[itext] Port to bouncycastle 1.50
gil
gil at fedoraproject.org
Sun Mar 2 16:51:15 UTC 2014
commit 51c98e654335d7970c890660892271ccff4847ef
Author: gil <puntogil at libero.it>
Date: Sun Mar 2 17:52:00 2014 +0100
Port to bouncycastle 1.50
0001-Port-to-bouncycastle-1.50.patch | 272 ++++++++++++++++++++++++++++++++++
itext.spec | 38 ++++--
2 files changed, 298 insertions(+), 12 deletions(-)
---
diff --git a/0001-Port-to-bouncycastle-1.50.patch b/0001-Port-to-bouncycastle-1.50.patch
new file mode 100644
index 0000000..49b1a2d
--- /dev/null
+++ b/0001-Port-to-bouncycastle-1.50.patch
@@ -0,0 +1,272 @@
+From c1267522e730b5b0e0c905f2fedc3e8adb818bef Mon Sep 17 00:00:00 2001
+From: Michal Srb <msrb at redhat.com>
+Date: Thu, 27 Feb 2014 07:38:54 +0100
+Subject: [PATCH] Port to bouncycastle 1.50
+
+---
+ src/core/com/lowagie/text/pdf/PdfPKCS7.java | 38 +++++++++++++---------
+ .../text/pdf/PdfPublicKeySecurityHandler.java | 15 ++++-----
+ src/core/com/lowagie/text/pdf/PdfReader.java | 4 ++-
+ 3 files changed, 32 insertions(+), 25 deletions(-)
+
+diff --git a/src/core/com/lowagie/text/pdf/PdfPKCS7.java b/src/core/com/lowagie/text/pdf/PdfPKCS7.java
+index 8ccc73e..289a1e0 100755
+--- a/src/core/com/lowagie/text/pdf/PdfPKCS7.java
++++ b/src/core/com/lowagie/text/pdf/PdfPKCS7.java
+@@ -75,7 +75,7 @@ import java.util.HashSet;
+ import java.util.Iterator;
+ import java.util.Set;
+
+-import org.bouncycastle.asn1.ASN1Encodable;
++import org.bouncycastle.asn1.ASN1Encoding;
+ import org.bouncycastle.asn1.ASN1EncodableVector;
+ import org.bouncycastle.asn1.ASN1InputStream;
+ import org.bouncycastle.asn1.ASN1OutputStream;
+@@ -85,13 +85,13 @@ import org.bouncycastle.asn1.ASN1TaggedObject;
+ import org.bouncycastle.asn1.DEREnumerated;
+ import org.bouncycastle.asn1.DERInteger;
+ import org.bouncycastle.asn1.DERNull;
+-import org.bouncycastle.asn1.DERObject;
++import org.bouncycastle.asn1.ASN1Primitive;
+ import org.bouncycastle.asn1.DERObjectIdentifier;
+ import org.bouncycastle.asn1.DEROctetString;
+ import org.bouncycastle.asn1.DEROutputStream;
+ import org.bouncycastle.asn1.DERSequence;
+ import org.bouncycastle.asn1.DERSet;
+-import org.bouncycastle.asn1.DERString;
++import org.bouncycastle.asn1.ASN1String;
+ import org.bouncycastle.asn1.DERTaggedObject;
+ import org.bouncycastle.asn1.DERUTCTime;
+ import org.bouncycastle.asn1.cms.AttributeTable;
+@@ -100,14 +100,19 @@ import org.bouncycastle.asn1.ocsp.BasicOCSPResponse;
+ import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
+ import org.bouncycastle.jce.provider.X509CRLParser;
+ import org.bouncycastle.jce.provider.X509CertParser;
++
+ import com.lowagie.text.ExceptionConverter;
++
+ import java.security.cert.CertificateParsingException;
+ import java.util.Date;
++
+ import org.bouncycastle.asn1.ASN1OctetString;
+ import org.bouncycastle.asn1.cms.ContentInfo;
+ import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+ import org.bouncycastle.asn1.tsp.MessageImprint;
+ import org.bouncycastle.asn1.x509.X509Extensions;
++import org.bouncycastle.cms.SignerInformationVerifier;
++import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
+ import org.bouncycastle.ocsp.BasicOCSPResp;
+ import org.bouncycastle.ocsp.CertificateID;
+ import org.bouncycastle.ocsp.SingleResp;
+@@ -379,7 +384,7 @@ public class PdfPKCS7 {
+ //
+ // Basic checks to make sure it's a PKCS#7 SignedData Object
+ //
+- DERObject pkcs;
++ ASN1Primitive pkcs;
+
+ try {
+ pkcs = din.readObject();
