[jglobus] Apply patch for bouncycastle 1.47+ for Fedora 21+ and EPEL 7+

Thu Mar 6 10:37:19 UTC 2014

commit d30c0690d0e0c19d1c23d49d8f4ac181d5f92ada
Author: Mattias Ellert <mattias.ellert at fysast.uu.se>
Date:   Thu Mar 6 11:37:02 2014 +0100

    Apply patch for bouncycastle 1.47+ for Fedora 21+ and EPEL 7+

 jglobus-bc147.patch |  801 +++++++++++++++++++++++++++++++++++++++++++++++++++
 jglobus.spec        |   14 +-
 2 files changed, 814 insertions(+), 1 deletions(-)
---

diff --git a/jglobus-bc147.patch b/jglobus-bc147.patch
new file mode 100644
index 0000000..dbc2a7b
--- /dev/null
+++ b/jglobus-bc147.patch
@@ -0,0 +1,801 @@
+diff -ur JGlobus-JGlobus-2.0.6.orig/pom.xml JGlobus-JGlobus-2.0.6/pom.xml
+--- JGlobus-JGlobus-2.0.6.orig/pom.xml	2013-09-05 14:41:15.000000000 +0200
++++ JGlobus-JGlobus-2.0.6/pom.xml	2014-03-06 11:18:47.559012666 +0100
+@@ -215,8 +215,8 @@
+ 			</dependency>
+ 			<dependency>
+ 				<groupId>org.bouncycastle</groupId>
+-				<artifactId>bcprov-jdk16</artifactId>
+-				<version>1.45</version>
++				<artifactId>bcprov-jdk15on</artifactId>
++				<version>1.47</version>
+ 			</dependency>
+ 			<dependency>
+ 				<groupId>commons-io</groupId>
+diff -ur JGlobus-JGlobus-2.0.6.orig/ssl-proxies/pom.xml JGlobus-JGlobus-2.0.6/ssl-proxies/pom.xml
+--- JGlobus-JGlobus-2.0.6.orig/ssl-proxies/pom.xml	2013-09-05 14:41:15.000000000 +0200
++++ JGlobus-JGlobus-2.0.6/ssl-proxies/pom.xml	2014-03-06 11:18:47.773010102 +0100
+@@ -41,7 +41,7 @@
+ 		</dependency>
+ 		<dependency>
+ 			<groupId>org.bouncycastle</groupId>
+-			<artifactId>bcprov-jdk16</artifactId>
++			<artifactId>bcprov-jdk15on</artifactId>
+ 		</dependency>
+ 		<dependency>
+ 			<groupId>commons-io</groupId>
+diff -ur JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleCertProcessingFactory.java JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleCertProcessingFactory.java
+--- JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleCertProcessingFactory.java	2013-09-05 14:41:15.000000000 +0200
++++ JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleCertProcessingFactory.java	2014-03-06 11:19:25.651556353 +0100
+@@ -14,6 +14,7 @@
+  */
+ package org.globus.gsi.bc;
+ 
++import org.bouncycastle.asn1.x500.style.BCStyle;
+ import org.globus.gsi.util.CertificateLoadUtil;
+ import org.globus.gsi.util.ProxyCertificateUtil;
+ 
+@@ -48,13 +49,13 @@
+ import org.bouncycastle.jce.PKCS10CertificationRequest;
+ import org.bouncycastle.jce.provider.X509CertificateObject;
+ import org.bouncycastle.asn1.DERSet;
+-import org.bouncycastle.asn1.DERObject;
+ import org.bouncycastle.asn1.DERBitString;
+ import org.bouncycastle.asn1.x509.X509Name;
++import org.bouncycastle.asn1.ASN1Primitive;
+ import org.bouncycastle.asn1.ASN1InputStream;
+ import org.bouncycastle.asn1.ASN1Sequence;
++import org.bouncycastle.asn1.x509.Certificate;
+ import org.bouncycastle.asn1.x509.TBSCertificateStructure;
+-import org.bouncycastle.asn1.x509.X509CertificateStructure;
+ import org.bouncycastle.asn1.x509.X509Extensions;
+ import org.bouncycastle.asn1.x509.X509Extension;
+ import org.bouncycastle.asn1.x509.KeyUsage;
+@@ -149,7 +150,7 @@
+         throws IOException, GeneralSecurityException {
+ 
+         ASN1InputStream derin = new ASN1InputStream(certRequestInputStream);
+-        DERObject reqInfo = derin.readObject();
++        ASN1Primitive reqInfo = derin.readObject();
+         PKCS10CertificationRequest certReq = new PKCS10CertificationRequest((ASN1Sequence) reqInfo);
+ 
+         boolean rs = certReq.verify();
+@@ -413,11 +414,11 @@
+                     X509Extension ext;
+ 
+                     // handle key usage ext
+-                    ext = extensions.getExtension(X509Extensions.KeyUsage);
++                    ext = extensions.getExtension(X509Extension.keyUsage);
+                     if (ext != null) {
+ 
+                         // TBD: handle this better
+-                        if (extSet != null && (extSet.get(X509Extensions.KeyUsage.getId()) != null)) {
++                        if (extSet != null && (extSet.get(X509Extension.keyUsage.getId()) != null)) {
+                             String err = i18n.getMessage("keyUsageExt");
+                             throw new GeneralSecurityException(err);
+                         }
+@@ -437,7 +438,7 @@
+ 
+                         bits = new DERBitString(bytes, bits.getPadBits());
+ 
+-                        certGen.addExtension(X509Extensions.KeyUsage, ext.isCritical(), bits);
++                        certGen.addExtension(X509Extension.keyUsage, ext.isCritical(), bits);
+                     }
+                 }
+ 
+@@ -481,7 +482,7 @@
+         X509NameHelper issuer = new X509NameHelper(issuerDN);
+ 
+         X509NameHelper subject = new X509NameHelper(issuerDN);
+-        subject.add(X509Name.CN, (cnValue == null) ? delegDN : cnValue);
++        subject.add(BCStyle.CN, (cnValue == null) ? delegDN : cnValue);
+ 
+         certGen.setSubjectDN(subject.getAsName());
