[jglobus] Apply patch for bouncycastle 1.47+ for Fedora 21+ and EPEL 7+
Mattias Ellert
ellert at fedoraproject.org
Thu Mar 6 10:37:19 UTC 2014
commit d30c0690d0e0c19d1c23d49d8f4ac181d5f92ada
Author: Mattias Ellert <mattias.ellert at fysast.uu.se>
Date: Thu Mar 6 11:37:02 2014 +0100
Apply patch for bouncycastle 1.47+ for Fedora 21+ and EPEL 7+
jglobus-bc147.patch | 801 +++++++++++++++++++++++++++++++++++++++++++++++++++
jglobus.spec | 14 +-
2 files changed, 814 insertions(+), 1 deletions(-)
---
diff --git a/jglobus-bc147.patch b/jglobus-bc147.patch
new file mode 100644
index 0000000..dbc2a7b
--- /dev/null
+++ b/jglobus-bc147.patch
@@ -0,0 +1,801 @@
+diff -ur JGlobus-JGlobus-2.0.6.orig/pom.xml JGlobus-JGlobus-2.0.6/pom.xml
+--- JGlobus-JGlobus-2.0.6.orig/pom.xml 2013-09-05 14:41:15.000000000 +0200
++++ JGlobus-JGlobus-2.0.6/pom.xml 2014-03-06 11:18:47.559012666 +0100
+@@ -215,8 +215,8 @@
+ </dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+- <artifactId>bcprov-jdk16</artifactId>
+- <version>1.45</version>
++ <artifactId>bcprov-jdk15on</artifactId>
++ <version>1.47</version>
+ </dependency>
+ <dependency>
+ <groupId>commons-io</groupId>
+diff -ur JGlobus-JGlobus-2.0.6.orig/ssl-proxies/pom.xml JGlobus-JGlobus-2.0.6/ssl-proxies/pom.xml
+--- JGlobus-JGlobus-2.0.6.orig/ssl-proxies/pom.xml 2013-09-05 14:41:15.000000000 +0200
++++ JGlobus-JGlobus-2.0.6/ssl-proxies/pom.xml 2014-03-06 11:18:47.773010102 +0100
+@@ -41,7 +41,7 @@
+ </dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+- <artifactId>bcprov-jdk16</artifactId>
++ <artifactId>bcprov-jdk15on</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>commons-io</groupId>
+diff -ur JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleCertProcessingFactory.java JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleCertProcessingFactory.java
+--- JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleCertProcessingFactory.java 2013-09-05 14:41:15.000000000 +0200
++++ JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleCertProcessingFactory.java 2014-03-06 11:19:25.651556353 +0100
+@@ -14,6 +14,7 @@
+ */
+ package org.globus.gsi.bc;
+
++import org.bouncycastle.asn1.x500.style.BCStyle;
+ import org.globus.gsi.util.CertificateLoadUtil;
+ import org.globus.gsi.util.ProxyCertificateUtil;
+
+@@ -48,13 +49,13 @@
+ import org.bouncycastle.jce.PKCS10CertificationRequest;
+ import org.bouncycastle.jce.provider.X509CertificateObject;
+ import org.bouncycastle.asn1.DERSet;
+-import org.bouncycastle.asn1.DERObject;
+ import org.bouncycastle.asn1.DERBitString;
+ import org.bouncycastle.asn1.x509.X509Name;
++import org.bouncycastle.asn1.ASN1Primitive;
+ import org.bouncycastle.asn1.ASN1InputStream;
+ import org.bouncycastle.asn1.ASN1Sequence;
++import org.bouncycastle.asn1.x509.Certificate;
+ import org.bouncycastle.asn1.x509.TBSCertificateStructure;
+-import org.bouncycastle.asn1.x509.X509CertificateStructure;
+ import org.bouncycastle.asn1.x509.X509Extensions;
+ import org.bouncycastle.asn1.x509.X509Extension;
+ import org.bouncycastle.asn1.x509.KeyUsage;
+@@ -149,7 +150,7 @@
+ throws IOException, GeneralSecurityException {
+
+ ASN1InputStream derin = new ASN1InputStream(certRequestInputStream);
+- DERObject reqInfo = derin.readObject();
++ ASN1Primitive reqInfo = derin.readObject();
+ PKCS10CertificationRequest certReq = new PKCS10CertificationRequest((ASN1Sequence) reqInfo);
+
+ boolean rs = certReq.verify();
+@@ -413,11 +414,11 @@
+ X509Extension ext;
+
+ // handle key usage ext
+- ext = extensions.getExtension(X509Extensions.KeyUsage);
++ ext = extensions.getExtension(X509Extension.keyUsage);
+ if (ext != null) {
+
+ // TBD: handle this better
+- if (extSet != null && (extSet.get(X509Extensions.KeyUsage.getId()) != null)) {
++ if (extSet != null && (extSet.get(X509Extension.keyUsage.getId()) != null)) {
+ String err = i18n.getMessage("keyUsageExt");
+ throw new GeneralSecurityException(err);
+ }
+@@ -437,7 +438,7 @@
+
+ bits = new DERBitString(bytes, bits.getPadBits());
+
+- certGen.addExtension(X509Extensions.KeyUsage, ext.isCritical(), bits);
++ certGen.addExtension(X509Extension.keyUsage, ext.isCritical(), bits);
+ }
+ }
+
+@@ -481,7 +482,7 @@
+ X509NameHelper issuer = new X509NameHelper(issuerDN);
+
+ X509NameHelper subject = new X509NameHelper(issuerDN);
+- subject.add(X509Name.CN, (cnValue == null) ? delegDN : cnValue);
++ subject.add(BCStyle.CN, (cnValue == null) ? delegDN : cnValue);
+
+ certGen.setSubjectDN(subject.getAsName());
+ certGen.setIssuerDN(issuer.getAsName());
