses MTI/A0 key agreement in order to make the key agreement - secure against passive attacks. If you're doing Diffie-Hellman and both - parties have long term public keys you should look at using this. For - further information have a look at RFC 2631.

-

- It's possible to extend this to more than two parties as well, for the moment - that is left as an exercise for the reader.

- - - calculate our initial message. - - - given a message from a given party and the corresponding public key - calculate the next message in the agreement sequence. In this case - this will represent the shared secret. - - - a Diffie-Hellman key agreement class. -

- note: This is only the basic algorithm, it doesn't take advantage of - long term public keys if they are available. See the DHAgreement class - for a "better" implementation.

- - - The basic interface that basic Diffie-Hellman implementations - conforms to. - - - initialise the agreement engine. - - - given a public key from a given party calculate the next - message in the agreement sequence. - - - given a short term public key from a given party calculate the next - message in the agreement sequence. - - - P1363 7.2.1 ECSVDP-DH - - ECSVDP-DH is Elliptic Curve Secret Value Derivation Primitive, - Diffie-Hellman version. It is based on the work of [DH76], [Mil86], - and [Kob87]. This primitive derives a shared secret value from one - party's private key and another party's public key, where both have - the same set of EC domain parameters. If two parties correctly - execute this primitive, they will produce the same output. This - primitive can be invoked by a scheme to derive a shared secret key; - specifically, it may be used with the schemes ECKAS-DH1 and - DL/ECKAS-DH2. It assumes that the input keys are valid (see also - Section 7.2.2). - - - P1363 7.2.2 ECSVDP-DHC - - ECSVDP-DHC is Elliptic Curve Secret Value Derivation Primitive, - Diffie-Hellman version with cofactor multiplication. It is based on - the work of [DH76], [Mil86], [Kob87], [LMQ98] and [Kal98a]. This - primitive derives a shared secret value from one party's private key - and another party's public key, where both have the same set of EC - domain parameters. If two parties correctly execute this primitive, - they will produce the same output. This primitive can be invoked by a - scheme to derive a shared secret key; specifically, it may be used - with the schemes ECKAS-DH1 and DL/ECKAS-DH2. It does not assume the - validity of the input public key (see also Section 7.2.1). -

- Note: As stated P1363 compatibility mode with ECDH can be preset, and - in this case the implementation doesn't have a ECDH compatibility mode - (if you want that just use ECDHBasicAgreement and note they both implement - BasicAgreement!).

- - - Parameters for key/byte stream derivation classes - - - RFC 2631 Diffie-hellman KEK derivation function. - - - base interface for general purpose byte derivation functions. - - - return the message digest used as the basis for the function - - - X9.63 based key derivation function for ECDH CMS. - - - Implements the client side SRP-6a protocol. Note that this class is stateful, and therefore NOT threadsafe. - This implementation of SRP is based on the optimized message sequence put forth by Thomas Wu in the paper - "SRP-6: Improvements and Refinements to the Secure Remote Password Protocol, 2002" - - - Initialises the client to begin new authentication attempt - @param N The safe prime associated with the client's verifier - @param g The group parameter associated with the client's verifier - @param digest The digest algorithm associated with the client's verifier - @param random For key generation - - - Generates client's credentials given the client's salt, identity and password - @param salt The salt used in the client's verifier. - @param identity The user's identity (eg. username) - @param password The user's password - @return Client's public value to send to server - - - Generates client's verification message given the server's credentials - @param serverB The server's credentials - @return Client's verification message for the server - @throws CryptoException If server's credentials are invalid - - - Implements the server side SRP-6a protocol. Note that this class is stateful, and therefore NOT threadsafe. - This implementation of SRP is based on the optimized message sequence put forth by Thomas Wu in the paper - "SRP-6: Improvements and Refinements to the Secure Remote Password Protocol, 2002" - - - Initialises the server to accept a new client authentication attempt - @param N The safe prime associated with the client's verifier - @param g The group parameter associated with the client's verifier - @param v The client's verifier - @param digest The digest algorithm associated with the client's verifier - @param random For key generation - - - Generates the server's credentials that are to be sent to the client. - @return The server's public value to the client - - - Processes the client's credentials. If valid the shared secret is generated and returned. - @param clientA The client's credentials - @return A shared secret BigInteger - @throws CryptoException If client's credentials are invalid - - - Generates new SRP verifier for user - - - Initialises generator to create new verifiers - @param N The safe prime to use (see DHParametersGenerator) - @param g The group parameter to use (see DHParametersGenerator) - @param digest The digest to use. The same digest type will need to be used later for the actual authentication - attempt. Also note that the final session key size is dependent on the chosen digest. - - - Creates a new SRP verifier - @param salt The salt to use, generally should be large and random - @param identity The user's identifying information (eg. username) - @param password The user's password - @return A new verifier for use in future SRP authentication - - - a holding class for public/private parameter pairs. - - - basic constructor. - - @param publicParam a public key parameters object. - @param privateParam the corresponding private key parameters. - - - return the public key parameters. - - @return the public key parameters. - - - return the private key parameters. - - @return the private key parameters. - - - The AEAD block ciphers already handle buffering internally, so this class - just takes care of implementing IBufferedCipher methods. - - - Block cipher engines are expected to conform to this interface. - - - Initialise the cipher. - If true the cipher is initialised for encryption, - if false for decryption. - The key and other data required by the cipher. - - - - Reset the cipher. After resetting the cipher is in the same state - as it was after the last init (if there was one). - - - - The name of the algorithm this cipher implements. - - - initialise the cipher. - - @param forEncryption if true the cipher is initialised for - encryption, if false for decryption. - @param param the key and other data required by the cipher. - @exception ArgumentException if the parameters argument is - inappropriate. - - - return the blocksize for the underlying cipher. - - @return the blocksize for the underlying cipher. - - - return the size of the output buffer required for an update - an input of len bytes. - - @param len the length of the input. - @return the space required to accommodate a call to update - with len bytes of input. - - - return the size of the output buffer required for an update plus a - doFinal with an input of len bytes. - - @param len the length of the input. - @return the space required to accommodate a call to update and doFinal - with len bytes of input. - - - process a single byte, producing an output block if neccessary. - - @param in the input byte. - @param out the space for any output that might be produced. - @param outOff the offset from which the output will be copied. - @return the number of output bytes copied to out. - @exception DataLengthException if there isn't enough space in out. - @exception InvalidOperationException if the cipher isn't initialised. - - - process an array of bytes, producing output if necessary. - - @param in the input byte array. - @param inOff the offset at which the input data starts. - @param len the number of bytes to be copied out of the input array. - @param out the space for any output that might be produced. - @param outOff the offset from which the output will be copied. - @return the number of output bytes copied to out. - @exception DataLengthException if there isn't enough space in out. - @exception InvalidOperationException if the cipher isn't initialised. - - - Process the last block in the buffer. - - @param out the array the block currently being held is copied into. - @param outOff the offset at which the copying starts. - @return the number of output bytes copied to out. - @exception DataLengthException if there is insufficient space in out for - the output, or the input is not block size aligned and should be. - @exception InvalidOperationException if the underlying cipher is not - initialised. - @exception InvalidCipherTextException if padding is expected and not found. - @exception DataLengthException if the input is not block size - aligned. - - - Reset the buffer and cipher. After resetting the object is in the same - state as it was after the last init (if there was one). - - - a buffer wrapper for an asymmetric block cipher, allowing input - to be accumulated in a piecemeal fashion until final processing. - - - base constructor. - - @param cipher the cipher this buffering object wraps. - - - return the amount of data sitting in the buffer. - - @return the amount of data sitting in the buffer. - - - initialise the buffer and the underlying cipher. - - @param forEncryption if true the cipher is initialised for - encryption, if false for decryption. - @param param the key and other data required by the cipher. - - - process the contents of the buffer using the underlying - cipher. - - @return the result of the encryption/decryption process on the - buffer. - @exception InvalidCipherTextException if we are given a garbage block. - - - Reset the buffer - - - A wrapper class that allows block ciphers to be used to process data in - a piecemeal fashion. The BufferedBlockCipher outputs a block only when the - buffer is full and more data is being added, or on a doFinal. -

- Note: in the case where the underlying cipher is either a CFB cipher or an - OFB one the last block may not be a multiple of the block size. -

- - - constructor for subclasses - - - Create a buffered block cipher without padding. - - @param cipher the underlying block cipher this buffering object wraps. - false otherwise. - - - initialise the cipher. - - @param forEncryption if true the cipher is initialised for - encryption, if false for decryption. - @param param the key and other data required by the cipher. - @exception ArgumentException if the parameters argument is - inappropriate. - - - return the blocksize for the underlying cipher. - - @return the blocksize for the underlying cipher. - - - return the size of the output buffer required for an update - an input of len bytes. - - @param len the length of the input. - @return the space required to accommodate a call to update - with len bytes of input. - - - return the size of the output buffer required for an update plus a - doFinal with an input of len bytes. - - @param len the length of the input. - @return the space required to accommodate a call to update and doFinal - with len bytes of input. - - - process a single byte, producing an output block if neccessary. - - @param in the input byte. - @param out the space for any output that might be produced. - @param outOff the offset from which the output will be copied. - @return the number of output bytes copied to out. - @exception DataLengthException if there isn't enough space in out. - @exception InvalidOperationException if the cipher isn't initialised. - - - process an array of bytes, producing output if necessary. - - @param in the input byte array. - @param inOff the offset at which the input data starts. - @param len the number of bytes to be copied out of the input array. - @param out the space for any output that might be produced. - @param outOff the offset from which the output will be copied. - @return the number of output bytes copied to out. - @exception DataLengthException if there isn't enough space in out. - @exception InvalidOperationException if the cipher isn't initialised. - - - Process the last block in the buffer. - - @param out the array the block currently being held is copied into. - @param outOff the offset at which the copying starts. - @return the number of output bytes copied to out. - @exception DataLengthException if there is insufficient space in out for - the output, or the input is not block size aligned and should be. - @exception InvalidOperationException if the underlying cipher is not - initialised. - @exception InvalidCipherTextException if padding is expected and not found. - @exception DataLengthException if the input is not block size - aligned. - - - Reset the buffer and cipher. After resetting the object is in the same - state as it was after the last init (if there was one). - - - The base class for symmetric, or secret, cipher key generators. - - - initialise the key generator. - - @param param the parameters to be used for key generation - - - Generate a secret key. - - @return a byte array containing the key value. - - - this exception is thrown if a buffer that is meant to have output - copied into it turns out to be too short, or if we've been given - insufficient input. In general this exception will Get thrown rather - than an ArrayOutOfBounds exception. - - - base constructor. - - - create a DataLengthException with the given message. - - @param message the message to be carried with the exception. - - - base implementation of MD4 family style digest as outlined in - "Handbook of Applied Cryptography", pages 344 - 347. - - - interface that a message digest conforms to. - - - return the size, in bytes, of the digest produced by this message digest. - - @return the size, in bytes, of the digest produced by this message digest. - - - return the size, in bytes, of the internal buffer used by this digest. - - @return the size, in bytes, of the internal buffer used by this digest. - - - update the message digest with a single byte. - - @param inByte the input byte to be entered. - - - update the message digest with a block of bytes. - - @param input the byte array containing the data. - @param inOff the offset into the byte array where the data starts. - @param len the length of the data. - - - Close the digest, producing the final digest value. The doFinal - call leaves the digest reset. - - @param output the array the digest is to be copied into. - @param outOff the offset into the out array the digest is to start at. - - - reset the digest back to it's initial state. - - - return the algorithm name - - @return the algorithm name - - - implementation of GOST R 34.11-94 - - - Standard constructor - - - Constructor to allow use of a particular sbox with GOST28147 - @see GOST28147Engine#getSBox(String) - - - Copy constructor. This will copy the state of the provided - message digest. - - - reset the chaining variables to the IV values. - - - Base class for SHA-384 and SHA-512. - - - Constructor for variable length word - - - Copy constructor. We are using copy constructors in place - of the object.Clone() interface as this interface is not - supported by J2ME. - - - adjust the byte counts so that byteCount2 represents the - upper long (less 3 bits) word of the byte count. - - - implementation of MD2 - as outlined in RFC1319 by B.Kaliski from RSA Laboratories April 1992 - - - Close the digest, producing the final digest value. The doFinal - call leaves the digest reset. - - @param out the array the digest is to be copied into. - @param outOff the offset into the out array the digest is to start at. - - - reset the digest back to it's initial state. - - - update the message digest with a single byte. - - @param in the input byte to be entered. - - - update the message digest with a block of bytes. - - @param in the byte array containing the data. - @param inOff the offset into the byte array where the data starts. - @param len the length of the data. - - - return the algorithm name - - @return the algorithm name - - - implementation of MD4 as RFC 1320 by R. Rivest, MIT Laboratory for - Computer Science and RSA Data Security, Inc. -

- NOTE: This algorithm is only included for backwards compatibility - with legacy applications, it's not secure, don't use it for anything new!

- - - Standard constructor - - - Copy constructor. This will copy the state of the provided - message digest. - - - reset the chaining variables to the IV values. - - - implementation of MD5 as outlined in "Handbook of Applied Cryptography", pages 346 - 347. - - - Copy constructor. This will copy the state of the provided - message digest. - - - reset the chaining variables to the IV values. - - - implementation of RipeMD128 - - - Standard constructor - - - Copy constructor. This will copy the state of the provided - message digest. - - - reset the chaining variables to the IV values. - - - implementation of RipeMD see, - http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html - - - Standard constructor - - - Copy constructor. This will copy the state of the provided - message digest. - - - reset the chaining variables to the IV values. - - - -

Implementation of RipeMD256.

-

Note: this algorithm offers the same level of security as RipeMD128.

- - - - Standard constructor - - - Copy constructor. This will copy the state of the provided - message digest. - - - - reset the chaining variables to the IV values. - - - -

Implementation of RipeMD 320.

-

Note: this algorithm offers the same level of security as RipeMD160.

- - - - Standard constructor - - - Copy constructor. This will copy the state of the provided - message digest. - - - - reset the chaining variables to the IV values. - - - implementation of SHA-1 as outlined in "Handbook of Applied Cryptography", pages 346 - 349. - - It is interesting to ponder why the, apart from the extra IV, the other difference here from MD5 - is the "endienness" of the word processing! - - - Copy constructor. This will copy the state of the provided - message digest. - - - reset the chaining variables - - - SHA-224 as described in RFC 3874 - 
-                    block  word  digest
-            SHA-1   512    32    160
-            SHA-224 512    32    224
-            SHA-256 512    32    256
-            SHA-384 1024   64    384
-            SHA-512 1024   64    512
-
- - - Standard constructor - - - Copy constructor. This will copy the state of the provided - message digest. - - - reset the chaining variables - - - Draft FIPS 180-2 implementation of SHA-256. Note: As this is - based on a draft this implementation is subject to change. - - 
-                     block  word  digest
-             SHA-1   512    32    160
-             SHA-256 512    32    256
-             SHA-384 1024   64    384
-             SHA-512 1024   64    512
-
- - - Copy constructor. This will copy the state of the provided - message digest. - - - reset the chaining variables - - - Draft FIPS 180-2 implementation of SHA-384. Note: As this is - based on a draft this implementation is subject to change. - - 
-                     block  word  digest
-             SHA-1   512    32    160
-             SHA-256 512    32    256
-             SHA-384 1024   64    384
-             SHA-512 1024   64    512
-
- - - Copy constructor. This will copy the state of the provided - message digest. - - - reset the chaining variables - - - Draft FIPS 180-2 implementation of SHA-512. Note: As this is - based on a draft this implementation is subject to change. - - 
-                     block  word  digest
-             SHA-1   512    32    160
-             SHA-256 512    32    256
-             SHA-384 1024   64    384
-             SHA-512 1024   64    512
-
- - - Copy constructor. This will copy the state of the provided - message digest. - - - reset the chaining variables - - - Wrapper class that reduces the output length of a particular digest to - only the first n bytes of the digest function. - - - Base constructor. - - @param baseDigest underlying digest to use. - @param length length in bytes of the output of doFinal. - @exception ArgumentException if baseDigest is null, or length is greater than baseDigest.GetDigestSize(). - - - implementation of Tiger based on: - - http://www.cs.technion.ac.il/~biham/Reports/Tiger - - - Standard constructor - - - Copy constructor. This will copy the state of the provided - message digest. - - - reset the chaining variables - - - Implementation of WhirlpoolDigest, based on Java source published by Barreto - and Rijmen. - - - - Copy constructor. This will copy the state of the provided message - digest. - - - Reset the chaining variables - - - ISO 9796-1 padding. Note in the light of recent results you should - only use this with RSA (rather than the "simpler" Rabin keys) and you - should never use it with anything other than a hash (ie. even if the - message is small don't sign the message, sign it's hash) or some "random" - value. See your favorite search engine for details. - - - Base interface for a public/private key block cipher. - - - Initialise the cipher. - Initialise for encryption if true, for decryption if false. - The key or other data required by the cipher. - - - The maximum size, in bytes, an input block may be. - - - The maximum size, in bytes, an output block will be. - - - Process a block. - The input buffer. - The offset into inBuf that the input block begins. - The length of the input block. - Input decrypts improperly. - Input is too large for the cipher. - - - The name of the algorithm this cipher implements. - - - return the input block size. The largest message we can process - is (key_size_in_bits + 3)/16, which in our world comes to - key_size_in_bytes / 2. - - - return the maximum possible size for the output. - - - set the number of bits in the next message to be treated as - pad bits. - - - retrieve the number of pad bits in the last decoded message. - - - @exception InvalidCipherTextException if the decrypted block is not a valid ISO 9796 bit string - - - Optimal Asymmetric Encryption Padding (OAEP) - see PKCS 1 V 2. - - - @exception InvalidCipherTextException if the decrypted block turns out to - be badly formatted. - - - int to octet string. - - - mask generator function, as described in PKCS1v2. - - - this does your basic Pkcs 1 v1.5 padding - whether or not you should be using this - depends on your application - see Pkcs1 Version 2 for details. - - - some providers fail to include the leading zero in PKCS1 encoded blocks. If you need to - work with one of these set the system property Org.BouncyCastle.Pkcs1.Strict to false. - - - Basic constructor. - @param cipher - - - @exception InvalidCipherTextException if the decrypted block is not in Pkcs1 format. - - - The same effect can be achieved by setting the static property directly -

- The static property is checked during construction of the encoding object, it is set to - true by default. -

- - - an implementation of the AES (Rijndael), from FIPS-197. -

- For further details see: http://csrc.nist.gov/encryption/aes/. - - This implementation is based on optimizations from Dr. Brian Gladman's paper and C code at - http://fp.gladman.plus.com/cryptography_technology/rijndael/ - - There are three levels of tradeoff of speed vs memory - Because java has no preprocessor, they are written as three separate classes from which to choose - - The fastest uses 8Kbytes of static tables to precompute round calculations, 4 256 word tables for encryption - and 4 for decryption. - - The middle performance version uses only one 256 word table for each, for a total of 2Kbytes, - adding 12 rotate operations per round to compute the values contained in the other tables from - the contents of the first. - - The slowest version uses no static tables at all and computes the values in each round. -

-

- This file contains the middle performance version with 2Kbytes of static tables for round precomputation. -

- - - Base interface for a symmetric key block cipher. - - - Initialise the cipher. - Initialise for encryption if true, for decryption if false. - The key or other data required by the cipher. - - - The block size for this cipher, in bytes. - - - Process a block. - The input buffer. - The offset into inBuf that the input block begins. - The output buffer. - The offset into outBuf to write the output block. - If input block is wrong size, or outBuf too small. - The number of bytes processed and produced. - - - - Reset the cipher to the same state as it was after the last init (if there was one). - - - - The name of the algorithm this cipher implements. - - - Indicates whether this cipher can handle partial blocks. - - - Calculate the necessary round keys - The number of calculations depends on key size and block size - AES specified a fixed block size of 128 bits and key sizes 128/192/256 bits - This code is written assuming those are the only possible values - - - default constructor - 128 bit block size. - - - initialise an AES cipher. - - @param forEncryption whether or not we are for encryption. - @param parameters the parameters required to set up the cipher. - @exception ArgumentException if the parameters argument is - inappropriate. - - - an implementation of the AES (Rijndael)), from FIPS-197. -

- For further details see: http://csrc.nist.gov/encryption/aes/. - - This implementation is based on optimizations from Dr. Brian Gladman's paper and C code at - http://fp.gladman.plus.com/cryptography_technology/rijndael/ - - There are three levels of tradeoff of speed vs memory - Because java has no preprocessor), they are written as three separate classes from which to choose - - The fastest uses 8Kbytes of static tables to precompute round calculations), 4 256 word tables for encryption - and 4 for decryption. - - The middle performance version uses only one 256 word table for each), for a total of 2Kbytes), - adding 12 rotate operations per round to compute the values contained in the other tables from - the contents of the first - - The slowest version uses no static tables at all and computes the values in each round -

-

- This file contains the fast version with 8Kbytes of static tables for round precomputation -

- - - Calculate the necessary round keys - The number of calculations depends on key size and block size - AES specified a fixed block size of 128 bits and key sizes 128/192/256 bits - This code is written assuming those are the only possible values - - - default constructor - 128 bit block size. - - - initialise an AES cipher. - - @param forEncryption whether or not we are for encryption. - @param parameters the parameters required to set up the cipher. - @exception ArgumentException if the parameters argument is - inappropriate. - - - an implementation of the AES (Rijndael), from FIPS-197. -

- For further details see: http://csrc.nist.gov/encryption/aes/. - - This implementation is based on optimizations from Dr. Brian Gladman's paper and C code at - http://fp.gladman.plus.com/cryptography_technology/rijndael/ - - There are three levels of tradeoff of speed vs memory - Because java has no preprocessor, they are written as three separate classes from which to choose - - The fastest uses 8Kbytes of static tables to precompute round calculations, 4 256 word tables for encryption - and 4 for decryption. - - The middle performance version uses only one 256 word table for each, for a total of 2Kbytes, - adding 12 rotate operations per round to compute the values contained in the other tables from - the contents of the first - - The slowest version uses no static tables at all and computes the values - in each round. -

-

- This file contains the slowest performance version with no static tables - for round precomputation, but it has the smallest foot print. -

- - - Calculate the necessary round keys - The number of calculations depends on key size and block size - AES specified a fixed block size of 128 bits and key sizes 128/192/256 bits - This code is written assuming those are the only possible values - - - default constructor - 128 bit block size. - - - initialise an AES cipher. - - @param forEncryption whether or not we are for encryption. - @param parameters the parameters required to set up the cipher. - @exception ArgumentException if the parameters argument is - inappropriate. - - - - An implementation of the AES Key Wrapper from the NIST Key Wrap Specification. -

- For further details see: http://csrc.nist.gov/encryption/kms/key-wrap.pdf. - - - - - An implementation of the AES Key Wrapper from the NIST Key Wrap - Specification as described in RFC 3394. -

- For further details see: http://www.ietf.org/rfc/rfc3394.txt - and http://csrc.nist.gov/encryption/kms/key-wrap.pdf. - - - -

The name of the algorithm this cipher implements. - - - A class that provides Blowfish key encryption operations, - such as encoding data and generating keys. - All the algorithms herein are from Applied Cryptography - and implement a simplified cryptography interface. - - - initialise a Blowfish cipher. - - @param forEncryption whether or not we are for encryption. - @param parameters the parameters required to set up the cipher. - @exception ArgumentException if the parameters argument is - inappropriate. - - - apply the encryption cycle to each value pair in the table. - - - Encrypt the given input starting at the given offset and place - the result in the provided buffer starting at the given offset. - The input will be an exact multiple of our blocksize. - - - Decrypt the given input starting at the given offset and place - the result in the provided buffer starting at the given offset. - The input will be an exact multiple of our blocksize. - - - Camellia - based on RFC 3713. - - - Camellia - based on RFC 3713, smaller implementation, about half the size of CamelliaEngine. - - - - An implementation of the Camellia key wrapper based on RFC 3657/RFC 3394. -

- For further details see: http://www.ietf.org/rfc/rfc3657.txt. - - - - A class that provides CAST key encryption operations, - such as encoding data and generating keys. - - All the algorithms herein are from the Internet RFC's - - RFC2144 - Cast5 (64bit block, 40-128bit key) - RFC2612 - CAST6 (128bit block, 128-256bit key) - - and implement a simplified cryptography interface. - - - initialise a CAST cipher. - - @param forEncryption whether or not we are for encryption. - @param parameters the parameters required to set up the cipher. - @exception ArgumentException if the parameters argument is - inappropriate. - - - Encrypt the given input starting at the given offset and place - the result in the provided buffer starting at the given offset. - - @param src The plaintext buffer - @param srcIndex An offset into src - @param dst The ciphertext buffer - @param dstIndex An offset into dst - - - Decrypt the given input starting at the given offset and place - the result in the provided buffer starting at the given offset. - - @param src The plaintext buffer - @param srcIndex An offset into src - @param dst The ciphertext buffer - @param dstIndex An offset into dst - - - The first of the three processing functions for the - encryption and decryption. - - @param D the input to be processed - @param Kmi the mask to be used from Km[n] - @param Kri the rotation value to be used - - - - The second of the three processing functions for the - encryption and decryption. - - @param D the input to be processed - @param Kmi the mask to be used from Km[n] - @param Kri the rotation value to be used - - - - The third of the three processing functions for the - encryption and decryption. - - @param D the input to be processed - @param Kmi the mask to be used from Km[n] - @param Kri the rotation value to be used - - - - Does the 16 rounds to encrypt the block. - - @param L0 the LH-32bits of the plaintext block - @param R0 the RH-32bits of the plaintext block - - - A class that provides CAST6 key encryption operations, - such as encoding data and generating keys. - - All the algorithms herein are from the Internet RFC - - RFC2612 - CAST6 (128bit block, 128-256bit key) - - and implement a simplified cryptography interface. - - - Encrypt the given input starting at the given offset and place - the result in the provided buffer starting at the given offset. - - @param src The plaintext buffer - @param srcIndex An offset into src - @param dst The ciphertext buffer - @param dstIndex An offset into dst - - - Decrypt the given input starting at the given offset and place - the result in the provided buffer starting at the given offset. - - @param src The plaintext buffer - @param srcIndex An offset into src - @param dst The ciphertext buffer - @param dstIndex An offset into dst - - - Does the 12 quad rounds rounds to encrypt the block. - - @param A the 00-31 bits of the plaintext block - @param B the 32-63 bits of the plaintext block - @param C the 64-95 bits of the plaintext block - @param D the 96-127 bits of the plaintext block - @param result the resulting ciphertext - - - Does the 12 quad rounds rounds to decrypt the block. - - @param A the 00-31 bits of the ciphertext block - @param B the 32-63 bits of the ciphertext block - @param C the 64-95 bits of the ciphertext block - @param D the 96-127 bits of the ciphertext block - @param result the resulting plaintext - - - A class that provides a basic DESede (or Triple DES) engine. - - - A class that provides a basic DES engine. - - - initialise a DES cipher. - - @param forEncryption whether or not we are for encryption. - @param parameters the parameters required to set up the cipher. - @exception ArgumentException if the parameters argument is - inappropriate. - - - what follows is mainly taken from "Applied Cryptography", by - Bruce Schneier, however it also bears great resemblance to Richard - Outerbridge's D3DES... - - - Generate an integer based working key based on our secret key - and what we processing we are planning to do. - - Acknowledgements for this routine go to James Gillogly and Phil Karn. - (whoever, and wherever they are!). - - - the DES engine. - - - initialise a DESede cipher. - - @param forEncryption whether or not we are for encryption. - @param parameters the parameters required to set up the cipher. - @exception ArgumentException if the parameters argument is - inappropriate. - - - * Wrap keys according to - * - * draft-ietf-smime-key-wrap-01.txt. - *

- * Note: - *

    - *
  • this is based on a draft, and as such is subject to change - don't use this class for anything requiring long term storage.
    • - *
  • if you are using this to wrap triple-des keys you need to set the - * parity bits on the key and, if it's a two-key triple-des key, pad it - * yourself.
    • - *
- *

- - - Field engine - - - Field param - - - Field paramPlusIV - - - Field iv - - - Field forWrapping - - - Field IV2 - - - Method init - - @param forWrapping - @param param - - - Method wrap - - @param in - @param inOff - @param inLen - @return - - - Method unwrap - - @param in - @param inOff - @param inLen - @return - @throws InvalidCipherTextException - - - Some key wrap algorithms make use of the Key Checksum defined - in CMS [CMS-Algorithms]. This is used to provide an integrity - check value for the key being wrapped. The algorithm is - - - Compute the 20 octet SHA-1 hash on the key being wrapped. - - Use the first 8 octets of this hash as the checksum value. - - @param key - @return - @throws Exception - @see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum - - - @param key - @param checksum - @return - @see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum - - - Method GetAlgorithmName - - @return - - - this does your basic ElGamal algorithm. - - - initialise the ElGamal engine. - - @param forEncryption true if we are encrypting, false otherwise. - @param param the necessary ElGamal key parameters. - - - Return the maximum size for an input block to this engine. - For ElGamal this is always one byte less than the size of P on - encryption, and twice the length as the size of P on decryption. - - @return maximum size for an input block. - - - Return the maximum size for an output block to this engine. - For ElGamal this is always one byte less than the size of P on - decryption, and twice the length as the size of P on encryption. - - @return maximum size for an output block. - - - Process a single block using the basic ElGamal algorithm. - - @param in the input array. - @param inOff the offset into the input buffer where the data starts. - @param length the length of the data to be processed. - @return the result of the ElGamal process. - @exception DataLengthException the input block is too large. - - - implementation of GOST 28147-89 - - - standard constructor. - - - initialise an Gost28147 cipher. - - @param forEncryption whether or not we are for encryption. - @param parameters the parameters required to set up the cipher. - @exception ArgumentException if the parameters argument is inappropriate. - - - Return the S-Box associated with SBoxName - @param sBoxName name of the S-Box - @return byte array representing the S-Box - - - HC-128 is a software-efficient stream cipher created by Hongjun Wu. It - generates keystream from a 128-bit secret key and a 128-bit initialization - vector. -

- http://www.ecrypt.eu.org/stream/p3ciphers/hc/hc128_p3.pdf -

- It is a third phase candidate in the eStream contest, and is patent-free. - No attacks are known as of today (April 2007). See - - http://www.ecrypt.eu.org/stream/hcp3.html -

- - - The interface stream ciphers conform to. - - - Initialise the cipher. - If true the cipher is initialised for encryption, - if false for decryption. - The key and other data required by the cipher. - - If the parameters argument is inappropriate. - - - - encrypt/decrypt a single byte returning the result. - the byte to be processed. - the result of processing the input byte. - - - - Process a block of bytes from input putting the result into output. - - The input byte array. - - The offset into input where the data to be processed starts. - - The number of bytes to be processed. - The output buffer the processed bytes go into. - - The offset into output the processed data starts at. - - If the output buffer is too small. - - - - Reset the cipher to the same state as it was after the last init (if there was one). - - - - The name of the algorithm this cipher implements. - - - Initialise a HC-128 cipher. - - @param forEncryption whether or not we are for encryption. Irrelevant, as - encryption and decryption are the same. - @param params the parameters required to set up the cipher. - @throws ArgumentException if the params argument is - inappropriate (ie. the key is not 128 bit long). - - - HC-256 is a software-efficient stream cipher created by Hongjun Wu. It - generates keystream from a 256-bit secret key and a 256-bit initialization - vector. -

- http://www.ecrypt.eu.org/stream/p3ciphers/hc/hc256_p3.pdf -

- Its brother, HC-128, is a third phase candidate in the eStream contest. - The algorithm is patent-free. No attacks are known as of today (April 2007). - See - - http://www.ecrypt.eu.org/stream/hcp3.html -

- - - Initialise a HC-256 cipher. - - @param forEncryption whether or not we are for encryption. Irrelevant, as - encryption and decryption are the same. - @param params the parameters required to set up the cipher. - @throws ArgumentException if the params argument is - inappropriate (ie. the key is not 256 bit long). - - - support class for constructing intergrated encryption ciphers - for doing basic message exchanges on top of key agreement ciphers - - - set up for use with stream mode, where the key derivation function - is used to provide a stream of bytes to xor with the message. - - @param agree the key agreement used as the basis for the encryption - @param kdf the key derivation function used for byte generation - @param mac the message authentication code generator for the message - - - set up for use in conjunction with a block cipher to handle the - message. - - @param agree the key agreement used as the basis for the encryption - @param kdf the key derivation function used for byte generation - @param mac the message authentication code generator for the message - @param cipher the cipher to used for encrypting the message - - - Initialise the encryptor. - - @param forEncryption whether or not this is encryption/decryption. - @param privParam our private key parameters - @param pubParam the recipient's/sender's public key parameters - @param param encoding and derivation parameters. - - - Implementation of Bob Jenkin's ISAAC (Indirection Shift Accumulate Add and Count). - see: http://www.burtleburtle.net/bob/rand/isaacafa.html - - - initialise an ISAAC cipher. - - @param forEncryption whether or not we are for encryption. - @param params the parameters required to set up the cipher. - @exception ArgumentException if the params argument is - inappropriate. - - - NaccacheStern Engine. For details on this cipher, please see - http://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf - - - Initializes this algorithm. Must be called before all other Functions. - - @see org.bouncycastle.crypto.AsymmetricBlockCipher#init(bool, - org.bouncycastle.crypto.CipherParameters) - - - Returns the input block size of this algorithm. - - @see org.bouncycastle.crypto.AsymmetricBlockCipher#GetInputBlockSize() - - - Returns the output block size of this algorithm. - - @see org.bouncycastle.crypto.AsymmetricBlockCipher#GetOutputBlockSize() - - - Process a single Block using the Naccache-Stern algorithm. - - @see org.bouncycastle.crypto.AsymmetricBlockCipher#ProcessBlock(byte[], - int, int) - - - Encrypts a BigInteger aka Plaintext with the public key. - - @param plain - The BigInteger to encrypt - @return The byte[] representation of the encrypted BigInteger (i.e. - crypted.toByteArray()) - - - Adds the contents of two encrypted blocks mod sigma - - @param block1 - the first encrypted block - @param block2 - the second encrypted block - @return encrypt((block1 + block2) mod sigma) - @throws InvalidCipherTextException - - - Convenience Method for data exchange with the cipher. - - Determines blocksize and splits data to blocksize. - - @param data the data to be processed - @return the data after it went through the NaccacheSternEngine. - @throws InvalidCipherTextException - - - Computes the integer x that is expressed through the given primes and the - congruences with the chinese remainder theorem (CRT). - - @param congruences - the congruences c_i - @param primes - the primes p_i - @return an integer x for that x % p_i == c_i - - - A Noekeon engine, using direct-key mode. - - - Create an instance of the Noekeon encryption algorithm - and set some defaults - - - initialise - - @param forEncryption whether or not we are for encryption. - @param params the parameters required to set up the cipher. - @exception ArgumentException if the params argument is - inappropriate. - - - Re-key the cipher. - - @param key the key to be used - - - The no-op engine that just copies bytes through, irrespective of whether encrypting and decrypting. - Provided for the sake of completeness. - - - an implementation of RC2 as described in RFC 2268 - "A Description of the RC2(r) Encryption Algorithm" R. Rivest. - - - initialise a RC2 cipher. - - @param forEncryption whether or not we are for encryption. - @param parameters the parameters required to set up the cipher. - @exception ArgumentException if the parameters argument is - inappropriate. - - - return the result rotating the 16 bit number in x left by y - - - Wrap keys according to RFC 3217 - RC2 mechanism - - - Field engine - - - Field param - - - Field paramPlusIV - - - Field iv - - - Field forWrapping - - - Field IV2 - - - Method init - - @param forWrapping - @param param - - - Method wrap - - @param in - @param inOff - @param inLen - @return - - - Method unwrap - - @param in - @param inOff - @param inLen - @return - @throws InvalidCipherTextException - - - Some key wrap algorithms make use of the Key Checksum defined - in CMS [CMS-Algorithms]. This is used to provide an integrity - check value for the key being wrapped. The algorithm is - - - Compute the 20 octet SHA-1 hash on the key being wrapped. - - Use the first 8 octets of this hash as the checksum value. - - @param key - @return - @throws Exception - @see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum - - - @param key - @param checksum - @return - @see http://www.w3.org/TR/xmlenc-core/#sec-CMSKeyChecksum - - - Method GetAlgorithmName - - @return - - - initialise a RC4 cipher. - - @param forEncryption whether or not we are for encryption. - @param parameters the parameters required to set up the cipher. - @exception ArgumentException if the parameters argument is - inappropriate. - - - The specification for RC5 came from the RC5 Encryption Algorithm - publication in RSA CryptoBytes, Spring of 1995. - http://www.rsasecurity.com/rsalabs/cryptobytes. -

- This implementation has a word size of 32 bits.