+         certGen.setIssuerDN(issuer.getAsName());
+@@ -572,7 +573,7 @@
+         String cnValue) throws IOException, GeneralSecurityException {
+ 
+         ASN1InputStream derin = new ASN1InputStream(certRequestInputStream);
+-        DERObject reqInfo = derin.readObject();
++        ASN1Primitive reqInfo = derin.readObject();
+         PKCS10CertificationRequest certReq = new PKCS10CertificationRequest((ASN1Sequence) reqInfo);
+ 
+         boolean rs = certReq.verify();
+@@ -831,11 +832,11 @@
+                     X509Extension ext;
+ 
+                     // handle key usage ext
+-                    ext = extensions.getExtension(X509Extensions.KeyUsage);
++                    ext = extensions.getExtension(X509Extension.keyUsage);
+                     if (ext != null) {
+ 
+                         // TBD: handle this better
+-                        if (extSet != null && (extSet.get(X509Extensions.KeyUsage.getId()) != null)) {
++                        if (extSet != null && (extSet.get(X509Extension.keyUsage.getId()) != null)) {
+                             String err = i18n.getMessage("keyUsageExt");
+                             throw new GeneralSecurityException(err);
+                         }
+@@ -855,7 +856,7 @@
+ 
+                         bits = new DERBitString(bytes, bits.getPadBits());
+ 
+-                        certGen.addExtension(X509Extensions.KeyUsage, ext.isCritical(), bits);
++                        certGen.addExtension(X509Extension.keyUsage, ext.isCritical(), bits);
+                     }
+                 }
+ 
+@@ -897,7 +898,7 @@
+         }
+         X509NameHelper issuer = new X509NameHelper(issuerDN);
+         X509NameHelper subject = new X509NameHelper(issuerDN);
+-        subject.add(X509Name.CN, (cnValue == null) ? delegDN : cnValue);
++        subject.add(BCStyle.CN, (cnValue == null) ? delegDN : cnValue);
+ 
+         certGen.setSubjectDN(subject.getAsName());
+         certGen.setIssuerDN(issuer.getAsName());
+@@ -936,9 +937,9 @@
+      */
+     public X509Certificate loadCertificate(InputStream in) throws IOException, GeneralSecurityException {
+         ASN1InputStream derin = new ASN1InputStream(in);
+-        DERObject certInfo = derin.readObject();
++        ASN1Primitive certInfo = derin.readObject();
+         ASN1Sequence seq = ASN1Sequence.getInstance(certInfo);
+-        return new X509CertificateObject(new X509CertificateStructure(seq));
++        return new X509CertificateObject(Certificate.getInstance(seq));
+     }
+ 
+     /**
+diff -ur JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleOpenSSLKey.java JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleOpenSSLKey.java
+--- JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleOpenSSLKey.java	2013-09-05 14:41:15.000000000 +0200
++++ JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleOpenSSLKey.java	2014-03-06 11:19:25.651556353 +0100
+@@ -28,8 +28,8 @@
+ import java.security.interfaces.RSAPrivateCrtKey;
+ import java.security.spec.PKCS8EncodedKeySpec;
+ import org.bouncycastle.asn1.ASN1InputStream;
++import org.bouncycastle.asn1.ASN1Primitive;
+ import org.bouncycastle.asn1.ASN1Sequence;
+-import org.bouncycastle.asn1.DERObject;
+ import org.bouncycastle.asn1.DERObjectIdentifier;
+ import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+ import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
+@@ -121,12 +121,12 @@
+ 				}
+ 				ByteArrayInputStream bis = new ByteArrayInputStream(data);
+ 				ASN1InputStream derin = new ASN1InputStream(bis);
+-				DERObject keyInfo = derin.readObject();
++				ASN1Primitive keyInfo = derin.readObject();
+ 
+ 				DERObjectIdentifier rsaOid = PKCSObjectIdentifiers.rsaEncryption;
+ 				AlgorithmIdentifier rsa = new AlgorithmIdentifier(rsaOid);
+ 				PrivateKeyInfo pkeyinfo = new PrivateKeyInfo(rsa, keyInfo);
+-				DERObject derkey = pkeyinfo.getDERObject();
++				ASN1Primitive derkey = pkeyinfo.toASN1Primitive();
+ 				byte[] keyData = BouncyCastleUtil.toByteArray(derkey);
+ 				// The DER object needs to be mangled to
+ 				// create a proper ProvateKeyInfo object
+@@ -150,10 +150,10 @@
+ 				&& (format.equalsIgnoreCase("PKCS#8") || format
+ 						.equalsIgnoreCase("PKCS8"))) {
+ 			try {
+-				DERObject keyInfo = BouncyCastleUtil.toDERObject(key
++				ASN1Primitive keyInfo = BouncyCastleUtil.toASN1Primitive(key
+ 						.getEncoded());
+ 				PrivateKeyInfo pkey = new PrivateKeyInfo((ASN1Sequence) keyInfo);
+-				DERObject derKey = pkey.getPrivateKey();
++				ASN1Primitive derKey = pkey.getPrivateKey();
+ 				return BouncyCastleUtil.toByteArray(derKey);
+ 			} catch (IOException e) {
+ 				// that should never happen
+@@ -169,7 +169,7 @@
+ 					.getPrivateExponent(), pKey.getPrimeP(), pKey.getPrimeQ(),
+ 					pKey.getPrimeExponentP(), pKey.getPrimeExponentQ(), pKey
+ 							.getCrtCoefficient());
+-			DERObject ob = st.getDERObject();
++			ASN1Primitive ob = st.toASN1Primitive();
+ 
+ 			try {
+ 				return BouncyCastleUtil.toByteArray(ob);