+@@ -572,7 +573,7 @@
+ String cnValue) throws IOException, GeneralSecurityException {
+
+ ASN1InputStream derin = new ASN1InputStream(certRequestInputStream);
+- DERObject reqInfo = derin.readObject();
++ ASN1Primitive reqInfo = derin.readObject();
+ PKCS10CertificationRequest certReq = new PKCS10CertificationRequest((ASN1Sequence) reqInfo);
+
+ boolean rs = certReq.verify();
+@@ -831,11 +832,11 @@
+ X509Extension ext;
+
+ // handle key usage ext
+- ext = extensions.getExtension(X509Extensions.KeyUsage);
++ ext = extensions.getExtension(X509Extension.keyUsage);
+ if (ext != null) {
+
+ // TBD: handle this better
+- if (extSet != null && (extSet.get(X509Extensions.KeyUsage.getId()) != null)) {
++ if (extSet != null && (extSet.get(X509Extension.keyUsage.getId()) != null)) {
+ String err = i18n.getMessage("keyUsageExt");
+ throw new GeneralSecurityException(err);
+ }
+@@ -855,7 +856,7 @@
+
+ bits = new DERBitString(bytes, bits.getPadBits());
+
+- certGen.addExtension(X509Extensions.KeyUsage, ext.isCritical(), bits);
++ certGen.addExtension(X509Extension.keyUsage, ext.isCritical(), bits);
+ }
+ }
+
+@@ -897,7 +898,7 @@
+ }
+ X509NameHelper issuer = new X509NameHelper(issuerDN);
+ X509NameHelper subject = new X509NameHelper(issuerDN);
+- subject.add(X509Name.CN, (cnValue == null) ? delegDN : cnValue);
++ subject.add(BCStyle.CN, (cnValue == null) ? delegDN : cnValue);
+
+ certGen.setSubjectDN(subject.getAsName());
+ certGen.setIssuerDN(issuer.getAsName());
+@@ -936,9 +937,9 @@
+ */
+ public X509Certificate loadCertificate(InputStream in) throws IOException, GeneralSecurityException {
+ ASN1InputStream derin = new ASN1InputStream(in);
+- DERObject certInfo = derin.readObject();
++ ASN1Primitive certInfo = derin.readObject();
+ ASN1Sequence seq = ASN1Sequence.getInstance(certInfo);
+- return new X509CertificateObject(new X509CertificateStructure(seq));
++ return new X509CertificateObject(Certificate.getInstance(seq));
+ }
+
+ /**
+diff -ur JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleOpenSSLKey.java JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleOpenSSLKey.java
+--- JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleOpenSSLKey.java 2013-09-05 14:41:15.000000000 +0200
++++ JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleOpenSSLKey.java 2014-03-06 11:19:25.651556353 +0100
+@@ -28,8 +28,8 @@
+ import java.security.interfaces.RSAPrivateCrtKey;
+ import java.security.spec.PKCS8EncodedKeySpec;
+ import org.bouncycastle.asn1.ASN1InputStream;
++import org.bouncycastle.asn1.ASN1Primitive;
+ import org.bouncycastle.asn1.ASN1Sequence;
+-import org.bouncycastle.asn1.DERObject;
+ import org.bouncycastle.asn1.DERObjectIdentifier;
+ import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+ import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
+@@ -121,12 +121,12 @@
+ }
+ ByteArrayInputStream bis = new ByteArrayInputStream(data);
+ ASN1InputStream derin = new ASN1InputStream(bis);
+- DERObject keyInfo = derin.readObject();
++ ASN1Primitive keyInfo = derin.readObject();
+
+ DERObjectIdentifier rsaOid = PKCSObjectIdentifiers.rsaEncryption;
+ AlgorithmIdentifier rsa = new AlgorithmIdentifier(rsaOid);
+ PrivateKeyInfo pkeyinfo = new PrivateKeyInfo(rsa, keyInfo);
+- DERObject derkey = pkeyinfo.getDERObject();
++ ASN1Primitive derkey = pkeyinfo.toASN1Primitive();
+ byte[] keyData = BouncyCastleUtil.toByteArray(derkey);
+ // The DER object needs to be mangled to
+ // create a proper ProvateKeyInfo object
+@@ -150,10 +150,10 @@
+ && (format.equalsIgnoreCase("PKCS#8") || format
+ .equalsIgnoreCase("PKCS8"))) {
+ try {
+- DERObject keyInfo = BouncyCastleUtil.toDERObject(key
++ ASN1Primitive keyInfo = BouncyCastleUtil.toASN1Primitive(key
+ .getEncoded());
+ PrivateKeyInfo pkey = new PrivateKeyInfo((ASN1Sequence) keyInfo);
+- DERObject derKey = pkey.getPrivateKey();
++ ASN1Primitive derKey = pkey.getPrivateKey();
+ return BouncyCastleUtil.toByteArray(derKey);
+ } catch (IOException e) {
+ // that should never happen
+@@ -169,7 +169,7 @@
+ .getPrivateExponent(), pKey.getPrimeP(), pKey.getPrimeQ(),
+ pKey.getPrimeExponentP(), pKey.getPrimeExponentQ(), pKey
+ .getCrtCoefficient());
+- DERObject ob = st.getDERObject();
++ ASN1Primitive ob = st.toASN1Primitive();
+
+ try {
+ return BouncyCastleUtil.toByteArray(ob);
+diff -ur JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleUtil.java JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleUtil.java
+--- JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleUtil.java 2013-09-05 14:41:15.000000000 +0200
