added KEMRecipientId, introduced PKIXRecipientId to simplify RecipientInformationStore processing.

Author: dghgit

pkix/src/main/java/org/bouncycastle/cms/KEMRecipientId.java

@@ -0,0 +1,65 @@
+package org.bouncycastle.cms;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.cert.selector.X509CertificateHolderSelector;
+
+public class KEMRecipientId
+    extends PKIXRecipientId
+{
+    private KEMRecipientId(X509CertificateHolderSelector baseSelector)
+    {
+        super(kem, baseSelector);
+    }
+
+    /**
+     * Construct a key trans recipient ID with the value of a public key's subjectKeyId.
+     *
+     * @param subjectKeyId a subjectKeyId
+     */
+    public KEMRecipientId(byte[] subjectKeyId)
+    {
+        super(kem, null, null, subjectKeyId);
+    }
+
+    /**
+     * Construct a key trans recipient ID based on the issuer and serial number of the recipient's associated
+     * certificate.
+     *
+     * @param issuer the issuer of the recipient's associated certificate.
+     * @param serialNumber the serial number of the recipient's associated certificate.
+     */
+    public KEMRecipientId(X500Name issuer, BigInteger serialNumber)
+    {
+        super(kem, issuer, serialNumber, null);
+    }
+
+    /**
+     * Construct a key trans recipient ID based on the issuer and serial number of the recipient's associated
+     * certificate.
+     *
+     * @param issuer the issuer of the recipient's associated certificate.
+     * @param serialNumber the serial number of the recipient's associated certificate.
+     * @param subjectKeyId the subject key identifier to use to match the recipients associated certificate.
+     */
+    public KEMRecipientId(X500Name issuer, BigInteger serialNumber, byte[] subjectKeyId)
+    {
+        super(kem, issuer, serialNumber, subjectKeyId);
+    }
+
+    public Object clone()
+    {
+        return new KEMRecipientId(this.baseSelector);
+    }
+
+    public boolean match(Object obj)
+    {
+        if (obj instanceof KEMRecipientInformation)
+        {
+            return ((KEMRecipientInformation)obj).getRID().equals(this);
+        }
+
+        return super.match(obj);
+    }
+}

pkix/src/main/java/org/bouncycastle/cms/KEMRecipientInformation.java

@@ -26,13 +26,13 @@ public class KEMRecipientInformation
         {
             ASN1OctetString octs = ASN1OctetString.getInstance(r.getId());
 
-            rid = new KeyTransRecipientId(octs.getOctets());   // TODO: should be KEM
+            rid = new KEMRecipientId(octs.getOctets());   // TODO: should be KEM
         }
         else
         {
             IssuerAndSerialNumber iAnds = IssuerAndSerialNumber.getInstance(r.getId());
 
-            rid = new KeyTransRecipientId(iAnds.getName(), iAnds.getSerialNumber().getValue());    // TODO:
+            rid = new KEMRecipientId(iAnds.getName(), iAnds.getSerialNumber().getValue());    // TODO:
         }
     }
 

pkix/src/main/java/org/bouncycastle/cms/KeyAgreeRecipientId.java

@@ -6,15 +6,11 @@
 import org.bouncycastle.cert.selector.X509CertificateHolderSelector;
 
 public class KeyAgreeRecipientId
-    extends RecipientId
+    extends PKIXRecipientId
 {
-    private X509CertificateHolderSelector baseSelector;
-
     private KeyAgreeRecipientId(X509CertificateHolderSelector baseSelector)
     {
-        super(keyAgree);
-
-        this.baseSelector = baseSelector;
+        super(keyAgree, baseSelector);
     }
 
     /**
@@ -24,7 +20,7 @@ private KeyAgreeRecipientId(X509CertificateHolderSelector baseSelector)
      */
     public KeyAgreeRecipientId(byte[] subjectKeyId)
     {
-        this(null, null, subjectKeyId);
+        super(keyAgree, null, null, subjectKeyId);
     }
 