- - - Create an instance of the RC5 encryption algorithm - and set some defaults - - - initialise a RC5-32 cipher. - - @param forEncryption whether or not we are for encryption. - @param parameters the parameters required to set up the cipher. - @exception ArgumentException if the parameters argument is - inappropriate. - - - Re-key the cipher. - - @param key the key to be used - - - Encrypt the given block starting at the given offset and place - the result in the provided buffer starting at the given offset. - - @param in in byte buffer containing data to encrypt - @param inOff offset into src buffer - @param out out buffer where encrypted data is written - @param outOff offset into out buffer - - - Perform a left "spin" of the word. The rotation of the given - word x is rotated left by y bits. - Only the lg(32) low-order bits of y - are used to determine the rotation amount. Here it is - assumed that the wordsize used is a power of 2. - - @param x word to rotate - @param y number of bits to rotate % 32 - - - Perform a right "spin" of the word. The rotation of the given - word x is rotated left by y bits. - Only the lg(32) low-order bits of y - are used to determine the rotation amount. Here it is - assumed that the wordsize used is a power of 2. - - @param x word to rotate - @param y number of bits to rotate % 32 - - - The specification for RC5 came from the RC5 Encryption Algorithm - publication in RSA CryptoBytes, Spring of 1995. - http://www.rsasecurity.com/rsalabs/cryptobytes. -

- This implementation is set to work with a 64 bit word size.

- - - Create an instance of the RC5 encryption algorithm - and set some defaults - - - initialise a RC5-64 cipher. - - @param forEncryption whether or not we are for encryption. - @param parameters the parameters required to set up the cipher. - @exception ArgumentException if the parameters argument is - inappropriate. - - - Re-key the cipher. - - @param key the key to be used - - - Encrypt the given block starting at the given offset and place - the result in the provided buffer starting at the given offset. - - @param in in byte buffer containing data to encrypt - @param inOff offset into src buffer - @param out out buffer where encrypted data is written - @param outOff offset into out buffer - - - Perform a left "spin" of the word. The rotation of the given - word x is rotated left by y bits. - Only the lg(wordSize) low-order bits of y - are used to determine the rotation amount. Here it is - assumed that the wordsize used is a power of 2. - - @param x word to rotate - @param y number of bits to rotate % wordSize - - - Perform a right "spin" of the word. The rotation of the given - word x is rotated left by y bits. - Only the lg(wordSize) low-order bits of y - are used to determine the rotation amount. Here it is - assumed that the wordsize used is a power of 2. - - @param x word to rotate - @param y number of bits to rotate % wordSize - - - An RC6 engine. - - - Create an instance of the RC6 encryption algorithm - and set some defaults - - - initialise a RC5-32 cipher. - - @param forEncryption whether or not we are for encryption. - @param parameters the parameters required to set up the cipher. - @exception ArgumentException if the parameters argument is - inappropriate. - - - Re-key the cipher. - - @param inKey the key to be used - - - Perform a left "spin" of the word. The rotation of the given - word x is rotated left by y bits. - Only the lg(wordSize) low-order bits of y - are used to determine the rotation amount. Here it is - assumed that the wordsize used is a power of 2. - - @param x word to rotate - @param y number of bits to rotate % wordSize - - - Perform a right "spin" of the word. The rotation of the given - word x is rotated left by y bits. - Only the lg(wordSize) low-order bits of y - are used to determine the rotation amount. Here it is - assumed that the wordsize used is a power of 2. - - @param x word to rotate - @param y number of bits to rotate % wordSize - - - an implementation of the RFC 3211 Key Wrap - Specification. - - - an implementation of Rijndael, based on the documentation and reference implementation - by Paulo Barreto, Vincent Rijmen, for v2.0 August '99. -

- Note: this implementation is based on information prior to readonly NIST publication. -

- - - multiply two elements of GF(2^m) - needed for MixColumn and InvMixColumn - - - xor corresponding text input and round key input bytes - - - Row 0 remains unchanged - The other three rows are shifted a variable amount - - - Replace every byte of the input by the byte at that place - in the nonlinear S-box - - - Mix the bytes of every column in a linear way - - - Mix the bytes of every column in a linear way - This is the opposite operation of Mixcolumn - - - Calculate the necessary round keys - The number of calculations depends on keyBits and blockBits - - - default constructor - 128 bit block size. - - - basic constructor - set the cipher up for a given blocksize - - @param blocksize the blocksize in bits, must be 128, 192, or 256. - - - initialise a Rijndael cipher. - - @param forEncryption whether or not we are for encryption. - @param parameters the parameters required to set up the cipher. - @exception ArgumentException if the parameters argument is - inappropriate. - - - this does your basic RSA algorithm with blinding - - - initialise the RSA engine. - - @param forEncryption true if we are encrypting, false otherwise. - @param param the necessary RSA key parameters. - - - Return the maximum size for an input block to this engine. - For RSA this is always one byte less than the key size on - encryption, and the same length as the key size on decryption. - - @return maximum size for an input block. - - - Return the maximum size for an output block to this engine. - For RSA this is always one byte less than the key size on - decryption, and the same length as the key size on encryption. - - @return maximum size for an output block. - - - Process a single block using the basic RSA algorithm. - - @param inBuf the input array. - @param inOff the offset into the input buffer where the data starts. - @param inLen the length of the data to be processed. - @return the result of the RSA process. - @exception DataLengthException the input block is too large. - - - This does your basic RSA Chaum's blinding and unblinding as outlined in - "Handbook of Applied Cryptography", page 475. You need to use this if you are - trying to get another party to generate signatures without them being aware - of the message they are signing. - - - Initialise the blinding engine. - - @param forEncryption true if we are encrypting (blinding), false otherwise. - @param param the necessary RSA key parameters. - - - Return the maximum size for an input block to this engine. - For RSA this is always one byte less than the key size on - encryption, and the same length as the key size on decryption. - - @return maximum size for an input block. - - - Return the maximum size for an output block to this engine. - For RSA this is always one byte less than the key size on - decryption, and the same length as the key size on encryption. - - @return maximum size for an output block. - - - Process a single block using the RSA blinding algorithm. - - @param in the input array. - @param inOff the offset into the input buffer where the data starts. - @param inLen the length of the data to be processed. - @return the result of the RSA process. - @throws DataLengthException the input block is too large. - - - this does your basic RSA algorithm. - - - initialise the RSA engine. - - @param forEncryption true if we are encrypting, false otherwise. - @param param the necessary RSA key parameters. - - - Return the maximum size for an input block to this engine. - For RSA this is always one byte less than the key size on - encryption, and the same length as the key size on decryption. - - @return maximum size for an input block. - - - Return the maximum size for an output block to this engine. - For RSA this is always one byte less than the key size on - decryption, and the same length as the key size on encryption. - - @return maximum size for an output block. - - - this does your basic RSA algorithm. - - - initialise the RSA engine. - - @param forEncryption true if we are encrypting, false otherwise. - @param param the necessary RSA key parameters. - - - Return the maximum size for an input block to this engine. - For RSA this is always one byte less than the key size on - encryption, and the same length as the key size on decryption. - - @return maximum size for an input block. - - - Return the maximum size for an output block to this engine. - For RSA this is always one byte less than the key size on - decryption, and the same length as the key size on encryption. - - @return maximum size for an output block. - - - Process a single block using the basic RSA algorithm. - - @param inBuf the input array. - @param inOff the offset into the input buffer where the data starts. - @param inLen the length of the data to be processed. - @return the result of the RSA process. - @exception DataLengthException the input block is too large. - - - Implementation of Daniel J. Bernstein's Salsa20 stream cipher, Snuffle 2005 - - - Constants - - - initialise a Salsa20 cipher. - - @param forEncryption whether or not we are for encryption. - @param params the parameters required to set up the cipher. - @exception ArgumentException if the params argument is - inappropriate. - - - Implementation of the SEED algorithm as described in RFC 4009 - - - - An implementation of the SEED key wrapper based on RFC 4010/RFC 3394. -

- For further details see: http://www.ietf.org/rfc/rfc4010.txt. - - - - * Serpent is a 128-bit 32-round block cipher with variable key lengths, - * including 128, 192 and 256 bit keys conjectured to be at least as - * secure as three-key triple-DES. - *

- * Serpent was designed by Ross Anderson, Eli Biham and Lars Knudsen as a - * candidate algorithm for the NIST AES Quest.> - *

- *

- * For full details see the The Serpent home page - *

- - - initialise a Serpent cipher. - - @param forEncryption whether or not we are for encryption. - @param parameters the parameters required to set up the cipher. - @exception ArgumentException if the parameters argument is - inappropriate. - - - Process one block of input from the array in and write it to - the out array. - - @param in the array containing the input data. - @param inOff offset into the in array the data starts at. - @param out the array the output data will be copied into. - @param outOff the offset into the out array the output will start at. - @exception DataLengthException if there isn't enough data in in, or - space in out. - @exception InvalidOperationException if the cipher isn't initialised. - @return the number of bytes processed and produced. - - - Expand a user-supplied key material into a session key. - - @param key The user-key bytes (multiples of 4) to use. - @exception ArgumentException - - - Encrypt one block of plaintext. - - @param in the array containing the input data. - @param inOff offset into the in array the data starts at. - @param out the array the output data will be copied into. - @param outOff the offset into the out array the output will start at. - - - Decrypt one block of ciphertext. - - @param in the array containing the input data. - @param inOff offset into the in array the data starts at. - @param out the array the output data will be copied into. - @param outOff the offset into the out array the output will start at. - - - S0 - { 3, 8,15, 1,10, 6, 5,11,14,13, 4, 2, 7, 0, 9,12 } - 15 terms. - - - InvSO - {13, 3,11, 0,10, 6, 5,12, 1,14, 4, 7,15, 9, 8, 2 } - 15 terms. - - - S1 - {15,12, 2, 7, 9, 0, 5,10, 1,11,14, 8, 6,13, 3, 4 } - 14 terms. - - - InvS1 - { 5, 8, 2,14,15, 6,12, 3,11, 4, 7, 9, 1,13,10, 0 } - 14 steps. - - - S2 - { 8, 6, 7, 9, 3,12,10,15,13, 1,14, 4, 0,11, 5, 2 } - 16 terms. - - - InvS2 - {12, 9,15, 4,11,14, 1, 2, 0, 3, 6,13, 5, 8,10, 7 } - 16 steps. - - - S3 - { 0,15,11, 8,12, 9, 6, 3,13, 1, 2, 4,10, 7, 5,14 } - 16 terms. - - - InvS3 - { 0, 9,10, 7,11,14, 6,13, 3, 5,12, 2, 4, 8,15, 1 } - 15 terms - - - S4 - { 1,15, 8, 3,12, 0,11, 6, 2, 5, 4,10, 9,14, 7,13 } - 15 terms. - - - InvS4 - { 5, 0, 8, 3,10, 9, 7,14, 2,12,11, 6, 4,15,13, 1 } - 15 terms. - - - S5 - {15, 5, 2,11, 4,10, 9,12, 0, 3,14, 8,13, 6, 7, 1 } - 16 terms. - - - InvS5 - { 8,15, 2, 9, 4, 1,13,14,11, 6, 5, 3, 7,12,10, 0 } - 16 terms. - - - S6 - { 7, 2,12, 5, 8, 4, 6,11,14, 9, 1,15,13, 3,10, 0 } - 15 terms. - - - InvS6 - {15,10, 1,13, 5, 3, 6, 0, 4, 9,14, 7, 2,12, 8,11 } - 15 terms. - - - S7 - { 1,13,15, 0,14, 8, 2,11, 7, 4,12,10, 9, 3, 5, 6 } - 16 terms. - - - InvS7 - { 3, 0, 6,13, 9,14,15, 8, 5,12,11, 7,10, 1, 4, 2 } - 17 terms. - - - Apply the linear transformation to the register set. - - - Apply the inverse of the linear transformation to the register set. - - - a class that provides a basic SKIPJACK engine. - - - initialise a SKIPJACK cipher. - - @param forEncryption whether or not we are for encryption. - @param parameters the parameters required to set up the cipher. - @exception ArgumentException if the parameters argument is - inappropriate. - - - The G permutation - - - the inverse of the G permutation. - - - An TEA engine. - - - Create an instance of the TEA encryption algorithm - and set some defaults - - - initialise - - @param forEncryption whether or not we are for encryption. - @param params the parameters required to set up the cipher. - @exception ArgumentException if the params argument is - inappropriate. - - - Re-key the cipher. - - @param key the key to be used - - - A class that provides Twofish encryption operations. - - This Java implementation is based on the Java reference - implementation provided by Bruce Schneier and developed - by Raif S. Naffah. - - - Define the fixed p0/p1 permutations used in keyed S-box lookup. - By changing the following constant definitions, the S-boxes will - automatically Get changed in the Twofish engine. - - - gSubKeys[] and gSBox[] are eventually used in the - encryption and decryption methods. - - - initialise a Twofish cipher. - - @param forEncryption whether or not we are for encryption. - @param parameters the parameters required to set up the cipher. - @exception ArgumentException if the parameters argument is - inappropriate. - - - Encrypt the given input starting at the given offset and place - the result in the provided buffer starting at the given offset. - The input will be an exact multiple of our blocksize. - - encryptBlock uses the pre-calculated gSBox[] and subKey[] - arrays. - - - Decrypt the given input starting at the given offset and place - the result in the provided buffer starting at the given offset. - The input will be an exact multiple of our blocksize. - - - Use (12, 8) Reed-Solomon code over GF(256) to produce - a key S-box 32-bit entity from 2 key material 32-bit - entities. - - @param k0 first 32-bit entity - @param k1 second 32-bit entity - @return Remainder polynomial Generated using RS code - - - * Reed-Solomon code parameters: (12,8) reversible code: - *

- * 

-                    * G(x) = x^4 + (a+1/a)x^3 + ax^2 + (a+1/a)x + 1
-                    *
- * where a = primitive root of field generator 0x14D - *

- - - initialise a VMPC cipher. - - @param forEncryption - whether or not we are for encryption. - @param params - the parameters required to set up the cipher. - @exception ArgumentException - if the params argument is inappropriate. - - - An XTEA engine. - - - Create an instance of the TEA encryption algorithm - and set some defaults - - - initialise - - @param forEncryption whether or not we are for encryption. - @param params the parameters required to set up the cipher. - @exception ArgumentException if the params argument is - inappropriate. - - - Re-key the cipher. - - @param key the key to be used - - - Basic KDF generator for derived keys and ivs as defined by IEEE P1363a/ISO 18033 -
- This implementation is based on ISO 18033/P1363a. - - - Construct a KDF Parameters generator. - - @param counterStart value of counter. - @param digest the digest to be used as the source of derived keys. - - - fill len bytes of the output buffer with bytes generated from - the derivation function. - - @throws ArgumentException if the size of the request will cause an overflow. - @throws DataLengthException if the out buffer is too small. - - - return the underlying digest. - - - initialise the key generator - if strength is set to zero - the key generated will be 64 bits in size, otherwise - strength can be 64 or 56 bits (if you don't count the parity bits). - - @param param the parameters to be used for key generation - - - initialise the key generator - if strength is set to zero - the key Generated will be 192 bits in size, otherwise - strength can be 128 or 192 (or 112 or 168 if you don't count - parity bits), depending on whether you wish to do 2-key or 3-key - triple DES. - - @param param the parameters to be used for key generation - - - a basic Diffie-Hellman key pair generator. - - This generates keys consistent for use with the basic algorithm for - Diffie-Hellman. - - - interface that a public/private key pair generator should conform to. - - - intialise the key pair generator. - - @param the parameters the key pair is to be initialised with. - - - return an AsymmetricCipherKeyPair containing the Generated keys. - - @return an AsymmetricCipherKeyPair containing the Generated keys. - - - a Diffie-Hellman key pair generator. - - This generates keys consistent for use in the MTI/A0 key agreement protocol - as described in "Handbook of Applied Cryptography", Pages 516-519. - - - which Generates the p and g values from the given parameters, - returning the DHParameters object. -

- Note: can take a while...

- - - * a DSA key pair generator. - * - * This Generates DSA keys in line with the method described - * in FIPS 186-3 B.1 FFC Key Pair Generation. - - - Generate suitable parameters for DSA, in line with FIPS 186-2. - - - initialise the key generator. - - @param size size of the key (range 2^512 -> 2^1024 - 64 bit increments) - @param certainty measure of robustness of prime (for FIPS 186-2 compliance this should be at least 80). - @param random random byte source. - - - which Generates the p and g values from the given parameters, - returning the DsaParameters object. -

- Note: can take a while...

- - - generate suitable parameters for DSA, in line with - FIPS 186-3 A.1 Generation of the FFC Primes p and q. - - - Given the domain parameters this routine Generates an EC key - pair in accordance with X9.62 section 5.2.1 pages 26, 27. - - - a ElGamal key pair generator. -

- This Generates keys consistent for use with ElGamal as described in - page 164 of "Handbook of Applied Cryptography".

- - - * which Generates the p and g values from the given parameters, - * returning the ElGamalParameters object. - *

- * Note: can take a while... - *

- - - a GOST3410 key pair generator. - This generates GOST3410 keys in line with the method described - in GOST R 34.10-94. - - - generate suitable parameters for GOST3410. - - - initialise the key generator. - - @param size size of the key - @param typeProcedure type procedure A,B = 1; A',B' - else - @param random random byte source. - - - Procedure C - procedure generates the a value from the given p,q, - returning the a value. - - - which generates the p , q and a values from the given parameters, - returning the Gost3410Parameters object. - - - KFD2 generator for derived keys and ivs as defined by IEEE P1363a/ISO 18033 -
- This implementation is based on IEEE P1363/ISO 18033. - - - Construct a KDF1 byte generator. - - @param digest the digest to be used as the source of derived keys. - - - KDF2 generator for derived keys and ivs as defined by IEEE P1363a/ISO 18033 -
- This implementation is based on IEEE P1363/ISO 18033. - - - Construct a KDF2 bytes generator. Generates key material - according to IEEE P1363 or ISO 18033 depending on the initialisation. - - @param digest the digest to be used as the source of derived keys. - - - Generator for MGF1 as defined in Pkcs 1v2 - - - @param digest the digest to be used as the source of Generated bytes - - - int to octet string. - - - fill len bytes of the output buffer with bytes Generated from - the derivation function. - - @throws DataLengthException if the out buffer is too small. - - - return the underlying digest. - - - Key generation parameters for NaccacheStern cipher. For details on this cipher, please see - - http://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf - - - Generates a permuted ArrayList from the original one. The original List - is not modified - - @param arr - the ArrayList to be permuted - @param rand - the source of Randomness for permutation - @return a new ArrayList with the permuted elements. - - - Finds the first 'count' primes starting with 3 - - @param count - the number of primes to find - @return a vector containing the found primes as Integer - - - Generator for PBE derived keys and ivs as usd by OpenSSL. -

- The scheme is a simple extension of PKCS 5 V2.0 Scheme 1 using MD5 with an - iteration count of 1. -

- - - super class for all Password Based Encyrption (Pbe) parameter generator classes. - - - base constructor. - - - initialise the Pbe generator. - - @param password the password converted into bytes (see below). - @param salt the salt to be mixed with the password. - @param iterationCount the number of iterations the "mixing" function - is to be applied for. - - - return the password byte array. - - @return the password byte array. - - - return the salt byte array. - - @return the salt byte array. - - - Generate derived parameters for a key of length keySize. - - @param keySize the length, in bits, of the key required. - @return a parameters object representing a key. - - - Generate derived parameters for a key of length keySize, and - an initialisation vector (IV) of length ivSize. - - @param keySize the length, in bits, of the key required. - @param ivSize the length, in bits, of the iv required. - @return a parameters object representing a key and an IV. - - - Generate derived parameters for a key of length keySize, specifically - for use with a MAC. - - @param keySize the length, in bits, of the key required. - @return a parameters object representing a key. - - - converts a password to a byte array according to the scheme in - Pkcs5 (ascii, no padding) - - @param password a character array representing the password. - @return a byte array representing the password. - - - converts a password to a byte array according to the scheme in - PKCS5 (UTF-8, no padding) - - @param password a character array representing the password. - @return a byte array representing the password. - - - converts a password to a byte array according to the scheme in - Pkcs12 (unicode, big endian, 2 zero pad bytes at the end). - - @param password a character array representing the password. - @return a byte array representing the password. - - - return the iteration count. - - @return the iteration count. - - - Construct a OpenSSL Parameters generator. - - - Initialise - note the iteration count for this algorithm is fixed at 1. - - @param password password to use. - @param salt salt to use. - - - the derived key function, the ith hash of the password and the salt. - - - Generate a key parameter derived from the password, salt, and iteration - count we are currently initialised with. - - @param keySize the size of the key we want (in bits) - @return a KeyParameter object. - @exception ArgumentException if the key length larger than the base hash size. - - - Generate a key with initialisation vector parameter derived from - the password, salt, and iteration count we are currently initialised - with. - - @param keySize the size of the key we want (in bits) - @param ivSize the size of the iv we want (in bits) - @return a ParametersWithIV object. - @exception ArgumentException if keySize + ivSize is larger than the base hash size. - - - Generate a key parameter for use with a MAC derived from the password, - salt, and iteration count we are currently initialised with. - - @param keySize the size of the key we want (in bits) - @return a KeyParameter object. - @exception ArgumentException if the key length larger than the base hash size. - - - Generator for Pbe derived keys and ivs as defined by Pkcs 12 V1.0. -

- The document this implementation is based on can be found at - - RSA's Pkcs12 Page -

- - - Construct a Pkcs 12 Parameters generator. - - @param digest the digest to be used as the source of derived keys. - @exception ArgumentException if an unknown digest is passed in. - - - add a + b + 1, returning the result in a. The a value is treated - as a BigInteger of length (b.Length * 8) bits. The result is - modulo 2^b.Length in case of overflow. - - - generation of a derived key ala Pkcs12 V1.0. - - - Generate a key parameter derived from the password, salt, and iteration - count we are currently initialised with. - - @param keySize the size of the key we want (in bits) - @return a KeyParameter object. - - - Generate a key with initialisation vector parameter derived from - the password, salt, and iteration count we are currently initialised - with. - - @param keySize the size of the key we want (in bits) - @param ivSize the size of the iv we want (in bits) - @return a ParametersWithIV object. - - - Generate a key parameter for use with a MAC derived from the password, - salt, and iteration count we are currently initialised with. - - @param keySize the size of the key we want (in bits) - @return a KeyParameter object. - - - Generator for Pbe derived keys and ivs as defined by Pkcs 5 V2.0 Scheme 1. - Note this generator is limited to the size of the hash produced by the - digest used to drive it. -

- The document this implementation is based on can be found at - - RSA's Pkcs5 Page -

- - - Construct a Pkcs 5 Scheme 1 Parameters generator. - - @param digest the digest to be used as the source of derived keys. - - - the derived key function, the ith hash of the mPassword and the mSalt. - - - Generate a key parameter derived from the mPassword, mSalt, and iteration - count we are currently initialised with. - - @param keySize the size of the key we want (in bits) - @return a KeyParameter object. - @exception ArgumentException if the key length larger than the base hash size. - - - Generate a key with initialisation vector parameter derived from - the mPassword, mSalt, and iteration count we are currently initialised - with. - - @param keySize the size of the key we want (in bits) - @param ivSize the size of the iv we want (in bits) - @return a ParametersWithIV object. - @exception ArgumentException if keySize + ivSize is larger than the base hash size. - - - Generate a key parameter for use with a MAC derived from the mPassword, - mSalt, and iteration count we are currently initialised with. - - @param keySize the size of the key we want (in bits) - @return a KeyParameter object. - @exception ArgumentException if the key length larger than the base hash size. - - - Generator for Pbe derived keys and ivs as defined by Pkcs 5 V2.0 Scheme 2. - This generator uses a SHA-1 HMac as the calculation function. -

- The document this implementation is based on can be found at - - RSA's Pkcs5 Page

- - - construct a Pkcs5 Scheme 2 Parameters generator. - - - Generate a key parameter derived from the password, salt, and iteration - count we are currently initialised with. - - @param keySize the size of the key we want (in bits) - @return a KeyParameter object. - - - Generate a key with initialisation vector parameter derived from - the password, salt, and iteration count we are currently initialised - with. - - @param keySize the size of the key we want (in bits) - @param ivSize the size of the iv we want (in bits) - @return a ParametersWithIV object. - - - Generate a key parameter for use with a MAC derived from the password, - salt, and iteration count we are currently initialised with. - - @param keySize the size of the key we want (in bits) - @return a KeyParameter object. - - - Generate a random factor suitable for use with RSA blind signatures - as outlined in Chaum's blinding and unblinding as outlined in - "Handbook of Applied Cryptography", page 475. - - - Initialise the factor generator - - @param param the necessary RSA key parameters. - - - Generate a suitable blind factor for the public key the generator was initialised with. - - @return a random blind factor - - - an RSA key pair generator. - - - interface for classes implementing the Digital Signature Algorithm - - - initialise the signer for signature generation or signature - verification. - - @param forSigning true if we are generating a signature, false - otherwise. - @param param key parameters for signature generation. - - - sign the passed in message (usually the output of a hash function). - - @param message the message to be signed. - @return two big integers representing the r and s values respectively. - - - verify the message message against the signature values r and s. - - @param message the message that was supposed to have been signed. - @param r the r signature value. - @param s the s signature value. - - - The base interface for implementations of message authentication codes (MACs). - - - Initialise the MAC. - - @param param the key and other data required by the MAC. - @exception ArgumentException if the parameters argument is - inappropriate. - - - Return the block size for this MAC (in bytes). - - @return the block size for this MAC in bytes. - - - add a single byte to the mac for processing. - - @param in the byte to be processed. - @exception InvalidOperationException if the MAC is not initialised. - - - @param in the array containing the input. - @param inOff the index in the array the data begins at. - @param len the length of the input starting at inOff. - @exception InvalidOperationException if the MAC is not initialised. - @exception DataLengthException if there isn't enough data in in. - - - Compute the final stage of the MAC writing the output to the out - parameter. -

- doFinal leaves the MAC in the same state it was after the last init. -

- @param out the array the MAC is to be output to. - @param outOff the offset into the out buffer the output is to start at. - @exception DataLengthException if there isn't enough space in out. - @exception InvalidOperationException if the MAC is not initialised. - - - Reset the MAC. At the end of resetting the MAC should be in the - in the same state it was after the last init (if there was one). - - - Return the name of the algorithm the MAC implements. - - @return the name of the algorithm the MAC implements. - - - this exception is thrown whenever we find something we don't expect in a - message. - - - base constructor. - - - create a InvalidCipherTextException with the given message. - - @param message the message to be carried with the exception. - - - Initialise the signer for signing or verification. - - @param forSigning true if for signing, false otherwise - @param param necessary parameters. - - - update the internal digest with the byte b - - - update the internal digest with the byte array in - - - Generate a signature for the message we've been loaded with using - the key we were initialised with. - - - return true if the internal state represents the signature described - in the passed in array. - - - reset the internal state - - - Return the name of the algorithm the signer implements. - - @return the name of the algorithm the signer implements. - - - Signer with message recovery. - - - Returns true if the signer has recovered the full message as - part of signature verification. - - @return true if full message recovered. - - - Returns a reference to what message was recovered (if any). - - @return full/partial message, null if nothing. - - - Perform an update with the recovered message before adding any other data. This must - be the first update method called, and calling it will result in the signer assuming - that further calls to update will include message content past what is recoverable. - - @param signature the signature that we are in the process of verifying. - @throws IllegalStateException - - - The base class for parameters to key generators. - - - initialise the generator with a source of randomness - and a strength (in bits). - - @param random the random byte source. - @param strength the size, in bits, of the keys we want to produce. - - - return the random source associated with this - generator. - - @return the generators random source. - - - return the bit strength for keys produced by this generator, - - @return the strength of the keys this generator produces (in bits). - - - standard CBC Block Cipher MAC - if no padding is specified the default of - pad of zeroes is used. - - - create a standard MAC based on a CBC block cipher. This will produce an - authentication code half the length of the block size of the cipher. - - @param cipher the cipher to be used as the basis of the MAC generation. - - - create a standard MAC based on a CBC block cipher. This will produce an - authentication code half the length of the block size of the cipher. - - @param cipher the cipher to be used as the basis of the MAC generation. - @param padding the padding to be used to complete the last block. - - - create a standard MAC based on a block cipher with the size of the - MAC been given in bits. This class uses CBC mode as the basis for the - MAC generation. -

- Note: the size of the MAC must be at least 24 bits (FIPS Publication 81), - or 16 bits if being used as a data authenticator (FIPS Publication 113), - and in general should be less than the size of the block cipher as it reduces - the chance of an exhaustive attack (see Handbook of Applied Cryptography). -

- @param cipher the cipher to be used as the basis of the MAC generation. - @param macSizeInBits the size of the MAC in bits, must be a multiple of 8. - - - create a standard MAC based on a block cipher with the size of the - MAC been given in bits. This class uses CBC mode as the basis for the - MAC generation. -

- Note: the size of the MAC must be at least 24 bits (FIPS Publication 81), - or 16 bits if being used as a data authenticator (FIPS Publication 113), - and in general should be less than the size of the block cipher as it reduces - the chance of an exhaustive attack (see Handbook of Applied Cryptography). -