++++ JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleUtil.java 2014-03-06 11:19:25.651556353 +0100
+@@ -30,16 +30,15 @@
+
+ import org.bouncycastle.asn1.ASN1InputStream;
+ import org.bouncycastle.asn1.ASN1OctetString;
++import org.bouncycastle.asn1.ASN1Primitive;
+ import org.bouncycastle.asn1.ASN1Sequence;
+ import org.bouncycastle.asn1.ASN1Set;
++import org.bouncycastle.asn1.ASN1String;
+ import org.bouncycastle.asn1.DERBitString;
+-import org.bouncycastle.asn1.DERBoolean;
+-import org.bouncycastle.asn1.DEREncodable;
+-import org.bouncycastle.asn1.DERInteger;
+-import org.bouncycastle.asn1.DERObject;
+ import org.bouncycastle.asn1.DERObjectIdentifier;
+ import org.bouncycastle.asn1.DEROutputStream;
+-import org.bouncycastle.asn1.DERString;
++import org.bouncycastle.asn1.x500.X500Name;
++import org.bouncycastle.asn1.x500.style.BCStyle;
+ import org.bouncycastle.asn1.x509.BasicConstraints;
+ import org.bouncycastle.asn1.x509.TBSCertificateStructure;
+ import org.bouncycastle.asn1.x509.X509Extension;
+@@ -76,7 +75,7 @@
+ * @return the DER-encoded byte array
+ * @exception IOException if conversion fails
+ */
+- public static byte[] toByteArray(DERObject obj)
++ public static byte[] toByteArray(ASN1Primitive obj)
+ throws IOException {
+ ByteArrayOutputStream bout = new ByteArrayOutputStream();
+ DEROutputStream der = new DEROutputStream(bout);
+@@ -92,7 +91,7 @@
+ * @return the DERObject.
+ * @exception IOException if conversion fails
+ */
+- public static DERObject toDERObject(byte[] data)
++ public static ASN1Primitive toASN1Primitive(byte[] data)
+ throws IOException {
+ ByteArrayInputStream inStream = new ByteArrayInputStream(data);
+ ASN1InputStream derInputStream = new ASN1InputStream(inStream);
+@@ -108,9 +107,9 @@
+ * @return a copy of the DERObject.
+ * @exception IOException if replication fails
+ */
+- public static DERObject duplicate(DERObject obj)
++ public static ASN1Primitive duplicate(ASN1Primitive obj)
+ throws IOException {
+- return toDERObject(toByteArray(obj));
++ return toASN1Primitive(toByteArray(obj));
+ }
+
+ /**
+@@ -123,7 +122,7 @@
+ */
+ public static TBSCertificateStructure getTBSCertificateStructure(X509Certificate cert)
+ throws CertificateEncodingException, IOException {
+- DERObject obj = BouncyCastleUtil.toDERObject(cert.getTBSCertificate());
++ ASN1Primitive obj = BouncyCastleUtil.toASN1Primitive(cert.getTBSCertificate());
+ return TBSCertificateStructure.getInstance(obj);
+ }
+
+@@ -133,9 +132,9 @@
+ * @param ext the certificate extension to extract the value from.
+ * @exception IOException if extraction fails.
+ */
+- public static DERObject getExtensionObject(X509Extension ext)
++ public static ASN1Primitive getExtensionObject(X509Extension ext)
+ throws IOException {
+- return toDERObject(ext.getValue().getOctets());
++ return toASN1Primitive(ext.getValue().getOctets());
+ }
+
+ /**
+@@ -295,9 +294,9 @@
+ X509Extension ext = null;
+
+ if (extensions != null) {
+- ext = extensions.getExtension(X509Extensions.BasicConstraints);
++ ext = extensions.getExtension(X509Extension.basicConstraints);
+ if (ext != null) {
+- BasicConstraints basicExt = getBasicConstraints(ext);
++ BasicConstraints basicExt = BasicConstraints.getInstance(ext);
+ if (basicExt.isCA()) {
+ return GSIConstants.CertificateType.CA;
+ }
+@@ -307,12 +306,12 @@
+ GSIConstants.CertificateType type = GSIConstants.CertificateType.EEC;
+
+ // does not handle multiple AVAs
+- X509Name subject = crt.getSubject();
++ X500Name subject = crt.getSubject();
+
+ ASN1Set entry = X509NameHelper.getLastNameEntry(subject);
+ ASN1Sequence ava = (ASN1Sequence)entry.getObjectAt(0);
+- if (X509Name.CN.equals(ava.getObjectAt(0))) {
+- String value = ((DERString)ava.getObjectAt(1)).getString();
++ if (BCStyle.CN.equals(ava.getObjectAt(0))) {
++ String value = ((ASN1String)ava.getObjectAt(1)).getString();
+ if (value.equalsIgnoreCase("proxy")) {
+ type = GSIConstants.CertificateType.GSI_2_PROXY;
+ } else if (value.equalsIgnoreCase("limited proxy")) {
+@@ -370,7 +369,7 @@
+ X509NameHelper iss = new X509NameHelper(crt.getIssuer());
+ iss.add((ASN1Set)BouncyCastleUtil.duplicate(entry));
+ X509Name issuer = iss.getAsName();
+- if (!issuer.equals(subject)) {
++ if (!issuer.equals(X509Name.getInstance(subject))) {
+ String err = i18n.getMessage("proxyDNErr");
+ throw new CertificateException(err);
+ }
+@@ -404,36 +403,6 @@
+ }
+
+ /**
+- * Creates a <code>BasicConstraints</code> object from given
+- * extension.