+diff -ur JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleUtil.java JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleUtil.java
+--- JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleUtil.java	2013-09-05 14:41:15.000000000 +0200
++++ JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleUtil.java	2014-03-06 11:19:25.651556353 +0100
+@@ -30,16 +30,15 @@
+ 
+ import org.bouncycastle.asn1.ASN1InputStream;
+ import org.bouncycastle.asn1.ASN1OctetString;
++import org.bouncycastle.asn1.ASN1Primitive;
+ import org.bouncycastle.asn1.ASN1Sequence;
+ import org.bouncycastle.asn1.ASN1Set;
++import org.bouncycastle.asn1.ASN1String;
+ import org.bouncycastle.asn1.DERBitString;
+-import org.bouncycastle.asn1.DERBoolean;
+-import org.bouncycastle.asn1.DEREncodable;
+-import org.bouncycastle.asn1.DERInteger;
+-import org.bouncycastle.asn1.DERObject;
+ import org.bouncycastle.asn1.DERObjectIdentifier;
+ import org.bouncycastle.asn1.DEROutputStream;
+-import org.bouncycastle.asn1.DERString;
++import org.bouncycastle.asn1.x500.X500Name;
++import org.bouncycastle.asn1.x500.style.BCStyle;
+ import org.bouncycastle.asn1.x509.BasicConstraints;
+ import org.bouncycastle.asn1.x509.TBSCertificateStructure;
+ import org.bouncycastle.asn1.x509.X509Extension;
+@@ -76,7 +75,7 @@
+      * @return the DER-encoded byte array
+      * @exception IOException if conversion fails
+      */
+-    public static byte[] toByteArray(DERObject obj) 
++    public static byte[] toByteArray(ASN1Primitive obj) 
+ 	throws IOException {
+ 	ByteArrayOutputStream bout = new ByteArrayOutputStream();
+ 	DEROutputStream der = new DEROutputStream(bout);
+@@ -92,7 +91,7 @@
+      * @return the DERObject.
+      * @exception IOException if conversion fails
+      */
+-    public static DERObject toDERObject(byte[] data) 
++    public static ASN1Primitive toASN1Primitive(byte[] data) 
+ 	throws IOException {
+         ByteArrayInputStream inStream = new ByteArrayInputStream(data);
+         ASN1InputStream derInputStream = new ASN1InputStream(inStream);
+@@ -108,9 +107,9 @@
+      * @return a copy of the DERObject.
+      * @exception IOException if replication fails
+      */
+-    public static DERObject duplicate(DERObject obj) 
++    public static ASN1Primitive duplicate(ASN1Primitive obj) 
+ 	throws IOException {
+-	return toDERObject(toByteArray(obj));
++	return toASN1Primitive(toByteArray(obj));
+     }
+ 
+     /**
+@@ -123,7 +122,7 @@
+      */
+     public static TBSCertificateStructure getTBSCertificateStructure(X509Certificate cert)
+ 	throws CertificateEncodingException, IOException {
+-	DERObject obj = BouncyCastleUtil.toDERObject(cert.getTBSCertificate());
++	ASN1Primitive obj = BouncyCastleUtil.toASN1Primitive(cert.getTBSCertificate());
+ 	return TBSCertificateStructure.getInstance(obj);
+     }
+ 
+@@ -133,9 +132,9 @@
+      * @param ext the certificate extension to extract the value from.
+      * @exception IOException if extraction fails.
+      */
+-    public static DERObject getExtensionObject(X509Extension ext) 
++    public static ASN1Primitive getExtensionObject(X509Extension ext) 
+ 	throws IOException {
+-	return toDERObject(ext.getValue().getOctets());
++	return toASN1Primitive(ext.getValue().getOctets());
+     }
+ 
+     /**
+@@ -295,9 +294,9 @@
+ 	X509Extension ext = null;
+ 
+ 	if (extensions != null) {
+-	    ext = extensions.getExtension(X509Extensions.BasicConstraints);
++	    ext = extensions.getExtension(X509Extension.basicConstraints);
+ 	    if (ext != null) {
+-		BasicConstraints basicExt = getBasicConstraints(ext);
++		BasicConstraints basicExt = BasicConstraints.getInstance(ext);
+ 		if (basicExt.isCA()) {
+ 		    return GSIConstants.CertificateType.CA;
+ 		}
+@@ -307,12 +306,12 @@
+ 	GSIConstants.CertificateType type = GSIConstants.CertificateType.EEC;
+ 	
+ 	// does not handle multiple AVAs
+-	X509Name subject = crt.getSubject();
++	X500Name subject = crt.getSubject();
+ 
+ 	ASN1Set entry = X509NameHelper.getLastNameEntry(subject);
+ 	ASN1Sequence ava = (ASN1Sequence)entry.getObjectAt(0);
+-	if (X509Name.CN.equals(ava.getObjectAt(0))) {
+-	    String value = ((DERString)ava.getObjectAt(1)).getString();
++	if (BCStyle.CN.equals(ava.getObjectAt(0))) {
++	    String value = ((ASN1String)ava.getObjectAt(1)).getString();
+ 	    if (value.equalsIgnoreCase("proxy")) {
+ 		type = GSIConstants.CertificateType.GSI_2_PROXY;
+ 	    } else if (value.equalsIgnoreCase("limited proxy")) {
+@@ -370,7 +369,7 @@
+ 		X509NameHelper iss = new X509NameHelper(crt.getIssuer());
+ 		iss.add((ASN1Set)BouncyCastleUtil.duplicate(entry));
+ 		X509Name issuer = iss.getAsName();
+-		if (!issuer.equals(subject)) {
++		if (!issuer.equals(X509Name.getInstance(subject))) {
+                     String err = i18n.getMessage("proxyDNErr");
+ 		    throw new CertificateException(err);
+ 		}
+@@ -404,36 +403,6 @@
+     }
+ 
+     /**
+-     * Creates a <code>BasicConstraints</code> object from given
+-     * extension.