- @param cipher the cipher to be used as the basis of the MAC generation. - @param macSizeInBits the size of the MAC in bits, must be a multiple of 8. - @param padding the padding to be used to complete the last block. - - - Reset the mac generator. - - - implements a Cipher-FeedBack (CFB) mode on top of a simple cipher. - - - Basic constructor. - - @param cipher the block cipher to be used as the basis of the - feedback mode. - @param blockSize the block size in bits (note: a multiple of 8) - - - Initialise the cipher and, possibly, the initialisation vector (IV). - If an IV isn't passed as part of the parameter, the IV will be all zeros. - An IV which is too short is handled in FIPS compliant fashion. - - @param param the key and other data required by the cipher. - @exception ArgumentException if the parameters argument is - inappropriate. - - - return the block size we are operating at. - - @return the block size we are operating at (in bytes). - - - Process one block of input from the array in and write it to - the out array. - - @param in the array containing the input data. - @param inOff offset into the in array the data starts at. - @param out the array the output data will be copied into. - @param outOff the offset into the out array the output will start at. - @exception DataLengthException if there isn't enough data in in, or - space in out. - @exception InvalidOperationException if the cipher isn't initialised. - @return the number of bytes processed and produced. - - - reset the chaining vector back to the IV and reset the underlying - cipher. - - - return the algorithm name and mode. - - @return the name of the underlying algorithm followed by "/CFB" - and the block size in bits. - - - create a standard MAC based on a CFB block cipher. This will produce an - authentication code half the length of the block size of the cipher, with - the CFB mode set to 8 bits. - - @param cipher the cipher to be used as the basis of the MAC generation. - - - create a standard MAC based on a CFB block cipher. This will produce an - authentication code half the length of the block size of the cipher, with - the CFB mode set to 8 bits. - - @param cipher the cipher to be used as the basis of the MAC generation. - @param padding the padding to be used. - - - create a standard MAC based on a block cipher with the size of the - MAC been given in bits. This class uses CFB mode as the basis for the - MAC generation. -

- Note: the size of the MAC must be at least 24 bits (FIPS Publication 81), - or 16 bits if being used as a data authenticator (FIPS Publication 113), - and in general should be less than the size of the block cipher as it reduces - the chance of an exhaustive attack (see Handbook of Applied Cryptography). -

- @param cipher the cipher to be used as the basis of the MAC generation. - @param cfbBitSize the size of an output block produced by the CFB mode. - @param macSizeInBits the size of the MAC in bits, must be a multiple of 8. - - - create a standard MAC based on a block cipher with the size of the - MAC been given in bits. This class uses CFB mode as the basis for the - MAC generation. -

- Note: the size of the MAC must be at least 24 bits (FIPS Publication 81), - or 16 bits if being used as a data authenticator (FIPS Publication 113), - and in general should be less than the size of the block cipher as it reduces - the chance of an exhaustive attack (see Handbook of Applied Cryptography). -

- @param cipher the cipher to be used as the basis of the MAC generation. - @param cfbBitSize the size of an output block produced by the CFB mode. - @param macSizeInBits the size of the MAC in bits, must be a multiple of 8. - @param padding a padding to be used. - - - Reset the mac generator. - - - CMAC - as specified at www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html -

- CMAC is analogous to OMAC1 - see also en.wikipedia.org/wiki/CMAC -

- CMAC is a NIST recomendation - see - csrc.nist.gov/CryptoToolkit/modes/800-38_Series_Publications/SP800-38B.pdf -

- CMAC/OMAC1 is a blockcipher-based message authentication code designed and - analyzed by Tetsu Iwata and Kaoru Kurosawa. -

- CMAC/OMAC1 is a simple variant of the CBC MAC (Cipher Block Chaining Message - Authentication Code). OMAC stands for One-Key CBC MAC. -

- It supports 128- or 64-bits block ciphers, with any key size, and returns - a MAC with dimension less or equal to the block size of the underlying - cipher. -

- - - create a standard MAC based on a CBC block cipher (64 or 128 bit block). - This will produce an authentication code the length of the block size - of the cipher. - - @param cipher the cipher to be used as the basis of the MAC generation. - - - create a standard MAC based on a block cipher with the size of the - MAC been given in bits. -

- Note: the size of the MAC must be at least 24 bits (FIPS Publication 81), - or 16 bits if being used as a data authenticator (FIPS Publication 113), - and in general should be less than the size of the block cipher as it reduces - the chance of an exhaustive attack (see Handbook of Applied Cryptography). - - @param cipher the cipher to be used as the basis of the MAC generation. - @param macSizeInBits the size of the MAC in bits, must be a multiple of 8 and @lt;= 128. - - - Reset the mac generator. - - - implementation of GOST 28147-89 MAC - - - HMAC implementation based on RFC2104 - - H(K XOR opad, H(K XOR ipad, text)) - - - Reset the mac generator. - - - DES based CBC Block Cipher MAC according to ISO9797, algorithm 3 (ANSI X9.19 Retail MAC) - - This could as well be derived from CBCBlockCipherMac, but then the property mac in the base - class must be changed to protected - - - create a Retail-MAC based on a CBC block cipher. This will produce an - authentication code of the length of the block size of the cipher. - - @param cipher the cipher to be used as the basis of the MAC generation. This must - be DESEngine. - - - create a Retail-MAC based on a CBC block cipher. This will produce an - authentication code of the length of the block size of the cipher. - - @param cipher the cipher to be used as the basis of the MAC generation. - @param padding the padding to be used to complete the last block. - - - create a Retail-MAC based on a block cipher with the size of the - MAC been given in bits. This class uses single DES CBC mode as the basis for the - MAC generation. -

- Note: the size of the MAC must be at least 24 bits (FIPS Publication 81), - or 16 bits if being used as a data authenticator (FIPS Publication 113), - and in general should be less than the size of the block cipher as it reduces - the chance of an exhaustive attack (see Handbook of Applied Cryptography). -

- @param cipher the cipher to be used as the basis of the MAC generation. - @param macSizeInBits the size of the MAC in bits, must be a multiple of 8. - - - create a standard MAC based on a block cipher with the size of the - MAC been given in bits. This class uses single DES CBC mode as the basis for the - MAC generation. The final block is decrypted and then encrypted using the - middle and right part of the key. -

- Note: the size of the MAC must be at least 24 bits (FIPS Publication 81), - or 16 bits if being used as a data authenticator (FIPS Publication 113), - and in general should be less than the size of the block cipher as it reduces - the chance of an exhaustive attack (see Handbook of Applied Cryptography). -

- @param cipher the cipher to be used as the basis of the MAC generation. - @param macSizeInBits the size of the MAC in bits, must be a multiple of 8. - @param padding the padding to be used to complete the last block. - - - Reset the mac generator. - - - - This exception is thrown whenever a cipher requires a change of key, iv - or similar after x amount of bytes enciphered - - - - implements Cipher-Block-Chaining (CBC) mode on top of a simple cipher. - - - Basic constructor. - - @param cipher the block cipher to be used as the basis of chaining. - - - return the underlying block cipher that we are wrapping. - - @return the underlying block cipher that we are wrapping. - - - Initialise the cipher and, possibly, the initialisation vector (IV). - If an IV isn't passed as part of the parameter, the IV will be all zeros. - - @param forEncryption if true the cipher is initialised for - encryption, if false for decryption. - @param param the key and other data required by the cipher. - @exception ArgumentException if the parameters argument is - inappropriate. - - - return the block size of the underlying cipher. - - @return the block size of the underlying cipher. - - - Process one block of input from the array in and write it to - the out array. - - @param in the array containing the input data. - @param inOff offset into the in array the data starts at. - @param out the array the output data will be copied into. - @param outOff the offset into the out array the output will start at. - @exception DataLengthException if there isn't enough data in in, or - space in out. - @exception InvalidOperationException if the cipher isn't initialised. - @return the number of bytes processed and produced. - - - reset the chaining vector back to the IV and reset the underlying - cipher. - - - Do the appropriate chaining step for CBC mode encryption. - - @param in the array containing the data to be encrypted. - @param inOff offset into the in array the data starts at. - @param out the array the encrypted data will be copied into. - @param outOff the offset into the out array the output will start at. - @exception DataLengthException if there isn't enough data in in, or - space in out. - @exception InvalidOperationException if the cipher isn't initialised. - @return the number of bytes processed and produced. - - - Do the appropriate chaining step for CBC mode decryption. - - @param in the array containing the data to be decrypted. - @param inOff offset into the in array the data starts at. - @param out the array the decrypted data will be copied into. - @param outOff the offset into the out array the output will start at. - @exception DataLengthException if there isn't enough data in in, or - space in out. - @exception InvalidOperationException if the cipher isn't initialised. - @return the number of bytes processed and produced. - - - return the algorithm name and mode. - - @return the name of the underlying algorithm followed by "/CBC". - - - * Implements the Counter with Cipher Block Chaining mode (CCM) detailed in - * NIST Special Publication 800-38C. - *

- * Note: this mode is a packet mode - it needs all the data up front. - *

- - - - A block cipher mode that includes authenticated encryption with a streaming mode - and optional associated data. - - - - Initialise the cipher. - Parameter can either be an AeadParameters or a ParametersWithIV object. - Initialise for encryption if true, for decryption if false. - The key or other data required by the cipher. - - - The block size for this cipher, in bytes. - - - Encrypt/decrypt a single byte. - - @param input the byte to be processed. - @param outBytes the output buffer the processed byte goes into. - @param outOff the offset into the output byte array the processed data starts at. - @return the number of bytes written to out. - @exception DataLengthException if the output buffer is too small. - - - Process a block of bytes from in putting the result into out. - - @param inBytes the input byte array. - @param inOff the offset into the in array where the data to be processed starts. - @param len the number of bytes to be processed. - @param outBytes the output buffer the processed bytes go into. - @param outOff the offset into the output byte array the processed data starts at. - @return the number of bytes written to out. - @exception DataLengthException if the output buffer is too small. - - - Finish the operation either appending or verifying the MAC at the end of the data. - - @param outBytes space for any resulting output data. - @param outOff offset into out to start copying the data at. - @return number of bytes written into out. - @throws InvalidOperationException if the cipher is in an inappropriate state. - @throws InvalidCipherTextException if the MAC fails to match. - - - Return the value of the MAC associated with the last stream processed. - - @return MAC for plaintext data. - - - Return the size of the output buffer required for a ProcessBytes - an input of len bytes. - - @param len the length of the input. - @return the space required to accommodate a call to ProcessBytes - with len bytes of input. - - - Return the size of the output buffer required for a ProcessBytes plus a - DoFinal with an input of len bytes. - - @param len the length of the input. - @return the space required to accommodate a call to ProcessBytes and DoFinal - with len bytes of input. - - - - Reset the cipher to the same state as it was after the last init (if there was one). - - - - The name of the algorithm this cipher implements. - - - Basic constructor. - - @param cipher the block cipher to be used. - - - return the underlying block cipher that we are wrapping. - - @return the underlying block cipher that we are wrapping. - - - Returns a byte array containing the mac calculated as part of the - last encrypt or decrypt operation. - - @return the last mac calculated. - - - implements a Cipher-FeedBack (CFB) mode on top of a simple cipher. - - - Basic constructor. - - @param cipher the block cipher to be used as the basis of the - feedback mode. - @param blockSize the block size in bits (note: a multiple of 8) - - - return the underlying block cipher that we are wrapping. - - @return the underlying block cipher that we are wrapping. - - - Initialise the cipher and, possibly, the initialisation vector (IV). - If an IV isn't passed as part of the parameter, the IV will be all zeros. - An IV which is too short is handled in FIPS compliant fashion. - - @param forEncryption if true the cipher is initialised for - encryption, if false for decryption. - @param param the key and other data required by the cipher. - @exception ArgumentException if the parameters argument is - inappropriate. - - - return the block size we are operating at. - - @return the block size we are operating at (in bytes). - - - Process one block of input from the array in and write it to - the out array. - - @param in the array containing the input data. - @param inOff offset into the in array the data starts at. - @param out the array the output data will be copied into. - @param outOff the offset into the out array the output will start at. - @exception DataLengthException if there isn't enough data in in, or - space in out. - @exception InvalidOperationException if the cipher isn't initialised. - @return the number of bytes processed and produced. - - - Do the appropriate processing for CFB mode encryption. - - @param in the array containing the data to be encrypted. - @param inOff offset into the in array the data starts at. - @param out the array the encrypted data will be copied into. - @param outOff the offset into the out array the output will start at. - @exception DataLengthException if there isn't enough data in in, or - space in out. - @exception InvalidOperationException if the cipher isn't initialised. - @return the number of bytes processed and produced. - - - Do the appropriate processing for CFB mode decryption. - - @param in the array containing the data to be decrypted. - @param inOff offset into the in array the data starts at. - @param out the array the encrypted data will be copied into. - @param outOff the offset into the out array the output will start at. - @exception DataLengthException if there isn't enough data in in, or - space in out. - @exception InvalidOperationException if the cipher isn't initialised. - @return the number of bytes processed and produced. - - - reset the chaining vector back to the IV and reset the underlying - cipher. - - - return the algorithm name and mode. - - @return the name of the underlying algorithm followed by "/CFB" - and the block size in bits. - - - A Cipher Text Stealing (CTS) mode cipher. CTS allows block ciphers to - be used to produce cipher text which is the same outLength as the plain text. - - - Create a buffered block cipher that uses Cipher Text Stealing - - @param cipher the underlying block cipher this buffering object wraps. - - - return the size of the output buffer required for an update of 'length' bytes. - - @param length the outLength of the input. - @return the space required to accommodate a call to update - with length bytes of input. - - - return the size of the output buffer required for an update plus a - doFinal with an input of length bytes. - - @param length the outLength of the input. - @return the space required to accommodate a call to update and doFinal - with length bytes of input. - - - process a single byte, producing an output block if neccessary. - - @param in the input byte. - @param out the space for any output that might be produced. - @param outOff the offset from which the output will be copied. - @return the number of output bytes copied to out. - @exception DataLengthException if there isn't enough space in out. - @exception InvalidOperationException if the cipher isn't initialised. - - - process an array of bytes, producing output if necessary. - - @param in the input byte array. - @param inOff the offset at which the input data starts. - @param length the number of bytes to be copied out of the input array. - @param out the space for any output that might be produced. - @param outOff the offset from which the output will be copied. - @return the number of output bytes copied to out. - @exception DataLengthException if there isn't enough space in out. - @exception InvalidOperationException if the cipher isn't initialised. - - - Process the last block in the buffer. - - @param out the array the block currently being held is copied into. - @param outOff the offset at which the copying starts. - @return the number of output bytes copied to out. - @exception DataLengthException if there is insufficient space in out for - the output. - @exception InvalidOperationException if the underlying cipher is not - initialised. - @exception InvalidCipherTextException if cipher text decrypts wrongly (in - case the exception will never Get thrown). - - - A Two-Pass Authenticated-Encryption Scheme Optimized for Simplicity and - Efficiency - by M. Bellare, P. Rogaway, D. Wagner. - - http://www.cs.ucdavis.edu/~rogaway/papers/eax.pdf - - EAX is an AEAD scheme based on CTR and OMAC1/CMAC, that uses a single block - cipher to encrypt and authenticate data. It's on-line (the length of a - message isn't needed to begin processing it), has good performances, it's - simple and provably secure (provided the underlying block cipher is secure). - - Of course, this implementations is NOT thread-safe. - - - Constructor that accepts an instance of a block cipher engine. - - @param cipher the engine to use - - - - Implements the Galois/Counter mode (GCM) detailed in - NIST Special Publication 800-38D. - - - - implements the GOST 28147 OFB counter mode (GCTR). - - - Basic constructor. - - @param cipher the block cipher to be used as the basis of the - counter mode (must have a 64 bit block size). - - - return the underlying block cipher that we are wrapping. - - @return the underlying block cipher that we are wrapping. - - - Initialise the cipher and, possibly, the initialisation vector (IV). - If an IV isn't passed as part of the parameter, the IV will be all zeros. - An IV which is too short is handled in FIPS compliant fashion. - - @param encrypting if true the cipher is initialised for - encryption, if false for decryption. - @param parameters the key and other data required by the cipher. - @exception ArgumentException if the parameters argument is inappropriate. - - - return the block size we are operating at (in bytes). - - @return the block size we are operating at (in bytes). - - - Process one block of input from the array in and write it to - the out array. - - @param in the array containing the input data. - @param inOff offset into the in array the data starts at. - @param out the array the output data will be copied into. - @param outOff the offset into the out array the output will start at. - @exception DataLengthException if there isn't enough data in in, or - space in out. - @exception InvalidOperationException if the cipher isn't initialised. - @return the number of bytes processed and produced. - - - reset the feedback vector back to the IV and reset the underlying - cipher. - - - return the algorithm name and mode. - - @return the name of the underlying algorithm followed by "/GCTR" - and the block size in bits - - - implements a Output-FeedBack (OFB) mode on top of a simple cipher. - - - Basic constructor. - - @param cipher the block cipher to be used as the basis of the - feedback mode. - @param blockSize the block size in bits (note: a multiple of 8) - - - return the underlying block cipher that we are wrapping. - - @return the underlying block cipher that we are wrapping. - - - Initialise the cipher and, possibly, the initialisation vector (IV). - If an IV isn't passed as part of the parameter, the IV will be all zeros. - An IV which is too short is handled in FIPS compliant fashion. - - @param forEncryption if true the cipher is initialised for - encryption, if false for decryption. - @param param the key and other data required by the cipher. - @exception ArgumentException if the parameters argument is - inappropriate. - - - return the block size we are operating at (in bytes). - - @return the block size we are operating at (in bytes). - - - Process one block of input from the array in and write it to - the out array. - - @param in the array containing the input data. - @param inOff offset into the in array the data starts at. - @param out the array the output data will be copied into. - @param outOff the offset into the out array the output will start at. - @exception DataLengthException if there isn't enough data in in, or - space in out. - @exception InvalidOperationException if the cipher isn't initialised. - @return the number of bytes processed and produced. - - - reset the feedback vector back to the IV and reset the underlying - cipher. - - - return the algorithm name and mode. - - @return the name of the underlying algorithm followed by "/OFB" - and the block size in bits - - - * Implements OpenPGP's rather strange version of Cipher-FeedBack (CFB) mode - * on top of a simple cipher. This class assumes the IV has been prepended - * to the data stream already, and just accomodates the reset after - * (blockSize + 2) bytes have been read. - *

- * For further info see RFC 2440. - *

- - - Basic constructor. - - @param cipher the block cipher to be used as the basis of the - feedback mode. - - - return the underlying block cipher that we are wrapping. - - @return the underlying block cipher that we are wrapping. - - - return the block size we are operating at. - - @return the block size we are operating at (in bytes). - - - Process one block of input from the array in and write it to - the out array. - - @param in the array containing the input data. - @param inOff offset into the in array the data starts at. - @param out the array the output data will be copied into. - @param outOff the offset into the out array the output will start at. - @exception DataLengthException if there isn't enough data in in, or - space in out. - @exception InvalidOperationException if the cipher isn't initialised. - @return the number of bytes processed and produced. - - - reset the chaining vector back to the IV and reset the underlying - cipher. - - - Initialise the cipher and, possibly, the initialisation vector (IV). - If an IV isn't passed as part of the parameter, the IV will be all zeros. - An IV which is too short is handled in FIPS compliant fashion. - - @param forEncryption if true the cipher is initialised for - encryption, if false for decryption. - @param parameters the key and other data required by the cipher. - @exception ArgumentException if the parameters argument is - inappropriate. - - - Encrypt one byte of data according to CFB mode. - @param data the byte to encrypt - @param blockOff offset in the current block - @returns the encrypted byte - - - Do the appropriate processing for CFB IV mode encryption. - - @param in the array containing the data to be encrypted. - @param inOff offset into the in array the data starts at. - @param out the array the encrypted data will be copied into. - @param outOff the offset into the out array the output will start at. - @exception DataLengthException if there isn't enough data in in, or - space in out. - @exception InvalidOperationException if the cipher isn't initialised. - @return the number of bytes processed and produced. - - - Do the appropriate processing for CFB IV mode decryption. - - @param in the array containing the data to be decrypted. - @param inOff offset into the in array the data starts at. - @param out the array the encrypted data will be copied into. - @param outOff the offset into the out array the output will start at. - @exception DataLengthException if there isn't enough data in in, or - space in out. - @exception InvalidOperationException if the cipher isn't initialised. - @return the number of bytes processed and produced. - - - return the algorithm name and mode. - - @return the name of the underlying algorithm followed by "/PGPCFB" - and the block size in bits. - - - Implements the Segmented Integer Counter (SIC) mode on top of a simple - block cipher. - - - Basic constructor. - - @param c the block cipher to be used. - - - return the underlying block cipher that we are wrapping. - - @return the underlying block cipher that we are wrapping. - - - Block cipher padders are expected to conform to this interface - - - Initialise the padder. - - @param param parameters, if any required. - - - add the pad bytes to the passed in block, returning the - number of bytes added. - - - return the number of pad bytes present in the block. - @exception InvalidCipherTextException if the padding is badly formed - or invalid. - - - Return the name of the algorithm the cipher implements. - - @return the name of the algorithm the cipher implements. - - - A padder that adds ISO10126-2 padding to a block. - - - Initialise the padder. - - @param random a SecureRandom if available. - - - add the pad bytes to the passed in block, returning the - number of bytes added. - - - return the number of pad bytes present in the block. - - - Return the name of the algorithm the cipher implements. - - @return the name of the algorithm the cipher implements. - - - A padder that adds the padding according to the scheme referenced in - ISO 7814-4 - scheme 2 from ISO 9797-1. The first byte is 0x80, rest is 0x00 - - - Initialise the padder. - - @param random - a SecureRandom if available. - - - add the pad bytes to the passed in block, returning the - number of bytes added. - - - return the number of pad bytes present in the block. - - - Return the name of the algorithm the padder implements. - - @return the name of the algorithm the padder implements. - - - A wrapper class that allows block ciphers to be used to process data in - a piecemeal fashion with padding. The PaddedBufferedBlockCipher - outputs a block only when the buffer is full and more data is being added, - or on a doFinal (unless the current block in the buffer is a pad block). - The default padding mechanism used is the one outlined in Pkcs5/Pkcs7. - - - Create a buffered block cipher with the desired padding. - - @param cipher the underlying block cipher this buffering object wraps. - @param padding the padding type. - - - Create a buffered block cipher Pkcs7 padding - - @param cipher the underlying block cipher this buffering object wraps. - - - initialise the cipher. - - @param forEncryption if true the cipher is initialised for - encryption, if false for decryption. - @param param the key and other data required by the cipher. - @exception ArgumentException if the parameters argument is - inappropriate. - - - return the minimum size of the output buffer required for an update - plus a doFinal with an input of len bytes. - - @param len the length of the input. - @return the space required to accommodate a call to update and doFinal - with len bytes of input. - - - return the size of the output buffer required for an update - an input of len bytes. - - @param len the length of the input. - @return the space required to accommodate a call to update - with len bytes of input. - - - process a single byte, producing an output block if neccessary. - - @param in the input byte. - @param out the space for any output that might be produced. - @param outOff the offset from which the output will be copied. - @return the number of output bytes copied to out. - @exception DataLengthException if there isn't enough space in out. - @exception InvalidOperationException if the cipher isn't initialised. - - - process an array of bytes, producing output if necessary. - - @param in the input byte array. - @param inOff the offset at which the input data starts. - @param len the number of bytes to be copied out of the input array. - @param out the space for any output that might be produced. - @param outOff the offset from which the output will be copied. - @return the number of output bytes copied to out. - @exception DataLengthException if there isn't enough space in out. - @exception InvalidOperationException if the cipher isn't initialised. - - - Process the last block in the buffer. If the buffer is currently - full and padding needs to be added a call to doFinal will produce - 2 * GetBlockSize() bytes. - - @param out the array the block currently being held is copied into. - @param outOff the offset at which the copying starts. - @return the number of output bytes copied to out. - @exception DataLengthException if there is insufficient space in out for - the output or we are decrypting and the input is not block size aligned. - @exception InvalidOperationException if the underlying cipher is not - initialised. - @exception InvalidCipherTextException if padding is expected and not found. - - - A padder that adds Pkcs7/Pkcs5 padding to a block. - - - Initialise the padder. - - @param random - a SecureRandom if available. - - - add the pad bytes to the passed in block, returning the - number of bytes added. - - - return the number of pad bytes present in the block. - - - Return the name of the algorithm the cipher implements. - - @return the name of the algorithm the cipher implements. - - - A padder that adds Trailing-Bit-Compliment padding to a block. -

- This padding pads the block out compliment of the last bit - of the plain text. -

- - - - Initialise the padder. - - a SecureRandom if available. - - - - add the pad bytes to the passed in block, returning the - number of bytes added. -

- Note: this assumes that the last block of plain text is always - passed to it inside in. i.e. if inOff is zero, indicating the - entire block is to be overwritten with padding the value of in - should be the same as the last block of plain text. -

- - - - return the number of pad bytes present in the block. - - - Return the name of the algorithm the cipher implements. - the name of the algorithm the cipher implements. - - - - A padder that adds X9.23 padding to a block - if a SecureRandom is - passed in random padding is assumed, otherwise padding with zeros is used. - - - Initialise the padder. - - @param random a SecureRandom if one is available. - - - add the pad bytes to the passed in block, returning the - number of bytes added. - - - return the number of pad bytes present in the block. - - - Return the name of the algorithm the cipher implements. - - @return the name of the algorithm the cipher implements. - - - A padder that adds Null byte padding to a block. - - - Initialise the padder. - - - - a SecureRandom if available. - - - - add the pad bytes to the passed in block, returning the - number of bytes added. - - - - return the number of pad bytes present in the block. - - - Return the name of the algorithm the cipher implements. - - - the name of the algorithm the cipher implements. - - - - Base constructor. - - @param key key to be used by underlying cipher - @param macSize macSize in bits - @param nonce nonce to be used - @param associatedText associated text, if any - - - Base constructor. - - @param key key to be used by underlying cipher - @param macSize macSize in bits - @param nonce nonce to be used - @param associatedText associated text, if any - - - DES has 16 weak keys. This method will check - if the given DES key material is weak or semi-weak. - Key material that is too short is regarded as weak. -

- See "Applied - Cryptography" by Bruce Schneier for more information. -

- @return true if the given DES key material is weak or semi-weak, - false otherwise. - - - DES Keys use the LSB as the odd parity bit. This can - be used to check for corrupt keys. - - @param bytes the byte array to set the parity on. - - - return true if the passed in key is a DES-EDE weak key. - - @param key bytes making up the key - @param offset offset into the byte array the key starts at - @param length number of bytes making up the key - - - return true if the passed in key is a DES-EDE weak key. - - @param key bytes making up the key - @param offset offset into the byte array the key starts at - - - The minimum bitlength of the private value. - - - The bitlength of the private value. - - - return the generator - g - - - return private value limit - l - - - parameters for using an integrated cipher in stream mode. - - - @param derivation the derivation parameter for the KDF function. - @param encoding the encoding parameter for the KDF function. - @param macKeySize the size of the MAC key (in bits). - - - @param derivation the derivation parameter for the KDF function. - @param encoding the encoding parameter for the KDF function. - @param macKeySize the size of the MAC key (in bits). - @param cipherKeySize the size of the associated Cipher key (in bits). - - - parameters for Key derivation functions for ISO-18033 - - - parameters for Key derivation functions for IEEE P1363a - - - Parameters for mask derivation functions. - - - Parameters for NaccacheStern public private key generation. For details on - this cipher, please see - - http://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf - - - Parameters for generating a NaccacheStern KeyPair. - - @param random - The source of randomness - @param strength - The desired strength of the Key in Bits - @param certainty - the probability that the generated primes are not really prime - as integer: 2^(-certainty) is then the probability - @param countSmallPrimes - How many small key factors are desired - - - Parameters for a NaccacheStern KeyPair. - - @param random - The source of randomness - @param strength - The desired strength of the Key in Bits - @param certainty - the probability that the generated primes are not really prime - as integer: 2^(-certainty) is then the probability - @param cntSmallPrimes - How many small key factors are desired - @param debug - Turn debugging on or off (reveals secret information, use with - caution) - - - @return Returns the certainty. - - - @return Returns the countSmallPrimes. - - - Public key parameters for NaccacheStern cipher. For details on this cipher, - please see - - http://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf - - - @param privateKey - - - @return Returns the g. - - - @return Returns the lowerSigmaBound. - - - @return Returns the n. - - - Private key parameters for NaccacheStern cipher. For details on this cipher, - please see - - http://www.gemplus.com/smart/rd/publications/pdf/NS98pkcs.pdf - - - Constructs a NaccacheSternPrivateKey - - @param g - the public enryption parameter g - @param n - the public modulus n = p*q - @param lowerSigmaBound - the public lower sigma bound up to which data can be encrypted - @param smallPrimes - the small primes, of which sigma is constructed in the right - order - @param phi_n - the private modulus phi(n) = (p-1)(q-1) - - - Cipher parameters with a fixed salt value associated with them. - - - Random generation based on the digest with counter. Calling AddSeedMaterial will - always increase the entropy of the hash. -

- Internal access to the digest is synchronized so a single one of these can be shared. -

- - - Generic interface for objects generating random bytes. - - - Add more seed material to the generator. - A byte array to be mixed into the generator's state. - - - Add more seed material to the generator. - A long value to be mixed into the generator's state. - - - Fill byte array with random values. - Array to be filled. - - - Fill byte array with random values. - Array to receive bytes. - Index to start filling at. - Length of segment to fill. - - - - Takes bytes generated by an underling RandomGenerator and reverses the order in - each small window (of configurable size). -

- Access to internals is synchronized so a single one of these can be shared. -

- - - - Add more seed material to the generator. - A byte array to be mixed into the generator's state. - - - Add more seed material to the generator. - A long value to be mixed into the generator's state. - - - Fill byte array with random values. - Array to be filled. - - - Fill byte array with random values. - Array to receive bytes. - Index to start filling at. - Length of segment to fill. - - - A thread based seed generator - one source of randomness. -

- Based on an idea from Marcus Lippert. -

- - - Generate seed bytes. Set fast to false for best quality. -

- If fast is set to true, the code should be round about 8 times faster when - generating a long sequence of random bytes. 20 bytes of random values using - the fast mode take less than half a second on a Nokia e70. If fast is set to false, - it takes round about 2500 ms. -

- @param numBytes the number of bytes to generate - @param fast true if fast mode should be used - - - - Permutation generated by code: - - // First 1850 fractional digit of Pi number. - byte[] key = new BigInteger("14159265358979323846...5068006422512520511").ToByteArray(); - s = 0; - P = new byte[256]; - for (int i = 0; i < 256; i++) - { - P[i] = (byte) i; - } - for (int m = 0; m < 768; m++) - { - s = P[(s + P[m & 0xff] + key[m % key.length]) & 0xff]; - byte temp = P[m & 0xff]; - P[m & 0xff] = P[s & 0xff]; - P[s & 0xff] = temp; - } - - - - Value generated in the same way as P. - - - update the internal digest with the byte b - - - update the internal digest with the byte array in - - - Generate a signature for the message we've been loaded with using - the key we were initialised with. - - - true if the internal state represents the signature described in the passed in array. - - - Reset the internal state - - - The Digital Signature Algorithm - as described in "Handbook of Applied - Cryptography", pages 452 - 453. - - - Generate a signature for the given message using the key we were - initialised with. For conventional DSA the message should be a SHA-1 - hash of the message of interest. - - @param message the message that will be verified later. - - - return true if the value r and s represent a DSA signature for - the passed in message for standard DSA the message should be a - SHA-1 hash of the real message to be verified. - - - EC-DSA as described in X9.62 - - - Generate a signature for the given message using the key we were - initialised with. For conventional DSA the message should be a SHA-1 - hash of the message of interest. - - @param message the message that will be verified later. - - - return true if the value r and s represent a DSA signature for - the passed in message (for standard DSA the message should be - a SHA-1 hash of the real message to be verified). - - - GOST R 34.10-2001 Signature Algorithm - - - generate a signature for the given message using the key we were - initialised with. For conventional GOST3410 the message should be a GOST3411 - hash of the message of interest. - - @param message the message that will be verified later. - - - return true if the value r and s represent a GOST3410 signature for - the passed in message (for standard GOST3410 the message should be - a GOST3411 hash of the real message to be verified). - - - EC-NR as described in IEEE 1363-2000 - - - generate a signature for the given message using the key we were - initialised with. Generally, the order of the curve should be at - least as long as the hash of the message of interest, and with - ECNR it *must* be at least as long. - - @param digest the digest to be signed. - @exception DataLengthException if the digest is longer than the key allows - - - return true if the value r and s represent a signature for the - message passed in. Generally, the order of the curve should be at - least as long as the hash of the message of interest, and with - ECNR, it *must* be at least as long. But just in case the signer - applied mod(n) to the longer digest, this implementation will - apply mod(n) during verification. - - @param digest the digest to be verified. - @param r the r value of the signature. - @param s the s value of the signature. - @exception DataLengthException if the digest is longer than the key allows - - - initialise the signer for signing or verification. - - @param forSigning - true if for signing, false otherwise - @param parameters - necessary parameters. - - - update the internal digest with the byte b - - - update the internal digest with the byte array in - - - Generate a signature for the message we've been loaded with using the key - we were initialised with. - - - return true if the internal state represents the signature described in - the passed in array. - - - update the internal digest with the byte b - - - update the internal digest with the byte array in - - - Generate a signature for the message we've been loaded with using - the key we were initialised with. - - - true if the internal state represents the signature described in the passed in array. - - - Reset the internal state - - - Gost R 34.10-94 Signature Algorithm - - - generate a signature for the given message using the key we were - initialised with. For conventional Gost3410 the message should be a Gost3411 - hash of the message of interest. - - @param message the message that will be verified later. - - - return true if the value r and s represent a Gost3410 signature for - the passed in message for standard Gost3410 the message should be a - Gost3411 hash of the real message to be verified. - - - ISO9796-2 - mechanism using a hash function with recovery (scheme 2 and 3). -

- Note: the usual length for the salt is the length of the hash - function used in bytes.