+@@ -464,7 +469,7 @@ public class PdfPKCS7 {
+ if (signerInfo.getObjectAt(next) instanceof ASN1TaggedObject) {
+ ASN1TaggedObject tagsig = (ASN1TaggedObject)signerInfo.getObjectAt(next);
+ ASN1Set sseq = ASN1Set.getInstance(tagsig, false);
+- sigAttr = sseq.getEncoded(ASN1Encodable.DER);
++ sigAttr = sseq.getEncoded(ASN1Encoding.DER);
+
+ for (int k = 0; k < sseq.size(); ++k) {
+ ASN1Sequence seq2 = (ASN1Sequence)sseq.getObjectAt(k);
+@@ -928,7 +933,8 @@ public class PdfPKCS7 {
+ if (!keystore.isCertificateEntry(alias))
+ continue;
+ X509Certificate certStoreX509 = (X509Certificate)keystore.getCertificate(alias);
+- ts.validate(certStoreX509, provider);
++ SignerInformationVerifier siv = new JcaSimpleSignerInfoVerifierBuilder().setProvider(provider).build(certStoreX509);
++ ts.validate(siv);
+ return true;
+ }
+ catch (Exception ex) {
+@@ -949,7 +955,7 @@ public class PdfPKCS7 {
+ */
+ public static String getOCSPURL(X509Certificate certificate) throws CertificateParsingException {
+ try {
+- DERObject obj = getExtensionValue(certificate, X509Extensions.AuthorityInfoAccess.getId());
++ ASN1Primitive obj = getExtensionValue(certificate, X509Extensions.AuthorityInfoAccess.getId());
+ if (obj == null) {
+ return null;
+ }
+@@ -961,7 +967,7 @@ public class PdfPKCS7 {
+ continue;
+ } else {
+ if ((AccessDescription.getObjectAt(0) instanceof DERObjectIdentifier) && ((DERObjectIdentifier)AccessDescription.getObjectAt(0)).getId().equals("1.3.6.1.5.5.7.48.1")) {
+- String AccessLocation = getStringFromGeneralName((DERObject)AccessDescription.getObjectAt(1));
++ String AccessLocation = getStringFromGeneralName((ASN1Primitive)AccessDescription.getObjectAt(1));
+ if ( AccessLocation == null ) {
+ return "" ;
+ } else {
+@@ -999,7 +1005,7 @@ public class PdfPKCS7 {
+ return false;
+ }
+
+- private static DERObject getExtensionValue(X509Certificate cert, String oid) throws IOException {
++ private static ASN1Primitive getExtensionValue(X509Certificate cert, String oid) throws IOException {
+ byte[] bytes = cert.getExtensionValue(oid);
+ if (bytes == null) {
+ return null;
+@@ -1010,7 +1016,7 @@ public class PdfPKCS7 {
+ return aIn.readObject();
+ }
+
+- private static String getStringFromGeneralName(DERObject names) throws IOException {
++ private static String getStringFromGeneralName(ASN1Primitive names) throws IOException {
+ DERTaggedObject taggedObject = (DERTaggedObject) names ;
+ return new String(ASN1OctetString.getInstance(taggedObject, false).getOctets(), "ISO-8859-1");
+ }
+@@ -1020,11 +1026,11 @@ public class PdfPKCS7 {
+ * @param enc a TBSCertificate in a byte array
+ * @return a DERObject
+ */
+- private static DERObject getIssuer(byte[] enc) {
++ private static ASN1Primitive getIssuer(byte[] enc) {
+ try {
+ ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(enc));
+ ASN1Sequence seq = (ASN1Sequence)in.readObject();
+- return (DERObject)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 3 : 2);
++ return (ASN1Primitive)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 3 : 2);
+ }
+ catch (IOException e) {
+ throw new ExceptionConverter(e);
+@@ -1036,11 +1042,11 @@ public class PdfPKCS7 {
+ * @param enc A TBSCertificate in a byte array
+ * @return a DERObject
+ */
+- private static DERObject getSubject(byte[] enc) {
++ private static ASN1Primitive getSubject(byte[] enc) {
+ try {
+ ASN1InputStream in = new ASN1InputStream(new ByteArrayInputStream(enc));
+ ASN1Sequence seq = (ASN1Sequence)in.readObject();