+-     *
+-     * @param ext the extension.
+-     * @return the <code>BasicConstraints</code> object.
+-     * @exception IOException if something fails.
+-     */
+-    public static BasicConstraints getBasicConstraints(X509Extension ext) 
+-	throws IOException {
+-	DERObject obj = BouncyCastleUtil.getExtensionObject(ext);
+-	if (obj instanceof ASN1Sequence) {
+-	    ASN1Sequence seq = (ASN1Sequence)obj;
+-	    int size = seq.size();
+-	    if (size == 0) {
+-		return new BasicConstraints(false);
+-	    } else if (size == 1) {
+-		DEREncodable value = seq.getObjectAt(0);
+-		if (value instanceof DERInteger) {
+-		    int length = ((DERInteger)value).getValue().intValue();
+-		    return new BasicConstraints(false, length);
+-		} else if (value instanceof DERBoolean) {
+-		    boolean ca = ((DERBoolean)value).isTrue();
+-		    return new BasicConstraints(ca);
+-		}
+-	    } 
+-	}
+-	return BasicConstraints.getInstance(obj);
+-    }
+-    
+-    /**
+      * Creates a <code>ProxyCertInfo</code> object from given
+      * extension.
+      *
+@@ -531,7 +500,7 @@
+ 	throws IOException {
+ 	ByteArrayInputStream inStream = new ByteArrayInputStream(certExtValue);
+ 	ASN1InputStream derInputStream = new ASN1InputStream(inStream);
+-	DERObject object = derInputStream.readObject();
++        ASN1Primitive object = derInputStream.readObject();
+ 	if (object instanceof ASN1OctetString) {
+ 	    return ((ASN1OctetString)object).getOctets();
+ 	} else {
+diff -ur JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleX509Extension.java JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleX509Extension.java
+--- JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleX509Extension.java	2013-09-05 14:41:15.000000000 +0200
++++ JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleX509Extension.java	2014-03-06 11:19:25.652556341 +0100
+@@ -16,7 +16,7 @@
+ 
+ import java.io.IOException;
+ 
+-import org.bouncycastle.asn1.DEREncodable;
++import org.bouncycastle.asn1.ASN1Encodable;
+ 
+ import org.globus.gsi.X509Extension;
+ 
+@@ -36,22 +36,22 @@
+ 	this(oid, false, null);
+     }
+     
+-    public BouncyCastleX509Extension(String oid, DEREncodable value) {
++    public BouncyCastleX509Extension(String oid, ASN1Encodable value) {
+ 	this(oid, false, value);
+     }
+     
+     public BouncyCastleX509Extension(String oid, boolean critical, 
+-				     DEREncodable value) {
++				     ASN1Encodable value) {
+ 	super(oid, critical, null);
+ 	setValue(value);
+     }
+     
+-    protected void setValue(DEREncodable value) {
++    protected void setValue(ASN1Encodable value) {
+ 	if (value == null) {
+ 	    return;
+ 	}
+     	try {
+-	    setValue(BouncyCastleUtil.toByteArray(value.getDERObject()));
++	    setValue(BouncyCastleUtil.toByteArray(value.toASN1Primitive()));
+ 	} catch (IOException e) {
+ 	    throw new RuntimeException(i18n.getMessage("byteArrayErr") +
+ 				       e.getMessage());
+diff -ur JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/X509NameHelper.java JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/X509NameHelper.java
+--- JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/bc/X509NameHelper.java	2013-09-05 14:41:15.000000000 +0200
++++ JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/bc/X509NameHelper.java	2014-03-06 11:19:25.652556341 +0100
+@@ -21,11 +21,13 @@
+ import org.bouncycastle.asn1.ASN1EncodableVector;
+ import org.bouncycastle.asn1.ASN1Sequence;
+ import org.bouncycastle.asn1.ASN1Set;
++import org.bouncycastle.asn1.ASN1String;
+ import org.bouncycastle.asn1.DERObjectIdentifier;
+ import org.bouncycastle.asn1.DERPrintableString;
+ import org.bouncycastle.asn1.DERSequence;
+ import org.bouncycastle.asn1.DERSet;
+-import org.bouncycastle.asn1.DERString;
++import org.bouncycastle.asn1.x500.RDN;
++import org.bouncycastle.asn1.x500.X500Name;
+ import org.bouncycastle.asn1.x509.X509Name;
+ 
+ /**
+@@ -45,6 +47,21 @@
+     }
+ 
+     /**
++     * Creates an instance using existing {@link X500Name X500Name} 
++     * object. 
++     * This behaves like a copy constructor.
