Refactoring in CMS

Author: peterdettman

pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeRecipient.java

@@ -253,52 +253,59 @@ protected Key extractSecretKey(AlgorithmIdentifier keyEncryptionAlgorithm, Algor
     {
         try
         {
-            AlgorithmIdentifier wrapAlg =
-                AlgorithmIdentifier.getInstance(keyEncryptionAlgorithm.getParameters());
+            AlgorithmIdentifier wrapAlgID = AlgorithmIdentifier.getInstance(keyEncryptionAlgorithm.getParameters());
+            ASN1ObjectIdentifier wrapAlgOID = wrapAlgID.getAlgorithm();
 
             X509EncodedKeySpec pubSpec = new X509EncodedKeySpec(senderKey.getEncoded());
             KeyFactory fact = helper.createKeyFactory(senderKey.getAlgorithm().getAlgorithm());
             PublicKey senderPublicKey = fact.generatePublic(pubSpec);
 
             try
             {
-                SecretKey agreedWrapKey = calculateAgreedWrapKey(keyEncryptionAlgorithm, wrapAlg,
-                    senderPublicKey, userKeyingMaterial, recipientKey, ecc_cms_Generator);
+                SecretKey agreedWrapKey = calculateAgreedWrapKey(keyEncryptionAlgorithm, wrapAlgID, senderPublicKey,
+                    userKeyingMaterial, recipientKey, ecc_cms_Generator);
 
-                if (wrapAlg.getAlgorithm().equals(CryptoProObjectIdentifiers.id_Gost28147_89_None_KeyWrap)
-                    || wrapAlg.getAlgorithm().equals(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_KeyWrap))
+                if (CryptoProObjectIdentifiers.id_Gost28147_89_None_KeyWrap.equals(wrapAlgOID) ||
+                    CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_KeyWrap.equals(wrapAlgOID))
                 {
                     Gost2814789EncryptedKey encKey = Gost2814789EncryptedKey.getInstance(encryptedContentEncryptionKey);
-                    Gost2814789KeyWrapParameters wrapParams = Gost2814789KeyWrapParameters.getInstance(wrapAlg.getParameters());
+                    Gost2814789KeyWrapParameters wrapParams = Gost2814789KeyWrapParameters.getInstance(
+                        wrapAlgID.getParameters());
 
-                    Cipher keyCipher = helper.createCipher(wrapAlg.getAlgorithm());
+                    Cipher keyCipher = helper.createCipher(wrapAlgOID);
 
-                    keyCipher.init(Cipher.UNWRAP_MODE, agreedWrapKey, new GOST28147WrapParameterSpec(wrapParams.getEncryptionParamSet(), userKeyingMaterial.getOctets()));
+                    keyCipher.init(Cipher.UNWRAP_MODE, agreedWrapKey,
+                        new GOST28147WrapParameterSpec(wrapParams.getEncryptionParamSet(), userKeyingMaterial.getOctets()));
 
-                    return keyCipher.unwrap(Arrays.concatenate(encKey.getEncryptedKey(), encKey.getMacKey()), helper.getBaseCipherName(contentEncryptionAlgorithm.getAlgorithm()), Cipher.SECRET_KEY);
+                    byte[] wrappedKey = Arrays.concatenate(encKey.getEncryptedKey(), encKey.getMacKey());
+                    return keyCipher.unwrap(wrappedKey, helper.getBaseCipherName(contentEncryptionAlgorithm.getAlgorithm()),
+                        Cipher.SECRET_KEY);
                 }
 
-                return unwrapSessionKey(wrapAlg.getAlgorithm(), agreedWrapKey, contentEncryptionAlgorithm.getAlgorithm(), encryptedContentEncryptionKey);
+                return unwrapSessionKey(wrapAlgOID, agreedWrapKey, contentEncryptionAlgorithm.getAlgorithm(),
+                    encryptedContentEncryptionKey);
             }
             catch (InvalidKeyException e)
             {
                 // might be a pre-RFC 5753 message
                 if (possibleOldMessages.contains(keyEncryptionAlgorithm.getAlgorithm()))
                 {
-                    SecretKey agreedWrapKey = calculateAgreedWrapKey(keyEncryptionAlgorithm, wrapAlg,
+                    SecretKey agreedWrapKey = calculateAgreedWrapKey(keyEncryptionAlgorithm, wrapAlgID,
                         senderPublicKey, userKeyingMaterial, recipientKey, old_ecc_cms_Generator);
 
