diff options
| author | Kenny Root <kroot@google.com> | 2017-02-09 13:07:33 -0800 |
|---|---|---|
| committer | Kenny Root <kroot@google.com> | 2017-02-10 10:41:01 -0800 |
| commit | 04ba2ae5ace8d45cbce4139bec5889cf7191d15a (patch) | |
| tree | bf69e77c8087ae5614e4851a09b6933f96952d11 /support | |
| parent | 132891099df745b153f15421c4e7bd0197602725 (diff) | |
Use the new X.509 cert generator API
The previous API has been deprecated within Bouncycastle for a while.
Switch to the newer one to avoid the deprecation warnings.
Test: cts-tradefed run cts -m CtsLibcoreTestCases
Change-Id: I24b1340185876f90730d362019f202431c94d4a2
Diffstat (limited to 'support')
| -rw-r--r-- | support/src/test/java/libcore/java/security/TestKeyStore.java | 37 |
1 files changed, 19 insertions, 18 deletions
diff --git a/support/src/test/java/libcore/java/security/TestKeyStore.java b/support/src/test/java/libcore/java/security/TestKeyStore.java index ef62a44c17..96c9487363 100644 --- a/support/src/test/java/libcore/java/security/TestKeyStore.java +++ b/support/src/test/java/libcore/java/security/TestKeyStore.java @@ -17,9 +17,11 @@ package libcore.java.security; import com.android.org.bouncycastle.asn1.DEROctetString; +import com.android.org.bouncycastle.asn1.x500.X500Name; import com.android.org.bouncycastle.asn1.x509.BasicConstraints; import com.android.org.bouncycastle.asn1.x509.CRLReason; import com.android.org.bouncycastle.asn1.x509.ExtendedKeyUsage; +import com.android.org.bouncycastle.asn1.x509.Extension; import com.android.org.bouncycastle.asn1.x509.GeneralName; import com.android.org.bouncycastle.asn1.x509.GeneralNames; import com.android.org.bouncycastle.asn1.x509.GeneralSubtree; @@ -27,23 +29,20 @@ import com.android.org.bouncycastle.asn1.x509.KeyPurposeId; import com.android.org.bouncycastle.asn1.x509.KeyUsage; import com.android.org.bouncycastle.asn1.x509.NameConstraints; import com.android.org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import com.android.org.bouncycastle.asn1.x509.X509Extensions; import com.android.org.bouncycastle.cert.X509CertificateHolder; +import com.android.org.bouncycastle.cert.X509v3CertificateBuilder; import com.android.org.bouncycastle.cert.jcajce.JcaX509CertificateHolder; import com.android.org.bouncycastle.cert.ocsp.BasicOCSPResp; import com.android.org.bouncycastle.cert.ocsp.BasicOCSPRespBuilder; import com.android.org.bouncycastle.cert.ocsp.CertificateID; import com.android.org.bouncycastle.cert.ocsp.CertificateStatus; -import com.android.org.bouncycastle.cert.ocsp.OCSPException; import com.android.org.bouncycastle.cert.ocsp.OCSPResp; import com.android.org.bouncycastle.cert.ocsp.OCSPRespBuilder; import com.android.org.bouncycastle.cert.ocsp.RevokedStatus; import com.android.org.bouncycastle.jce.provider.BouncyCastleProvider; import com.android.org.bouncycastle.operator.DigestCalculatorProvider; -import com.android.org.bouncycastle.operator.OperatorCreationException; import com.android.org.bouncycastle.operator.bc.BcDigestCalculatorProvider; import com.android.org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; -import com.android.org.bouncycastle.x509.X509V3CertificateGenerator; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.PrintStream; @@ -707,43 +706,40 @@ public final class TestKeyStore extends Assert { throw new IllegalArgumentException("Unknown key algorithm " + keyAlgorithm); } - X509V3CertificateGenerator x509cg = new X509V3CertificateGenerator(); - x509cg.setSubjectDN(subject); - x509cg.setIssuerDN(issuer); - x509cg.setNotBefore(start); - x509cg.setNotAfter(end); - x509cg.setPublicKey(publicKey); - x509cg.setSignatureAlgorithm(signatureAlgorithm); if (serialNumber == null) { byte[] serialBytes = new byte[16]; new SecureRandom().nextBytes(serialBytes); serialNumber = new BigInteger(1, serialBytes); } - x509cg.setSerialNumber(serialNumber); + + X509v3CertificateBuilder x509cg = new X509v3CertificateBuilder( + X500Name.getInstance(issuer.getEncoded()), serialNumber, start, end, + X500Name.getInstance(subject.getEncoded()), + SubjectPublicKeyInfo.getInstance(publicKey.getEncoded())); if (keyUsage != 0) { - x509cg.addExtension(X509Extensions.KeyUsage, + x509cg.addExtension(Extension.keyUsage, true, new KeyUsage(keyUsage)); } if (ca) { - x509cg.addExtension(X509Extensions.BasicConstraints, + x509cg.addExtension(Extension.basicConstraints, true, new BasicConstraints(true)); } for (int i = 0; i < extendedKeyUsages.size(); i++) { KeyPurposeId keyPurposeId = extendedKeyUsages.get(i); boolean critical = criticalExtendedKeyUsages.get(i); - x509cg.addExtension(X509Extensions.ExtendedKeyUsage, + x509cg.addExtension(Extension.extendedKeyUsage, critical, new ExtendedKeyUsage(keyPurposeId)); } for (GeneralName subjectAltName : subjectAltNames) { - x509cg.addExtension(X509Extensions.SubjectAlternativeName, + x509cg.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(subjectAltName).getEncoded()); } if (!permittedNameConstraints.isEmpty() || !excludedNameConstraints.isEmpty()) { - x509cg.addExtension(X509Extensions.NameConstraints, + x509cg.addExtension(Extension.nameConstraints, true, new NameConstraints(permittedNameConstraints.toArray( new GeneralSubtree[ @@ -753,7 +749,12 @@ public final class TestKeyStore extends Assert { excludedNameConstraints.size()]))); } - X509Certificate x509c = x509cg.generateX509Certificate(privateKey); + X509CertificateHolder x509holder = x509cg.build( + new JcaContentSignerBuilder(signatureAlgorithm).build(privateKey)); + CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); + X509Certificate x509c = (X509Certificate) certFactory.generateCertificate( + new ByteArrayInputStream(x509holder.getEncoded())); + if (StandardNames.IS_RI) { /* * The RI can't handle the BC EC signature algorithm |