++     *
++     * @param name existing <code>X500Name</code> 
++     */
++    public X509NameHelper(X500Name name) {
++        try {
++            this.seq = (ASN1Sequence)BouncyCastleUtil.duplicate(name.toASN1Primitive());
++        } catch (IOException e) {
++            throw new RuntimeException(e.getMessage());
++        }
++    }
++
++    /**
+      * Creates an instance using existing {@link X509Name X509Name} 
+      * object. 
+      * This behaves like a copy constructor.
+@@ -53,7 +70,7 @@
+      */
+     public X509NameHelper(X509Name name) {
+         try {
+-            this.seq = (ASN1Sequence)BouncyCastleUtil.duplicate(name.getDERObject());
++            this.seq = (ASN1Sequence)BouncyCastleUtil.duplicate(name.toASN1Primitive());
+         } catch (IOException e) {
+             throw new RuntimeException(e.getMessage());
+         }
+@@ -72,8 +89,8 @@
+      * Appends the specified OID and value pair name component to the end of the
+      * current name.
+      *
+-     * @param oid   the name component oid, e.g. {@link X509Name#CN
+-     *              X509Name.CN}
++     * @param oid   the name component oid, e.g. {@link org.bouncycastle.asn1.x500.style.BCStyle#CN
++     *              BCStyle.CN}
+      * @param value the value (e.g. "proxy")
+      */
+     public void add(
+@@ -125,10 +142,10 @@
+      *
+      * @return the last name component. Null if there is none.
+      */
+-    public static ASN1Set getLastNameEntry(X509Name name) {
+-        ASN1Sequence seq = (ASN1Sequence) name.getDERObject();
+-        int size = seq.size();
+-        return (size > 0) ? (ASN1Set) seq.getObjectAt(size - 1) : null;
++    public static ASN1Set getLastNameEntry(X500Name name) {
++        RDN[] rdns = name.getRDNs();
++        int size = rdns.length;
++        return (size > 0) ? (ASN1Set) rdns[size - 1].toASN1Primitive() : null;
+     }
+ 
+     /**
+@@ -142,7 +159,7 @@
+         if (name == null) {
+             return null;
+         }
+-        return toString((ASN1Sequence)name.getDERObject());
++        return toString((ASN1Sequence)name.toASN1Primitive());
+     }
+ 
+     private static String toString(ASN1Sequence seq) {
+@@ -159,14 +176,14 @@
+             while (ee.hasMoreElements()) {
+                 ASN1Sequence s = (ASN1Sequence)ee.nextElement();
+                 DERObjectIdentifier oid = (DERObjectIdentifier)s.getObjectAt(0);
+-                String sym = (String)X509Name.OIDLookUp.get(oid);
++                String sym = (String)X509Name.DefaultSymbols.get(oid);
+                 if (sym == null) {
+                     buf.append(oid.getId());
+                 } else {
+                     buf.append(sym);
+                 }
+                 buf.append('=');
+-                buf.append(((DERString)s.getObjectAt(1)).getString());
++                buf.append(((ASN1String)s.getObjectAt(1)).getString());
+                 if (ee.hasMoreElements()) {
+                     buf.append('+');
+                 }
+diff -ur JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/proxy/ext/ProxyCertInfo.java JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/proxy/ext/ProxyCertInfo.java
+--- JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/proxy/ext/ProxyCertInfo.java	2013-09-05 14:41:15.000000000 +0200
++++ JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/proxy/ext/ProxyCertInfo.java	2014-03-06 11:19:25.652556341 +0100
+@@ -20,11 +20,11 @@
+ 
+ import java.io.IOException;
+ 
++import org.bouncycastle.asn1.ASN1Encodable;
+ import org.bouncycastle.asn1.ASN1EncodableVector;
++import org.bouncycastle.asn1.ASN1Primitive;
+ import org.bouncycastle.asn1.ASN1Sequence;
+-import org.bouncycastle.asn1.DEREncodable;
+ import org.bouncycastle.asn1.DERInteger;
+-import org.bouncycastle.asn1.DERObject;
+ import org.bouncycastle.asn1.DERSequence;
+ 
+ /**
+@@ -34,7 +34,7 @@
+  * ProxyCertInfo ::= SEQUENCE { pCPathLenConstraint      INTEGER (0..MAX) OPTIONAL, proxyPolicy ProxyPolicy }
+  * </PRE>
+  */
+-public class ProxyCertInfo implements DEREncodable {
++public class ProxyCertInfo implements ASN1Encodable {
+ 
+     /** ProxyCertInfo extension OID */
+     public static final DERObjectIdentifier OID 
+@@ -111,9 +111,9 @@
+         } else if (obj instanceof ASN1Sequence) {
+             return new ProxyCertInfo((ASN1Sequence) obj);
+         } else if (obj instanceof byte[]) {
+-            DERObject derObj;
++            ASN1Primitive derObj;
+             try {
+-                derObj = CertificateUtil.toDERObject((byte[]) obj);
++                derObj = CertificateUtil.toASN1Primitive((byte[]) obj);
+             } catch (IOException e) {
+                 throw new IllegalArgumentException(e.getMessage(), e);
+             }
+@@ -129,14 +129,14 @@
+      *
+      * @return <code>DERObject</code> the encoded representation of the extension.