+- *
+- * @param ext the extension.
+- * @return the <code>BasicConstraints</code> object.
+- * @exception IOException if something fails.
+- */
+- public static BasicConstraints getBasicConstraints(X509Extension ext)
+- throws IOException {
+- DERObject obj = BouncyCastleUtil.getExtensionObject(ext);
+- if (obj instanceof ASN1Sequence) {
+- ASN1Sequence seq = (ASN1Sequence)obj;
+- int size = seq.size();
+- if (size == 0) {
+- return new BasicConstraints(false);
+- } else if (size == 1) {
+- DEREncodable value = seq.getObjectAt(0);
+- if (value instanceof DERInteger) {
+- int length = ((DERInteger)value).getValue().intValue();
+- return new BasicConstraints(false, length);
+- } else if (value instanceof DERBoolean) {
+- boolean ca = ((DERBoolean)value).isTrue();
+- return new BasicConstraints(ca);
+- }
+- }
+- }
+- return BasicConstraints.getInstance(obj);
+- }
+-
+- /**
+ * Creates a <code>ProxyCertInfo</code> object from given
+ * extension.
+ *
+@@ -531,7 +500,7 @@
+ throws IOException {
+ ByteArrayInputStream inStream = new ByteArrayInputStream(certExtValue);
+ ASN1InputStream derInputStream = new ASN1InputStream(inStream);
+- DERObject object = derInputStream.readObject();
++ ASN1Primitive object = derInputStream.readObject();
+ if (object instanceof ASN1OctetString) {
+ return ((ASN1OctetString)object).getOctets();
+ } else {
+diff -ur JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleX509Extension.java JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleX509Extension.java
+--- JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleX509Extension.java 2013-09-05 14:41:15.000000000 +0200
++++ JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleX509Extension.java 2014-03-06 11:19:25.652556341 +0100
+@@ -16,7 +16,7 @@
+
+ import java.io.IOException;
+
+-import org.bouncycastle.asn1.DEREncodable;
++import org.bouncycastle.asn1.ASN1Encodable;
+
+ import org.globus.gsi.X509Extension;
+
+@@ -36,22 +36,22 @@
+ this(oid, false, null);
+ }
+
+- public BouncyCastleX509Extension(String oid, DEREncodable value) {
++ public BouncyCastleX509Extension(String oid, ASN1Encodable value) {
+ this(oid, false, value);
+ }
+
+ public BouncyCastleX509Extension(String oid, boolean critical,
+- DEREncodable value) {
++ ASN1Encodable value) {
+ super(oid, critical, null);
+ setValue(value);
+ }
+
+- protected void setValue(DEREncodable value) {
++ protected void setValue(ASN1Encodable value) {
+ if (value == null) {
+ return;
+ }
+ try {
+- setValue(BouncyCastleUtil.toByteArray(value.getDERObject()));
++ setValue(BouncyCastleUtil.toByteArray(value.toASN1Primitive()));
+ } catch (IOException e) {
+ throw new RuntimeException(i18n.getMessage("byteArrayErr") +
+ e.getMessage());
+diff -ur JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/X509NameHelper.java JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/X509NameHelper.java
+--- JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/X509NameHelper.java 2013-09-05 14:41:15.000000000 +0200
++++ JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/X509NameHelper.java 2014-03-06 11:19:25.652556341 +0100
+@@ -21,11 +21,13 @@
+ import org.bouncycastle.asn1.ASN1EncodableVector;
+ import org.bouncycastle.asn1.ASN1Sequence;
+ import org.bouncycastle.asn1.ASN1Set;
++import org.bouncycastle.asn1.ASN1String;
+ import org.bouncycastle.asn1.DERObjectIdentifier;
+ import org.bouncycastle.asn1.DERPrintableString;
+ import org.bouncycastle.asn1.DERSequence;
+ import org.bouncycastle.asn1.DERSet;
+-import org.bouncycastle.asn1.DERString;
++import org.bouncycastle.asn1.x500.RDN;
++import org.bouncycastle.asn1.x500.X500Name;
+ import org.bouncycastle.asn1.x509.X509Name;
+
+ /**
+@@ -45,6 +47,21 @@
+ }
+
+ /**
++ * Creates an instance using existing {@link X500Name X500Name}
++ * object.
++ * This behaves like a copy constructor.
++ *
++ * @param name existing <code>X500Name</code>
++ */
++ public X509NameHelper(X500Name name) {
++ try {
++ this.seq = (ASN1Sequence)BouncyCastleUtil.duplicate(name.toASN1Primitive());
++ } catch (IOException e) {
++ throw new RuntimeException(e.getMessage());
++ }
++ }
++
++ /**
+ * Creates an instance using existing {@link X509Name X509Name}
+ * object.
+ * This behaves like a copy constructor.