- - - - - Return a reference to the recoveredMessage message. - - The full/partial recoveredMessage message. - - - - - Generate a signer for the with either implicit or explicit trailers - for ISO9796-2, scheme 2 or 3. - - base cipher to use for signature creation/verification - digest to use. - length of salt in bytes. - whether or not the trailer is implicit or gives the hash. - - - Constructor for a signer with an explicit digest trailer. - - - cipher to use. - - digest to sign with. - - length of salt in bytes. - - - - Initialise the signer. - true if for signing, false if for verification. - parameters for signature generation/verification. If the - parameters are for generation they should be a ParametersWithRandom, - a ParametersWithSalt, or just an RsaKeyParameters object. If RsaKeyParameters - are passed in a SecureRandom will be created. - - if wrong parameter type or a fixed - salt is passed in which is the wrong length. - - - - compare two byte arrays - constant time. - - - clear possible sensitive data - - - update the internal digest with the byte b - - - update the internal digest with the byte array in - - - reset the internal state - - - Generate a signature for the loaded message using the key we were - initialised with. - - - - return true if the signature represents a ISO9796-2 signature - for the passed in message. - - - - - Return true if the full message was recoveredMessage. - - true on full message recovery, false otherwise, or if not sure. - - - - int to octet string. - int to octet string. - - - long to octet string. - - - mask generator function, as described in Pkcs1v2. - - - ISO9796-2 - mechanism using a hash function with recovery (scheme 1) - - - - Return a reference to the recoveredMessage message. - - The full/partial recoveredMessage message. - - - - - Generate a signer for the with either implicit or explicit trailers - for ISO9796-2. - - base cipher to use for signature creation/verification - digest to use. - whether or not the trailer is implicit or gives the hash. - - - Constructor for a signer with an explicit digest trailer. - - - cipher to use. - - digest to sign with. - - - - compare two byte arrays - constant time. - - - clear possible sensitive data - - - update the internal digest with the byte b - - - update the internal digest with the byte array in - - - reset the internal state - - - Generate a signature for the loaded message using the key we were - initialised with. - - - - return true if the signature represents a ISO9796-2 signature - for the passed in message. - - - - - Return true if the full message was recoveredMessage. - - true on full message recovery, false otherwise. - - - - RSA-PSS as described in Pkcs# 1 v 2.1. -

- Note: the usual value for the salt length is the number of - bytes in the hash function.

- - - - Basic constructor - the asymmetric cipher to use. - the digest to use. - the length of the salt to use (in bytes). - - - clear possible sensitive data - - - update the internal digest with the byte b - - - update the internal digest with the byte array in - - - reset the internal state - - - Generate a signature for the message we've been loaded with using - the key we were initialised with. - - - - return true if the internal state represents the signature described - in the passed in array. - - - - int to octet string. - - - mask generator function, as described in Pkcs1v2. - - - - Load oid table. - - - - Initialise the signer for signing or verification. - - @param forSigning true if for signing, false otherwise - @param param necessary parameters. - - - update the internal digest with the byte b - - - update the internal digest with the byte array in - - - Generate a signature for the message we've been loaded with using - the key we were initialised with. - - - return true if the internal state represents the signature described - in the passed in array. - - - a wrapper for block ciphers with a single byte block size, so that they - can be treated like stream ciphers. - - - basic constructor. - - @param cipher the block cipher to be wrapped. - @exception ArgumentException if the cipher has a block size other than - one. - - - initialise the underlying cipher. - - @param forEncryption true if we are setting up for encryption, false otherwise. - @param param the necessary parameters for the underlying cipher to be initialised. - - - encrypt/decrypt a single byte returning the result. - - @param in the byte to be processed. - @return the result of processing the input byte. - - - process a block of bytes from in putting the result into out. - - @param in the input byte array. - @param inOff the offset into the in array where the data to be processed starts. - @param len the number of bytes to be processed. - @param out the output buffer the processed bytes go into. - @param outOff the offset into the output byte array the processed data stars at. - @exception DataLengthException if the output buffer is too small. - - - reset the underlying cipher. This leaves it in the same state - it was at after the last init (if there was one). - - - return the name of the algorithm we are wrapping. - - @return the name of the algorithm we are wrapping. - - - - RFC 2246 7.2 - - - - - RFC 2246 7.2 - - - - - A certificate verifyer, that will always return true. - 
-            DO NOT USE THIS FILE UNLESS YOU KNOW EXACTLY WHAT YOU ARE DOING.
-
- - - - - This should be implemented by any class which can find out, if a given - certificate chain is being accepted by an client. - - - - The certs, which are part of the chain. - True, if the chain is accepted, false otherwise - - - Return true. - - - - A queue for bytes. -

- This file could be more optimized. -

- - - - The initial size for our buffer. - - - The smallest number which can be written as 2^x which is bigger than i. - - - The buffer where we store our data. - - - How many bytes at the beginning of the buffer are skipped. - - - How many bytes in the buffer are valid data. - - - Read data from the buffer. - The buffer where the read data will be copied to. - How many bytes to skip at the beginning of buf. - How many bytes to read at all. - How many bytes from our data to skip. - - - Add some data to our buffer. - A byte-array to read data from. - How many bytes to skip at the beginning of the array. - How many bytes to read from the array. - - - Remove some bytes from our data from the beginning. - How many bytes to remove. - - - The number of bytes which are available in this buffer. - - - A representation for a certificate chain. - - - The certificates. - - - Parse the ServerCertificate message. - - @param inStr The stream where to parse from. - @return A Certificate object with the certs, the server has sended. - @throws IOException If something goes wrong during parsing. - - - Encodes version of the ClientCertificate message - - @param outStr stream to write the message to - @throws IOException If something goes wrong - - - Private constructor from a cert array. - - @param certs The certs the chain should contain. - - - An array which contains the certs, this chain contains. - - - A of X509Name - - - - RFC 2246 A.5 - - - - - RFC 2246 7.4.4 - - - - A combined hash, which implements md5(m) || sha1(m). - - - - - - - - - - - - - - - - - - - - - - - - - RFC 2246 6.1 - - - - - RFC 2246 6.2.1 - - - - - - - - - - - - - - - - - - - - Called at the start of a new TLS session, before any other methods. - - - A - - - - - Get the list of cipher suites that this client supports. - - - An array of , each specifying a supported cipher suite. - - - - - Get the list of compression methods that this client supports. - - - An array of , each specifying a supported compression method. - - - - - Get the (optional) table of client extensions to be included in (extended) client hello. - - - A ( -> byte[]). May be null. - - - - - - Reports the session ID once it has been determined. - - - A - - - - - Report the cipher suite that was selected by the server. - - - The protocol handler validates this value against the offered cipher suites - - - - A - - - - - Report the compression method that was selected by the server. - - - The protocol handler validates this value against the offered compression methods - - - - A - - - - - Report whether the server supports secure renegotiation - - - The protocol handler automatically processes the relevant extensions - - - A , true if the server supports secure renegotiation - - - - - - Report the extensions from an extended server hello. - - - Will only be called if we returned a non-null result from . - - - A ( -> byte[]) - - - - - Return an implementation of to negotiate the key exchange - part of the protocol. - - - A - - - - - - Return an implementation of to handle authentication - part of the protocol. - - - - - - Return an implementation of to handle record compression. - - - - - - Return an implementation of to use for encryption/decryption. - - - A - - - - - - - - - RFC 4492 5.4 - - - - Indicates the elliptic curve domain parameters are conveyed verbosely, and the - underlying finite field is a prime field. - - - Indicates the elliptic curve domain parameters are conveyed verbosely, and the - underlying finite field is a characteristic-2 field. - - - Indicates that a named curve is used. This option SHOULD be used when applicable. - - - - RFC 4492 5.1.2 - - - - - RFC 4366 2.3 - - - - - RFC 2246 7.4 - - - - - A temporary class to wrap old CertificateVerifyer stuff for new TlsAuthentication. - - - - - Called by the protocol handler to report the server certificate. - - - This method is responsible for certificate verification and validation - - The server received - - - - - Return client credentials in response to server's certificate request - - - A containing server certificate request details - - - A to be used for client authentication - (or null for no client authentication) - - - - - - A temporary class to use LegacyTlsAuthentication - - - - - RFC 4492 5.1.1 - The named curves defined here are those specified in SEC 2 [13]. Note that many of - these curves are also recommended in ANSI X9.62 [7] and FIPS 186-2 [11]. Values 0xFE00 - through 0xFEFF are reserved for private use. Values 0xFF01 and 0xFF02 indicate that the - client supports arbitrary prime and characteristic-2 curves, respectively (the curve - parameters must be encoded explicitly in ECParameters). - - - - An implementation of the TLS 1.0 record layer. - - - HMAC implementation based on original internet draft for HMAC (RFC 2104) - - The difference is that padding is concatentated versus XORed with the key - - H(K + opad, H(K + ipad, text)) - - - Base constructor for one of the standard digest algorithms that the byteLength of - the algorithm is know for. Behaviour is undefined for digests other than MD5 or SHA1. - - @param digest the digest. - - - Reset the mac generator. - - - - A generic TLS 1.0 block cipher. This can be used for AES or 3DES for example. - - - - - - - - - - - TLS 1.0 DH key exchange. - - - - - A generic interface for key exchange implementations in TLS 1.0. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ECDHE key exchange (see RFC 4492) - - - ECDH key exchange (see RFC 4492) - - - - A generic TLS MAC implementation, which can be used with any kind of - IDigest to act as an HMAC. - - - - Generate a new instance of an TlsMac. - - @param digest The digest to use. - @param key_block A byte-array where the key for this mac is located. - @param offset The number of bytes to skip, before the key starts in the buffer. - @param len The length of the key. - - - @return the MAC write secret - - - Increment the current write sequence number - - - Calculate the mac for some given data. -

- TlsMac will keep track of the sequence number internally. - - @param type The message type of the message. - @param message A byte-buffer containing the message. - @param offset The number of bytes to skip, before the message starts. - @param len The length of the message. - @return A new byte-buffer containing the mac value. - - - @return the current write sequence number - - - @return The Keysize of the mac. - - -

- A NULL cipher suite, for use during handshake. - - - - An implementation of all high level protocols in TLS 1.0. - - - Both streams can be the same object - - - Both streams can be the same object - - - This method is called, when a change cipher spec message is received. - - @throws IOException If the message has an invalid content or the - handshake is not in the correct state. - - - Connects to the remote system. - Will be used when a certificate is received to verify - that this certificate is accepted by the client. - If handshake was not successful - - - Read data from the network. The method will return immediately, if there is - still some data left in the buffer, or block until some application - data has been read from the network. - - @param buf The buffer where the data will be copied to. - @param offset The position where the data will be placed in the buffer. - @param len The maximum number of bytes to read. - @return The number of bytes read. - @throws IOException If something goes wrong during reading data. - - - Send some application data to the remote system. -

- The method will handle fragmentation internally. - - @param buf The buffer with the data. - @param offset The position in the buffer where the data is placed. - @param len The length of the data. - @throws IOException If something goes wrong during sending. - - - Terminate this connection with an alert. -

- Can be used for normal closure too. - - @param alertLevel The level of the alert, an be AlertLevel.fatal or AL_warning. - @param alertDescription The exact alert message. - @throws IOException If alert was fatal. - - -

Closes this connection - If something goes wrong during closing. - - - Make sure the Stream is now empty. Fail otherwise. - - @param is The Stream to check. - @throws IOException If is is not empty. - - - A Stream which can be used to send data. - - - A Stream which can be used to read data. - - - The secure bidirectional stream for this connection - - - - TLS 1.0 RSA key exchange. - - - - - TLS 1.1 SRP key exchange. - - - - Some helper fuctions for MicroTLS. - - - return a = a + b - b preserved. - - - unsigned comparison on two arrays - note the arrays may - start with leading zeros. - - - return z = x / y - done in place (z value preserved, x contains the - remainder) - - - return whether or not a BigInteger is probably prime with a - probability of 1 - (1/2)**certainty. -

From Knuth Vol 2, pg 395.

- - - Calculate the numbers u1, u2, and u3 such that: - - u1 * a + u2 * b = u3 - - where u3 is the greatest common divider of a and b. - a and b using the extended Euclid algorithm (refer p. 323 - of The Art of Computer Programming vol 2, 2nd ed). - This also seems to have the side effect of calculating - some form of multiplicative inverse. - - @param a First number to calculate gcd for - @param b Second number to calculate gcd for - @param u1Out the return object for the u1 value - @param u2Out the return object for the u2 value - @return The greatest common divisor of a and b - - - return w with w = x * x - w is assumed to have enough space. - - - return x with x = y * z - x is assumed to have enough space. - - - Calculate mQuote = -m^(-1) mod b with b = 2^32 (32 = word size) - - - Montgomery multiplication: a = x * y * R^(-1) mod m -
- Based algorithm 14.36 of Handbook of Applied Cryptography. -
-
  • m, x, y should have length n
    • -
  • a should have length (n + 1)
    • -
  • b = 2^32, R = b^n
    • -
    - The result is put in x -
    - NOTE: the indices of x, y, m, a different in HAC and in Java -     - - return x = x % y - done in place (y value preserved) - - - do a left shift - this returns a new array. - - - do a right shift - this does it in place. - - - do a right shift by one - this does it in place. - - - returns x = x - y - we assume x is >= y - - - Class representing a simple version of a big decimal. A - SimpleBigDecimal is basically a - {@link java.math.BigInteger BigInteger} with a few digits on the right of - the decimal point. The number of (binary) digits on the right of the decimal - point is called the scale of the SimpleBigDecimal. - Unlike in {@link java.math.BigDecimal BigDecimal}, the scale is not adjusted - automatically, but must be set manually. All SimpleBigDecimals - taking part in the same arithmetic operation must have equal scale. The - result of a multiplication of two SimpleBigDecimals returns a - SimpleBigDecimal with double scale. - - - Returns a SimpleBigDecimal representing the same numerical - value as value. - @param value The value of the SimpleBigDecimal to be - created. - @param scale The scale of the SimpleBigDecimal to be - created. - @return The such created SimpleBigDecimal. - - - Constructor for SimpleBigDecimal. The value of the - constructed SimpleBigDecimal Equals bigInt / - 2scale. - @param bigInt The bigInt value parameter. - @param scale The scale of the constructed SimpleBigDecimal. - - - Class holding methods for point multiplication based on the window - τ-adic nonadjacent form (WTNAF). The algorithms are based on the - paper "Improved Algorithms for Arithmetic on Anomalous Binary Curves" - by Jerome A. Solinas. The paper first appeared in the Proceedings of - Crypto 1997. - - - The window width of WTNAF. The standard value of 4 is slightly less - than optimal for running time, but keeps space requirements for - precomputation low. For typical curves, a value of 5 or 6 results in - a better running time. When changing this value, the - αu's must be computed differently, see - e.g. "Guide to Elliptic Curve Cryptography", Darrel Hankerson, - Alfred Menezes, Scott Vanstone, Springer-Verlag New York Inc., 2004, - p. 121-122 - - - 24 - - - The αu's for a=0 as an array - of ZTauElements. - - - The αu's for a=0 as an array - of TNAFs. - - - The αu's for a=1 as an array - of ZTauElements. - - - The αu's for a=1 as an array - of TNAFs. - - - Computes the norm of an element λ of - Z[τ]. - @param mu The parameter μ of the elliptic curve. - @param lambda The element λ of - Z[τ]. - @return The norm of λ. - - - Computes the norm of an element λ of - R[τ], where λ = u + vτ - and u and u are real numbers (elements of - R). - @param mu The parameter μ of the elliptic curve. - @param u The real part of the element λ of - R[τ]. - @param v The τ-adic part of the element - λ of R[τ]. - @return The norm of λ. - - - Rounds an element λ of R[τ] - to an element of Z[τ], such that their difference - has minimal norm. λ is given as - λ = λ0 + λ1τ. - @param lambda0 The component λ0. - @param lambda1 The component λ1. - @param mu The parameter μ of the elliptic curve. Must - equal 1 or -1. - @return The rounded element of Z[τ]. - @throws ArgumentException if lambda0 and - lambda1 do not have same scale. - - - Approximate division by n. For an integer - k, the value λ = s k / n is - computed to c bits of accuracy. - @param k The parameter k. - @param s The curve parameter s0 or - s1. - @param vm The Lucas Sequence element Vm. - @param a The parameter a of the elliptic curve. - @param m The bit length of the finite field - Fm. - @param c The number of bits of accuracy, i.e. the scale of the returned - SimpleBigDecimal. - @return The value λ = s k / n computed to - c bits of accuracy. - - - Computes the τ-adic NAF (non-adjacent form) of an - element λ of Z[τ]. - @param mu The parameter μ of the elliptic curve. - @param lambda The element λ of - Z[τ]. - @return The τ-adic NAF of λ. - - - Applies the operation τ() to an - F2mPoint. - @param p The F2mPoint to which τ() is applied. - @return τ(p) - - - Returns the parameter μ of the elliptic curve. - @param curve The elliptic curve from which to obtain μ. - The curve must be a Koblitz curve, i.e. a Equals - 0 or 1 and b Equals - 1. - @return μ of the elliptic curve. - @throws ArgumentException if the given ECCurve is not a Koblitz - curve. - - - Calculates the Lucas Sequence elements Uk-1 and - Uk or Vk-1 and - Vk. - @param mu The parameter μ of the elliptic curve. - @param k The index of the second element of the Lucas Sequence to be - returned. - @param doV If set to true, computes Vk-1 and - Vk, otherwise Uk-1 and - Uk. - @return An array with 2 elements, containing Uk-1 - and Uk or Vk-1 - and Vk. - - - Computes the auxiliary value tw. If the width is - 4, then for mu = 1, tw = 6 and for - mu = -1, tw = 10 - @param mu The parameter μ of the elliptic curve. - @param w The window width of the WTNAF. - @return the auxiliary value tw - - - Computes the auxiliary values s0 and - s1 used for partial modular reduction. - @param curve The elliptic curve for which to compute - s0 and s1. - @throws ArgumentException if curve is not a - Koblitz curve (Anomalous Binary Curve, ABC). - - - Partial modular reduction modulo - m - 1)/(τ - 1). - @param k The integer to be reduced. - @param m The bitlength of the underlying finite field. - @param a The parameter a of the elliptic curve. - @param s The auxiliary values s0 and - s1. - @param mu The parameter μ of the elliptic curve. - @param c The precision (number of bits of accuracy) of the partial - modular reduction. - @return ρ := k partmod (τm - 1)/(τ - 1) - - - Multiplies a {@link org.bouncycastle.math.ec.F2mPoint F2mPoint} - by a BigInteger using the reduced τ-adic - NAF (RTNAF) method. - @param p The F2mPoint to Multiply. - @param k The BigInteger by which to Multiply p. - @return k * p - - - Multiplies a {@link org.bouncycastle.math.ec.F2mPoint F2mPoint} - by an element λ of Z[τ] - using the τ-adic NAF (TNAF) method. - @param p The F2mPoint to Multiply. - @param lambda The element λ of - Z[τ]. - @return λ * p - - - Multiplies a {@link org.bouncycastle.math.ec.F2mPoint F2mPoint} - by an element λ of Z[τ] - using the τ-adic NAF (TNAF) method, given the TNAF - of λ. - @param p The F2mPoint to Multiply. - @param u The the TNAF of λ.. - @return λ * p - - - Computes the [τ]-adic window NAF of an element - λ of Z[τ]. - @param mu The parameter μ of the elliptic curve. - @param lambda The element λ of - Z[τ] of which to compute the - [τ]-adic NAF. - @param width The window width of the resulting WNAF. - @param pow2w 2width. - @param tw The auxiliary value tw. - @param alpha The αu's for the window width. - @return The [τ]-adic window NAF of - λ. - - - Does the precomputation for WTNAF multiplication. - @param p The ECPoint for which to do the precomputation. - @param a The parameter a of the elliptic curve. - @return The precomputation array for p. - - - Class representing an element of Z[τ]. Let - λ be an element of Z[τ]. Then - λ is given as λ = u + vτ. The - components u and v may be used directly, there - are no accessor methods. - Immutable class. - - - The "real" part of λ. - - - The "τ-adic" part of λ. - - - Constructor for an element λ of - Z[τ]. - @param u The "real" part of λ. - @param v The "τ-adic" part of - λ. - - - Base class for an elliptic curve. - - - Decode a point on this curve from its ASN.1 encoding. The different - encodings are taken account of, including point compression for - Fp (X9.62 s 4.2.1 pg 17). - @return The decoded point. - - - Elliptic curve over Fp - - - Elliptic curves over F2m. The Weierstrass equation is given by - y2 + xy = x3 + ax2 + b. - - - The exponent m of F2m. - - - TPB: The integer k where xm + - xk + 1 represents the reduction polynomial - f(z).
    - PPB: The integer k1 where xm + - xk3 + xk2 + xk1 + 1 - represents the reduction polynomial f(z).
    -     - - TPB: Always set to 0
    - PPB: The integer k2 where xm + - xk3 + xk2 + xk1 + 1 - represents the reduction polynomial f(z).
    -     - - TPB: Always set to 0
    - PPB: The integer k3 where xm + - xk3 + xk2 + xk1 + 1 - represents the reduction polynomial f(z).
    -     - - The order of the base point of the curve. - - - The cofactor of the curve. - - - The point at infinity on this curve. - - - The parameter μ of the elliptic curve if this is - a Koblitz curve. - - - The auxiliary values s0 and - s1 used for partial modular reduction for - Koblitz curves. - - - Constructor for Trinomial Polynomial Basis (TPB). - @param m The exponent m of - F2m. - @param k The integer k where xm + - xk + 1 represents the reduction - polynomial f(z). - @param a The coefficient a in the Weierstrass equation - for non-supersingular elliptic curves over - F2m. - @param b The coefficient b in the Weierstrass equation - for non-supersingular elliptic curves over - F2m. - - - Constructor for Trinomial Polynomial Basis (TPB). - @param m The exponent m of - F2m. - @param k The integer k where xm + - xk + 1 represents the reduction - polynomial f(z). - @param a The coefficient a in the Weierstrass equation - for non-supersingular elliptic curves over - F2m. - @param b The coefficient b in the Weierstrass equation - for non-supersingular elliptic curves over - F2m. - @param n The order of the main subgroup of the elliptic curve. - @param h The cofactor of the elliptic curve, i.e. - #Ea(F2m) = h * n. - - - Constructor for Pentanomial Polynomial Basis (PPB). - @param m The exponent m of - F2m. - @param k1 The integer k1 where xm + - xk3 + xk2 + xk1 + 1 - represents the reduction polynomial f(z). - @param k2 The integer k2 where xm + - xk3 + xk2 + xk1 + 1 - represents the reduction polynomial f(z). - @param k3 The integer k3 where xm + - xk3 + xk2 + xk1 + 1 - represents the reduction polynomial f(z). - @param a The coefficient a in the Weierstrass equation - for non-supersingular elliptic curves over - F2m. - @param b The coefficient b in the Weierstrass equation - for non-supersingular elliptic curves over - F2m. - - - Constructor for Pentanomial Polynomial Basis (PPB). - @param m The exponent m of - F2m. - @param k1 The integer k1 where xm + - xk3 + xk2 + xk1 + 1 - represents the reduction polynomial f(z). - @param k2 The integer k2 where xm + - xk3 + xk2 + xk1 + 1 - represents the reduction polynomial f(z). - @param k3 The integer k3 where xm + - xk3 + xk2 + xk1 + 1 - represents the reduction polynomial f(z). - @param a The coefficient a in the Weierstrass equation - for non-supersingular elliptic curves over - F2m. - @param b The coefficient b in the Weierstrass equation - for non-supersingular elliptic curves over - F2m. - @param n The order of the main subgroup of the elliptic curve. - @param h The cofactor of the elliptic curve, i.e. - #Ea(F2m) = h * n. - - - Returns the parameter μ of the elliptic curve. - @return μ of the elliptic curve. - @throws ArgumentException if the given ECCurve is not a - Koblitz curve. - - - @return the auxiliary values s0 and - s1 used for partial modular reduction for - Koblitz curves. - - - Solves a quadratic equation z2 + z = beta(X9.62 - D.1.6) The other solution is z + 1. - - @param beta - The value to solve the qradratic equation for. - @return the solution for z2 + z = beta or - null if no solution exists. - - - Return true if curve uses a Trinomial basis. - - @return true if curve Trinomial, false otherwise. - - - Returns true if this is a Koblitz curve (ABC curve). - @return true if this is a Koblitz curve (ABC curve), false otherwise - - - return a sqrt root - the routine verifies that the calculation - returns the right value - if none exists it returns null. - - - return the field name for this field. - - @return the string "Fp". - - - Class representing the Elements of the finite field - F2m in polynomial basis (PB) - representation. Both trinomial (Tpb) and pentanomial (Ppb) polynomial - basis representations are supported. Gaussian normal basis (GNB) - representation is not supported. - - - Indicates gaussian normal basis representation (GNB). Number chosen - according to X9.62. GNB is not implemented at present. - - - Indicates trinomial basis representation (Tpb). Number chosen - according to X9.62. - - - Indicates pentanomial basis representation (Ppb). Number chosen - according to X9.62. - - - Tpb or Ppb. - - - The exponent m of F2m. - - - Tpb: The integer k where xm + - xk + 1 represents the reduction polynomial - f(z).
    - Ppb: The integer k1 where xm + - xk3 + xk2 + xk1 + 1 - represents the reduction polynomial f(z).
    -     - - Tpb: Always set to 0
    - Ppb: The integer k2 where xm + - xk3 + xk2 + xk1 + 1 - represents the reduction polynomial f(z).
    -     - - Tpb: Always set to 0
    - Ppb: The integer k3 where xm + - xk3 + xk2 + xk1 + 1 - represents the reduction polynomial f(z).
    -     - - The IntArray holding the bits. - - - The number of ints required to hold m bits. - - - Constructor for Ppb. - @param m The exponent m of - F2m. - @param k1 The integer k1 where xm + - xk3 + xk2 + xk1 + 1 - represents the reduction polynomial f(z). - @param k2 The integer k2 where xm + - xk3 + xk2 + xk1 + 1 - represents the reduction polynomial f(z). - @param k3 The integer k3 where xm + - xk3 + xk2 + xk1 + 1 - represents the reduction polynomial f(z). - @param x The BigInteger representing the value of the field element. - - - Constructor for Tpb. - @param m The exponent m of - F2m. - @param k The integer k where xm + - xk + 1 represents the reduction - polynomial f(z). - @param x The BigInteger representing the value of the field element. - - - Checks, if the ECFieldElements a and b - are elements of the same field F2m - (having the same representation). - @param a field element. - @param b field element to be compared. - @throws ArgumentException if a and b - are not elements of the same field - F2m (having the same - representation). - - - @return the representation of the field - F2m, either of - {@link F2mFieldElement.Tpb} (trinomial - basis representation) or - {@link F2mFieldElement.Ppb} (pentanomial - basis representation). - - - @return the degree m of the reduction polynomial - f(z). - - - @return Tpb: The integer k where xm + - xk + 1 represents the reduction polynomial - f(z).
    - Ppb: The integer k1 where xm + - xk3 + xk2 + xk1 + 1 - represents the reduction polynomial f(z).
    -     - - @return Tpb: Always returns 0
    - Ppb: The integer k2 where xm + - xk3 + xk2 + xk1 + 1 - represents the reduction polynomial f(z).
    -     - - @return Tpb: Always set to 0
    - Ppb: The integer k3 where xm + - xk3 + xk2 + xk1 + 1 - represents the reduction polynomial f(z).
    -     - - base class for points on elliptic curves. - - - Sets the PreCompInfo. Used by ECMultipliers - to save the precomputation for this ECPoint to store the - precomputation result for use by subsequent multiplication. - @param preCompInfo The values precomputed by the - ECMultiplier. - - - Sets the appropriate ECMultiplier, unless already set. - - - return the field element encoded with point compression. (S 4.3.6) - - - Multiplies this ECPoint by the given number. - @param k The multiplicator. - @return k * this. - - - Elliptic curve points over Fp - - - Create a point which encodes with point compression. - - @param curve the curve to use - @param x affine x co-ordinate - @param y affine y co-ordinate - - - Create a point that encodes with or without point compresion. - - @param curve the curve to use - @param x affine x co-ordinate - @param y affine y co-ordinate - @param withCompression if true encode with point compression - - - Sets the default ECMultiplier, unless already set. - - - Elliptic curve points over F2m - - - @param curve base curve - @param x x point - @param y y point - - - @param curve base curve - @param x x point - @param y y point - @param withCompression true if encode with point compression. - - - Constructor for point at infinity - - - Check, if two ECPoints can be added or subtracted. - @param a The first ECPoint to check. - @param b The second ECPoint to check. - @throws IllegalArgumentException if a and b - cannot be added. - - - Adds another ECPoints.F2m to this without - checking if both points are on the same curve. Used by multiplication - algorithms, because there all points are a multiple of the same point - and hence the checks can be omitted. - @param b The other ECPoints.F2m to add to - this. - @return this + b - - - Subtracts another ECPoints.F2m from this - without checking if both points are on the same curve. Used by - multiplication algorithms, because there all points are a multiple - of the same point and hence the checks can be omitted. - @param b The other ECPoints.F2m to subtract from - this. - @return this - b - - - Sets the appropriate ECMultiplier, unless already set. - - - Interface for classes encapsulating a point multiplication algorithm - for ECPoints. - - - Multiplies the ECPoint p by k, i.e. - p is added k times to itself. - @param p The ECPoint to be multiplied. - @param k The factor by which p i multiplied. - @return p multiplied by k. - - - Class implementing the NAF (Non-Adjacent Form) multiplication algorithm. - - - D.3.2 pg 101 - @see org.bouncycastle.math.ec.multiplier.ECMultiplier#multiply(org.bouncycastle.math.ec.ECPoint, java.math.BigInteger) - - - Interface for classes storing precomputation data for multiplication - algorithms. Used as a Memento (see GOF patterns) for - WNafMultiplier. - - - Simple shift-and-add multiplication. Serves as reference implementation - to verify (possibly faster) implementations in - {@link org.bouncycastle.math.ec.ECPoint ECPoint}. - - @param p The point to multiply. - @param k The factor by which to multiply. - @return The result of the point multiplication k * p. - - - Class implementing the WNAF (Window Non-Adjacent Form) multiplication - algorithm. - - - Computes the Window NAF (non-adjacent Form) of an integer. - @param width The width w of the Window NAF. The width is - defined as the minimal number w, such that for any - w consecutive digits in the resulting representation, at - most one is non-zero. - @param k The integer of which the Window NAF is computed. - @return The Window NAF of the given width, such that the following holds: - k = −i=0l-1 ki2i - , where the ki denote the elements of the - returned sbyte[]. - - - Multiplies this by an integer k using the - Window NAF method. - @param k The integer by which this is multiplied. - @return A new ECPoint which equals this - multiplied by k. - - - Class holding precomputation data for the WNAF (Window Non-Adjacent Form) - algorithm. - - - Array holding the precomputed ECPoints used for the Window - NAF multiplication in - {@link org.bouncycastle.math.ec.multiplier.WNafMultiplier.multiply() - WNafMultiplier.multiply()}. - - - Holds an ECPoint representing twice(this). Used for the - Window NAF multiplication in - {@link org.bouncycastle.math.ec.multiplier.WNafMultiplier.multiply() - WNafMultiplier.multiply()}. - - - Class implementing the WTNAF (Window - τ-adic Non-Adjacent Form) algorithm. - - - Multiplies a {@link org.bouncycastle.math.ec.F2mPoint F2mPoint} - by k using the reduced τ-adic NAF (RTNAF) - method. - @param p The F2mPoint to multiply. - @param k The integer by which to multiply k. - @return p multiplied by k. - - - Multiplies a {@link org.bouncycastle.math.ec.F2mPoint F2mPoint} - by an element λ of Z[τ] using - the τ-adic NAF (TNAF) method. - @param p The F2mPoint to multiply. - @param lambda The element λ of - Z[τ] of which to compute the - [τ]-adic NAF. - @return p multiplied by λ. - - - Multiplies a {@link org.bouncycastle.math.ec.F2mPoint F2mPoint} - by an element λ of Z[τ] - using the window τ-adic NAF (TNAF) method, given the - WTNAF of λ. - @param p The F2mPoint to multiply. - @param u The the WTNAF of λ.. - @return λ * p - - - Class holding precomputation data for the WTNAF (Window - τ-adic Non-Adjacent Form) algorithm. - - - Array holding the precomputed F2mPoints used for the - WTNAF multiplication in - {@link org.bouncycastle.math.ec.multiplier.WTauNafMultiplier.multiply() - WTauNafMultiplier.multiply()}. - - - Constructor for WTauNafPreCompInfo - @param preComp Array holding the precomputed F2mPoints - used for the WTNAF multiplication in - {@link org.bouncycastle.math.ec.multiplier.WTauNafMultiplier.multiply() - WTauNafMultiplier.multiply()}. - - - @return the array holding the precomputed F2mPoints - used for the WTNAF multiplication in - {@link org.bouncycastle.math.ec.multiplier.WTauNafMultiplier.multiply() - WTauNafMultiplier.multiply()}. - - - - - BasicOcspResponse ::= SEQUENCE { - tbsResponseData ResponseData, - signatureAlgorithm AlgorithmIdentifier, - signature BIT STRING, - certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL - } - - - - - - Get all critical extension values, by oid - - IDictionary with string (OID) keys and Asn1OctetString values - - - - Get all non-critical extension values, by oid - - IDictionary with string (OID) keys and Asn1OctetString values - - - - Get non critical extensions. - - A set of non critical extension oids. - - - - Get any critical extensions. - - A sorted list of critical entension. - - - - Get the value of a given extension. - - The object ID of the extension. - An Asn1OctetString object if that extension is found or null if not. - - - The DER encoding of the tbsResponseData field. - In the event of an encoding error. - - - The certificates, if any, associated with the response. - In the event of an encoding error. - - - - Verify the signature against the tbsResponseData object we contain. - - - - The ASN.1 encoded representation of this object. - - - Generator for basic OCSP response objects. - - - basic constructor - - - construct with the responderID to be the SHA-1 keyHash of the passed in public key. - - - Add a response for a particular Certificate ID. - - @param certID certificate ID details - @param certStatus status of the certificate - null if okay - - - Add a response for a particular Certificate ID. - - @param certID certificate ID details - @param certStatus status of the certificate - null if okay - @param singleExtensions optional extensions - - - Add a response for a particular Certificate ID. - - @param certID certificate ID details - @param nextUpdate date when next update should be requested - @param certStatus status of the certificate - null if okay - @param singleExtensions optional extensions - - - Add a response for a particular Certificate ID. - - @param certID certificate ID details - @param thisUpdate date this response was valid on - @param nextUpdate date when next update should be requested - @param certStatus status of the certificate - null if okay - @param singleExtensions optional extensions - - - Set the extensions for the response. - - @param responseExtensions the extension object to carry. - - - Return an IEnumerable of the signature names supported by the generator. - - @return an IEnumerable containing recognised names. - - - create from an issuer certificate and the serial number of the - certificate it signed. - @exception OcspException if any problems occur creating the id fields. - - - Create a new CertificateID for a new serial number derived from a previous one - calculated for the same CA certificate. - - @param original the previously calculated CertificateID for the CA. - @param newSerialNumber the serial number for the new certificate of interest. - - @return a new CertificateID for newSerialNumber - - - return the serial number for the certificate associated - with this request. - - - 
    -             OcspRequest     ::=     SEQUENCE {
-                   tbsRequest                  TBSRequest,
-                   optionalSignature   [0]     EXPLICIT Signature OPTIONAL }
-            
-               TBSRequest      ::=     SEQUENCE {
-                   version             [0]     EXPLICIT Version DEFAULT v1,
-                   requestorName       [1]     EXPLICIT GeneralName OPTIONAL,
-                   requestList                 SEQUENCE OF Request,
-                   requestExtensions   [2]     EXPLICIT Extensions OPTIONAL }
-            
-               Signature       ::=     SEQUENCE {
-                   signatureAlgorithm      AlgorithmIdentifier,
-                   signature               BIT STRING,
-                   certs               [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL}
-            
-               Version         ::=             INTEGER  {  v1(0) }
-            
-               Request         ::=     SEQUENCE {
-                   reqCert                     CertID,
-                   singleRequestExtensions     [0] EXPLICIT Extensions OPTIONAL }
-            
-               CertID          ::=     SEQUENCE {
-                   hashAlgorithm       AlgorithmIdentifier,
-                   issuerNameHash      OCTET STRING, -- Hash of Issuer's DN
-                   issuerKeyHash       OCTET STRING, -- Hash of Issuers public key
-                   serialNumber        CertificateSerialNumber }
-
    -     - - Return the DER encoding of the tbsRequest field. - @return DER encoding of tbsRequest - @throws OcspException in the event of an encoding error. - - - If the request is signed return a possibly empty CertStore containing the certificates in the - request. If the request is not signed the method returns null. - - @return null if not signed, a CertStore otherwise - @throws OcspException - - - Verify the signature against the TBSRequest object we contain. - - - return the ASN.1 encoded representation of this object. - - - return the object identifier representing the signature algorithm - - - Return whether or not this request is signed. - - @return true if signed false otherwise. - - - Add a request for the given CertificateID. - - @param certId certificate ID of interest - - - Add a request with extensions - - @param certId certificate ID of interest - @param singleRequestExtensions the extensions to attach to the request - - - Set the requestor name to the passed in X509Principal - - @param requestorName a X509Principal representing the requestor name. - - - Generate an unsigned request - - @return the OcspReq - @throws OcspException - - - Return an IEnumerable of the signature names supported by the generator. - - @return an IEnumerable containing recognised names. - - - return the ASN.1 encoded representation of this object. - - - base generator for an OCSP response - at the moment this only supports the - generation of responses containing BasicOCSP responses. - - - note 4 is not used. - - - Carrier for a ResponderID. - - - wrapper for the RevokedInfo object - - - return the revocation reason. Note: this field is optional, test for it - with hasRevocationReason() first. - @exception InvalidOperationException if a reason is asked for and none is avaliable - - - Return the status object for the response - null indicates good. - - @return the status object for the response, null if it is good. - - - return the NextUpdate value - note: this is an optional field so may - be returned as null. - - @return nextUpdate, or null if not present. - - - wrapper for the UnknownInfo object - - - Compressed data objects - - - Get the raw input stream contained in the object. - - - Return an uncompressed input stream which allows reading of the compressed data. - - - The algorithm used for compression - - - Class for producing compressed data packets. - - - -