+      */
+-    public DERObject getDERObject() {
++    public ASN1Primitive toASN1Primitive() {
+         ASN1EncodableVector vec = new ASN1EncodableVector();
+ 
+         if (this.pathLenConstraint != null) {
+             vec.add(this.pathLenConstraint);
+         }
+ 
+-        vec.add(this.proxyPolicy.getDERObject());
++        vec.add(this.proxyPolicy.toASN1Primitive());
+ 
+         return new DERSequence(vec);
+     }
+diff -ur JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/proxy/ext/ProxyPolicy.java JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/proxy/ext/ProxyPolicy.java
+--- JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/proxy/ext/ProxyPolicy.java	2013-09-05 14:41:15.000000000 +0200
++++ JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/proxy/ext/ProxyPolicy.java	2014-03-06 11:19:25.652556341 +0100
+@@ -14,10 +14,10 @@
+  */
+ package org.globus.gsi.proxy.ext;
+ 
++import org.bouncycastle.asn1.ASN1Encodable;
+ import org.bouncycastle.asn1.ASN1EncodableVector;
++import org.bouncycastle.asn1.ASN1Primitive;
+ import org.bouncycastle.asn1.ASN1Sequence;
+-import org.bouncycastle.asn1.DEREncodable;
+-import org.bouncycastle.asn1.DERObject;
+ import org.bouncycastle.asn1.DERObjectIdentifier;
+ import org.bouncycastle.asn1.DEROctetString;
+ import org.bouncycastle.asn1.DERSequence;
+@@ -27,7 +27,7 @@
+  * Represents the policy part of the ProxyCertInfo extension. <BR> <PRE>
+  * ProxyPolicy ::= SEQUENCE { policyLanguage    OBJECT IDENTIFIER, policy OCTET STRING OPTIONAL } </PRE>
+  */
+-public class ProxyPolicy implements DEREncodable {
++public class ProxyPolicy implements ASN1Encodable {
+ 
+     /**
+      * Impersonation proxy OID
+@@ -58,7 +58,7 @@
+         }
+         this.policyLanguage = (DERObjectIdentifier) seq.getObjectAt(0);
+         if (seq.size() > 1) {
+-            DEREncodable obj = seq.getObjectAt(1);
++            ASN1Encodable obj = seq.getObjectAt(1);
+             if (obj instanceof DERTaggedObject) {
+                 obj = ((DERTaggedObject) obj).getObject();
+             }
+@@ -133,7 +133,7 @@
+      * @return <code>DERObject</code> the encoded representation of the proxy
+      *         policy.
+      */
+-    public DERObject getDERObject() {
++    public ASN1Primitive toASN1Primitive() {
+ 
+         ASN1EncodableVector vec = new ASN1EncodableVector();
+ 
+diff -ur JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/trustmanager/X509ProxyCertPathValidator.java JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/trustmanager/X509ProxyCertPathValidator.java
+--- JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/trustmanager/X509ProxyCertPathValidator.java	2013-09-05 14:41:15.000000000 +0200
++++ JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/trustmanager/X509ProxyCertPathValidator.java	2014-03-06 11:19:25.653556329 +0100
+@@ -484,12 +484,12 @@
+             while (e.hasMoreElements()) {
+                 oid = (DERObjectIdentifier) e.nextElement();
+                 proxyExtension = extensions.getExtension(oid);
+-                if (oid.equals(X509Extensions.SubjectAlternativeName)
+-                        || oid.equals(X509Extensions.IssuerAlternativeName)) {
++                if (oid.equals(X509Extension.subjectAlternativeName)
++                        || oid.equals(X509Extension.issuerAlternativeName)) {
+                     // No Alt name extensions - 3.2 & 3.5
+                     throw new CertPathValidatorException(
+                             "Proxy violation: no Subject or Issuer Alternative Name");
+-                } else if (oid.equals(X509Extensions.BasicConstraints)) {
++                } else if (oid.equals(X509Extension.basicConstraints)) {
+                     // Basic Constraint must not be true - 3.8
+                     BasicConstraints basicExt =
+                             CertificateUtil.getBasicConstraints(proxyExtension);
+@@ -497,7 +497,7 @@
+                         throw new CertPathValidatorException(
+                                 "Proxy violation: Basic Constraint CA is set to true");
+                     }
+-                } else if (oid.equals(X509Extensions.KeyUsage)) {
++                } else if (oid.equals(X509Extension.keyUsage)) {
+                     proxyKeyUsage = proxyExtension;
+ 
+                     checkKeyUsage(issuer, proxyExtension);
+@@ -528,7 +528,7 @@
+     }
+ 
+     private void checkExtension(DERObjectIdentifier oid, X509Extension proxyExtension, X509Extension proxyKeyUsage) throws CertPathValidatorException {
+-        if (oid.equals(X509Extensions.KeyUsage)) {
++        if (oid.equals(X509Extension.keyUsage)) {
+             // If issuer has it then proxy must have it also
+             if (proxyKeyUsage == null) {
+                 throw new CertPathValidatorException(
+diff -ur JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/util/CertificateIOUtil.java JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/util/CertificateIOUtil.java