     /**
@@ -36,12 +32,12 @@ public KeyAgreeRecipientId(byte[] subjectKeyId)
      */
     public KeyAgreeRecipientId(X500Name issuer, BigInteger serialNumber)
     {
-        this(issuer, serialNumber, null);
+        super(keyAgree, issuer, serialNumber, null);
     }
 
     public KeyAgreeRecipientId(X500Name issuer, BigInteger serialNumber, byte[] subjectKeyId)
     {
-        this(new X509CertificateHolderSelector(issuer, serialNumber, subjectKeyId));
+        super(keyAgree, issuer, serialNumber, subjectKeyId);
     }
 
     public X500Name getIssuer()

pkix/src/main/java/org/bouncycastle/cms/KeyTransRecipientId.java

@@ -6,15 +6,11 @@
 import org.bouncycastle.cert.selector.X509CertificateHolderSelector;
 
 public class KeyTransRecipientId
-    extends RecipientId
+    extends PKIXRecipientId
 {
-    private X509CertificateHolderSelector baseSelector;
-
     private KeyTransRecipientId(X509CertificateHolderSelector baseSelector)
     {
-        super(keyTrans);
-
-        this.baseSelector = baseSelector;
+        super(keyTrans, baseSelector);
     }
 
     /**
@@ -24,7 +20,7 @@ private KeyTransRecipientId(X509CertificateHolderSelector baseSelector)
      */
     public KeyTransRecipientId(byte[] subjectKeyId)
     {
-        this(null, null, subjectKeyId);
+        super(keyTrans, null, null, subjectKeyId);
     }
 
     /**
@@ -36,7 +32,7 @@ public KeyTransRecipientId(byte[] subjectKeyId)
      */
     public KeyTransRecipientId(X500Name issuer, BigInteger serialNumber)
     {
-        this(issuer, serialNumber, null);
+        super(keyTrans, issuer, serialNumber, null);
     }
 
     /**
@@ -49,27 +45,7 @@ public KeyTransRecipientId(X500Name issuer, BigInteger serialNumber)
      */
     public KeyTransRecipientId(X500Name issuer, BigInteger serialNumber, byte[] subjectKeyId)
     {
-        this(new X509CertificateHolderSelector(issuer, serialNumber, subjectKeyId));
-    }
-
-    public X500Name getIssuer()
-    {
-        return baseSelector.getIssuer();
-    }
-
-    public BigInteger getSerialNumber()
-    {
-        return baseSelector.getSerialNumber();
-    }
-
-    public byte[] getSubjectKeyIdentifier()
-    {
-        return baseSelector.getSubjectKeyIdentifier();
-    }
-
-    public int hashCode()
-    {
-        return baseSelector.hashCode();
+        super(keyTrans, issuer, serialNumber, subjectKeyId);
     }
 
     public boolean equals(
@@ -97,6 +73,6 @@ public boolean match(Object obj)
             return ((KeyTransRecipientInformation)obj).getRID().equals(this);
         }
 
-        return baseSelector.match(obj);
+        return super.match(obj);
     }
 }

pkix/src/main/java/org/bouncycastle/cms/PKIXRecipientId.java

@@ -0,0 +1,67 @@
+package org.bouncycastle.cms;
+
+import java.math.BigInteger;
+
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.cert.selector.X509CertificateHolderSelector;
+
+public class PKIXRecipientId
+    extends RecipientId
+{
+    protected final X509CertificateHolderSelector baseSelector;
+
+    protected PKIXRecipientId(int type, X509CertificateHolderSelector baseSelector)
+    {
+        super(type);
+
+        this.baseSelector = baseSelector;
+    }
+
+    protected PKIXRecipientId(int type, X500Name issuer, BigInteger serialNumber, byte[] subjectKeyId)
+    {
+        this(type, new X509CertificateHolderSelector(issuer, serialNumber, subjectKeyId));
+    }
+
+    public X500Name getIssuer()
+    {
+        return baseSelector.getIssuer();
+    }
+
+    public BigInteger getSerialNumber()
+    {
+        return baseSelector.getSerialNumber();
+    }
+
+    public byte[] getSubjectKeyIdentifier()
+    {
+        return baseSelector.getSubjectKeyIdentifier();
+    }
+
+    public Object clone()
+    {
+        return new PKIXRecipientId(getType(), baseSelector);
+    }
+
+    public int hashCode()
+    {
+        return baseSelector.hashCode();
+    }
+
+    public boolean equals(
+        Object  o)
+    {
+        if (!(o instanceof PKIXRecipientId))
+        {
+            return false;
+        }
+
+        PKIXRecipientId id = (PKIXRecipientId)o;
+
+        return this.baseSelector.equals(id.baseSelector);
+    }
+
+    public boolean match(Object obj)
+    {
+        return baseSelector.match(obj);
+    }
+}