-                    return unwrapSessionKey(wrapAlg.getAlgorithm(), agreedWrapKey, contentEncryptionAlgorithm.getAlgorithm(), encryptedContentEncryptionKey);
+                    return unwrapSessionKey(wrapAlgOID, agreedWrapKey, contentEncryptionAlgorithm.getAlgorithm(),
+                        encryptedContentEncryptionKey);
                 }
                 // one last try - people do actually do this it turns out
                 if (userKeyingMaterial != null)
                 {
                     try
                     {
-                        SecretKey agreedWrapKey = calculateAgreedWrapKey(keyEncryptionAlgorithm, wrapAlg,
+                        SecretKey agreedWrapKey = calculateAgreedWrapKey(keyEncryptionAlgorithm, wrapAlgID,
                             senderPublicKey, userKeyingMaterial, recipientKey, simple_ecc_cmsGenerator);
 
-                        return unwrapSessionKey(wrapAlg.getAlgorithm(), agreedWrapKey, contentEncryptionAlgorithm.getAlgorithm(), encryptedContentEncryptionKey);
+                        return unwrapSessionKey(wrapAlgOID, agreedWrapKey, contentEncryptionAlgorithm.getAlgorithm(),
+                            encryptedContentEncryptionKey);
                     }
                     catch (InvalidKeyException ex)
                     {

pkix/src/main/java/org/bouncycastle/cms/jcajce/JceKeyAgreeRecipientInfoGenerator.java

@@ -146,19 +146,19 @@ public JceKeyAgreeRecipientInfoGenerator addRecipient(byte[] subjectKeyID, Publi
         return this;
     }
 
-    public ASN1Sequence generateRecipientEncryptedKeys(AlgorithmIdentifier keyAgreeAlgorithm, AlgorithmIdentifier keyEncryptionAlgorithm, GenericKey contentEncryptionKey)
-        throws CMSException
+    public ASN1Sequence generateRecipientEncryptedKeys(AlgorithmIdentifier keyAgreeAlgorithm,
+        AlgorithmIdentifier keyEncryptionAlgorithm, GenericKey contentEncryptionKey) throws CMSException
     {
         if (recipientIDs.isEmpty())
         {
             throw new CMSException("No recipients associated with generator - use addRecipient()");
         }
 
-        init(keyAgreeAlgorithm.getAlgorithm());
+        ASN1ObjectIdentifier keyAgreementOID = keyAgreeAlgorithm.getAlgorithm();
 
-        PrivateKey senderPrivateKey = this.senderPrivateKey;
+        init(keyAgreementOID);
 
-        ASN1ObjectIdentifier keyAgreementOID = keyAgreeAlgorithm.getAlgorithm();
+        PrivateKey senderPrivateKey = this.senderPrivateKey;
 
         ASN1EncodableVector recipientEncryptedKeys = new ASN1EncodableVector();
         for (int i = 0; i != recipientIDs.size(); i++)
@@ -169,15 +169,16 @@ public ASN1Sequence generateRecipientEncryptedKeys(AlgorithmIdentifier keyAgreeA
             try
             {
                 AlgorithmParameterSpec agreementParamSpec;
-                ASN1ObjectIdentifier keyEncAlg = keyEncryptionAlgorithm.getAlgorithm();
+                ASN1ObjectIdentifier keyEncryptionOID = keyEncryptionAlgorithm.getAlgorithm();
 
                 if (CMSUtils.isMQV(keyAgreementOID))
                 {
                     agreementParamSpec = new MQVParameterSpec(ephemeralKP, recipientPublicKey, userKeyingMaterial);
                 }
                 else if (CMSUtils.isEC(keyAgreementOID))
                 {
-                    byte[] ukmKeyingMaterial = ecc_cms_Generator.generateKDFMaterial(keyEncryptionAlgorithm, keySizeProvider.getKeySize(keyEncAlg), userKeyingMaterial);
+                    byte[] ukmKeyingMaterial = ecc_cms_Generator.generateKDFMaterial(keyEncryptionAlgorithm,
+                        keySizeProvider.getKeySize(keyEncryptionOID), userKeyingMaterial);
 
                     agreementParamSpec = new UserKeyingMaterialSpec(ukmKeyingMaterial);
                 }
@@ -217,37 +218,36 @@ else if (CMSUtils.isGOST(keyAgreementOID))
                 keyAgreement.init(senderPrivateKey, agreementParamSpec, random);
                 keyAgreement.doPhase(recipientPublicKey, true);
 
-                SecretKey keyEncryptionKey = keyAgreement.generateSecret(keyEncAlg.getId());
+                SecretKey keyEncryptionKey = keyAgreement.generateSecret(keyEncryptionOID.getId());
 
                 EnvelopedDataHelper keyWrapHelper = (wrappingHelper != null) ? wrappingHelper : helper;
 