+@@ -53,7 +70,7 @@
+ */
+ public X509NameHelper(X509Name name) {
+ try {
+- this.seq = (ASN1Sequence)BouncyCastleUtil.duplicate(name.getDERObject());
++ this.seq = (ASN1Sequence)BouncyCastleUtil.duplicate(name.toASN1Primitive());
+ } catch (IOException e) {
+ throw new RuntimeException(e.getMessage());
+ }
+@@ -72,8 +89,8 @@
+ * Appends the specified OID and value pair name component to the end of the
+ * current name.
+ *
+- * @param oid the name component oid, e.g. {@link X509Name#CN
+- * X509Name.CN}
++ * @param oid the name component oid, e.g. {@link org.bouncycastle.asn1.x500.style.BCStyle#CN
++ * BCStyle.CN}
+ * @param value the value (e.g. "proxy")
+ */
+ public void add(
+@@ -125,10 +142,10 @@
+ *
+ * @return the last name component. Null if there is none.
+ */
+- public static ASN1Set getLastNameEntry(X509Name name) {
+- ASN1Sequence seq = (ASN1Sequence) name.getDERObject();
+- int size = seq.size();
+- return (size > 0) ? (ASN1Set) seq.getObjectAt(size - 1) : null;
++ public static ASN1Set getLastNameEntry(X500Name name) {
++ RDN[] rdns = name.getRDNs();
++ int size = rdns.length;
++ return (size > 0) ? (ASN1Set) rdns[size - 1].toASN1Primitive() : null;
+ }
+
+ /**
+@@ -142,7 +159,7 @@
+ if (name == null) {
+ return null;
+ }
+- return toString((ASN1Sequence)name.getDERObject());
++ return toString((ASN1Sequence)name.toASN1Primitive());
+ }
+
+ private static String toString(ASN1Sequence seq) {
+@@ -159,14 +176,14 @@
+ while (ee.hasMoreElements()) {
+ ASN1Sequence s = (ASN1Sequence)ee.nextElement();
+ DERObjectIdentifier oid = (DERObjectIdentifier)s.getObjectAt(0);
+- String sym = (String)X509Name.OIDLookUp.get(oid);
++ String sym = (String)X509Name.DefaultSymbols.get(oid);
+ if (sym == null) {
+ buf.append(oid.getId());
+ } else {
+ buf.append(sym);
+ }
+ buf.append('=');
+- buf.append(((DERString)s.getObjectAt(1)).getString());
++ buf.append(((ASN1String)s.getObjectAt(1)).getString());
+ if (ee.hasMoreElements()) {
+ buf.append('+');
+ }
+diff -ur JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/proxy/ext/ProxyCertInfo.java JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/proxy/ext/ProxyCertInfo.java
+--- JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/proxy/ext/ProxyCertInfo.java 2013-09-05 14:41:15.000000000 +0200
++++ JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/proxy/ext/ProxyCertInfo.java 2014-03-06 11:19:25.652556341 +0100
+@@ -20,11 +20,11 @@
+
+ import java.io.IOException;
+
++import org.bouncycastle.asn1.ASN1Encodable;
+ import org.bouncycastle.asn1.ASN1EncodableVector;
++import org.bouncycastle.asn1.ASN1Primitive;
+ import org.bouncycastle.asn1.ASN1Sequence;
+-import org.bouncycastle.asn1.DEREncodable;
+ import org.bouncycastle.asn1.DERInteger;
+-import org.bouncycastle.asn1.DERObject;
+ import org.bouncycastle.asn1.DERSequence;
+
+ /**
+@@ -34,7 +34,7 @@
+ * ProxyCertInfo ::= SEQUENCE { pCPathLenConstraint INTEGER (0..MAX) OPTIONAL, proxyPolicy ProxyPolicy }
+ * </PRE>
+ */
+-public class ProxyCertInfo implements DEREncodable {
++public class ProxyCertInfo implements ASN1Encodable {
+
+ /** ProxyCertInfo extension OID */
+ public static final DERObjectIdentifier OID
+@@ -111,9 +111,9 @@
+ } else if (obj instanceof ASN1Sequence) {
+ return new ProxyCertInfo((ASN1Sequence) obj);
+ } else if (obj instanceof byte[]) {
+- DERObject derObj;
++ ASN1Primitive derObj;
+ try {
+- derObj = CertificateUtil.toDERObject((byte[]) obj);
++ derObj = CertificateUtil.toASN1Primitive((byte[]) obj);
+ } catch (IOException e) {
+ throw new IllegalArgumentException(e.getMessage(), e);
+ }
+@@ -129,14 +129,14 @@
+ *
+ * @return <code>DERObject</code> the encoded representation of the extension.