+--- JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/util/CertificateIOUtil.java	2013-09-05 14:41:15.000000000 +0200
++++ JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/util/CertificateIOUtil.java	2014-03-06 11:19:25.653556329 +0100
+@@ -95,7 +95,7 @@
+             ByteArrayOutputStream bout = new ByteArrayOutputStream();
+             DEROutputStream der = new DEROutputStream(bout);
+             X509Name nm = (X509Name) subject;
+-            der.writeObject(nm.getDERObject());
++            der.writeObject(nm.toASN1Primitive());
+             return bout.toByteArray();
+         } else {
+             throw new ClassCastException("unsupported input class: "
+diff -ur JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/util/CertificateUtil.java JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/util/CertificateUtil.java
+--- JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/main/java/org/globus/gsi/util/CertificateUtil.java	2013-09-05 14:41:15.000000000 +0200
++++ JGlobus-JGlobus-2.0.6/ssl-proxies/src/main/java/org/globus/gsi/util/CertificateUtil.java	2014-03-06 11:19:25.653556329 +0100
+@@ -59,12 +59,14 @@
+ 
+ import org.bouncycastle.asn1.ASN1InputStream;
+ import org.bouncycastle.asn1.ASN1Object;
++import org.bouncycastle.asn1.ASN1Primitive;
+ import org.bouncycastle.asn1.ASN1Sequence;
+ import org.bouncycastle.asn1.ASN1Set;
++import org.bouncycastle.asn1.ASN1String;
+ import org.bouncycastle.asn1.DERBitString;
+-import org.bouncycastle.asn1.DERObject;
+ import org.bouncycastle.asn1.DERObjectIdentifier;
+-import org.bouncycastle.asn1.DERString;
++import org.bouncycastle.asn1.x500.X500Name;
++import org.bouncycastle.asn1.x500.style.BCStyle;
+ import org.bouncycastle.asn1.x509.BasicConstraints;
+ import org.bouncycastle.asn1.x509.TBSCertificateStructure;
+ import org.bouncycastle.asn1.x509.X509Extension;
+@@ -216,7 +218,7 @@
+             return -1;
+         }
+         X509Extension proxyExtension =
+-                extensions.getExtension(X509Extensions.BasicConstraints);
++                extensions.getExtension(X509Extension.basicConstraints);
+         if (proxyExtension != null) {
+             BasicConstraints basicExt =
+                     getBasicConstraints(proxyExtension);
+@@ -310,7 +312,7 @@
+         X509Extension ext = null;
+ 
+         if (extensions != null) {
+-            ext = extensions.getExtension(X509Extensions.BasicConstraints);
++            ext = extensions.getExtension(X509Extension.basicConstraints);
+             if (ext != null) {
+                 BasicConstraints basicExt = getBasicConstraints(ext);
+                 if (basicExt.isCA()) {
+@@ -322,11 +324,11 @@
+         GSIConstants.CertificateType type = GSIConstants.CertificateType.EEC;
+ 
+         // does not handle multiple AVAs
+-        X509Name subject = crt.getSubject();
++        X500Name subject = crt.getSubject();
+ 
+         ASN1Set entry = X509NameHelper.getLastNameEntry(subject);
+         ASN1Sequence ava = (ASN1Sequence) entry.getObjectAt(0);
+-        if (X509Name.CN.equals(ava.getObjectAt(0))) {
++        if (BCStyle.CN.equals(ava.getObjectAt(0))) {
+             type = processCN(extensions, type, ava);
+         }
+ 
+@@ -336,7 +338,7 @@
+     private static GSIConstants.CertificateType processCN(
+             X509Extensions extensions, GSIConstants.CertificateType type, ASN1Sequence ava) throws CertificateException {
+         X509Extension ext;
+-        String value = ((DERString) ava.getObjectAt(1)).getString();
++        String value = ((ASN1String) ava.getObjectAt(1)).getString();
+         GSIConstants.CertificateType certType = type;
+         if (value.equalsIgnoreCase("proxy")) {
+             certType = GSIConstants.CertificateType.GSI_2_PROXY;
+@@ -431,7 +433,7 @@
+      * @return the DERObject.
+      * @throws IOException if conversion fails
+      */
+-    public static DERObject toDERObject(byte[] data)
++    public static ASN1Primitive toASN1Primitive(byte[] data)
+             throws IOException {
+         ByteArrayInputStream inStream = new ByteArrayInputStream(data);
+         ASN1InputStream derInputStream = new ASN1InputStream(inStream);
+@@ -450,7 +452,7 @@
+     public static TBSCertificateStructure getTBSCertificateStructure(
+             X509Certificate cert)
+             throws CertificateEncodingException, IOException {
+-        DERObject obj = toDERObject(cert.getTBSCertificate());
++        ASN1Primitive obj = toASN1Primitive(cert.getTBSCertificate());
+         return TBSCertificateStructure.getInstance(obj);
+     }
+ 
+@@ -461,7 +463,7 @@
+             return new boolean[0];
+         }
+         X509Extension extension =
+-                extensions.getExtension(X509Extensions.KeyUsage);
++                extensions.getExtension(X509Extension.keyUsage);
+         return (extension != null) ? getKeyUsage(extension) : new boolean[0];
+     }
+ 
+@@ -494,9 +496,9 @@
+      * @param ext the certificate extension to extract the value from.
+      * @throws IOException if extraction fails.
