Porting from earlier BC releases to 1.47 and later
1.47 represents another step along to version 2. A substantial rewrite has been done on the ASN.1 library, hopefully to simplify it, but also to make it more efficient and remove a lot of ambiguities (well as many as possible under the circumstances...) There have also been some changes in CMS and the OpenPGP API now allows similar objects to the operators used by 1.46 CMS to relieve the need to do everything via a JCA/JCE provider.
Jar dependencies.
bcpkix depends on bcprov.
bcmail depends on bcpkix and bcprov, as well as JavaMail and the activation api.
bcpg depends on bcprov.
The only thing in the bcmail jar is the SMIME implementation for JavaMail. CMS, certificate generation, PKCS 12 file handling, OpenSSL PEM file handling, EAC and TSP are in the bcpkix jar.
ASN.1 Changes
The following classes have changed names:
Old Class | New Class |
ASN1Object | ASN1Primitive |
ASN1Encodable | ASN1Object |
DEREncodable | ASN1Encodable |
DERObject | ASN1Primitive |
DERString | ASN1String |
DERObjectIdentifier | ASN1ObjectIdentifier |
X509Name | X500Name |
DERInteger | ASN1Integer |
DEREnumerated | ASN1Enumerated |
X509Attributes | X509AttributeIdentifiers |
The following methods have changed:
Old Method | New Method |
getDERObject() | toASN1Primitive |
getDEREncoded() | getEncoded(ASN1Encoding.DER) |
new CRLReason(int) | CRLReason.lookup(int) |
DLSet and DLSequence have been added to allow people to distinguish between DER and definite length encoding.
Construction of high level ASN.1 objects from primitive ones should always be done by getInstance() - for example new Attribute(ASN1Sequence) has become Attribute.getInstance(ASN1Sequence).
The getInstance methods can now (generally) take byte[] arrays, so it's possible to say ASN1Sequence.getInstance(byte[]), rather than having to say ASN1Sequence.getInstance(ASN1InputStream(byte[]).readObject()).
CMS Changes
RecipientId can not be instantiated any more, use things like KeyTransRecipientId or JceKeyTransRecipientId as appropriate.
SignerId now requires a specific constructor.
To convert from SignerIds and RecipientIds use the JcaX509CertSelectorConverter class. To convert from X509CertSelectors use the JcaX509SelectorConverter class.
OpenPGP Changes.
See the OpenPGP examples package for updates to the new API.
PKCS Changes.
PKCS10CertificationRequestHolder has become PKCS10CertificationRequest.
Provider Changes.
The provider is now a lot more configurable. The possibly the biggest benefit of this is it is now a lot easier to construct a stripped down version. It does mean the underlying generated types for asymmetric keys have changed though, for example JCEECPrivateKey has become BCECPrivateKey. The change in key types has also allowed us to fix serialisation issues that were starting to show up with systems like JBOSS.\
Miscellaneous
The lightweight stream classes: MacOutputStream, DigestOutputStream, and SignerOutputStream have changed. To get equivalent functionality to before use TeeOutputStream as well.