1.47 represents another step along to version 2. A substantial rewrite has been done on the ASN.1 library, hopefully to simplify it, but also to make it more efficient and remove a lot of ambiguities (well as many as possible under the circumstances...) There have also been some changes in CMS and the OpenPGP API now allows similar objects to the operators used by 1.46 CMS to relieve the need to do everything via a JCA/JCE provider.
The only thing in the bcmail jar is the SMIME implementation for JavaMail. CMS, certificate generation, PKCS 12 file handling, OpenSSL PEM file handling, EAC and TSP are in the bcpkix jar.
The following classes have changed names:
| Old Class | New Class |
|---|---|
| ASN1Object | ASN1Primitive |
| ASN1Encodable | ASN1Object |
| DEREncodable | ASN1Encodable |
| DERObject | ASN1Primitive |
| DERString | ASN1String |
| DERObjectIdentifier | ASN1ObjectIdentifier |
| X509Name | X500Name |
| DERInteger | ASN1Integer |
| DEREnumerated | ASN1Enumerated |
| X509Attributes | X509AttributeIdentifiers |
| X509Extension | Extension |
The following methods have changed:
| Old Method | New Method |
|---|---|
| getDERObject() | toASN1Primitive |
| getDEREncoded() | getEncoded(ASN1Encoding.DER) |
| new CRLReason(int) | CRLReason.lookup(int) |
DLSet and DLSequence have been added to allow people to distinguish between DER and definite length encoding.
Construction of high level ASN.1 objects from primitive ones should always be done by getInstance() - for example new Attribute(ASN1Sequence) has become Attribute.getInstance(ASN1Sequence).
The getInstance methods can now (generally) take byte[] arrays, so it's possible to say ASN1Sequence.getInstance(byte[]), rather than having to say ASN1Sequence.getInstance(ASN1InputStream(byte[]).readObject()).
RecipientId can not be instantiated any more, use things like KeyTransRecipientId or JceKeyTransRecipientId as appropriate.
SignerId now requires a specific constructor.
To convert from SignerIds and RecipientIds use the JcaX509CertSelectorConverter class. To convert from X509CertSelectors use the JcaX509SelectorConverter class.
See the OpenPGP examples package for updates to the new API.
PKCS10CertificationRequestHolder has become PKCS10CertificationRequest.
The provider is now a lot more configurable. The possibly the biggest benefit of this is it is now a lot easier to construct a stripped down version. It does mean the underlying generated types for asymmetric keys have changed though, for example JCEECPrivateKey has become BCECPrivateKey. The change in key types has also allowed us to fix serialisation issues that were starting to show up with systems like JBOSS.
The lightweight stream classes: MacOutputStream, DigestOutputStream, and SignerOutputStream have changed. To get equivalent functionality to before use TeeOutputStream as well.
Don't forget to donate. Help us keep this project independent and going! Thanks.