pkix/src/main/java/org/bouncycastle/cms/RecipientId.java

@@ -9,6 +9,7 @@ public abstract class RecipientId
     public static final int kek = 1;
     public static final int keyAgree = 2;
     public static final int password = 3;
+    public static final int kem = 4;
 
     private final int type;
 

pkix/src/main/java/org/bouncycastle/cms/RecipientInformationStore.java

@@ -99,24 +99,24 @@ public Collection<RecipientInformation> getRecipients()
     public Collection<RecipientInformation> getRecipients(
         RecipientId selector)
     {
-        if (selector instanceof KeyTransRecipientId)
+        if (selector instanceof PKIXRecipientId)
         {
-            KeyTransRecipientId keyTrans = (KeyTransRecipientId)selector;
+            PKIXRecipientId pkixId = (PKIXRecipientId)selector;
 
-            X500Name issuer = keyTrans.getIssuer();
-            byte[] subjectKeyId = keyTrans.getSubjectKeyIdentifier();
+            X500Name issuer = pkixId.getIssuer();
+            byte[] subjectKeyId = pkixId.getSubjectKeyIdentifier();
 
             if (issuer != null && subjectKeyId != null)
             {
                 List<RecipientInformation> results = new ArrayList();
 
-                Collection<RecipientInformation> match1 = getRecipients(new KeyTransRecipientId(issuer, keyTrans.getSerialNumber()));
+                List<RecipientInformation> match1 = (ArrayList<RecipientInformation>)table.get(new PKIXRecipientId(pkixId.getType(), issuer, pkixId.getSerialNumber(), null));
                 if (match1 != null)
                 {
                     results.addAll(match1);
                 }
 
-                Collection<RecipientInformation> match2 = getRecipients(new KeyTransRecipientId(subjectKeyId));
+                Collection<RecipientInformation> match2 = (ArrayList<RecipientInformation>)table.get(new PKIXRecipientId(pkixId.getType(), null, null, subjectKeyId));
                 if (match2 != null)
                 {
                     results.addAll(match2);

pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKEMRecipientId.java

@@ -0,0 +1,57 @@
+package org.bouncycastle.cms.jcajce;
+
+import java.math.BigInteger;
+import java.security.cert.X509Certificate;
+
+import javax.security.auth.x500.X500Principal;
+
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.cms.KEMRecipientId;
+
+public class JceKEMRecipientId
+    extends KEMRecipientId
+{
+    /**
+     * Construct a recipient id based on the issuer, serial number and subject key identifier (if present) of the passed in
+     * certificate.
+     *
+     * @param certificate certificate providing the issue and serial number and subject key identifier.
+     */
+    public JceKEMRecipientId(X509Certificate certificate)
+    {
+        super(convertPrincipal(certificate.getIssuerX500Principal()), certificate.getSerialNumber(), CMSUtils.getSubjectKeyId(certificate));
+    }
+
+    /**
+     * Construct a recipient id based on the provided issuer and serial number..
+     *
+     * @param issuer the issuer to use.
+     * @param serialNumber  the serial number to use.
+     */
+    public JceKEMRecipientId(X500Principal issuer, BigInteger serialNumber)
+    {
+        super(convertPrincipal(issuer), serialNumber);
+    }
+
+    /**
+     * Construct a recipient id based on the provided issuer, serial number, and subjectKeyId..
+     *
+     * @param issuer the issuer to use.
+     * @param serialNumber  the serial number to use.
+     * @param subjectKeyId the subject key ID to use.
+     */
+    public JceKEMRecipientId(X500Principal issuer, BigInteger serialNumber, byte[] subjectKeyId)
+    {
+        super(convertPrincipal(issuer), serialNumber, subjectKeyId);
+    }
+
+    private static X500Name convertPrincipal(X500Principal issuer)
+    {
+        if (issuer == null)
+        {
+            return null;
+        }
+
+        return X500Name.getInstance(issuer.getEncoded());
+    }
+}