                 // Wrap the content encryption key with the agreement key
-                Cipher keyEncryptionCipher = keyWrapHelper.createCipher(keyEncAlg);
-                ASN1OctetString encryptedKey;
+                Cipher keyEncryptionCipher = keyWrapHelper.createCipher(keyEncryptionOID);
 
-                if (keyEncAlg.equals(CryptoProObjectIdentifiers.id_Gost28147_89_None_KeyWrap)
-                    || keyEncAlg.equals(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_KeyWrap))
+                byte[] encryptedKeyOctets;
+                if (CryptoProObjectIdentifiers.id_Gost28147_89_None_KeyWrap.equals(keyEncryptionOID) ||
+                    CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_KeyWrap.equals(keyEncryptionOID))
                 {
-                    keyEncryptionCipher.init(Cipher.WRAP_MODE, keyEncryptionKey, new GOST28147WrapParameterSpec(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_A_ParamSet, userKeyingMaterial));
+                    keyEncryptionCipher.init(Cipher.WRAP_MODE, keyEncryptionKey,
+                        new GOST28147WrapParameterSpec(CryptoProObjectIdentifiers.id_Gost28147_89_CryptoPro_A_ParamSet, userKeyingMaterial));
 
                     byte[] encKeyBytes = keyEncryptionCipher.wrap(keyWrapHelper.getJceKey(contentEncryptionKey));
 
                     Gost2814789EncryptedKey encKey = new Gost2814789EncryptedKey(
                         Arrays.copyOfRange(encKeyBytes, 0, encKeyBytes.length - 4),
                         Arrays.copyOfRange(encKeyBytes, encKeyBytes.length - 4, encKeyBytes.length));
 
-                    encryptedKey = new DEROctetString(encKey.getEncoded(ASN1Encoding.DER));
+                    encryptedKeyOctets = encKey.getEncoded(ASN1Encoding.DER);
                 }
                 else
                 {
                     keyEncryptionCipher.init(Cipher.WRAP_MODE, keyEncryptionKey, random);
 
-                    byte[] encryptedKeyBytes = keyEncryptionCipher.wrap(keyWrapHelper.getJceKey(contentEncryptionKey));
-
-                    encryptedKey = new DEROctetString(encryptedKeyBytes);
+                    encryptedKeyOctets = keyEncryptionCipher.wrap(keyWrapHelper.getJceKey(contentEncryptionKey));
                 }
 
-                recipientEncryptedKeys.add(new RecipientEncryptedKey(karId, encryptedKey));
+                recipientEncryptedKeys.add(new RecipientEncryptedKey(karId, new DEROctetString(encryptedKeyOctets)));
             }
             catch (GeneralSecurityException e)
             {
@@ -274,7 +274,7 @@ protected byte[] getUserKeyingMaterial(AlgorithmIdentifier keyAgreeAlg)
 
             try
             {
-                ASN1OctetString addedukm = DEROctetString.withContentsOptional(userKeyingMaterial);
+                ASN1OctetString addedukm = DEROctetString.fromContentsOptional(userKeyingMaterial);
 
                 return new MQVuserKeyingMaterial(originatorPublicKey, addedukm).getEncoded();
             }

util/src/main/java/org/bouncycastle/asn1/cms/OriginatorIdentifierOrKey.java

@@ -154,30 +154,16 @@ public IssuerAndSerialNumber getIssuerAndSerialNumber()
 
     public SubjectKeyIdentifier getSubjectKeyIdentifier()
     {
-        if (id instanceof ASN1TaggedObject)
-        {
-            ASN1TaggedObject taggedObject = (ASN1TaggedObject)id;
-            if (taggedObject.hasContextTag(0))
-            {
-                return SubjectKeyIdentifier.getInstance(taggedObject, false);
-            }
-        }
+        ASN1TaggedObject tag0 = ASN1TaggedObject.getContextOptional(id, 0);
 
-        return null;
+        return tag0 == null ? null : SubjectKeyIdentifier.getInstance(tag0, false);
     }
 
     public OriginatorPublicKey getOriginatorKey()
     {
-        if (id instanceof ASN1TaggedObject)
-        {
-            ASN1TaggedObject taggedObject = (ASN1TaggedObject)id;
-            if (taggedObject.hasContextTag(1))
-            {
-                return OriginatorPublicKey.getInstance(taggedObject, false);
-            }
-        }
+        ASN1TaggedObject tag1 = ASN1TaggedObject.getContextOptional(id, 1);
 
-        return null;
+        return tag1 == null ? null : OriginatorPublicKey.getInstance(tag1, false);
     }
 
     /**