+ */
+- public DERObject getDERObject() {
++ public ASN1Primitive toASN1Primitive() {
+ ASN1EncodableVector vec = new ASN1EncodableVector();
+
+ if (this.pathLenConstraint != null) {
+ vec.add(this.pathLenConstraint);
+ }
+
+- vec.add(this.proxyPolicy.getDERObject());
++ vec.add(this.proxyPolicy.toASN1Primitive());
+
+ return new DERSequence(vec);
+ }
+diff -ur JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/proxy/ext/ProxyPolicy.java JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/proxy/ext/ProxyPolicy.java
+--- JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/proxy/ext/ProxyPolicy.java 2013-09-05 14:41:15.000000000 +0200
++++ JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/proxy/ext/ProxyPolicy.java 2014-03-06 11:19:25.652556341 +0100
+@@ -14,10 +14,10 @@
+ */
+ package org.globus.gsi.proxy.ext;
+
++import org.bouncycastle.asn1.ASN1Encodable;
+ import org.bouncycastle.asn1.ASN1EncodableVector;
++import org.bouncycastle.asn1.ASN1Primitive;
+ import org.bouncycastle.asn1.ASN1Sequence;
+-import org.bouncycastle.asn1.DEREncodable;
+-import org.bouncycastle.asn1.DERObject;
+ import org.bouncycastle.asn1.DERObjectIdentifier;
+ import org.bouncycastle.asn1.DEROctetString;
+ import org.bouncycastle.asn1.DERSequence;
+@@ -27,7 +27,7 @@
+ * Represents the policy part of the ProxyCertInfo extension. <BR> <PRE>
+ * ProxyPolicy ::= SEQUENCE { policyLanguage OBJECT IDENTIFIER, policy OCTET STRING OPTIONAL } </PRE>
+ */
+-public class ProxyPolicy implements DEREncodable {
++public class ProxyPolicy implements ASN1Encodable {
+
+ /**
+ * Impersonation proxy OID
+@@ -58,7 +58,7 @@
+ }
+ this.policyLanguage = (DERObjectIdentifier) seq.getObjectAt(0);
+ if (seq.size() > 1) {
+- DEREncodable obj = seq.getObjectAt(1);
++ ASN1Encodable obj = seq.getObjectAt(1);
+ if (obj instanceof DERTaggedObject) {
+ obj = ((DERTaggedObject) obj).getObject();
+ }
+@@ -133,7 +133,7 @@
+ * @return <code>DERObject</code> the encoded representation of the proxy
+ * policy.
+ */
+- public DERObject getDERObject() {
++ public ASN1Primitive toASN1Primitive() {
+
+ ASN1EncodableVector vec = new ASN1EncodableVector();
+
+diff -ur JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/trustmanager/X509ProxyCertPathValidator.java JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/trustmanager/X509ProxyCertPathValidator.java
+--- JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/trustmanager/X509ProxyCertPathValidator.java 2013-09-05 14:41:15.000000000 +0200
++++ JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/trustmanager/X509ProxyCertPathValidator.java 2014-03-06 11:19:25.653556329 +0100
+@@ -484,12 +484,12 @@
+ while (e.hasMoreElements()) {
+ oid = (DERObjectIdentifier) e.nextElement();
+ proxyExtension = extensions.getExtension(oid);
+- if (oid.equals(X509Extensions.SubjectAlternativeName)
+- || oid.equals(X509Extensions.IssuerAlternativeName)) {
++ if (oid.equals(X509Extension.subjectAlternativeName)
++ || oid.equals(X509Extension.issuerAlternativeName)) {
+ // No Alt name extensions - 3.2 & 3.5
+ throw new CertPathValidatorException(
+ "Proxy violation: no Subject or Issuer Alternative Name");
+- } else if (oid.equals(X509Extensions.BasicConstraints)) {
++ } else if (oid.equals(X509Extension.basicConstraints)) {
+ // Basic Constraint must not be true - 3.8
+ BasicConstraints basicExt =
+ CertificateUtil.getBasicConstraints(proxyExtension);
+@@ -497,7 +497,7 @@
+ throw new CertPathValidatorException(
+ "Proxy violation: Basic Constraint CA is set to true");
+ }
+- } else if (oid.equals(X509Extensions.KeyUsage)) {
++ } else if (oid.equals(X509Extension.keyUsage)) {
+ proxyKeyUsage = proxyExtension;
+
+ checkKeyUsage(issuer, proxyExtension);
+@@ -528,7 +528,7 @@
+ }
+
+ private void checkExtension(DERObjectIdentifier oid, X509Extension proxyExtension, X509Extension proxyKeyUsage) throws CertPathValidatorException {
+- if (oid.equals(X509Extensions.KeyUsage)) {
++ if (oid.equals(X509Extension.keyUsage)) {
+ // If issuer has it then proxy must have it also
+ if (proxyKeyUsage == null) {
+ throw new CertPathValidatorException(
+diff -ur JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/util/CertificateIOUtil.java JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/util/CertificateIOUtil.java
+--- JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/util/CertificateIOUtil.java 2013-09-05 14:41:15.000000000 +0200
