Supporting OAEP with SHA256 key encryption/decrption.

This is a back port of the feature from RI 8.1.0.  It changes the
default key encryption algorithm to use OAEP with SHA1 and support
decypting with a SHA256 key digest.

Author: jester

pom.xml

@@ -4,7 +4,7 @@
     <modelVersion>4.0.0</modelVersion>
     <artifactId>agent</artifactId>    
     <name>Direct Project Security And Trust Agent</name>
-    <version>6.0.4</version>
+    <version>6.1.0-SNAPSHOT</version>
     <description>Direct Project Security And Trust Agent</description>
     <inceptionYear>2010</inceptionYear>
     <url>https://github.com/DirectProjectJavaRI/agent</url> 
@@ -54,12 +54,18 @@
 		<dependency>
 		  <groupId>org.nhind</groupId>
 		  <artifactId>direct-policy</artifactId>
+	      <exclusions>
+	        <exclusion>  
+	           <groupId>org.bouncycastle</groupId>
+	           <artifactId>bcprov-jdk15on</artifactId>
+	        </exclusion>
+	      </exclusions> 		  
 		  <version>6.0</version>		  
 		</dependency>	  
 		<dependency>
 		  <groupId>org.nhind</groupId>
 		  <artifactId>direct-common</artifactId>	
-		  <version>6.0.1</version>		  	  
+		  <version>6.1.0-SNAPSHOT</version>		  	  
 		</dependency>	
 		<dependency>
 		  <groupId>org.nhind</groupId>
@@ -99,18 +105,18 @@
 		</dependency>	
 		<dependency>
 		    <groupId>org.bouncycastle</groupId>
-		    <artifactId>bcprov-jdk15on</artifactId>
-		    <version>1.60</version>    
+		    <artifactId>bcprov-jdk18on</artifactId>
+		    <version>1.81</version>    
 		</dependency>  
 		<dependency>
 		    <groupId>org.bouncycastle</groupId>
-		    <artifactId>bcmail-jdk15on</artifactId>
-		    <version>1.60</version>	 		       
+		    <artifactId>bcmail-jdk18on</artifactId>
+		    <version>1.81</version>	 		       
 		</dependency>		
 		<dependency>
 		    <groupId>org.bouncycastle</groupId>
-		    <artifactId>bcpkix-jdk15on</artifactId>
-		    <version>1.60</version>   			     
+		    <artifactId>bcpkix-jdk18on</artifactId>
+		    <version>1.81</version>   			     
 		</dependency> 			
 		<dependency>
 		    <groupId>dnsjava</groupId>

src/main/java/org/nhindirect/stagent/cert/tools/certgen/CertGenerator.java

@@ -44,7 +44,6 @@ STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 import org.apache.commons.io.FileUtils;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.cms.Attribute;
 import org.bouncycastle.asn1.pkcs.CertificationRequestInfo;

src/main/java/org/nhindirect/stagent/cryptography/EncryptionAlgorithm.java

@@ -23,6 +23,7 @@ STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 package org.nhindirect.stagent.cryptography;
 
 import org.apache.commons.lang3.StringUtils;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.cms.CMSEnvelopedGenerator;
 import org.bouncycastle.cms.CMSSignedDataGenerator;
 import org.bouncycastle.mail.smime.SMIMEEnvelopedGenerator;
@@ -45,8 +46,10 @@ public enum EncryptionAlgorithm
     DES_EDE3_CBC("DESEDE/CBC/PKCS5Padding", CMSEnvelopedGenerator.DES_EDE3_CBC),
     AES128_CBC("AES/CBC/PKCS5Padding", CMSEnvelopedGenerator.AES128_CBC),
     AES192_CBC("AES/CBC/PKCS5Padding", CMSEnvelopedGenerator.AES192_CBC),
-    AES256_CBC("AES/CBC/PKCS5Padding", CMSEnvelopedGenerator.AES256_CBC);
-    
+    AES256_CBC("AES/CBC/PKCS5Padding", CMSEnvelopedGenerator.AES256_CBC),
+	RSA_OAEP("RSA_OAEP", PKCSObjectIdentifiers.id_RSAES_OAEP.getId()),
+	RSA_PKCS1_V15("RSA_PKCS1_V15", PKCSObjectIdentifiers.rsaEncryption.getId());
+
     protected final String algName;
     protected final String OID;
 
@@ -82,7 +85,9 @@ else if (algorithmName.equalsIgnoreCase(RSA.getAlgName()))
     	else if (algorithmName.equalsIgnoreCase(RSAandMGF1.getAlgName()))
     		return RSAandMGF1;  
     	else if (algorithmName.equalsIgnoreCase(ECDSA.getAlgName()))
-    		return ECDSA;        	
+    		return ECDSA;
+		else if (algorithmName.equalsIgnoreCase(RSA_PKCS1_V15.getAlgName()))
+			return RSA_PKCS1_V15;
     	else
     		return defaultAlgorithm;
     }