+- return (DERObject)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 5 : 4);
++ return (ASN1Primitive)seq.getObjectAt(seq.getObjectAt(0) instanceof DERTaggedObject ? 5 : 4);
+ }
+ catch (IOException e) {
+ throw new ExceptionConverter(e);
+@@ -1340,7 +1346,7 @@ public class PdfPKCS7 {
+ */
+ public byte[] getAuthenticatedAttributeBytes(byte secondDigest[], Calendar signingTime, byte[] ocsp) {
+ try {
+- return getAuthenticatedAttributeSet(secondDigest, signingTime, ocsp).getEncoded(ASN1Encodable.DER);
++ return getAuthenticatedAttributeSet(secondDigest, signingTime, ocsp).getEncoded(ASN1Encoding.DER);
+ }
+ catch (Exception e) {
+ throw new ExceptionConverter(e);
+@@ -1575,7 +1581,7 @@ public class PdfPKCS7 {
+ vs = new ArrayList();
+ values.put(id, vs);
+ }
+- vs.add(((DERString)s.getObjectAt(1)).getString());
++ vs.add(((ASN1Primitive)s.getObjectAt(1)).toString());
+ }
+ }
+ }
+diff --git a/src/core/com/lowagie/text/pdf/PdfPublicKeySecurityHandler.java b/src/core/com/lowagie/text/pdf/PdfPublicKeySecurityHandler.java
+index ed30814..0878306 100644
+--- a/src/core/com/lowagie/text/pdf/PdfPublicKeySecurityHandler.java
++++ b/src/core/com/lowagie/text/pdf/PdfPublicKeySecurityHandler.java
+@@ -92,7 +92,6 @@ package com.lowagie.text.pdf;
+ import java.io.ByteArrayInputStream;
+ import java.io.ByteArrayOutputStream;
+ import java.io.IOException;
+-
+ import java.security.AlgorithmParameterGenerator;
+ import java.security.AlgorithmParameters;
+ import java.security.GeneralSecurityException;
+@@ -100,7 +99,6 @@ import java.security.NoSuchAlgorithmException;
+ import java.security.SecureRandom;
+ import java.security.cert.Certificate;
+ import java.security.cert.X509Certificate;
+-
+ import java.util.ArrayList;
+
+ import javax.crypto.Cipher;
+@@ -108,7 +106,8 @@ import javax.crypto.KeyGenerator;
+ import javax.crypto.SecretKey;
+
+ import org.bouncycastle.asn1.ASN1InputStream;
+-import org.bouncycastle.asn1.DERObject;
++import org.bouncycastle.asn1.ASN1Primitive;
++import org.bouncycastle.asn1.ASN1Set;
+ import org.bouncycastle.asn1.DERObjectIdentifier;
+ import org.bouncycastle.asn1.DEROctetString;
+ import org.bouncycastle.asn1.DEROutputStream;
+@@ -244,7 +243,7 @@ public class PdfPublicKeySecurityHandler {
+ pkcs7input[22] = two;
+ pkcs7input[23] = one;
+
+- DERObject obj = createDERForRecipient(pkcs7input, (X509Certificate)certificate);
++ ASN1Primitive obj = createDERForRecipient(pkcs7input, (X509Certificate)certificate);
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+
+@@ -276,7 +275,7 @@ public class PdfPublicKeySecurityHandler {
+ return EncodedRecipients;
+ }
+
+- private DERObject createDERForRecipient(byte[] in, X509Certificate cert)
++ private ASN1Primitive createDERForRecipient(byte[] in, X509Certificate cert)
+ throws IOException,
+ GeneralSecurityException
+ {
+@@ -287,7 +286,7 @@ public class PdfPublicKeySecurityHandler {
+ AlgorithmParameters algorithmparameters = algorithmparametergenerator.generateParameters();
+ ByteArrayInputStream bytearrayinputstream = new ByteArrayInputStream(algorithmparameters.getEncoded("ASN.1"));
+ ASN1InputStream asn1inputstream = new ASN1InputStream(bytearrayinputstream);
+- DERObject derobject = asn1inputstream.readObject();
++ ASN1Primitive derobject = asn1inputstream.readObject();
+ KeyGenerator keygenerator = KeyGenerator.getInstance(s);
+ keygenerator.init(128);
+ SecretKey secretkey = keygenerator.generateKey();
+@@ -300,10 +299,10 @@ public class PdfPublicKeySecurityHandler {