    - Return an output stream which will save the data being written to - the compressed object. -

    -

    - The stream created can be closed off by either calling Close() - on the stream or Close() on the generator. Closing the returned - stream does not close off the Stream parameter outStr. -

    -     - Stream to be used for output. - A Stream for output of the compressed data. - - - -     - - -

    - Return an output stream which will compress the data as it is written to it. - The stream will be written out in chunks according to the size of the passed in buffer. -

    -

    - The stream created can be closed off by either calling Close() - on the stream or Close() on the generator. Closing the returned - stream does not close off the Stream parameter outStr. -

    -

    - Note: if the buffer is not a power of 2 in length only the largest power of 2 - bytes worth of the buffer will be used. -

    -

    - Note: using this may break compatibility with RFC 1991 compliant tools. - Only recent OpenPGP implementations are capable of accepting these streams. -

    -     - Stream to be used for output. - The buffer to use. - A Stream for output of the compressed data. - - - - -     - - Close the compressed object.summary> - - - - Thrown if the IV at the start of a data stream indicates the wrong key is being used. - - - - Generic exception class for PGP encoding/decoding problems. - - - Return the raw input stream for the data stream. - - - Return true if the message is integrity protected. - True, if there is a modification detection code namespace associated - with this stream. - - - Note: This can only be called after the message has been read. - True, if the message verifies, false otherwise - - - Generator for encrypted objects. - - - Existing SecureRandom constructor. - The symmetric algorithm to use. - Source of randomness. - - - Creates a cipher stream which will have an integrity packet associated with it. - - - Base constructor. - The symmetric algorithm to use. - Source of randomness. - PGP 2.6.x compatibility required. - - - - Add a PBE encryption method to the encrypted object using the default algorithm (S2K_SHA1). - - - - Add a PBE encryption method to the encrypted object. - - - Add a public key encrypted session key to the encrypted object. - - - -

    - If buffer is non null stream assumed to be partial, otherwise the length will be used - to output a fixed length packet. -

    -

    - The stream created can be closed off by either calling Close() - on the stream or Close() on the generator. Closing the returned - stream does not close off the Stream parameter outStr. -

    -     -     - - -

    - Return an output stream which will encrypt the data as it is written to it. -

    -

    - The stream created can be closed off by either calling Close() - on the stream or Close() on the generator. Closing the returned - stream does not close off the Stream parameter outStr. -

    -     -     - - -

    - Return an output stream which will encrypt the data as it is written to it. - The stream will be written out in chunks according to the size of the passed in buffer. -

    -

    - The stream created can be closed off by either calling Close() - on the stream or Close() on the generator. Closing the returned - stream does not close off the Stream parameter outStr. -

    -

    - Note: if the buffer is not a power of 2 in length only the largest power of 2 - bytes worth of the buffer will be used. -

    -     -     - - -

    - Close off the encrypted object - this is equivalent to calling Close() on the stream - returned by the Open() method. -

    -

    - Note: This does not close the underlying output stream, only the stream on top of - it created by the Open() method. -

    -     -     - - A holder for a list of PGP encryption method packets. - - - Key flag values for the KeyFlags subpacket. - - - - General class to handle JCA key pairs and convert them into OpenPGP ones. -

    - A word for the unwary, the KeyId for an OpenPGP public key is calculated from - a hash that includes the time of creation, if you pass a different date to the - constructor below with the same public private key pair the KeyIs will not be the - same as for previous generations of the key, so ideally you only want to do - this once. -

    -     -     - - Create a key pair from a PgpPrivateKey and a PgpPublicKey. - The public key. - The private key. - - - The keyId associated with this key pair. - - - - Generator for a PGP master and subkey ring. - This class will generate both the secret and public key rings - - - - - Create a new key ring generator using old style checksumming. It is recommended to use - SHA1 checksumming where possible. - - The certification level for keys on this ring. - The master key pair. - The id to be associated with the ring. - The algorithm to be used to protect secret keys. - The passPhrase to be used to protect secret keys. - Packets to be included in the certification hash. - Packets to be attached unhashed to the certification. - input secured random. - - - - Create a new key ring generator. - - The certification level for keys on this ring. - The master key pair. - The id to be associated with the ring. - The algorithm to be used to protect secret keys. - The passPhrase to be used to protect secret keys. - Checksum the secret keys with SHA1 rather than the older 16 bit checksum. - Packets to be included in the certification hash. - Packets to be attached unhashed to the certification. - input secured random. - - - Add a subkey to the key ring to be generated with default certification. - - - - Add a subkey with specific hashed and unhashed packets associated with it and - default certification. - - Public/private key pair. - Hashed packet values to be included in certification. - Unhashed packets values to be included in certification. - - - - Return the secret key ring. - - - Return the public key ring that corresponds to the secret key ring. - - - - Thrown if the key checksum is invalid. - - - - Class for processing literal data objects. - - - The special name indicating a "for your eyes only" packet. - - - Return the file name as an unintrepreted byte array. - - - The raw input stream for the data stream. - - - The input stream representing the data stream. - - - The format of the data stream - Binary or Text - - - The file name that's associated with the data stream. - - - The modification time for the file. - - - Class for producing literal data packets. - - - The special name indicating a "for your eyes only" packet. - - - - Generates literal data objects in the old format. - This is important if you need compatibility with PGP 2.6.x. - - If true, uses old format. - - - -

    - Open a literal data packet, returning a stream to store the data inside the packet. -

    -

    - The stream created can be closed off by either calling Close() - on the stream or Close() on the generator. Closing the returned - stream does not close off the Stream parameter outStr. -

    -     - The stream we want the packet in. - The format we are using. - The name of the 'file'. - The length of the data we will write. - The time of last modification we want stored. -     - - -

    - Open a literal data packet, returning a stream to store the data inside the packet, - as an indefinite length stream. The stream is written out as a series of partial - packets with a chunk size determined by the size of the passed in buffer. -

    -

    - The stream created can be closed off by either calling Close() - on the stream or Close() on the generator. Closing the returned - stream does not close off the Stream parameter outStr. -

    -

    - Note: if the buffer is not a power of 2 in length only the largest power of 2 - bytes worth of the buffer will be used.

    -     - The stream we want the packet in. - The format we are using. - The name of the 'file'. - The time of last modification we want stored. - The buffer to use for collecting data to put into chunks. -     - - - Close the literal data packet - this is equivalent to calling Close() - on the stream returned by the Open() method. - - - - - A PGP marker packet - in general these should be ignored other than where - the idea is to preserve the original input stream. - - - - - General class for reading a PGP object stream. -

    - Note: if this class finds a PgpPublicKey or a PgpSecretKey it - will create a PgpPublicKeyRing, or a PgpSecretKeyRing for each - key found. If all you are trying to do is read a key ring file use - either PgpPublicKeyRingBundle or PgpSecretKeyRingBundle.

    -     -     - - Return the next object in the stream, or null if the end is reached. - On a parse error - - - - Return all available objects in a list. - - An IList containing all objects from this factory, in order. - - - A one pass signature object. - - - Initialise the signature object for verification. - - - Verify the calculated signature against the passed in PgpSignature. - - - Holder for a list of PgpOnePassSignature objects. - - - A password based encryption object. - - - Return the raw input stream for the data stream. - - - Return the decrypted input stream, using the passed in passphrase. - - - General class to contain a private key for use with other OpenPGP objects. - - - - Create a PgpPrivateKey from a regular private key and the ID of its - associated public key. - - Private key to use. - ID of the corresponding public key. - - - The keyId associated with the contained private key. - - - The contained private key. - - - General class to handle a PGP public key object. - - - - Create a PgpPublicKey from the passed in lightweight one. - - - Note: the time passed in affects the value of the key's keyId, so you probably only want - to do this once for a lightweight key, or make sure you keep track of the time you used. - - Asymmetric algorithm type representing the public key. - Actual public key to associate. - Date of creation. - If pubKey is not public. - On key creation problem. - - - Constructor for a sub-key. - - - Copy constructor. - The public key to copy. - - - Return the trust data associated with the public key, if present. - A byte array with trust data, null otherwise. - - - The number of valid seconds from creation time - zero means no expiry. - - - The fingerprint of the key - - - The public key contained in the object. - A lightweight public key. - If the key algorithm is not recognised. - - - Allows enumeration of any user IDs associated with the key. - An IEnumerable of string objects. - - - Allows enumeration of any user attribute vectors associated with the key. - An IEnumerable of PgpUserAttributeSubpacketVector objects. - - - Allows enumeration of any signatures associated with the passed in id. - The ID to be matched. - An IEnumerable of PgpSignature objects. - - - Allows enumeration of signatures associated with the passed in user attributes. - The vector of user attributes to be matched. - An IEnumerable of PgpSignature objects. - - - Allows enumeration of signatures of the passed in type that are on this key. - The type of the signature to be returned. - An IEnumerable of PgpSignature objects. - - - Allows enumeration of all signatures/certifications associated with this key. - An IEnumerable with all signatures/certifications. - - - Check whether this (sub)key has a revocation signature on it. - True, if this (sub)key has been revoked. - - - Add a certification for an id to the given public key. - The key the certification is to be added to. - The ID the certification is associated with. - The new certification. - The re-certified key. - - - Add a certification for the given UserAttributeSubpackets to the given public key. - The key the certification is to be added to. - The attributes the certification is associated with. - The new certification. - The re-certified key. - - - - Remove any certifications associated with a user attribute subpacket on a key. - - The key the certifications are to be removed from. - The attributes to be removed. - - The re-certified key, or null if the user attribute subpacket was not found on the key. - - - - Remove any certifications associated with a given ID on a key. - The key the certifications are to be removed from. - The ID that is to be removed. - The re-certified key, or null if the ID was not found on the key. - - - Remove a certification associated with a given ID on a key. - The key the certifications are to be removed from. - The ID that the certfication is to be removed from. - The certfication to be removed. - The re-certified key, or null if the certification was not found. - - - Remove a certification associated with a given user attributes on a key. - The key the certifications are to be removed from. - The user attributes that the certfication is to be removed from. - The certification to be removed. - The re-certified key, or null if the certification was not found. - - - Add a revocation or some other key certification to a key. - The key the revocation is to be added to. - The key signature to be added. - The new changed public key object. - - - Remove a certification from the key. - The key the certifications are to be removed from. - The certfication to be removed. - The modified key, null if the certification was not found. - - - The version of this key. - - - The creation time of this key. - - - The number of valid days from creation time - zero means no expiry. - - - The keyId associated with the public key. - - - - Check if this key has an algorithm type that makes it suitable to use for encryption. - - - Note: with version 4 keys KeyFlags subpackets should also be considered when present for - determining the preferred use of the key. - - - true if this key algorithm is suitable for encryption. - - - - True, if this is a master key. - - - The algorithm code associated with the public key. - - - The strength of the key in bits. - - - A public key encrypted data object. - - - - Return the algorithm code for the symmetric algorithm used to encrypt the data. - - - - Return the decrypted data stream for the packet. - - - The key ID for the key used to encrypt the data. - - - - Class to hold a single master public key and its subkeys. -

    - Often PGP keyring files consist of multiple master keys, if you are trying to process - or construct one of these you should use the PgpPublicKeyRingBundle class. -

    -     -     - - Return the first public key in the ring. - - - Return the public key referred to by the passed in key ID if it is present. - - - Allows enumeration of all the public keys. - An IEnumerable of PgpPublicKey objects. - - - - Returns a new key ring with the public key passed in either added or - replacing an existing one. - - The public key ring to be modified. - The public key to be inserted. - A new PgpPublicKeyRing - - - Returns a new key ring with the public key passed in removed from the key ring. - The public key ring to be modified. - The public key to be removed. - A new PgpPublicKeyRing, or null if pubKey is not found. - - - - Often a PGP key ring file is made up of a succession of master/sub-key key rings. - If you want to read an entire public key file in one hit this is the class for you. - - - - Build a PgpPublicKeyRingBundle from the passed in input stream. - Input stream containing data. - If a problem parsing the stream occurs. - If an object is encountered which isn't a PgpPublicKeyRing. - - - Allow enumeration of the public key rings making up this collection. - - - Allow enumeration of the key rings associated with the passed in userId. - The user ID to be matched. - An IEnumerable of key rings which matched (possibly none). - - - Allow enumeration of the key rings associated with the passed in userId. - The user ID to be matched. - If true, userId need only be a substring of an actual ID string to match. - An IEnumerable of key rings which matched (possibly none). - - - Allow enumeration of the key rings associated with the passed in userId. - The user ID to be matched. - If true, userId need only be a substring of an actual ID string to match. - If true, case is ignored in user ID comparisons. - An IEnumerable of key rings which matched (possibly none). - - - Return the PGP public key associated with the given key id. - The ID of the public key to return. - - - Return the public key ring which contains the key referred to by keyId - key ID to match against - - - - Return true if a key matching the passed in key ID is present, false otherwise. - - key ID to look for. - - - - Return a new bundle containing the contents of the passed in bundle and - the passed in public key ring. - - The PgpPublicKeyRingBundle the key ring is to be added to. - The key ring to be added. - A new PgpPublicKeyRingBundle merging the current one with the passed in key ring. - If the keyId for the passed in key ring is already present. - - - - Return a new bundle containing the contents of the passed in bundle with - the passed in public key ring removed. - - The PgpPublicKeyRingBundle the key ring is to be removed from. - The key ring to be removed. - A new PgpPublicKeyRingBundle not containing the passed in key ring. - If the keyId for the passed in key ring is not present. - - - Return the number of key rings in this collection. - - - General class to handle a PGP secret key object. - - - Extract a PgpPrivateKey from this secret key's encrypted contents. - - - - Return a copy of the passed in secret key, encrypted using a new password - and the passed in algorithm. - - The PgpSecretKey to be copied. - The current password for the key. - The new password for the key. - The algorithm to be used for the encryption. - Source of randomness. - - - Replace the passed the public key on the passed in secret key. - Secret key to change. - New public key. - A new secret key. - If KeyId's do not match. - - - - Check if this key has an algorithm type that makes it suitable to use for signing. - - - Note: with version 4 keys KeyFlags subpackets should also be considered when present for - determining the preferred use of the key. - - - true if this key algorithm is suitable for use with signing. - - - - True, if this is a master key. - - - The algorithm the key is encrypted with. - - - The key ID of the public key associated with this key. - - - The public key associated with this key. - - - Allows enumeration of any user IDs associated with the key. - An IEnumerable of string objects. - - - Allows enumeration of any user attribute vectors associated with the key. - An IEnumerable of string objects. - - - - Class to hold a single master secret key and its subkeys. -

    - Often PGP keyring files consist of multiple master keys, if you are trying to process - or construct one of these you should use the PgpSecretKeyRingBundle class. -

    -     -     - - Return the public key for the master key. - - - Return the master private key. - - - Allows enumeration of the secret keys. - An IEnumerable of PgpSecretKey objects. - - - - Return an iterator of the public keys in the secret key ring that - have no matching private key. At the moment only personal certificate data - appears in this fashion. - - An IEnumerable of unattached, or extra, public keys. - - - - Replace the public key set on the secret ring with the corresponding key off the public ring. - - Secret ring to be changed. - Public ring containing the new public key set. - - - - Return a copy of the passed in secret key ring, with the master key and sub keys encrypted - using a new password and the passed in algorithm. - - The PgpSecretKeyRing to be copied. - The current password for key. - The new password for the key. - The algorithm to be used for the encryption. - Source of randomness. - - - - Returns a new key ring with the secret key passed in either added or - replacing an existing one with the same key ID. - - The secret key ring to be modified. - The secret key to be inserted. - A new PgpSecretKeyRing - - - Returns a new key ring with the secret key passed in removed from the key ring. - The secret key ring to be modified. - The secret key to be removed. - A new PgpSecretKeyRing, or null if secKey is not found. - - - - Often a PGP key ring file is made up of a succession of master/sub-key key rings. - If you want to read an entire secret key file in one hit this is the class for you. - - - - Build a PgpSecretKeyRingBundle from the passed in input stream. - Input stream containing data. - If a problem parsing the stream occurs. - If an object is encountered which isn't a PgpSecretKeyRing. - - - Allow enumeration of the secret key rings making up this collection. - - - Allow enumeration of the key rings associated with the passed in userId. - The user ID to be matched. - An IEnumerable of key rings which matched (possibly none). - - - Allow enumeration of the key rings associated with the passed in userId. - The user ID to be matched. - If true, userId need only be a substring of an actual ID string to match. - An IEnumerable of key rings which matched (possibly none). - - - Allow enumeration of the key rings associated with the passed in userId. - The user ID to be matched. - If true, userId need only be a substring of an actual ID string to match. - If true, case is ignored in user ID comparisons. - An IEnumerable of key rings which matched (possibly none). - - - Return the PGP secret key associated with the given key id. - The ID of the secret key to return. - - - Return the secret key ring which contains the key referred to by keyId - The ID of the secret key - - - - Return true if a key matching the passed in key ID is present, false otherwise. - - key ID to look for. - - - - Return a new bundle containing the contents of the passed in bundle and - the passed in secret key ring. - - The PgpSecretKeyRingBundle the key ring is to be added to. - The key ring to be added. - A new PgpSecretKeyRingBundle merging the current one with the passed in key ring. - If the keyId for the passed in key ring is already present. - - - - Return a new bundle containing the contents of the passed in bundle with - the passed in secret key ring removed. - - The PgpSecretKeyRingBundle the key ring is to be removed from. - The key ring to be removed. - A new PgpSecretKeyRingBundle not containing the passed in key ring. - If the keyId for the passed in key ring is not present. - - - Return the number of rings in this collection. - - - A PGP signature object. - - - - Verify the signature as certifying the passed in public key as associated - with the passed in user attributes. - - User attributes the key was stored under. - The key to be verified. - True, if the signature matches, false otherwise. - - - - Verify the signature as certifying the passed in public key as associated - with the passed in ID. - - ID the key was stored under. - The key to be verified. - True, if the signature matches, false otherwise. - - - Verify a certification for the passed in key against the passed in master key. - The key we are verifying against. - The key we are verifying. - True, if the certification is valid, false otherwise. - - - Verify a key certification, such as revocation, for the passed in key. - The key we are checking. - True, if the certification is valid, false otherwise. - - - The OpenPGP version number for this signature. - - - The key algorithm associated with this signature. - - - The hash algorithm associated with this signature. - - - The ID of the key that created the signature. - - - The creation time of this signature. - - - - Return true if the signature has either hashed or unhashed subpackets. - - - - Generator for PGP signatures. - - - Create a generator for the passed in keyAlgorithm and hashAlgorithm codes. - - - Initialise the generator for signing. - - - Initialise the generator for signing. - - - Return the one pass header associated with the current signature. - - - Return a signature object containing the current signature state. - - - Generate a certification for the passed in ID and key. - The ID we are certifying against the public key. - The key we are certifying against the ID. - The certification. - - - Generate a certification for the passed in userAttributes. - The ID we are certifying against the public key. - The key we are certifying against the ID. - The certification. - - - Generate a certification for the passed in key against the passed in master key. - The key we are certifying against. - The key we are certifying. - The certification. - - - Generate a certification, such as a revocation, for the passed in key. - The key we are certifying. - The certification. - - - A list of PGP signatures - normally in the signature block after literal data. - - - Generator for signature subpackets. - - - - Add a TrustSignature packet to the signature. The values for depth and trust are largely - installation dependent but there are some guidelines in RFC 4880 - 5.2.3.13. - - true if the packet is critical. - depth level. - trust amount. - - - - Set the number of seconds a key is valid for after the time of its creation. - A value of zero means the key never expires. - - True, if should be treated as critical, false otherwise. - The number of seconds the key is valid, or zero if no expiry. - - - - Set the number of seconds a signature is valid for after the time of its creation. - A value of zero means the signature never expires. - - True, if should be treated as critical, false otherwise. - The number of seconds the signature is valid, or zero if no expiry. - - - - Set the creation time for the signature. -

    - Note: this overrides the generation of a creation time when the signature - is generated.

    -     -     - - - Sets revocation reason sub packet - - - - - Sets revocation key sub packet - - - - - Sets issuer key sub packet - - - - Container for a list of signature subpackets. - - - Return true if a particular subpacket type exists. - - @param type type to look for. - @return true if present, false otherwise. - - - Return all signature subpackets of the passed in type. - @param type subpacket type code - @return an array of zero or more matching subpackets. - - - - Return the number of seconds a signature is valid for after its creation date. - A value of zero means the signature never expires. - - Seconds a signature is valid for. - - - - Return the number of seconds a key is valid for after its creation date. - A value of zero means the key never expires. - - Seconds a signature is valid for. - - - Return the number of packets this vector contains. - - - Container for a list of user attribute subpackets. - - - Basic utility class. - - - - Return either an ArmoredInputStream or a BcpgInputStream based on whether - the initial characters of the stream are binary PGP encodings or not. - - - - Generator for old style PGP V3 Signatures. - - - Create a generator for the passed in keyAlgorithm and hashAlgorithm codes. - - - Initialise the generator for signing. - - - Initialise the generator for signing. - - - Return the one pass header associated with the current signature. - - - Return a V3 signature object containing the current signature state. - - - PEM generator for the original set of PEM objects used in Open SSL. - - - - A - - - - - Class for reading OpenSSL PEM encoded streams containing - X509 certificates, PKCS8 encoded keys and PKCS7 objects. -

    - In the case of PKCS7 objects the reader will return a CMS ContentInfo object. Keys and - Certificates will be returned using the appropriate java.security type.

    -     - - - A - - - - - Create a new PemReader - - @param reader the Reader - - - Create a new PemReader with a password finder - - @param reader the Reader - @param pFinder the password finder - - - Reads in a X509Certificate. - - @return the X509Certificate - @throws IOException if an I/O error occured - - - Reads in a X509CRL. - - @return the X509Certificate - @throws IOException if an I/O error occured - - - Reads in a PKCS10 certification request. - - @return the certificate request. - @throws IOException if an I/O error occured - - - Reads in a X509 Attribute Certificate. - - @return the X509 Attribute Certificate - @throws IOException if an I/O error occured - - - Reads in a PKCS7 object. This returns a ContentInfo object suitable for use with the CMS - API. - - @return the X509Certificate - @throws IOException if an I/O error occured - - - Read a Key Pair - - - General purpose writer for OpenSSL PEM objects. - - - A generic PEM writer, based on RFC 1421 - - - Base constructor. - - @param out output stream to use. - - - Return the number of bytes or characters required to contain the - passed in object if it is PEM encoded. - - @param obj pem object to be output - @return an estimate of the number of bytes - - - The TextWriter object to write the output to. - - - Constructor for an unencrypted private key PEM object. - - @param key private key to be encoded. - - - Constructor for an encrypted private key PEM object. - - @param key private key to be encoded - @param algorithm encryption algorithm to use - @param provider provider to use - @throws NoSuchAlgorithmException if algorithm/mode cannot be found - - - - A class for verifying and creating Pkcs10 Certification requests. - - - CertificationRequest ::= Sequence { - certificationRequestInfo CertificationRequestInfo, - signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }}, - signature BIT STRING - } - - CertificationRequestInfo ::= Sequence { - version Integer { v1(0) } (v1,...), - subject Name, - subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }}, - attributes [0] Attributes{{ CRIAttributes }} - } - - Attributes { ATTRIBUTE:IOSet } ::= Set OF Attr{{ IOSet }} - - Attr { ATTRIBUTE:IOSet } ::= Sequence { - type ATTRIBUTE.&id({IOSet}), - values Set SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{\@type}) - } - - see - - - - Instantiate a Pkcs10CertificationRequest object with the necessary credentials. - - Name of Sig Alg. - X509Name of subject eg OU="My unit." O="My Organisatioin" C="au" - Public Key to be included in cert reqest. - ASN1Set of Attributes. - Matching Private key for nominated (above) public key to be used to sign the request. - - - - Get the public key. - - The public key. - - - - Verify Pkcs10 Cert Request is valid. - - true = valid. - - - - A class for creating and verifying Pkcs10 Certification requests (this is an extension on ). - The requests are made using delay signing. This is useful for situations where - the private key is in another environment and not directly accessible (e.g. HSM) - So the first step creates the request, then the signing is done outside this - object and the signature is then used to complete the request. - - - CertificationRequest ::= Sequence { - certificationRequestInfo CertificationRequestInfo, - signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }}, - signature BIT STRING - } - - CertificationRequestInfo ::= Sequence { - version Integer { v1(0) } (v1,...), - subject Name, - subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }}, - attributes [0] Attributes{{ CRIAttributes }} - } - - Attributes { ATTRIBUTE:IOSet } ::= Set OF Attr{{ IOSet }} - - Attr { ATTRIBUTE:IOSet } ::= Sequence { - type ATTRIBUTE.&id({IOSet}), - values Set SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{\@type}) - } - - see - - - - Instantiate a Pkcs10CertificationRequest object with the necessary credentials. - - Name of Sig Alg. - X509Name of subject eg OU="My unit." O="My Organisatioin" C="au" - Public Key to be included in cert reqest. - ASN1Set of Attributes. - - After the object is constructed use the and finally the - SignRequest methods to finalize the request. - - - - simply return the cert entry for the private key - - - Utility class for reencoding PKCS#12 files to definite length. - - - Just re-encode the outer layer of the PKCS#12 file to definite length encoding. - - @param berPKCS12File - original PKCS#12 file - @return a byte array representing the DER encoding of the PFX structure - @throws IOException - - - Re-encode the PKCS#12 structure to definite length encoding at the inner layer - as well, recomputing the MAC accordingly. - - @param berPKCS12File - original PKCS12 file. - @param provider - provider to use for MAC calculation. - @return a byte array representing the DER encoding of the PFX structure. - @throws IOException on parsing, encoding errors. - - - - Returns the revocationDate. - - - - - Returns the certStatus. - - - - Returns an immutable Set of X.509 attribute certificate - extensions that this PkixAttrCertChecker supports or - null if no extensions are supported. -

    - Each element of the set is a String representing the - Object Identifier (OID) of the X.509 extension that is supported. -

    -

    - All X.509 attribute certificate extensions that a - PkixAttrCertChecker might possibly be able to process - should be included in the set. -

    - - @return an immutable Set of X.509 extension OIDs (in - String format) supported by this - PkixAttrCertChecker, or null if no - extensions are supported -     - - Performs checks on the specified attribute certificate. Every handled - extension is rmeoved from the unresolvedCritExts - collection. - - @param attrCert The attribute certificate to be checked. - @param certPath The certificate path which belongs to the attribute - certificate issuer public key certificate. - @param holderCertPath The certificate path which belongs to the holder - certificate. - @param unresolvedCritExts a Collection of OID strings - representing the current set of unresolved critical extensions - @throws CertPathValidatorException if the specified attribute certificate - does not pass the check. - - - Returns a clone of this object. - - @return a copy of this PkixAttrCertChecker - - - Build and validate a CertPath using the given parameter. - - @param params PKIXBuilderParameters object containing all information to - build the CertPath - - - CertPathValidatorSpi implementation for X.509 Attribute Certificates la RFC 3281. - - @see org.bouncycastle.x509.ExtendedPkixParameters - - - Validates an attribute certificate with the given certificate path. - -

    - params must be an instance of - ExtendedPkixParameters. -

    - The target constraints in the params must be an - X509AttrCertStoreSelector with at least the attribute - certificate criterion set. Obey that also target informations may be - necessary to correctly validate this attribute certificate. -

    - The attribute certificate issuer must be added to the trusted attribute - issuers with {@link ExtendedPkixParameters#setTrustedACIssuers(Set)}. -

    - @param certPath The certificate path which belongs to the attribute - certificate issuer public key certificate. - @param params The PKIX parameters. - @return A PKIXCertPathValidatorResult of the result of - validating the certPath. - @throws InvalidAlgorithmParameterException if params is - inappropriate for this validator. - @throws CertPathValidatorException if the verification fails. -     - - - Summary description for PkixBuilderParameters. - - - - - Summary description for PkixParameters. - - - - This is the default PKIX validity model. Actually there are two variants - of this: The PKIX model and the modified PKIX model. The PKIX model - verifies that all involved certificates must have been valid at the - current time. The modified PKIX model verifies that all involved - certificates were valid at the signing time. Both are indirectly choosen - with the {@link PKIXParameters#setDate(java.util.Date)} method, so this - methods sets the Date when all certificates must have been - valid. - - - This model uses the following validity model. Each certificate must have - been valid at the moment where is was used. That means the end - certificate must have been valid at the time the signature was done. The - CA certificate which signed the end certificate must have been valid, - when the end certificate was signed. The CA (or Root CA) certificate must - have been valid, when the CA certificate was signed and so on. So the - {@link PKIXParameters#setDate(java.util.Date)} method sets the time, when - the end certificate must have been valid.

