2 files changed, 33 insertions, 18 deletions

diff --git a/support/src/test/java/libcore/java/security/StandardNames.java b/support/src/test/java/libcore/java/security/StandardNames.java
index 794bf2680e..6abfaee92e 100644
--- a/support/src/test/java/libcore/java/security/StandardNames.java
+++ b/support/src/test/java/libcore/java/security/StandardNames.java
@@ -532,6 +532,20 @@ public final class StandardNames {
             provide("Cipher", "AES/OFB/NOPADDING");
             provide("Cipher", "AES/OFB/PKCS5PADDING");
             provide("Cipher", "AES/OFB/PKCS7PADDING");
+            provide("Cipher", "AES_128/CBC/NOPADDING");
+            provide("Cipher", "AES_128/CBC/PKCS5PADDING");
+            provide("Cipher", "AES_128/CBC/PKCS7PADDING");
+            provide("Cipher", "AES_128/ECB/NOPADDING");
+            provide("Cipher", "AES_128/ECB/PKCS5PADDING");
+            provide("Cipher", "AES_128/ECB/PKCS7PADDING");
+            provide("Cipher", "AES_128/GCM/NOPADDING");
+            provide("Cipher", "AES_256/CBC/NOPADDING");
+            provide("Cipher", "AES_256/CBC/PKCS5PADDING");
+            provide("Cipher", "AES_256/CBC/PKCS7PADDING");
+            provide("Cipher", "AES_256/ECB/NOPADDING");
+            provide("Cipher", "AES_256/ECB/PKCS5PADDING");
+            provide("Cipher", "AES_256/ECB/PKCS7PADDING");
+            provide("Cipher", "AES_256/GCM/NOPADDING");
             provide("Cipher", "DESEDE/CBC/NOPADDING");
             provide("Cipher", "DESEDE/CBC/PKCS5PADDING");
             provide("Cipher", "DESEDE/CBC/PKCS7PADDING");
diff --git a/support/src/test/java/libcore/java/security/TestKeyStore.java b/support/src/test/java/libcore/java/security/TestKeyStore.java
index 1047859a32..3829dc1e24 100644
--- a/support/src/test/java/libcore/java/security/TestKeyStore.java
+++ b/support/src/test/java/libcore/java/security/TestKeyStore.java
@@ -19,9 +19,11 @@ package libcore.java.security;
 import static org.junit.Assert.assertEquals;
 
 import com.android.org.bouncycastle.asn1.DEROctetString;
+import com.android.org.bouncycastle.asn1.x500.X500Name;
 import com.android.org.bouncycastle.asn1.x509.BasicConstraints;
 import com.android.org.bouncycastle.asn1.x509.CRLReason;
 import com.android.org.bouncycastle.asn1.x509.ExtendedKeyUsage;
+import com.android.org.bouncycastle.asn1.x509.Extension;
 import com.android.org.bouncycastle.asn1.x509.GeneralName;
 import com.android.org.bouncycastle.asn1.x509.GeneralNames;
 import com.android.org.bouncycastle.asn1.x509.GeneralSubtree;
@@ -29,23 +31,20 @@ import com.android.org.bouncycastle.asn1.x509.KeyPurposeId;
 import com.android.org.bouncycastle.asn1.x509.KeyUsage;
 import com.android.org.bouncycastle.asn1.x509.NameConstraints;
 import com.android.org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import com.android.org.bouncycastle.asn1.x509.X509Extensions;
 import com.android.org.bouncycastle.cert.X509CertificateHolder;
+import com.android.org.bouncycastle.cert.X509v3CertificateBuilder;
 import com.android.org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
 import com.android.org.bouncycastle.cert.ocsp.BasicOCSPResp;
 import com.android.org.bouncycastle.cert.ocsp.BasicOCSPRespBuilder;
 import com.android.org.bouncycastle.cert.ocsp.CertificateID;
 import com.android.org.bouncycastle.cert.ocsp.CertificateStatus;
-import com.android.org.bouncycastle.cert.ocsp.OCSPException;
 import com.android.org.bouncycastle.cert.ocsp.OCSPResp;
 import com.android.org.bouncycastle.cert.ocsp.OCSPRespBuilder;
 import com.android.org.bouncycastle.cert.ocsp.RevokedStatus;
 import com.android.org.bouncycastle.jce.provider.BouncyCastleProvider;
 import com.android.org.bouncycastle.operator.DigestCalculatorProvider;
-import com.android.org.bouncycastle.operator.OperatorCreationException;
 import com.android.org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
 import com.android.org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
-import com.android.org.bouncycastle.x509.X509V3CertificateGenerator;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.PrintStream;
@@ -705,43 +704,40 @@ public final class TestKeyStore {
             throw new IllegalArgumentException("Unknown key algorithm " + keyAlgorithm);
         }
 