+ AlgorithmIdentifier algorithmidentifier = new AlgorithmIdentifier(new DERObjectIdentifier(s), derobject);
+ EncryptedContentInfo encryptedcontentinfo =
+ new EncryptedContentInfo(PKCSObjectIdentifiers.data, algorithmidentifier, deroctetstring);
+- EnvelopedData env = new EnvelopedData(null, derset, encryptedcontentinfo, null);
++ EnvelopedData env = new EnvelopedData(null, derset, encryptedcontentinfo, (ASN1Set) null);
+ ContentInfo contentinfo =
+ new ContentInfo(PKCSObjectIdentifiers.envelopedData, env);
+- return contentinfo.getDERObject();
++ return contentinfo.toASN1Primitive();
+ }
+
+ private KeyTransRecipientInfo computeRecipientInfo(X509Certificate x509certificate, byte[] abyte0)
+diff --git a/src/core/com/lowagie/text/pdf/PdfReader.java b/src/core/com/lowagie/text/pdf/PdfReader.java
+index 8699f22..cf9c16a 100755
+--- a/src/core/com/lowagie/text/pdf/PdfReader.java
++++ b/src/core/com/lowagie/text/pdf/PdfReader.java
+@@ -67,6 +67,7 @@ import java.util.zip.InflaterInputStream;
+ import java.util.Stack;
+ import java.security.Key;
+ import java.security.MessageDigest;
++import java.security.PrivateKey;
+ import java.security.cert.Certificate;
+
+ import com.lowagie.text.ExceptionConverter;
+@@ -80,6 +81,7 @@ import com.lowagie.text.pdf.internal.PdfViewerPreferencesImp;
+
+ import org.bouncycastle.cms.CMSEnvelopedData;
+ import org.bouncycastle.cms.RecipientInformation;
++import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
+
+ /** Reads a PDF document.
+ * @author Paulo Soares (psoares at consiste.pt)
+@@ -719,7 +721,7 @@ public class PdfReader implements PdfViewerPreferences {
+ RecipientInformation recipientInfo = (RecipientInformation)recipientCertificatesIt.next();
+
+ if (recipientInfo.getRID().match(certificate) && !foundRecipient) {
+- envelopedData = recipientInfo.getContent(certificateKey, certificateKeyProvider);
++ envelopedData = recipientInfo.getContent(new JceKeyTransEnvelopedRecipient((PrivateKey) certificateKey).setProvider(certificateKeyProvider));
+ foundRecipient = true;
+ }
+ }
+--
+1.8.5.3
+
diff --git a/itext.spec b/itext.spec
index 69d9be1..0ea526e 100644
--- a/itext.spec
+++ b/itext.spec
@@ -8,7 +8,7 @@
Summary: A Free Java-PDF library
Name: itext
Version: 2.1.7
-Release: 23%{?dist}
+Release: 24%{?dist}
#src/toolbox/com/lowagie/toolbox/Versions.java is MPLv1.1 or MIT
#src/toolbox/com/lowagie/toolbox/plugins/XML2Bookmarks.java is MPLv1.1 or LGPLv2+
#src/rups/com/lowagie/rups/Rups.java is LGPLv2+
@@ -38,7 +38,7 @@ Patch1: itext-2.1.5-pdftk.patch
# The iText POM specifies that it requires bouncycastle's "jdk14" JARs
# but we have "jdk16".
-Patch2: itext-2.1.7-fixpomforbc.patch
+#Patch2: itext-2.1.7-fixpomforbc.patch
# Maven's Doxia plugin explicitly requires these XML output interfaces
# of iText. They were removed in iText 1.4.4 [1]. iText versions prior
# to 1.5.x had questionable licensing [2] so rather than try to create
@@ -64,9 +64,11 @@ Patch3: itext-xmloutput.patch
# Use orbit manifest so the manifest exports packages properly.
Patch4: itext-manifest.patch
Patch5: itext-remove-unmappable.patch
+# Port to bouncycastle 1.50 Thanks to Michal Srb
+Patch6: 0001-Port-to-bouncycastle-1.50.patch
BuildRequires: ant
-BuildRequires: bouncycastle-tsp >= 1.46-4
+BuildRequires: bouncycastle-pkix >= 1.50
BuildRequires: desktop-file-utils
BuildRequires: dom4j
BuildRequires: ImageMagick
@@ -96,7 +98,7 @@ exactly how your servlet's output will look.