    It is used e.g. - in the German signature law. - - - Creates an instance of PKIXParameters with the specified Set of - most-trusted CAs. Each element of the set is a TrustAnchor.
    -
    - Note that the Set is copied to protect against subsequent modifications. - - @param trustAnchors - a Set of TrustAnchors - - @exception InvalidAlgorithmParameterException - if the specified Set is empty - (trustAnchors.isEmpty() == true) - @exception NullPointerException - if the specified Set is null - @exception ClassCastException - if any of the elements in the Set are not of type - java.security.cert.TrustAnchor -     - - Returns the required constraints on the target certificate. The - constraints are returned as an instance of CertSelector. If - null, no constraints are defined.
    -
    - Note that the CertSelector returned is cloned to protect against - subsequent modifications. - - @return a CertSelector specifying the constraints on the target - certificate (or null) - - @see #setTargetCertConstraints(CertSelector) -     - - Sets the required constraints on the target certificate. The constraints - are specified as an instance of CertSelector. If null, no constraints are - defined.
    -
    - Note that the CertSelector specified is cloned to protect against - subsequent modifications. - - @param selector - a CertSelector specifying the constraints on the target - certificate (or null) - - @see #getTargetCertConstraints() -     - - Returns an immutable Set of initial policy identifiers (OID strings), - indicating that any one of these policies would be acceptable to the - certificate user for the purposes of certification path processing. The - default return value is an empty Set, which is - interpreted as meaning that any policy would be acceptable. - - @return an immutable Set of initial policy OIDs in String - format, or an empty Set (implying any policy is - acceptable). Never returns null. - - @see #setInitialPolicies(java.util.Set) - - - Sets the Set of initial policy identifiers (OID strings), - indicating that any one of these policies would be acceptable to the - certificate user for the purposes of certification path processing. By - default, any policy is acceptable (i.e. all policies), so a user that - wants to allow any policy as acceptable does not need to call this - method, or can call it with an empty Set (or - null).
    -
    - Note that the Set is copied to protect against subsequent modifications.
    -
    - - @param initialPolicies - a Set of initial policy OIDs in String format (or - null) - - @exception ClassCastException - if any of the elements in the set are not of type String - - @see #getInitialPolicies() -     - - Sets a List of additional certification path checkers. If - the specified List contains an object that is not a PKIXCertPathChecker, - it is ignored.
    -
    - Each PKIXCertPathChecker specified implements additional - checks on a certificate. Typically, these are checks to process and - verify private extensions contained in certificates. Each - PKIXCertPathChecker should be instantiated with any - initialization parameters needed to execute the check.
    -
    - This method allows sophisticated applications to extend a PKIX - CertPathValidator or CertPathBuilder. Each - of the specified PKIXCertPathCheckers will be called, in turn, by a PKIX - CertPathValidator or CertPathBuilder for - each certificate processed or validated.
    -
    - Regardless of whether these additional PKIXCertPathCheckers are set, a - PKIX CertPathValidator or CertPathBuilder - must perform all of the required PKIX checks on each certificate. The one - exception to this rule is if the RevocationEnabled flag is set to false - (see the {@link #setRevocationEnabled(boolean) setRevocationEnabled} - method).
    -
    - Note that the List supplied here is copied and each PKIXCertPathChecker - in the list is cloned to protect against subsequent modifications. - - @param checkers - a List of PKIXCertPathCheckers. May be null, in which case no - additional checkers will be used. - @exception ClassCastException - if any of the elements in the list are not of type - java.security.cert.PKIXCertPathChecker - @see #getCertPathCheckers() -     - - Returns the List of certification path checkers. Each PKIXCertPathChecker - in the returned IList is cloned to protect against subsequent modifications. - - @return an immutable List of PKIXCertPathCheckers (may be empty, but not - null) - - @see #setCertPathCheckers(java.util.List) - - - Adds a PKIXCertPathChecker to the list of certification - path checkers. See the {@link #setCertPathCheckers setCertPathCheckers} - method for more details. -

    - Note that the PKIXCertPathChecker is cloned to protect - against subsequent modifications.

    - - @param checker a PKIXCertPathChecker to add to the list of - checks. If null, the checker is ignored (not added to list). -     - - Method to support Clone() under J2ME. - super.Clone() does not exist and fields are not copied. - - @param params Parameters to set. If this are - ExtendedPkixParameters they are copied to. - - - Sets the Bouncy Castle Stores for finding CRLs, certificates, attribute - certificates or cross certificates. -

    - The IList is cloned. -

    - - @param stores A list of stores to use. - @see #getStores - @throws ClassCastException if an element of stores is not - a {@link Store}. -     - - Adds a Bouncy Castle {@link Store} to find CRLs, certificates, attribute - certificates or cross certificates. -

    - This method should be used to add local stores, like collection based - X.509 stores, if available. Local stores should be considered first, - before trying to use additional (remote) locations, because they do not - need possible additional network traffic. -

    - If store is null it is ignored. -

    - - @param store The store to add. - @see #getStores -     - - Adds an additional Bouncy Castle {@link Store} to find CRLs, certificates, - attribute certificates or cross certificates. -

    - You should not use this method. This method is used for adding additional - X.509 stores, which are used to add (remote) locations, e.g. LDAP, found - during X.509 object processing, e.g. in certificates or CRLs. This method - is used in PKIX certification path processing. -

    - If store is null it is ignored. -

    - - @param store The store to add. - @see #getStores() -     - - Returns an IList of additional Bouncy Castle - Stores used for finding CRLs, certificates, attribute - certificates or cross certificates. - - @return an immutable IList of additional Bouncy Castle - Stores. Never null. - - @see #addAddionalStore(Store) - - - Returns an IList of Bouncy Castle - Stores used for finding CRLs, certificates, attribute - certificates or cross certificates. - - @return an immutable IList of Bouncy Castle - Stores. Never null. - - @see #setStores(IList) - - - Sets if additional {@link X509Store}s for locations like LDAP found in - certificates or CRLs should be used. - - @param enabled true if additional stores are used. - - - Returns the required constraints on the target certificate or attribute - certificate. The constraints are returned as an instance of - IX509Selector. If null, no constraints are - defined. - -

    - The target certificate in a PKIX path may be a certificate or an - attribute certificate. -

    - Note that the IX509Selector returned is cloned to protect - against subsequent modifications. -

    - @return a IX509Selector specifying the constraints on the - target certificate or attribute certificate (or null) - @see #setTargetConstraints - @see X509CertStoreSelector - @see X509AttributeCertStoreSelector -     - - Sets the required constraints on the target certificate or attribute - certificate. The constraints are specified as an instance of - IX509Selector. If null, no constraints are - defined. -

    - The target certificate in a PKIX path may be a certificate or an - attribute certificate. -

    - Note that the IX509Selector specified is cloned to protect - against subsequent modifications. -

    - - @param selector a IX509Selector specifying the constraints on - the target certificate or attribute certificate (or - null) - @see #getTargetConstraints - @see X509CertStoreSelector - @see X509AttributeCertStoreSelector -     - - Returns the trusted attribute certificate issuers. If attribute - certificates is verified the trusted AC issuers must be set. -

    - The returned ISet consists of TrustAnchors. -

    - The returned ISet is immutable. Never null -

    - - @return Returns an immutable set of the trusted AC issuers. -     - - Sets the trusted attribute certificate issuers. If attribute certificates - is verified the trusted AC issuers must be set. -

    - The trustedACIssuers must be a ISet of - TrustAnchor -

    - The given set is cloned. -

    - - @param trustedACIssuers The trusted AC issuers to set. Is never - null. - @throws ClassCastException if an element of stores is not - a TrustAnchor. -     - - Returns the neccessary attributes which must be contained in an attribute - certificate. -

    - The returned ISet is immutable and contains - Strings with the OIDs. -

    - - @return Returns the necessary AC attributes. -     - - Sets the neccessary which must be contained in an attribute certificate. -

    - The ISet must contain Strings with the - OIDs. -

    - The set is cloned. -

    - - @param necessaryACAttributes The necessary AC attributes to set. - @throws ClassCastException if an element of - necessaryACAttributes is not a - String. -     - - Returns the attribute certificates which are not allowed. -

    - The returned ISet is immutable and contains - Strings with the OIDs. -

    - - @return Returns the prohibited AC attributes. Is never null. -     - - Sets the attribute certificates which are not allowed. -

    - The ISet must contain Strings with the - OIDs. -

    - The set is cloned. -

    - - @param prohibitedACAttributes The prohibited AC attributes to set. - @throws ClassCastException if an element of - prohibitedACAttributes is not a - String. -     - - Returns the attribute certificate checker. The returned set contains - {@link PKIXAttrCertChecker}s and is immutable. - - @return Returns the attribute certificate checker. Is never - null. - - - Sets the attribute certificate checkers. -

    - All elements in the ISet must a {@link PKIXAttrCertChecker}. -

    -

    - The given set is cloned. -

    - - @param attrCertCheckers The attribute certificate checkers to set. Is - never null. - @throws ClassCastException if an element of attrCertCheckers - is not a PKIXAttrCertChecker. -     - - Whether delta CRLs should be used for checking the revocation status. - Defaults to false. - - - The validity model. - @see #CHAIN_VALIDITY_MODEL - @see #PKIX_VALIDITY_MODEL - - - Returns if additional {@link X509Store}s for locations like LDAP found - in certificates or CRLs should be used. - - @return Returns true if additional stores are used. - - - Returns an instance of PkixBuilderParameters. -

    - This method can be used to get a copy from other - PKIXBuilderParameters, PKIXParameters, - and ExtendedPKIXParameters instances. -

    - - @param pkixParams The PKIX parameters to create a copy of. - @return An PkixBuilderParameters instance. -     - - - Excluded certificates are not used for building a certification path. - - the excluded certificates. - - - - Sets the excluded certificates which are not used for building a - certification path. If the ISet is null an - empty set is assumed. - - - The given set is cloned to protect it against subsequent modifications. - - The excluded certificates to set. - - - Can alse handle ExtendedPKIXBuilderParameters and - PKIXBuilderParameters. - - @param params Parameters to set. - @see org.bouncycastle.x509.ExtendedPKIXParameters#setParams(java.security.cert.PKIXParameters) - - - Makes a copy of this PKIXParameters object. Changes to the - copy will not affect the original and vice versa. - - @return a copy of this PKIXParameters object - - - An immutable sequence of certificates (a certification path).
    -
    - This is an abstract class that defines the methods common to all CertPaths. - Subclasses can handle different kinds of certificates (X.509, PGP, etc.).
    -
    - All CertPath objects have a type, a list of Certificates, and one or more - supported encodings. Because the CertPath class is immutable, a CertPath - cannot change in any externally visible way after being constructed. This - stipulation applies to all public fields and methods of this class and any - added or overridden by subclasses.
    -
    - The type is a string that identifies the type of Certificates in the - certification path. For each certificate cert in a certification path - certPath, cert.getType().equals(certPath.getType()) must be true.
    -
    - The list of Certificates is an ordered List of zero or more Certificates. - This List and all of the Certificates contained in it must be immutable.
    -
    - Each CertPath object must support one or more encodings so that the object - can be translated into a byte array for storage or transmission to other - parties. Preferably, these encodings should be well-documented standards - (such as PKCS#7). One of the encodings supported by a CertPath is considered - the default encoding. This encoding is used if no encoding is explicitly - requested (for the {@link #getEncoded()} method, for instance).
    -
    - All CertPath objects are also Serializable. CertPath objects are resolved - into an alternate {@link CertPathRep} object during serialization. This - allows a CertPath object to be serialized into an equivalent representation - regardless of its underlying implementation.
    -
    - CertPath objects can be created with a CertificateFactory or they can be - returned by other classes, such as a CertPathBuilder.
    -
    - By convention, X.509 CertPaths (consisting of X509Certificates), are ordered - starting with the target certificate and ending with a certificate issued by - the trust anchor. That is, the issuer of one certificate is the subject of - the following one. The certificate representing the - {@link TrustAnchor TrustAnchor} should not be included in the certification - path. Unvalidated X.509 CertPaths may not follow these conventions. PKIX - CertPathValidators will detect any departure from these conventions that - cause the certification path to be invalid and throw a - CertPathValidatorException.
    -
    - Concurrent Access
    -
    - All CertPath objects must be thread-safe. That is, multiple threads may - concurrently invoke the methods defined in this class on a single CertPath - object (or more than one) with no ill effects. This is also true for the List - returned by CertPath.getCertificates.
    -
    - Requiring CertPath objects to be immutable and thread-safe allows them to be - passed around to various pieces of code without worrying about coordinating - access. Providing this thread-safety is generally not difficult, since the - CertPath and List objects in question are immutable. - - @see CertificateFactory - @see CertPathBuilder - - CertPath implementation for X.509 certificates. - -     - - @param certs - - - Creates a CertPath of the specified type. - This constructor is protected because most users should use - a CertificateFactory to create CertPaths. - @param type the standard name of the type of Certificatesin this path - - - - Creates a CertPath of the specified type. - This constructor is protected because most users should use - a CertificateFactory to create CertPaths. - - @param type the standard name of the type of Certificatesin this path - - - - Compares this certification path for equality with the specified object. - Two CertPaths are equal if and only if their types are equal and their - certificate Lists (and by implication the Certificates in those Lists) - are equal. A CertPath is never equal to an object that is not a CertPath.
    -
    - This algorithm is implemented by this method. If it is overridden, the - behavior specified here must be maintained. - - @param other - the object to test for equality with this certification path - - @return true if the specified object is equal to this certification path, - false otherwise - - @see Object#hashCode() Object.hashCode() -     - - Returns the encoded form of this certification path, using - the default encoding. - - @return the encoded bytes - @exception CertificateEncodingException if an encoding error occurs - - - - Returns the encoded form of this certification path, using - the specified encoding. - - @param encoding the name of the encoding to use - @return the encoded bytes - @exception CertificateEncodingException if an encoding error - occurs or the encoding requested is not supported - - - - Return a DERObject containing the encoded certificate. - - @param cert the X509Certificate object to be encoded - - @return the DERObject - - - - Returns an iteration of the encodings supported by this - certification path, with the default encoding - first. Attempts to modify the returned Iterator via its - remove method result in an UnsupportedOperationException. - - @return an Iterator over the names of the supported encodings (as Strings) - - - - - Returns the list of certificates in this certification - path. - - - - Implements the PKIX CertPathBuilding algorithm for BouncyCastle. - - @see CertPathBuilderSpi - - - Build and validate a CertPath using the given parameter. - - @param params PKIXBuilderParameters object containing all information to - build the CertPath - - - - Summary description for PkixCertPathBuilderException. - - - - - Summary description for PkixCertPathBuilderResult. - - - - - Summary description for PkixCertPathValidatorResult. - - - - * Initializes the internal state of this PKIXCertPathChecker. - *

    - * The forward flag specifies the order that certificates - * will be passed to the {@link #check check} method (forward or reverse). A - * PKIXCertPathChecker must support reverse checking - * and may support forward checking. - *

    - * - * @param forward - * the order that certificates are presented to the - * check method. If true, - * certificates are presented from target to most-trusted CA - * (forward); if false, from most-trusted CA to - * target (reverse). - * @exception CertPathValidatorException - * if this PKIXCertPathChecker is unable to - * check certificates in the specified order; it should never - * be thrown if the forward flag is false since reverse - * checking must be supported -     - - Indicates if forward checking is supported. Forward checking refers to - the ability of the PKIXCertPathChecker to perform its - checks when certificates are presented to the check method - in the forward direction (from target to most-trusted CA). - - @return true if forward checking is supported, - false otherwise - - - * Returns an immutable Set of X.509 certificate extensions - * that this PKIXCertPathChecker supports (i.e. recognizes, - * is able to process), or null if no extensions are - * supported. - *

    - * Each element of the set is a String representing the - * Object Identifier (OID) of the X.509 extension that is supported. The OID - * is represented by a set of nonnegative integers separated by periods. - *

    - * All X.509 certificate extensions that a PKIXCertPathChecker - * might possibly be able to process should be included in the set. - *

    - * - * @return an immutable Set of X.509 extension OIDs (in - * String format) supported by this - * PKIXCertPathChecker, or null if no - * extensions are supported -     - - Performs the check(s) on the specified certificate using its internal - state and removes any critical extensions that it processes from the - specified collection of OID strings that represent the unresolved - critical extensions. The certificates are presented in the order - specified by the init method. - - @param cert - the Certificate to be checked - @param unresolvedCritExts - a Collection of OID strings representing the - current set of unresolved critical extensions - @exception CertPathValidatorException - if the specified certificate does not pass the check - - - Returns a clone of this object. Calls the Object.clone() - method. All subclasses which maintain state must support and override - this method, if necessary. - - @return a copy of this PKIXCertPathChecker - - - The Service Provider Interface (SPI) - for the {@link CertPathValidator CertPathValidator} class. All - CertPathValidator implementations must include a class (the - SPI class) that extends this class (CertPathValidatorSpi) - and implements all of its methods. In general, instances of this class - should only be accessed through the CertPathValidator class. - For details, see the Java Cryptography Architecture.
    -
    - Concurrent Access
    -
    - Instances of this class need not be protected against concurrent - access from multiple threads. Threads that need to access a single - CertPathValidatorSpi instance concurrently should synchronize - amongst themselves and provide the necessary locking before calling the - wrapping CertPathValidator object.
    -
    - However, implementations of CertPathValidatorSpi may still - encounter concurrency issues, since multiple threads each - manipulating a different CertPathValidatorSpi instance need not - synchronize. - - CertPathValidatorSpi implementation for X.509 Certificate validation a la RFC - 3280. - -     - - An exception indicating one of a variety of problems encountered when - validating a certification path.
    -
    - A CertPathValidatorException provides support for wrapping - exceptions. The {@link #getCause getCause} method returns the throwable, - if any, that caused this exception to be thrown.
    -
    - A CertPathValidatorException may also include the - certification path that was being validated when the exception was thrown - and the index of the certificate in the certification path that caused the - exception to be thrown. Use the {@link #getCertPath getCertPath} and - {@link #getIndex getIndex} methods to retrieve this information.
    -
    - Concurrent Access
    -
    - Unless otherwise specified, the methods defined in this class are not - thread-safe. Multiple threads that need to access a single - object concurrently should synchronize amongst themselves and - provide the necessary locking. Multiple threads each manipulating - separate objects need not synchronize. - - @see CertPathValidator - -     - - - Creates a PkixCertPathValidatorException with the given detail - message. A detail message is a String that describes this - particular exception. - - the detail message - - - - Creates a PkixCertPathValidatorException with the specified - detail message and cause. - - the detail message - the cause (which is saved for later retrieval by the - {@link #getCause getCause()} method). (A null - value is permitted, and indicates that the cause is - nonexistent or unknown.) - - - - Creates a PkixCertPathValidatorException with the specified - detail message, cause, certification path, and index. - - the detail message (or null if none) - the cause (or null if none) - the certification path that was in the process of being - validated when the error was encountered - the index of the certificate in the certification path that * - - - - Returns the detail message for this CertPathValidatorException. - - the detail message, or null if neither the message nor cause were specified - - - Returns the certification path that was being validated when the - exception was thrown. - - @return the CertPath that was being validated when the - exception was thrown (or null if not specified) - - - Returns the index of the certificate in the certification path that - caused the exception to be thrown. Note that the list of certificates in - a CertPath is zero based. If no index has been set, -1 is - returned. - - @return the index that has been set, or -1 if none has been set - - - - Summary description for PkixCertPathValidatorUtilities. - - - - - key usage bits - - - - - Search the given Set of TrustAnchor's for one that is the - issuer of the given X509 certificate. - - the X509 certificate - a Set of TrustAnchor's - the TrustAnchor object if found or - null if not. - - @exception - - - - Returns the issuer of an attribute certificate or certificate. - - The attribute certificate or certificate. - The issuer as X500Principal. - - - Return the next working key inheriting DSA parameters if necessary. -

    - This methods inherits DSA parameters from the indexed certificate or - previous certificates in the certificate chain to the returned - PublicKey. The list is searched upwards, meaning the end - certificate is at position 0 and previous certificates are following. -

    -

    - If the indexed certificate does not contain a DSA key this method simply - returns the public key. If the DSA key already contains DSA parameters - the key is also only returned. -

    - - @param certs The certification path. - @param index The index of the certificate which contains the public key - which should be extended with DSA parameters. - @return The public key of the certificate in list position - index extended with DSA parameters if applicable. - @throws Exception if DSA parameters cannot be inherited. -     - - - Return a Collection of all certificates or attribute certificates found - in the X509Store's that are matching the certSelect criteriums. - - a {@link Selector} object that will be used to select - the certificates - a List containing only X509Store objects. These - are used to search for certificates. - a Collection of all found or - org.bouncycastle.x509.X509AttributeCertificate objects. - May be empty but never null. - - - - Add the CRL issuers from the cRLIssuer field of the distribution point or - from the certificate if not given to the issuer criterion of the - selector. -

    - The issuerPrincipals are a collection with a single - X500Principal for X509Certificates. For - {@link X509AttributeCertificate}s the issuer may contain more than one - X500Principal. -

    - - @param dp The distribution point. - @param issuerPrincipals The issuers of the certificate or attribute - certificate which contains the distribution point. - @param selector The CRL selector. - @param pkixParams The PKIX parameters containing the cert stores. - @throws Exception if an exception occurs while processing. - @throws ClassCastException if issuerPrincipals does not - contain only X500Principals. -     - - Fetches complete CRLs according to RFC 3280. - - @param dp The distribution point for which the complete CRL - @param cert The X509Certificate or - {@link org.bouncycastle.x509.X509AttributeCertificate} for - which the CRL should be searched. - @param currentDate The date for which the delta CRLs must be valid. - @param paramsPKIX The extended PKIX parameters. - @return A Set of X509CRLs with complete - CRLs. - @throws Exception if an exception occurs while picking the CRLs - or no CRLs are found. - - - Fetches delta CRLs according to RFC 3280 section 5.2.4. - - @param currentDate The date for which the delta CRLs must be valid. - @param paramsPKIX The extended PKIX parameters. - @param completeCRL The complete CRL the delta CRL is for. - @return A Set of X509CRLs with delta CRLs. - @throws Exception if an exception occurs while picking the delta - CRLs. - - - Find the issuer certificates of a given certificate. - - @param cert - The certificate for which an issuer should be found. - @param pkixParams - @return A Collection object containing the issuer - X509Certificates. Never null. - - @exception Exception - if an error occurs. - - - - Extract the value of the given extension, if it exists. - - The extension object. - The object identifier to obtain. - Asn1Object - if the extension cannot be read. - - - - crl checking - Return a Collection of all CRLs found in the X509Store's that are - matching the crlSelect criteriums. - - a {@link X509CRLStoreSelector} object that will be used - to select the CRLs - a List containing only {@link org.bouncycastle.x509.X509Store - X509Store} objects. These are used to search for CRLs - a Collection of all found {@link X509CRL X509CRL} objects. May be - empty but never null. - - - - Returns the intersection of the permitted IP ranges in - permitted with ip. - - @param permitted A Set of permitted IP addresses with - their subnet mask as byte arrays. - @param ips The IP address with its subnet mask. - @return The Set of permitted IP ranges intersected with - ip. - - - Returns the union of the excluded IP ranges in excluded - with ip. - - @param excluded A Set of excluded IP addresses with their - subnet mask as byte arrays. - @param ip The IP address with its subnet mask. - @return The Set of excluded IP ranges unified with - ip as byte arrays. - - - Calculates the union if two IP ranges. - - @param ipWithSubmask1 The first IP address with its subnet mask. - @param ipWithSubmask2 The second IP address with its subnet mask. - @return A Set with the union of both addresses. - - - Calculates the interesction if two IP ranges. - - @param ipWithSubmask1 The first IP address with its subnet mask. - @param ipWithSubmask2 The second IP address with its subnet mask. - @return A Set with the single IP address with its subnet - mask as a byte array or an empty Set. - - - Concatenates the IP address with its subnet mask. - - @param ip The IP address. - @param subnetMask Its subnet mask. - @return The concatenated IP address with its subnet mask. - - - Splits the IP addresses and their subnet mask. - - @param ipWithSubmask1 The first IP address with the subnet mask. - @param ipWithSubmask2 The second IP address with the subnet mask. - @return An array with two elements. Each element contains the IP address - and the subnet mask in this order. - - - Based on the two IP addresses and their subnet masks the IP range is - computed for each IP address - subnet mask pair and returned as the - minimum IP address and the maximum address of the range. - - @param ip1 The first IP address. - @param subnetmask1 The subnet mask of the first IP address. - @param ip2 The second IP address. - @param subnetmask2 The subnet mask of the second IP address. - @return A array with two elements. The first/second element contains the - min and max IP address of the first/second IP address and its - subnet mask. - - - Checks if the IP ip is included in the permitted ISet - permitted. - - @param permitted A Set of permitted IP addresses with - their subnet mask as byte arrays. - @param ip The IP address. - @throws PkixNameConstraintValidatorException - if the IP is not permitted. - - - Checks if the IP ip is included in the excluded ISet - excluded. - - @param excluded A Set of excluded IP addresses with their - subnet mask as byte arrays. - @param ip The IP address. - @throws PkixNameConstraintValidatorException - if the IP is excluded. - - - Checks if the IP address ip is constrained by - constraint. - - @param ip The IP address. - @param constraint The constraint. This is an IP address concatenated with - its subnetmask. - @return true if constrained, false - otherwise. - - - The common part of email1 and email2 is - added to the union union. If email1 and - email2 have nothing in common they are added both. - - @param email1 Email address constraint 1. - @param email2 Email address constraint 2. - @param union The union. - - - The most restricting part from email1 and - email2 is added to the intersection intersect. - - @param email1 Email address constraint 1. - @param email2 Email address constraint 2. - @param intersect The intersection. - - - Checks if the given GeneralName is in the permitted ISet. - - @param name The GeneralName - @throws PkixNameConstraintValidatorException - If the name - - - Check if the given GeneralName is contained in the excluded ISet. - - @param name The GeneralName. - @throws PkixNameConstraintValidatorException - If the name is - excluded. - - - Updates the permitted ISet of these name constraints with the intersection - with the given subtree. - - @param permitted The permitted subtrees - - - Adds a subtree to the excluded ISet of these name constraints. - - @param subtree A subtree with an excluded GeneralName. - - - Returns the maximum IP address. - - @param ip1 The first IP address. - @param ip2 The second IP address. - @return The maximum IP address. - - - Returns the minimum IP address. - - @param ip1 The first IP address. - @param ip2 The second IP address. - @return The minimum IP address. - - - Compares IP address ip1 with ip2. If ip1 - is equal to ip2 0 is returned. If ip1 is bigger 1 is returned, -1 - otherwise. - - @param ip1 The first IP address. - @param ip2 The second IP address. - @return 0 if ip1 is equal to ip2, 1 if ip1 is bigger, -1 otherwise. - - - Returns the logical OR of the IP addresses ip1 and - ip2. - - @param ip1 The first IP address. - @param ip2 The second IP address. - @return The OR of ip1 and ip2. - - - Stringifies an IPv4 or v6 address with subnet mask. - - @param ip The IP with subnet mask. - @return The stringified IP address. - - - - Summary description for PkixPolicyNode. - - - - Constructors - - - - This class helps to handle CRL revocation reasons mask. Each CRL handles a - certain set of revocation reasons. - - - - - Constructs are reason mask with the reasons. - - The reasons. - - - - A reason mask with no reason. - - - - - A mask with all revocation reasons. - - - - Adds all reasons from the reasons mask to this mask. - - @param mask The reasons mask to add. - - - - Intersects this mask with the given reasons mask. - - mask The mask to intersect with. - The intersection of this and teh given mask. - - - - Returns true if the passed reasons mask has new reasons. - - The reasons mask which should be tested for new reasons. - true if the passed reasons mask has new reasons. - - - - Returns true if this reasons mask contains all possible - reasons. - - true if this reasons mask contains all possible reasons. - - - - - Returns the reasons in this mask. - - - - If the complete CRL includes an issuing distribution point (IDP) CRL - extension check the following: -

    - (i) If the distribution point name is present in the IDP CRL extension - and the distribution field is present in the DP, then verify that one of - the names in the IDP matches one of the names in the DP. If the - distribution point name is present in the IDP CRL extension and the - distribution field is omitted from the DP, then verify that one of the - names in the IDP matches one of the names in the cRLIssuer field of the - DP. -

    -

    - (ii) If the onlyContainsUserCerts boolean is asserted in the IDP CRL - extension, verify that the certificate does not include the basic - constraints extension with the cA boolean asserted. -

    -

    - (iii) If the onlyContainsCACerts boolean is asserted in the IDP CRL - extension, verify that the certificate includes the basic constraints - extension with the cA boolean asserted. -