++++ JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/util/CertificateIOUtil.java 2014-03-06 11:19:25.653556329 +0100
+@@ -95,7 +95,7 @@
+ ByteArrayOutputStream bout = new ByteArrayOutputStream();
+ DEROutputStream der = new DEROutputStream(bout);
+ X509Name nm = (X509Name) subject;
+- der.writeObject(nm.getDERObject());
++ der.writeObject(nm.toASN1Primitive());
+ return bout.toByteArray();
+ } else {
+ throw new ClassCastException("unsupported input class: "
+diff -ur JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/util/CertificateUtil.java JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/util/CertificateUtil.java
+--- JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/util/CertificateUtil.java 2013-09-05 14:41:15.000000000 +0200
++++ JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/util/CertificateUtil.java 2014-03-06 11:19:25.653556329 +0100
+@@ -59,12 +59,14 @@
+
+ import org.bouncycastle.asn1.ASN1InputStream;
+ import org.bouncycastle.asn1.ASN1Object;
++import org.bouncycastle.asn1.ASN1Primitive;
+ import org.bouncycastle.asn1.ASN1Sequence;
+ import org.bouncycastle.asn1.ASN1Set;
++import org.bouncycastle.asn1.ASN1String;
+ import org.bouncycastle.asn1.DERBitString;
+-import org.bouncycastle.asn1.DERObject;
+ import org.bouncycastle.asn1.DERObjectIdentifier;
+-import org.bouncycastle.asn1.DERString;
++import org.bouncycastle.asn1.x500.X500Name;
++import org.bouncycastle.asn1.x500.style.BCStyle;
+ import org.bouncycastle.asn1.x509.BasicConstraints;
+ import org.bouncycastle.asn1.x509.TBSCertificateStructure;
+ import org.bouncycastle.asn1.x509.X509Extension;
+@@ -216,7 +218,7 @@
+ return -1;
+ }
+ X509Extension proxyExtension =
+- extensions.getExtension(X509Extensions.BasicConstraints);
++ extensions.getExtension(X509Extension.basicConstraints);
+ if (proxyExtension != null) {
+ BasicConstraints basicExt =
+ getBasicConstraints(proxyExtension);
+@@ -310,7 +312,7 @@
+ X509Extension ext = null;
+
+ if (extensions != null) {
+- ext = extensions.getExtension(X509Extensions.BasicConstraints);
++ ext = extensions.getExtension(X509Extension.basicConstraints);
+ if (ext != null) {
+ BasicConstraints basicExt = getBasicConstraints(ext);
+ if (basicExt.isCA()) {
+@@ -322,11 +324,11 @@
+ GSIConstants.CertificateType type = GSIConstants.CertificateType.EEC;
+
+ // does not handle multiple AVAs
+- X509Name subject = crt.getSubject();
++ X500Name subject = crt.getSubject();
+
+ ASN1Set entry = X509NameHelper.getLastNameEntry(subject);
+ ASN1Sequence ava = (ASN1Sequence) entry.getObjectAt(0);
+- if (X509Name.CN.equals(ava.getObjectAt(0))) {
++ if (BCStyle.CN.equals(ava.getObjectAt(0))) {
+ type = processCN(extensions, type, ava);
+ }
+
+@@ -336,7 +338,7 @@
+ private static GSIConstants.CertificateType processCN(
+ X509Extensions extensions, GSIConstants.CertificateType type, ASN1Sequence ava) throws CertificateException {
+ X509Extension ext;
+- String value = ((DERString) ava.getObjectAt(1)).getString();
++ String value = ((ASN1String) ava.getObjectAt(1)).getString();
+ GSIConstants.CertificateType certType = type;
+ if (value.equalsIgnoreCase("proxy")) {
+ certType = GSIConstants.CertificateType.GSI_2_PROXY;
+@@ -431,7 +433,7 @@
+ * @return the DERObject.
+ * @throws IOException if conversion fails
+ */
+- public static DERObject toDERObject(byte[] data)
++ public static ASN1Primitive toASN1Primitive(byte[] data)
+ throws IOException {
+ ByteArrayInputStream inStream = new ByteArrayInputStream(data);
+ ASN1InputStream derInputStream = new ASN1InputStream(inStream);
+@@ -450,7 +452,7 @@
+ public static TBSCertificateStructure getTBSCertificateStructure(
+ X509Certificate cert)
+ throws CertificateEncodingException, IOException {
+- DERObject obj = toDERObject(cert.getTBSCertificate());
++ ASN1Primitive obj = toASN1Primitive(cert.getTBSCertificate());
+ return TBSCertificateStructure.getInstance(obj);
+ }
+
+@@ -461,7 +463,7 @@
+ return new boolean[0];
+ }
+ X509Extension extension =
+- extensions.getExtension(X509Extensions.KeyUsage);
++ extensions.getExtension(X509Extension.keyUsage);
+ return (extension != null) ? getKeyUsage(extension) : new boolean[0];
+ }
+
+@@ -494,9 +496,9 @@
+ * @param ext the certificate extension to extract the value from.
+ * @throws IOException if extraction fails.