Summary: The core iText Java-PDF library
Group: Development/Libraries
BuildArch: noarch
-Requires: bouncycastle-tsp >= 1.46-4
+Requires: bouncycastle-pkix >= 1.50
Requires: java >= 1.5
Requires: jpackage-utils
Obsoletes: itext < 2.1.7-12
@@ -160,22 +162,28 @@ API documentation for the %{alternate_name} package.
%prep
%setup -q -c -T -a 0
%patch1 -p1 -b .pdftk
-cp -pr %{SOURCE2} JPP-itext.pom
-%patch2 -p0 -b .fixpomforbc
%patch3 -p0 -b .xmloutput
%patch4 -p0
%patch5 -p0
+cp -pr %{SOURCE2} JPP-itext.pom
+%pom_remove_dep bouncycastle:bcmail-jdk14 JPP-itext.pom
+%pom_add_dep org.bouncycastle:bcmail-jdk15on JPP-itext.pom
+%pom_remove_dep bouncycastle:bcprov-jdk14 JPP-itext.pom
+%pom_add_dep org.bouncycastle:bcprov-jdk15on JPP-itext.pom
+%pom_remove_dep bouncycastle:bctsp-jdk14 JPP-itext.pom
+%pom_add_dep org.bouncycastle:bcpkix-jdk15on JPP-itext.pom
+
cp -pr %{SOURCE8} JPP-%{name}-rtf.pom
cp -pr %{SOURCE9} JPP-%{name}-rups.pom
for p in rtf rups ; do
%pom_remove_dep bouncycastle:bcmail-jdk14 JPP-%{name}-${p}.pom
-%pom_add_dep org.bouncycastle:bcmail-jdk16 JPP-%{name}-${p}.pom
+%pom_add_dep org.bouncycastle:bcmail-jdk15on JPP-%{name}-${p}.pom
%pom_remove_dep bouncycastle:bcprov-jdk14 JPP-%{name}-${p}.pom
-%pom_add_dep org.bouncycastle:bcprov-jdk16 JPP-%{name}-${p}.pom
+%pom_add_dep org.bouncycastle:bcprov-jdk15on JPP-%{name}-${p}.pom
%pom_remove_dep bouncycastle:bctsp-jdk14 JPP-%{name}-${p}.pom
-%pom_add_dep org.bouncycastle:bctsp-jdk16 JPP-%{name}-${p}.pom
+%pom_add_dep org.bouncycastle:bcpkix-jdk15on JPP-%{name}-${p}.pom
done
# move manifest to build area
@@ -191,14 +199,17 @@ touch -r src/rups/com/lowagie/rups/view/icons/copyright_notice.txt tmpfile
mv -f tmpfile src/rups/com/lowagie/rups/view/icons/copyright_notice.txt
mkdir lib
-build-jar-repository -s -p lib bcprov bcmail bctsp pdf-renderer dom4j
+build-jar-repository -s -p lib bcprov bcmail bcpkix pdf-renderer dom4j
# Remove jdk & version numbers from classpath entries
for file in src/ant/{*,.ant*}; do
- for jarname in bcmail bcprov bctsp dom4j; do
+ for jarname in bcmail bcprov dom4j; do
sed -i "s|$jarname-.*\.jar|$jarname.jar|" $file
done
done
+for file in src/ant/{*,.ant*}; do
+ sed -i "s|bctsp-.*\.jar|bcpkix.jar|" $file
+done
# Setting debug="on" on javac part of the build script.
sed -i 's|destdir|debug="on" destdir|g' src/ant/compile.xml
@@ -210,7 +221,7 @@ sed -i 's|author|Encoding="ISO-8859-1" author|' src/ant/site.xml
sed -i 's|maxmemory="128m"|maxmemory="512m"|' src/ant/site.xml
%build
-export CLASSPATH=$(build-classpath bcprov bcmail bctsp pdf-renderer dom4j)
+export CLASSPATH=$(build-classpath bcprov bcmail bcpkix pdf-renderer dom4j)
pushd src
ant -Ditext.jdk.core=1.5 \
-Ditext.jdk.rups=1.5 \
@@ -359,6 +370,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
# -----------------------------------------------------------------------------
%changelog
+* Thu Feb 27 2014 gil cattaneo <puntogil at libero.it> 2.1.7-24
+- Port to bouncycastle 1.50 (Thanks to Michal Srb)
+
* Thu Nov 7 2013 Mikolaj Izdebski <mizdebsk at redhat.com> - 2.1.7-23
- Remove versioned JARs
- Resolves: rhbz#1022106
More information about the scm-commits
mailing list