    -

    - (iv) Verify that the onlyContainsAttributeCerts boolean is not asserted. -

    - - @param dp The distribution point. - @param cert The certificate. - @param crl The CRL. - @throws AnnotatedException if one of the conditions is not met or an error occurs. -     - - If the DP includes cRLIssuer, then verify that the issuer field in the - complete CRL matches cRLIssuer in the DP and that the complete CRL - contains an - g distribution point extension with the indirectCRL - boolean asserted. Otherwise, verify that the CRL issuer matches the - certificate issuer. - - @param dp The distribution point. - @param cert The certificate ot attribute certificate. - @param crl The CRL for cert. - @throws AnnotatedException if one of the above conditions does not apply or an error - occurs. - - - Obtain and validate the certification path for the complete CRL issuer. - If a key usage extension is present in the CRL issuer's certificate, - verify that the cRLSign bit is set. - - @param crl CRL which contains revocation information for the certificate - cert. - @param cert The attribute certificate or certificate to check if it is - revoked. - @param defaultCRLSignCert The issuer certificate of the certificate cert. - @param defaultCRLSignKey The public key of the issuer certificate - defaultCRLSignCert. - @param paramsPKIX paramsPKIX PKIX parameters. - @param certPathCerts The certificates on the certification path. - @return A Set with all keys of possible CRL issuer - certificates. - @throws AnnotatedException if the CRL is not valid or the status cannot be checked or - some error occurs. - - - Checks a distribution point for revocation information for the - certificate cert. - - @param dp The distribution point to consider. - @param paramsPKIX PKIX parameters. - @param cert Certificate to check if it is revoked. - @param validDate The date when the certificate revocation status should be - checked. - @param defaultCRLSignCert The issuer certificate of the certificate cert. - @param defaultCRLSignKey The public key of the issuer certificate - defaultCRLSignCert. - @param certStatus The current certificate revocation status. - @param reasonMask The reasons mask which is already checked. - @param certPathCerts The certificates of the certification path. - @throws AnnotatedException if the certificate is revoked or the status cannot be checked - or some error occurs. - - - Checks a certificate if it is revoked. - - @param paramsPKIX PKIX parameters. - @param cert Certificate to check if it is revoked. - @param validDate The date when the certificate revocation status should be - checked. - @param sign The issuer certificate of the certificate cert. - @param workingPublicKey The public key of the issuer certificate sign. - @param certPathCerts The certificates of the certification path. - @throws AnnotatedException if the certificate is revoked or the status cannot be checked - or some error occurs. - - - If use-deltas is set, verify the issuer and scope of the delta CRL. - - @param deltaCRL The delta CRL. - @param completeCRL The complete CRL. - @param pkixParams The PKIX paramaters. - @throws AnnotatedException if an exception occurs. - - - Checks if an attribute certificate is revoked. - - @param attrCert Attribute certificate to check if it is revoked. - @param paramsPKIX PKIX parameters. - @param issuerCert The issuer certificate of the attribute certificate - attrCert. - @param validDate The date when the certificate revocation status should - be checked. - @param certPathCerts The certificates of the certification path to be - checked. - - @throws CertPathValidatorException if the certificate is revoked or the - status cannot be checked or some error occurs. - - - Searches for a holder public key certificate and verifies its - certification path. - - @param attrCert the attribute certificate. - @param pkixParams The PKIX parameters. - @return The certificate path of the holder certificate. - @throws Exception if -
      -
    • no public key certificate can be found although holder - information is given by an entity name or a base certificate - ID
      • -
    • support classes cannot be created
      • -
    • no certification path for the public key certificate can - be built
      • -
    -     - - - Checks a distribution point for revocation information for the - certificate attrCert. - - @param dp The distribution point to consider. - @param attrCert The attribute certificate which should be checked. - @param paramsPKIX PKIX parameters. - @param validDate The date when the certificate revocation status should - be checked. - @param issuerCert Certificate to check if it is revoked. - @param reasonMask The reasons mask which is already checked. - @param certPathCerts The certificates of the certification path to be - checked. - @throws Exception if the certificate is revoked or the status - cannot be checked or some error occurs. - - - - A trust anchor or most-trusted Certification Authority (CA). - - This class represents a "most-trusted CA", which is used as a trust anchor - for validating X.509 certification paths. A most-trusted CA includes the - public key of the CA, the CA's name, and any constraints upon the set of - paths which may be validated using this key. These parameters can be - specified in the form of a trusted X509Certificate or as individual - parameters. - - - - - Creates an instance of TrustAnchor with the specified X509Certificate and - optional name constraints, which are intended to be used as additional - constraints when validating an X.509 certification path. - The name constraints are specified as a byte array. This byte array - should contain the DER encoded form of the name constraints, as they - would appear in the NameConstraints structure defined in RFC 2459 and - X.509. The ASN.1 definition of this structure appears below. - - 
    -            	NameConstraints ::= SEQUENCE {
-            		permittedSubtrees       [0]     GeneralSubtrees OPTIONAL,
-            		excludedSubtrees        [1]     GeneralSubtrees OPTIONAL }
-            	   
-             GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
-             
-            		GeneralSubtree ::= SEQUENCE {
-            		base                    GeneralName,
-            		minimum         [0]     BaseDistance DEFAULT 0,
-            		maximum         [1]     BaseDistance OPTIONAL }
-            		
-            		BaseDistance ::= INTEGER (0..MAX)
-            
-            		GeneralName ::= CHOICE {
-            		otherName                       [0]     OtherName,
-            		rfc822Name                      [1]     IA5String,
-            		dNSName                         [2]     IA5String,
-            		x400Address                     [3]     ORAddress,
-            		directoryName                   [4]     Name,
-            		ediPartyName                    [5]     EDIPartyName,
-            		uniformResourceIdentifier       [6]     IA5String,
-            		iPAddress                       [7]     OCTET STRING,
-            		registeredID                    [8]     OBJECT IDENTIFIER}
-
    - - Note that the name constraints byte array supplied is cloned to protect - against subsequent modifications. -     - a trusted X509Certificate - a byte array containing the ASN.1 DER encoding of a - NameConstraints extension to be used for checking name - constraints. Only the value of the extension is included, not - the OID or criticality flag. Specify null to omit the - parameter. - if the specified X509Certificate is null -     - - - Creates an instance of TrustAnchor where the - most-trusted CA is specified as an X500Principal and public key. - - -

    - Name constraints are an optional parameter, and are intended to be used - as additional constraints when validating an X.509 certification path. -

    - The name constraints are specified as a byte array. This byte array - contains the DER encoded form of the name constraints, as they - would appear in the NameConstraints structure defined in RFC 2459 - and X.509. The ASN.1 notation for this structure is supplied in the - documentation for the other constructors. -

    - Note that the name constraints byte array supplied here is cloned to - protect against subsequent modifications. -

    -     - the name of the most-trusted CA as X509Name - the public key of the most-trusted CA - - a byte array containing the ASN.1 DER encoding of a NameConstraints extension to - be used for checking name constraints. Only the value of the extension is included, - not the OID or criticality flag. Specify null to omit the parameter. - - - if caPrincipal or pubKey is null - -     - - - Creates an instance of TrustAnchor where the most-trusted - CA is specified as a distinguished name and public key. Name constraints - are an optional parameter, and are intended to be used as additional - constraints when validating an X.509 certification path. -
    - The name constraints are specified as a byte array. This byte array - contains the DER encoded form of the name constraints, as they would - appear in the NameConstraints structure defined in RFC 2459 and X.509. -     - the X.500 distinguished name of the most-trusted CA in RFC - 2253 string format - the public key of the most-trusted CA - a byte array containing the ASN.1 DER encoding of a - NameConstraints extension to be used for checking name - constraints. Only the value of the extension is included, not - the OID or criticality flag. Specify null to omit the - parameter. - throws NullPointerException, IllegalArgumentException -     - - - Decode the name constraints and clone them if not null. - - - - - Returns a formatted string describing the TrustAnchor. - - a formatted string describing the TrustAnchor - - - - Returns the most-trusted CA certificate. - - - - - Returns the name of the most-trusted CA as an X509Name. - - - - - Returns the name of the most-trusted CA in RFC 2253 string format. - - - - - Returns the public key of the most-trusted CA. - - - - - Utility class for creating IBasicAgreement objects from their names/Oids - - - - - Cipher Utility class contains methods that can not be specifically grouped into other classes. - - - - - Returns a ObjectIdentifier for a give encoding. - - A string representation of the encoding. - A DerObjectIdentifier, null if the Oid is not available. - - - - Utility class for creating IDigest objects from their names/Oids - - - - - Returns a ObjectIdentifier for a given digest mechanism. - - A string representation of the digest meanism. - A DerObjectIdentifier, null if the Oid is not available. - - - - Utility class for creating HMac object from their names/Oids - - - - - - - - - - Returns a ObjectIdentifier for a give encoding. - - A string representation of the encoding. - A DerObjectIdentifier, null if the Oid is not available. - - - Use the specified instance of IRandomGenerator as random source. - - This constructor performs no seeding of either the IRandomGenerator or the - constructed SecureRandom. It is the responsibility of the client to provide - proper seed material as necessary/appropriate for the given IRandomGenerator - implementation. - - The source to generate all random bytes from. - - - base constructor. - - - create a SecurityUtilityException with the given message. - - @param message the message to be carried with the exception. - - - - Signer Utility class contains methods that can not be specifically grouped into other classes. - - - - - Returns a ObjectIdentifier for a give encoding. - - A string representation of the encoding. - A DerObjectIdentifier, null if the Oid is not available. - - - - Utility class for creating IWrapper objects from their names/Oids - - - - Base class for an RFC 3161 Time Stamp Request. - - - Create a TimeStampRequest from the past in byte array. - - @param req byte array containing the request. - @throws IOException if the request is malformed. - - - Create a TimeStampRequest from the past in input stream. - - @param in input stream containing the request. - @throws IOException if the request is malformed. - - - Validate the timestamp request, checking the digest to see if it is of an - accepted type and whether it is of the correct length for the algorithm specified. - - @param algorithms a set of string OIDS giving accepted algorithms. - @param policies if non-null a set of policies we are willing to sign under. - @param extensions if non-null a set of extensions we are willing to accept. - @throws TspException if the request is invalid, or processing fails. - - - return the ASN.1 encoded representation of this object. - - - Generator for RFC 3161 Time Stamp Request objects. - - - add a given extension field for the standard extensions tag (tag 3) - @throws IOException - - - add a given extension field for the standard extensions tag - The value parameter becomes the contents of the octet string associated - with the extension. - - - add a given extension field for the standard extensions tag (tag 3) - @throws IOException - - - add a given extension field for the standard extensions tag - The value parameter becomes the contents of the octet string associated - with the extension. - - - Base class for an RFC 3161 Time Stamp Response object. - - - Create a TimeStampResponse from a byte array containing an ASN.1 encoding. - - @param resp the byte array containing the encoded response. - @throws TspException if the response is malformed. - @throws IOException if the byte array doesn't represent an ASN.1 encoding. - - - Create a TimeStampResponse from an input stream containing an ASN.1 encoding. - - @param input the input stream containing the encoded response. - @throws TspException if the response is malformed. - @throws IOException if the stream doesn't represent an ASN.1 encoding. - - - Check this response against to see if it a well formed response for - the passed in request. Validation will include checking the time stamp - token if the response status is GRANTED or GRANTED_WITH_MODS. - - @param request the request to be checked against - @throws TspException if the request can not match this response. - - - return the ASN.1 encoded representation of this object. - - - Generator for RFC 3161 Time Stamp Responses. - - - Return an appropriate TimeStampResponse. -

    - If genTime is null a timeNotAvailable error response will be returned. - - @param request the request this response is for. - @param serialNumber serial number for the response token. - @param genTime generation time for the response token. - @param provider provider to use for signature calculation. - @return - @throws NoSuchAlgorithmException - @throws NoSuchProviderException - @throws TSPException -

    -     - - Generate a TimeStampResponse with chosen status and FailInfoField. - - @param status the PKIStatus to set. - @param failInfoField the FailInfoField to set. - @param statusString an optional string describing the failure. - @return a TimeStampResponse with a failInfoField and optional statusString - @throws TSPException in case the response could not be created - - - Validate the time stamp token. -

    - To be valid the token must be signed by the passed in certificate and - the certificate must be the one referred to by the SigningCertificate - attribute included in the hashed attributes of the token. The - certificate must also have the ExtendedKeyUsageExtension with only - KeyPurposeID.IdKPTimeStamping and have been valid at the time the - timestamp was created. -

    -

    - A successful call to validate means all the above are true. -

    -     - - Return the underlying CmsSignedData object. - - @return the underlying CMS structure. - - - Return a ASN.1 encoded byte stream representing the encoded object. - - @throws IOException if encoding fails. - - - basic creation - only the default attributes will be included here. - - - create with a signer with extra signed/unsigned attributes. - - - @return the nonce value, null if there isn't one. - - - Recognised hash algorithms for the time stamp protocol. - - - Fetches the signature time-stamp attributes from a SignerInformation object. - Checks that the MessageImprint for each time-stamp matches the signature field. - (see RFC 3161 Appendix A). - - @param signerInfo a SignerInformation to search for time-stamps - @return a collection of TimeStampToken objects - @throws TSPValidationException - - - Validate the passed in certificate as being of the correct type to be used - for time stamping. To be valid it must have an ExtendedKeyUsage extension - which has a key purpose identifier of id-kp-timeStamping. - - @param cert the certificate of interest. - @throws TspValidationException if the certicate fails on one of the check points. - - - - Return the digest algorithm using one of the standard JCA string - representations rather than the algorithm identifier (if possible). - - - - Exception thrown if a TSP request or response fails to validate. -

    - If a failure code is associated with the exception it can be retrieved using - the getFailureCode() method.

    -     - - Return the failure code associated with this exception - if one is set. - - @return the failure code if set, -1 otherwise. - - - General array utilities. - - - - Are two arrays equal. - - Left side. - Right side. - True if equal. - - - - A constant time equals comparison - does not terminate early if - test will fail. - - first array - second array - true if arrays equal, false otherwise. - - - BigInteger utilities. - - - Return the passed in value as an unsigned byte array. - - @param value value to be converted. - @return a byte array without a leading zero byte if present in the signed encoding. - - - Return a random BigInteger not less than 'min' and not greater than 'max' - - @param min the least value that may be generated - @param max the greatest value that may be generated - @param random the source of randomness - @return a random BigInteger value in the range [min,max] - - - - Return the number of milliseconds since the Unix epoch (1 Jan., 1970 UTC) for a given DateTime value. - - A UTC DateTime value not before epoch. - Number of whole milliseconds after epoch. - 'dateTime' is before epoch. - - - - Create a DateTime value from the number of milliseconds since the Unix epoch (1 Jan., 1970 UTC). - - Number of milliseconds since the epoch. - A UTC DateTime value - - - - Return the current number of milliseconds since the Unix epoch (1 Jan., 1970 UTC). - - - - encode the input data producing a base 64 encoded byte array. - - @return a byte array containing the base 64 encoded data. - - - Encode the byte data to base 64 writing it to the given output stream. - - @return the number of bytes produced. - - - Encode the byte data to base 64 writing it to the given output stream. - - @return the number of bytes produced. - - - decode the base 64 encoded input data. It is assumed the input data is valid. - - @return a byte array representing the decoded data. - - - decode the base 64 encoded string data - whitespace will be ignored. - - @return a byte array representing the decoded data. - - - decode the base 64 encoded string data writing it to the given output stream, - whitespace characters will be ignored. - - @return the number of bytes produced. - - - Encode and decode byte arrays (typically from binary to 7-bit ASCII - encodings). - - - encode the input data producing a base 64 output stream. - - @return the number of bytes produced. - - - decode the base 64 encoded byte data writing it to the given output stream, - whitespace characters will be ignored. - - @return the number of bytes produced. - - - decode the base 64 encoded string data writing it to the given output stream, - whitespace characters will be ignored. - - @return the number of bytes produced. - - - - A buffering class to allow translation from one format to another to - be done in discrete chunks. - - - - - Create a buffered Decoder. - - The translater to use. - The size of the buffer. - - - - Process one byte of data. - - Data in. - Byte array for the output. - The offset in the output byte array to start writing from. - The amount of output bytes. - - - - Process data from a byte array. - - The input data. - Start position within input data array. - Amount of data to process from input data array. - Array to store output. - Position in output array to start writing from. - The amount of output bytes. - - - - A class that allows encoding of data using a specific encoder to be processed in chunks. - - - - - Create. - - The translator to use. - Size of the chunks. - - - - Process one byte of data. - - The byte. - An array to store output in. - Offset within output array to start writing from. - - - - - Process data from a byte array. - - Input data Byte array containing data to be processed. - Start position within input data array. - Amount of input data to be processed. - Output data array. - Offset within output data array to start writing to. - The amount of data written. - - - - Class to decode and encode Hex. - - - - encode the input data producing a Hex encoded byte array. - - @return a byte array containing the Hex encoded data. - - - encode the input data producing a Hex encoded byte array. - - @return a byte array containing the Hex encoded data. - - - Hex encode the byte data writing it to the given output stream. - - @return the number of bytes produced. - - - Hex encode the byte data writing it to the given output stream. - - @return the number of bytes produced. - - - decode the Hex encoded input data. It is assumed the input data is valid. - - @return a byte array representing the decoded data. - - - decode the Hex encoded string data - whitespace will be ignored. - - @return a byte array representing the decoded data. - - - decode the Hex encoded string data writing it to the given output stream, - whitespace characters will be ignored. - - @return the number of bytes produced. - - - encode the input data producing a Hex output stream. - - @return the number of bytes produced. - - - decode the Hex encoded byte data writing it to the given output stream, - whitespace characters will be ignored. - - @return the number of bytes produced. - - - decode the Hex encoded string data writing it to the given output stream, - whitespace characters will be ignored. - - @return the number of bytes produced. - - - - A hex translator. - - - - - Translator interface. - - - - - Return encoded block size. - - 2 - - - - Encode some data. - - Input data array. - Start position within input data array. - The amount of data to process. - The output data array. - The offset within the output data array to start writing from. - Amount of data encoded. - - - - Returns the decoded block size. - - 1 - - - - Decode data from a byte array. - - The input data array. - Start position within input data array. - The amounty of data to process. - The output data array. - The position within the output data array to start writing from. - The amount of data written. - - - Convert binary data to and from UrlBase64 encoding. This is identical to - Base64 encoding, except that the padding character is "." and the other - non-alphanumeric characters are "-" and "_" instead of "+" and "/". -

    - The purpose of UrlBase64 encoding is to provide a compact encoding of binary - data that is safe for use as an URL parameter. Base64 encoding does not - produce encoded values that are safe for use in URLs, since "/" can be - interpreted as a path delimiter; "+" is the encoded form of a space; and - "=" is used to separate a name from the corresponding value in an URL - parameter. -

    -     - - Encode the input data producing a URL safe base 64 encoded byte array. - - @return a byte array containing the URL safe base 64 encoded data. - - - Encode the byte data writing it to the given output stream. - - @return the number of bytes produced. - - - Decode the URL safe base 64 encoded input data - white space will be ignored. - - @return a byte array representing the decoded data. - - - decode the URL safe base 64 encoded byte data writing it to the given output stream, - whitespace characters will be ignored. - - @return the number of bytes produced. - - - decode the URL safe base 64 encoded string data - whitespace will be ignored. - - @return a byte array representing the decoded data. - - - Decode the URL safe base 64 encoded string data writing it to the given output stream, - whitespace characters will be ignored. - - @return the number of bytes produced. - - - Convert binary data to and from UrlBase64 encoding. This is identical to - Base64 encoding, except that the padding character is "." and the other - non-alphanumeric characters are "-" and "_" instead of "+" and "/". -

    - The purpose of UrlBase64 encoding is to provide a compact encoding of binary - data that is safe for use as an URL parameter. Base64 encoding does not - produce encoded values that are safe for use in URLs, since "/" can be - interpreted as a path delimiter; "+" is the encoded form of a space; and - "=" is used to separate a name from the corresponding value in an URL - parameter. -

    -     - - - A - - - A - - - - - - Pipe all bytes from inStr to outStr, throwing StreamFlowException if greater - than limit bytes in inStr. - - - A - - - A - - - A - - The number of bytes actually transferred, if not greater than limit - - - - Validate the given IPv4 or IPv6 address. - - @param address the IP address as a string. - - @return true if a valid address, false otherwise - - - Validate the given IPv4 or IPv6 address and netmask. - - @param address the IP address as a string. - - @return true if a valid address with netmask, false otherwise - - - Validate the given IPv4 address. - - @param address the IP address as a string. - - @return true if a valid IPv4 address, false otherwise - - - Validate the given IPv6 address. - - @param address the IP address as a string. - - @return true if a valid IPv4 address, false otherwise - - - General string utilities. - - - - Summary description for DeflaterOutputStream. - - - - - Summary description for DeflaterOutputStream. - - - - - The Holder object. - 
    -            Holder ::= SEQUENCE {
-            	baseCertificateID   [0] IssuerSerial OPTIONAL,
-            		-- the issuer and serial number of
-            		-- the holder's Public Key Certificate
-            	entityName          [1] GeneralNames OPTIONAL,
-            		-- the name of the claimant or role
-            	objectDigestInfo    [2] ObjectDigestInfo OPTIONAL
-            		-- used to directly authenticate the holder,
-            		-- for example, an executable
-            }
-
    -     -     - - Constructs a holder for v2 attribute certificates with a hash value for - some type of object. -

    - digestedObjectType can be one of the following: -

      -
    • 0 - publicKey - A hash of the public key of the holder must be - passed.
      • -
    • 1 - publicKeyCert - A hash of the public key certificate of the - holder must be passed.
      • -
    • 2 - otherObjectDigest - A hash of some other object type must be - passed. otherObjectTypeID must not be empty.
      • -
    -

    -

    This cannot be used if a v1 attribute certificate is used.

    - - @param digestedObjectType The digest object type. - @param digestAlgorithm The algorithm identifier for the hash. - @param otherObjectTypeID The object type ID if - digestedObjectType is - otherObjectDigest. - @param objectDigest The hash value. -     - - Returns the hash if an object digest info is used. - - @return The hash or null if no object digest info is set. - - - Return any principal objects inside the attribute certificate holder entity names field. - - @return an array of IPrincipal objects (usually X509Name), null if no entity names field is set. - - - Return the principals associated with the issuer attached to this holder - - @return an array of principals, null if no BaseCertificateID is set. - - - Returns the digest object type if an object digest info is used. -

    -

      -
    • 0 - publicKey - A hash of the public key of the holder must be - passed.
      • -
    • 1 - publicKeyCert - A hash of the public key certificate of the - holder must be passed.
      • -
    • 2 - otherObjectDigest - A hash of some other object type must be - passed. otherObjectTypeID must not be empty.
      • -
    -

    - - @return The digest object type or -1 if no object digest info is set. -     - - Returns the other object type ID if an object digest info is used. - - @return The other object type ID or null if no object - digest info is set. - - - Returns the digest algorithm ID if an object digest info is used. - - @return The digest algorithm ID or null if no object - digest info is set. - - - Return the serial number associated with the issuer attached to this holder. - - @return the certificate serial number, null if no BaseCertificateID is set. - - - Carrying class for an attribute certificate issuer. - - - Set the issuer directly with the ASN.1 structure. - - @param issuer The issuer - - - Return any principal objects inside the attribute certificate issuer object. - An array of IPrincipal objects (usually X509Principal). - - - A high level authority key identifier. - - - Constructor which will take the byte[] returned from getExtensionValue() - - @param encodedValue a DER octet encoded string with the extension structure in it. - @throws IOException on parsing errors. - - - Create an AuthorityKeyIdentifier using the passed in certificate's public - key, issuer and serial number. - - @param certificate the certificate providing the information. - @throws CertificateParsingException if there is a problem processing the certificate - - - Create an AuthorityKeyIdentifier using just the hash of the - public key. - - @param pubKey the key to generate the hash from. - @throws InvalidKeyException if there is a problem using the key. - - - A high level subject key identifier. - - - Constructor which will take the byte[] returned from getExtensionValue() - - @param encodedValue a DER octet encoded string with the extension structure in it. - @throws IOException on parsing errors. - - - Interface for an X.509 Attribute Certificate. - - - Return the attributes contained in the attribute block in the certificate. - An array of attributes. - - - Return the attributes with the same type as the passed in oid. - The object identifier we wish to match. - An array of matched attributes, null if there is no match. - - - Return an ASN.1 encoded byte array representing the attribute certificate. - An ASN.1 encoded byte array. - If the certificate cannot be encoded. - - - The version number for the certificate. - - - The serial number for the certificate. - - - The UTC DateTime before which the certificate is not valid. - - - The UTC DateTime after which the certificate is not valid. - - - The holder of the certificate. - - - The issuer details for the certificate. - - - - A utility class that will extract X509Principal objects from X.509 certificates. -

    - Use this in preference to trying to recreate a principal from a string, not all - DNs are what they should be, so it's best to leave them encoded where they - can be.

    -     -     - - Return the issuer of the given cert as an X509Principal. - - - Return the subject of the given cert as an X509Principal. - - - Return the issuer of the given CRL as an X509Principal. - - - This class is an Selector like implementation to select - attribute certificates from a given set of criteria. - - @see org.bouncycastle.x509.X509AttributeCertificate - @see org.bouncycastle.x509.X509Store - - - - Decides if the given attribute certificate should be selected. - - The attribute certificate to be checked. - true if the object matches this selector. - - - Adds a target name criterion for the attribute certificate to the target - information extension criteria. The X509AttributeCertificate - must contain at least one of the specified target names. -

    - Each attribute certificate may contain a target information extension - limiting the servers where this attribute certificate can be used. If - this extension is not present, the attribute certificate is not targeted - and may be accepted by any server. -

    - - @param name The name as a GeneralName (not null) -     - - Adds a target name criterion for the attribute certificate to the target - information extension criteria. The X509AttributeCertificate - must contain at least one of the specified target names. -

    - Each attribute certificate may contain a target information extension - limiting the servers where this attribute certificate can be used. If - this extension is not present, the attribute certificate is not targeted - and may be accepted by any server. -

    - - @param name a byte array containing the name in ASN.1 DER encoded form of a GeneralName - @throws IOException if a parsing error occurs. -     - - Adds a collection with target names criteria. If null is - given any will do. -

    - The collection consists of either GeneralName objects or byte[] arrays representing - DER encoded GeneralName structures. -

    - - @param names A collection of target names. - @throws IOException if a parsing error occurs. - @see #AddTargetName(byte[]) - @see #AddTargetName(GeneralName) -     - - Gets the target names. The collection consists of Lists - made up of an Integer in the first entry and a DER encoded - byte array or a String in the second entry. -

    The returned collection is immutable.

    - - @return The collection of target names - @see #setTargetNames(Collection) -     - - Adds a target group criterion for the attribute certificate to the target - information extension criteria. The X509AttributeCertificate - must contain at least one of the specified target groups. -

    - Each attribute certificate may contain a target information extension - limiting the servers where this attribute certificate can be used. If - this extension is not present, the attribute certificate is not targeted - and may be accepted by any server. -

    - - @param group The group as GeneralName form (not null) -     - - Adds a target group criterion for the attribute certificate to the target - information extension criteria. The X509AttributeCertificate - must contain at least one of the specified target groups. -

    - Each attribute certificate may contain a target information extension - limiting the servers where this attribute certificate can be used. If - this extension is not present, the attribute certificate is not targeted - and may be accepted by any server. -

    - - @param name a byte array containing the group in ASN.1 DER encoded form of a GeneralName - @throws IOException if a parsing error occurs. -     - - Adds a collection with target groups criteria. If null is - given any will do. -

    - The collection consists of GeneralName objects or byte[] - representing DER encoded GeneralNames. -

    - - @param names A collection of target groups. - @throws IOException if a parsing error occurs. - @see #AddTargetGroup(byte[]) - @see #AddTargetGroup(GeneralName) -     - - Gets the target groups. The collection consists of Lists - made up of an Integer in the first entry and a DER encoded - byte array or a String in the second entry. -

    The returned collection is immutable.

    - - @return The collection of target groups. - @see #setTargetGroups(Collection) -     - - The attribute certificate which must be matched. - If null is given, any will do. - - - The criteria for validity - If null is given any will do. - - - The holder. - If null is given any will do. - - - The issuer. - If null is given any will do. - - - The serial number. - If null is given any will do. - - - - This class is an IX509Selector implementation to select - certificate pairs, which are e.g. used for cross certificates. The set of - criteria is given from two X509CertStoreSelector objects, - each of which, if present, must match the respective component of a pair. - - - - - Decides if the given certificate pair should be selected. If - obj is not a X509CertificatePair, this method - returns false. - - The X509CertificatePair to be tested. - true if the object matches this selector. - - - The certificate pair which is used for testing on equality. - - - The certificate selector for the forward part. - - - The certificate selector for the reverse part. - - - A simple collection backed store. - - - Basic constructor. - - @param collection - initial contents for the store, this is copied. - - - Return the matches in the collection for the passed in selector. - - @param selector the selector to match against. - @return a possibly empty collection of matching objects. - - - This class contains a collection for collection based X509Stores. - - - - Constructor. -

    - The collection is copied. -

    -     - The collection containing X.509 object types. - If collection is null. -     - - Returns a copy of the ICollection. - - - Returns a formatted string describing the parameters. - - - - An ICollection of X509Name objects - - - - The attribute certificate being checked. This is not a criterion. - Rather, it is optional information that may help a {@link X509Store} find - CRLs that would be relevant when checking revocation for the specified - attribute certificate. If null is specified, then no such - optional information is provided. - - @param attrCert the IX509AttributeCertificate being checked (or - null) - @see #getAttrCertificateChecking() - - - If true only complete CRLs are returned. Defaults to - false. - - @return true if only complete CRLs are returned. - - - Returns if this selector must match CRLs with the delta CRL indicator - extension set. Defaults to false. - - @return Returns true if only CRLs with the delta CRL - indicator extension are selected. - - - The issuing distribution point. -

    - The issuing distribution point extension is a CRL extension which - identifies the scope and the distribution point of a CRL. The scope - contains among others information about revocation reasons contained in - the CRL. Delta CRLs and complete CRLs must have matching issuing - distribution points.

    -

    - The byte array is cloned to protect against subsequent modifications.

    -

    - You must also enable or disable this criteria with - {@link #setIssuingDistributionPointEnabled(bool)}.

    - - @param issuingDistributionPoint The issuing distribution point to set. - This is the DER encoded OCTET STRING extension value. - @see #getIssuingDistributionPoint() -     - - Whether the issuing distribution point criteria should be applied. - Defaults to false. -

    - You may also set the issuing distribution point criteria if not a missing - issuing distribution point should be assumed.

    - - @return Returns if the issuing distribution point check is enabled. -     - - The maximum base CRL number. Defaults to null. - - @return Returns the maximum base CRL number. - @see #setMaxBaseCRLNumber(BigInteger) - - - - A factory to produce Public Key Info Objects. - - - - - Create a Subject Public Key Info object for a given public key. - - One of ElGammalPublicKeyParameters, DSAPublicKeyParameter, DHPublicKeyParameters, RsaKeyParameters or ECPublicKeyParameters - A subject public key info object. - Throw exception if object provided is not one of the above. - - - - Create loading data from byte array. - - - - - - Create loading data from byte array. - - - - - Generates a certificate object and initializes it with the data - read from the input stream inStream. - - - Returns a (possibly empty) collection view of the certificates - read from the given input stream inStream. - - - Class for carrying the values in an X.509 Attribute. - - - @param at an object representing an attribute. - - - Create an X.509 Attribute with the type given by the passed in oid and - the value represented by an ASN.1 Set containing value. - - @param oid type of the attribute - @param value value object to go into the atribute's value set. - - - Create an X.59 Attribute with the type given by the passed in oid and the - value represented by an ASN.1 Set containing the objects in value. - - @param oid type of the attribute - @param value vector of values to go in the attribute's value set. - - - - An Object representing an X509 Certificate. - Has static methods for loading Certificates encoded in many forms that return X509Certificate Objects. - - - - - Return true if the nominated time is within the start and end times nominated on the certificate. - - The time to test validity against. - True if certificate is valid for nominated time. - - - - Checks if the current date is within certificate's validity period. - - - - - Checks if the given date is within certificate's validity period. - - if the certificate is expired by given date - if the certificate is not yet valid on given date - - - - Return the Der encoded TbsCertificate data. - This is the certificate component less the signature. - To Get the whole certificate call the GetEncoded() member. - - A byte array containing the Der encoded Certificate component. - - - - The signature. - - A byte array containg the signature of the certificate. - - - - Get the signature algorithms parameters. (EG DSA Parameters) - - A byte array containing the Der encoded version of the parameters or null if there are none. - - - - Get a key usage guidlines. - - - - - Get the public key of the subject of the certificate. - - The public key parameters. - - - - Return a Der encoded version of this certificate. - - A byte array. - - - - Verify the certificate's signature using the nominated public key. - - An appropriate public key parameter object, RsaPublicKeyParameters, DsaPublicKeyParameters or ECDsaPublicKeyParameters - True if the signature is valid. - If key submitted is not of the above nominated types. - - - - Return true if the current time is within the start and end times nominated on the certificate. - - true id certificate is valid for the current time. - - - - Return the certificate's version. - - An integer whose value Equals the version of the cerficate. - - - - Return a BigInteger containing the serial number. - - The Serial number. - - - - Get the Issuer Distinguished Name. (Who signed the certificate.) - - And X509Object containing name and value pairs. - - - - Get the subject of this certificate. - - An X509Name object containing name and value pairs. - - - - The time that this certificate is valid from. - - A DateTime object representing that time in the local time zone. - - - - The time that this certificate is valid up to. - - A DateTime object representing that time in the local time zone. - - - - A meaningful version of the Signature Algorithm. (EG SHA1WITHRSA) - - A sting representing the signature algorithm. - - - - Get the Signature Algorithms Object ID. - - A string containg a '.' separated object id. - - - - Get the issuers UID. - - A DerBitString. - - - - Get the subjects UID. - - A DerBitString. - - - - This class contains a cross certificate pair. Cross certificates pairs may - contain two cross signed certificates from two CAs. A certificate from the - other CA to this CA is contained in the forward certificate, the certificate - from this CA to the other CA is contained in the reverse certificate. - - - - Constructor - Certificate from the other CA to this CA. - Certificate from this CA to the other CA. - - - Constructor from a ASN.1 CertificatePair structure. - The CertificatePair ASN.1 object. - - - Returns the certificate from the other CA to this CA. - - - Returns the certificate from this CA to the other CA. - - - class for dealing with X509 certificates. -

    - At the moment this will deal with "-----BEGIN CERTIFICATE-----" to "-----END CERTIFICATE-----" - base 64 encoded certs, as well as the BER binaries of certificates and some classes of PKCS#7 - objects.