+ */
+- public static DERObject getExtensionObject(X509Extension ext)
++ public static ASN1Primitive getExtensionObject(X509Extension ext)
+ throws IOException {
+- return toDERObject(ext.getValue().getOctets());
++ return toASN1Primitive(ext.getValue().getOctets());
+ }
+
+ /**
+diff -ur JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/test/java/org/globus/gsi/bc/BouncyCastleCertProcessingFactoryTest.java JGlobus-JGlobus-2.0.6/ssl-proxies/src/test/java/org/globus/gsi/bc/BouncyCastleCertProcessingFactoryTest.java
+--- JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/test/java/org/globus/gsi/bc/BouncyCastleCertProcessingFactoryTest.java 2013-09-05 14:41:15.000000000 +0200
++++ JGlobus-JGlobus-2.0.6/ssl-proxies/src/test/java/org/globus/gsi/bc/BouncyCastleCertProcessingFactoryTest.java 2014-03-06 11:19:25.653556329 +0100
+@@ -26,6 +26,11 @@
+ import org.globus.gsi.proxy.ext.ProxyCertInfo;
+ import org.globus.gsi.proxy.ext.ProxyCertInfoExtension;
+
++import org.bouncycastle.asn1.ASN1Boolean;
++import org.bouncycastle.asn1.ASN1Encodable;
++import org.bouncycastle.asn1.ASN1Integer;
++import org.bouncycastle.asn1.DERBoolean;
++import org.bouncycastle.asn1.DERSequence;
+ import org.bouncycastle.asn1.x509.BasicConstraints;
+ import org.bouncycastle.asn1.x509.X509Extensions;
+
+@@ -88,9 +93,10 @@
+ X509ExtensionSet extSet = new X509ExtensionSet();
+ ext = new X509Extension(oid, critical, expectedValue.getBytes());
+ extSet.add(ext);
+-
+- BasicConstraints constraints = new BasicConstraints(false, 15);
+- ext = new BouncyCastleX509Extension(X509Extensions.BasicConstraints.getId(),
++
++ DERSequence seq = new DERSequence(new ASN1Encodable[] { DERBoolean.FALSE, new ASN1Integer(15) });
++ BasicConstraints constraints = BasicConstraints.getInstance(seq);
++ ext = new BouncyCastleX509Extension(org.bouncycastle.asn1.x509.X509Extension.basicConstraints.getId(),
+ false, constraints);
+ extSet.add(ext);
+
+diff -ur JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/test/java/org/globus/gsi/proxy/ext/ProxyCertInfoTest.java JGlobus-JGlobus-2.0.6/ssl-proxies/src/test/java/org/globus/gsi/proxy/ext/ProxyCertInfoTest.java
+--- JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/test/java/org/globus/gsi/proxy/ext/ProxyCertInfoTest.java 2013-09-05 14:41:15.000000000 +0200
++++ JGlobus-JGlobus-2.0.6/ssl-proxies/src/test/java/org/globus/gsi/proxy/ext/ProxyCertInfoTest.java 2014-03-06 11:19:25.654556317 +0100
+@@ -24,7 +24,7 @@
+
+ import org.bouncycastle.asn1.DERObjectIdentifier;
+ import org.bouncycastle.asn1.DEROutputStream;
+-import org.bouncycastle.asn1.DERObject;
++import org.bouncycastle.asn1.ASN1Primitive;
+ import org.bouncycastle.asn1.ASN1Sequence;
+
+ import junit.framework.TestCase;
+@@ -63,7 +63,7 @@
+ ByteArrayInputStream bIn =
+ new ByteArrayInputStream(bOut.toByteArray());
+ ASN1InputStream dIn = new ASN1InputStream(bIn);
+- DERObject obj = dIn.readObject();
++ ASN1Primitive obj = dIn.readObject();
+
+ assertTrue(obj instanceof ASN1Sequence);
+
+@@ -112,7 +112,7 @@
+ ByteArrayInputStream bIn =
+ new ByteArrayInputStream(bOut.toByteArray());
+ ASN1InputStream dIn = new ASN1InputStream(bIn);
+- DERObject obj = dIn.readObject();
++ ASN1Primitive obj = dIn.readObject();
+
+ ProxyCertInfo testInfo = new ProxyCertInfo((ASN1Sequence)obj);
+
diff --git a/jglobus.spec b/jglobus.spec
index 0ddd622..ba4a927 100644
--- a/jglobus.spec
+++ b/jglobus.spec
@@ -1,6 +1,6 @@
Name: jglobus
Version: 2.0.6
-Release: 3%{?dist}
+Release: 4%{?dist}
Summary: Globus Java client libraries
# Everything is Apache 2.0 except for one file that is MIT:
@@ -19,6 +19,8 @@ Patch5: jglobus-dont-hide-super.patch
Patch6: jglobus-doc.patch
# Name parent parent
Patch7: jglobus-parent.patch
+# Porting to bouncycastle 1.47+
+Patch8: jglobus-bc147.patch
BuildArch: noarch
@@ -41,7 +43,11 @@ BuildRequires: mvn(org.apache.maven.plugins:maven-source-plugin)
BuildRequires: mvn(org.apache.maven.plugins:maven-surefire-plugin)
BuildRequires: mvn(org.apache.tomcat:tomcat-catalina)
BuildRequires: mvn(org.apache.tomcat:tomcat-coyote)
+%if %{?fedora}%{!?fedora:0} >= 21 || %{?rhel}%{!?rhel:0} >= 7
+BuildRequires: mvn(org.bouncycastle:bcprov-jdk15on)
+%else
BuildRequires: mvn(org.bouncycastle:bcprov-jdk16)
+%endif
BuildRequires: mvn(org.sonatype.oss:oss-parent)
%description
@@ -144,6 +150,9 @@ This package contains the API documentation for %{name}.
%patch5 -p1
%patch6 -p1
%patch7 -p1
+%if %{?fedora}%{!?fedora:0} >= 21 || %{?rhel}%{!?rhel:0} >= 7
+%patch8 -p1
+%endif
dos2unix axis/src/main/java/org/globus/axis/example/README.txt
chmod 644 axis/src/main/java/org/globus/axis/example/README.txt
@@ -231,6 +240,9 @@ mv myproxy/src/test/java/org/globus/myproxy/test/test.properties \
%files javadoc -f .mfiles-javadoc
%changelog
+* Thu Mar 06 2014 Mattias Ellert <mattias.ellert at fysast.uu.se> - 2.0.6-4
+- Apply patch for bouncycastle 1.47+ for Fedora 21+ and EPEL 7+
+
* Wed Sep 11 2013 Mattias Ellert <mattias.ellert at fysast.uu.se> - 2.0.6-3
- Use xmvn instead of mvn-rpmbuild
More information about the scm-commits
mailing list