-        X509V3CertificateGenerator x509cg = new X509V3CertificateGenerator();
-        x509cg.setSubjectDN(subject);
-        x509cg.setIssuerDN(issuer);
-        x509cg.setNotBefore(start);
-        x509cg.setNotAfter(end);
-        x509cg.setPublicKey(publicKey);
-        x509cg.setSignatureAlgorithm(signatureAlgorithm);
         if (serialNumber == null) {
             byte[] serialBytes = new byte[16];
             new SecureRandom().nextBytes(serialBytes);
             serialNumber = new BigInteger(1, serialBytes);
         }
-        x509cg.setSerialNumber(serialNumber);
+
+        X509v3CertificateBuilder x509cg = new X509v3CertificateBuilder(
+                X500Name.getInstance(issuer.getEncoded()), serialNumber, start, end,
+                X500Name.getInstance(subject.getEncoded()),
+                SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
         if (keyUsage != 0) {
-            x509cg.addExtension(X509Extensions.KeyUsage,
+            x509cg.addExtension(Extension.keyUsage,
                                 true,
                                 new KeyUsage(keyUsage));
         }
         if (ca) {
-            x509cg.addExtension(X509Extensions.BasicConstraints,
+            x509cg.addExtension(Extension.basicConstraints,
                                 true,
                                 new BasicConstraints(true));
         }
         for (int i = 0; i < extendedKeyUsages.size(); i++) {
             KeyPurposeId keyPurposeId = extendedKeyUsages.get(i);
             boolean critical = criticalExtendedKeyUsages.get(i);
-            x509cg.addExtension(X509Extensions.ExtendedKeyUsage,
+            x509cg.addExtension(Extension.extendedKeyUsage,
                                 critical,
                                 new ExtendedKeyUsage(keyPurposeId));
         }
         for (GeneralName subjectAltName : subjectAltNames) {
-            x509cg.addExtension(X509Extensions.SubjectAlternativeName,
+            x509cg.addExtension(Extension.subjectAlternativeName,
                                 false,
                                 new GeneralNames(subjectAltName).getEncoded());
         }
         if (!permittedNameConstraints.isEmpty() || !excludedNameConstraints.isEmpty()) {
-            x509cg.addExtension(X509Extensions.NameConstraints,
+            x509cg.addExtension(Extension.nameConstraints,
                                 true,
                                 new NameConstraints(permittedNameConstraints.toArray(
                                                         new GeneralSubtree[
@@ -751,7 +747,12 @@ public final class TestKeyStore {
                                                             excludedNameConstraints.size()])));
         }
 
-        X509Certificate x509c = x509cg.generateX509Certificate(privateKey);
+        X509CertificateHolder x509holder = x509cg.build(
+                new JcaContentSignerBuilder(signatureAlgorithm).build(privateKey));
+        CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
+        X509Certificate x509c = (X509Certificate) certFactory.generateCertificate(
+                new ByteArrayInputStream(x509holder.getEncoded()));
+
         if (StandardNames.IS_RI) {
             /*
              * The RI can't handle the BC EC signature algorithm