+      */
+-    public static DERObject getExtensionObject(X509Extension ext)
++    public static ASN1Primitive getExtensionObject(X509Extension ext)
+             throws IOException {
+-        return toDERObject(ext.getValue().getOctets());
++        return toASN1Primitive(ext.getValue().getOctets());
+     }
+ 
+     /**
+diff -ur JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/test/java/org/globus/gsi/bc/BouncyCastleCertProcessingFactoryTest.java JGlobus-JGlobus-2.0.6/ssl-proxies/src/test/java/org/globus/gsi/bc/BouncyCastleCertProcessingFactoryTest.java
+--- JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/test/java/org/globus/gsi/bc/BouncyCastleCertProcessingFactoryTest.java	2013-09-05 14:41:15.000000000 +0200
++++ JGlobus-JGlobus-2.0.6/ssl-proxies/src/test/java/org/globus/gsi/bc/BouncyCastleCertProcessingFactoryTest.java	2014-03-06 11:19:25.653556329 +0100
+@@ -26,6 +26,11 @@
+ import org.globus.gsi.proxy.ext.ProxyCertInfo;
+ import org.globus.gsi.proxy.ext.ProxyCertInfoExtension;
+ 
++import org.bouncycastle.asn1.ASN1Boolean;
++import org.bouncycastle.asn1.ASN1Encodable;
++import org.bouncycastle.asn1.ASN1Integer;
++import org.bouncycastle.asn1.DERBoolean;
++import org.bouncycastle.asn1.DERSequence;
+ import org.bouncycastle.asn1.x509.BasicConstraints;
+ import org.bouncycastle.asn1.x509.X509Extensions;
+ 
+@@ -88,9 +93,10 @@
+     X509ExtensionSet extSet = new X509ExtensionSet();
+     ext = new X509Extension(oid, critical, expectedValue.getBytes());
+     extSet.add(ext);
+-    
+-    BasicConstraints constraints = new BasicConstraints(false, 15);
+-    ext = new BouncyCastleX509Extension(X509Extensions.BasicConstraints.getId(),
++
++    DERSequence seq = new DERSequence(new ASN1Encodable[] { DERBoolean.FALSE, new ASN1Integer(15) });
++    BasicConstraints constraints = BasicConstraints.getInstance(seq);
++    ext = new BouncyCastleX509Extension(org.bouncycastle.asn1.x509.X509Extension.basicConstraints.getId(),
+                         false, constraints);
+     extSet.add(ext);
+     
+diff -ur JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/test/java/org/globus/gsi/proxy/ext/ProxyCertInfoTest.java JGlobus-JGlobus-2.0.6/ssl-proxies/src/test/java/org/globus/gsi/proxy/ext/ProxyCertInfoTest.java
+--- JGlobus-JGlobus-2.0.6.orig/ssl-proxies/src/test/java/org/globus/gsi/proxy/ext/ProxyCertInfoTest.java	2013-09-05 14:41:15.000000000 +0200
++++ JGlobus-JGlobus-2.0.6/ssl-proxies/src/test/java/org/globus/gsi/proxy/ext/ProxyCertInfoTest.java	2014-03-06 11:19:25.654556317 +0100
+@@ -24,7 +24,7 @@
+ 
+ import org.bouncycastle.asn1.DERObjectIdentifier;
+ import org.bouncycastle.asn1.DEROutputStream;
+-import org.bouncycastle.asn1.DERObject;
++import org.bouncycastle.asn1.ASN1Primitive;
+ import org.bouncycastle.asn1.ASN1Sequence;
+ 
+ import junit.framework.TestCase;
+@@ -63,7 +63,7 @@
+ 	ByteArrayInputStream bIn = 
+ 	    new ByteArrayInputStream(bOut.toByteArray());
+ 	ASN1InputStream dIn = new ASN1InputStream(bIn);
+-	DERObject obj = dIn.readObject();
++	ASN1Primitive obj = dIn.readObject();
+ 	
+ 	assertTrue(obj instanceof ASN1Sequence);
+ 	
+@@ -112,7 +112,7 @@
+ 	ByteArrayInputStream bIn = 
+ 	    new ByteArrayInputStream(bOut.toByteArray());
+ 	ASN1InputStream dIn = new ASN1InputStream(bIn);
+-	DERObject obj = dIn.readObject();
++	ASN1Primitive obj = dIn.readObject();
+ 
+ 	ProxyCertInfo testInfo = new ProxyCertInfo((ASN1Sequence)obj);
+ 
diff --git a/jglobus.spec b/jglobus.spec
index 0ddd622..ba4a927 100644
--- a/jglobus.spec
+++ b/jglobus.spec
@@ -1,6 +1,6 @@
 Name:		jglobus
 Version:	2.0.6
-Release:	3%{?dist}
+Release:	4%{?dist}
 Summary:	Globus Java client libraries
 
 #		Everything is Apache 2.0 except for one file that is MIT:
@@ -19,6 +19,8 @@ Patch5:		jglobus-dont-hide-super.patch
 Patch6:		jglobus-doc.patch
 #		Name parent parent
 Patch7:		jglobus-parent.patch
+#		Porting to bouncycastle 1.47+
+Patch8:		jglobus-bc147.patch
 
 BuildArch:	noarch
 
@@ -41,7 +43,11 @@ BuildRequires:	mvn(org.apache.maven.plugins:maven-source-plugin)
 BuildRequires:	mvn(org.apache.maven.plugins:maven-surefire-plugin)
 BuildRequires:	mvn(org.apache.tomcat:tomcat-catalina)
 BuildRequires:	mvn(org.apache.tomcat:tomcat-coyote)
+%if %{?fedora}%{!?fedora:0} >= 21 || %{?rhel}%{!?rhel:0} >= 7
+BuildRequires:	mvn(org.bouncycastle:bcprov-jdk15on)
+%else
 BuildRequires:	mvn(org.bouncycastle:bcprov-jdk16)
+%endif
 BuildRequires:	mvn(org.sonatype.oss:oss-parent)
 
 %description
@@ -144,6 +150,9 @@ This package contains the API documentation for %{name}.
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
+%if %{?fedora}%{!?fedora:0} >= 21 || %{?rhel}%{!?rhel:0} >= 7
+%patch8 -p1
+%endif
 
 dos2unix axis/src/main/java/org/globus/axis/example/README.txt
 chmod 644 axis/src/main/java/org/globus/axis/example/README.txt
@@ -231,6 +240,9 @@ mv myproxy/src/test/java/org/globus/myproxy/test/test.properties \
 %files javadoc -f .mfiles-javadoc
 
 %changelog
+* Thu Mar 06 2014 Mattias Ellert <mattias.ellert at fysast.uu.se> - 2.0.6-4
+- Apply patch for bouncycastle 1.47+ for Fedora 21+ and EPEL 7+
+
 * Wed Sep 11 2013 Mattias Ellert <mattias.ellert at fysast.uu.se> - 2.0.6-3
 - Use xmvn instead of mvn-rpmbuild
 