    -     - - - Create loading data from byte array. - - - - - - Create loading data from byte array. - - - - - Generates a certificate object and initializes it with the data - read from the input stream inStream. - - - Returns a (possibly empty) collection view of the certificates - read from the given input stream inStream. - - - - Create loading data from byte array. - - - - - - Create loading data from byte array. - - - - - The following extensions are listed in RFC 2459 as relevant to CRLs - - Authority Key Identifier - Issuer Alternative Name - CRL Number - Delta CRL Indicator (critical) - Issuing Distribution Point (critical) - - - Returns a string representation of this CRL. - - @return a string representation of this CRL. - - - Checks whether the given certificate is on this CRL. - - @param cert the certificate to check for. - @return true if the given certificate is on this CRL, - false otherwise. - - - The following extensions are listed in RFC 2459 as relevant to CRL Entries - - ReasonCode Hode Instruction Code Invalidity Date Certificate Issuer - (critical) - - - Constructor for CRLEntries of indirect CRLs. If isIndirect - is false {@link #getCertificateIssuer()} will always - return null, previousCertificateIssuer is - ignored. If this isIndirect is specified and this CrlEntry - has no certificate issuer CRL entry extension - previousCertificateIssuer is returned by - {@link #getCertificateIssuer()}. - - @param c - TbsCertificateList.CrlEntry object. - @param isIndirect - true if the corresponding CRL is a indirect - CRL. - @param previousCertificateIssuer - Certificate issuer of the previous CrlEntry. - - - - Create loading data from byte array. - - - - - - Create loading data from byte array. - - - - - Generates a certificate revocation list (CRL) object and initializes - it with the data read from the input stream inStream. - - - Returns a (possibly empty) collection view of the CRLs read from - the given input stream inStream. - - The inStream may contain a sequence of DER-encoded CRLs, or - a PKCS#7 CRL set. This is a PKCS#7 SignedData object, with the - only significant field being crls. In particular the signature - and the contents are ignored. - - - A holding class for constructing an X509 Key Usage extension. - - 
    -                id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 }
-            
-                KeyUsage ::= BIT STRING {
-                     digitalSignature        (0),
-                     nonRepudiation          (1),
-                     keyEncipherment         (2),
-                     dataEncipherment        (3),
-                     keyAgreement            (4),
-                     keyCertSign             (5),
-                     cRLSign                 (6),
-                     encipherOnly            (7),
-                     decipherOnly            (8) }
-
    -     - - Basic constructor. - - @param usage - the bitwise OR of the Key Usage flags giving the - allowed uses for the key. - e.g. (X509KeyUsage.keyEncipherment | X509KeyUsage.dataEncipherment) - - - Return the digest algorithm using one of the standard JCA string - representations rather than the algorithm identifier (if possible). - - - - Class to Generate X509V1 Certificates. - - - - - Default Constructor. - - - - - Reset the generator. - - - - - Set the certificate's serial number. - - Make serial numbers long, if you have no serial number policy make sure the number is at least 16 bytes of secure random data. - You will be surprised how ugly a serial number collision can get. - The serial number. - - - - Set the issuer distinguished name. - The issuer is the entity whose private key is used to sign the certificate. - - The issuers DN. - - - - Set the date that this certificate is to be valid from. - - - - - - Set the date after which this certificate will no longer be valid. - - - - - - Set the subject distinguished name. - The subject describes the entity associated with the public key. - - - - - - Set the public key that this certificate identifies. - - - - - - Set the signature algorithm that will be used to sign this certificate. - This can be either a name or an OID, names are treated as case insensitive. - - string representation of the algorithm name - - - - Generate a new X509Certificate. - - The private key of the issuer used to sign this certificate. - An X509Certificate. - - - - Generate a new X509Certificate specifying a SecureRandom instance that you would like to use. - - The private key of the issuer used to sign this certificate. - The Secure Random you want to use. - An X509Certificate. - - - - Allows enumeration of the signature names supported by the generator. - - - - An implementation of a version 2 X.509 Attribute Certificate. - - - Class to produce an X.509 Version 2 AttributeCertificate. - - - Reset the generator - - - Set the Holder of this Attribute Certificate. - - - Set the issuer. - - - Set the serial number for the certificate. - - - - Set the signature algorithm. This can be either a name or an OID, names - are treated as case insensitive. - - The algorithm name. - - - Add an attribute. - - - Add a given extension field for the standard extensions tag. - - - - Add a given extension field for the standard extensions tag. - The value parameter becomes the contents of the octet string associated - with the extension. - - - - - Generate an X509 certificate, based on the current issuer and subject. - - - - - Generate an X509 certificate, based on the current issuer and subject, - using the supplied source of randomness, if required. - - - - - Allows enumeration of the signature names supported by the generator. - - - - class to produce an X.509 Version 2 CRL. - - - reset the generator - - - Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the - certificate. - - - Reason being as indicated by CrlReason, i.e. CrlReason.KeyCompromise - or 0 if CrlReason is not to be used - - - - Add a CRL entry with an Invalidity Date extension as well as a CrlReason extension. - Reason being as indicated by CrlReason, i.e. CrlReason.KeyCompromise - or 0 if CrlReason is not to be used - - - - Add a CRL entry with extensions. - - - - Add the CRLEntry objects contained in a previous CRL. - - @param other the X509Crl to source the other entries from. - - - Set the signature algorithm. This can be either a name or an oid, names - are treated as case insensitive. - - @param signatureAlgorithm string representation of the algorithm name. - - - add a given extension field for the standard extensions tag (tag 0) - - - add a given extension field for the standard extensions tag (tag 0) - - - add a given extension field for the standard extensions tag (tag 0) - - - add a given extension field for the standard extensions tag (tag 0) - - - Generate an X509 CRL, based on the current issuer and subject. - The key used for signing. - - - Generate an X509 CRL, based on the current issuer and subject. - The key used for signing. - A user-defined source of randomness. - - - - Allows enumeration of the signature names supported by the generator. - - - - - A class to Generate Version 3 X509Certificates. - - - - - Reset the Generator. - - - - - Set the certificate's serial number. - - Make serial numbers long, if you have no serial number policy make sure the number is at least 16 bytes of secure random data. - You will be surprised how ugly a serial number collision can Get. - The serial number. - - - - Set the distinguished name of the issuer. - The issuer is the entity which is signing the certificate. - - The issuer's DN. - - - - Set the date that this certificate is to be valid from. - - - - - - Set the date after which this certificate will no longer be valid. - - - - - - Set the DN of the entity that this certificate is about. - - - - - - Set the public key that this certificate identifies. - - - - - - Set the signature algorithm that will be used to sign this certificate. - - - - - - Set the subject unique ID - note: it is very rare that it is correct to do this. - - - - - - Set the issuer unique ID - note: it is very rare that it is correct to do this. - - - - - - Add a given extension field for the standard extensions tag (tag 3). - - string containing a dotted decimal Object Identifier. - Is it critical. - The value. - - - - Add an extension to this certificate. - - Its Object Identifier. - Is it critical. - The value. - - - - Add an extension using a string with a dotted decimal OID. - - string containing a dotted decimal Object Identifier. - Is it critical. - byte[] containing the value of this extension. - - - - Add an extension to this certificate. - - Its Object Identifier. - Is it critical. - byte[] containing the value of this extension. - - - - Add a given extension field for the standard extensions tag (tag 3), - copying the extension value from another certificate. - - - - add a given extension field for the standard extensions tag (tag 3) - copying the extension value from another certificate. - @throws CertificateParsingException if the extension cannot be extracted. - - - - Generate an X509Certificate. - - The private key of the issuer that is signing this certificate. - An X509Certificate. - - - - Generate an X509Certificate using your own SecureRandom. - - The private key of the issuer that is signing this certificate. - You Secure Random instance. - An X509Certificate. - - - - Allows enumeration of the signature names supported by the generator. - - -     -     diff --git a/crypto/src/asn1/DerUnknownTag.cs b/crypto/src/asn1/DerUnknownTag.cs deleted file mode 100644 index 1e0e61495..000000000 --- a/crypto/src/asn1/DerUnknownTag.cs +++ /dev/null @@ -1,80 +0,0 @@ -using System; - -using Org.BouncyCastle.Utilities; - -namespace Org.BouncyCastle.Asn1 -{ - /** - * We insert one of these when we find a tag we don't recognise. - */ - public class DerUnknownTag - : Asn1Object - { - private readonly bool isConstructed; - private readonly int tag; - private readonly byte[] data; - - /** - * @param tag the tag value. - * @param data the contents octets. - */ - public DerUnknownTag( - int tag, - byte[] data) - : this(false, tag, data) - { - } - - public DerUnknownTag( - bool isConstructed, - int tag, - byte[] data) - { - if (data == null) - throw new ArgumentNullException("data"); - - this.isConstructed = isConstructed; - this.tag = tag; - this.data = data; - } - - public bool IsConstructed - { - get { return isConstructed; } - } - - public int Tag - { - get { return tag; } - } - - public byte[] GetData() - { - return data; - } - - internal override void Encode( - DerOutputStream derOut) - { - derOut.WriteEncoded(isConstructed ? Asn1Tags.Constructed : 0, tag, data); - } - - protected override bool Asn1Equals( - Asn1Object asn1Object) - { - DerUnknownTag other = asn1Object as DerUnknownTag; - - if (other == null) - return false; - - return this.isConstructed == other.isConstructed - && this.tag == other.tag - && Arrays.AreEqual(this.data, other.data); - } - - protected override int Asn1GetHashCode() - { - return isConstructed.GetHashCode() ^ tag.GetHashCode() ^ Arrays.GetHashCode(data); - } - } -} diff --git a/crypto/src/cms/NullOutputStream.cs b/crypto/src/cms/NullOutputStream.cs deleted file mode 100644 index ed937bdeb..000000000 --- a/crypto/src/cms/NullOutputStream.cs +++ /dev/null @@ -1,20 +0,0 @@ -using System; - -using Org.BouncyCastle.Utilities.IO; - -namespace Org.BouncyCastle.Cms -{ - internal class NullOutputStream - : BaseOutputStream - { - public override void WriteByte(byte b) - { - // do nothing - } - - public override void Write(byte[] buffer, int offset, int count) - { - // do nothing - } - } -} diff --git a/crypto/src/crypto/tls/AlwaysValidVerifyer.cs b/crypto/src/crypto/tls/AlwaysValidVerifyer.cs deleted file mode 100644 index e26c6fc3f..000000000 --- a/crypto/src/crypto/tls/AlwaysValidVerifyer.cs +++ /dev/null @@ -1,24 +0,0 @@ -using System; - -using Org.BouncyCastle.Asn1.X509; - -namespace Org.BouncyCastle.Crypto.Tls -{ - /// - /// A certificate verifyer, that will always return true. - /// 
    -	/// DO NOT USE THIS FILE UNLESS YOU KNOW EXACTLY WHAT YOU ARE DOING.
-	///
    - ///     - [Obsolete("Perform certificate verification in TlsAuthentication implementation")] - public class AlwaysValidVerifyer - : ICertificateVerifyer - { - /// Return true. - public bool IsValid( - X509CertificateStructure[] certs) - { - return true; - } - } -} diff --git a/crypto/src/crypto/tls/DigestAlgorithm.cs b/crypto/src/crypto/tls/DigestAlgorithm.cs deleted file mode 100644 index cede6b7f8..000000000 --- a/crypto/src/crypto/tls/DigestAlgorithm.cs +++ /dev/null @@ -1,21 +0,0 @@ -using System; - -namespace Org.BouncyCastle.Crypto.Tls -{ - public enum DigestAlgorithm - { - /* - * Note that the values here are implementation-specific and arbitrary. - * It is recommended not to depend on the particular values (e.g. serialization). - */ - NULL, - MD5, - SHA, - - /* - * RFC 5289 - */ - SHA256, - SHA384, - } -} diff --git a/crypto/src/crypto/tls/ICertificateVerifyer.cs b/crypto/src/crypto/tls/ICertificateVerifyer.cs deleted file mode 100644 index df5ea51d7..000000000 --- a/crypto/src/crypto/tls/ICertificateVerifyer.cs +++ /dev/null @@ -1,18 +0,0 @@ -using System; - -using Org.BouncyCastle.Asn1.X509; - -namespace Org.BouncyCastle.Crypto.Tls -{ - /// - /// This should be implemented by any class which can find out, if a given - /// certificate chain is being accepted by an client. - /// - [Obsolete("Perform certificate verification in TlsAuthentication implementation")] - public interface ICertificateVerifyer - { - /// The certs, which are part of the chain. - /// True, if the chain is accepted, false otherwise - bool IsValid(X509CertificateStructure[] certs); - } -} diff --git a/crypto/src/crypto/tls/LegacyTlsAuthentication.cs b/crypto/src/crypto/tls/LegacyTlsAuthentication.cs deleted file mode 100644 index 5da9576af..000000000 --- a/crypto/src/crypto/tls/LegacyTlsAuthentication.cs +++ /dev/null @@ -1,32 +0,0 @@ -#if FALSE -using System; - -namespace Org.BouncyCastle.Crypto.Tls -{ - /// - /// A temporary class to wrap old CertificateVerifyer stuff for new TlsAuthentication. - /// - [Obsolete] - public class LegacyTlsAuthentication - : TlsAuthentication - { - protected ICertificateVerifyer verifyer; - - public LegacyTlsAuthentication(ICertificateVerifyer verifyer) - { - this.verifyer = verifyer; - } - - public virtual void NotifyServerCertificate(Certificate serverCertificate) - { - if (!this.verifyer.IsValid(serverCertificate.GetCerts())) - throw new TlsFatalAlert(AlertDescription.user_canceled); - } - - public virtual TlsCredentials GetClientCredentials(CertificateRequest certificateRequest) - { - return null; - } - } -} -#endif \ No newline at end of file diff --git a/crypto/src/crypto/tls/LegacyTlsClient.cs b/crypto/src/crypto/tls/LegacyTlsClient.cs deleted file mode 100644 index 98a8bcbfc..000000000 --- a/crypto/src/crypto/tls/LegacyTlsClient.cs +++ /dev/null @@ -1,28 +0,0 @@ -#if FALSE -using System; - -namespace Org.BouncyCastle.Crypto.Tls -{ - /// - /// A temporary class to use LegacyTlsAuthentication - /// - [Obsolete] - public class LegacyTlsClient - : DefaultTlsClient - { - [Obsolete] - protected ICertificateVerifyer verifyer; - - [Obsolete] - public LegacyTlsClient(ICertificateVerifyer verifyer) - { - this.verifyer = verifyer; - } - - public override TlsAuthentication GetAuthentication() - { - return new LegacyTlsAuthentication(verifyer); - } - } -} -#endif \ No newline at end of file diff --git a/crypto/src/crypto/tls/TlsException.cs b/crypto/src/crypto/tls/TlsException.cs deleted file mode 100644 index fa3e73273..000000000 --- a/crypto/src/crypto/tls/TlsException.cs +++ /dev/null @@ -1,11 +0,0 @@ -using System; - -namespace Org.BouncyCastle.Crypto.Tls -{ - public class TlsException : Exception - { - public TlsException() : base() { } - public TlsException(string message) : base(message) { } - public TlsException(string message, Exception exception) : base(message, exception) { } - } -} diff --git a/crypto/src/math/ec/IntArray.cs b/crypto/src/math/ec/IntArray.cs deleted file mode 100644 index 1089966a8..000000000 --- a/crypto/src/math/ec/IntArray.cs +++ /dev/null @@ -1,485 +0,0 @@ -using System; -using System.Text; - -namespace Org.BouncyCastle.Math.EC -{ - internal class IntArray - { - // TODO make m fixed for the IntArray, and hence compute T once and for all - - // TODO Use uint's internally? - private int[] m_ints; - - public IntArray(int intLen) - { - m_ints = new int[intLen]; - } - - private IntArray(int[] ints) - { - m_ints = ints; - } - - public IntArray(BigInteger bigInt) - : this(bigInt, 0) - { - } - - public IntArray(BigInteger bigInt, int minIntLen) - { - if (bigInt.SignValue == -1) - throw new ArgumentException("Only positive Integers allowed", "bigint"); - - if (bigInt.SignValue == 0) - { - m_ints = new int[] { 0 }; - return; - } - - byte[] barr = bigInt.ToByteArrayUnsigned(); - int barrLen = barr.Length; - - int intLen = (barrLen + 3) / 4; - m_ints = new int[System.Math.Max(intLen, minIntLen)]; - - int rem = barrLen % 4; - int barrI = 0; - - if (0 < rem) - { - int temp = (int) barr[barrI++]; - while (barrI < rem) - { - temp = temp << 8 | (int) barr[barrI++]; - } - m_ints[--intLen] = temp; - } - - while (intLen > 0) - { - int temp = (int) barr[barrI++]; - for (int i = 1; i < 4; i++) - { - temp = temp << 8 | (int) barr[barrI++]; - } - m_ints[--intLen] = temp; - } - } - - public int GetUsedLength() - { - int highestIntPos = m_ints.Length; - - if (highestIntPos < 1) - return 0; - - // Check if first element will act as sentinel - if (m_ints[0] != 0) - { - while (m_ints[--highestIntPos] == 0) - { - } - return highestIntPos + 1; - } - - do - { - if (m_ints[--highestIntPos] != 0) - { - return highestIntPos + 1; - } - } - while (highestIntPos > 0); - - return 0; - } - - public int BitLength - { - get - { - // JDK 1.5: see Integer.numberOfLeadingZeros() - int intLen = GetUsedLength(); - if (intLen == 0) - return 0; - - int last = intLen - 1; - uint highest = (uint) m_ints[last]; - int bits = (last << 5) + 1; - - // A couple of binary search steps - if (highest > 0x0000ffff) - { - if (highest > 0x00ffffff) - { - bits += 24; - highest >>= 24; - } - else - { - bits += 16; - highest >>= 16; - } - } - else if (highest > 0x000000ff) - { - bits += 8; - highest >>= 8; - } - - while (highest > 1) - { - ++bits; - highest >>= 1; - } - - return bits; - } - } - - private int[] resizedInts(int newLen) - { - int[] newInts = new int[newLen]; - int oldLen = m_ints.Length; - int copyLen = oldLen < newLen ? oldLen : newLen; - Array.Copy(m_ints, 0, newInts, 0, copyLen); - return newInts; - } - - public BigInteger ToBigInteger() - { - int usedLen = GetUsedLength(); - if (usedLen == 0) - { - return BigInteger.Zero; - } - - int highestInt = m_ints[usedLen - 1]; - byte[] temp = new byte[4]; - int barrI = 0; - bool trailingZeroBytesDone = false; - for (int j = 3; j >= 0; j--) - { - byte thisByte = (byte)((int)((uint) highestInt >> (8 * j))); - if (trailingZeroBytesDone || (thisByte != 0)) - { - trailingZeroBytesDone = true; - temp[barrI++] = thisByte; - } - } - - int barrLen = 4 * (usedLen - 1) + barrI; - byte[] barr = new byte[barrLen]; - for (int j = 0; j < barrI; j++) - { - barr[j] = temp[j]; - } - // Highest value int is done now - - for (int iarrJ = usedLen - 2; iarrJ >= 0; iarrJ--) - { - for (int j = 3; j >= 0; j--) - { - barr[barrI++] = (byte)((int)((uint)m_ints[iarrJ] >> (8 * j))); - } - } - return new BigInteger(1, barr); - } - - public void ShiftLeft() - { - int usedLen = GetUsedLength(); - if (usedLen == 0) - { - return; - } - if (m_ints[usedLen - 1] < 0) - { - // highest bit of highest used byte is set, so shifting left will - // make the IntArray one byte longer - usedLen++; - if (usedLen > m_ints.Length) - { - // make the m_ints one byte longer, because we need one more - // byte which is not available in m_ints - m_ints = resizedInts(m_ints.Length + 1); - } - } - - bool carry = false; - for (int i = 0; i < usedLen; i++) - { - // nextCarry is true if highest bit is set - bool nextCarry = m_ints[i] < 0; - m_ints[i] <<= 1; - if (carry) - { - // set lowest bit - m_ints[i] |= 1; - } - carry = nextCarry; - } - } - - public IntArray ShiftLeft(int n) - { - int usedLen = GetUsedLength(); - if (usedLen == 0) - { - return this; - } - - if (n == 0) - { - return this; - } - - if (n > 31) - { - throw new ArgumentException("shiftLeft() for max 31 bits " - + ", " + n + "bit shift is not possible", "n"); - } - - int[] newInts = new int[usedLen + 1]; - - int nm32 = 32 - n; - newInts[0] = m_ints[0] << n; - for (int i = 1; i < usedLen; i++) - { - newInts[i] = (m_ints[i] << n) | (int)((uint)m_ints[i - 1] >> nm32); - } - newInts[usedLen] = (int)((uint)m_ints[usedLen - 1] >> nm32); - - return new IntArray(newInts); - } - - public void AddShifted(IntArray other, int shift) - { - int usedLenOther = other.GetUsedLength(); - int newMinUsedLen = usedLenOther + shift; - if (newMinUsedLen > m_ints.Length) - { - m_ints = resizedInts(newMinUsedLen); - //Console.WriteLine("Resize required"); - } - - for (int i = 0; i < usedLenOther; i++) - { - m_ints[i + shift] ^= other.m_ints[i]; - } - } - - public int Length - { - get { return m_ints.Length; } - } - - public bool TestBit(int n) - { - // theInt = n / 32 - int theInt = n >> 5; - // theBit = n % 32 - int theBit = n & 0x1F; - int tester = 1 << theBit; - return ((m_ints[theInt] & tester) != 0); - } - - public void FlipBit(int n) - { - // theInt = n / 32 - int theInt = n >> 5; - // theBit = n % 32 - int theBit = n & 0x1F; - int flipper = 1 << theBit; - m_ints[theInt] ^= flipper; - } - - public void SetBit(int n) - { - // theInt = n / 32 - int theInt = n >> 5; - // theBit = n % 32 - int theBit = n & 0x1F; - int setter = 1 << theBit; - m_ints[theInt] |= setter; - } - - public IntArray Multiply(IntArray other, int m) - { - // Lenght of c is 2m bits rounded up to the next int (32 bit) - int t = (m + 31) >> 5; - if (m_ints.Length < t) - { - m_ints = resizedInts(t); - } - - IntArray b = new IntArray(other.resizedInts(other.Length + 1)); - IntArray c = new IntArray((m + m + 31) >> 5); - // IntArray c = new IntArray(t + t); - int testBit = 1; - for (int k = 0; k < 32; k++) - { - for (int j = 0; j < t; j++) - { - if ((m_ints[j] & testBit) != 0) - { - // The kth bit of m_ints[j] is set - c.AddShifted(b, j); - } - } - testBit <<= 1; - b.ShiftLeft(); - } - return c; - } - - // public IntArray multiplyLeftToRight(IntArray other, int m) { - // // Lenght of c is 2m bits rounded up to the next int (32 bit) - // int t = (m + 31) / 32; - // if (m_ints.Length < t) { - // m_ints = resizedInts(t); - // } - // - // IntArray b = new IntArray(other.resizedInts(other.getLength() + 1)); - // IntArray c = new IntArray((m + m + 31) / 32); - // // IntArray c = new IntArray(t + t); - // int testBit = 1 << 31; - // for (int k = 31; k >= 0; k--) { - // for (int j = 0; j < t; j++) { - // if ((m_ints[j] & testBit) != 0) { - // // The kth bit of m_ints[j] is set - // c.addShifted(b, j); - // } - // } - // testBit >>>= 1; - // if (k > 0) { - // c.shiftLeft(); - // } - // } - // return c; - // } - - // TODO note, redPol.Length must be 3 for TPB and 5 for PPB - public void Reduce(int m, int[] redPol) - { - for (int i = m + m - 2; i >= m; i--) - { - if (TestBit(i)) - { - int bit = i - m; - FlipBit(bit); - FlipBit(i); - int l = redPol.Length; - while (--l >= 0) - { - FlipBit(redPol[l] + bit); - } - } - } - m_ints = resizedInts((m + 31) >> 5); - } - - public IntArray Square(int m) - { - // TODO make the table static readonly - int[] table = { 0x0, 0x1, 0x4, 0x5, 0x10, 0x11, 0x14, 0x15, 0x40, - 0x41, 0x44, 0x45, 0x50, 0x51, 0x54, 0x55 }; - - int t = (m + 31) >> 5; - if (m_ints.Length < t) - { - m_ints = resizedInts(t); - } - - IntArray c = new IntArray(t + t); - - // TODO twice the same code, put in separate private method - for (int i = 0; i < t; i++) - { - int v0 = 0; - for (int j = 0; j < 4; j++) - { - v0 = (int)((uint) v0 >> 8); - int u = (int)((uint)m_ints[i] >> (j * 4)) & 0xF; - int w = table[u] << 24; - v0 |= w; - } - c.m_ints[i + i] = v0; - - v0 = 0; - int upper = (int)((uint) m_ints[i] >> 16); - for (int j = 0; j < 4; j++) - { - v0 = (int)((uint) v0 >> 8); - int u = (int)((uint)upper >> (j * 4)) & 0xF; - int w = table[u] << 24; - v0 |= w; - } - c.m_ints[i + i + 1] = v0; - } - return c; - } - - public override bool Equals(object o) - { - if (!(o is IntArray)) - { - return false; - } - IntArray other = (IntArray) o; - int usedLen = GetUsedLength(); - if (other.GetUsedLength() != usedLen) - { - return false; - } - for (int i = 0; i < usedLen; i++) - { - if (m_ints[i] != other.m_ints[i]) - { - return false; - } - } - return true; - } - - public override int GetHashCode() - { - int i = GetUsedLength(); - int hc = i; - while (--i >= 0) - { - hc *= 17; - hc ^= m_ints[i]; - } - return hc; - } - - internal IntArray Copy() - { - return new IntArray((int[]) m_ints.Clone()); - } - - public override string ToString() - { - int usedLen = GetUsedLength(); - if (usedLen == 0) - { - return "0"; - } - - StringBuilder sb = new StringBuilder(Convert.ToString(m_ints[usedLen - 1], 2)); - for (int iarrJ = usedLen - 2; iarrJ >= 0; iarrJ--) - { - string hexString = Convert.ToString(m_ints[iarrJ], 2); - - // Add leading zeroes, except for highest significant int - for (int i = hexString.Length; i < 8; i++) - { - hexString = "0" + hexString; - } - sb.Append(hexString); - } - return sb.ToString(); - } - } -} diff --git a/crypto/src/math/ec/multiplier/FpNafMultiplier.cs b/crypto/src/math/ec/multiplier/FpNafMultiplier.cs deleted file mode 100644 index 7c034ce6e..000000000 --- a/crypto/src/math/ec/multiplier/FpNafMultiplier.cs +++ /dev/null @@ -1,41 +0,0 @@ -#if FALSE -namespace Org.BouncyCastle.Math.EC.Multiplier -{ - /** - * Class implementing the NAF (Non-Adjacent Form) multiplication algorithm. - */ - internal class FpNafMultiplier - : ECMultiplier - { - /** - * D.3.2 pg 101 - * @see org.bouncycastle.math.ec.multiplier.ECMultiplier#multiply(org.bouncycastle.math.ec.ECPoint, java.math.BigInteger) - */ - public ECPoint Multiply(ECPoint p, BigInteger k, PreCompInfo preCompInfo) - { - // TODO Probably should try to add this - // BigInteger e = k.Mod(n); // n == order of p - BigInteger e = k; - BigInteger h = e.Multiply(BigInteger.Three); - - ECPoint neg = p.Negate(); - ECPoint R = p; - - for (int i = h.BitLength - 2; i > 0; --i) - { - R = R.Twice(); - - bool hBit = h.TestBit(i); - bool eBit = e.TestBit(i); - - if (hBit != eBit) - { - R = R.Add(hBit ? p : neg); - } - } - - return R; - } - } -} -#endif \ No newline at end of file diff --git a/crypto/src/math/ec/multiplier/WNafMultiplier.cs b/crypto/src/math/ec/multiplier/WNafMultiplier.cs deleted file mode 100644 index 484bb30e7..000000000 --- a/crypto/src/math/ec/multiplier/WNafMultiplier.cs +++ /dev/null @@ -1,243 +0,0 @@ -#if FALSE -using System; - -namespace Org.BouncyCastle.Math.EC.Multiplier -{ - /** - * Class implementing the WNAF (Window Non-Adjacent Form) multiplication - * algorithm. - */ - internal class WNafMultiplier - : ECMultiplier - { - /** - * Computes the Window NAF (non-adjacent Form) of an integer. - * @param width The width w of the Window NAF. The width is - * defined as the minimal number w, such that for any - * w consecutive digits in the resulting representation, at - * most one is non-zero. - * @param k The integer of which the Window NAF is computed. - * @return The Window NAF of the given width, such that the following holds: - * k = −i=0l-1 ki2i - * , where the ki denote the elements of the - * returned sbyte[]. - */ - public sbyte[] WindowNaf(sbyte width, BigInteger k) - { - // The window NAF is at most 1 element longer than the binary - // representation of the integer k. sbyte can be used instead of short or - // int unless the window width is larger than 8. For larger width use - // short or int. However, a width of more than 8 is not efficient for - // m = log2(q) smaller than 2305 Bits. Note: Values for m larger than - // 1000 Bits are currently not used in practice. - sbyte[] wnaf = new sbyte[k.BitLength + 1]; - - // 2^width as short and BigInteger - short pow2wB = (short)(1 << width); - BigInteger pow2wBI = BigInteger.ValueOf(pow2wB); - - int i = 0; - - // The actual length of the WNAF - int length = 0; - - // while k >= 1 - while (k.SignValue > 0) - { - // if k is odd - if (k.TestBit(0)) - { - // k Mod 2^width - BigInteger remainder = k.Mod(pow2wBI); - - // if remainder > 2^(width - 1) - 1 - if (remainder.TestBit(width - 1)) - { - wnaf[i] = (sbyte)(remainder.IntValue - pow2wB); - } - else - { - wnaf[i] = (sbyte)remainder.IntValue; - } - // wnaf[i] is now in [-2^(width-1), 2^(width-1)-1] - - k = k.Subtract(BigInteger.ValueOf(wnaf[i])); - length = i; - } - else - { - wnaf[i] = 0; - } - - // k = k/2 - k = k.ShiftRight(1); - i++; - } - - length++; - - // Reduce the WNAF array to its actual length - sbyte[] wnafShort = new sbyte[length]; - Array.Copy(wnaf, 0, wnafShort, 0, length); - return wnafShort; - } - - /** - * Multiplies this by an integer k using the - * Window NAF method. - * @param k The integer by which this is multiplied. - * @return A new ECPoint which equals this - * multiplied by k. - */ - public ECPoint Multiply(ECPoint p, BigInteger k, PreCompInfo preCompInfo) - { - WNafPreCompInfo wnafPreCompInfo; - - if ((preCompInfo != null) && (preCompInfo is WNafPreCompInfo)) - { - wnafPreCompInfo = (WNafPreCompInfo)preCompInfo; - } - else - { - // Ignore empty PreCompInfo or PreCompInfo of incorrect type - wnafPreCompInfo = new WNafPreCompInfo(); - } - - // floor(log2(k)) - int m = k.BitLength; - - // width of the Window NAF - sbyte width; - - // Required length of precomputation array - int reqPreCompLen; - - // Determine optimal width and corresponding length of precomputation - // array based on literature values - if (m < 13) - { - width = 2; - reqPreCompLen = 1; - } - else - { - if (m < 41) - { - width = 3; - reqPreCompLen = 2; - } - else - { - if (m < 121) - { - width = 4; - reqPreCompLen = 4; - } - else - { - if (m < 337) - { - width = 5; - reqPreCompLen = 8; - } - else - { - if (m < 897) - { - width = 6; - reqPreCompLen = 16; - } - else - { - if (m < 2305) - { - width = 7; - reqPreCompLen = 32; - } - else - { - width = 8; - reqPreCompLen = 127; - } - } - } - } - } - } - - // The length of the precomputation array - int preCompLen = 1; - - ECPoint[] preComp = wnafPreCompInfo.GetPreComp(); - ECPoint twiceP = wnafPreCompInfo.GetTwiceP(); - - // Check if the precomputed ECPoints already exist - if (preComp == null) - { - // Precomputation must be performed from scratch, create an empty - // precomputation array of desired length - preComp = new ECPoint[]{ p }; - } - else - { - // Take the already precomputed ECPoints to start with - preCompLen = preComp.Length; - } - - if (twiceP == null) - { - // Compute twice(p) - twiceP = p.Twice(); - } - - if (preCompLen < reqPreCompLen) - { - // Precomputation array must be made bigger, copy existing preComp - // array into the larger new preComp array - ECPoint[] oldPreComp = preComp; - preComp = new ECPoint[reqPreCompLen]; - Array.Copy(oldPreComp, 0, preComp, 0, preCompLen); - - for (int i = preCompLen; i < reqPreCompLen; i++) - { - // Compute the new ECPoints for the precomputation array. - // The values 1, 3, 5, ..., 2^(width-1)-1 times p are - // computed - preComp[i] = twiceP.Add(preComp[i - 1]); - } - } - - // Compute the Window NAF of the desired width - sbyte[] wnaf = WindowNaf(width, k); - int l = wnaf.Length; - - // Apply the Window NAF to p using the precomputed ECPoint values. - ECPoint q = p.Curve.Infinity; - for (int i = l - 1; i >= 0; i--) - { - q = q.Twice(); - - if (wnaf[i] != 0) - { - if (wnaf[i] > 0) - { - q = q.Add(preComp[(wnaf[i] - 1)/2]); - } - else - { - // wnaf[i] < 0 - q = q.Subtract(preComp[(-wnaf[i] - 1)/2]); - } - } - } - - // Set PreCompInfo in ECPoint, such that it is available for next - // multiplication. - wnafPreCompInfo.SetPreComp(preComp); - wnafPreCompInfo.SetTwiceP(twiceP); - p.SetPreCompInfo(wnafPreCompInfo); - return q; - } - } -} -#endif \ No newline at end of file -- cgit 1.4.1